@frontmcp/sdk 0.7.2 → 0.8.1

package/auth/session/authorization-vault.d.ts

@@ -1,612 +0,0 @@
-/**
- * Authorization Vault
- *
- * Secure storage for stateful authorization sessions.
- * Stores provider tokens, consent selections, and session metadata.
- *
- * Supports multiple credential types:
- * - OAuth tokens (access_token, refresh_token, scopes)
- * - API Keys (key value, header name)
- * - Basic Auth (username, password)
- * - Private Keys (PEM/JWK format for signing)
- * - Custom credentials (extensible)
- *
- * In stateful mode:
- * - Access token is a non-rotatable key to this vault
- * - All sensitive data stored server-side
- * - Supports incremental authorization via links
- *
- * In stateless mode:
- * - No vault used, all data in JWT claims
- * - No incremental authorization support
- */
-import { z } from 'zod';
-/**
- * Supported credential types for app authentication
- */
-export declare const credentialTypeSchema: z.ZodEnum<{
-    custom: "custom";
-    bearer: "bearer";
-    basic: "basic";
-    oauth: "oauth";
-    api_key: "api_key";
-    private_key: "private_key";
-    mtls: "mtls";
-}>;
-export type CredentialType = z.infer<typeof credentialTypeSchema>;
-/**
- * OAuth credential - standard OAuth 2.0 tokens
- */
-export declare const oauthCredentialSchema: z.ZodObject<{
-    type: z.ZodLiteral<"oauth">;
-    accessToken: z.ZodString;
-    refreshToken: z.ZodOptional<z.ZodString>;
-    tokenType: z.ZodDefault<z.ZodString>;
-    expiresAt: z.ZodOptional<z.ZodNumber>;
-    scopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    idToken: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
-/**
- * API Key credential - sent in header or query param
- */
-export declare const apiKeyCredentialSchema: z.ZodObject<{
-    type: z.ZodLiteral<"api_key">;
-    key: z.ZodString;
-    headerName: z.ZodDefault<z.ZodString>;
-    headerPrefix: z.ZodOptional<z.ZodString>;
-    queryParam: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
-/**
- * Basic Auth credential - username and password
- */
-export declare const basicAuthCredentialSchema: z.ZodObject<{
-    type: z.ZodLiteral<"basic">;
-    username: z.ZodString;
-    password: z.ZodString;
-    encodedValue: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
-/**
- * Bearer token credential - static bearer token
- */
-export declare const bearerCredentialSchema: z.ZodObject<{
-    type: z.ZodLiteral<"bearer">;
-    token: z.ZodString;
-    expiresAt: z.ZodOptional<z.ZodNumber>;
-}, z.core.$strip>;
-/**
- * Private key credential - for JWT signing or request signing
- */
-export declare const privateKeyCredentialSchema: z.ZodObject<{
-    type: z.ZodLiteral<"private_key">;
-    format: z.ZodEnum<{
-        pem: "pem";
-        jwk: "jwk";
-        pkcs8: "pkcs8";
-        pkcs12: "pkcs12";
-    }>;
-    keyData: z.ZodString;
-    keyId: z.ZodOptional<z.ZodString>;
-    algorithm: z.ZodOptional<z.ZodString>;
-    passphrase: z.ZodOptional<z.ZodString>;
-    certificate: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
-/**
- * mTLS credential - client certificate for mutual TLS
- */
-export declare const mtlsCredentialSchema: z.ZodObject<{
-    type: z.ZodLiteral<"mtls">;
-    certificate: z.ZodString;
-    privateKey: z.ZodString;
-    passphrase: z.ZodOptional<z.ZodString>;
-    caCertificate: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
-/**
- * Custom credential - extensible for app-specific auth
- */
-export declare const customCredentialSchema: z.ZodObject<{
-    type: z.ZodLiteral<"custom">;
-    customType: z.ZodString;
-    data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
-    headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
-}, z.core.$strip>;
-/**
- * Union of all credential types
- */
-export declare const credentialSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
-    type: z.ZodLiteral<"oauth">;
-    accessToken: z.ZodString;
-    refreshToken: z.ZodOptional<z.ZodString>;
-    tokenType: z.ZodDefault<z.ZodString>;
-    expiresAt: z.ZodOptional<z.ZodNumber>;
-    scopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-    idToken: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>, z.ZodObject<{
-    type: z.ZodLiteral<"api_key">;
-    key: z.ZodString;
-    headerName: z.ZodDefault<z.ZodString>;
-    headerPrefix: z.ZodOptional<z.ZodString>;
-    queryParam: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>, z.ZodObject<{
-    type: z.ZodLiteral<"basic">;
-    username: z.ZodString;
-    password: z.ZodString;
-    encodedValue: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>, z.ZodObject<{
-    type: z.ZodLiteral<"bearer">;
-    token: z.ZodString;
-    expiresAt: z.ZodOptional<z.ZodNumber>;
-}, z.core.$strip>, z.ZodObject<{
-    type: z.ZodLiteral<"private_key">;
-    format: z.ZodEnum<{
-        pem: "pem";
-        jwk: "jwk";
-        pkcs8: "pkcs8";
-        pkcs12: "pkcs12";
-    }>;
-    keyData: z.ZodString;
-    keyId: z.ZodOptional<z.ZodString>;
-    algorithm: z.ZodOptional<z.ZodString>;
-    passphrase: z.ZodOptional<z.ZodString>;
-    certificate: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>, z.ZodObject<{
-    type: z.ZodLiteral<"mtls">;
-    certificate: z.ZodString;
-    privateKey: z.ZodString;
-    passphrase: z.ZodOptional<z.ZodString>;
-    caCertificate: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>, z.ZodObject<{
-    type: z.ZodLiteral<"custom">;
-    customType: z.ZodString;
-    data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
-    headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
-}, z.core.$strip>], "type">;
-export type OAuthCredential = z.infer<typeof oauthCredentialSchema>;
-export type ApiKeyCredential = z.infer<typeof apiKeyCredentialSchema>;
-export type BasicAuthCredential = z.infer<typeof basicAuthCredentialSchema>;
-export type BearerCredential = z.infer<typeof bearerCredentialSchema>;
-export type PrivateKeyCredential = z.infer<typeof privateKeyCredentialSchema>;
-export type MtlsCredential = z.infer<typeof mtlsCredentialSchema>;
-export type CustomCredential = z.infer<typeof customCredentialSchema>;
-export type Credential = z.infer<typeof credentialSchema>;
-/**
- * Credential stored for an app in the vault
- */
-export declare const appCredentialSchema: z.ZodObject<{
-    appId: z.ZodString;
-    providerId: z.ZodString;
-    credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
-        type: z.ZodLiteral<"oauth">;
-        accessToken: z.ZodString;
-        refreshToken: z.ZodOptional<z.ZodString>;
-        tokenType: z.ZodDefault<z.ZodString>;
-        expiresAt: z.ZodOptional<z.ZodNumber>;
-        scopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-        idToken: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"api_key">;
-        key: z.ZodString;
-        headerName: z.ZodDefault<z.ZodString>;
-        headerPrefix: z.ZodOptional<z.ZodString>;
-        queryParam: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"basic">;
-        username: z.ZodString;
-        password: z.ZodString;
-        encodedValue: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"bearer">;
-        token: z.ZodString;
-        expiresAt: z.ZodOptional<z.ZodNumber>;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"private_key">;
-        format: z.ZodEnum<{
-            pem: "pem";
-            jwk: "jwk";
-            pkcs8: "pkcs8";
-            pkcs12: "pkcs12";
-        }>;
-        keyData: z.ZodString;
-        keyId: z.ZodOptional<z.ZodString>;
-        algorithm: z.ZodOptional<z.ZodString>;
-        passphrase: z.ZodOptional<z.ZodString>;
-        certificate: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"mtls">;
-        certificate: z.ZodString;
-        privateKey: z.ZodString;
-        passphrase: z.ZodOptional<z.ZodString>;
-        caCertificate: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>, z.ZodObject<{
-        type: z.ZodLiteral<"custom">;
-        customType: z.ZodString;
-        data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
-        headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
-    }, z.core.$strip>], "type">;
-    acquiredAt: z.ZodNumber;
-    lastUsedAt: z.ZodOptional<z.ZodNumber>;
-    expiresAt: z.ZodOptional<z.ZodNumber>;
-    isValid: z.ZodDefault<z.ZodBoolean>;
-    invalidReason: z.ZodOptional<z.ZodString>;
-    userInfo: z.ZodOptional<z.ZodObject<{
-        sub: z.ZodOptional<z.ZodString>;
-        email: z.ZodOptional<z.ZodString>;
-        name: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
-    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
-}, z.core.$strip>;
-export type AppCredential = z.infer<typeof appCredentialSchema>;
-/**
- * Consent record stored in vault
- */
-export declare const vaultConsentRecordSchema: z.ZodObject<{
-    enabled: z.ZodBoolean;
-    selectedToolIds: z.ZodArray<z.ZodString>;
-    availableToolIds: z.ZodArray<z.ZodString>;
-    consentedAt: z.ZodNumber;
-    version: z.ZodDefault<z.ZodString>;
-}, z.core.$strip>;
-/**
- * Federated login record stored in vault
- */
-export declare const vaultFederatedRecordSchema: z.ZodObject<{
-    selectedProviderIds: z.ZodArray<z.ZodString>;
-    skippedProviderIds: z.ZodArray<z.ZodString>;
-    primaryProviderId: z.ZodOptional<z.ZodString>;
-    completedAt: z.ZodNumber;
-}, z.core.$strip>;
-/**
- * Pending incremental authorization request
- */
-export declare const pendingIncrementalAuthSchema: z.ZodObject<{
-    id: z.ZodString;
-    appId: z.ZodString;
-    toolId: z.ZodOptional<z.ZodString>;
-    authUrl: z.ZodString;
-    requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
-    elicitId: z.ZodOptional<z.ZodString>;
-    createdAt: z.ZodNumber;
-    expiresAt: z.ZodNumber;
-    status: z.ZodEnum<{
-        completed: "completed";
-        cancelled: "cancelled";
-        pending: "pending";
-        expired: "expired";
-    }>;
-}, z.core.$strip>;
-/**
- * Authorization vault entry (the full session state)
- */
-export declare const authorizationVaultEntrySchema: z.ZodObject<{
-    id: z.ZodString;
-    userSub: z.ZodString;
-    userEmail: z.ZodOptional<z.ZodString>;
-    userName: z.ZodOptional<z.ZodString>;
-    clientId: z.ZodString;
-    createdAt: z.ZodNumber;
-    lastAccessAt: z.ZodNumber;
-    appCredentials: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
-        appId: z.ZodString;
-        providerId: z.ZodString;
-        credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
-            type: z.ZodLiteral<"oauth">;
-            accessToken: z.ZodString;
-            refreshToken: z.ZodOptional<z.ZodString>;
-            tokenType: z.ZodDefault<z.ZodString>;
-            expiresAt: z.ZodOptional<z.ZodNumber>;
-            scopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
-            idToken: z.ZodOptional<z.ZodString>;
-        }, z.core.$strip>, z.ZodObject<{
-            type: z.ZodLiteral<"api_key">;
-            key: z.ZodString;
-            headerName: z.ZodDefault<z.ZodString>;
-            headerPrefix: z.ZodOptional<z.ZodString>;
-            queryParam: z.ZodOptional<z.ZodString>;
-        }, z.core.$strip>, z.ZodObject<{
-            type: z.ZodLiteral<"basic">;
-            username: z.ZodString;
-            password: z.ZodString;
-            encodedValue: z.ZodOptional<z.ZodString>;
-        }, z.core.$strip>, z.ZodObject<{
-            type: z.ZodLiteral<"bearer">;
-            token: z.ZodString;
-            expiresAt: z.ZodOptional<z.ZodNumber>;
-        }, z.core.$strip>, z.ZodObject<{
-            type: z.ZodLiteral<"private_key">;
-            format: z.ZodEnum<{
-                pem: "pem";
-                jwk: "jwk";
-                pkcs8: "pkcs8";
-                pkcs12: "pkcs12";
-            }>;
-            keyData: z.ZodString;
-            keyId: z.ZodOptional<z.ZodString>;
-            algorithm: z.ZodOptional<z.ZodString>;
-            passphrase: z.ZodOptional<z.ZodString>;
-            certificate: z.ZodOptional<z.ZodString>;
-        }, z.core.$strip>, z.ZodObject<{
-            type: z.ZodLiteral<"mtls">;
-            certificate: z.ZodString;
-            privateKey: z.ZodString;
-            passphrase: z.ZodOptional<z.ZodString>;
-            caCertificate: z.ZodOptional<z.ZodString>;
-        }, z.core.$strip>, z.ZodObject<{
-            type: z.ZodLiteral<"custom">;
-            customType: z.ZodString;
-            data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
-            headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
-        }, z.core.$strip>], "type">;
-        acquiredAt: z.ZodNumber;
-        lastUsedAt: z.ZodOptional<z.ZodNumber>;
-        expiresAt: z.ZodOptional<z.ZodNumber>;
-        isValid: z.ZodDefault<z.ZodBoolean>;
-        invalidReason: z.ZodOptional<z.ZodString>;
-        userInfo: z.ZodOptional<z.ZodObject<{
-            sub: z.ZodOptional<z.ZodString>;
-            email: z.ZodOptional<z.ZodString>;
-            name: z.ZodOptional<z.ZodString>;
-        }, z.core.$strip>>;
-        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
-    }, z.core.$strip>>>;
-    consent: z.ZodOptional<z.ZodObject<{
-        enabled: z.ZodBoolean;
-        selectedToolIds: z.ZodArray<z.ZodString>;
-        availableToolIds: z.ZodArray<z.ZodString>;
-        consentedAt: z.ZodNumber;
-        version: z.ZodDefault<z.ZodString>;
-    }, z.core.$strip>>;
-    federated: z.ZodOptional<z.ZodObject<{
-        selectedProviderIds: z.ZodArray<z.ZodString>;
-        skippedProviderIds: z.ZodArray<z.ZodString>;
-        primaryProviderId: z.ZodOptional<z.ZodString>;
-        completedAt: z.ZodNumber;
-    }, z.core.$strip>>;
-    pendingAuths: z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
-        appId: z.ZodString;
-        toolId: z.ZodOptional<z.ZodString>;
-        authUrl: z.ZodString;
-        requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
-        elicitId: z.ZodOptional<z.ZodString>;
-        createdAt: z.ZodNumber;
-        expiresAt: z.ZodNumber;
-        status: z.ZodEnum<{
-            completed: "completed";
-            cancelled: "cancelled";
-            pending: "pending";
-            expired: "expired";
-        }>;
-    }, z.core.$strip>>;
-    authorizedAppIds: z.ZodArray<z.ZodString>;
-    skippedAppIds: z.ZodArray<z.ZodString>;
-}, z.core.$strip>;
-export type VaultConsentRecord = z.infer<typeof vaultConsentRecordSchema>;
-export type VaultFederatedRecord = z.infer<typeof vaultFederatedRecordSchema>;
-export type PendingIncrementalAuth = z.infer<typeof pendingIncrementalAuthSchema>;
-export type AuthorizationVaultEntry = z.infer<typeof authorizationVaultEntrySchema>;
-export interface AuthorizationVault {
-    /**
-     * Create a new vault entry
-     */
-    create(params: {
-        userSub: string;
-        userEmail?: string;
-        userName?: string;
-        clientId: string;
-        consent?: VaultConsentRecord;
-        federated?: VaultFederatedRecord;
-        authorizedAppIds?: string[];
-        skippedAppIds?: string[];
-    }): Promise<AuthorizationVaultEntry>;
-    /**
-     * Get vault entry by ID
-     */
-    get(id: string): Promise<AuthorizationVaultEntry | null>;
-    /**
-     * Update vault entry
-     */
-    update(id: string, updates: Partial<AuthorizationVaultEntry>): Promise<void>;
-    /**
-     * Delete vault entry
-     */
-    delete(id: string): Promise<void>;
-    /**
-     * Update consent in the vault
-     */
-    updateConsent(vaultId: string, consent: VaultConsentRecord): Promise<void>;
-    /**
-     * Add app to authorized list (for incremental auth)
-     */
-    authorizeApp(vaultId: string, appId: string): Promise<void>;
-    /**
-     * Create a pending incremental auth request
-     */
-    createPendingAuth(vaultId: string, params: {
-        appId: string;
-        toolId?: string;
-        authUrl: string;
-        requiredScopes?: string[];
-        elicitId?: string;
-        ttlMs?: number;
-    }): Promise<PendingIncrementalAuth>;
-    /**
-     * Get pending auth by ID
-     */
-    getPendingAuth(vaultId: string, pendingAuthId: string): Promise<PendingIncrementalAuth | null>;
-    /**
-     * Complete a pending incremental auth
-     */
-    completePendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
-    /**
-     * Cancel a pending incremental auth
-     */
-    cancelPendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
-    /**
-     * Check if app is authorized
-     */
-    isAppAuthorized(vaultId: string, appId: string): Promise<boolean>;
-    /**
-     * Get all pending auths for a vault
-     */
-    getPendingAuths(vaultId: string): Promise<PendingIncrementalAuth[]>;
-    /**
-     * Add an app credential to the vault
-     * Only stores if app is authorized AND (consent disabled OR app tools in consent)
-     */
-    addAppCredential(vaultId: string, credential: AppCredential): Promise<void>;
-    /**
-     * Remove an app credential from the vault
-     */
-    removeAppCredential(vaultId: string, appId: string, providerId: string): Promise<void>;
-    /**
-     * Get all credentials for a specific app
-     */
-    getAppCredentials(vaultId: string, appId: string): Promise<AppCredential[]>;
-    /**
-     * Get a specific credential for an app and provider
-     */
-    getCredential(vaultId: string, appId: string, providerId: string): Promise<AppCredential | null>;
-    /**
-     * Get all credentials in the vault (filtered by consent if enabled)
-     * @param filterByConsent If true, only returns credentials for apps with consented tools
-     */
-    getAllCredentials(vaultId: string, filterByConsent?: boolean): Promise<AppCredential[]>;
-    /**
-     * Update credential metadata (last used, validity, etc.)
-     */
-    updateCredential(vaultId: string, appId: string, providerId: string, updates: Partial<Pick<AppCredential, 'lastUsedAt' | 'isValid' | 'invalidReason' | 'expiresAt' | 'metadata'>>): Promise<void>;
-    /**
-     * Check if a credential should be stored based on consent
-     * Returns true if:
-     * - Consent is disabled, OR
-     * - The app has at least one tool in the consent selection
-     */
-    shouldStoreCredential(vaultId: string, appId: string, toolIds?: string[]): Promise<boolean>;
-    /**
-     * Invalidate a credential (mark as invalid without removing)
-     */
-    invalidateCredential(vaultId: string, appId: string, providerId: string, reason: string): Promise<void>;
-    /**
-     * Refresh an OAuth credential (update tokens)
-     */
-    refreshOAuthCredential(vaultId: string, appId: string, providerId: string, tokens: {
-        accessToken: string;
-        refreshToken?: string;
-        expiresAt?: number;
-    }): Promise<void>;
-    /**
-     * Cleanup expired entries and pending auths
-     */
-    cleanup(): Promise<void>;
-}
-/**
- * In-Memory Authorization Vault
- *
- * Development/testing implementation. Data is lost on restart.
- * For production, use RedisAuthorizationVault.
- */
-export declare class InMemoryAuthorizationVault implements AuthorizationVault {
-    private vaults;
-    /** Default TTL for pending auth requests (10 minutes) */
-    private readonly pendingAuthTtlMs;
-    create(params: {
-        userSub: string;
-        userEmail?: string;
-        userName?: string;
-        clientId: string;
-        consent?: VaultConsentRecord;
-        federated?: VaultFederatedRecord;
-        authorizedAppIds?: string[];
-        skippedAppIds?: string[];
-    }): Promise<AuthorizationVaultEntry>;
-    get(id: string): Promise<AuthorizationVaultEntry | null>;
-    update(id: string, updates: Partial<AuthorizationVaultEntry>): Promise<void>;
-    delete(id: string): Promise<void>;
-    updateConsent(vaultId: string, consent: VaultConsentRecord): Promise<void>;
-    authorizeApp(vaultId: string, appId: string): Promise<void>;
-    createPendingAuth(vaultId: string, params: {
-        appId: string;
-        toolId?: string;
-        authUrl: string;
-        requiredScopes?: string[];
-        elicitId?: string;
-        ttlMs?: number;
-    }): Promise<PendingIncrementalAuth>;
-    getPendingAuth(vaultId: string, pendingAuthId: string): Promise<PendingIncrementalAuth | null>;
-    completePendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
-    cancelPendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
-    isAppAuthorized(vaultId: string, appId: string): Promise<boolean>;
-    getPendingAuths(vaultId: string): Promise<PendingIncrementalAuth[]>;
-    cleanup(): Promise<void>;
-    /** Create a credential key from appId and providerId */
-    private credentialKey;
-    addAppCredential(vaultId: string, credential: AppCredential): Promise<void>;
-    removeAppCredential(vaultId: string, appId: string, providerId: string): Promise<void>;
-    getAppCredentials(vaultId: string, appId: string): Promise<AppCredential[]>;
-    getCredential(vaultId: string, appId: string, providerId: string): Promise<AppCredential | null>;
-    getAllCredentials(vaultId: string, filterByConsent?: boolean): Promise<AppCredential[]>;
-    updateCredential(vaultId: string, appId: string, providerId: string, updates: Partial<Pick<AppCredential, 'lastUsedAt' | 'isValid' | 'invalidReason' | 'expiresAt' | 'metadata'>>): Promise<void>;
-    shouldStoreCredential(vaultId: string, appId: string, toolIds?: string[]): Promise<boolean>;
-    invalidateCredential(vaultId: string, appId: string, providerId: string, reason: string): Promise<void>;
-    refreshOAuthCredential(vaultId: string, appId: string, providerId: string, tokens: {
-        accessToken: string;
-        refreshToken?: string;
-        expiresAt?: number;
-    }): Promise<void>;
-}
-/**
- * Redis Authorization Vault (placeholder)
- *
- * Production implementation using Redis for distributed storage.
- * TODO: Implement after in-memory vault is validated.
- */
-export declare class RedisAuthorizationVault implements AuthorizationVault {
-    private readonly redis;
-    private readonly namespace;
-    constructor(redis: any, namespace?: string);
-    private key;
-    /** Create a credential key from appId and providerId */
-    private credentialKey;
-    create(params: {
-        userSub: string;
-        userEmail?: string;
-        userName?: string;
-        clientId: string;
-        consent?: VaultConsentRecord;
-        federated?: VaultFederatedRecord;
-        authorizedAppIds?: string[];
-        skippedAppIds?: string[];
-    }): Promise<AuthorizationVaultEntry>;
-    get(id: string): Promise<AuthorizationVaultEntry | null>;
-    update(id: string, updates: Partial<AuthorizationVaultEntry>): Promise<void>;
-    delete(id: string): Promise<void>;
-    updateConsent(vaultId: string, consent: VaultConsentRecord): Promise<void>;
-    authorizeApp(vaultId: string, appId: string): Promise<void>;
-    createPendingAuth(vaultId: string, params: {
-        appId: string;
-        toolId?: string;
-        authUrl: string;
-        requiredScopes?: string[];
-        elicitId?: string;
-        ttlMs?: number;
-    }): Promise<PendingIncrementalAuth>;
-    getPendingAuth(vaultId: string, pendingAuthId: string): Promise<PendingIncrementalAuth | null>;
-    completePendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
-    cancelPendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
-    isAppAuthorized(vaultId: string, appId: string): Promise<boolean>;
-    getPendingAuths(vaultId: string): Promise<PendingIncrementalAuth[]>;
-    cleanup(): Promise<void>;
-    addAppCredential(vaultId: string, credential: AppCredential): Promise<void>;
-    removeAppCredential(vaultId: string, appId: string, providerId: string): Promise<void>;
-    getAppCredentials(vaultId: string, appId: string): Promise<AppCredential[]>;
-    getCredential(vaultId: string, appId: string, providerId: string): Promise<AppCredential | null>;
-    getAllCredentials(vaultId: string, filterByConsent?: boolean): Promise<AppCredential[]>;
-    updateCredential(vaultId: string, appId: string, providerId: string, updates: Partial<Pick<AppCredential, 'lastUsedAt' | 'isValid' | 'invalidReason' | 'expiresAt' | 'metadata'>>): Promise<void>;
-    shouldStoreCredential(vaultId: string, appId: string, toolIds?: string[]): Promise<boolean>;
-    invalidateCredential(vaultId: string, appId: string, providerId: string, reason: string): Promise<void>;
-    refreshOAuthCredential(vaultId: string, appId: string, providerId: string, tokens: {
-        accessToken: string;
-        refreshToken?: string;
-        expiresAt?: number;
-    }): Promise<void>;
-}
-//# sourceMappingURL=authorization-vault.d.ts.map

package/auth/session/authorization-vault.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"authorization-vault.d.ts","sourceRoot":"","sources":["../../../src/auth/session/authorization-vault.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;EAQ/B,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAMlE;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;iBAchC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,sBAAsB;;;;;;iBAUjC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;iBAQpC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,sBAAsB;;;;iBAMjC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;iBAcrC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;iBAU/B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,sBAAsB;;;;;iBAQjC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAQ3B,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AACpE,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AACtE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AACtE,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAC9E,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AACtE,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAM1D;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA2B9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;iBAWnC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,0BAA0B;;;;;iBASrC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;iBAmBvC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA2BxC,CAAC;AAMH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAC9E,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAClF,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAMpF,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,MAAM,CAAC,MAAM,EAAE;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,kBAAkB,CAAC;QAC7B,SAAS,CAAC,EAAE,oBAAoB,CAAC;QACjC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC5B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1B,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IAErC;;OAEG;IACH,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAAC;IAEzD;;OAEG;IACH,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7E;;OAEG;IACH,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElC;;OAEG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3E;;OAEG;IACH,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5D;;OAEG;IACH,iBAAiB,CACf,OAAO,EAAE,MAAM,EACf,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GACA,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAEnC;;OAEG;IACH,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC,CAAC;IAE/F;;OAEG;IACH,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3E;;OAEG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzE;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAElE;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC,CAAC;IAMpE;;;OAGG;IACH,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5E;;OAEG;IACH,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvF;;OAEG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAE5E;;OAEG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IAEjG;;;OAGG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAExF;;OAEG;IACH,gBAAgB,CACd,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,YAAY,GAAG,SAAS,GAAG,eAAe,GAAG,WAAW,GAAG,UAAU,CAAC,CAAC,GAC3G,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB;;;;;OAKG;IACH,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE5F;;OAEG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAExG;;OAEG;IACH,sBAAsB,CACpB,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GACzE,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB;;OAEG;IACH,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAMD;;;;;GAKG;AACH,qBAAa,0BAA2B,YAAW,kBAAkB;IACnE,OAAO,CAAC,MAAM,CAA8C;IAE5D,yDAAyD;IACzD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAkB;IAE7C,MAAM,CAAC,MAAM,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,kBAAkB,CAAC;QAC7B,SAAS,CAAC,EAAE,oBAAoB,CAAC;QACjC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC5B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1B,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAsB9B,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;IASxD,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAO5E,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ1E,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAY3D,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GACA,OAAO,CAAC,sBAAsB,CAAC;IAyB5B,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAe9F,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAa1E,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAUxE,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAOjE,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAenE,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAmB9B,wDAAwD;IACxD,OAAO,CAAC,aAAa;IAIf,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAe3E,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAStF,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAU3E,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAQhG,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,eAAe,UAAQ,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAmBrF,gBAAgB,CACpB,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,YAAY,GAAG,SAAS,GAAG,eAAe,GAAG,WAAW,GAAG,UAAU,CAAC,CAAC,GAC3G,OAAO,CAAC,IAAI,CAAC;IAYV,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAmB3F,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOvG,sBAAsB,CAC1B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GACzE,OAAO,CAAC,IAAI,CAAC;CAuBjB;AAMD;;;;;GAKG;AACH,qBAAa,uBAAwB,YAAW,kBAAkB;IAG9D,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,SAAS;gBADT,KAAK,EAAE,GAAG,EACV,SAAS,SAAW;IAGvC,OAAO,CAAC,GAAG;IAIX,wDAAwD;IACxD,OAAO,CAAC,aAAa;IAIf,MAAM,CAAC,MAAM,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,kBAAkB,CAAC;QAC7B,SAAS,CAAC,EAAE,oBAAoB,CAAC;QACjC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC5B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1B,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAsB9B,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;IAUxD,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ5E,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ1E,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAW3D,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GACA,OAAO,CAAC,sBAAsB,CAAC;IAyB5B,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAe9F,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAW1E,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWxE,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAOjE,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAsBnE,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IASxB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAe3E,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAStF,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAU3E,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAQhG,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,eAAe,UAAQ,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAiBrF,gBAAgB,CACpB,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,YAAY,GAAG,SAAS,GAAG,eAAe,GAAG,WAAW,GAAG,UAAU,CAAC,CAAC,GAC3G,OAAO,CAAC,IAAI,CAAC;IAYV,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAmB3F,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOvG,sBAAsB,CAC1B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GACzE,OAAO,CAAC,IAAI,CAAC;CAuBjB"}