@hanzo/iam 0.9.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. package/dist/auth.cjs +111 -0
  2. package/dist/auth.cjs.map +1 -0
  3. package/dist/auth.d.cts +19 -0
  4. package/dist/auth.d.ts +7 -4
  5. package/dist/auth.js +94 -121
  6. package/dist/auth.js.map +1 -1
  7. package/dist/betterauth.cjs +34 -0
  8. package/dist/betterauth.cjs.map +1 -0
  9. package/dist/betterauth.d.cts +64 -0
  10. package/dist/betterauth.d.ts +7 -10
  11. package/dist/betterauth.js +28 -62
  12. package/dist/betterauth.js.map +1 -1
  13. package/dist/billing.cjs +8 -0
  14. package/dist/billing.cjs.map +1 -0
  15. package/dist/billing.d.cts +2 -0
  16. package/dist/billing.d.ts +2 -16
  17. package/dist/billing.js +5 -17
  18. package/dist/billing.js.map +1 -1
  19. package/dist/browser.cjs +680 -0
  20. package/dist/browser.cjs.map +1 -0
  21. package/dist/browser.d.cts +217 -0
  22. package/dist/browser.d.ts +10 -7
  23. package/dist/browser.js +645 -663
  24. package/dist/browser.js.map +1 -1
  25. package/dist/index.cjs +1087 -0
  26. package/dist/index.cjs.map +1 -0
  27. package/dist/{client.d.ts → index.d.cts} +23 -4
  28. package/dist/index.d.ts +86 -23
  29. package/dist/index.js +1077 -29
  30. package/dist/index.js.map +1 -1
  31. package/dist/nextauth.cjs +35 -0
  32. package/dist/nextauth.cjs.map +1 -0
  33. package/dist/nextauth.d.cts +55 -0
  34. package/dist/nextauth.d.ts +4 -7
  35. package/dist/nextauth.js +30 -66
  36. package/dist/nextauth.js.map +1 -1
  37. package/dist/passport.cjs +49 -0
  38. package/dist/passport.cjs.map +1 -0
  39. package/dist/passport.d.cts +47 -0
  40. package/dist/passport.d.ts +8 -5
  41. package/dist/passport.js +45 -65
  42. package/dist/passport.js.map +1 -1
  43. package/dist/react.cjs +1434 -0
  44. package/dist/react.cjs.map +1 -0
  45. package/dist/react.d.cts +133 -0
  46. package/dist/react.d.ts +18 -50
  47. package/dist/react.js +1399 -494
  48. package/dist/react.js.map +1 -1
  49. package/dist/types.cjs +4 -0
  50. package/dist/types.cjs.map +1 -0
  51. package/dist/types.d.cts +219 -0
  52. package/dist/types.d.ts +25 -24
  53. package/dist/types.js +2 -5
  54. package/dist/types.js.map +1 -1
  55. package/package.json +24 -13
  56. package/dist/auth.d.ts.map +0 -1
  57. package/dist/betterauth.d.ts.map +0 -1
  58. package/dist/billing.d.ts.map +0 -1
  59. package/dist/browser.d.ts.map +0 -1
  60. package/dist/client.d.ts.map +0 -1
  61. package/dist/client.js +0 -292
  62. package/dist/client.js.map +0 -1
  63. package/dist/index.d.ts.map +0 -1
  64. package/dist/nextauth.d.ts.map +0 -1
  65. package/dist/passport.d.ts.map +0 -1
  66. package/dist/pkce.d.ts +0 -13
  67. package/dist/pkce.d.ts.map +0 -1
  68. package/dist/pkce.js +0 -36
  69. package/dist/pkce.js.map +0 -1
  70. package/dist/react.d.ts.map +0 -1
  71. package/dist/types.d.ts.map +0 -1
package/dist/react.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"react.js","sourceRoot":"","sources":["../src/react.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EACL,aAAa,EACb,aAAa,EACb,WAAW,EACX,UAAU,EACV,SAAS,EACT,OAAO,EACP,MAAM,EACN,QAAQ,GACT,MAAM,OAAO,CAAC;AAEf,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAgExC,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,MAAM,UAAU,GAAG,aAAa,CAAyB,IAAI,CAAC,CAAC;AAC/D,UAAU,CAAC,WAAW,GAAG,iBAAiB,CAAC;AAE3C,sCAAsC;AACtC,MAAM,eAAe,GAAG,uBAAuB,CAAC;AAChD,MAAM,mBAAmB,GAAG,2BAA2B,CAAC;AACxD,MAAM,mBAAmB,GAAG,sBAAsB,CAAC;AAEnD,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,KAAuB;IACjD,MAAM,EAAE,MAAM,EAAE,QAAQ,GAAG,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;IAElE,MAAM,GAAG,GAAG,OAAO,CACjB,GAAG,EAAE,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC;IACrB,uDAAuD;IACvD,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,CACxD,CAAC;IAEF,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAiB,IAAI,CAAC,CAAC;IACvD,MAAM,CAAC,eAAe,EAAE,kBAAkB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9D,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAC5C,GAAG,CAAC,cAAc,EAAE,CACrB,CAAC;IACF,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAe,IAAI,CAAC,CAAC;IACvD,MAAM,eAAe,GAAG,MAAM,CAAuC,IAAI,CAAC,CAAC;IAE3E,4CAA4C;IAC5C,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;QACvC,IAAI,eAAe,CAAC,OAAO;YAAE,YAAY,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACnE,IAAI,GAAG,CAAC,cAAc,EAAE;YAAE,OAAO;QAEjC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,cAAc,CAAC;QACjD,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC1D,IAAI,CAAC,YAAY;YAAE,OAAO;QAE1B,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC;QAClE,IAAI,cAAc,IAAI,CAAC,EAAE,CAAC;YACxB,GAAG;iBACA,kBAAkB,EAAE;iBACpB,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACf,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBACnC,eAAe,EAAE,CAAC;YACpB,CAAC,CAAC;iBACD,KAAK,CAAC,GAAG,EAAE;gBACV,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBAC1B,OAAO,CAAC,IAAI,CAAC,CAAC;gBACd,cAAc,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC,CAAC,CAAC;YACL,OAAO;QACT,CAAC;QAED,eAAe,CAAC,OAAO,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE;YAC9C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,kBAAkB,EAAE,CAAC;gBAC9C,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBACnC,eAAe,EAAE,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBAC1B,OAAO,CAAC,IAAI,CAAC,CAAC;gBACd,cAAc,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;QACH,CAAC,EAAE,cAAc,CAAC,CAAC;IACrB,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IAE1B,0CAA0C;IAC1C,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO;QACT,CAAC;QAED,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE;YACtB,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,mBAAmB,EAAE,CAAC;gBAC9C,IAAI,SAAS;oBAAE,OAAO;gBACtB,IAAI,KAAK,EAAE,CAAC;oBACV,cAAc,CAAC,KAAK,CAAC,CAAC;oBACtB,kBAAkB,CAAC,IAAI,CAAC,CAAC;oBACzB,IAAI,CAAC;wBACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC;wBACrC,IAAI,CAAC,SAAS;4BAAE,OAAO,CAAC,IAA0B,CAAC,CAAC;oBACtD,CAAC;oBAAC,MAAM,CAAC;wBACP,wDAAwD;oBAC1D,CAAC;oBACD,eAAe,EAAE,CAAC;oBAClB,YAAY,EAAE,CAAC,IAAI,CAAC,CAAC;gBACvB,CAAC;qBAAM,CAAC;oBACN,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC;gBACxB,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,QAAQ,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAC9D,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC;gBACxB,CAAC;YACH,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,SAAS;oBAAE,YAAY,CAAC,KAAK,CAAC,CAAC;YACtC,CAAC;QACH,CAAC,CAAC;QAEF,IAAI,EAAE,CAAC;QACP,OAAO,GAAG,EAAE;YACV,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC,CAAC;QACF,uDAAuD;IACzD,CAAC,EAAE,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEpB,mCAAmC;IACnC,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE;YACV,IAAI,eAAe,CAAC,OAAO;gBAAE,YAAY,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACrE,CAAC,CAAC;IACJ,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,+CAA+C;IAC/C,MAAM,YAAY,GAAG,WAAW,CAC9B,KAAK,EAAE,MAAgB,EAAE,EAAE;QACzB,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACnC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC;YACrC,OAAO,CAAC,IAA0B,CAAC,CAAC;QACtC,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;QACD,eAAe,EAAE,CAAC;QAClB,YAAY,EAAE,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC,EACD,CAAC,GAAG,EAAE,eAAe,EAAE,YAAY,CAAC,CACrC,CAAC;IAEF,MAAM,KAAK,GAAG,WAAW,CACvB,KAAK,EAAE,MAAsD,EAAE,EAAE;QAC/D,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,MAAM,GAAG,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC,EACD,CAAC,GAAG,CAAC,CACN,CAAC;IAEF,MAAM,UAAU,GAAG,WAAW,CAC5B,KAAK,EAAE,MAA4C,EAAE,EAAE;QACrD,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC7C,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9D,QAAQ,CAAC,CAAC,CAAC,CAAC;YACZ,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC,EACD,CAAC,GAAG,EAAE,YAAY,CAAC,CACpB,CAAC;IAEF,MAAM,cAAc,GAAG,WAAW,CAChC,KAAK,EAAE,WAAoB,EAAE,EAAE;QAC7B,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;YACrD,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;YAC3B,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9D,QAAQ,CAAC,CAAC,CAAC,CAAC;YACZ,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC,EACD,CAAC,GAAG,EAAE,YAAY,CAAC,CACpB,CAAC;IAEF,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,EAAE;QAC9B,GAAG,CAAC,WAAW,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,CAAC;QACd,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC1B,cAAc,CAAC,IAAI,CAAC,CAAC;QACrB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,eAAe,CAAC,OAAO;YAAE,YAAY,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACnE,IAAI,CAAC;YACH,YAAY,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YACzC,YAAY,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ;QACV,CAAC;QACD,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC;IACxB,CAAC,EAAE,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAC;IAExB,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CAAC,CAAC;QACL,GAAG;QACH,MAAM;QACN,IAAI;QACJ,eAAe;QACf,SAAS;QACT,WAAW;QACX,KAAK;QACL,UAAU;QACV,cAAc;QACd,MAAM;QACN,KAAK;KACN,CAAC,EACF;QACE,GAAG;QACH,MAAM;QACN,IAAI;QACJ,eAAe;QACf,SAAS;QACT,WAAW;QACX,KAAK;QACL,UAAU;QACV,cAAc;QACd,MAAM;QACN,KAAK;KACN,CACF,CAAC;IAEF,OAAO,aAAa,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,EAAE,QAAQ,CAAC,CAAC;AACjE,CAAC;AAED,8EAA8E;AAC9E,SAAS;AACT,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,MAAM;IACpB,MAAM,GAAG,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;IACnC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,GAAG,MAAM,EAAE,CAAC;IAC1D,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC,GAAG,QAAQ,CAAoB,EAAE,CAAC,CAAC;IAC1E,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,QAAQ,CAAe,EAAE,CAAC,CAAC;IAC3D,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAElD,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAgB,GAAG,EAAE;QACnE,IAAI,CAAC;YACH,OAAO,YAAY,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,GAAG,QAAQ,CACtD,GAAG,EAAE;QACH,IAAI,CAAC;YACH,OAAO,YAAY,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,CACF,CAAC;IAEF,yCAAyC;IACzC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,eAAe,IAAI,CAAC,WAAW,EAAE,CAAC;YACrC,gBAAgB,CAAC,EAAE,CAAC,CAAC;YACrB,WAAW,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO;QACT,CAAC;QAED,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,MAAM,SAAS,GAAG,KAAK,IAAI,EAAE;YAC3B,YAAY,CAAC,IAAI,CAAC,CAAC;YAEnB,kEAAkE;YAClE,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5D,MAAM,GAAG,GAAG,OAAO,CAAC,GAAa,CAAC;gBAClC,IAAI,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACvB,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;oBACrC,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,MAAM,YAAY,GAAoB;4BACpC,KAAK,EAAE,OAAO;4BACd,IAAI,EAAE,UAAU;4BAChB,WAAW,EAAE,UAAU;yBACxB,CAAC;wBACF,gBAAgB,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;wBACjC,IAAI,CAAC,YAAY,EAAE,CAAC;4BAClB,eAAe,CAAC,UAAU,CAAC,CAAC;4BAC5B,IAAI,CAAC;gCACH,YAAY,CAAC,OAAO,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;4BACpD,CAAC;4BAAC,MAAM,CAAC;gCACP,QAAQ;4BACV,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,0CAA0C;YAC5C,CAAC;YAED,wEAAwE;YACxE,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;oBAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;iBAC1B,CAAC,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBACxD,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClC,gBAAgB,CAAC,IAAI,CAAC,CAAC;oBACvB,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;wBAC9B,eAAe,CAAC,QAAQ,CAAC,CAAC;wBAC1B,IAAI,CAAC;4BACH,YAAY,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;wBAClD,CAAC;wBAAC,MAAM,CAAC;4BACP,QAAQ;wBACV,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,yCAAyC;YAC3C,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,SAAS;oBAAE,YAAY,CAAC,KAAK,CAAC,CAAC;YACtC,CAAC;QACH,CAAC,CAAC;QAEF,SAAS,EAAE,CAAC;QACZ,OAAO,GAAG,EAAE;YACV,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC,CAAC;QACF,uDAAuD;IACzD,CAAC,EAAE,CAAC,eAAe,EAAE,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEtE,2CAA2C;IAC3C,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,eAAe,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,EAAE,CAAC;YACtD,WAAW,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO;QACT,CAAC;QAED,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,MAAM,aAAa,GAAG,KAAK,IAAI,EAAE;YAC/B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;oBAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;iBAC1B,CAAC,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,uBAAuB,CACtD,YAAY,EACZ,WAAW,CACZ,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,WAAW,CAAC,WAAW,CAAC,CAAC;oBACzB,+CAA+C;oBAC/C,IAAI,CAAC,gBAAgB,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAChD,MAAM,cAAc,GAClB,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;wBACzD,mBAAmB,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;wBACzC,IAAI,CAAC;4BACH,YAAY,CAAC,OAAO,CAAC,mBAAmB,EAAE,cAAc,CAAC,IAAI,CAAC,CAAC;wBACjE,CAAC;wBAAC,MAAM,CAAC;4BACP,QAAQ;wBACV,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,oDAAoD;gBACpD,IAAI,CAAC,SAAS;oBAAE,WAAW,CAAC,EAAE,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CAAC;QAEF,aAAa,EAAE,CAAC;QAChB,OAAO,GAAG,EAAE;YACV,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC,CAAC;QACF,uDAAuD;IACzD,CAAC,EAAE,CAAC,eAAe,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEpF,MAAM,UAAU,GAAG,OAAO,CACxB,GAAG,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,IAAI,IAAI,EAChE,CAAC,aAAa,EAAE,YAAY,CAAC,CAC9B,CAAC;IAEF,MAAM,cAAc,GAAG,OAAO,CAC5B,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,gBAAgB,CAAC,IAAI,IAAI,EAC/D,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAC7B,CAAC;IAEF,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,KAAa,EAAE,EAAE;QAC9C,eAAe,CAAC,KAAK,CAAC,CAAC;QACvB,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC1B,WAAW,CAAC,EAAE,CAAC,CAAC;QAChB,IAAI,CAAC;YACH,YAAY,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;YAC7C,YAAY,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ;QACV,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,aAAa,GAAG,WAAW,CAAC,CAAC,SAAwB,EAAE,EAAE;QAC7D,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAC/B,IAAI,CAAC;YACH,IAAI,SAAS,EAAE,CAAC;gBACd,YAAY,CAAC,OAAO,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ;QACV,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,OAAO;QACL,aAAa;QACb,UAAU;QACV,YAAY;QACZ,SAAS;QACT,QAAQ;QACR,cAAc;QACd,gBAAgB;QAChB,aAAa;QACb,SAAS;KACV,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,WAAW;IAKzB,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,eAAe,EAAE,GAAG,MAAM,EAAE,CAAC;IAEvD,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACrC,IAAI,CAAC;YACH,OAAO,MAAM,GAAG,CAAC,mBAAmB,EAAE,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAEV,OAAO;QACL,KAAK,EAAE,WAAW;QAClB,OAAO,EAAE,eAAe,IAAI,CAAC,CAAC,WAAW,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE;QAClE,OAAO;KACR,CAAC;AACJ,CAAC;AAED,qCAAqC;AACrC,OAAO,EAAE,UAAU,EAAE,CAAC;AAmBtB;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,kBAAkB,CAAC,EACjC,aAAa,EACb,YAAY,EACZ,SAAS,EACT,QAAQ,GAAG,EAAE,EACb,gBAAgB,GAAG,IAAI,EACvB,aAAa,EACb,cAAc,EACd,WAAW,EACX,SAAS,GAAG,EAAE,EACd,UAAU,GAAG,KAAK,GACM;IACxB,SAAS,CAAC,GAAG,EAAE;QACb,cAAc,EAAE,CAAC,YAAY,EAAE,gBAAgB,IAAI,IAAI,CAAC,CAAC;IAC3D,CAAC,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC;IAErD,MAAM,eAAe,GAAG,WAAW,CACjC,CAAC,CAAgC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAC/D,CAAC,SAAS,CAAC,CACZ,CAAC;IAEF,MAAM,mBAAmB,GAAG,WAAW,CACrC,CAAC,CAAgC,EAAE,EAAE,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,EAC7E,CAAC,aAAa,CAAC,CAChB,CAAC;IAEF,IAAI,CAAC,UAAU,IAAI,aAAa,CAAC,MAAM,IAAI,CAAC,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACrE,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YAC7B,OAAO,aAAa,CAClB,KAAK,EACL,EAAE,SAAS,EAAE,mCAAmC,SAAS,EAAE,EAAE,EAC7D,aAAa,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,EAAE,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,IAAI,CAAC,EAChF,QAAQ,CAAC,MAAM,KAAK,CAAC;gBACnB,CAAC,CAAC;oBACE,aAAa,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,uBAAuB,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,GAAG,CAAC;oBAC9E,aAAa,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;iBACpF;gBACH,CAAC,CAAC,IAAI,EACR,WAAW;gBACT,CAAC,CAAC,aAAa,CACX,MAAM,EACN,EAAE,SAAS,EAAE,iEAAiE,EAAE,EAChF,WAAW,CACZ;gBACH,CAAC,CAAC,IAAI,CACT,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,aAAa,CAClB,KAAK,EACL,EAAE,SAAS,EAAE,2BAA2B,SAAS,EAAE,EAAE,EACrD,aAAa,CACX,QAAQ,EACR;QACE,KAAK,EAAE,YAAY,IAAI,EAAE;QACzB,QAAQ,EAAE,eAAe;QACzB,SAAS,EACP,gIAAgI;QAClI,YAAY,EAAE,qBAAqB;KACpC,EACD,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAC3B,aAAa,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,IAAI,CAAC,CACzF,CACF,EACD,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa;QAClC,CAAC,CAAC;YACE,aAAa,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,uBAAuB,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,GAAG,CAAC;YAC9E,aAAa,CACX,QAAQ,EACR;gBACE,GAAG,EAAE,aAAa;gBAClB,KAAK,EAAE,gBAAgB,IAAI,EAAE;gBAC7B,QAAQ,EAAE,mBAAmB;gBAC7B,SAAS,EACP,gIAAgI;gBAClI,YAAY,EAAE,gBAAgB;aAC/B,EACD,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CACvB,aAAa,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,IAAI,CAAC,CAC7F,CACF;SACF;QACH,CAAC,CAAC,IAAI,EACR,WAAW;QACT,CAAC,CAAC,aAAa,CACX,MAAM,EACN,EAAE,SAAS,EAAE,iEAAiE,EAAE,EAChF,WAAW,CACZ;QACH,CAAC,CAAC,IAAI,CACT,CAAC;AACJ,CAAC"}
1
+ {"version":3,"sources":["../src/pkce.ts","../src/browser.ts","../src/client.ts","../src/react.ts"],"names":["tokens"],"mappings":";;;;;AAMA,SAAS,qBAAqB,MAAA,EAAwB;AACpD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,EAAA,OAAO,MAAM,IAAA,CAAK,KAAA,EAAO,CAAC,CAAA,KAAM,CAAA,CAAE,SAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC5D,IAAA,CAAK,EAAE,CAAA,CACP,KAAA,CAAM,GAAG,MAAM,CAAA;AACpB;AAEA,eAAe,OAAO,KAAA,EAAqC;AACzD,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,OAAO,OAAO,MAAA,CAAO,MAAA,CAAO,WAAW,OAAA,CAAQ,MAAA,CAAO,KAAK,CAAC,CAAA;AAC9D;AAEA,SAAS,gBAAgB,MAAA,EAA6B;AACpD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAA,IAAU,MAAA,CAAO,aAAa,IAAI,CAAA;AAAA,EACpC;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC/E;AAGA,eAAsB,qBAAA,GAGnB;AACD,EAAA,MAAM,YAAA,GAAe,qBAAqB,EAAE,CAAA;AAC5C,EAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,YAAY,CAAA;AACtC,EAAA,MAAM,aAAA,GAAgB,gBAAgB,IAAI,CAAA;AAC1C,EAAA,OAAO,EAAE,cAAc,aAAA,EAAc;AACvC;AAGO,SAAS,aAAA,GAAwB;AACtC,EAAA,OAAO,qBAAqB,EAAE,CAAA;AAChC;;;AC1BA,IAAM,cAAA,GAAiB,YAAA;AACvB,IAAM,SAAA,GAAY,GAAG,cAAc,CAAA,KAAA,CAAA;AACnC,IAAM,iBAAA,GAAoB,GAAG,cAAc,CAAA,aAAA,CAAA;AAC3C,IAAM,gBAAA,GAAmB,GAAG,cAAc,CAAA,YAAA,CAAA;AAC1C,IAAM,iBAAA,GAAoB,GAAG,cAAc,CAAA,aAAA,CAAA;AAC3C,IAAM,YAAA,GAAe,GAAG,cAAc,CAAA,QAAA,CAAA;AACtC,IAAM,cAAA,GAAiB,GAAG,cAAc,CAAA,UAAA,CAAA;AAuBjC,IAAM,MAAN,MAAU;AAAA,EACE,MAAA;AAAA,EACA,OAAA;AAAA,EACT,cAAA,GAAuC,IAAA;AAAA,EAE/C,YAAY,MAAA,EAAmB;AAC7B,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,OAAO,OAAA,IAAW,cAAA;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,YAAA,GAAuC;AACnD,IAAA,IAAI,IAAA,CAAK,cAAA,EAAgB,OAAO,IAAA,CAAK,cAAA;AAErC,IAAA,MAAM,UAAU,IAAA,CAAK,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAKxD,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,OAAO,CAAA,iCAAA,CAAA,EAAqC;AAAA,QACrE,OAAA,EAAS,EAAE,MAAA,EAAQ,kBAAA;AAAmB,OACvC,CAAA;AACD,MAAA,IAAI,IAAI,EAAA,EAAI;AACV,QAAA,IAAA,CAAK,cAAA,GAAkB,MAAM,GAAA,CAAI,IAAA,EAAK;AACtC,QAAA,OAAO,IAAA,CAAK,cAAA;AAAA,MACd;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAEA,IAAA,IAAA,CAAK,cAAA,GAAiB;AAAA,MACpB,MAAA,EAAQ,OAAA;AAAA,MACR,sBAAA,EAAwB,GAAG,OAAO,CAAA,gBAAA,CAAA;AAAA,MAClC,cAAA,EAAgB,GAAG,OAAO,CAAA,YAAA,CAAA;AAAA,MAC1B,iBAAA,EAAmB,GAAG,OAAO,CAAA,eAAA,CAAA;AAAA,MAC7B,QAAA,EAAU,GAAG,OAAO,CAAA,iBAAA,CAAA;AAAA,MACpB,wBAAA,EAA0B,CAAC,MAAA,EAAQ,OAAA,EAAS,UAAU,CAAA;AAAA,MACtD,qBAAA,EAAuB,CAAC,oBAAA,EAAsB,UAAA,EAAY,eAAe,CAAA;AAAA,MACzE,gBAAA,EAAkB,CAAC,QAAA,EAAU,OAAA,EAAS,SAAS;AAAA,KACjD;AACA,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,eAAe,MAAA,EAAuE;AAC1F,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,EAAE,YAAA,EAAc,aAAA,EAAc,GAAI,MAAM,qBAAA,EAAsB;AACpE,IAAA,MAAM,QAAQ,aAAA,EAAc;AAE5B,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,SAAA,EAAW,KAAK,CAAA;AACrC,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAA,EAAmB,YAAY,CAAA;AAEpD,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,SAAA,CAAU,sBAAsB,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,IAAA,CAAK,OAAO,QAAQ,CAAA;AACtD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAC5C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,IAAA,CAAK,OAAO,WAAW,CAAA;AAC5D,IAAA,GAAA,CAAI,aAAa,GAAA,CAAI,OAAA,EAAS,IAAA,CAAK,MAAA,CAAO,SAAS,sBAAsB,CAAA;AACzE,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AACnC,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,aAAa,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,MAAM,CAAA;AAEpD,IAAA,IAAI,QAAQ,gBAAA,EAAkB;AAC5B,MAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,MAAA,CAAO,gBAAgB,CAAA,EAAG;AAC5D,QAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,CAAC,CAAA;AAAA,MAC3B;AAAA,IACF;AAEA,IAAA,MAAA,CAAO,QAAA,CAAS,IAAA,GAAO,GAAA,CAAI,QAAA,EAAS;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,eAAe,WAAA,EAAyC;AAC5D,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,WAAA,IAAe,MAAA,CAAO,SAAS,IAAI,CAAA;AACvD,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAE1C,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,mBAAmB,CAAA,IAAK,KAAA;AAC1D,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,aAAA,EAAgB,IAAI,CAAA,CAAE,CAAA;AAAA,IACxC;AAEA,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AACjD,IAAA,IAAI,UAAA,IAAc,UAAU,UAAA,EAAY;AACtC,MAAA,MAAM,IAAI,MAAM,kDAA6C,CAAA;AAAA,IAC/D;AAGA,IAAA,MAAM,WAAA,GAAc,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAc,CAAA;AACvD,IAAA,IAAI,WAAA,EAAa;AACf,MAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,SAAS,CAAA;AACjC,MAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,iBAAiB,CAAA;AAEzC,MAAA,MAAMA,OAAAA,GAAwB;AAAA,QAC5B,YAAA,EAAc,WAAA;AAAA,QACd,UAAA,EAAY,QAAA;AAAA,QACZ,aAAA,EAAe,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAe,CAAA,IAAK,MAAA;AAAA,QACxD,UAAA,EAAY;AAAA,OACd;AACA,MAAA,IAAA,CAAK,YAAYA,OAAM,CAAA;AACvB,MAAA,OAAO,WAAWA,OAAM,CAAA;AAAA,IAC1B;AAGA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,IAC9D;AAEA,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAiB,CAAA;AAC3D,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,MAAM,IAAI,MAAM,gEAA2D,CAAA;AAAA,IAC7E;AAGA,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,SAAS,CAAA;AACjC,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,iBAAiB,CAAA;AAEzC,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,oBAAA;AAAA,MACZ,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,IAAA;AAAA,MACA,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,aAAA,EAAe;AAAA,KAChB,CAAA;AAGD,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,MAAA,CAAO,YAAA,GACzB,CAAA,EAAG,IAAA,CAAK,MAAA,CAAO,YAAA,CAAa,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAC,gBAC/C,SAAA,CAAU,cAAA;AAEd,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,QAAA,EAAU;AAAA,MAChC,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAoC;AAAA,MAC/D,IAAA,EAAM,KAAK,QAAA;AAAS,KACrB,CAAA;AAED,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,IAAI,MAAM,CAAA,GAAA,EAAM,IAAI,CAAA,CAAE,CAAA;AAAA,IAClE;AAEA,IAAA,MAAM,MAAA,GAAU,MAAM,GAAA,CAAI,IAAA,EAAK;AAC/B,IAAA,IAAA,CAAK,YAAY,MAAM,CAAA;AACvB,IAAA,OAAO,WAAW,MAAM,CAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,kBAAA,GAAwC;AAC5C,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAiB,CAAA;AAC3D,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAAA,IAC9C;AAEA,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,eAAA;AAAA,MACZ,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,aAAA,EAAe;AAAA,KAChB,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,MAAA,CAAO,YAAA,GACzB,CAAA,EAAG,IAAA,CAAK,MAAA,CAAO,YAAA,CAAa,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAC,gBAC/C,SAAA,CAAU,cAAA;AAEd,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,QAAA,EAAU;AAAA,MAChC,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAoC;AAAA,MAC/D,IAAA,EAAM,KAAK,QAAA;AAAS,KACrB,CAAA;AAED,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,sBAAA,EAAyB,IAAI,MAAM,CAAA,GAAA,EAAM,IAAI,CAAA,CAAE,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,MAAA,GAAU,MAAM,GAAA,CAAI,IAAA,EAAK;AAC/B,IAAA,IAAA,CAAK,YAAY,MAAM,CAAA;AACvB,IAAA,OAAO,WAAW,MAAM,CAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAY,MAAA,EAII;AACpB,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,EAAE,YAAA,EAAc,aAAA,EAAc,GAAI,MAAM,qBAAA,EAAsB;AACpE,IAAA,MAAM,QAAQ,aAAA,EAAc;AAE5B,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,SAAA,EAAW,KAAK,CAAA;AACrC,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAA,EAAmB,YAAY,CAAA;AAEpD,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,SAAA,CAAU,sBAAsB,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,IAAA,CAAK,OAAO,QAAQ,CAAA;AACtD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAC5C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,IAAA,CAAK,OAAO,WAAW,CAAA;AAC5D,IAAA,GAAA,CAAI,aAAa,GAAA,CAAI,OAAA,EAAS,IAAA,CAAK,MAAA,CAAO,SAAS,sBAAsB,CAAA;AACzE,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AACnC,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,aAAa,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,MAAM,CAAA;AAEpD,IAAA,IAAI,QAAQ,gBAAA,EAAkB;AAC5B,MAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,MAAA,CAAO,gBAAgB,CAAA,EAAG;AAC5D,QAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,CAAC,CAAA;AAAA,MAC3B;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAQ,QAAQ,KAAA,IAAS,GAAA;AAC/B,IAAA,MAAM,MAAA,GAAS,QAAQ,MAAA,IAAU,GAAA;AACjC,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,OAAA,GAAA,CAAW,MAAA,CAAO,aAAa,KAAA,IAAS,CAAA;AAC5D,IAAA,MAAM,GAAA,GAAM,MAAA,CAAO,OAAA,GAAA,CAAW,MAAA,CAAO,cAAc,MAAA,IAAU,CAAA;AAE7D,IAAA,OAAO,IAAI,OAAA,CAAkB,CAAC,OAAA,EAAS,MAAA,KAAW;AAChD,MAAA,MAAM,QAAQ,MAAA,CAAO,IAAA;AAAA,QACnB,IAAI,QAAA,EAAS;AAAA,QACb,iBAAA;AAAA,QACA,SAAS,KAAK,CAAA,QAAA,EAAW,MAAM,CAAA,MAAA,EAAS,IAAI,QAAQ,GAAG,CAAA,sBAAA;AAAA,OACzD;AAEA,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAA,CAAO,IAAI,KAAA,CAAM,uDAAkD,CAAC,CAAA;AACpE,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,QAAA,GAAW,YAAY,MAAM;AACjC,QAAA,IAAI;AACF,UAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,YAAA,aAAA,CAAc,QAAQ,CAAA;AACtB,YAAA,MAAA,CAAO,IAAI,KAAA,CAAM,0CAA0C,CAAC,CAAA;AAC5D,YAAA;AAAA,UACF;AAEA,UAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,IAAA;AAChC,UAAA,IAAI,QAAA,CAAS,UAAA,CAAW,IAAA,CAAK,MAAA,CAAO,WAAW,CAAA,EAAG;AAChD,YAAA,aAAA,CAAc,QAAQ,CAAA;AACtB,YAAA,KAAA,CAAM,KAAA,EAAM;AACZ,YAAA,IAAA,CAAK,cAAA,CAAe,QAAQ,CAAA,CAAE,IAAA,CAAK,SAAS,MAAM,CAAA;AAAA,UACpD;AAAA,QACF,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF,GAAG,GAAG,CAAA;AAAA,IACR,CAAC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,YAAA,CAAa,SAAA,GAAY,GAAA,EAAgC;AAC7D,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,EAAE,YAAA,EAAc,aAAA,EAAc,GAAI,MAAM,qBAAA,EAAsB;AACpE,IAAA,MAAM,QAAQ,aAAA,EAAc;AAE5B,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,SAAA,EAAW,KAAK,CAAA;AACrC,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAA,EAAmB,YAAY,CAAA;AAEpD,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,SAAA,CAAU,sBAAsB,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,IAAA,CAAK,OAAO,QAAQ,CAAA;AACtD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAC5C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,IAAA,CAAK,OAAO,WAAW,CAAA;AAC5D,IAAA,GAAA,CAAI,aAAa,GAAA,CAAI,OAAA,EAAS,IAAA,CAAK,MAAA,CAAO,SAAS,sBAAsB,CAAA;AACzE,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AACnC,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,aAAa,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,MAAM,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,QAAA,EAAU,MAAM,CAAA;AAErC,IAAA,OAAO,IAAI,OAAA,CAAyB,CAAC,OAAA,KAAY;AAC/C,MAAA,MAAM,MAAA,GAAS,QAAA,CAAS,aAAA,CAAc,QAAQ,CAAA;AAC9C,MAAA,MAAA,CAAO,MAAM,OAAA,GAAU,MAAA;AAEvB,MAAA,MAAM,OAAA,GAAU,WAAW,MAAM;AAC/B,QAAA,OAAA,EAAQ;AACR,QAAA,OAAA,CAAQ,IAAI,CAAA;AAAA,MACd,GAAG,SAAS,CAAA;AAEZ,MAAA,MAAM,UAAU,MAAM;AACpB,QAAA,YAAA,CAAa,OAAO,CAAA;AACpB,QAAA,MAAA,CAAO,MAAA,EAAO;AACd,QAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,SAAS,CAAA;AACjC,QAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,iBAAiB,CAAA;AAAA,MAC3C,CAAA;AAEA,MAAA,MAAA,CAAO,gBAAA,CAAiB,QAAQ,MAAM;AACpC,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAY,MAAA,CAAO,aAAA,EAAe,QAAA,CAAS,IAAA;AACjD,UAAA,IAAI,aAAa,SAAA,CAAU,UAAA,CAAW,IAAA,CAAK,MAAA,CAAO,WAAW,CAAA,EAAG;AAC9D,YAAA,OAAA,EAAQ;AACR,YAAA,IAAA,CAAK,cAAA,CAAe,SAAS,CAAA,CAAE,IAAA;AAAA,cAC7B,CAAC,MAAA,KAAW,OAAA,CAAQ,MAAM,CAAA;AAAA,cAC1B,MAAM,QAAQ,IAAI;AAAA,aACpB;AAAA,UACF;AAAA,QACF,CAAA,CAAA,MAAQ;AAEN,UAAA,OAAA,EAAQ;AACR,UAAA,OAAA,CAAQ,IAAI,CAAA;AAAA,QACd;AAAA,MACF,CAAC,CAAA;AAED,MAAA,MAAA,CAAO,GAAA,GAAM,IAAI,QAAA,EAAS;AAC1B,MAAA,QAAA,CAAS,IAAA,CAAK,YAAY,MAAM,CAAA;AAAA,IAClC,CAAC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAMQ,YAAY,MAAA,EAA6B;AAC/C,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,gBAAA,EAAkB,MAAA,CAAO,YAAY,CAAA;AAC1D,IAAA,IAAI,OAAO,aAAA,EAAe;AACxB,MAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAA,EAAmB,MAAA,CAAO,aAAa,CAAA;AAAA,IAC9D;AACA,IAAA,IAAI,OAAO,QAAA,EAAU;AACnB,MAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,YAAA,EAAc,MAAA,CAAO,QAAQ,CAAA;AAAA,IACpD;AACA,IAAA,IAAI,OAAO,UAAA,EAAY;AACrB,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,GAAI,OAAO,UAAA,GAAa,GAAA;AACnD,MAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,cAAA,EAAgB,MAAA,CAAO,SAAS,CAAC,CAAA;AAAA,IACxD;AAAA,EACF;AAAA;AAAA,EAGA,cAAA,GAAgC;AAC9B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,gBAAgB,CAAA;AAAA,EAC9C;AAAA;AAAA,EAGA,eAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAiB,CAAA;AAAA,EAC/C;AAAA;AAAA,EAGA,UAAA,GAA4B;AAC1B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA;AAAA,EAC1C;AAAA;AAAA,EAGA,cAAA,GAA0B;AACxB,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,cAAc,CAAA;AACrD,IAAA,IAAI,CAAC,WAAW,OAAO,IAAA;AACvB,IAAA,OAAO,IAAA,CAAK,GAAA,EAAI,IAAK,MAAA,CAAO,SAAS,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,mBAAA,GAA8C;AAClD,IAAA,MAAM,KAAA,GAAQ,KAAK,cAAA,EAAe;AAClC,IAAA,IAAI,KAAA,IAAS,CAAC,IAAA,CAAK,cAAA,EAAe,EAAG;AACnC,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,IAAA,CAAK,iBAAgB,EAAG;AAC1B,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,kBAAA,EAAmB;AAC7C,QAAA,OAAO,MAAA,CAAO,WAAA;AAAA,MAChB,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA,EAGA,WAAA,GAAoB;AAClB,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,gBAAgB,CAAA;AACxC,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,iBAAiB,CAAA;AACzC,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,YAAY,CAAA;AACpC,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,cAAc,CAAA;AACtC,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,SAAS,CAAA;AACjC,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,iBAAiB,CAAA;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,WAAA,GAAgD;AACpD,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,mBAAA,EAAoB;AAC7C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,MAAM,+CAA0C,CAAA;AAAA,IAC5D;AACA,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,WAAA,GAAc,IAAA,CAAK,MAAA,CAAO,YAAA,GAC5B,CAAA,EAAG,IAAA,CAAK,MAAA,CAAO,YAAA,CAAa,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAC,mBAC/C,SAAA,CAAU,iBAAA;AACd,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,WAAA,EAAa;AAAA,MACnC,OAAA,EAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA;AAAG,KAC7C,CAAA;AACD,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,GAAA,CAAI,MAAM,CAAA,CAAA,CAAG,CAAA;AAAA,IACzD;AACA,IAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,MAAA,EAA+C;AAC1D,IAAA,MAAM,OAAO,IAAA,CAAK,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,QAAQ,EAAE,CAAA;AACrD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,OAAA,IAAW,KAAA;AACnC,IAAY,IAAA,CAAK,MAAA,CAAO,OAAA,IAAW;AACnC,IAAA,IAAI,GAAA,GAAM,CAAA,EAAG,IAAI,CAAA,QAAA,EAAW,GAAG,CAAA,CAAA;AAC/B,IAAA,IAAI,QAAQ,cAAA,EAAgB;AAC1B,MAAA,GAAA,IAAO,sBAAA;AAAA,IACT;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,kBAAkB,QAAA,EAA0B;AAC1C,IAAA,MAAM,OAAO,IAAA,CAAK,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,QAAQ,EAAE,CAAA;AACrD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,OAAA,IAAW,UAAA;AACnC,IAAA,OAAO,CAAA,EAAG,IAAI,CAAA,OAAA,EAAU,GAAG,IAAI,QAAQ,CAAA,CAAA;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBA,MAAM,oBAAA,CACJ,OAAA,EACA,MAAA,GAA+D,OAAA,EACrB;AAE1C,IAAA,IAAI,MAAA,KAAW,SAAS,MAAA,GAAS,QAAA;AACjC,IAAA,MAAM,UAAU,OAAA,IAAW,OAAA;AAC3B,IAAA,MAAM,IAAA,GAAO,OAAA,GAAU,OAAA,CAAQ,KAAA,GAAQ,OAAA,CAAQ,KAAA;AAC/C,IAAA,MAAM,MAAA,GAAiC;AAAA,MACrC,aAAA,EAAe,CAAA,MAAA,EAAS,IAAA,CAAK,MAAA,CAAO,WAAW,KAAK,CAAA,CAAA;AAAA,MACpD,IAAA;AAAA,MACA,IAAA,EAAM,UAAU,OAAA,GAAU,OAAA;AAAA,MAC1B,MAAA;AAAA,MACA,WAAA,EAAa,MAAA;AAAA,MACb,YAAA,EAAc;AAAA,KAChB;AACA,IAAA,IAAI,OAAA,EAAS,MAAA,CAAO,WAAA,GAAc,OAAA,CAAQ,WAAA;AAE1C,IAAA,MAAM,GAAA,GAAM,GAAG,IAAA,CAAK,MAAA,CAAO,UAAU,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAC,CAAA,uBAAA,CAAA;AACxD,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,MAC3B,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAoC;AAAA,MAC/D,IAAA,EAAM,IAAI,eAAA,CAAgB,MAAM,EAAE,QAAA;AAAS,KAC5C,CAAA;AACD,IAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AAC9C,IAAA,IAAI,KAAK,MAAA,KAAW,IAAA,EAAM,OAAO,EAAE,IAAI,IAAA,EAAK;AAC5C,IAAA,MAAM,GAAA,GAAO,IAAA,CAAK,GAAA,IAAkB,CAAA,+BAAA,EAAkC,IAAI,MAAM,CAAA,CAAA,CAAA;AAGhF,IAAA,IAAI,GAAA,CAAI,QAAA,CAAS,cAAc,CAAA,IAAK,GAAA,CAAI,QAAA,CAAS,UAAU,CAAA,EAAG,OAAO,EAAE,EAAA,EAAI,IAAA,EAAK;AAChF,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,GAAA,EAAI;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAA,CAAgB,KAAA,EAAe,WAAA,EAAmE;AACtG,IAAA,MAAM,GAAA,GAAM,GAAG,IAAA,CAAK,MAAA,CAAO,UAAU,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAC,CAAA,eAAA,CAAA;AACxD,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,MAC3B,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACnB,WAAA,EAAa,IAAA,CAAK,MAAA,CAAO,OAAA,IAAW,KAAA;AAAA,QACpC,KAAA;AAAA,QACA;AAAA,OACD;AAAA,KACF,CAAA;AACD,IAAA,IAAI,IAAI,MAAA,KAAW,GAAA,EAAK,OAAO,EAAE,QAAQ,KAAA,EAAM;AAC/C,IAAA,IAAI,CAAC,GAAA,CAAI,EAAA,EAAI,OAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,KAAA,EAAO,CAAA,wBAAA,EAA2B,GAAA,CAAI,MAAM,CAAA,CAAA,CAAA,EAAI;AACrF,IAAA,OAAO,EAAE,QAAQ,IAAA,EAAK;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,MAAA,EAU6C;AACxD,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,QAAA,IAAY,MAAA,CAAO,IAAA;AAC3C,IAAA,MAAM,WAAW,MAAA,CAAO,QAAA,IAAY,CAAA,GAAA,EAAM,IAAA,CAAK,KAAK,CAAA,CAAA,CAAA;AACpD,IAAA,MAAM,IAAA,GAAgC;AAAA,MACpC,WAAA,EAAa,IAAA,CAAK,MAAA,CAAO,OAAA,IAAW,KAAA;AAAA,MACpC,YAAA,EAAc,IAAA,CAAK,MAAA,CAAO,OAAA,IAAW,UAAA;AAAA,MACrC,MAAM,MAAA,CAAO,IAAA;AAAA,MACb,QAAA;AAAA,MACA,QAAA;AAAA,MACA,OAAA,EAAS,QAAA;AAAA,MACT,SAAA,EAAW;AAAA,KACb;AACA,IAAA,IAAI,MAAA,CAAO,WAAW,OAAA,EAAS;AAC7B,MAAA,IAAA,CAAK,QAAQ,MAAA,CAAO,KAAA;AACpB,MAAA,IAAI,MAAA,CAAO,SAAA,EAAW,IAAA,CAAK,SAAA,GAAY,MAAA,CAAO,SAAA;AAAA,IAChD,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,QAAQ,MAAA,CAAO,KAAA;AACpB,MAAA,IAAA,CAAK,cAAc,MAAA,CAAO,WAAA;AAC1B,MAAA,IAAI,MAAA,CAAO,SAAA,EAAW,IAAA,CAAK,SAAA,GAAY,MAAA,CAAO,SAAA;AAC9C,MAAA,IAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,KAAA,GAAQ,MAAA,CAAO,KAAA;AACtC,MAAA,IAAI,MAAA,CAAO,SAAA,EAAW,IAAA,CAAK,SAAA,GAAY,MAAA,CAAO,SAAA;AAAA,IAChD;AACA,IAAA,MAAM,GAAA,GAAM,GAAG,IAAA,CAAK,MAAA,CAAO,UAAU,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAC,CAAA,OAAA,CAAA;AACxD,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,MAC3B,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AACD,IAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AAC9C,IAAA,IAAI,IAAA,CAAK,MAAA,KAAW,IAAA,EAAM,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,EAAA,EAAI,IAAA,CAAK,KAAA,IAAS,IAAA,CAAK,IAAA,EAAK;AACzE,IAAA,OAAO,EAAE,IAAI,KAAA,EAAO,KAAA,EAAQ,KAAK,GAAA,IAAkB,CAAA,eAAA,EAAkB,GAAA,CAAI,MAAM,CAAA,CAAA,CAAA,EAAI;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,qBAAqB,MAAA,EAKiC;AAC1D,IAAA,MAAM,EAAE,YAAA,EAAc,aAAA,EAAc,GAAI,MAAM,qBAAA,EAAsB;AACpE,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAA,EAAmB,YAAY,CAAA;AAEpD,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,EAAG,IAAA,CAAK,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAC,CAAA,MAAA,CAAQ,CAAA;AACxE,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,aAAa,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,MAAM,CAAA;AAEpD,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,CAAI,UAAS,EAAG;AAAA,MACtC,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACnB,WAAA,EAAa,IAAA,CAAK,MAAA,CAAO,OAAA,IAAW,KAAA;AAAA,QACpC,YAAA,EAAc,IAAA,CAAK,MAAA,CAAO,OAAA,IAAW,UAAA;AAAA,QACrC,UAAU,MAAA,CAAO,QAAA;AAAA,QACjB,UAAU,MAAA,CAAO,QAAA;AAAA,QACjB,IAAA,EAAM,OAAO,IAAA,IAAQ,MAAA;AAAA,QACrB,QAAA,EAAU,KAAK,MAAA,CAAO,QAAA;AAAA,QACtB,WAAA,EAAa,MAAA,CAAO,WAAA,IAAe,IAAA,CAAK,MAAA,CAAO,WAAA;AAAA,QAC/C,aAAA;AAAA,QACA,mBAAA,EAAqB,MAAA;AAAA,QACrB,UAAA,EAAY;AAAA,OACb;AAAA,KACF,CAAA;AACD,IAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AAC9C,IAAA,IAAI,IAAA,CAAK,MAAA,KAAW,IAAA,IAAQ,IAAA,CAAK,IAAA,EAAM,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,IAAA,EAAM,IAAA,CAAK,IAAA,EAAe;AACpF,IAAA,OAAO,EAAE,IAAI,KAAA,EAAO,KAAA,EAAQ,KAAK,GAAA,IAAkB,CAAA,cAAA,EAAiB,GAAA,CAAI,MAAM,CAAA,CAAA,CAAA,EAAI;AAAA,EACpF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,oBAAA,CAAqB,IAAA,EAAc,WAAA,EAAyC;AAChF,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAiB,CAAA;AAC3D,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,MAAM,IAAI,MAAM,gEAA2D,CAAA;AAAA,IAC7E;AACA,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,iBAAiB,CAAA;AAEzC,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,MAAA,CAAO,YAAA,GACzB,CAAA,EAAG,IAAA,CAAK,MAAA,CAAO,YAAA,CAAa,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAC,gBAC/C,SAAA,CAAU,cAAA;AAEd,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,oBAAA;AAAA,MACZ,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,IAAA;AAAA,MACA,YAAA,EAAc,WAAA,IAAe,IAAA,CAAK,MAAA,CAAO,WAAA;AAAA,MACzC,aAAA,EAAe;AAAA,KAChB,CAAA;AACD,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,QAAA,EAAU;AAAA,MAChC,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAoC;AAAA,MAC/D,IAAA,EAAM,KAAK,QAAA;AAAS,KACrB,CAAA;AACD,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,IAAA,EAAK,CAAE,KAAA,CAAM,OAAO,EAAE,KAAA,EAAO,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,IAAG,CAAE,CAAA;AAC1E,MAAA,MAAM,IAAI,KAAA,CAAO,GAAA,CAA+B,iBAAA,IAAsB,GAAA,CAA+B,SAAS,uBAAuB,CAAA;AAAA,IACvI;AACA,IAAA,MAAM,MAAA,GAAU,MAAM,GAAA,CAAI,IAAA,EAAK;AAC/B,IAAA,IAAA,CAAK,YAAY,MAAM,CAAA;AACvB,IAAA,OAAO,WAAW,MAAM,CAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,kBAAkB,MAAA,EAKF;AACpB,IAAA,MAAM,SAAA,GAAY,CAAC,MAAA,CAAO,KAAA,EAAO,CAAA,EAAG,OAAO,WAAW,CAAA,EAAG,MAAA,CAAO,KAAK,CAAA,CAAE,CAAA;AACvE,IAAA,IAAI,SAAA,GAAY,EAAA;AAChB,IAAA,KAAA,MAAW,YAAY,SAAA,EAAW;AAChC,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,oBAAA,CAAqB;AAAA,QAC7C,QAAA;AAAA,QACA,UAAU,MAAA,CAAO,IAAA;AAAA,QACjB,aAAa,MAAA,CAAO;AAAA,OACrB,CAAA;AACD,MAAA,IAAI,MAAA,CAAO,EAAA,IAAM,MAAA,CAAO,IAAA,EAAM;AAC5B,QAAA,OAAO,IAAA,CAAK,oBAAA,CAAqB,MAAA,CAAO,IAAA,EAAM,OAAO,WAAW,CAAA;AAAA,MAClE;AACA,MAAA,SAAA,GAAY,OAAO,KAAA,IAAS,SAAA;AAAA,IAC9B;AACA,IAAA,MAAM,IAAI,KAAA,CAAM,SAAA,IAAa,wBAAwB,CAAA;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,MAAA,GAAwB;AAC5B,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,gBAAgB,CAAA;AACnD,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,CAAM,GAAG,IAAA,CAAK,MAAA,CAAO,UAAU,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAC,CAAA,aAAA,CAAA,EAAiB;AAAA,QACvE,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,QAAQ,EAAE,aAAA,EAAe,UAAU,KAAK,CAAA,CAAA,KAAO;AAAC,OAC1D,CAAA;AAAA,IACH,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,IAAA,CAAK,WAAA,EAAY;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,iBAAA,CAAkB,QAAA,EAAkB,KAAA,GAAQ,sBAAA,EAAyC;AACzF,IAAA,MAAM,EAAE,YAAA,EAAc,aAAA,EAAc,GAAI,MAAM,qBAAA,EAAsB;AACpE,IAAA,MAAM,QAAQ,aAAA,EAAc;AAC5B,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,SAAA,EAAW,KAAK,CAAA;AACrC,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAA,EAAmB,YAAY,CAAA;AAEpD,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,SAAA,CAAU,sBAAsB,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,IAAA,CAAK,OAAO,QAAQ,CAAA;AACtD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAC5C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,IAAA,CAAK,OAAO,WAAW,CAAA;AAC5D,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AACnC,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AACnC,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,aAAa,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,MAAM,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,QAAQ,CAAA;AACzC,IAAA,OAAO,IAAI,QAAA,EAAS;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAA,GAAmC;AACvC,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,mBAAA,EAAoB;AAC7C,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AACnB,IAAA,MAAM,CAAA,GAAI,MAAM,IAAA,CAAK,WAAA,EAAY;AACjC,IAAA,OAAO;AAAA,MACL,GAAA,EAAM,EAAE,GAAA,IAAkB,EAAA;AAAA,MAC1B,OAAO,CAAA,CAAE,KAAA;AAAA,MACT,MAAM,CAAA,CAAE,IAAA;AAAA,MACR,WAAW,CAAA,CAAE,UAAA;AAAA,MACb,YAAY,CAAA,CAAE,WAAA;AAAA,MACd,aAAa,CAAA,CAAE,YAAA;AAAA,MACf,eAAe,CAAA,CAAE,cAAA;AAAA,MACjB,SAAS,CAAA,CAAE,OAAA;AAAA,MACX,OAAO,CAAA,CAAE;AAAA,KACX;AAAA,EACF;AACF,CAAA;AAgCO,SAAS,WAAW,CAAA,EAA4B;AACrD,EAAA,OAAO;AAAA,IACL,aAAa,CAAA,CAAE,YAAA;AAAA,IACf,cAAc,CAAA,CAAE,aAAA;AAAA,IAChB,SAAS,CAAA,CAAE,QAAA;AAAA,IACX,WAAW,CAAA,CAAE,UAAA;AAAA,IACb,WAAW,CAAA,CAAE,UAAA;AAAA,IACb,OAAO,CAAA,CAAE;AAAA,GACX;AACF;;;AC7zBA,IAAM,kBAAA,GAAqB,GAAA;AAEpB,IAAM,YAAN,MAAgB;AAAA,EACJ,OAAA;AAAA,EACA,QAAA;AAAA,EACA,YAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACT,cAAA,GAAoE,IAAA;AAAA,EAE5E,YAAY,MAAA,EAAmB;AAC7B,IAAA,IAAA,CAAK,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAClD,IAAA,IAAA,CAAK,WAAW,MAAA,CAAO,QAAA;AACvB,IAAA,IAAA,CAAK,eAAe,MAAA,CAAO,YAAA;AAC3B,IAAA,IAAA,CAAK,UAAU,MAAA,CAAO,OAAA;AACtB,IAAA,IAAA,CAAK,UAAU,MAAA,CAAO,OAAA;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,OAAA,CACZ,IAAA,EACA,IAAA,EAOY;AACZ,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,EAAM,KAAK,OAAO,CAAA;AACtC,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,IAAA,CAAK,MAAM,CAAA,EAAG;AAChD,QAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,CAAC,CAAA;AAAA,MAC3B;AAAA,IACF;AAEA,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,KAAA,GAAQ,UAAA;AAAA,MACZ,MAAM,WAAW,KAAA,EAAM;AAAA,MACvB,MAAM,SAAA,IAAa;AAAA,KACrB;AAEA,IAAA,MAAM,OAAA,GAAkC;AAAA,MACtC,MAAA,EAAQ;AAAA,KACV;AACA,IAAA,IAAI,MAAM,KAAA,EAAO;AACf,MAAA,OAAA,CAAQ,aAAA,GAAgB,CAAA,OAAA,EAAU,IAAA,CAAK,KAAK,CAAA,CAAA;AAAA,IAC9C;AACA,IAAA,IAAI,MAAM,IAAA,EAAM;AACd,MAAA,OAAA,CAAQ,cAAc,CAAA,GAAI,kBAAA;AAAA,IAC5B;AAGA,IAAA,IAAI,IAAA,CAAK,YAAA,IAAgB,CAAC,IAAA,EAAM,KAAA,EAAO;AACrC,MAAA,MAAM,cAAc,CAAA,EAAG,IAAA,CAAK,QAAQ,CAAA,CAAA,EAAI,KAAK,YAAY,CAAA,CAAA;AACzD,MAAA,MAAM,KAAA,GACJ,OAAO,MAAA,KAAW,WAAA,GACd,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAA,GAC1C,IAAA,CAAK,WAAW,CAAA;AACtB,MAAA,OAAA,CAAQ,aAAA,GAAgB,SAAS,KAAK,CAAA,CAAA;AAAA,IACxC;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,CAAI,UAAS,EAAG;AAAA,QACtC,MAAA,EAAQ,MAAM,MAAA,IAAU,KAAA;AAAA,QACxB,OAAA;AAAA,QACA,MAAM,IAAA,EAAM,IAAA,GAAO,KAAK,SAAA,CAAU,IAAA,CAAK,IAAI,CAAA,GAAI,KAAA,CAAA;AAAA,QAC/C,QAAQ,UAAA,CAAW;AAAA,OACpB,CAAA;AAED,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,QAAA,MAAM,IAAI,WAAA,CAAY,GAAA,CAAI,MAAA,EAAQ,CAAA,EAAG,GAAA,CAAI,UAAU,CAAA,EAAA,EAAK,IAAI,CAAA,CAAA,CAAG,IAAA,EAAM,CAAA;AAAA,MACvE;AAEA,MAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,IACzB,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAA,GAAuC;AAC3C,IAAA,MAAM,YAAA,GAAe,IAAI,EAAA,GAAK,GAAA;AAC9B,IAAA,IAAI,IAAA,CAAK,kBAAkB,IAAA,CAAK,GAAA,KAAQ,IAAA,CAAK,cAAA,CAAe,YAAY,YAAA,EAAc;AACpF,MAAA,OAAO,KAAK,cAAA,CAAe,IAAA;AAAA,IAC7B;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,OAAA;AAAA,MACtB;AAAA,KACF;AACA,IAAA,IAAA,CAAK,iBAAiB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,CAAK,KAAI,EAAE;AACpD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,UAAA,GAA8B;AAClC,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,OAAO,SAAA,CAAU,QAAA;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,oBAAoB,MAAA,EAMN;AAClB,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,SAAA,CAAU,sBAAsB,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,IAAA,CAAK,QAAQ,CAAA;AAC/C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAC5C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,MAAA,CAAO,WAAW,CAAA;AACvD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,MAAA,CAAO,KAAK,CAAA;AAC1C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,MAAA,CAAO,SAAS,sBAAsB,CAAA;AACpE,IAAA,IAAI,OAAO,aAAA,EAAe;AACxB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,MAAA,CAAO,aAAa,CAAA;AAC3D,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,MAAA,CAAO,uBAAuB,MAAM,CAAA;AAAA,IACpF;AACA,IAAA,OAAO,IAAI,QAAA,EAAS;AAAA,EACtB;AAAA;AAAA,EAGA,MAAM,aAAa,MAAA,EAIQ;AACzB,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,oBAAA;AAAA,MACZ,WAAW,IAAA,CAAK,QAAA;AAAA,MAChB,MAAM,MAAA,CAAO,IAAA;AAAA,MACb,cAAc,MAAA,CAAO;AAAA,KACtB,CAAA;AACD,IAAA,IAAI,KAAK,YAAA,EAAc;AACrB,MAAA,IAAA,CAAK,GAAA,CAAI,eAAA,EAAiB,IAAA,CAAK,YAAY,CAAA;AAAA,IAC7C;AACA,IAAA,IAAI,OAAO,YAAA,EAAc;AACvB,MAAA,IAAA,CAAK,GAAA,CAAI,eAAA,EAAiB,MAAA,CAAO,YAAY,CAAA;AAAA,IAC/C;AAEA,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,kBAAkB,CAAA;AACrE,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,SAAA,CAAU,cAAA,EAAgB;AAAA,QAChD,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAoC;AAAA,QAC/D,IAAA,EAAM,KAAK,QAAA,EAAS;AAAA,QACpB,QAAQ,UAAA,CAAW;AAAA,OACpB,CAAA;AACD,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,QAAA,MAAM,IAAI,WAAA,CAAY,GAAA,CAAI,MAAA,EAAQ,CAAA,uBAAA,EAA0B,IAAI,CAAA,CAAE,CAAA;AAAA,MACpE;AACA,MAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,IACzB,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,cAAc,MAAA,EAIO;AACzB,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,UAAA;AAAA,MACZ,WAAW,IAAA,CAAK,QAAA;AAAA,MAChB,UAAU,MAAA,CAAO,QAAA;AAAA,MACjB,UAAU,MAAA,CAAO,QAAA;AAAA,MACjB,KAAA,EAAO,OAAO,KAAA,IAAS;AAAA,KACxB,CAAA;AACD,IAAA,IAAI,KAAK,YAAA,EAAc;AACrB,MAAA,IAAA,CAAK,GAAA,CAAI,eAAA,EAAiB,IAAA,CAAK,YAAY,CAAA;AAAA,IAC7C;AAEA,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,kBAAkB,CAAA;AACrE,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,SAAA,CAAU,cAAA,EAAgB;AAAA,QAChD,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAoC;AAAA,QAC/D,IAAA,EAAM,KAAK,QAAA,EAAS;AAAA,QACpB,QAAQ,UAAA,CAAW;AAAA,OACpB,CAAA;AACD,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,QAAA,MAAM,IAAI,WAAA,CAAY,GAAA,CAAI,MAAA,EAAQ,CAAA,uBAAA,EAA0B,IAAI,CAAA,CAAE,CAAA;AAAA,MACpE;AACA,MAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,IACzB,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,aAAa,YAAA,EAA8C;AAC/D,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,eAAA;AAAA,MACZ,WAAW,IAAA,CAAK,QAAA;AAAA,MAChB,aAAA,EAAe;AAAA,KAChB,CAAA;AACD,IAAA,IAAI,KAAK,YAAA,EAAc;AACrB,MAAA,IAAA,CAAK,GAAA,CAAI,eAAA,EAAiB,IAAA,CAAK,YAAY,CAAA;AAAA,IAC7C;AAEA,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,kBAAkB,CAAA;AACrE,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,SAAA,CAAU,cAAA,EAAgB;AAAA,QAChD,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAoC;AAAA,QAC/D,IAAA,EAAM,KAAK,QAAA,EAAS;AAAA,QACpB,QAAQ,UAAA,CAAW;AAAA,OACpB,CAAA;AACD,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,OAAO,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC5C,QAAA,MAAM,IAAI,WAAA,CAAY,GAAA,CAAI,MAAA,EAAQ,CAAA,sBAAA,EAAyB,IAAI,CAAA,CAAE,CAAA;AAAA,MACnE;AACA,MAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,IACzB,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,YAAY,WAAA,EAAuC;AACvD,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,kBAAkB,CAAA;AACrE,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,SAAA,CAAU,iBAAA,EAAmB;AAAA,QACnD,OAAA,EAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,WAAW,CAAA,CAAA,EAAG;AAAA,QAClD,QAAQ,UAAA,CAAW;AAAA,OACpB,CAAA;AACD,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,IAAI,WAAA,CAAY,GAAA,CAAI,MAAA,EAAQ,0BAA0B,CAAA;AAAA,MAC9D;AACA,MAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,IACzB,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,OAAA,CAAQ,MAAA,EAAgB,KAAA,EAAyC;AACrE,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,OAAA,CAAiC,eAAA,EAAiB;AAAA,MACxE,MAAA,EAAQ,EAAE,EAAA,EAAI,MAAA,EAAO;AAAA,MACrB;AAAA,KACD,CAAA;AACD,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,iBAAiB,KAAA,EAA4C;AACjE,IAAA,MAAM,KAAA,GAAQ,KAAK,OAAA,IAAW,OAAA;AAC9B,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,OAAA;AAAA,MACtB,wBAAA;AAAA,MACA,EAAE,MAAA,EAAQ,EAAE,KAAA,IAAS,KAAA;AAAM,KAC7B;AACA,IAAA,OAAO,IAAA,CAAK,QAAQ,EAAC;AAAA,EACvB;AAAA;AAAA,EAGA,MAAM,eAAA,CACJ,EAAA,EACA,KAAA,EACiC;AACjC,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,OAAA;AAAA,MACtB,uBAAA;AAAA,MACA,EAAE,MAAA,EAAQ,EAAE,EAAA,IAAM,KAAA;AAAM,KAC1B;AACA,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA,EAGA,MAAM,oBAAA,CACJ,MAAA,EACA,KAAA,EAC4B;AAG5B,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,OAAA,CAAQ,QAAQ,KAAK,CAAA;AAC7C,IAAA,IAAI,CAAC,IAAA,EAAM,OAAO,EAAC;AAEnB,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,eAAA;AAAA,MACrB,CAAA,MAAA,EAAS,KAAK,KAAK,CAAA,CAAA;AAAA,MACnB;AAAA,KACF;AACA,IAAA,OAAO,GAAA,GAAM,CAAC,GAAG,CAAA,GAAI,EAAC;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,YAAY,KAAA,EAAuC;AACvD,IAAA,MAAM,KAAA,GAAQ,KAAK,OAAA,IAAW,OAAA;AAC9B,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,OAAA;AAAA,MACtB,mBAAA;AAAA,MACA,EAAE,MAAA,EAAQ,EAAE,KAAA,IAAS,KAAA;AAAM,KAC7B;AACA,IAAA,OAAO,IAAA,CAAK,QAAQ,EAAC;AAAA,EACvB;AAAA;AAAA,EAGA,MAAM,UAAA,CAAW,EAAA,EAAY,KAAA,EAA4C;AACvE,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,OAAA;AAAA,MACtB,kBAAA;AAAA,MACA,EAAE,MAAA,EAAQ,EAAE,EAAA,IAAM,KAAA;AAAM,KAC1B;AACA,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA,EAGA,MAAM,uBAAA,CACJ,YAAA,EACA,KAAA,EACuB;AACvB,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,OAAA;AAAA,MACtB,gCAAA;AAAA,MACA,EAAE,MAAA,EAAQ,EAAE,YAAA,IAAgB,KAAA;AAAM,KACpC;AACA,IAAA,OAAO,IAAA,CAAK,QAAQ,EAAC;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,UAAA,CACJ,IAAA,EACA,IAAA,EACY;AACZ,IAAA,OAAO,IAAA,CAAK,OAAA,CAAW,IAAA,EAAM,IAAI,CAAA;AAAA,EACnC;AACF,CAAA;AAMO,IAAM,WAAA,GAAN,cAA0B,KAAA,CAAM;AAAA,EAC5B,MAAA;AAAA,EAET,WAAA,CAAY,QAAgB,OAAA,EAAiB;AAC3C,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF,CAAA;;;ACpRA,IAAM,UAAA,GAAa,cAAsC,IAAI;AAC7D,UAAA,CAAW,WAAA,GAAc,iBAAA;AAGzB,IAAM,eAAA,GAAkB,uBAAA;AACxB,IAAM,mBAAA,GAAsB,2BAAA;AAC5B,IAAM,mBAAA,GAAsB,sBAAA;AAYrB,SAAS,YAAY,KAAA,EAAyB;AACnD,EAAA,MAAM,EAAE,MAAA,EAAQ,QAAA,GAAW,IAAA,EAAM,YAAA,EAAc,UAAS,GAAI,KAAA;AAE5D,EAAA,MAAM,GAAA,GAAM,OAAA;AAAA,IACV,MAAM,IAAI,GAAA,CAAI,MAAM,CAAA;AAAA;AAAA,IAEpB,CAAC,MAAA,CAAO,SAAA,EAAW,MAAA,CAAO,QAAA,EAAU,OAAO,WAAW;AAAA,GACxD;AAEA,EAAA,MAAM,CAAC,IAAA,EAAM,OAAO,CAAA,GAAI,SAAyB,IAAI,CAAA;AACrD,EAAA,MAAM,CAAC,eAAA,EAAiB,kBAAkB,CAAA,GAAI,SAAS,KAAK,CAAA;AAC5D,EAAA,MAAM,CAAC,SAAA,EAAW,YAAY,CAAA,GAAI,SAAS,QAAQ,CAAA;AACnD,EAAA,MAAM,CAAC,WAAA,EAAa,cAAc,CAAA,GAAI,QAAA;AAAA,IACpC,IAAI,cAAA;AAAe,GACrB;AACA,EAAA,MAAM,CAAC,KAAA,EAAO,QAAQ,CAAA,GAAI,SAAuB,IAAI,CAAA;AACrD,EAAA,MAAM,eAAA,GAAkB,OAA6C,IAAI,CAAA;AAGzE,EAAA,MAAM,eAAA,GAAkB,YAAY,MAAM;AACxC,IAAA,IAAI,eAAA,CAAgB,OAAA,EAAS,YAAA,CAAa,eAAA,CAAgB,OAAO,CAAA;AACjE,IAAA,IAAI,GAAA,CAAI,gBAAe,EAAG;AAE1B,IAAA,MAAM,OAAA,GAAU,OAAO,OAAA,IAAW,cAAA;AAClC,IAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,OAAA,CAAQ,mBAAmB,CAAA;AACxD,IAAA,IAAI,CAAC,YAAA,EAAc;AAEnB,IAAA,MAAM,iBAAiB,MAAA,CAAO,YAAY,CAAA,GAAI,IAAA,CAAK,KAAI,GAAI,GAAA;AAC3D,IAAA,IAAI,kBAAkB,CAAA,EAAG;AACvB,MAAA,GAAA,CACG,kBAAA,EAAmB,CACnB,IAAA,CAAK,CAAC,MAAA,KAAW;AAChB,QAAA,cAAA,CAAe,OAAO,WAAW,CAAA;AACjC,QAAA,eAAA,EAAgB;AAAA,MAClB,CAAC,CAAA,CACA,KAAA,CAAM,MAAM;AACX,QAAA,kBAAA,CAAmB,KAAK,CAAA;AACxB,QAAA,OAAA,CAAQ,IAAI,CAAA;AACZ,QAAA,cAAA,CAAe,IAAI,CAAA;AAAA,MACrB,CAAC,CAAA;AACH,MAAA;AAAA,IACF;AAEA,IAAA,eAAA,CAAgB,OAAA,GAAU,WAAW,YAAY;AAC/C,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,kBAAA,EAAmB;AAC5C,QAAA,cAAA,CAAe,OAAO,WAAW,CAAA;AACjC,QAAA,eAAA,EAAgB;AAAA,MAClB,CAAA,CAAA,MAAQ;AACN,QAAA,kBAAA,CAAmB,KAAK,CAAA;AACxB,QAAA,OAAA,CAAQ,IAAI,CAAA;AACZ,QAAA,cAAA,CAAe,IAAI,CAAA;AAAA,MACrB;AAAA,IACF,GAAG,cAAc,CAAA;AAAA,EACnB,CAAA,EAAG,CAAC,GAAA,EAAK,MAAA,CAAO,OAAO,CAAC,CAAA;AAGxB,EAAA,SAAA,CAAU,MAAM;AACd,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,YAAA,CAAa,KAAK,CAAA;AAClB,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,SAAA,GAAY,KAAA;AAEhB,IAAA,MAAM,OAAO,YAAY;AACvB,MAAA,IAAI;AACF,QAAA,MAAM,KAAA,GAAQ,MAAM,GAAA,CAAI,mBAAA,EAAoB;AAC5C,QAAA,IAAI,SAAA,EAAW;AACf,QAAA,IAAI,KAAA,EAAO;AACT,UAAA,cAAA,CAAe,KAAK,CAAA;AACpB,UAAA,kBAAA,CAAmB,IAAI,CAAA;AACvB,UAAA,IAAI;AACF,YAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,WAAA,EAAY;AACnC,YAAA,IAAI,CAAC,SAAA,EAAW,OAAA,CAAQ,IAA0B,CAAA;AAAA,UACpD,CAAA,CAAA,MAAQ;AAAA,UAER;AACA,UAAA,eAAA,EAAgB;AAChB,UAAA,YAAA,GAAe,IAAI,CAAA;AAAA,QACrB,CAAA,MAAO;AACL,UAAA,YAAA,GAAe,KAAK,CAAA;AAAA,QACtB;AAAA,MACF,SAAS,GAAA,EAAK;AACZ,QAAA,IAAI,CAAC,SAAA,EAAW;AACd,UAAA,QAAA,CAAS,GAAA,YAAe,QAAQ,GAAA,GAAM,IAAI,MAAM,MAAA,CAAO,GAAG,CAAC,CAAC,CAAA;AAC5D,UAAA,YAAA,GAAe,KAAK,CAAA;AAAA,QACtB;AAAA,MACF,CAAA,SAAE;AACA,QAAA,IAAI,CAAC,SAAA,EAAW,YAAA,CAAa,KAAK,CAAA;AAAA,MACpC;AAAA,IACF,CAAA;AAEA,IAAA,IAAA,EAAK;AACL,IAAA,OAAO,MAAM;AACX,MAAA,SAAA,GAAY,IAAA;AAAA,IACd,CAAA;AAAA,EAEF,CAAA,EAAG,CAAC,GAAA,EAAK,QAAQ,CAAC,CAAA;AAGlB,EAAA,SAAA,CAAU,MAAM;AACd,IAAA,OAAO,MAAM;AACX,MAAA,IAAI,eAAA,CAAgB,OAAA,EAAS,YAAA,CAAa,eAAA,CAAgB,OAAO,CAAA;AAAA,IACnE,CAAA;AAAA,EACF,CAAA,EAAG,EAAE,CAAA;AAGL,EAAA,MAAM,YAAA,GAAe,WAAA;AAAA,IACnB,OAAO,MAAA,KAAqB;AAC1B,MAAA,cAAA,CAAe,OAAO,WAAW,CAAA;AACjC,MAAA,kBAAA,CAAmB,IAAI,CAAA;AACvB,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,WAAA,EAAY;AACnC,QAAA,OAAA,CAAQ,IAA0B,CAAA;AAAA,MACpC,CAAA,CAAA,MAAQ;AAAA,MAER;AACA,MAAA,eAAA,EAAgB;AAChB,MAAA,YAAA,GAAe,IAAI,CAAA;AAAA,IACrB,CAAA;AAAA,IACA,CAAC,GAAA,EAAK,eAAA,EAAiB,YAAY;AAAA,GACrC;AAEA,EAAA,MAAM,KAAA,GAAQ,WAAA;AAAA,IACZ,OAAO,MAAA,KAA2D;AAChE,MAAA,QAAA,CAAS,IAAI,CAAA;AACb,MAAA,MAAM,GAAA,CAAI,eAAe,MAAM,CAAA;AAAA,IACjC,CAAA;AAAA,IACA,CAAC,GAAG;AAAA,GACN;AAEA,EAAA,MAAM,UAAA,GAAa,WAAA;AAAA,IACjB,OAAO,MAAA,KAAiD;AACtD,MAAA,QAAA,CAAS,IAAI,CAAA;AACb,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,WAAA,CAAY,MAAM,CAAA;AAC3C,QAAA,MAAM,aAAa,MAAM,CAAA;AAAA,MAC3B,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,CAAA,GAAI,eAAe,KAAA,GAAQ,GAAA,GAAM,IAAI,KAAA,CAAM,MAAA,CAAO,GAAG,CAAC,CAAA;AAC5D,QAAA,QAAA,CAAS,CAAC,CAAA;AACV,QAAA,MAAM,CAAA;AAAA,MACR;AAAA,IACF,CAAA;AAAA,IACA,CAAC,KAAK,YAAY;AAAA,GACpB;AAEA,EAAA,MAAM,cAAA,GAAiB,WAAA;AAAA,IACrB,OAAO,WAAA,KAAyB;AAC9B,MAAA,QAAA,CAAS,IAAI,CAAA;AACb,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,cAAA,CAAe,WAAW,CAAA;AACnD,QAAA,MAAM,aAAa,MAAM,CAAA;AACzB,QAAA,OAAO,MAAA;AAAA,MACT,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,CAAA,GAAI,eAAe,KAAA,GAAQ,GAAA,GAAM,IAAI,KAAA,CAAM,MAAA,CAAO,GAAG,CAAC,CAAA;AAC5D,QAAA,QAAA,CAAS,CAAC,CAAA;AACV,QAAA,MAAM,CAAA;AAAA,MACR;AAAA,IACF,CAAA;AAAA,IACA,CAAC,KAAK,YAAY;AAAA,GACpB;AAEA,EAAA,MAAM,MAAA,GAAS,YAAY,MAAM;AAC/B,IAAA,GAAA,CAAI,WAAA,EAAY;AAChB,IAAA,OAAA,CAAQ,IAAI,CAAA;AACZ,IAAA,kBAAA,CAAmB,KAAK,CAAA;AACxB,IAAA,cAAA,CAAe,IAAI,CAAA;AACnB,IAAA,QAAA,CAAS,IAAI,CAAA;AACb,IAAA,IAAI,eAAA,CAAgB,OAAA,EAAS,YAAA,CAAa,eAAA,CAAgB,OAAO,CAAA;AACjE,IAAA,IAAI;AACF,MAAA,YAAA,CAAa,WAAW,eAAe,CAAA;AACvC,MAAA,YAAA,CAAa,WAAW,mBAAmB,CAAA;AAAA,IAC7C,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,YAAA,GAAe,KAAK,CAAA;AAAA,EACtB,CAAA,EAAG,CAAC,GAAA,EAAK,YAAY,CAAC,CAAA;AAEtB,EAAA,MAAM,KAAA,GAAQ,OAAA;AAAA,IACZ,OAAO;AAAA,MACL,GAAA;AAAA,MACA,MAAA;AAAA,MACA,IAAA;AAAA,MACA,eAAA;AAAA,MACA,SAAA;AAAA,MACA,WAAA;AAAA,MACA,KAAA;AAAA,MACA,UAAA;AAAA,MACA,cAAA;AAAA,MACA,MAAA;AAAA,MACA;AAAA,KACF,CAAA;AAAA,IACA;AAAA,MACE,GAAA;AAAA,MACA,MAAA;AAAA,MACA,IAAA;AAAA,MACA,eAAA;AAAA,MACA,SAAA;AAAA,MACA,WAAA;AAAA,MACA,KAAA;AAAA,MACA,UAAA;AAAA,MACA,cAAA;AAAA,MACA,MAAA;AAAA,MACA;AAAA;AACF,GACF;AAEA,EAAA,OAAO,cAAc,UAAA,CAAW,QAAA,EAAU,EAAE,KAAA,IAAS,QAAQ,CAAA;AAC/D;AAUO,SAAS,MAAA,GAA0B;AACxC,EAAA,MAAM,GAAA,GAAM,WAAW,UAAU,CAAA;AACjC,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AACA,EAAA,OAAO,GAAA;AACT;AAaO,SAAS,gBAAA,GAA6B;AAC3C,EAAA,MAAM,EAAE,MAAA,EAAQ,eAAA,EAAiB,WAAA,KAAgB,MAAA,EAAO;AACxD,EAAA,MAAM,CAAC,aAAA,EAAe,gBAAgB,CAAA,GAAI,QAAA,CAA4B,EAAE,CAAA;AACxE,EAAA,MAAM,CAAC,QAAA,EAAU,WAAW,CAAA,GAAI,QAAA,CAAuB,EAAE,CAAA;AACzD,EAAA,MAAM,CAAC,SAAA,EAAW,YAAY,CAAA,GAAI,SAAS,KAAK,CAAA;AAEhD,EAAA,MAAM,CAAC,YAAA,EAAc,eAAe,CAAA,GAAI,SAAwB,MAAM;AACpE,IAAA,IAAI;AACF,MAAA,OAAO,YAAA,CAAa,QAAQ,eAAe,CAAA;AAAA,IAC7C,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAM,CAAC,gBAAA,EAAkB,mBAAmB,CAAA,GAAI,QAAA;AAAA,IAC9C,MAAM;AACJ,MAAA,IAAI;AACF,QAAA,OAAO,YAAA,CAAa,QAAQ,mBAAmB,CAAA;AAAA,MACjD,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAAA,GACF;AAGA,EAAA,SAAA,CAAU,MAAM;AACd,IAAA,IAAI,CAAC,eAAA,IAAmB,CAAC,WAAA,EAAa;AACpC,MAAA,gBAAA,CAAiB,EAAE,CAAA;AACnB,MAAA,WAAA,CAAY,EAAE,CAAA;AACd,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,SAAA,GAAY,KAAA;AAEhB,IAAA,MAAM,YAAY,YAAY;AAC5B,MAAA,YAAA,CAAa,IAAI,CAAA;AAGjB,MAAA,IAAI;AACF,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,WAAA,CAAY,MAAM,GAAG,CAAA,CAAE,CAAC,CAAC,CAAC,CAAA;AAC1D,QAAA,MAAM,MAAM,OAAA,CAAQ,GAAA;AACpB,QAAA,IAAI,GAAA,EAAK,QAAA,CAAS,GAAG,CAAA,EAAG;AACtB,UAAA,MAAM,UAAA,GAAa,GAAA,CAAI,KAAA,CAAM,GAAG,EAAE,CAAC,CAAA;AACnC,UAAA,IAAI,CAAC,SAAA,EAAW;AACd,YAAA,MAAM,YAAA,GAAgC;AAAA,cACpC,KAAA,EAAO,OAAA;AAAA,cACP,IAAA,EAAM,UAAA;AAAA,cACN,WAAA,EAAa;AAAA,aACf;AACA,YAAA,gBAAA,CAAiB,CAAC,YAAY,CAAC,CAAA;AAC/B,YAAA,IAAI,CAAC,YAAA,EAAc;AACjB,cAAA,eAAA,CAAgB,UAAU,CAAA;AAC1B,cAAA,IAAI;AACF,gBAAA,YAAA,CAAa,OAAA,CAAQ,iBAAiB,UAAU,CAAA;AAAA,cAClD,CAAA,CAAA,MAAQ;AAAA,cAER;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF,CAAA,CAAA,MAAQ;AAAA,MAER;AAGA,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAI,SAAA,CAAU;AAAA,UAC3B,WAAW,MAAA,CAAO,SAAA;AAAA,UAClB,UAAU,MAAA,CAAO;AAAA,SAClB,CAAA;AACD,QAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,gBAAA,CAAiB,WAAW,CAAA;AACtD,QAAA,IAAI,CAAC,SAAA,IAAa,IAAA,CAAK,MAAA,GAAS,CAAA,EAAG;AACjC,UAAA,gBAAA,CAAiB,IAAI,CAAA;AACrB,UAAA,IAAI,CAAC,YAAA,IAAgB,IAAA,CAAK,MAAA,GAAS,CAAA,EAAG;AACpC,YAAA,MAAM,QAAA,GAAW,IAAA,CAAK,CAAC,CAAA,CAAE,IAAA;AACzB,YAAA,eAAA,CAAgB,QAAQ,CAAA;AACxB,YAAA,IAAI;AACF,cAAA,YAAA,CAAa,OAAA,CAAQ,iBAAiB,QAAQ,CAAA;AAAA,YAChD,CAAA,CAAA,MAAQ;AAAA,YAER;AAAA,UACF;AAAA,QACF;AAAA,MACF,CAAA,CAAA,MAAQ;AAAA,MAER,CAAA,SAAE;AACA,QAAA,IAAI,CAAC,SAAA,EAAW,YAAA,CAAa,KAAK,CAAA;AAAA,MACpC;AAAA,IACF,CAAA;AAEA,IAAA,SAAA,EAAU;AACV,IAAA,OAAO,MAAM;AACX,MAAA,SAAA,GAAY,IAAA;AAAA,IACd,CAAA;AAAA,EAEF,CAAA,EAAG,CAAC,eAAA,EAAiB,WAAA,EAAa,OAAO,SAAA,EAAW,MAAA,CAAO,QAAQ,CAAC,CAAA;AAGpE,EAAA,SAAA,CAAU,MAAM;AACd,IAAA,IAAI,CAAC,eAAA,IAAmB,CAAC,WAAA,IAAe,CAAC,YAAA,EAAc;AACrD,MAAA,WAAA,CAAY,EAAE,CAAA;AACd,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,SAAA,GAAY,KAAA;AAEhB,IAAA,MAAM,gBAAgB,YAAY;AAChC,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAI,SAAA,CAAU;AAAA,UAC3B,WAAW,MAAA,CAAO,SAAA;AAAA,UAClB,UAAU,MAAA,CAAO;AAAA,SAClB,CAAA;AACD,QAAA,MAAM,WAAA,GAAc,MAAM,MAAA,CAAO,uBAAA;AAAA,UAC/B,YAAA;AAAA,UACA;AAAA,SACF;AACA,QAAA,IAAI,CAAC,SAAA,EAAW;AACd,UAAA,WAAA,CAAY,WAAW,CAAA;AAEvB,UAAA,IAAI,CAAC,gBAAA,IAAoB,WAAA,CAAY,MAAA,GAAS,CAAA,EAAG;AAC/C,YAAA,MAAM,cAAA,GACJ,YAAY,IAAA,CAAK,CAAC,MAAM,CAAA,CAAE,SAAS,CAAA,IAAK,WAAA,CAAY,CAAC,CAAA;AACvD,YAAA,mBAAA,CAAoB,eAAe,IAAI,CAAA;AACvC,YAAA,IAAI;AACF,cAAA,YAAA,CAAa,OAAA,CAAQ,mBAAA,EAAqB,cAAA,CAAe,IAAI,CAAA;AAAA,YAC/D,CAAA,CAAA,MAAQ;AAAA,YAER;AAAA,UACF;AAAA,QACF;AAAA,MACF,CAAA,CAAA,MAAQ;AAEN,QAAA,IAAI,CAAC,SAAA,EAAW,WAAA,CAAY,EAAE,CAAA;AAAA,MAChC;AAAA,IACF,CAAA;AAEA,IAAA,aAAA,EAAc;AACd,IAAA,OAAO,MAAM;AACX,MAAA,SAAA,GAAY,IAAA;AAAA,IACd,CAAA;AAAA,EAEF,CAAA,EAAG,CAAC,eAAA,EAAiB,WAAA,EAAa,cAAc,MAAA,CAAO,SAAA,EAAW,MAAA,CAAO,QAAQ,CAAC,CAAA;AAElF,EAAA,MAAM,UAAA,GAAa,OAAA;AAAA,IACjB,MAAM,cAAc,IAAA,CAAK,CAAC,MAAM,CAAA,CAAE,IAAA,KAAS,YAAY,CAAA,IAAK,IAAA;AAAA,IAC5D,CAAC,eAAe,YAAY;AAAA,GAC9B;AAEA,EAAA,MAAM,cAAA,GAAiB,OAAA;AAAA,IACrB,MAAM,SAAS,IAAA,CAAK,CAAC,MAAM,CAAA,CAAE,IAAA,KAAS,gBAAgB,CAAA,IAAK,IAAA;AAAA,IAC3D,CAAC,UAAU,gBAAgB;AAAA,GAC7B;AAEA,EAAA,MAAM,SAAA,GAAY,WAAA,CAAY,CAAC,KAAA,KAAkB;AAC/C,IAAA,eAAA,CAAgB,KAAK,CAAA;AACrB,IAAA,mBAAA,CAAoB,IAAI,CAAA;AACxB,IAAA,WAAA,CAAY,EAAE,CAAA;AACd,IAAA,IAAI;AACF,MAAA,YAAA,CAAa,OAAA,CAAQ,iBAAiB,KAAK,CAAA;AAC3C,MAAA,YAAA,CAAa,WAAW,mBAAmB,CAAA;AAAA,IAC7C,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF,CAAA,EAAG,EAAE,CAAA;AAEL,EAAA,MAAM,aAAA,GAAgB,WAAA,CAAY,CAAC,SAAA,KAA6B;AAC9D,IAAA,mBAAA,CAAoB,SAAS,CAAA;AAC7B,IAAA,IAAI;AACF,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,YAAA,CAAa,OAAA,CAAQ,qBAAqB,SAAS,CAAA;AAAA,MACrD,CAAA,MAAO;AACL,QAAA,YAAA,CAAa,WAAW,mBAAmB,CAAA;AAAA,MAC7C;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF,CAAA,EAAG,EAAE,CAAA;AAEL,EAAA,OAAO;AAAA,IACL,aAAA;AAAA,IACA,UAAA;AAAA,IACA,YAAA;AAAA,IACA,SAAA;AAAA,IACA,QAAA;AAAA,IACA,cAAA;AAAA,IACA,gBAAA;AAAA,IACA,aAAA;AAAA,IACA;AAAA,GACF;AACF;AAUO,SAAS,WAAA,GAId;AACA,EAAA,MAAM,EAAE,GAAA,EAAK,WAAA,EAAa,eAAA,KAAoB,MAAA,EAAO;AAErD,EAAA,MAAM,OAAA,GAAU,YAAY,YAAY;AACtC,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,IAAI,mBAAA,EAAoB;AAAA,IACvC,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF,CAAA,EAAG,CAAC,GAAG,CAAC,CAAA;AAER,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,WAAA;AAAA,IACP,SAAS,eAAA,IAAmB,CAAC,CAAC,WAAA,IAAe,CAAC,IAAI,cAAA,EAAe;AAAA,IACjE;AAAA,GACF;AACF;AAmCO,SAAS,kBAAA,CAAmB;AAAA,EACjC,aAAA;AAAA,EACA,YAAA;AAAA,EACA,SAAA;AAAA,EACA,WAAW,EAAC;AAAA,EACZ,gBAAA,GAAmB,IAAA;AAAA,EACnB,aAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA,SAAA,GAAY,EAAA;AAAA,EACZ,UAAA,GAAa;AACf,CAAA,EAA4B;AAC1B,EAAA,SAAA,CAAU,MAAM;AACd,IAAA,cAAA,GAAiB,YAAA,EAAc,oBAAoB,IAAI,CAAA;AAAA,EACzD,CAAA,EAAG,CAAC,YAAA,EAAc,gBAAA,EAAkB,cAAc,CAAC,CAAA;AAEnD,EAAA,MAAM,eAAA,GAAkB,WAAA;AAAA,IACtB,CAAC,CAAA,KAAqC,SAAA,CAAU,CAAA,CAAE,OAAO,KAAK,CAAA;AAAA,IAC9D,CAAC,SAAS;AAAA,GACZ;AAEA,EAAA,MAAM,mBAAA,GAAsB,WAAA;AAAA,IAC1B,CAAC,CAAA,KAAqC,aAAA,GAAgB,CAAA,CAAE,MAAA,CAAO,SAAS,IAAI,CAAA;AAAA,IAC5E,CAAC,aAAa;AAAA,GAChB;AAEA,EAAA,IAAI,CAAC,UAAA,IAAc,aAAA,CAAc,UAAU,CAAA,IAAK,QAAA,CAAS,UAAU,CAAA,EAAG;AACpE,IAAA,IAAI,aAAA,CAAc,WAAW,CAAA,EAAG;AAC9B,MAAA,MAAM,GAAA,GAAM,cAAc,CAAC,CAAA;AAC3B,MAAA,OAAO,aAAA;AAAA,QACL,KAAA;AAAA,QACA,EAAE,SAAA,EAAW,CAAA,gCAAA,EAAmC,SAAS,CAAA,CAAA,EAAG;AAAA,QAC5D,aAAA,CAAc,QAAQ,EAAE,SAAA,EAAW,eAAc,EAAG,GAAA,CAAI,WAAA,IAAe,GAAA,CAAI,IAAI,CAAA;AAAA,QAC/E,QAAA,CAAS,WAAW,CAAA,GAChB;AAAA,UACE,aAAA,CAAc,QAAQ,EAAE,SAAA,EAAW,yBAAyB,GAAA,EAAK,KAAA,IAAS,GAAG,CAAA;AAAA,UAC7E,aAAA,CAAc,MAAA,EAAQ,EAAE,GAAA,EAAK,MAAA,EAAO,EAAG,QAAA,CAAS,CAAC,CAAA,CAAE,WAAA,IAAe,QAAA,CAAS,CAAC,EAAE,IAAI;AAAA,SACpF,GACA,IAAA;AAAA,QACJ,WAAA,GACI,aAAA;AAAA,UACE,MAAA;AAAA,UACA,EAAE,WAAW,iEAAA,EAAkE;AAAA,UAC/E;AAAA,SACF,GACA;AAAA,OACN;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,aAAA;AAAA,IACL,KAAA;AAAA,IACA,EAAE,SAAA,EAAW,CAAA,wBAAA,EAA2B,SAAS,CAAA,CAAA,EAAG;AAAA,IACpD,aAAA;AAAA,MACE,QAAA;AAAA,MACA;AAAA,QACE,OAAO,YAAA,IAAgB,EAAA;AAAA,QACvB,QAAA,EAAU,eAAA;AAAA,QACV,SAAA,EACE,gIAAA;AAAA,QACF,YAAA,EAAc;AAAA,OAChB;AAAA,MACA,GAAG,aAAA,CAAc,GAAA;AAAA,QAAI,CAAC,GAAA,KACpB,aAAA,CAAc,QAAA,EAAU,EAAE,GAAA,EAAK,GAAA,CAAI,IAAA,EAAM,KAAA,EAAO,IAAI,IAAA,EAAK,EAAG,GAAA,CAAI,WAAA,IAAe,IAAI,IAAI;AAAA;AACzF,KACF;AAAA,IACA,QAAA,CAAS,MAAA,GAAS,CAAA,IAAK,aAAA,GACnB;AAAA,MACE,aAAA,CAAc,QAAQ,EAAE,SAAA,EAAW,yBAAyB,GAAA,EAAK,KAAA,IAAS,GAAG,CAAA;AAAA,MAC7E,aAAA;AAAA,QACE,QAAA;AAAA,QACA;AAAA,UACE,GAAA,EAAK,aAAA;AAAA,UACL,OAAO,gBAAA,IAAoB,EAAA;AAAA,UAC3B,QAAA,EAAU,mBAAA;AAAA,UACV,SAAA,EACE,gIAAA;AAAA,UACF,YAAA,EAAc;AAAA,SAChB;AAAA,QACA,GAAG,QAAA,CAAS,GAAA;AAAA,UAAI,CAAC,IAAA,KACf,aAAA,CAAc,QAAA,EAAU,EAAE,GAAA,EAAK,IAAA,CAAK,IAAA,EAAM,KAAA,EAAO,KAAK,IAAA,EAAK,EAAG,IAAA,CAAK,WAAA,IAAe,KAAK,IAAI;AAAA;AAC7F;AACF,KACF,GACA,IAAA;AAAA,IACJ,WAAA,GACI,aAAA;AAAA,MACE,MAAA;AAAA,MACA,EAAE,WAAW,iEAAA,EAAkE;AAAA,MAC/E;AAAA,KACF,GACA;AAAA,GACN;AACF","file":"react.js","sourcesContent":["/**\n * PKCE (Proof Key for Code Exchange) utilities for browser-side OAuth2 flows.\n *\n * PKCE utilities for OAuth2 flows, using native Web Crypto API.\n */\n\nfunction generateRandomString(length: number): string {\n const array = new Uint8Array(length);\n crypto.getRandomValues(array);\n return Array.from(array, (b) => b.toString(36).padStart(2, \"0\"))\n .join(\"\")\n .slice(0, length);\n}\n\nasync function sha256(plain: string): Promise<ArrayBuffer> {\n const encoder = new TextEncoder();\n return crypto.subtle.digest(\"SHA-256\", encoder.encode(plain));\n}\n\nfunction base64UrlEncode(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = \"\";\n for (const byte of bytes) {\n binary += String.fromCharCode(byte);\n }\n return btoa(binary).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\n\n/** Generate a PKCE code verifier + challenge pair. */\nexport async function generatePKCEChallenge(): Promise<{\n codeVerifier: string;\n codeChallenge: string;\n}> {\n const codeVerifier = generateRandomString(64);\n const hash = await sha256(codeVerifier);\n const codeChallenge = base64UrlEncode(hash);\n return { codeVerifier, codeChallenge };\n}\n\n/** Generate a random state parameter for CSRF protection. */\nexport function generateState(): string {\n return generateRandomString(32);\n}\n","/**\n * Browser-side OAuth2 flows for Hanzo IAM.\n *\n * Provides PKCE-based login redirect, code exchange, token refresh,\n * popup signin, and silent signin for single-page applications.\n *\n * Adapted and modernized for Hanzo IAM.\n */\n\nimport type { IamConfig, TokenResponse, OidcDiscovery } from \"./types.js\";\nimport { generatePKCEChallenge, generateState } from \"./pkce.js\";\n\n// ---------------------------------------------------------------------------\n// Storage keys\n// ---------------------------------------------------------------------------\n\nconst STORAGE_PREFIX = \"hanzo_iam_\";\nconst KEY_STATE = `${STORAGE_PREFIX}state`;\nconst KEY_CODE_VERIFIER = `${STORAGE_PREFIX}code_verifier`;\nconst KEY_ACCESS_TOKEN = `${STORAGE_PREFIX}access_token`;\nconst KEY_REFRESH_TOKEN = `${STORAGE_PREFIX}refresh_token`;\nconst KEY_ID_TOKEN = `${STORAGE_PREFIX}id_token`;\nconst KEY_EXPIRES_AT = `${STORAGE_PREFIX}expires_at`;\n\n// ---------------------------------------------------------------------------\n// Browser IAM SDK\n// ---------------------------------------------------------------------------\n\nexport type IAMConfig = IamConfig & {\n /** OAuth2 redirect URI (e.g. \"https://app.hanzo.bot/auth/callback\"). */\n redirectUri: string;\n /** OAuth2 scopes (default: \"openid profile email\"). */\n scope?: string;\n /** Storage to use for tokens (default: sessionStorage). */\n storage?: Storage;\n /**\n * Proxy base URL for token exchange and userinfo requests.\n * When set, token exchange POSTs go to `${proxyBaseUrl}/auth/token`\n * and userinfo GETs go to `${proxyBaseUrl}/auth/userinfo` instead of\n * directly to the IAM server. This avoids CORS issues when the IAM\n * server doesn't send Access-Control-Allow-Origin headers.\n */\n proxyBaseUrl?: string;\n};\n\nexport class IAM {\n private readonly config: IAMConfig;\n private readonly storage: Storage;\n private discoveryCache: OidcDiscovery | null = null;\n\n constructor(config: IAMConfig) {\n this.config = config;\n this.storage = config.storage ?? sessionStorage;\n }\n\n // -----------------------------------------------------------------------\n // OIDC Discovery\n // -----------------------------------------------------------------------\n\n private async getDiscovery(): Promise<OidcDiscovery> {\n if (this.discoveryCache) return this.discoveryCache;\n\n const baseUrl = this.config.serverUrl.replace(/\\/+$/, \"\");\n\n // Try fetching the OIDC discovery document. If it fails (e.g. due to\n // CORS when the IAM server doesn't send Access-Control-Allow-Origin),\n // construct a fallback from well-known Hanzo IAM endpoint paths.\n try {\n const res = await fetch(`${baseUrl}/.well-known/openid-configuration`, {\n headers: { Accept: \"application/json\" },\n });\n if (res.ok) {\n this.discoveryCache = (await res.json()) as OidcDiscovery;\n return this.discoveryCache;\n }\n } catch {\n // CORS or network error — fall through to constructed discovery\n }\n\n this.discoveryCache = {\n issuer: baseUrl,\n authorization_endpoint: `${baseUrl}/oauth/authorize`,\n token_endpoint: `${baseUrl}/oauth/token`,\n userinfo_endpoint: `${baseUrl}/oauth/userinfo`,\n jwks_uri: `${baseUrl}/.well-known/jwks`,\n response_types_supported: [\"code\", \"token\", \"id_token\"],\n grant_types_supported: [\"authorization_code\", \"implicit\", \"refresh_token\"],\n scopes_supported: [\"openid\", \"email\", \"profile\"],\n };\n return this.discoveryCache;\n }\n\n // -----------------------------------------------------------------------\n // Login redirect (PKCE)\n // -----------------------------------------------------------------------\n\n /**\n * Start the OAuth2 PKCE login flow by redirecting to the IAM authorize endpoint.\n *\n * Generates PKCE challenge and state, stores them in session storage,\n * then redirects the browser.\n */\n async signinRedirect(params?: { additionalParams?: Record<string, string> }): Promise<void> {\n const discovery = await this.getDiscovery();\n const { codeVerifier, codeChallenge } = await generatePKCEChallenge();\n const state = generateState();\n\n this.storage.setItem(KEY_STATE, state);\n this.storage.setItem(KEY_CODE_VERIFIER, codeVerifier);\n\n const url = new URL(discovery.authorization_endpoint);\n url.searchParams.set(\"client_id\", this.config.clientId);\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"redirect_uri\", this.config.redirectUri);\n url.searchParams.set(\"scope\", this.config.scope ?? \"openid profile email\");\n url.searchParams.set(\"state\", state);\n url.searchParams.set(\"code_challenge\", codeChallenge);\n url.searchParams.set(\"code_challenge_method\", \"S256\");\n\n if (params?.additionalParams) {\n for (const [k, v] of Object.entries(params.additionalParams)) {\n url.searchParams.set(k, v);\n }\n }\n\n window.location.href = url.toString();\n }\n\n // -----------------------------------------------------------------------\n // Callback handling\n // -----------------------------------------------------------------------\n\n /**\n * Handle the OAuth2 callback after redirect. Exchanges the authorization code\n * for tokens using PKCE.\n *\n * Call this on your callback page (e.g. /auth/callback).\n * Returns the token response, or throws if the state doesn't match.\n */\n async handleCallback(callbackUrl?: string): Promise<IAMToken> {\n const url = new URL(callbackUrl ?? window.location.href);\n const error = url.searchParams.get(\"error\");\n\n if (error) {\n const desc = url.searchParams.get(\"error_description\") ?? error;\n throw new Error(`OAuth error: ${desc}`);\n }\n\n const state = url.searchParams.get(\"state\");\n const savedState = this.storage.getItem(KEY_STATE);\n if (savedState && state !== savedState) {\n throw new Error(\"OAuth state mismatch — possible CSRF attack\");\n }\n\n // Implicit flow: access_token returned directly in URL\n const accessToken = url.searchParams.get(\"access_token\");\n if (accessToken) {\n this.storage.removeItem(KEY_STATE);\n this.storage.removeItem(KEY_CODE_VERIFIER);\n\n const tokens: TokenResponse = {\n access_token: accessToken,\n token_type: \"Bearer\",\n refresh_token: url.searchParams.get(\"refresh_token\") ?? undefined,\n expires_in: 7200,\n };\n this.storeTokens(tokens);\n return toIAMToken(tokens);\n }\n\n // Authorization code flow: exchange code for tokens via PKCE\n const code = url.searchParams.get(\"code\");\n if (!code) {\n throw new Error(\"Missing authorization code in callback URL\");\n }\n\n const codeVerifier = this.storage.getItem(KEY_CODE_VERIFIER);\n if (!codeVerifier) {\n throw new Error(\"Missing PKCE code verifier — was signinRedirect() called?\");\n }\n\n // Clean up one-time state\n this.storage.removeItem(KEY_STATE);\n this.storage.removeItem(KEY_CODE_VERIFIER);\n\n const discovery = await this.getDiscovery();\n const body = new URLSearchParams({\n grant_type: \"authorization_code\",\n client_id: this.config.clientId,\n code,\n redirect_uri: this.config.redirectUri,\n code_verifier: codeVerifier,\n });\n\n // Use proxy URL when configured to avoid CORS on the token endpoint.\n const tokenUrl = this.config.proxyBaseUrl\n ? `${this.config.proxyBaseUrl.replace(/\\/+$/, \"\")}/auth/token`\n : discovery.token_endpoint;\n\n const res = await fetch(tokenUrl, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: body.toString(),\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new Error(`Token exchange failed (${res.status}): ${text}`);\n }\n\n const tokens = (await res.json()) as TokenResponse;\n this.storeTokens(tokens);\n return toIAMToken(tokens);\n }\n\n // -----------------------------------------------------------------------\n // Token refresh\n // -----------------------------------------------------------------------\n\n /** Refresh the access token using the stored refresh token. */\n async refreshAccessToken(): Promise<IAMToken> {\n const refreshToken = this.storage.getItem(KEY_REFRESH_TOKEN);\n if (!refreshToken) {\n throw new Error(\"No refresh token available\");\n }\n\n const discovery = await this.getDiscovery();\n const body = new URLSearchParams({\n grant_type: \"refresh_token\",\n client_id: this.config.clientId,\n refresh_token: refreshToken,\n });\n\n const tokenUrl = this.config.proxyBaseUrl\n ? `${this.config.proxyBaseUrl.replace(/\\/+$/, \"\")}/auth/token`\n : discovery.token_endpoint;\n\n const res = await fetch(tokenUrl, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: body.toString(),\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new Error(`Token refresh failed (${res.status}): ${text}`);\n }\n\n const tokens = (await res.json()) as TokenResponse;\n this.storeTokens(tokens);\n return toIAMToken(tokens);\n }\n\n // -----------------------------------------------------------------------\n // Popup signin\n // -----------------------------------------------------------------------\n\n /**\n * Open the IAM login page in a popup window. Resolves when the popup\n * completes the OAuth flow and returns tokens.\n */\n async signinPopup(params?: {\n width?: number;\n height?: number;\n additionalParams?: Record<string, string>;\n }): Promise<IAMToken> {\n const discovery = await this.getDiscovery();\n const { codeVerifier, codeChallenge } = await generatePKCEChallenge();\n const state = generateState();\n\n this.storage.setItem(KEY_STATE, state);\n this.storage.setItem(KEY_CODE_VERIFIER, codeVerifier);\n\n const url = new URL(discovery.authorization_endpoint);\n url.searchParams.set(\"client_id\", this.config.clientId);\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"redirect_uri\", this.config.redirectUri);\n url.searchParams.set(\"scope\", this.config.scope ?? \"openid profile email\");\n url.searchParams.set(\"state\", state);\n url.searchParams.set(\"code_challenge\", codeChallenge);\n url.searchParams.set(\"code_challenge_method\", \"S256\");\n\n if (params?.additionalParams) {\n for (const [k, v] of Object.entries(params.additionalParams)) {\n url.searchParams.set(k, v);\n }\n }\n\n const width = params?.width ?? 600;\n const height = params?.height ?? 700;\n const left = window.screenX + (window.outerWidth - width) / 2;\n const top = window.screenY + (window.outerHeight - height) / 2;\n\n return new Promise<IAMToken>((resolve, reject) => {\n const popup = window.open(\n url.toString(),\n \"hanzo_iam_login\",\n `width=${width},height=${height},left=${left},top=${top},menubar=no,toolbar=no`,\n );\n\n if (!popup) {\n reject(new Error(\"Failed to open login popup — blocked by browser?\"));\n return;\n }\n\n const interval = setInterval(() => {\n try {\n if (popup.closed) {\n clearInterval(interval);\n reject(new Error(\"Login popup was closed before completing\"));\n return;\n }\n // Check if popup navigated to our redirect URI\n const popupUrl = popup.location.href;\n if (popupUrl.startsWith(this.config.redirectUri)) {\n clearInterval(interval);\n popup.close();\n this.handleCallback(popupUrl).then(resolve, reject);\n }\n } catch {\n // Cross-origin — popup is still on IAM domain, keep waiting\n }\n }, 200);\n });\n }\n\n // -----------------------------------------------------------------------\n // Silent signin (iframe)\n // -----------------------------------------------------------------------\n\n /**\n * Attempt silent authentication via a hidden iframe.\n * Useful for checking if the user has an active IAM session.\n * Returns null if silent auth fails (user needs to log in interactively).\n */\n async signinSilent(timeoutMs = 5000): Promise<IAMToken | null> {\n const discovery = await this.getDiscovery();\n const { codeVerifier, codeChallenge } = await generatePKCEChallenge();\n const state = generateState();\n\n this.storage.setItem(KEY_STATE, state);\n this.storage.setItem(KEY_CODE_VERIFIER, codeVerifier);\n\n const url = new URL(discovery.authorization_endpoint);\n url.searchParams.set(\"client_id\", this.config.clientId);\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"redirect_uri\", this.config.redirectUri);\n url.searchParams.set(\"scope\", this.config.scope ?? \"openid profile email\");\n url.searchParams.set(\"state\", state);\n url.searchParams.set(\"code_challenge\", codeChallenge);\n url.searchParams.set(\"code_challenge_method\", \"S256\");\n url.searchParams.set(\"prompt\", \"none\"); // No interactive login\n\n return new Promise<IAMToken | null>((resolve) => {\n const iframe = document.createElement(\"iframe\");\n iframe.style.display = \"none\";\n\n const timeout = setTimeout(() => {\n cleanup();\n resolve(null);\n }, timeoutMs);\n\n const cleanup = () => {\n clearTimeout(timeout);\n iframe.remove();\n this.storage.removeItem(KEY_STATE);\n this.storage.removeItem(KEY_CODE_VERIFIER);\n };\n\n iframe.addEventListener(\"load\", () => {\n try {\n const iframeUrl = iframe.contentWindow?.location.href;\n if (iframeUrl && iframeUrl.startsWith(this.config.redirectUri)) {\n cleanup();\n this.handleCallback(iframeUrl).then(\n (tokens) => resolve(tokens),\n () => resolve(null),\n );\n }\n } catch {\n // Cross-origin or error — silent auth failed\n cleanup();\n resolve(null);\n }\n });\n\n iframe.src = url.toString();\n document.body.appendChild(iframe);\n });\n }\n\n // -----------------------------------------------------------------------\n // Token management\n // -----------------------------------------------------------------------\n\n private storeTokens(tokens: TokenResponse): void {\n this.storage.setItem(KEY_ACCESS_TOKEN, tokens.access_token);\n if (tokens.refresh_token) {\n this.storage.setItem(KEY_REFRESH_TOKEN, tokens.refresh_token);\n }\n if (tokens.id_token) {\n this.storage.setItem(KEY_ID_TOKEN, tokens.id_token);\n }\n if (tokens.expires_in) {\n const expiresAt = Date.now() + tokens.expires_in * 1000;\n this.storage.setItem(KEY_EXPIRES_AT, String(expiresAt));\n }\n }\n\n /** Get the stored access token (may be expired). */\n getAccessToken(): string | null {\n return this.storage.getItem(KEY_ACCESS_TOKEN);\n }\n\n /** Get the stored refresh token. */\n getRefreshToken(): string | null {\n return this.storage.getItem(KEY_REFRESH_TOKEN);\n }\n\n /** Get the stored ID token. */\n getIdToken(): string | null {\n return this.storage.getItem(KEY_ID_TOKEN);\n }\n\n /** Check if the stored access token is expired. */\n isTokenExpired(): boolean {\n const expiresAt = this.storage.getItem(KEY_EXPIRES_AT);\n if (!expiresAt) return true;\n return Date.now() >= Number(expiresAt);\n }\n\n /**\n * Get a valid access token — refreshes automatically if expired.\n * Returns null if no token and no refresh token available.\n */\n async getValidAccessToken(): Promise<string | null> {\n const token = this.getAccessToken();\n if (token && !this.isTokenExpired()) {\n return token;\n }\n if (this.getRefreshToken()) {\n try {\n const tokens = await this.refreshAccessToken();\n return tokens.accessToken;\n } catch {\n return null;\n }\n }\n return null;\n }\n\n /** Clear all stored tokens (logout). */\n clearTokens(): void {\n this.storage.removeItem(KEY_ACCESS_TOKEN);\n this.storage.removeItem(KEY_REFRESH_TOKEN);\n this.storage.removeItem(KEY_ID_TOKEN);\n this.storage.removeItem(KEY_EXPIRES_AT);\n this.storage.removeItem(KEY_STATE);\n this.storage.removeItem(KEY_CODE_VERIFIER);\n }\n\n // -----------------------------------------------------------------------\n // User info\n // -----------------------------------------------------------------------\n\n /** Fetch user info from the OIDC userinfo endpoint using the stored access token. */\n async getUserInfo(): Promise<Record<string, unknown>> {\n const token = await this.getValidAccessToken();\n if (!token) {\n throw new Error(\"No valid access token — user must log in\");\n }\n const discovery = await this.getDiscovery();\n const userinfoUrl = this.config.proxyBaseUrl\n ? `${this.config.proxyBaseUrl.replace(/\\/+$/, \"\")}/auth/userinfo`\n : discovery.userinfo_endpoint;\n const res = await fetch(userinfoUrl, {\n headers: { Authorization: `Bearer ${token}` },\n });\n if (!res.ok) {\n throw new Error(`Userinfo fetch failed (${res.status})`);\n }\n return (await res.json()) as Record<string, unknown>;\n }\n\n // -----------------------------------------------------------------------\n // URL helpers\n // -----------------------------------------------------------------------\n\n /** Build the signup URL for the IAM server. */\n getSignupUrl(params?: { enablePassword?: boolean }): string {\n const base = this.config.serverUrl.replace(/\\/+$/, \"\");\n const app = this.config.appName ?? \"app\";\n const org = this.config.orgName ?? \"built-in\";\n let url = `${base}/signup/${app}`;\n if (params?.enablePassword) {\n url += \"?enablePassword=true\";\n }\n return url;\n }\n\n /** Build the user profile URL on the IAM server. */\n getUserProfileUrl(username: string): string {\n const base = this.config.serverUrl.replace(/\\/+$/, \"\");\n const org = this.config.orgName ?? \"built-in\";\n return `${base}/users/${org}/${username}`;\n }\n\n // -----------------------------------------------------------------------\n // Casdoor REST surface (signup, OTP, REST login, phone lookup)\n //\n // The OIDC layer covers redirect/PKCE, token exchange, refresh, userinfo.\n // These methods cover the Casdoor-native endpoints that don't have an OIDC\n // analogue: phone/email OTP, custom signup with verification codes, and\n // direct REST login that returns an authorization code in one round-trip\n // (used as the bridge between OTP collection and `exchangeCode`).\n //\n // All paths are gateway-canonical (`/login`, `/signup`,\n // `/send-verification-code`, `/get-phone-user`) — point `serverUrl` at the\n // gateway prefix (e.g. `https://api.dev.satschel.com/v1/iam`) and the\n // gateway proxies to Casdoor's `/api/*` internally.\n // -----------------------------------------------------------------------\n\n /**\n * Send a verification code to a phone or email destination.\n *\n * @param contact `{ phone, countryCode }` for SMS, `{ email }` for email.\n * @param method Casdoor method: `login`, `signup`, `forget`, `mfaSetup`, etc.\n */\n async sendVerificationCode(\n contact: { phone: string; countryCode: string } | { email: string },\n method: \"login\" | \"signup\" | \"forget\" | \"reset\" | \"mfaSetup\" = \"login\",\n ): Promise<{ ok: boolean; error?: string }> {\n // 'reset' is an idiomatic alias for Casdoor's 'forget'.\n if (method === \"reset\") method = \"forget\";\n const isPhone = \"phone\" in contact;\n const dest = isPhone ? contact.phone : contact.email;\n const params: Record<string, string> = {\n applicationId: `admin/${this.config.appName ?? \"app\"}`,\n dest,\n type: isPhone ? \"phone\" : \"email\",\n method,\n captchaType: \"none\",\n captchaToken: \"\",\n };\n if (isPhone) params.countryCode = contact.countryCode;\n\n const url = `${this.config.serverUrl.replace(/\\/+$/, \"\")}/send-verification-code`;\n const res = await fetch(url, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams(params).toString(),\n });\n const data = await res.json().catch(() => ({}));\n if (data.status === \"ok\") return { ok: true };\n const msg = (data.msg as string) || `send-verification-code failed (${res.status})`;\n // Provider misconfig is treated as soft success in dev — Casdoor still\n // generates the code and stores it for verification.\n if (msg.includes(\"SMS provider\") || msg.includes(\"provider\")) return { ok: true };\n return { ok: false, error: msg };\n }\n\n /**\n * Look up whether a phone number is registered. Returns `{ exists: false }`\n * on 404 or unknown numbers; `{ exists: true }` when Casdoor confirms a user.\n */\n async lookupPhoneUser(phone: string, countryCode: string): Promise<{ exists: boolean; error?: string }> {\n const url = `${this.config.serverUrl.replace(/\\/+$/, \"\")}/get-phone-user`;\n const res = await fetch(url, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n application: this.config.appName ?? \"app\",\n phone,\n countryCode,\n }),\n });\n if (res.status === 404) return { exists: false };\n if (!res.ok) return { exists: false, error: `lookupPhoneUser failed (${res.status})` };\n return { exists: true };\n }\n\n /**\n * Casdoor REST signup. Returns the new user's id on success.\n *\n * Phone signup flow: send phoneCode via `sendVerificationCode`, then call\n * this with the OTP in `phoneCode`. Casdoor verifies the code internally.\n * Email signup flow: same with `email` + `emailCode`.\n */\n async signup(params: {\n method: \"email\" | \"phone\";\n name: string;\n username?: string;\n email?: string;\n phone?: string;\n countryCode?: string;\n password?: string;\n emailCode?: string;\n phoneCode?: string;\n }): Promise<{ id?: string; ok: boolean; error?: string }> {\n const username = params.username ?? params.name;\n const password = params.password ?? `Liq${Date.now()}!`;\n const body: Record<string, unknown> = {\n application: this.config.appName ?? \"app\",\n organization: this.config.orgName ?? \"built-in\",\n name: params.name,\n username,\n password,\n confirm: password,\n agreement: true,\n };\n if (params.method === \"email\") {\n body.email = params.email;\n if (params.emailCode) body.emailCode = params.emailCode;\n } else {\n body.phone = params.phone;\n body.countryCode = params.countryCode;\n if (params.phoneCode) body.phoneCode = params.phoneCode;\n if (params.email) body.email = params.email;\n if (params.emailCode) body.emailCode = params.emailCode;\n }\n const url = `${this.config.serverUrl.replace(/\\/+$/, \"\")}/signup`;\n const res = await fetch(url, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify(body),\n });\n const data = await res.json().catch(() => ({}));\n if (data.status === \"ok\") return { ok: true, id: data.data2 || data.data };\n return { ok: false, error: (data.msg as string) || `signup failed (${res.status})` };\n }\n\n /**\n * REST login that returns an authorization code (Casdoor `/login`).\n *\n * Use this when you want the caller to drive the PKCE flow without a\n * full redirect — collect credentials in your own UI, get a code back,\n * then call `exchangeCodeForToken` to land tokens.\n */\n async loginWithCredentials(params: {\n username: string;\n password: string;\n type?: \"code\" | \"token\";\n redirectUri?: string;\n }): Promise<{ code?: string; ok: boolean; error?: string }> {\n const { codeVerifier, codeChallenge } = await generatePKCEChallenge();\n this.storage.setItem(KEY_CODE_VERIFIER, codeVerifier);\n\n const url = new URL(`${this.config.serverUrl.replace(/\\/+$/, \"\")}/login`);\n url.searchParams.set(\"code_challenge\", codeChallenge);\n url.searchParams.set(\"code_challenge_method\", \"S256\");\n\n const res = await fetch(url.toString(), {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n application: this.config.appName ?? \"app\",\n organization: this.config.orgName ?? \"built-in\",\n username: params.username,\n password: params.password,\n type: params.type ?? \"code\",\n clientId: this.config.clientId,\n redirectUri: params.redirectUri ?? this.config.redirectUri,\n codeChallenge,\n codeChallengeMethod: \"S256\",\n autoSignin: true,\n }),\n });\n const data = await res.json().catch(() => ({}));\n if (data.status === \"ok\" && data.data) return { ok: true, code: data.data as string };\n return { ok: false, error: (data.msg as string) || `login failed (${res.status})` };\n }\n\n /**\n * Exchange an authorization code for tokens using the stored PKCE verifier.\n * Pairs with `loginWithCredentials` for a code → tokens round-trip.\n */\n async exchangeCodeForToken(code: string, redirectUri?: string): Promise<IAMToken> {\n const codeVerifier = this.storage.getItem(KEY_CODE_VERIFIER);\n if (!codeVerifier) {\n throw new Error(\"Missing PKCE verifier — call loginWithCredentials() first\");\n }\n this.storage.removeItem(KEY_CODE_VERIFIER);\n\n const discovery = await this.getDiscovery();\n const tokenUrl = this.config.proxyBaseUrl\n ? `${this.config.proxyBaseUrl.replace(/\\/+$/, \"\")}/auth/token`\n : discovery.token_endpoint;\n\n const body = new URLSearchParams({\n grant_type: \"authorization_code\",\n client_id: this.config.clientId,\n code,\n redirect_uri: redirectUri ?? this.config.redirectUri,\n code_verifier: codeVerifier,\n });\n const res = await fetch(tokenUrl, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: body.toString(),\n });\n if (!res.ok) {\n const err = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));\n throw new Error((err as Record<string, string>).error_description || (err as Record<string, string>).error || \"Token exchange failed\");\n }\n const tokens = (await res.json()) as TokenResponse;\n this.storeTokens(tokens);\n return toIAMToken(tokens);\n }\n\n /**\n * Phone OTP login: tries the numbered username variants Casdoor accepts\n * (`{phone}`, `{countryCode}{phone}`), exchanges the resulting code for\n * tokens. Returns the token response, or throws on failure.\n */\n async loginWithPhoneOTP(params: {\n phone: string;\n countryCode: string;\n code: string;\n redirectUri?: string;\n }): Promise<IAMToken> {\n const usernames = [params.phone, `${params.countryCode}${params.phone}`];\n let lastError = \"\";\n for (const username of usernames) {\n const result = await this.loginWithCredentials({\n username,\n password: params.code,\n redirectUri: params.redirectUri,\n });\n if (result.ok && result.code) {\n return this.exchangeCodeForToken(result.code, params.redirectUri);\n }\n lastError = result.error ?? lastError;\n }\n throw new Error(lastError || \"Phone OTP login failed\");\n }\n\n /**\n * Logout via Casdoor REST `/logout` (clears server-side session) and\n * the local storage.\n */\n async logout(): Promise<void> {\n const token = this.storage.getItem(KEY_ACCESS_TOKEN);\n try {\n await fetch(`${this.config.serverUrl.replace(/\\/+$/, \"\")}/oauth/logout`, {\n method: \"POST\",\n headers: token ? { Authorization: `Bearer ${token}` } : {},\n });\n } catch {\n // best-effort — local cleanup is what matters\n }\n this.clearTokens();\n }\n\n // -----------------------------------------------------------------------\n // High-level helpers — normalize to ergonomic types so apps don't need\n // their own adapters around the OIDC/Casdoor wire shapes.\n // -----------------------------------------------------------------------\n\n /**\n * Build a social-login authorize URL. Used to navigate the user to\n * Google/Apple/etc. — same as `signinRedirect` but returns the URL\n * instead of issuing the redirect, so apps can `<a href=\"...\">`.\n */\n async getSocialLoginUrl(provider: string, scope = \"openid profile email\"): Promise<string> {\n const { codeVerifier, codeChallenge } = await generatePKCEChallenge();\n const state = generateState();\n this.storage.setItem(KEY_STATE, state);\n this.storage.setItem(KEY_CODE_VERIFIER, codeVerifier);\n\n const discovery = await this.getDiscovery();\n const url = new URL(discovery.authorization_endpoint);\n url.searchParams.set(\"client_id\", this.config.clientId);\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"redirect_uri\", this.config.redirectUri);\n url.searchParams.set(\"scope\", scope);\n url.searchParams.set(\"state\", state);\n url.searchParams.set(\"code_challenge\", codeChallenge);\n url.searchParams.set(\"code_challenge_method\", \"S256\");\n url.searchParams.set(\"provider\", provider);\n return url.toString();\n }\n\n /**\n * Fetch the current user, shaped into the canonical `IAMUser` form\n * (camelCase, no `_` keys). Returns null when no token is present.\n */\n async getUser(): Promise<IAMUser | null> {\n const token = await this.getValidAccessToken();\n if (!token) return null;\n const u = await this.getUserInfo() as Record<string, unknown>;\n return {\n sub: (u.sub as string) ?? \"\",\n email: u.email as string | undefined,\n name: u.name as string | undefined,\n givenName: u.given_name as string | undefined,\n familyName: u.family_name as string | undefined,\n phoneNumber: u.phone_number as string | undefined,\n emailVerified: u.email_verified as boolean | undefined,\n picture: u.picture as string | undefined,\n owner: u.owner as string | undefined,\n };\n }\n}\n\n/**\n * Canonical user shape returned by `IAM#getUser()`. Maps the OIDC userinfo\n * response (snake_case) to camelCase. Apps should consume this rather than\n * the raw `Record<string, unknown>` from `getUserInfo()`.\n */\nexport type IAMUser = {\n sub: string;\n email?: string;\n name?: string;\n givenName?: string;\n familyName?: string;\n phoneNumber?: string;\n emailVerified?: boolean;\n picture?: string;\n owner?: string;\n};\n\n/**\n * Canonical token shape (camelCase, no `_` keys) for app code.\n */\nexport type IAMToken = {\n accessToken: string;\n refreshToken?: string;\n idToken?: string;\n expiresIn?: number;\n tokenType?: string;\n scope?: string;\n};\n\n/** Convert the raw OAuth2 token response into the canonical `IAMToken`. */\nexport function toIAMToken(t: TokenResponse): IAMToken {\n return {\n accessToken: t.access_token,\n refreshToken: t.refresh_token,\n idToken: t.id_token,\n expiresIn: t.expires_in,\n tokenType: t.token_type,\n scope: t.scope,\n };\n}\n","/**\n * Core HTTP client for Hanzo IAM API.\n */\n\nimport type {\n IamConfig,\n IamApiResponse,\n IamUser,\n IamOrganization,\n IamProject,\n OidcDiscovery,\n TokenResponse,\n} from \"./types.js\";\n\nconst DEFAULT_TIMEOUT_MS = 10_000;\n\nexport class IamClient {\n private readonly baseUrl: string;\n private readonly clientId: string;\n private readonly clientSecret: string | undefined;\n private readonly orgName: string | undefined;\n private readonly appName: string | undefined;\n private discoveryCache: { data: OidcDiscovery; fetchedAt: number } | null = null;\n\n constructor(config: IamConfig) {\n this.baseUrl = config.serverUrl.replace(/\\/+$/, \"\");\n this.clientId = config.clientId;\n this.clientSecret = config.clientSecret;\n this.orgName = config.orgName;\n this.appName = config.appName;\n }\n\n // -----------------------------------------------------------------------\n // Internal HTTP helpers\n // -----------------------------------------------------------------------\n\n private async request<T>(\n path: string,\n opts?: {\n method?: string;\n body?: unknown;\n token?: string;\n params?: Record<string, string>;\n timeoutMs?: number;\n },\n ): Promise<T> {\n const url = new URL(path, this.baseUrl);\n if (opts?.params) {\n for (const [k, v] of Object.entries(opts.params)) {\n url.searchParams.set(k, v);\n }\n }\n\n const controller = new AbortController();\n const timer = setTimeout(\n () => controller.abort(),\n opts?.timeoutMs ?? DEFAULT_TIMEOUT_MS,\n );\n\n const headers: Record<string, string> = {\n Accept: \"application/json\",\n };\n if (opts?.token) {\n headers.Authorization = `Bearer ${opts.token}`;\n }\n if (opts?.body) {\n headers[\"Content-Type\"] = \"application/json\";\n }\n\n // Server-side basic auth for confidential client operations\n if (this.clientSecret && !opts?.token) {\n const credentials = `${this.clientId}:${this.clientSecret}`;\n const basic =\n typeof Buffer !== \"undefined\"\n ? Buffer.from(credentials).toString(\"base64\")\n : btoa(credentials);\n headers.Authorization = `Basic ${basic}`;\n }\n\n try {\n const res = await fetch(url.toString(), {\n method: opts?.method ?? \"GET\",\n headers,\n body: opts?.body ? JSON.stringify(opts.body) : undefined,\n signal: controller.signal,\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new IamApiError(res.status, `${res.statusText}: ${text}`.trim());\n }\n\n return (await res.json()) as T;\n } finally {\n clearTimeout(timer);\n }\n }\n\n // -----------------------------------------------------------------------\n // OIDC Discovery\n // -----------------------------------------------------------------------\n\n async getDiscovery(): Promise<OidcDiscovery> {\n const CACHE_TTL_MS = 5 * 60 * 1000;\n if (this.discoveryCache && Date.now() - this.discoveryCache.fetchedAt < CACHE_TTL_MS) {\n return this.discoveryCache.data;\n }\n const data = await this.request<OidcDiscovery>(\n \"/.well-known/openid-configuration\",\n );\n this.discoveryCache = { data, fetchedAt: Date.now() };\n return data;\n }\n\n /** Get JWKS URI from OIDC discovery (cached). */\n async getJwksUri(): Promise<string> {\n const discovery = await this.getDiscovery();\n return discovery.jwks_uri;\n }\n\n // -----------------------------------------------------------------------\n // OAuth2 / Token\n // -----------------------------------------------------------------------\n\n /** Build the authorization URL for user login redirect. */\n async getAuthorizationUrl(params: {\n redirectUri: string;\n state: string;\n scope?: string;\n codeChallenge?: string;\n codeChallengeMethod?: string;\n }): Promise<string> {\n const discovery = await this.getDiscovery();\n const url = new URL(discovery.authorization_endpoint);\n url.searchParams.set(\"client_id\", this.clientId);\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"redirect_uri\", params.redirectUri);\n url.searchParams.set(\"state\", params.state);\n url.searchParams.set(\"scope\", params.scope ?? \"openid profile email\");\n if (params.codeChallenge) {\n url.searchParams.set(\"code_challenge\", params.codeChallenge);\n url.searchParams.set(\"code_challenge_method\", params.codeChallengeMethod ?? \"S256\");\n }\n return url.toString();\n }\n\n /** Exchange authorization code for tokens. */\n async exchangeCode(params: {\n code: string;\n redirectUri: string;\n codeVerifier?: string;\n }): Promise<TokenResponse> {\n const discovery = await this.getDiscovery();\n const body = new URLSearchParams({\n grant_type: \"authorization_code\",\n client_id: this.clientId,\n code: params.code,\n redirect_uri: params.redirectUri,\n });\n if (this.clientSecret) {\n body.set(\"client_secret\", this.clientSecret);\n }\n if (params.codeVerifier) {\n body.set(\"code_verifier\", params.codeVerifier);\n }\n\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);\n try {\n const res = await fetch(discovery.token_endpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: body.toString(),\n signal: controller.signal,\n });\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new IamApiError(res.status, `Token exchange failed: ${text}`);\n }\n return (await res.json()) as TokenResponse;\n } finally {\n clearTimeout(timer);\n }\n }\n\n /**\n * Resource Owner Password Credentials grant.\n * Used for service-to-service auth, CLI login, and e2e tests.\n */\n async passwordGrant(params: {\n username: string;\n password: string;\n scope?: string;\n }): Promise<TokenResponse> {\n const discovery = await this.getDiscovery();\n const body = new URLSearchParams({\n grant_type: \"password\",\n client_id: this.clientId,\n username: params.username,\n password: params.password,\n scope: params.scope ?? \"openid profile email phone\",\n });\n if (this.clientSecret) {\n body.set(\"client_secret\", this.clientSecret);\n }\n\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);\n try {\n const res = await fetch(discovery.token_endpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: body.toString(),\n signal: controller.signal,\n });\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new IamApiError(res.status, `Password grant failed: ${text}`);\n }\n return (await res.json()) as TokenResponse;\n } finally {\n clearTimeout(timer);\n }\n }\n\n /** Refresh an access token. */\n async refreshToken(refreshToken: string): Promise<TokenResponse> {\n const discovery = await this.getDiscovery();\n const body = new URLSearchParams({\n grant_type: \"refresh_token\",\n client_id: this.clientId,\n refresh_token: refreshToken,\n });\n if (this.clientSecret) {\n body.set(\"client_secret\", this.clientSecret);\n }\n\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);\n try {\n const res = await fetch(discovery.token_endpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: body.toString(),\n signal: controller.signal,\n });\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n throw new IamApiError(res.status, `Token refresh failed: ${text}`);\n }\n return (await res.json()) as TokenResponse;\n } finally {\n clearTimeout(timer);\n }\n }\n\n // -----------------------------------------------------------------------\n // User\n // -----------------------------------------------------------------------\n\n /** Get user info from access token (OIDC userinfo endpoint). */\n async getUserInfo(accessToken: string): Promise<IamUser> {\n const discovery = await this.getDiscovery();\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);\n try {\n const res = await fetch(discovery.userinfo_endpoint, {\n headers: { Authorization: `Bearer ${accessToken}` },\n signal: controller.signal,\n });\n if (!res.ok) {\n throw new IamApiError(res.status, \"Failed to fetch userinfo\");\n }\n return (await res.json()) as IamUser;\n } finally {\n clearTimeout(timer);\n }\n }\n\n /** Get a user by ID (\"org/username\" format). */\n async getUser(userId: string, token?: string): Promise<IamUser | null> {\n const resp = await this.request<IamApiResponse<IamUser>>(\"/api/get-user\", {\n params: { id: userId },\n token,\n });\n return resp.data ?? null;\n }\n\n // -----------------------------------------------------------------------\n // Organization\n // -----------------------------------------------------------------------\n\n /** List organizations (for the configured owner). */\n async getOrganizations(token?: string): Promise<IamOrganization[]> {\n const owner = this.orgName ?? \"admin\";\n const resp = await this.request<IamApiResponse<IamOrganization[]>>(\n \"/api/get-organizations\",\n { params: { owner }, token },\n );\n return resp.data ?? [];\n }\n\n /** Get a specific organization. */\n async getOrganization(\n id: string,\n token?: string,\n ): Promise<IamOrganization | null> {\n const resp = await this.request<IamApiResponse<IamOrganization>>(\n \"/api/get-organization\",\n { params: { id }, token },\n );\n return resp.data ?? null;\n }\n\n /** Get organizations a user belongs to. */\n async getUserOrganizations(\n userId: string,\n token?: string,\n ): Promise<IamOrganization[]> {\n // IAM returns orgs the user is a member of via the user's properties.\n // We can also query via get-user and read their signupApplication/org.\n const user = await this.getUser(userId, token);\n if (!user) return [];\n // The owner field on a user is their org\n const org = await this.getOrganization(\n `admin/${user.owner}`,\n token,\n );\n return org ? [org] : [];\n }\n\n // -----------------------------------------------------------------------\n // Project\n // -----------------------------------------------------------------------\n\n /** List projects (for the configured owner). */\n async getProjects(token?: string): Promise<IamProject[]> {\n const owner = this.orgName ?? \"admin\";\n const resp = await this.request<IamApiResponse<IamProject[]>>(\n \"/api/get-projects\",\n { params: { owner }, token },\n );\n return resp.data ?? [];\n }\n\n /** Get a specific project by ID (\"owner/name\" format). */\n async getProject(id: string, token?: string): Promise<IamProject | null> {\n const resp = await this.request<IamApiResponse<IamProject>>(\n \"/api/get-project\",\n { params: { id }, token },\n );\n return resp.data ?? null;\n }\n\n /** Get all projects for an organization. */\n async getOrganizationProjects(\n organization: string,\n token?: string,\n ): Promise<IamProject[]> {\n const resp = await this.request<IamApiResponse<IamProject[]>>(\n \"/api/get-organization-projects\",\n { params: { organization }, token },\n );\n return resp.data ?? [];\n }\n\n // -----------------------------------------------------------------------\n // Raw request (for extending)\n // -----------------------------------------------------------------------\n\n /** Make an arbitrary authenticated request to the IAM API. */\n async apiRequest<T = unknown>(\n path: string,\n opts?: { method?: string; body?: unknown; token?: string; params?: Record<string, string> },\n ): Promise<T> {\n return this.request<T>(path, opts);\n }\n}\n\n// ---------------------------------------------------------------------------\n// Error\n// ---------------------------------------------------------------------------\n\nexport class IamApiError extends Error {\n readonly status: number;\n\n constructor(status: number, message: string) {\n super(message);\n this.name = \"IamApiError\";\n this.status = status;\n }\n}\n","/**\n * React bindings for @hanzo/iam.\n *\n * Provides a context provider, auth hooks, and org/project switching\n * that can be dropped into any React application.\n *\n * @example\n * ```tsx\n * import { IamProvider, useIam, useOrganizations } from '@hanzo/iam/react'\n *\n * function App() {\n * return (\n * <IamProvider config={{\n * serverUrl: 'https://iam.hanzo.ai',\n * clientId: 'my-app',\n * redirectUri: `${window.location.origin}/auth/callback`,\n * }}>\n * <MyApp />\n * </IamProvider>\n * )\n * }\n *\n * function MyApp() {\n * const { user, isAuthenticated, login, logout } = useIam()\n * const { organizations, currentOrg, switchOrg } = useOrganizations()\n *\n * if (!isAuthenticated) return <button onClick={() => login()}>Log in</button>\n * return <div>Welcome, {user?.displayName}</div>\n * }\n * ```\n *\n * @packageDocumentation\n */\n\nimport {\n createContext,\n createElement,\n useCallback,\n useContext,\n useEffect,\n useMemo,\n useRef,\n useState,\n} from \"react\";\nimport type { ReactNode } from \"react\";\nimport { IAM } from \"./browser.js\";\nimport type { IAMConfig } from \"./browser.js\";\nimport { IamClient } from \"./client.js\";\nimport type { IamUser, IamOrganization, IamProject } from \"./types.js\";\nimport type { IAMToken } from \"./browser.js\";\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\nexport interface IamProviderProps {\n /** Browser IAM SDK configuration. */\n config: IAMConfig;\n /** Auto-initialize on mount (check stored tokens). Default: true. */\n autoInit?: boolean;\n /** Called when authentication state changes. */\n onAuthChange?: (authenticated: boolean) => void;\n children: ReactNode;\n}\n\nexport interface IamContextValue {\n /** The underlying IAM instance for advanced use. */\n sdk: IAM;\n /** The IAM configuration. */\n config: IAMConfig;\n /** Authenticated user (null if not logged in). */\n user: IamUser | null;\n /** Whether the user is currently authenticated. */\n isAuthenticated: boolean;\n /** Whether initial auth check is in progress. */\n isLoading: boolean;\n /** Current access token (null if not authenticated). */\n accessToken: string | null;\n /** Redirect to IAM login page. */\n login: (params?: { additionalParams?: Record<string, string> }) => Promise<void>;\n /** Open IAM login in a popup. */\n loginPopup: (params?: { width?: number; height?: number }) => Promise<void>;\n /** Handle OAuth callback — call on your /auth/callback route. */\n handleCallback: (callbackUrl?: string) => Promise<IAMToken>;\n /** Log out and clear all tokens. */\n logout: () => void;\n /** Last auth error, if any. */\n error: Error | null;\n}\n\nexport interface OrgState {\n /** All organizations the user belongs to. */\n organizations: IamOrganization[];\n /** Currently selected organization. */\n currentOrg: IamOrganization | null;\n /** Currently selected org ID. */\n currentOrgId: string | null;\n /** Switch to a different organization. */\n switchOrg: (orgId: string) => void;\n /** All projects for the current organization. */\n projects: IamProject[];\n /** Currently selected project. */\n currentProject: IamProject | null;\n /** Currently selected project ID within the org. */\n currentProjectId: string | null;\n /** Switch to a different project (null to clear). */\n switchProject: (projectId: string | null) => void;\n /** Whether organizations are loading. */\n isLoading: boolean;\n}\n\n// ---------------------------------------------------------------------------\n// Context\n// ---------------------------------------------------------------------------\n\nconst IamContext = createContext<IamContextValue | null>(null);\nIamContext.displayName = \"HanzoIamContext\";\n\n// Storage keys for tenant persistence\nconst STORAGE_ORG_KEY = \"hanzo_iam_current_org\";\nconst STORAGE_PROJECT_KEY = \"hanzo_iam_current_project\";\nconst STORAGE_EXPIRES_KEY = \"hanzo_iam_expires_at\";\n\n// ---------------------------------------------------------------------------\n// IamProvider\n// ---------------------------------------------------------------------------\n\n/**\n * Root provider for Hanzo IAM in React applications.\n *\n * Wrap your app (or a subtree) with this provider to enable IAM auth.\n * Manages the IAM instance, token lifecycle, and auth state.\n */\nexport function IamProvider(props: IamProviderProps) {\n const { config, autoInit = true, onAuthChange, children } = props;\n\n const sdk = useMemo(\n () => new IAM(config),\n // eslint-disable-next-line react-hooks/exhaustive-deps\n [config.serverUrl, config.clientId, config.redirectUri],\n );\n\n const [user, setUser] = useState<IamUser | null>(null);\n const [isAuthenticated, setIsAuthenticated] = useState(false);\n const [isLoading, setIsLoading] = useState(autoInit);\n const [accessToken, setAccessToken] = useState<string | null>(\n sdk.getAccessToken(),\n );\n const [error, setError] = useState<Error | null>(null);\n const refreshTimerRef = useRef<ReturnType<typeof setTimeout> | null>(null);\n\n // Schedule token refresh ~60s before expiry\n const scheduleRefresh = useCallback(() => {\n if (refreshTimerRef.current) clearTimeout(refreshTimerRef.current);\n if (sdk.isTokenExpired()) return;\n\n const storage = config.storage ?? sessionStorage;\n const expiresAtStr = storage.getItem(STORAGE_EXPIRES_KEY);\n if (!expiresAtStr) return;\n\n const msUntilRefresh = Number(expiresAtStr) - Date.now() - 60_000;\n if (msUntilRefresh <= 0) {\n sdk\n .refreshAccessToken()\n .then((tokens) => {\n setAccessToken(tokens.accessToken);\n scheduleRefresh();\n })\n .catch(() => {\n setIsAuthenticated(false);\n setUser(null);\n setAccessToken(null);\n });\n return;\n }\n\n refreshTimerRef.current = setTimeout(async () => {\n try {\n const tokens = await sdk.refreshAccessToken();\n setAccessToken(tokens.accessToken);\n scheduleRefresh();\n } catch {\n setIsAuthenticated(false);\n setUser(null);\n setAccessToken(null);\n }\n }, msUntilRefresh);\n }, [sdk, config.storage]);\n\n // Auto-init: check stored tokens on mount\n useEffect(() => {\n if (!autoInit) {\n setIsLoading(false);\n return;\n }\n\n let cancelled = false;\n\n const init = async () => {\n try {\n const token = await sdk.getValidAccessToken();\n if (cancelled) return;\n if (token) {\n setAccessToken(token);\n setIsAuthenticated(true);\n try {\n const info = await sdk.getUserInfo();\n if (!cancelled) setUser(info as unknown as IamUser);\n } catch {\n // Token valid but userinfo failed — still authenticated\n }\n scheduleRefresh();\n onAuthChange?.(true);\n } else {\n onAuthChange?.(false);\n }\n } catch (err) {\n if (!cancelled) {\n setError(err instanceof Error ? err : new Error(String(err)));\n onAuthChange?.(false);\n }\n } finally {\n if (!cancelled) setIsLoading(false);\n }\n };\n\n init();\n return () => {\n cancelled = true;\n };\n // eslint-disable-next-line react-hooks/exhaustive-deps\n }, [sdk, autoInit]);\n\n // Cleanup refresh timer on unmount\n useEffect(() => {\n return () => {\n if (refreshTimerRef.current) clearTimeout(refreshTimerRef.current);\n };\n }, []);\n\n // Complete authentication after login/callback\n const completeAuth = useCallback(\n async (tokens: IAMToken) => {\n setAccessToken(tokens.accessToken);\n setIsAuthenticated(true);\n try {\n const info = await sdk.getUserInfo();\n setUser(info as unknown as IamUser);\n } catch {\n // ok — token valid, userinfo is optional\n }\n scheduleRefresh();\n onAuthChange?.(true);\n },\n [sdk, scheduleRefresh, onAuthChange],\n );\n\n const login = useCallback(\n async (params?: { additionalParams?: Record<string, string> }) => {\n setError(null);\n await sdk.signinRedirect(params);\n },\n [sdk],\n );\n\n const loginPopup = useCallback(\n async (params?: { width?: number; height?: number }) => {\n setError(null);\n try {\n const tokens = await sdk.signinPopup(params);\n await completeAuth(tokens);\n } catch (err) {\n const e = err instanceof Error ? err : new Error(String(err));\n setError(e);\n throw e;\n }\n },\n [sdk, completeAuth],\n );\n\n const handleCallback = useCallback(\n async (callbackUrl?: string) => {\n setError(null);\n try {\n const tokens = await sdk.handleCallback(callbackUrl);\n await completeAuth(tokens);\n return tokens;\n } catch (err) {\n const e = err instanceof Error ? err : new Error(String(err));\n setError(e);\n throw e;\n }\n },\n [sdk, completeAuth],\n );\n\n const logout = useCallback(() => {\n sdk.clearTokens();\n setUser(null);\n setIsAuthenticated(false);\n setAccessToken(null);\n setError(null);\n if (refreshTimerRef.current) clearTimeout(refreshTimerRef.current);\n try {\n localStorage.removeItem(STORAGE_ORG_KEY);\n localStorage.removeItem(STORAGE_PROJECT_KEY);\n } catch {\n /* ok */\n }\n onAuthChange?.(false);\n }, [sdk, onAuthChange]);\n\n const value = useMemo<IamContextValue>(\n () => ({\n sdk,\n config,\n user,\n isAuthenticated,\n isLoading,\n accessToken,\n login,\n loginPopup,\n handleCallback,\n logout,\n error,\n }),\n [\n sdk,\n config,\n user,\n isAuthenticated,\n isLoading,\n accessToken,\n login,\n loginPopup,\n handleCallback,\n logout,\n error,\n ],\n );\n\n return createElement(IamContext.Provider, { value }, children);\n}\n\n// ---------------------------------------------------------------------------\n// useIam\n// ---------------------------------------------------------------------------\n\n/**\n * Access Hanzo IAM auth state and methods.\n * Must be used within an `<IamProvider>`.\n */\nexport function useIam(): IamContextValue {\n const ctx = useContext(IamContext);\n if (!ctx) {\n throw new Error(\"useIam() must be used within an <IamProvider>\");\n }\n return ctx;\n}\n\n// ---------------------------------------------------------------------------\n// useOrganizations\n// ---------------------------------------------------------------------------\n\n/**\n * Manage organization and project switching.\n *\n * Fetches the user's organizations from IAM and provides\n * `switchOrg` / `switchProject` to change the active tenant.\n * Selection is persisted to localStorage.\n */\nexport function useOrganizations(): OrgState {\n const { config, isAuthenticated, accessToken } = useIam();\n const [organizations, setOrganizations] = useState<IamOrganization[]>([]);\n const [projects, setProjects] = useState<IamProject[]>([]);\n const [isLoading, setIsLoading] = useState(false);\n\n const [currentOrgId, setCurrentOrgId] = useState<string | null>(() => {\n try {\n return localStorage.getItem(STORAGE_ORG_KEY);\n } catch {\n return null;\n }\n });\n\n const [currentProjectId, setCurrentProjectId] = useState<string | null>(\n () => {\n try {\n return localStorage.getItem(STORAGE_PROJECT_KEY);\n } catch {\n return null;\n }\n },\n );\n\n // Fetch organizations when authenticated\n useEffect(() => {\n if (!isAuthenticated || !accessToken) {\n setOrganizations([]);\n setProjects([]);\n return;\n }\n\n let cancelled = false;\n\n const fetchOrgs = async () => {\n setIsLoading(true);\n\n // 1. Parse JWT sub claim for primary org (immediate, no API call)\n try {\n const payload = JSON.parse(atob(accessToken.split(\".\")[1]));\n const sub = payload.sub as string;\n if (sub?.includes(\"/\")) {\n const primaryOrg = sub.split(\"/\")[0];\n if (!cancelled) {\n const syntheticOrg: IamOrganization = {\n owner: \"admin\",\n name: primaryOrg,\n displayName: primaryOrg,\n };\n setOrganizations([syntheticOrg]);\n if (!currentOrgId) {\n setCurrentOrgId(primaryOrg);\n try {\n localStorage.setItem(STORAGE_ORG_KEY, primaryOrg);\n } catch {\n /* ok */\n }\n }\n }\n }\n } catch {\n // Invalid token format — skip JWT parsing\n }\n\n // 2. Try to fetch full org list from API (may fail for non-admin users)\n try {\n const client = new IamClient({\n serverUrl: config.serverUrl,\n clientId: config.clientId,\n });\n const orgs = await client.getOrganizations(accessToken);\n if (!cancelled && orgs.length > 0) {\n setOrganizations(orgs);\n if (!currentOrgId && orgs.length > 0) {\n const firstOrg = orgs[0].name;\n setCurrentOrgId(firstOrg);\n try {\n localStorage.setItem(STORAGE_ORG_KEY, firstOrg);\n } catch {\n /* ok */\n }\n }\n }\n } catch {\n // API call failed — keep JWT-derived org\n } finally {\n if (!cancelled) setIsLoading(false);\n }\n };\n\n fetchOrgs();\n return () => {\n cancelled = true;\n };\n // eslint-disable-next-line react-hooks/exhaustive-deps\n }, [isAuthenticated, accessToken, config.serverUrl, config.clientId]);\n\n // Fetch projects when currentOrgId changes\n useEffect(() => {\n if (!isAuthenticated || !accessToken || !currentOrgId) {\n setProjects([]);\n return;\n }\n\n let cancelled = false;\n\n const fetchProjects = async () => {\n try {\n const client = new IamClient({\n serverUrl: config.serverUrl,\n clientId: config.clientId,\n });\n const orgProjects = await client.getOrganizationProjects(\n currentOrgId,\n accessToken,\n );\n if (!cancelled) {\n setProjects(orgProjects);\n // Auto-select default project if none selected\n if (!currentProjectId && orgProjects.length > 0) {\n const defaultProject =\n orgProjects.find((p) => p.isDefault) ?? orgProjects[0];\n setCurrentProjectId(defaultProject.name);\n try {\n localStorage.setItem(STORAGE_PROJECT_KEY, defaultProject.name);\n } catch {\n /* ok */\n }\n }\n }\n } catch {\n // Projects API may not be available yet — that's ok\n if (!cancelled) setProjects([]);\n }\n };\n\n fetchProjects();\n return () => {\n cancelled = true;\n };\n // eslint-disable-next-line react-hooks/exhaustive-deps\n }, [isAuthenticated, accessToken, currentOrgId, config.serverUrl, config.clientId]);\n\n const currentOrg = useMemo(\n () => organizations.find((o) => o.name === currentOrgId) ?? null,\n [organizations, currentOrgId],\n );\n\n const currentProject = useMemo(\n () => projects.find((p) => p.name === currentProjectId) ?? null,\n [projects, currentProjectId],\n );\n\n const switchOrg = useCallback((orgId: string) => {\n setCurrentOrgId(orgId);\n setCurrentProjectId(null);\n setProjects([]);\n try {\n localStorage.setItem(STORAGE_ORG_KEY, orgId);\n localStorage.removeItem(STORAGE_PROJECT_KEY);\n } catch {\n /* ok */\n }\n }, []);\n\n const switchProject = useCallback((projectId: string | null) => {\n setCurrentProjectId(projectId);\n try {\n if (projectId) {\n localStorage.setItem(STORAGE_PROJECT_KEY, projectId);\n } else {\n localStorage.removeItem(STORAGE_PROJECT_KEY);\n }\n } catch {\n /* ok */\n }\n }, []);\n\n return {\n organizations,\n currentOrg,\n currentOrgId,\n switchOrg,\n projects,\n currentProject,\n currentProjectId,\n switchProject,\n isLoading,\n };\n}\n\n// ---------------------------------------------------------------------------\n// useIamToken\n// ---------------------------------------------------------------------------\n\n/**\n * Hook that provides a valid access token with auto-refresh capability.\n * Returns null while loading or if not authenticated.\n */\nexport function useIamToken(): {\n token: string | null;\n isValid: boolean;\n refresh: () => Promise<string | null>;\n} {\n const { sdk, accessToken, isAuthenticated } = useIam();\n\n const refresh = useCallback(async () => {\n try {\n return await sdk.getValidAccessToken();\n } catch {\n return null;\n }\n }, [sdk]);\n\n return {\n token: accessToken,\n isValid: isAuthenticated && !!accessToken && !sdk.isTokenExpired(),\n refresh,\n };\n}\n\n// Re-export context for advanced use\nexport { IamContext };\n\n// ---------------------------------------------------------------------------\n// OrgProjectSwitcher component\n// ---------------------------------------------------------------------------\n\nexport interface OrgProjectSwitcherProps {\n organizations: Array<{ name: string; displayName?: string; owner?: string }>;\n currentOrgId: string | null;\n switchOrg: (orgId: string) => void;\n projects?: Array<{ name: string; displayName?: string; organization?: string; isDefault?: boolean }>;\n currentProjectId?: string | null;\n switchProject?: (projectId: string | null) => void;\n onTenantChange?: (orgId: string | null, projectId: string | null) => void;\n environment?: string | null;\n className?: string;\n alwaysShow?: boolean;\n}\n\n/**\n * Organization and project switcher component.\n *\n * @example\n * ```tsx\n * import { useOrganizations, OrgProjectSwitcher } from '@hanzo/iam/react'\n *\n * function Nav() {\n * const orgState = useOrganizations()\n * return <OrgProjectSwitcher {...orgState} />\n * }\n * ```\n */\nexport function OrgProjectSwitcher({\n organizations,\n currentOrgId,\n switchOrg,\n projects = [],\n currentProjectId = null,\n switchProject,\n onTenantChange,\n environment,\n className = \"\",\n alwaysShow = false,\n}: OrgProjectSwitcherProps) {\n useEffect(() => {\n onTenantChange?.(currentOrgId, currentProjectId ?? null);\n }, [currentOrgId, currentProjectId, onTenantChange]);\n\n const handleOrgChange = useCallback(\n (e: { target: { value: string } }) => switchOrg(e.target.value),\n [switchOrg],\n );\n\n const handleProjectChange = useCallback(\n (e: { target: { value: string } }) => switchProject?.(e.target.value || null),\n [switchProject],\n );\n\n if (!alwaysShow && organizations.length <= 1 && projects.length <= 1) {\n if (organizations.length === 1) {\n const org = organizations[0];\n return createElement(\n \"div\",\n { className: `flex items-center gap-2 text-sm ${className}` },\n createElement(\"span\", { className: \"font-medium\" }, org.displayName || org.name),\n projects.length === 1\n ? [\n createElement(\"span\", { className: \"text-muted-foreground\", key: \"sep\" }, \"/\"),\n createElement(\"span\", { key: \"proj\" }, projects[0].displayName || projects[0].name),\n ]\n : null,\n environment\n ? createElement(\n \"span\",\n { className: \"rounded-full bg-muted px-2 py-0.5 text-xs text-muted-foreground\" },\n environment,\n )\n : null,\n );\n }\n return null;\n }\n\n return createElement(\n \"div\",\n { className: `flex items-center gap-2 ${className}` },\n createElement(\n \"select\",\n {\n value: currentOrgId ?? \"\",\n onChange: handleOrgChange,\n className:\n \"h-8 rounded-md border border-border bg-background px-2 text-sm text-foreground focus:outline-none focus:ring-1 focus:ring-ring\",\n \"aria-label\": \"Switch organization\",\n },\n ...organizations.map((org) =>\n createElement(\"option\", { key: org.name, value: org.name }, org.displayName || org.name),\n ),\n ),\n projects.length > 0 && switchProject\n ? [\n createElement(\"span\", { className: \"text-muted-foreground\", key: \"sep\" }, \"/\"),\n createElement(\n \"select\",\n {\n key: \"proj-select\",\n value: currentProjectId ?? \"\",\n onChange: handleProjectChange,\n className:\n \"h-8 rounded-md border border-border bg-background px-2 text-sm text-foreground focus:outline-none focus:ring-1 focus:ring-ring\",\n \"aria-label\": \"Switch project\",\n },\n ...projects.map((proj) =>\n createElement(\"option\", { key: proj.name, value: proj.name }, proj.displayName || proj.name),\n ),\n ),\n ]\n : null,\n environment\n ? createElement(\n \"span\",\n { className: \"rounded-full bg-muted px-2 py-0.5 text-xs text-muted-foreground\" },\n environment,\n )\n : null,\n );\n}\n"]}
package/dist/types.cjs ADDED
@@ -0,0 +1,4 @@
1
+ 'use strict';
2
+
3
+ //# sourceMappingURL=types.cjs.map
4
+ //# sourceMappingURL=types.cjs.map
package/dist/types.cjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":[],"names":[],"mappings":"","file":"types.cjs"}
package/dist/types.d.cts ADDED
@@ -0,0 +1,219 @@
1
+ /**
2
+ * Core types for the Hanzo IAM SDK.
3
+ * Hanzo IAM data models.
4
+ */
5
+ type IamConfig = {
6
+ /** IAM server base URL (e.g. "https://iam.hanzo.ai"). */
7
+ serverUrl: string;
8
+ /** OAuth2 client ID. */
9
+ clientId: string;
10
+ /** OAuth2 client secret (for confidential clients / server-side). */
11
+ clientSecret?: string;
12
+ /** Organization name (owner context). */
13
+ orgName?: string;
14
+ /** Application name. */
15
+ appName?: string;
16
+ };
17
+ type OidcDiscovery = {
18
+ issuer: string;
19
+ authorization_endpoint: string;
20
+ token_endpoint: string;
21
+ userinfo_endpoint: string;
22
+ jwks_uri: string;
23
+ scopes_supported?: string[];
24
+ response_types_supported?: string[];
25
+ grant_types_supported?: string[];
26
+ };
27
+ type TokenResponse = {
28
+ access_token: string;
29
+ token_type: string;
30
+ expires_in?: number;
31
+ refresh_token?: string;
32
+ id_token?: string;
33
+ scope?: string;
34
+ };
35
+ type IamJwtClaims = {
36
+ /** Subject (user ID in format "org/username"). */
37
+ sub: string;
38
+ /** Issuer URL. */
39
+ iss?: string;
40
+ /** Audience. */
41
+ aud?: string | string[];
42
+ /** Expiry (unix seconds). */
43
+ exp?: number;
44
+ /** Issued at (unix seconds). */
45
+ iat?: number;
46
+ /** User email. */
47
+ email?: string;
48
+ /** Display name. */
49
+ name?: string;
50
+ /** Preferred username. */
51
+ preferred_username?: string;
52
+ /** Avatar URL. */
53
+ picture?: string;
54
+ /** Phone number. */
55
+ phone?: string;
56
+ /** Groups/roles. */
57
+ groups?: string[];
58
+ /** Arbitrary extra claims. */
59
+ [key: string]: unknown;
60
+ };
61
+ type IamUser = {
62
+ owner: string;
63
+ name: string;
64
+ id?: string;
65
+ displayName?: string;
66
+ email?: string;
67
+ phone?: string;
68
+ avatar?: string;
69
+ type?: string;
70
+ isAdmin?: boolean;
71
+ isGlobalAdmin?: boolean;
72
+ createdTime?: string;
73
+ signupApplication?: string;
74
+ };
75
+ type IamOrganization = {
76
+ owner: string;
77
+ name: string;
78
+ displayName?: string;
79
+ createdTime?: string;
80
+ websiteUrl?: string;
81
+ logo?: string;
82
+ logoDark?: string;
83
+ favicon?: string;
84
+ isPersonal?: boolean;
85
+ orgBalance?: number;
86
+ userBalance?: number;
87
+ balanceCredit?: number;
88
+ balanceCurrency?: string;
89
+ };
90
+ type Subscription = {
91
+ owner: string;
92
+ name: string;
93
+ displayName?: string;
94
+ createdTime?: string;
95
+ user?: string;
96
+ plan?: string;
97
+ pricing?: string;
98
+ startTime?: string;
99
+ endTime?: string;
100
+ duration?: number;
101
+ state?: "Active" | "Inactive" | "Expired" | "Cancelled" | string;
102
+ description?: string;
103
+ };
104
+ type Plan = {
105
+ owner: string;
106
+ name: string;
107
+ displayName?: string;
108
+ createdTime?: string;
109
+ description?: string;
110
+ pricePerMonth?: number;
111
+ pricePerYear?: number;
112
+ currency?: string;
113
+ options?: string[];
114
+ isEnabled?: boolean;
115
+ role?: string;
116
+ };
117
+ type Pricing = {
118
+ owner: string;
119
+ name: string;
120
+ displayName?: string;
121
+ createdTime?: string;
122
+ description?: string;
123
+ plans?: string[];
124
+ isEnabled?: boolean;
125
+ application?: string;
126
+ trialDuration?: number;
127
+ };
128
+ type Payment = {
129
+ owner: string;
130
+ name: string;
131
+ displayName?: string;
132
+ createdTime?: string;
133
+ provider?: string;
134
+ type?: string;
135
+ currency?: string;
136
+ price?: number;
137
+ user?: string;
138
+ state?: string;
139
+ message?: string;
140
+ };
141
+ type Order = {
142
+ owner: string;
143
+ name: string;
144
+ displayName?: string;
145
+ createdTime?: string;
146
+ user?: string;
147
+ products?: string[];
148
+ price?: number;
149
+ currency?: string;
150
+ state?: string;
151
+ message?: string;
152
+ };
153
+ type UsageRecord = {
154
+ owner: string;
155
+ name: string;
156
+ user?: string;
157
+ application?: string;
158
+ organization?: string;
159
+ project?: string;
160
+ model?: string;
161
+ provider?: string;
162
+ promptTokens?: number;
163
+ completionTokens?: number;
164
+ totalTokens?: number;
165
+ cost?: number;
166
+ currency?: string;
167
+ premium?: boolean;
168
+ stream?: boolean;
169
+ status?: string;
170
+ errorMsg?: string;
171
+ clientIp?: string;
172
+ requestId?: string;
173
+ createdTime?: string;
174
+ };
175
+ type UsageSummary = {
176
+ totalRequests: number;
177
+ totalTokens: number;
178
+ totalCost: number;
179
+ promptTokens: number;
180
+ completionTokens: number;
181
+ };
182
+ type IamSubscription = Subscription;
183
+ type IamPlan = Plan;
184
+ type IamPricing = Pricing;
185
+ type IamPayment = Payment;
186
+ type IamOrder = Order;
187
+ type IamUsageRecord = UsageRecord;
188
+ type IamUsageSummary = UsageSummary;
189
+ type IamProject = {
190
+ owner: string;
191
+ name: string;
192
+ displayName?: string;
193
+ description?: string;
194
+ organization: string;
195
+ tags?: string[];
196
+ metadata?: Record<string, unknown>;
197
+ isDefault?: boolean;
198
+ createdTime?: string;
199
+ };
200
+ type IamAuthResult = {
201
+ ok: true;
202
+ userId: string;
203
+ email?: string;
204
+ name?: string;
205
+ avatar?: string;
206
+ owner: string;
207
+ claims: IamJwtClaims;
208
+ } | {
209
+ ok: false;
210
+ reason: string;
211
+ };
212
+ type IamApiResponse<T> = {
213
+ status: "ok" | "error";
214
+ msg?: string;
215
+ data?: T;
216
+ data2?: unknown;
217
+ };
218
+
219
+ export type { IamApiResponse, IamAuthResult, IamConfig, IamJwtClaims, IamOrder, IamOrganization, IamPayment, IamPlan, IamPricing, IamProject, IamSubscription, IamUsageRecord, IamUsageSummary, IamUser, OidcDiscovery, Order, Payment, Plan, Pricing, Subscription, TokenResponse, UsageRecord, UsageSummary };