npm - @happyvertical/smrt-users - Versions diffs - 0.30.0 - Mend

@happyvertical/smrt-users 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

package/AGENTS.md +85 -0
package/CLAUDE.md +1 -0
package/LICENSE +7 -0
package/README.md +459 -0
package/dist/__smrt-register__.d.ts +2 -0
package/dist/__smrt-register__.d.ts.map +1 -0
package/dist/chunks/TerminalAuthService-DoAMQ_yn.js +5118 -0
package/dist/chunks/TerminalAuthService-DoAMQ_yn.js.map +1 -0
package/dist/chunks/index-DkoYIvIu.js +169 -0
package/dist/chunks/index-DkoYIvIu.js.map +1 -0
package/dist/collections/CliAuthRequestCollection.d.ts +19 -0
package/dist/collections/CliAuthRequestCollection.d.ts.map +1 -0
package/dist/collections/GroupCollection.d.ts +17 -0
package/dist/collections/GroupCollection.d.ts.map +1 -0
package/dist/collections/GroupMemberCollection.d.ts +43 -0
package/dist/collections/GroupMemberCollection.d.ts.map +1 -0
package/dist/collections/GroupRoleCollection.d.ts +33 -0
package/dist/collections/GroupRoleCollection.d.ts.map +1 -0
package/dist/collections/MagicLinkTokenCollection.d.ts +26 -0
package/dist/collections/MagicLinkTokenCollection.d.ts.map +1 -0
package/dist/collections/MembershipCollection.d.ts +38 -0
package/dist/collections/MembershipCollection.d.ts.map +1 -0
package/dist/collections/MembershipOverrideCollection.d.ts +55 -0
package/dist/collections/MembershipOverrideCollection.d.ts.map +1 -0
package/dist/collections/PermissionCollection.d.ts +34 -0
package/dist/collections/PermissionCollection.d.ts.map +1 -0
package/dist/collections/RoleCollection.d.ts +29 -0
package/dist/collections/RoleCollection.d.ts.map +1 -0
package/dist/collections/RolePermissionCollection.d.ts +33 -0
package/dist/collections/RolePermissionCollection.d.ts.map +1 -0
package/dist/collections/SessionCollection.d.ts +82 -0
package/dist/collections/SessionCollection.d.ts.map +1 -0
package/dist/collections/TenantCollection.d.ts +119 -0
package/dist/collections/TenantCollection.d.ts.map +1 -0
package/dist/collections/TenantPermissionOverrideCollection.d.ts +111 -0
package/dist/collections/TenantPermissionOverrideCollection.d.ts.map +1 -0
package/dist/collections/UserCollection.d.ts +116 -0
package/dist/collections/UserCollection.d.ts.map +1 -0
package/dist/collections/index.d.ts +19 -0
package/dist/collections/index.d.ts.map +1 -0
package/dist/index.d.ts +5 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +1482 -0
package/dist/index.js.map +1 -0
package/dist/manifest.json +5216 -0
package/dist/models/CliAuthRequest.d.ts +25 -0
package/dist/models/CliAuthRequest.d.ts.map +1 -0
package/dist/models/Group.d.ts +34 -0
package/dist/models/Group.d.ts.map +1 -0
package/dist/models/GroupMember.d.ts +29 -0
package/dist/models/GroupMember.d.ts.map +1 -0
package/dist/models/GroupRole.d.ts +29 -0
package/dist/models/GroupRole.d.ts.map +1 -0
package/dist/models/MagicLinkToken.d.ts +22 -0
package/dist/models/MagicLinkToken.d.ts.map +1 -0
package/dist/models/Membership.d.ts +48 -0
package/dist/models/Membership.d.ts.map +1 -0
package/dist/models/MembershipOverride.d.ts +50 -0
package/dist/models/MembershipOverride.d.ts.map +1 -0
package/dist/models/Permission.d.ts +79 -0
package/dist/models/Permission.d.ts.map +1 -0
package/dist/models/Role.d.ts +67 -0
package/dist/models/Role.d.ts.map +1 -0
package/dist/models/RolePermission.d.ts +29 -0
package/dist/models/RolePermission.d.ts.map +1 -0
package/dist/models/Session.d.ts +105 -0
package/dist/models/Session.d.ts.map +1 -0
package/dist/models/Tenant.d.ts +138 -0
package/dist/models/Tenant.d.ts.map +1 -0
package/dist/models/TenantPermissionOverride.d.ts +74 -0
package/dist/models/TenantPermissionOverride.d.ts.map +1 -0
package/dist/models/User.d.ts +72 -0
package/dist/models/User.d.ts.map +1 -0
package/dist/models/index.d.ts +19 -0
package/dist/models/index.d.ts.map +1 -0
package/dist/playground.d.ts +2 -0
package/dist/playground.d.ts.map +1 -0
package/dist/playground.js +139 -0
package/dist/playground.js.map +1 -0
package/dist/services/MagicLinkService.d.ts +84 -0
package/dist/services/MagicLinkService.d.ts.map +1 -0
package/dist/services/OidcLoginService.d.ts +134 -0
package/dist/services/OidcLoginService.d.ts.map +1 -0
package/dist/services/PermissionCatalogService.d.ts +62 -0
package/dist/services/PermissionCatalogService.d.ts.map +1 -0
package/dist/services/PermissionResolver.d.ts +150 -0
package/dist/services/PermissionResolver.d.ts.map +1 -0
package/dist/services/PostgresPermissionPolicies.d.ts +29 -0
package/dist/services/PostgresPermissionPolicies.d.ts.map +1 -0
package/dist/services/SessionPermissionContext.d.ts +43 -0
package/dist/services/SessionPermissionContext.d.ts.map +1 -0
package/dist/services/SessionService.d.ts +139 -0
package/dist/services/SessionService.d.ts.map +1 -0
package/dist/services/TenantService.d.ts +135 -0
package/dist/services/TenantService.d.ts.map +1 -0
package/dist/services/TerminalAuthService.d.ts +189 -0
package/dist/services/TerminalAuthService.d.ts.map +1 -0
package/dist/services/index.d.ts +14 -0
package/dist/services/index.d.ts.map +1 -0
package/dist/smrt-knowledge.json +2744 -0
package/dist/svelte/components/InviteUserModal.svelte +351 -0
package/dist/svelte/components/InviteUserModal.svelte.d.ts +17 -0
package/dist/svelte/components/InviteUserModal.svelte.d.ts.map +1 -0
package/dist/svelte/components/UserAvatar.svelte +105 -0
package/dist/svelte/components/UserAvatar.svelte.d.ts +10 -0
package/dist/svelte/components/UserAvatar.svelte.d.ts.map +1 -0
package/dist/svelte/components/UserCard.svelte +179 -0
package/dist/svelte/components/UserCard.svelte.d.ts +18 -0
package/dist/svelte/components/UserCard.svelte.d.ts.map +1 -0
package/dist/svelte/components/UserForm.svelte +194 -0
package/dist/svelte/components/UserForm.svelte.d.ts +18 -0
package/dist/svelte/components/UserForm.svelte.d.ts.map +1 -0
package/dist/svelte/components/UserList.svelte +107 -0
package/dist/svelte/components/UserList.svelte.d.ts +20 -0
package/dist/svelte/components/UserList.svelte.d.ts.map +1 -0
package/dist/svelte/components/UserMenu.svelte +326 -0
package/dist/svelte/components/UserMenu.svelte.d.ts +33 -0
package/dist/svelte/components/UserMenu.svelte.d.ts.map +1 -0
package/dist/svelte/components/__tests__/InviteUserModal.test.js +54 -0
package/dist/svelte/components/__tests__/UserAvatar.test.js +31 -0
package/dist/svelte/components/__tests__/UserCard.test.js +39 -0
package/dist/svelte/components/__tests__/UserForm.test.js +50 -0
package/dist/svelte/components/__tests__/UserList.test.js +48 -0
package/dist/svelte/components/__tests__/UserMenu.test.js +38 -0
package/dist/svelte/i18n.d.ts +15 -0
package/dist/svelte/i18n.d.ts.map +1 -0
package/dist/svelte/i18n.js +15 -0
package/dist/svelte/index.d.ts +23 -0
package/dist/svelte/index.d.ts.map +1 -0
package/dist/svelte/index.js +27 -0
package/dist/svelte/playground.d.ts +151 -0
package/dist/svelte/playground.d.ts.map +1 -0
package/dist/svelte/playground.js +134 -0
package/dist/sveltekit/index.d.ts +379 -0
package/dist/sveltekit/index.d.ts.map +1 -0
package/dist/sveltekit/resource-list-handler.d.ts +127 -0
package/dist/sveltekit/resource-list-handler.d.ts.map +1 -0
package/dist/sveltekit/types.d.ts +31 -0
package/dist/sveltekit/types.d.ts.map +1 -0
package/dist/sveltekit.d.ts +2 -0
package/dist/sveltekit.d.ts.map +1 -0
package/dist/sveltekit.js +978 -0
package/dist/sveltekit.js.map +1 -0
package/dist/types/index.d.ts +61 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/ui.d.ts +10 -0
package/dist/ui.d.ts.map +1 -0
package/dist/ui.js +75 -0
package/dist/ui.js.map +1 -0
package/package.json +97 -0

package/dist/collections/SessionCollection.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SessionCollection.d.ts","sourceRoot":"","sources":["../../src/collections/SessionCollection.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAGL,OAAO,EACR,MAAM,sBAAsB,CAAC;AAG9B;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,+CAA+C;IAC/C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wBAAwB;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wBAAwB;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0BAA0B;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,cAAc,CAAC,OAAO,CAAC;IAC5D,MAAM,CAAC,QAAQ,CAAC,UAAU,iBAAW;IAErC;;OAEG;IACG,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC;IAoBpE;;;OAGG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAiBlE;;OAEG;IACG,KAAK,CACT,SAAS,EAAE,MAAM,EACjB,SAAS,GAAE,OAAe,EAC1B,GAAG,GAAE,MAA4B,GAChC,OAAO,CAAC,OAAO,CAAC;IAYnB;;OAEG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;IAapD;;OAEG;IACG,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAczD;;OAEG;IACG,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAkBzD;;OAEG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IASxD;;;OAGG;IACG,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAiBtC;;OAEG;IACG,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAKxD;;;;;;;;OAQG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,GACtB,OAAO,CAAC,OAAO,CAAC;IASnB;;OAEG;IACG,cAAc,CAClB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,OAAO,CAAC;IASnB;;OAEG;IACG,cAAc,CAAC,CAAC,EACpB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;CAM1B"}

package/dist/collections/TenantCollection.d.ts ADDED Viewed

@@ -0,0 +1,119 @@
+import { SmrtCollection } from '@happyvertical/smrt-core';
+import { Tenant } from '../models/Tenant.js';
+import { TenantStatus } from '../types/index.js';
+/**
+ * Error thrown when tenant hierarchy operations fail
+ */
+export declare class TenantHierarchyError extends Error {
+    readonly code: 'CIRCULAR_REFERENCE' | 'MAX_DEPTH_EXCEEDED' | 'PARENT_NOT_FOUND' | 'INVALID_OPERATION';
+    constructor(message: string, code: 'CIRCULAR_REFERENCE' | 'MAX_DEPTH_EXCEEDED' | 'PARENT_NOT_FOUND' | 'INVALID_OPERATION');
+}
+/**
+ * Options for creating a child tenant
+ */
+export interface CreateChildTenantOptions {
+    name: string;
+    slug?: string;
+    description?: string;
+    status?: TenantStatus;
+    /** Override parent's cascade setting for this child. Default: true */
+    inheritPermissions?: boolean;
+    /** Whether this child cascades permissions to its children. Default: true */
+    cascadePermissions?: boolean;
+}
+/**
+ * Collection for managing Tenant objects with hierarchical support.
+ *
+ * Provides methods for:
+ * - Basic CRUD operations
+ * - Hierarchy management (parent/child relationships)
+ * - Tree traversal (ancestors, descendants, siblings)
+ * - Hierarchy path maintenance
+ */
+export declare class TenantCollection extends SmrtCollection<Tenant> {
+    static readonly _itemClass: typeof Tenant;
+    /**
+     * Find tenants by status
+     */
+    findByStatus(status: TenantStatus): Promise<Tenant[]>;
+    /**
+     * Find all active tenants
+     */
+    findActive(): Promise<Tenant[]>;
+    /**
+     * Find tenant by slug
+     */
+    findBySlug(slug: string): Promise<Tenant | null>;
+    /**
+     * Find all root tenants (tenants with no parent)
+     */
+    findRoots(): Promise<Tenant[]>;
+    /**
+     * Find direct children of a tenant
+     */
+    findChildren(parentTenantId: string): Promise<Tenant[]>;
+    /**
+     * Find the parent tenant of a given tenant
+     */
+    findParent(tenantId: string): Promise<Tenant | null>;
+    /**
+     * Get all ancestors of a tenant, from immediate parent to root.
+     * Uses the hierarchyPath for efficient lookup.
+     */
+    getAncestors(tenantId: string): Promise<Tenant[]>;
+    /**
+     * Get all ancestors in order from root to immediate parent.
+     * Reverse of getAncestors.
+     */
+    getAncestorsFromRoot(tenantId: string): Promise<Tenant[]>;
+    /**
+     * Get all descendants of a tenant (all children, grandchildren, etc.)
+     * Uses hierarchyPath prefix matching for efficient lookup.
+     */
+    getDescendants(tenantId: string): Promise<Tenant[]>;
+    /**
+     * Get siblings of a tenant (other tenants with the same parent)
+     */
+    getSiblings(tenantId: string): Promise<Tenant[]>;
+    /**
+     * Check if a tenant is an ancestor of another tenant
+     */
+    isAncestorOf(potentialAncestorId: string, tenantId: string): Promise<boolean>;
+    /**
+     * Check if a tenant is a descendant of another tenant
+     */
+    isDescendantOf(potentialDescendantId: string, tenantId: string): Promise<boolean>;
+    /**
+     * Create a child tenant under a parent.
+     * Automatically sets hierarchyLevel and hierarchyPath.
+     */
+    createChild(parentTenantId: string, options: CreateChildTenantOptions): Promise<Tenant>;
+    /**
+     * Move a tenant to a new parent.
+     * Updates hierarchyLevel and hierarchyPath for the tenant and all descendants.
+     */
+    moveToParent(tenantId: string, newParentId: string | null): Promise<Tenant>;
+    /**
+     * Make a tenant a root tenant (remove from hierarchy)
+     */
+    makeRoot(tenantId: string): Promise<Tenant>;
+    /**
+     * Validate that a tenant hierarchy is consistent.
+     * Returns validation errors if any.
+     */
+    validateHierarchy(tenantId: string): Promise<string[]>;
+    /**
+     * Get the full hierarchy tree starting from a tenant.
+     * Returns a nested structure useful for UI rendering.
+     */
+    getTree(rootTenantId?: string): Promise<Array<Tenant & {
+        children: Tenant[];
+    }>>;
+    /**
+     * Override create to automatically set hierarchy fields for new tenants.
+     * Only calculates hierarchy fields if not already provided (preserves
+     * database values during hydration via get()).
+     */
+    create(options: any): Promise<Tenant>;
+}
+//# sourceMappingURL=TenantCollection.d.ts.map

package/dist/collections/TenantCollection.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"TenantCollection.d.ts","sourceRoot":"","sources":["../../src/collections/TenantCollection.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAA8B,MAAM,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,KAAK;aAG3B,IAAI,EAChB,oBAAoB,GACpB,oBAAoB,GACpB,kBAAkB,GAClB,mBAAmB;gBALvB,OAAO,EAAE,MAAM,EACC,IAAI,EAChB,oBAAoB,GACpB,oBAAoB,GACpB,kBAAkB,GAClB,mBAAmB;CAK1B;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,sEAAsE;IACtE,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,6EAA6E;IAC7E,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED;;;;;;;;GAQG;AACH,qBAAa,gBAAiB,SAAQ,cAAc,CAAC,MAAM,CAAC;IAC1D,MAAM,CAAC,QAAQ,CAAC,UAAU,gBAAU;IAIpC;;OAEG;IACG,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAO3D;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAIrC;;OAEG;IACG,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAUtD;;OAEG;IACG,SAAS,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAOpC;;OAEG;IACG,YAAY,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAO7D;;OAEG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAQ1D;;;OAGG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA2BvD;;;OAGG;IACG,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAK/D;;;OAGG;IACG,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA4BzD;;OAEG;IACG,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAetD;;OAEG;IACG,YAAY,CAChB,mBAAmB,EAAE,MAAM,EAC3B,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,OAAO,CAAC;IAUnB;;OAEG;IACG,cAAc,CAClB,qBAAqB,EAAE,MAAM,EAC7B,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,OAAO,CAAC;IAMnB;;;OAGG;IACG,WAAW,CACf,cAAc,EAAE,MAAM,EACtB,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,MAAM,CAAC;IAuClB;;;OAGG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,GAAG,IAAI,GACzB,OAAO,CAAC,MAAM,CAAC;IAiHlB;;OAEG;IACG,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIjD;;;OAGG;IACG,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAwD5D;;;OAGG;IACG,OAAO,CACX,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG;QAAE,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IA4BlD;;;;OAIG;IACG,MAAM,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;CA2C5C"}

package/dist/collections/TenantPermissionOverrideCollection.d.ts ADDED Viewed

@@ -0,0 +1,111 @@
+import { SmrtCollection } from '@happyvertical/smrt-core';
+import { TenantPermissionOverride } from '../models/TenantPermissionOverride.js';
+import { TenantPermissionEffect } from '../types/index.js';
+/**
+ * Result of resolving tenant permission overrides
+ */
+export interface TenantPermissionOverrideResult {
+    /** Permission IDs explicitly granted at this tenant level */
+    grantedPermissionIds: string[];
+    /** Permission IDs explicitly denied at this tenant level */
+    deniedPermissionIds: string[];
+    /** Permission IDs set to inherit from parent */
+    inheritedPermissionIds: string[];
+}
+/**
+ * Collection for managing TenantPermissionOverride objects.
+ *
+ * Provides methods for setting and querying tenant-level permission overrides
+ * used in hierarchical tenant permission inheritance.
+ */
+export declare class TenantPermissionOverrideCollection extends SmrtCollection<TenantPermissionOverride> {
+    static readonly _itemClass: typeof TenantPermissionOverride;
+    /**
+     * Find all overrides for a tenant
+     */
+    findByTenant(tenantId: string): Promise<TenantPermissionOverride[]>;
+    /**
+     * Find grant overrides for a tenant.
+     *
+     * Filters in memory because the `effect` column is JSON-typed and
+     * Postgres rejects bare `json = text` comparisons.  A single
+     * `findByTenant` call is reused for grant, deny, and inherit lookups.
+     */
+    findGrants(tenantId: string): Promise<TenantPermissionOverride[]>;
+    /**
+     * Find deny overrides for a tenant.
+     *
+     * See `findGrants` for rationale on in-memory filtering.
+     */
+    findDenies(tenantId: string): Promise<TenantPermissionOverride[]>;
+    /**
+     * Find inherit overrides for a tenant.
+     *
+     * See `findGrants` for rationale on in-memory filtering.
+     */
+    findInherits(tenantId: string): Promise<TenantPermissionOverride[]>;
+    /**
+     * Get granted permission IDs for a tenant
+     */
+    getGrantedPermissionIds(tenantId: string): Promise<string[]>;
+    /**
+     * Get denied permission IDs for a tenant
+     */
+    getDeniedPermissionIds(tenantId: string): Promise<string[]>;
+    /**
+     * Get all overrides for a tenant, organized by effect
+     */
+    getOverridesByEffect(tenantId: string): Promise<TenantPermissionOverrideResult>;
+    /**
+     * Batch get all overrides for multiple tenants, organized by effect.
+     * Fetches all overrides in a single query to avoid N+1 query problem.
+     *
+     * @param tenantIds - Array of tenant IDs to fetch overrides for
+     * @returns Map of tenant ID to their permission override results
+     */
+    getOverridesByEffectBatch(tenantIds: string[]): Promise<Map<string, TenantPermissionOverrideResult>>;
+    /**
+     * Set an override for a tenant permission
+     */
+    setOverride(tenantId: string, permissionId: string, effect: TenantPermissionEffect): Promise<TenantPermissionOverride>;
+    /**
+     * Remove an override (permission will use default behavior)
+     */
+    removeOverride(tenantId: string, permissionId: string): Promise<boolean>;
+    /**
+     * Remove all overrides for a tenant
+     */
+    removeAllOverrides(tenantId: string): Promise<number>;
+    /**
+     * Grant a permission at the tenant level.
+     * Convenience method for setOverride with GRANT effect.
+     */
+    grantPermission(tenantId: string, permissionId: string): Promise<TenantPermissionOverride>;
+    /**
+     * Deny a permission at the tenant level.
+     * Convenience method for setOverride with DENY effect.
+     * This blocks inheritance from parent tenants.
+     */
+    denyPermission(tenantId: string, permissionId: string): Promise<TenantPermissionOverride>;
+    /**
+     * Set a permission to inherit from parent.
+     * Convenience method for setOverride with INHERIT effect.
+     * This is the default behavior, so mainly useful to document intent
+     * or to reset a previous grant/deny.
+     */
+    inheritPermission(tenantId: string, permissionId: string): Promise<TenantPermissionOverride>;
+    /**
+     * Bulk set overrides for a tenant.
+     * Useful for importing or copying permission configurations.
+     */
+    bulkSetOverrides(tenantId: string, overrides: Array<{
+        permissionId: string;
+        effect: TenantPermissionEffect;
+    }>): Promise<TenantPermissionOverride[]>;
+    /**
+     * Copy overrides from one tenant to another.
+     * Useful when creating child tenants or templates.
+     */
+    copyOverrides(fromTenantId: string, toTenantId: string): Promise<TenantPermissionOverride[]>;
+}
+//# sourceMappingURL=TenantPermissionOverrideCollection.d.ts.map

package/dist/collections/TenantPermissionOverrideCollection.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"TenantPermissionOverrideCollection.d.ts","sourceRoot":"","sources":["../../src/collections/TenantPermissionOverrideCollection.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,wBAAwB,EAAE,MAAM,uCAAuC,CAAC;AACjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC7C,6DAA6D;IAC7D,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,4DAA4D;IAC5D,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,gDAAgD;IAChD,sBAAsB,EAAE,MAAM,EAAE,CAAC;CAClC;AAED;;;;;GAKG;AACH,qBAAa,kCAAmC,SAAQ,cAAc,CAAC,wBAAwB,CAAC;IAC9F,MAAM,CAAC,QAAQ,CAAC,UAAU,kCAA4B;IAEtD;;OAEG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,EAAE,CAAC;IAMzE;;;;;;OAMG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,EAAE,CAAC;IAKvE;;;;OAIG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,EAAE,CAAC;IAKvE;;;;OAIG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,EAAE,CAAC;IAKzE;;OAEG;IACG,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAKlE;;OAEG;IACG,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAKjE;;OAEG;IACG,oBAAoB,CACxB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,8BAA8B,CAAC;IA2B1C;;;;;;OAMG;IACG,yBAAyB,CAC7B,SAAS,EAAE,MAAM,EAAE,GAClB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,8BAA8B,CAAC,CAAC;IA6CvD;;OAEG;IACG,WAAW,CACf,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,sBAAsB,GAC7B,OAAO,CAAC,wBAAwB,CAAC;IAoBpC;;OAEG;IACG,cAAc,CAClB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,OAAO,CAAC;IAcnB;;OAEG;IACG,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAM3D;;;OAGG;IACG,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,wBAAwB,CAAC;IAQpC;;;;OAIG;IACG,cAAc,CAClB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,wBAAwB,CAAC;IAQpC;;;;;OAKG;IACG,iBAAiB,CACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,wBAAwB,CAAC;IAQpC;;;OAGG;IACG,gBAAgB,CACpB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,KAAK,CAAC;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,sBAAsB,CAAA;KAAE,CAAC,GACzE,OAAO,CAAC,wBAAwB,EAAE,CAAC;IAStC;;;OAGG;IACG,aAAa,CACjB,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,wBAAwB,EAAE,CAAC;CAevC"}

package/dist/collections/UserCollection.d.ts ADDED Viewed

@@ -0,0 +1,116 @@
+import { SmrtCollection } from '@happyvertical/smrt-core';
+import { OidcIdentity, Profile } from '@happyvertical/smrt-profiles';
+import { User } from '../models/User.js';
+import { UserStatus } from '../types/index.js';
+/**
+ * OIDC claims used for identity resolution
+ */
+export interface OidcClaims {
+    /** Subject identifier from IdP */
+    sub: string;
+    /** Issuer URL */
+    iss: string;
+    /** User's email address */
+    email?: string;
+    /** Whether the IdP verified the email address */
+    email_verified?: boolean;
+    /** User's display name */
+    name?: string;
+    /** Preferred username */
+    preferred_username?: string;
+}
+/**
+ * Result of OIDC identity resolution
+ */
+export interface OidcIdentityResult {
+    /** The User record */
+    user: User;
+    /** The linked Profile */
+    profile: Profile;
+    /** The OidcIdentity linking profile to IdP */
+    oidcIdentity: OidcIdentity;
+    /** Whether the profile was newly created */
+    created: boolean;
+}
+/**
+ * Options for getOrCreateFromOidc
+ */
+export interface GetOrCreateFromOidcOptions {
+    /** If false, skip recording login timestamp (default: true) */
+    recordLogin?: boolean;
+    /**
+     * Provision a user even when the IdP explicitly reported the email as
+     * unverified (`email_verified: false`). Default false (#1400): refuse to
+     * create/resolve a user from a known-unverified address. Has no effect when
+     * the claim is absent — an IdP that omits `email_verified` makes no
+     * assertion, so it cannot be enforced.
+     */
+    allowUnverifiedEmail?: boolean;
+}
+/**
+ * Collection for managing User objects
+ */
+export declare class UserCollection extends SmrtCollection<User> {
+    static readonly _itemClass: typeof User;
+    /**
+     * Find user by email address
+     */
+    findByEmail(email: string): Promise<User | null>;
+    /**
+     * Find user by profile ID
+     */
+    findByProfile(profileId: string): Promise<User | null>;
+    /**
+     * Find users by status
+     */
+    findByStatus(status: UserStatus): Promise<User[]>;
+    /**
+     * Find all active users
+     */
+    findActive(): Promise<User[]>;
+    /**
+     * Find all pending users
+     */
+    findPending(): Promise<User[]>;
+    /**
+     * Get or create user for a profile
+     */
+    getOrCreateForProfile(profileId: string, email: string, defaults?: Partial<{
+        status: UserStatus;
+    }>): Promise<User>;
+    /**
+     * Get or create user from OIDC claims
+     *
+     * This is the primary method for resolving identity from an OIDC login.
+     * It handles the full flow:
+     * 1. Find or create Profile from OIDC claims (via smrt-profiles)
+     * 2. Link OidcIdentity to the Profile
+     * 3. Find or create User linked to the Profile
+     *
+     * @param claims - OIDC token claims (sub, iss, email, name)
+     * @param provider - Provider name (e.g., 'kanidm', 'keycloak', 'google')
+     * @param options - Optional settings (recordLogin)
+     * @returns User, Profile, OidcIdentity, and whether profile was created
+     *
+     * @example
+     * ```typescript
+     * const userCollection = await UserCollection.create({ db: dbConfig });
+     *
+     * // In your OIDC callback handler:
+     * const { user, profile } = await userCollection.getOrCreateFromOidc(
+     *   {
+     *     sub: tokenClaims.sub,
+     *     iss: tokenClaims.iss,
+     *     email: tokenClaims.email,
+     *     name: tokenClaims.name,
+     *   },
+     *   'kanidm'
+     * );
+     *
+     * // User and profile are now available
+     * // Login was auto-recorded; pass { recordLogin: false } to skip
+     * ```
+     */
+    getOrCreateFromOidc(claims: OidcClaims, provider: string, options?: GetOrCreateFromOidcOptions): Promise<OidcIdentityResult>;
+}
+//# sourceMappingURL=UserCollection.d.ts.map

package/dist/collections/UserCollection.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"UserCollection.d.ts","sourceRoot":"","sources":["../../src/collections/UserCollection.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,iBAAiB;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,2BAA2B;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iDAAiD;IACjD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,0BAA0B;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,yBAAyB;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,sBAAsB;IACtB,IAAI,EAAE,IAAI,CAAC;IACX,yBAAyB;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,8CAA8C;IAC9C,YAAY,EAAE,YAAY,CAAC;IAC3B,4CAA4C;IAC5C,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,+DAA+D;IAC/D,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;GAEG;AACH,qBAAa,cAAe,SAAQ,cAAc,CAAC,IAAI,CAAC;IACtD,MAAM,CAAC,QAAQ,CAAC,UAAU,cAAQ;IAElC;;OAEG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAQtD;;OAEG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAQ5D;;OAEG;IACG,YAAY,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAOvD;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;IAInC;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;IAIpC;;OAEG;IACG,qBAAqB,CACzB,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,QAAQ,GAAE,OAAO,CAAC;QAAE,MAAM,EAAE,UAAU,CAAA;KAAE,CAAM,GAC7C,OAAO,CAAC,IAAI,CAAC;IAehB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACG,mBAAmB,CACvB,MAAM,EAAE,UAAU,EAClB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,0BAA0B,GACnC,OAAO,CAAC,kBAAkB,CAAC;CAqE/B"}

package/dist/collections/index.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Collection exports for smrt-users
+ * @packageDocumentation
+ */
+export { CliAuthRequestCollection, UsersCliAuthRequestCollection, } from './CliAuthRequestCollection.js';
+export { GroupCollection } from './GroupCollection.js';
+export { GroupMemberCollection } from './GroupMemberCollection.js';
+export { GroupRoleCollection } from './GroupRoleCollection.js';
+export { MagicLinkTokenCollection, UsersMagicLinkTokenCollection, } from './MagicLinkTokenCollection.js';
+export { MembershipCollection } from './MembershipCollection.js';
+export { MembershipOverrideCollection } from './MembershipOverrideCollection.js';
+export { PermissionCollection } from './PermissionCollection.js';
+export { RoleCollection } from './RoleCollection.js';
+export { RolePermissionCollection } from './RolePermissionCollection.js';
+export { type CreateSessionOptions, SessionCollection, } from './SessionCollection.js';
+export { type CreateChildTenantOptions, TenantCollection, TenantHierarchyError, } from './TenantCollection.js';
+export { TenantPermissionOverrideCollection, type TenantPermissionOverrideResult, } from './TenantPermissionOverrideCollection.js';
+export { type GetOrCreateFromOidcOptions, type OidcClaims, type OidcIdentityResult, UserCollection, } from './UserCollection.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/collections/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/collections/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EACL,wBAAwB,EACxB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,OAAO,EACL,wBAAwB,EACxB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAErD,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAEzE,OAAO,EACL,KAAK,oBAAoB,EACzB,iBAAiB,GAClB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,KAAK,wBAAwB,EAC7B,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,kCAAkC,EAClC,KAAK,8BAA8B,GACpC,MAAM,yCAAyC,CAAC;AAEjD,OAAO,EACL,KAAK,0BAA0B,EAC/B,KAAK,UAAU,EACf,KAAK,kBAAkB,EACvB,cAAc,GACf,MAAM,qBAAqB,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { CliAuthRequestCollection, type CreateChildTenantOptions, type CreateSessionOptions, type GetOrCreateFromOidcOptions, GroupCollection, GroupMemberCollection, GroupRoleCollection, MagicLinkTokenCollection, MembershipCollection, MembershipOverrideCollection, type OidcClaims, type OidcIdentityResult, PermissionCollection, RoleCollection, RolePermissionCollection, SessionCollection, TenantCollection, TenantHierarchyError, TenantPermissionOverrideCollection, type TenantPermissionOverrideResult, UserCollection, UsersCliAuthRequestCollection, UsersMagicLinkTokenCollection, } from './collections/index.js';
+export { CliAuthRequest, type CliAuthRequestStatus, DEFAULT_SESSION_TTL, DEFAULT_TOKEN_EXPIRY_SECONDS, Group, GroupMember, GroupRole, generateSessionId, MAX_TENANT_HIERARCHY_DEPTH, MagicLinkToken, Membership, MembershipOverride, Permission, Role, RolePermission, Session, Tenant, TenantPermissionOverride, User, UsersCliAuthRequest, UsersMagicLinkToken, } from './models/index.js';
+export { type ApproveCliAuthRequestInput, applyPostgresPermissionPolicies, type CliAuthStartResult, type CliAuthTokenResult, type CreateAuthorizationUrlOptions, DEFAULT_CLI_AUTH_POLL_INTERVAL_SECONDS, DEFAULT_CLI_AUTH_REQUEST_TTL_SECONDS, DEFAULT_CLI_SESSION_TTL_SECONDS, decodeOidcTransaction, type EnsureTenantResult, encodeOidcTransaction, type GeneratePostgresPermissionSqlResult, generatePostgresPermissionSql, getCurrentSessionPermissionContext, getRequestScopedDatabase, getUsersOidcConfig, MagicLinkError, type MagicLinkResult, MagicLinkService, type MagicLinkServiceOptions, type MagicLinkVerifyResult, type OidcCallbackResult, OidcLoginError, type OidcLoginResult, OidcLoginService, type OidcLoginServiceOptions, type OidcProviderConfig, type OidcProviderKind, type OidcProviderMetadata, type OidcProviderResolution, type OidcProviderResolutionOptions, type OidcTokenEndpointAuthMethod, type OidcTokenSet, type OidcTransaction, type PermissionCatalog, PermissionCatalogService, type PermissionCatalogSource, type PermissionCatalogSyncResult, type PermissionDefinition, type PermissionResolutionOptions, type PermissionResolutionResult, PermissionResolver, type PostgresPermissionAction, type PostgresPermissionBinding, type PostgresPermissionPolicyReportItem, type PostgresPermissionPolicyTarget, type ResolvedOidcProviderConfig, registerPermissionDefinitions, resolveOidcProviderConfig, type SessionContext, type SessionPermissionRuntimeContext, type SessionPermissionRuntimeOptions, SessionService, type SessionServiceOptions, syncPermissionCatalog, type TenantPermissionInheritanceResult, TenantService, type TenantWithOwnershipResult, TerminalAuthError, TerminalAuthRateLimitError, TerminalAuthService, type TerminalAuthServiceOptions, type UsersConfig, type UsersOidcConfig, withSessionPermissionContext, } from './services/index.js';
+export { DEFAULT_ROLE_SLUGS, DEFAULT_ROLES, DEFAULT_TENANT_POLICY, type DefaultRoleSlug, MembershipStatus, OverrideEffect, SessionStatus, TenantPermissionEffect, type TenantPolicy, type TenantPolicyMode, TenantStatus, UserStatus, } from './types/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AAKH,OAAO,wBAAwB,CAAC;AAGhC,OAAO,EACL,wBAAwB,EACxB,KAAK,wBAAwB,EAC7B,KAAK,oBAAoB,EACzB,KAAK,0BAA0B,EAC/B,eAAe,EACf,qBAAqB,EACrB,mBAAmB,EACnB,wBAAwB,EACxB,oBAAoB,EACpB,4BAA4B,EAC5B,KAAK,UAAU,EACf,KAAK,kBAAkB,EACvB,oBAAoB,EACpB,cAAc,EACd,wBAAwB,EACxB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,kCAAkC,EAClC,KAAK,8BAA8B,EACnC,cAAc,EACd,6BAA6B,EAC7B,6BAA6B,GAC9B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,cAAc,EACd,KAAK,oBAAoB,EACzB,mBAAmB,EACnB,4BAA4B,EAC5B,KAAK,EACL,WAAW,EACX,SAAS,EACT,iBAAiB,EACjB,0BAA0B,EAC1B,cAAc,EACd,UAAU,EACV,kBAAkB,EAClB,UAAU,EACV,IAAI,EACJ,cAAc,EACd,OAAO,EACP,MAAM,EACN,wBAAwB,EACxB,IAAI,EACJ,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,KAAK,0BAA0B,EAC/B,+BAA+B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,6BAA6B,EAClC,sCAAsC,EACtC,oCAAoC,EACpC,+BAA+B,EAC/B,qBAAqB,EACrB,KAAK,kBAAkB,EACvB,qBAAqB,EACrB,KAAK,mCAAmC,EACxC,6BAA6B,EAC7B,kCAAkC,EAClC,wBAAwB,EACxB,kBAAkB,EAClB,cAAc,EACd,KAAK,eAAe,EACpB,gBAAgB,EAChB,KAAK,uBAAuB,EAC5B,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,cAAc,EACd,KAAK,eAAe,EACpB,gBAAgB,EAChB,KAAK,uBAAuB,EAC5B,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,sBAAsB,EAC3B,KAAK,6BAA6B,EAClC,KAAK,2BAA2B,EAChC,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,wBAAwB,EACxB,KAAK,uBAAuB,EAC5B,KAAK,2BAA2B,EAChC,KAAK,oBAAoB,EACzB,KAAK,2BAA2B,EAChC,KAAK,0BAA0B,EAC/B,kBAAkB,EAClB,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAC9B,KAAK,kCAAkC,EACvC,KAAK,8BAA8B,EACnC,KAAK,0BAA0B,EAC/B,6BAA6B,EAC7B,yBAAyB,EACzB,KAAK,cAAc,EACnB,KAAK,+BAA+B,EACpC,KAAK,+BAA+B,EACpC,cAAc,EACd,KAAK,qBAAqB,EAC1B,qBAAqB,EACrB,KAAK,iCAAiC,EACtC,aAAa,EACb,KAAK,yBAAyB,EAC9B,iBAAiB,EACjB,0BAA0B,EAC1B,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,4BAA4B,GAC7B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,qBAAqB,EACrB,KAAK,eAAe,EACpB,gBAAgB,EAChB,cAAc,EACd,aAAa,EACb,sBAAsB,EACtB,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACrB,YAAY,EACZ,UAAU,GACX,MAAM,kBAAkB,CAAC"}