@indigoai-us/hq-cloud 5.46.0 → 5.47.1

package/dist/object-io.js

@@ -0,0 +1,588 @@
+/**
+ * ObjectIO — transport seam for vault object byte/metadata movement.
+ *
+ * s3.ts holds the *semantics* of sync (symlink-record encoding, mode/mtime
+ * stamping, created-at preservation, directory-marker filtering). Those never
+ * change. What CAN change is the *wire transport* underneath them:
+ *
+ *   - `S3SdkObjectIO` — the historical path. STS-vended credentials + the AWS
+ *     S3 SDK talking directly to the per-company bucket. No policy-size
+ *     ceiling concern for the BYTES, but the STS session policy that grants
+ *     access has the 2048-char IAM limit that motivated the presigned model.
+ *
+ *   - `PresignObjectIO` — the presigned-URL path. The vault-service decides
+ *     access as a runtime DDB check (no IAM policy ceiling) and hands back
+ *     short-lived presigned GET/PUT/DELETE URLs + (for PUT) the exact headers
+ *     to replay. The client never holds AWS credentials — it just `fetch`es
+ *     the signed URLs.
+ *
+ * The seam is a per-EntityContext factory resolved INSIDE s3.ts, so every
+ * existing call site (`uploadFile(ctx, …)`, `downloadFile(ctx, …)`, …) keeps
+ * its signature. `runRunner` selects the transport once per session via
+ * {@link setObjectIOFactory}; absent any selection the default is the S3 SDK,
+ * preserving today's behavior for every non-gated caller.
+ */
+import { S3Client, PutObjectCommand, GetObjectCommand, ListObjectsV2Command, DeleteObjectCommand, HeadObjectCommand, } from "@aws-sdk/client-s3";
+import { VaultClientError } from "./vault-client.js";
+// ---------------------------------------------------------------------------
+// S3 SDK transport (default)
+// ---------------------------------------------------------------------------
+function stripQuotes(etag) {
+    return etag ? etag.replace(/^"|"$/g, "") : "";
+}
+async function drainToBuffer(body) {
+    if (!body)
+        return Buffer.alloc(0);
+    const chunks = [];
+    for await (const chunk of body) {
+        chunks.push(Buffer.from(chunk));
+    }
+    return Buffer.concat(chunks);
+}
+/**
+ * Direct-to-S3 transport over STS-vended credentials. A fresh client per
+ * instance so the latest credentials from the EntityContext are always used
+ * (caching/refresh is the caller's concern, at the EntityContext level — see
+ * the original buildClient note in s3.ts).
+ */
+export class S3SdkObjectIO {
+    client;
+    bucket;
+    constructor(ctx) {
+        this.bucket = ctx.bucketName;
+        this.client = new S3Client({
+            region: ctx.region,
+            credentials: {
+                accessKeyId: ctx.credentials.accessKeyId,
+                secretAccessKey: ctx.credentials.secretAccessKey,
+                sessionToken: ctx.credentials.sessionToken,
+            },
+        });
+    }
+    async putObject(input) {
+        const res = await this.client.send(new PutObjectCommand({
+            Bucket: this.bucket,
+            Key: input.key,
+            Body: input.body,
+            ContentType: input.contentType,
+            ...(input.metadata && Object.keys(input.metadata).length > 0
+                ? { Metadata: input.metadata }
+                : {}),
+        }));
+        return { etag: res.ETag || "" };
+    }
+    async getObject(key) {
+        const res = await this.client.send(new GetObjectCommand({ Bucket: this.bucket, Key: key }));
+        if (!res.Body) {
+            throw new Error(`Empty response for ${key}`);
+        }
+        const body = await drainToBuffer(res.Body);
+        return { body, metadata: res.Metadata };
+    }
+    async listObjects(input) {
+        const res = await this.client.send(new ListObjectsV2Command({
+            Bucket: this.bucket,
+            Prefix: input.prefix,
+            ContinuationToken: input.continuationToken,
+        }));
+        const objects = [];
+        for (const obj of res.Contents || []) {
+            if (!obj.Key)
+                continue;
+            objects.push({
+                key: obj.Key,
+                size: obj.Size ?? 0,
+                lastModified: obj.LastModified || new Date(),
+                etag: obj.ETag || "",
+            });
+        }
+        return {
+            objects,
+            nextContinuationToken: res.NextContinuationToken,
+        };
+    }
+    async deleteObject(key) {
+        await this.client.send(new DeleteObjectCommand({ Bucket: this.bucket, Key: key }));
+    }
+    async headObject(key) {
+        try {
+            const res = await this.client.send(new HeadObjectCommand({ Bucket: this.bucket, Key: key }));
+            return {
+                lastModified: res.LastModified || new Date(),
+                etag: res.ETag || "",
+                size: res.ContentLength || 0,
+                metadata: res.Metadata,
+            };
+        }
+        catch (err) {
+            if (err &&
+                typeof err === "object" &&
+                "name" in err &&
+                err.name === "NotFound") {
+                return null;
+            }
+            throw err;
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// Presigned-URL transport
+// ---------------------------------------------------------------------------
+/**
+ * Pull every `x-amz-meta-*` response header into a plain metadata record with
+ * the prefix stripped. S3 surfaces user metadata this way on GET/HEAD; fetch
+ * lowercases header names, matching how the SDK lowercases `Metadata` keys, so
+ * the read path in s3.ts is identical across both transports.
+ */
+function metaFromHeaders(headers) {
+    const meta = {};
+    headers.forEach((value, name) => {
+        if (name.startsWith("x-amz-meta-")) {
+            meta[name.slice("x-amz-meta-".length)] = value;
+        }
+    });
+    return meta;
+}
+function firstRowOrThrow(results, key, op) {
+    const row = results[0];
+    if (!row) {
+        throw new Error(`presign ${op} returned no row for ${key}`);
+    }
+    if (row.error || !row.url) {
+        throw new Error(`presign ${op} denied for ${key}: ${row.error ?? "no url"}${row.code ? ` (${row.code})` : ""}`);
+    }
+    return row;
+}
+/**
+ * An error shaped like the AWS SDK's NoSuchKey/NotFound so existing catch
+ * sites in s3.ts (which test `err.name === "NotFound"`) treat a presigned
+ * 404 the same as an SDK 404.
+ */
+function notFoundError(key) {
+    return Object.assign(new Error(`Not found: ${key}`), { name: "NotFound" });
+}
+/**
+ * Max keys per presign request when priming — the server's hard batch cap
+ * (hq-pro files-presign MAX_BATCH_KEYS = 1000). One presign call costs ONE
+ * audit row toward the 100/hr limit regardless of how many keys it carries, so
+ * filling the batch is strictly better: a 5.5k-file pull is 6 presign calls at
+ * 1000/chunk vs 55 at 100. (The sibling list page size is fixed at 1000 by
+ * AWS's ListObjectsV2 MaxKeys cap — that one we can't raise.)
+ */
+const PRIME_CHUNK = 1000;
+/**
+ * Lifetime requested for primed URLs. Generous (30 min) so a whole sync batch
+ * completes within one prime, but well inside the presign Lambda role's
+ * credential lifetime (a presigned URL cannot outlive the creds that signed
+ * it). A batch that somehow outruns this falls back to per-key single presign.
+ */
+const PRIME_EXPIRES_IN_SECONDS = 1800;
+/** Concurrent prime chunks in flight (each is one presign HTTP call). */
+const PRIME_CONCURRENCY = 4;
+/** Treat a cached URL within this window of expiry as a miss (re-presign). */
+const CACHE_SAFETY_MS = 60_000;
+/**
+ * Thrown when a presign mint is skipped because the per-user 100/hr vault rate
+ * budget is exhausted. Distinct name so callers can tell "deferred, retry next
+ * sync" apart from a real transfer failure. The key was NOT synced.
+ */
+export class RateLimitedError extends Error {
+    key;
+    op;
+    constructor(key, op, options) {
+        super(`rate limited (100/hr) — ${op} ${key} deferred to next sync`);
+        this.key = key;
+        this.op = op;
+        this.name = "RateLimited";
+        if (options?.cause !== undefined) {
+            this.cause = options.cause;
+        }
+    }
+}
+/**
+ * One-way circuit breaker shared across a run's per-company transports. The
+ * first 429 (vault rate budget exhausted) trips it; thereafter every UNCACHED
+ * presign fails fast with {@link RateLimitedError} instead of hitting the wire.
+ *
+ * Without this, an exhausted budget spirals: prime chunks 429 → keys uncached
+ * → per-file presign → each 429s (after VaultClient's own 3 retries +
+ * backoff) → an 86-minute storm of ~10k doomed calls (observed live). Tripping
+ * once and short-circuiting turns that into a clean fast finish: primed URLs
+ * still work, un-primed keys are deferred, and the run reports them so the next
+ * sync (after the rolling hour recovers) picks them up.
+ */
+export class RateLimitBreaker {
+    tripped = false;
+    isTripped() {
+        return this.tripped;
+    }
+    trip() {
+        this.tripped = true;
+    }
+}
+/** A VaultClient 429 (rate budget exhausted) after its own retries. */
+function isRateLimit(err) {
+    return err instanceof VaultClientError && err.statusCode === 429;
+}
+/**
+ * Transport that moves bytes over short-lived presigned URLs minted by the
+ * vault-service. Holds no AWS credentials. `companyUid` is the EntityContext's
+ * `uid` — the server resolves the per-company bucket from it, so cross-company
+ * reach is structurally impossible (same authority model as the list/presign
+ * handlers).
+ *
+ * URL cache: {@link prime} batch-mints URLs into `urlCache` (keyed by op+key)
+ * so the per-file get/head calls during a sync reuse them instead of issuing a
+ * presign request each. A single instance is shared across all s3.ts calls for
+ * one company within a run (see {@link presignObjectIOFactory} memoization), so
+ * a prime before the transfer loop warms the cache the loop then drains.
+ */
+export class PresignObjectIO {
+    vault;
+    companyUid;
+    breaker;
+    urlCache = new Map();
+    constructor(vault, companyUid, 
+    // Shared across a run's per-company instances by the factory; a directly
+    // constructed instance gets its own (fine for tests / one-offs).
+    breaker = new RateLimitBreaker()) {
+        this.vault = vault;
+        this.companyUid = companyUid;
+        this.breaker = breaker;
+    }
+    cacheKey(op, key) {
+        return `${op}${key}`;
+    }
+    hasPrimedPut(key) {
+        return this.cached("put", key) !== undefined;
+    }
+    /** A live (non-expiring) cached URL for op+key, or undefined. */
+    cached(op, key) {
+        const hit = this.urlCache.get(this.cacheKey(op, key));
+        if (!hit)
+            return undefined;
+        if (Date.now() >= hit.expiresAtMs - CACHE_SAFETY_MS) {
+            this.urlCache.delete(this.cacheKey(op, key));
+            return undefined;
+        }
+        return hit;
+    }
+    /**
+     * Resolve a presigned URL (+ replay headers) for op+key: cache hit if primed,
+     * else a single presign. Throws on per-key denial (matches the SDK path's
+     * access error). `extra` carries PUT contentType/metadata on the miss path.
+     */
+    async resolveUrl(op, key, extra) {
+        const hit = this.cached(op, key);
+        if (hit)
+            return { url: hit.url, headers: hit.headers };
+        // Primed URLs still serve once the breaker trips (no wire needed); only an
+        // uncached key on an exhausted budget fails fast.
+        if (this.breaker.isTripped())
+            throw new RateLimitedError(key, op);
+        let results;
+        try {
+            ({ results } = await this.vault.presign({
+                companyUid: this.companyUid,
+                op,
+                keys: [{ key, op, ...extra }],
+            }));
+        }
+        catch (err) {
+            if (isRateLimit(err)) {
+                this.breaker.trip();
+                throw new RateLimitedError(key, op, { cause: err });
+            }
+            throw err;
+        }
+        const row = firstRowOrThrow(results, key, op);
+        return { url: row.url, headers: row.headers };
+    }
+    async prime(op, keys) {
+        if (keys.length === 0)
+            return;
+        const chunks = [];
+        for (let i = 0; i < keys.length; i += PRIME_CHUNK) {
+            chunks.push(keys.slice(i, i + PRIME_CHUNK));
+        }
+        let next = 0;
+        const worker = async () => {
+            while (next < chunks.length) {
+                // Budget already exhausted — stop priming; remaining keys defer.
+                if (this.breaker.isTripped())
+                    return;
+                const chunk = chunks[next++];
+                let resp;
+                try {
+                    resp = await this.vault.presign({
+                        companyUid: this.companyUid,
+                        op,
+                        expiresIn: PRIME_EXPIRES_IN_SECONDS,
+                        keys: chunk.map((k) => ({ ...k, op })),
+                    });
+                }
+                catch (err) {
+                    if (isRateLimit(err)) {
+                        // Budget exhausted mid-prime: trip the breaker and stop. Priming
+                        // on means every remaining chunk + per-file fallback would 429 —
+                        // the spiral. Tripping makes the transfer loop fail fast instead.
+                        this.breaker.trip();
+                        return;
+                    }
+                    // A non-429 chunk failure just means those keys aren't cached — the
+                    // per-key call will single-presign. Never let priming fail the sync.
+                    continue;
+                }
+                const now = Date.now();
+                for (const row of resp.results) {
+                    if (row.error || !row.url)
+                        continue;
+                    this.urlCache.set(this.cacheKey(op, row.key), {
+                        url: row.url,
+                        headers: row.headers,
+                        expiresAtMs: now + (row.expiresIn ?? PRIME_EXPIRES_IN_SECONDS) * 1000,
+                    });
+                }
+            }
+        };
+        await Promise.all(Array.from({ length: Math.min(PRIME_CONCURRENCY, chunks.length) }, worker));
+    }
+    async putObject(input) {
+        const row = await this.resolveUrl("put", input.key, {
+            contentType: input.contentType,
+            ...(input.metadata && Object.keys(input.metadata).length > 0
+                ? { metadata: input.metadata }
+                : {}),
+        });
+        // The server signs Content-Type, SSE-KMS, and every x-amz-meta-* into the
+        // signature and returns them in `headers`; they MUST be replayed verbatim
+        // or SigV4 rejects the PUT.
+        const res = await fetchWithRetry(row.url, { method: "PUT", body: input.body, headers: row.headers ?? {} }, `presigned PUT ${input.key}`);
+        if (!res.ok) {
+            const detail = await safeText(res);
+            throw new Error(`presigned PUT failed for ${input.key}: ${res.status} ${detail}`);
+        }
+        return { etag: stripQuotes(res.headers.get("etag") ?? undefined) };
+    }
+    async getObject(key) {
+        const row = await this.resolveUrl("get", key);
+        const res = await fetchWithRetry(row.url, { method: "GET" }, `presigned GET ${key}`);
+        if (res.status === 404) {
+            await cancelBody(res);
+            throw notFoundError(key);
+        }
+        if (!res.ok) {
+            const detail = await safeText(res);
+            throw new Error(`presigned GET failed for ${key}: ${res.status} ${detail}`);
+        }
+        const body = Buffer.from(await res.arrayBuffer());
+        return { body, metadata: metaFromHeaders(res.headers) };
+    }
+    async listObjects(input) {
+        const { objects, cursor } = await this.vault.listFiles(this.companyUid, input.prefix, input.continuationToken);
+        return {
+            objects: objects.map((o) => ({
+                key: o.key,
+                size: o.size,
+                lastModified: o.lastModified ? new Date(o.lastModified) : new Date(),
+                etag: o.etag ?? "",
+            })),
+            nextContinuationToken: cursor ?? undefined,
+        };
+    }
+    async deleteObject(key) {
+        const row = await this.resolveUrl("delete", key);
+        const res = await fetchWithRetry(row.url, { method: "DELETE" }, `presigned DELETE ${key}`);
+        // S3 DELETE is idempotent — a 204 (deleted) and a 404 (already gone) are
+        // both success for the sync engine's purposes.
+        if (!res.ok && res.status !== 404) {
+            const detail = await safeText(res);
+            throw new Error(`presigned DELETE failed for ${key}: ${res.status} ${detail}`);
+        }
+    }
+    async headObject(key) {
+        // The presign endpoint has no HEAD op (get/put/delete only). A presigned
+        // GET signs the GET method, so we issue a real GET and read only the
+        // response headers, cancelling the body stream before it downloads — the
+        // headers (etag, content-length, last-modified, x-amz-meta-*) are all we
+        // need and arrive before the body. Cheap for the created-at-preservation
+        // and conflict-detection call sites that use headObject. Reuses the GET
+        // cache: a prime("get", …) before a pull warms these HEADs for free.
+        let url;
+        const hit = this.cached("get", key);
+        if (hit) {
+            url = hit.url;
+        }
+        else {
+            if (this.breaker.isTripped())
+                throw new RateLimitedError(key, "get");
+            let results;
+            try {
+                ({ results } = await this.vault.presign({
+                    companyUid: this.companyUid,
+                    op: "get",
+                    keys: [{ key, op: "get" }],
+                }));
+            }
+            catch (err) {
+                if (isRateLimit(err)) {
+                    this.breaker.trip();
+                    throw new RateLimitedError(key, "get", { cause: err });
+                }
+                throw err;
+            }
+            const row = results[0];
+            if (!row || row.error || !row.url) {
+                // A per-key denial here means the caller can't read the key — treat as
+                // absent for HEAD semantics (the SDK path would 403, which callers map
+                // to "no usable head"); they all tolerate null.
+                return null;
+            }
+            url = row.url;
+        }
+        const res = await fetchWithRetry(url, { method: "GET" }, `presigned HEAD ${key}`);
+        if (res.status === 404 || res.status === 403) {
+            await cancelBody(res);
+            return null;
+        }
+        if (!res.ok) {
+            await cancelBody(res);
+            const detail = await safeText(res);
+            throw new Error(`presigned HEAD failed for ${key}: ${res.status} ${detail}`);
+        }
+        const result = {
+            lastModified: parseLastModified(res.headers.get("last-modified")),
+            etag: stripQuotes(res.headers.get("etag") ?? undefined),
+            size: Number(res.headers.get("content-length") ?? "0"),
+            metadata: metaFromHeaders(res.headers),
+        };
+        await cancelBody(res);
+        return result;
+    }
+}
+async function safeText(res) {
+    try {
+        return (await res.text()).slice(0, 200);
+    }
+    catch {
+        return "";
+    }
+}
+async function cancelBody(res) {
+    try {
+        await res.body?.cancel();
+    }
+    catch {
+        // Best-effort — the socket is released either way once GC'd.
+    }
+}
+function parseLastModified(value) {
+    if (!value)
+        return new Date();
+    const d = new Date(value);
+    return Number.isNaN(d.getTime()) ? new Date() : d;
+}
+// ---------------------------------------------------------------------------
+// Transient-failure retry for the presigned-URL fetches
+// ---------------------------------------------------------------------------
+//
+// The AWS S3 SDK retries transient errors (5xx, throttling, dropped sockets)
+// automatically with backoff. Moving the byte transfer to `fetch` over a
+// presigned URL dropped that resilience — and at sync scale (thousands of
+// objects per pull) transient S3 5xx (notably 503 SlowDown) are routine, so
+// without retry a large sync sporadically loses files. This restores
+// SDK-parity: retry network errors and transient 5xx with exponential backoff
+// + jitter; 4xx (404/403) are definitive and pass straight through.
+const FETCH_MAX_RETRIES = 3;
+const FETCH_BASE_DELAY_MS = 400;
+function isTransientStatus(status) {
+    return status === 500 || status === 502 || status === 503 || status === 504;
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/**
+ * `fetch` with bounded retry on network errors + transient 5xx. The presigned
+ * URL is reusable until expiry and the bodies are in-memory Buffers, so a
+ * retry simply re-issues the same request. Jitter avoids a thundering-herd
+ * re-retry when the whole transfer pool hits a 503 SlowDown at once. After
+ * exhausting retries on a 5xx it returns the final (failing) Response so the
+ * caller's normal status handling reports it; network errors throw.
+ */
+async function fetchWithRetry(url, init, what) {
+    let lastError;
+    for (let attempt = 0; attempt <= FETCH_MAX_RETRIES; attempt++) {
+        if (attempt > 0) {
+            const backoff = FETCH_BASE_DELAY_MS * 2 ** (attempt - 1);
+            const jitter = Math.floor(Math.random() * FETCH_BASE_DELAY_MS);
+            await sleep(backoff + jitter);
+        }
+        let res;
+        try {
+            res = await fetch(url, init);
+        }
+        catch (err) {
+            lastError = err; // socket reset / DNS / TLS — retry
+            continue;
+        }
+        if (isTransientStatus(res.status) && attempt < FETCH_MAX_RETRIES) {
+            await cancelBody(res); // free the socket before backoff
+            lastError = new Error(`${what}: transient ${res.status}`);
+            continue;
+        }
+        return res; // success, a non-transient status, or the last 5xx attempt
+    }
+    throw lastError instanceof Error
+        ? lastError
+        : new Error(`${what}: failed after ${FETCH_MAX_RETRIES} retries`);
+}
+const DEFAULT_FACTORY = (ctx) => new S3SdkObjectIO(ctx);
+let activeFactory = DEFAULT_FACTORY;
+/**
+ * Install the transport factory for the current process. Passing `null`
+ * resets to the default S3 SDK transport. Called once by `runRunner` after it
+ * resolves the caller's identity + feature-flag gate; every subsequent s3.ts
+ * call resolves its transport through this.
+ */
+export function setObjectIOFactory(factory) {
+    activeFactory = factory ?? DEFAULT_FACTORY;
+}
+/** Resolve the transport for an EntityContext using the active factory. */
+export function resolveObjectIO(ctx) {
+    return activeFactory(ctx);
+}
+/**
+ * Build a factory that routes every EntityContext through the presigned-URL
+ * transport, reusing the one already-authenticated VaultClient and deriving
+ * the per-company authority from `ctx.uid`.
+ */
+export function presignObjectIOFactory(vault) {
+    // Memoize one PresignObjectIO per company for the run, so a prime() and the
+    // transfer loop that drains its URL cache share the SAME instance. (Safe to
+    // memoize: PresignObjectIO holds only the vault client — whose token is a
+    // live getter — and the stable companyUid; it captures no rotating
+    // credentials, unlike S3SdkObjectIO, which is why the default factory is
+    // intentionally NOT memoized.)
+    // One breaker per run, shared across companies: the 100/hr budget is
+    // per-user, so a 429 in one company means the whole run should stop minting.
+    const breaker = new RateLimitBreaker();
+    const byCompany = new Map();
+    return (ctx) => {
+        // Personal vaults are a PERSON entity (prs_*) accessed via the membership-
+        // less vend-self model; the list/presign endpoints are membership-gated and
+        // 403 ("no active membership in company prs_…") for them. Personal vaults
+        // also have no ACL-scale problem (single owner), so they don't need
+        // presign — keep them on the S3 SDK (STS) transport. Presign is for company
+        // vaults (cmp_*), which is where the unbounded-grants problem lives.
+        if (!ctx.uid.startsWith("cmp_")) {
+            return new S3SdkObjectIO(ctx);
+        }
+        let io = byCompany.get(ctx.uid);
+        if (!io) {
+            io = new PresignObjectIO(vault, ctx.uid, breaker);
+            byCompany.set(ctx.uid, io);
+        }
+        return io;
+    };
+}
+//# sourceMappingURL=object-io.js.map

package/dist/object-io.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"object-io.js","sourceRoot":"","sources":["../src/object-io.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,gBAAgB,EAChB,oBAAoB,EACpB,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAQ5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAuGrD,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E,SAAS,WAAW,CAAC,IAAwB;IAC3C,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAChD,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,IAA2C;IAE3C,IAAI,CAAC,IAAI;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,aAAa;IACP,MAAM,CAAW;IACjB,MAAM,CAAS;IAEhC,YAAY,GAAkB;QAC5B,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,IAAI,QAAQ,CAAC;YACzB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,WAAW,EAAE;gBACX,WAAW,EAAE,GAAG,CAAC,WAAW,CAAC,WAAW;gBACxC,eAAe,EAAE,GAAG,CAAC,WAAW,CAAC,eAAe;gBAChD,YAAY,EAAE,GAAG,CAAC,WAAW,CAAC,YAAY;aAC3C;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAqB;QACnC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAChC,IAAI,gBAAgB,CAAC;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC;gBAC1D,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE;gBAC9B,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAC;QACF,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAW;QACzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAChC,IAAI,gBAAgB,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CACxD,CAAC;QACF,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,sBAAsB,GAAG,EAAE,CAAC,CAAC;QAC/C,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,IAAiC,CAAC,CAAC;QACxE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAuB;QACvC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAChC,IAAI,oBAAoB,CAAC;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;SAC3C,CAAC,CACH,CAAC;QACF,MAAM,OAAO,GAAyB,EAAE,CAAC;QACzC,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;YACrC,IAAI,CAAC,GAAG,CAAC,GAAG;gBAAE,SAAS;YACvB,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC;gBACnB,YAAY,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,IAAI,EAAE;gBAC5C,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;QACD,OAAO;YACL,OAAO;YACP,qBAAqB,EAAE,GAAG,CAAC,qBAAqB;SACjD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,GAAW;QAC5B,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CACpB,IAAI,mBAAmB,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAC3D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAW;QAC1B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAChC,IAAI,iBAAiB,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CACzD,CAAC;YACF,OAAO;gBACL,YAAY,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI,IAAI,EAAE;gBAC5C,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE;gBACpB,IAAI,EAAE,GAAG,CAAC,aAAa,IAAI,CAAC;gBAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;aACvB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IACE,GAAG;gBACH,OAAO,GAAG,KAAK,QAAQ;gBACvB,MAAM,IAAI,GAAG;gBACZ,GAAyB,CAAC,IAAI,KAAK,UAAU,EAC9C,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAED,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E;;;;;GAKG;AACH,SAAS,eAAe,CAAC,OAAgB;IACvC,MAAM,IAAI,GAA2B,EAAE,CAAC;IACxC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC9B,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,KAAK,CAAC;QACjD,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,OAA2B,EAC3B,GAAW,EACX,EAAU;IAEV,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACvB,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,WAAW,EAAE,wBAAwB,GAAG,EAAE,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,WAAW,EAAE,eAAe,GAAG,KAAK,GAAG,CAAC,KAAK,IAAI,QAAQ,GACvD,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAChC,EAAE,CACH,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,SAAS,aAAa,CAAC,GAAW;IAChC,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,cAAc,GAAG,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,GAAG,IAAI,CAAC;AACzB;;;;;GAKG;AACH,MAAM,wBAAwB,GAAG,IAAI,CAAC;AACtC,yEAAyE;AACzE,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,8EAA8E;AAC9E,MAAM,eAAe,GAAG,MAAM,CAAC;AAQ/B;;;;GAIG;AACH,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IAE9B;IACA;IAFX,YACW,GAAW,EACX,EAAa,EACtB,OAA6B;QAE7B,KAAK,CAAC,2BAA2B,EAAE,IAAI,GAAG,wBAAwB,CAAC,CAAC;QAJ3D,QAAG,GAAH,GAAG,CAAQ;QACX,OAAE,GAAF,EAAE,CAAW;QAItB,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAC1B,IAAI,OAAO,EAAE,KAAK,KAAK,SAAS,EAAE,CAAC;YAChC,IAA4B,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QACtD,CAAC;IACH,CAAC;CACF;AAED;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,gBAAgB;IACnB,OAAO,GAAG,KAAK,CAAC;IACxB,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IACD,IAAI;QACF,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;IACtB,CAAC;CACF;AAED,uEAAuE;AACvE,SAAS,WAAW,CAAC,GAAY;IAC/B,OAAO,GAAG,YAAY,gBAAgB,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC;AACnE,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,eAAe;IAIP;IACA;IAGA;IAPF,QAAQ,GAAG,IAAI,GAAG,EAAsB,CAAC;IAE1D,YACmB,KAA6B,EAC7B,UAAkB;IACnC,yEAAyE;IACzE,iEAAiE;IAChD,UAA4B,IAAI,gBAAgB,EAAE;QAJlD,UAAK,GAAL,KAAK,CAAwB;QAC7B,eAAU,GAAV,UAAU,CAAQ;QAGlB,YAAO,GAAP,OAAO,CAA2C;IAClE,CAAC;IAEI,QAAQ,CAAC,EAAa,EAAE,GAAW;QACzC,OAAO,GAAG,EAAE,IAAI,GAAG,EAAE,CAAC;IACxB,CAAC;IAED,YAAY,CAAC,GAAW;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,KAAK,SAAS,CAAC;IAC/C,CAAC;IAED,iEAAiE;IACzD,MAAM,CAAC,EAAa,EAAE,GAAW;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;QACtD,IAAI,CAAC,GAAG;YAAE,OAAO,SAAS,CAAC;QAC3B,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,WAAW,GAAG,eAAe,EAAE,CAAC;YACpD,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,UAAU,CACtB,EAAa,EACb,GAAW,EACX,KAAmE;QAEnE,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACjC,IAAI,GAAG;YAAE,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;QACvD,2EAA2E;QAC3E,kDAAkD;QAClD,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;YAAE,MAAM,IAAI,gBAAgB,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAClE,IAAI,OAAO,CAAC;QACZ,IAAI,CAAC;YACH,CAAC,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;gBACtC,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,EAAE;gBACF,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,KAAK,EAAE,CAAC;aAC9B,CAAC,CAAC,CAAC;QACN,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBACpB,MAAM,IAAI,gBAAgB,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACtD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QACD,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC9C,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,GAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,EAAa,EAAE,IAAuB;QAChD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAC9B,MAAM,MAAM,GAAwB,EAAE,CAAC;QACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;YAClD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,MAAM,MAAM,GAAG,KAAK,IAAmB,EAAE;YACvC,OAAO,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;gBAC5B,iEAAiE;gBACjE,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;oBAAE,OAAO;gBACrC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC7B,IAAI,IAAI,CAAC;gBACT,IAAI,CAAC;oBACH,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;wBAC9B,UAAU,EAAE,IAAI,CAAC,UAAU;wBAC3B,EAAE;wBACF,SAAS,EAAE,wBAAwB;wBACnC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;qBACvC,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;wBACrB,iEAAiE;wBACjE,iEAAiE;wBACjE,kEAAkE;wBAClE,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;wBACpB,OAAO;oBACT,CAAC;oBACD,oEAAoE;oBACpE,qEAAqE;oBACrE,SAAS;gBACX,CAAC;gBACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACvB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBAC/B,IAAI,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG;wBAAE,SAAS;oBACpC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE;wBAC5C,GAAG,EAAE,GAAG,CAAC,GAAG;wBACZ,OAAO,EAAE,GAAG,CAAC,OAAO;wBACpB,WAAW,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,SAAS,IAAI,wBAAwB,CAAC,GAAG,IAAI;qBACtE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QACF,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAC3E,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAqB;QACnC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,EAAE;YAClD,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC;gBAC1D,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE;gBAC9B,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CAAC;QACH,0EAA0E;QAC1E,0EAA0E;QAC1E,4BAA4B;QAC5B,MAAM,GAAG,GAAG,MAAM,cAAc,CAC9B,GAAG,CAAC,GAAG,EACP,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE,EAAE,EAC/D,iBAAiB,KAAK,CAAC,GAAG,EAAE,CAC7B,CAAC;QACF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,4BAA4B,KAAK,CAAC,GAAG,KAAK,GAAG,CAAC,MAAM,IAAI,MAAM,EAAE,CACjE,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,EAAE,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAW;QACzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,iBAAiB,GAAG,EAAE,CAAC,CAAC;QACrF,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,MAAM,UAAU,CAAC,GAAG,CAAC,CAAC;YACtB,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,KAAK,GAAG,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC,CAAC;QAC9E,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QAClD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAuB;QACvC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CACpD,IAAI,CAAC,UAAU,EACf,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,iBAAiB,CACxB,CAAC;QACF,OAAO;YACL,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3B,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,YAAY,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE;gBACpE,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE;aACnB,CAAC,CAAC;YACH,qBAAqB,EAAE,MAAM,IAAI,SAAS;SAC3C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,GAAW;QAC5B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACjD,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,oBAAoB,GAAG,EAAE,CAAC,CAAC;QAC3F,yEAAyE;QACzE,+CAA+C;QAC/C,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,+BAA+B,GAAG,KAAK,GAAG,CAAC,MAAM,IAAI,MAAM,EAAE,CAC9D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAW;QAC1B,yEAAyE;QACzE,qEAAqE;QACrE,yEAAyE;QACzE,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,qEAAqE;QACrE,IAAI,GAAW,CAAC;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACpC,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC;QAChB,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;gBAAE,MAAM,IAAI,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACrE,IAAI,OAAO,CAAC;YACZ,IAAI,CAAC;gBACH,CAAC,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;oBACtC,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,EAAE,EAAE,KAAK;oBACT,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;iBAC3B,CAAC,CAAC,CAAC;YACN,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;oBACpB,MAAM,IAAI,gBAAgB,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;gBACzD,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACvB,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;gBAClC,uEAAuE;gBACvE,uEAAuE;gBACvE,gDAAgD;gBAChD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC;QAChB,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,kBAAkB,GAAG,EAAE,CAAC,CAAC;QAClF,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC7C,MAAM,UAAU,CAAC,GAAG,CAAC,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,UAAU,CAAC,GAAG,CAAC,CAAC;YACtB,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,KAAK,GAAG,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,MAAM,GAAqB;YAC/B,YAAY,EAAE,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YACjE,IAAI,EAAE,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC;YACvD,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,GAAG,CAAC;YACtD,QAAQ,EAAE,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC;SACvC,CAAC;QACF,MAAM,UAAU,CAAC,GAAG,CAAC,CAAC;QACtB,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,KAAK,UAAU,QAAQ,CAAC,GAAa;IACnC,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,GAAa;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,6DAA6D;IAC/D,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAoB;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,IAAI,EAAE,CAAC;IAC9B,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,8EAA8E;AAC9E,wDAAwD;AACxD,8EAA8E;AAC9E,EAAE;AACF,6EAA6E;AAC7E,yEAAyE;AACzE,0EAA0E;AAC1E,4EAA4E;AAC5E,qEAAqE;AACrE,8EAA8E;AAC9E,oEAAoE;AAEpE,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEhC,SAAS,iBAAiB,CAAC,MAAc;IACvC,OAAO,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,CAAC;AAC9E,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,cAAc,CAC3B,GAAW,EACX,IAAiB,EACjB,IAAY;IAEZ,IAAI,SAAkB,CAAC;IACvB,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,iBAAiB,EAAE,OAAO,EAAE,EAAE,CAAC;QAC9D,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,mBAAmB,GAAG,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;YACzD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,mBAAmB,CAAC,CAAC;YAC/D,MAAM,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,CAAC;QAChC,CAAC;QACD,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,SAAS,GAAG,GAAG,CAAC,CAAC,mCAAmC;YACpD,SAAS;QACX,CAAC;QACD,IAAI,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,OAAO,GAAG,iBAAiB,EAAE,CAAC;YACjE,MAAM,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,iCAAiC;YACxD,SAAS,GAAG,IAAI,KAAK,CAAC,GAAG,IAAI,eAAe,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YAC1D,SAAS;QACX,CAAC;QACD,OAAO,GAAG,CAAC,CAAC,2DAA2D;IACzE,CAAC;IACD,MAAM,SAAS,YAAY,KAAK;QAC9B,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,IAAI,KAAK,CAAC,GAAG,IAAI,kBAAkB,iBAAiB,UAAU,CAAC,CAAC;AACtE,CAAC;AAQD,MAAM,eAAe,GAAoB,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,aAAa,CAAC,GAAG,CAAC,CAAC;AAEzE,IAAI,aAAa,GAAoB,eAAe,CAAC;AAErD;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAA+B;IAChE,aAAa,GAAG,OAAO,IAAI,eAAe,CAAC;AAC7C,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,eAAe,CAAC,GAAkB;IAChD,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;AAC5B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAA6B;IAE7B,4EAA4E;IAC5E,4EAA4E;IAC5E,0EAA0E;IAC1E,mEAAmE;IACnE,yEAAyE;IACzE,+BAA+B;IAC/B,qEAAqE;IACrE,6EAA6E;IAC7E,MAAM,OAAO,GAAG,IAAI,gBAAgB,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,GAAG,EAA2B,CAAC;IACrD,OAAO,CAAC,GAAG,EAAE,EAAE;QACb,2EAA2E;QAC3E,4EAA4E;QAC5E,0EAA0E;QAC1E,oEAAoE;QACpE,4EAA4E;QAC5E,qEAAqE;QACrE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QACD,IAAI,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,EAAE,GAAG,IAAI,eAAe,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAClD,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC;AACJ,CAAC"}

package/dist/object-io.test.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Unit tests for the ObjectIO transport seam.
+ *
+ * Focus is the PresignObjectIO path (the new transport): it talks to a
+ * VaultClient-shaped stub for URL minting and a mocked global `fetch` for the
+ * byte movement. The S3SdkObjectIO path is already covered transitively by
+ * s3.test.ts (which exercises s3.ts through the default factory), plus a couple
+ * of factory-selection tests here.
+ */
+export {};
+//# sourceMappingURL=object-io.test.d.ts.map

package/dist/object-io.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"object-io.test.d.ts","sourceRoot":"","sources":["../src/object-io.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG"}