npm - @jmruthers/pace-core - Versions diffs - 0.2.5 → 0.2.6 - Mend

@jmruthers/pace-core 0.2.5 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (165) hide show

package/dist/chunk-ANE4PDC2.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/rbac/types.ts","../src/rbac/security.ts","../src/rbac/engine.ts","../src/rbac/config.ts","../src/rbac/api.ts"],"sourcesContent":["/**\n * RBAC (Role-Based Access Control) Types - Build Contract Compliant\n * @package @jmruthers/pace-core\n * @module RBAC/Types\n * @since 1.0.0\n * \n * This module defines the core types for the RBAC system that match the build contract exactly.\n * All types are designed to be framework-agnostic and provide strong typing for permission operations.\n */\n\nimport type React from 'react';\n\n// ============================================================================\n// CORE TYPES\n// ============================================================================\n\nexport type UUID = string;\n\nexport type Operation = 'read' | 'create' | 'update' | 'delete' | 'manage';\n\nexport type Permission = `${Operation}:${string}`; // e.g. \"manage:base.events\"\n\nexport type AccessLevel =\n | 'viewer'\n | 'participant'\n | 'planner'\n | 'admin'\n | 'super';\n\nexport type Scope = {\n organisationId?: UUID;\n eventId?: string; // event_id is text/varchar\n appId?: UUID;\n};\n\nexport type PermissionCheck = {\n userId: UUID;\n scope: Scope;\n permission: Permission;\n pageId?: UUID | string;\n};\n\nexport type PermissionMap = Record<string /* pageId */, Operation[]>;\n\n// ============================================================================\n// ROLE TYPES\n// ============================================================================\n\nexport type GlobalRole = 'super_admin';\n\nexport type OrganisationRole = 'supporter' | 'member' | 'leader' | 'org_admin';\n\nexport type EventAppRole = 'viewer' | 'participant' | 'planner' | 'event_admin';\n\n// ============================================================================\n// DATABASE TYPES\n// ============================================================================\n\nexport interface RBACGlobalRole {\n id: UUID;\n user_id: UUID;\n role: GlobalRole;\n granted_at: string;\n granted_by: UUID | null;\n valid_from: string;\n valid_to: string | null;\n}\n\nexport interface RBACOrganisationRole {\n id: UUID;\n user_id: UUID;\n organisation_id: UUID;\n role: OrganisationRole;\n status: 'active' | 'inactive' | 'suspended';\n granted_at: string;\n granted_by: UUID | null;\n revoked_at: string | null;\n revoked_by: UUID | null;\n notes: string | null;\n created_at: string;\n updated_at: string;\n valid_from: string;\n valid_to: string | null;\n}\n\nexport interface RBACEventAppRole {\n id: UUID;\n user_id: UUID;\n event_id: string;\n role: EventAppRole;\n status: 'active' | 'inactive' | 'suspended';\n granted_at: string;\n granted_by: UUID | null;\n organisation_id: UUID;\n app_id: UUID;\n valid_from: string;\n valid_to: string | null;\n}\n\nexport interface RBACPagePermission {\n id: UUID;\n app_page_id: UUID;\n operation: Operation;\n role_name: string;\n allowed: boolean;\n created_at: string;\n updated_at: string;\n organisation_id: UUID;\n}\n\nexport interface RBACAppPage {\n id: UUID;\n page_name: string;\n page_description: string | null;\n created_at: string;\n updated_at: string;\n created_by: UUID | null;\n updated_by: UUID | null;\n app_id: UUID;\n}\n\nexport interface RBACApp {\n id: UUID;\n name: string;\n display_name: string;\n description: string | null;\n requires_event: boolean;\n is_active: boolean;\n created_at: string;\n updated_at: string;\n created_by: UUID | null;\n updated_by: UUID | null;\n}\n\n// ============================================================================\n// AUDIT EVENT TYPES\n// ============================================================================\n\nexport type AuditEventType = \n | 'permission_check'\n | 'permission_denied'\n | 'role_granted'\n | 'role_denied'\n | 'rls_denied';\n\nexport type AuditEventSource = 'api' | 'ui' | 'middleware' | 'rls';\n\nexport interface RBACAuditEvent {\n id: UUID;\n event_type: AuditEventType;\n user_id: UUID;\n organisation_id: UUID;\n event_id?: string;\n app_id?: UUID;\n page_id?: UUID;\n permission?: string;\n decision?: boolean;\n source?: AuditEventSource;\n bypass?: boolean;\n duration_ms?: number;\n metadata: Record<string, any>;\n created_at: string;\n}\n\n// ============================================================================\n// CACHE TYPES\n// ============================================================================\n\nexport interface CacheEntry<T> {\n data: T;\n expires: number;\n}\n\nexport interface PermissionCacheKey {\n userId: UUID;\n organisationId?: UUID;\n eventId?: string;\n appId?: UUID;\n permission?: Permission;\n pageId?: UUID | string;\n}\n\n// ============================================================================\n// API TYPES\n// ============================================================================\n\nexport interface GetAccessLevelInput {\n userId: UUID;\n scope: Scope;\n}\n\nexport interface GetPermissionMapInput {\n userId: UUID;\n scope: Scope;\n}\n\nexport interface IsPermittedInput extends PermissionCheck {}\n\n// ============================================================================\n// HOOK TYPES\n// ============================================================================\n\nexport interface UsePermissionsReturn {\n permissions: PermissionMap;\n isLoading: boolean;\n error: Error | null;\n refetch: () => Promise<void>;\n}\n\nexport interface UseCanReturn {\n can: boolean;\n isLoading: boolean;\n error: Error | null;\n check: () => Promise<void>;\n}\n\n// ============================================================================\n// ADAPTER TYPES\n// ============================================================================\n\nexport interface PermissionGuardConfig {\n permission: Permission;\n pageId?: UUID;\n}\n\nexport interface WithPermissionGuardOptions {\n permission: Permission;\n pageId?: UUID;\n fallback?: React.ReactNode;\n onDenied?: () => void;\n}\n\n// ============================================================================\n// HOOK RETURN TYPES\n// ============================================================================\n\nexport interface UserRBACContext {\n user: any; // User from auth context\n globalRole: GlobalRole | null;\n organisationRole: OrganisationRole | null;\n eventAppRole: EventAppRole | null;\n hasPermission: (operation: Operation, targetPageId?: string) => Promise<boolean>;\n hasGlobalPermission: (permission: Permission) => boolean;\n isSuperAdmin: boolean;\n isOrgAdmin: boolean;\n isEventAdmin: boolean;\n canManageOrganisation: boolean;\n canManageEvent: boolean;\n isLoading: boolean;\n error: Error | null;\n}\n\nexport interface RBACPermission {\n permission_type: string;\n role_name: string;\n [key: string]: any;\n}\n\n// ============================================================================\n// COMPONENT TYPES\n// ============================================================================\n\nexport interface RBACGuardProps {\n children: React.ReactNode;\n operation: Operation;\n pageId?: UUID;\n fallback?: React.ReactNode;\n}\n\nexport interface RoleBasedContentProps {\n children: React.ReactNode;\n globalRoles?: GlobalRole[];\n organisationRoles?: OrganisationRole[];\n eventAppRoles?: EventAppRole[];\n fallback?: React.ReactNode;\n}\n\n// ============================================================================\n// ERROR TYPES\n// ============================================================================\n\nexport class RBACError extends Error {\n constructor(\n message: string,\n public code: string,\n public context?: Record<string, any>\n ) {\n super(message);\n this.name = 'RBACError';\n }\n}\n\nexport class PermissionDeniedError extends RBACError {\n constructor(permission: Permission, context?: Record<string, any>) {\n super(\n `Permission denied: ${permission}`,\n 'PERMISSION_DENIED',\n { permission, ...context }\n );\n this.name = 'PermissionDeniedError';\n }\n}\n\nexport class OrganisationContextRequiredError extends RBACError {\n constructor() {\n super(\n 'Organisation context is required for this operation',\n 'ORGANISATION_CONTEXT_REQUIRED'\n );\n this.name = 'OrganisationContextRequiredError';\n }\n}\n\nexport class RBACNotInitializedError extends RBACError {\n constructor() {\n super(\n 'RBAC system not initialized. Please call setupRBAC(supabase) before using any RBAC components or hooks. See: https://docs.pace-core.dev/rbac/setup',\n 'RBAC_NOT_INITIALIZED'\n );\n this.name = 'RBACNotInitializedError';\n }\n}\n\nexport class InvalidScopeError extends RBACError {\n constructor(scope: Scope, reason: string) {\n super(\n `Invalid scope provided: ${JSON.stringify(scope)}. ${reason}`,\n 'INVALID_SCOPE',\n { scope, reason }\n );\n this.name = 'InvalidScopeError';\n }\n}\n\nexport class MissingUserContextError extends RBACError {\n constructor() {\n super(\n 'User context is required but not available. Make sure to wrap your app with an auth provider.',\n 'MISSING_USER_CONTEXT'\n );\n this.name = 'MissingUserContextError';\n }\n}\n","/**\n * RBAC Security Enhancements\n * @package @jmruthers/pace-core\n * @module RBAC/Security\n * @since 1.0.0\n * \n * Additional security measures for the RBAC system\n */\n\nimport { UUID, Permission, Scope } from './types';\n\n/**\n * Security validation utilities for RBAC operations\n */\nexport class RBACSecurityValidator {\n /**\n * Validate permission string format\n * @param permission - Permission string to validate\n * @returns True if valid, false otherwise\n */\n static validatePermission(permission: string): boolean {\n if (typeof permission !== 'string' || permission.length === 0) {\n return false;\n }\n\n // Permission format: operation:resource[.subresource]\n const permissionRegex = /^(read|create|update|delete|manage):[a-z0-9._-]+$/;\n return permissionRegex.test(permission);\n }\n\n /**\n * Validate UUID format\n * @param uuid - UUID string to validate\n * @returns True if valid, false otherwise\n */\n static validateUUID(uuid: string): boolean {\n if (typeof uuid !== 'string' || uuid.length === 0) {\n return false;\n }\n\n // More permissive UUID regex that allows all valid UUID versions\n const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n return uuidRegex.test(uuid);\n }\n\n /**\n * Validate scope object\n * @param scope - Scope object to validate\n * @returns True if valid, false otherwise\n */\n static validateScope(scope: Scope): boolean {\n if (!scope || typeof scope !== 'object') {\n return false;\n }\n\n // Organisation ID is required for most operations\n if (scope.organisationId && !this.validateUUID(scope.organisationId)) {\n return false;\n }\n\n // Event ID should be a string if provided\n if (scope.eventId && typeof scope.eventId !== 'string') {\n return false;\n }\n\n // App ID should be a valid UUID if provided\n if (scope.appId && !this.validateUUID(scope.appId)) {\n return false;\n }\n\n // At least one valid field must be present\n return !!(scope.organisationId || scope.eventId || scope.appId);\n }\n\n /**\n * Sanitize input string to prevent injection attacks\n * @param input - Input string to sanitize\n * @returns Sanitized string\n */\n static sanitizeInput(input: string): string {\n if (typeof input !== 'string') {\n return '';\n }\n\n // Remove potentially dangerous characters\n return input\n .replace(/<[^>]*>/g, '') // Remove HTML tags\n .replace(/[<>\\\"'&]/g, '') // Remove HTML/XML characters\n .replace(/[;()]/g, '') // Remove SQL injection characters\n .replace(/javascript:/gi, '') // Remove javascript: protocol\n .replace(/data:/gi, '') // Remove data: protocol\n .trim();\n }\n\n /**\n * Validate user ID format\n * @param userId - User ID to validate\n * @returns True if valid, false otherwise\n */\n static validateUserId(userId: UUID): boolean {\n return this.validateUUID(userId);\n }\n\n /**\n * Check if permission is a wildcard permission\n * @param permission - Permission string to check\n * @returns True if wildcard, false otherwise\n */\n static isWildcardPermission(permission: string): boolean {\n return permission.includes('*') || permission.endsWith(':*');\n }\n\n /**\n * Validate permission hierarchy\n * @param permission - Permission to validate\n * @param requiredOperation - Required operation\n * @returns True if permission matches or is higher in hierarchy\n */\n static validatePermissionHierarchy(permission: string, requiredOperation: string): boolean {\n if (!this.validatePermission(permission)) {\n return false;\n }\n\n const [operation] = permission.split(':');\n const hierarchy = ['read', 'create', 'update', 'delete', 'manage'];\n \n const permissionLevel = hierarchy.indexOf(operation);\n const requiredLevel = hierarchy.indexOf(requiredOperation);\n \n if (permissionLevel === -1 || requiredLevel === -1) {\n return false;\n }\n\n // Higher level permissions include lower level permissions\n return permissionLevel >= requiredLevel;\n }\n\n /**\n * Rate limiting check (placeholder for future implementation)\n * @param userId - User ID\n * @param operation - Operation being performed\n * @returns True if within rate limit, false otherwise\n */\n static async checkRateLimit(userId: UUID, operation: string): Promise<boolean> {\n // TODO: Implement actual rate limiting logic\n // This could use Redis, in-memory cache, or database-based rate limiting\n return true;\n }\n\n /**\n * Validate context requirements for security\n * @param scope - Scope object\n * @param appId - Application ID\n * @returns True if context is valid, false otherwise\n */\n static validateContextRequirements(scope: Scope, appId?: UUID): boolean {\n // Organisation context is always required\n if (!scope.organisationId) {\n return false;\n }\n\n // If app requires event, event context must be provided\n if (appId && scope.appId === appId) {\n // This would need to check app configuration\n // For now, we'll assume event context is required if appId is provided\n if (!scope.eventId) {\n return false;\n }\n }\n\n return true;\n }\n\n /**\n * Log security event for monitoring\n * @param event - Security event details\n */\n static logSecurityEvent(event: {\n type: 'permission_denied' | 'invalid_input' | 'rate_limit_exceeded' | 'suspicious_activity';\n userId: UUID;\n details: Record<string, any>;\n timestamp?: Date;\n }): void {\n const securityEvent = {\n ...event,\n timestamp: event.timestamp || new Date(),\n severity: this.getEventSeverity(event.type),\n };\n\n // Log to console in development, could be sent to security monitoring service in production\n if (process.env.NODE_ENV === 'development') {\n console.warn('[RBAC Security]', securityEvent);\n }\n\n // TODO: Send to security monitoring service\n }\n\n /**\n * Get severity level for security event\n * @param eventType - Type of security event\n * @returns Severity level\n */\n private static getEventSeverity(eventType: string): 'low' | 'medium' | 'high' | 'critical' {\n switch (eventType) {\n case 'permission_denied':\n return 'low';\n case 'invalid_input':\n return 'medium';\n case 'rate_limit_exceeded':\n return 'medium';\n case 'suspicious_activity':\n return 'high';\n default:\n return 'low';\n }\n }\n}\n\n/**\n * Security configuration for RBAC system\n */\nexport interface RBACSecurityConfig {\n enableInputValidation: boolean;\n enableRateLimiting: boolean;\n enableAuditLogging: boolean;\n maxPermissionChecksPerMinute: number;\n suspiciousActivityThreshold: number;\n}\n\n/**\n * Default security configuration\n */\nexport const DEFAULT_SECURITY_CONFIG: RBACSecurityConfig = {\n enableInputValidation: true,\n enableRateLimiting: true,\n enableAuditLogging: true,\n maxPermissionChecksPerMinute: 100,\n suspiciousActivityThreshold: 10,\n};\n\n/**\n * Security context for RBAC operations\n */\nexport interface SecurityContext {\n userId: UUID;\n organisationId: UUID;\n ipAddress?: string;\n userAgent?: string;\n timestamp: Date;\n}\n\n/**\n * Security middleware for RBAC operations\n */\nexport class RBACSecurityMiddleware {\n private config: RBACSecurityConfig;\n\n constructor(config: RBACSecurityConfig = DEFAULT_SECURITY_CONFIG) {\n this.config = config;\n }\n\n /**\n * Validate input before processing\n * @param input - Input to validate\n * @param context - Security context\n * @returns Validation result\n */\n async validateInput(input: any, context: SecurityContext): Promise<{\n isValid: boolean;\n errors: string[];\n }> {\n const errors: string[] = [];\n\n if (!this.config.enableInputValidation) {\n return { isValid: true, errors: [] };\n }\n\n // Validate user ID\n if (!RBACSecurityValidator.validateUserId(context.userId)) {\n errors.push('Invalid user ID format');\n }\n\n // Validate organisation ID\n if (!RBACSecurityValidator.validateUUID(context.organisationId)) {\n errors.push('Invalid organisation ID format');\n }\n\n // Validate permission if present\n if (input.permission && !RBACSecurityValidator.validatePermission(input.permission)) {\n errors.push('Invalid permission format');\n }\n\n // Validate scope if present\n if (input.scope && !RBACSecurityValidator.validateScope(input.scope)) {\n errors.push('Invalid scope format');\n }\n\n // Log suspicious activity\n if (errors.length > 0) {\n RBACSecurityValidator.logSecurityEvent({\n type: 'invalid_input',\n userId: context.userId,\n details: { errors, input: this.sanitizeInput(JSON.stringify(input)) },\n });\n }\n\n return {\n isValid: errors.length === 0,\n errors,\n };\n }\n\n /**\n * Check rate limiting\n * @param context - Security context\n * @returns Rate limit check result\n */\n async checkRateLimit(context: SecurityContext): Promise<{\n isAllowed: boolean;\n remaining: number;\n }> {\n if (!this.config.enableRateLimiting) {\n return { isAllowed: true, remaining: this.config.maxPermissionChecksPerMinute };\n }\n\n // TODO: Implement actual rate limiting logic\n const isAllowed = await RBACSecurityValidator.checkRateLimit(\n context.userId,\n 'permission_check'\n );\n\n return {\n isAllowed,\n remaining: this.config.maxPermissionChecksPerMinute,\n };\n }\n\n /**\n * Sanitize input data\n * @param input - Input to sanitize\n * @returns Sanitized input\n */\n private sanitizeInput(input: string): string {\n return RBACSecurityValidator.sanitizeInput(input);\n }\n}\n","/**\n * RBAC Core Engine\n * @package @jmruthers/pace-core\n * @module RBAC/Engine\n * @since 1.0.0\n * \n * This module implements the core RBAC permission algorithm with deny-overrides-allow precedence.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../types/database';\nimport { \n UUID, \n Permission, \n Scope, \n PermissionCheck, \n AccessLevel, \n PermissionMap,\n Operation,\n OrganisationRole,\n EventAppRole\n} from './types';\nimport { rbacCache, RBACCache } from './cache';\nimport { emitAuditEvent } from './audit';\nimport { getCurrentAppName } from '../utils/appNameResolver';\nimport { \n RBACSecurityValidator, \n RBACSecurityMiddleware, \n SecurityContext,\n DEFAULT_SECURITY_CONFIG \n} from './security';\n\n/**\n * Grant type for permission resolution\n */\ninterface Grant {\n type: 'allow' | 'deny';\n permission: Permission;\n scope: 'global' | 'organisation' | 'eventApp' | 'page';\n source: string;\n}\n\n/**\n * RBAC Engine\n * \n * Implements the core permission algorithm with deny-overrides-allow precedence.\n */\nexport class RBACEngine {\n private supabase: SupabaseClient<Database>;\n private securityMiddleware: RBACSecurityMiddleware;\n\n constructor(supabase: SupabaseClient<Database>) {\n this.supabase = supabase;\n this.securityMiddleware = new RBACSecurityMiddleware(DEFAULT_SECURITY_CONFIG);\n }\n\n /**\n * Check if a user has a specific permission\n * \n * @param input - Permission check input\n * @param securityContext - Optional security context for enhanced validation\n * @returns Promise resolving to permission result\n */\n async isPermitted(input: PermissionCheck, securityContext?: SecurityContext): Promise<boolean> {\n const startTime = Date.now();\n const { userId, permission, scope, pageId } = input;\n\n try {\n // Security validation\n if (securityContext) {\n const validation = await this.securityMiddleware.validateInput(input, securityContext);\n if (!validation.isValid) {\n RBACSecurityValidator.logSecurityEvent({\n type: 'invalid_input',\n userId,\n details: { errors: validation.errors, input: JSON.stringify(input) },\n });\n return false;\n }\n\n const rateLimit = await this.securityMiddleware.checkRateLimit(securityContext);\n if (!rateLimit.isAllowed) {\n RBACSecurityValidator.logSecurityEvent({\n type: 'rate_limit_exceeded',\n userId,\n details: { remaining: rateLimit.remaining },\n });\n return false;\n }\n }\n\n // Input validation (only when security context is provided)\n if (securityContext) {\n if (!RBACSecurityValidator.validateUserId(userId)) {\n RBACSecurityValidator.logSecurityEvent({\n type: 'invalid_input',\n userId,\n details: { error: 'Invalid user ID format' },\n });\n return false;\n }\n\n if (!RBACSecurityValidator.validatePermission(permission)) {\n RBACSecurityValidator.logSecurityEvent({\n type: 'invalid_input',\n userId,\n details: { error: 'Invalid permission format', permission },\n });\n return false;\n }\n\n if (!RBACSecurityValidator.validateScope(scope)) {\n RBACSecurityValidator.logSecurityEvent({\n type: 'invalid_input',\n userId,\n details: { error: 'Invalid scope format', scope },\n });\n return false;\n }\n }\n // 1) If GlobalRole == 'super_admin' → allow (log bypass:true)\n const isSuperAdmin = await this.checkSuperAdmin(userId);\n if (isSuperAdmin) {\n const duration = Date.now() - startTime;\n // Only emit audit event if we have a valid organisation ID\n if (scope.organisationId) {\n // Resolve pageId to UUID if it's a page name\n const resolvedPageId = await this.resolvePageId(pageId, scope.appId);\n await emitAuditEvent({\n type: 'permission_check',\n userId,\n organisationId: scope.organisationId,\n eventId: scope.eventId,\n appId: scope.appId,\n pageId: resolvedPageId,\n permission,\n decision: true,\n source: 'api',\n bypass: true,\n duration_ms: duration,\n });\n }\n return true;\n }\n\n // 2) Validate context requirements based on app configuration\n const validatedScope = await this.validateContextRequirements(scope, scope.appId);\n if (!validatedScope) {\n const duration = Date.now() - startTime;\n // Only emit audit event if we have a valid organisation ID\n if (scope.organisationId) {\n // Resolve pageId to UUID if it's a page name\n const resolvedPageId = await this.resolvePageId(pageId, scope.appId);\n await emitAuditEvent({\n type: 'permission_denied',\n userId,\n organisationId: scope.organisationId,\n eventId: scope.eventId,\n appId: scope.appId,\n pageId: resolvedPageId,\n permission,\n source: 'api',\n metadata: {\n reason: 'invalid_context_requirements',\n app_requires_event: scope.appId ? await this.getAppConfig(scope.appId).then(config => config?.requires_event) : null\n }\n });\n }\n return false;\n }\n\n // 3) Collect active grants at page → eventApp → organisation → global\n const grants = await this.collectActiveGrants(userId, validatedScope, pageId);\n console.log('[RBACEngine] Collected grants:', grants);\n\n // 4) Apply explicit denies at the closest scope first (deny overrides allow)\n const denies = grants.filter(g => g.type === 'deny');\n console.log('[RBACEngine] Deny grants:', denies);\n for (const deny of denies) {\n const matches = this.permissionMatches(deny.permission, permission);\n console.log('[RBACEngine] Checking deny:', { \n denyPermission: deny.permission, \n requestedPermission: permission, \n matches \n });\n if (matches) {\n const duration = Date.now() - startTime;\n console.log('[RBACEngine] Permission DENIED by explicit deny rule');\n // Only emit audit event if we have a valid organisation ID\n if (scope.organisationId) {\n // Resolve pageId to UUID if it's a page name\n const resolvedPageId = await this.resolvePageId(pageId, scope.appId);\n await emitAuditEvent({\n type: 'permission_denied',\n userId,\n organisationId: scope.organisationId,\n eventId: scope.eventId,\n appId: scope.appId,\n pageId: resolvedPageId,\n permission,\n source: 'api',\n });\n }\n return false;\n }\n }\n\n // 5) If no deny, check allows from closest to widest scope\n const allows = grants.filter(g => g.type === 'allow');\n console.log('[RBACEngine] Allow grants:', allows);\n let hasPermission = false;\n \n // Check allows in precedence order: page → eventApp → organisation → global\n const scopeOrder: Array<'page' | 'eventApp' | 'organisation' | 'global'> = ['page', 'eventApp', 'organisation', 'global'];\n \n for (const scopeType of scopeOrder) {\n const scopeAllows = allows.filter(g => g.scope === scopeType);\n console.log(`[RBACEngine] Checking ${scopeType} allows:`, scopeAllows);\n for (const allow of scopeAllows) {\n console.log(`[RBACEngine] About to check permission match for ${scopeType}:`, {\n allowPermission: allow.permission,\n requestedPermission: permission,\n scopeType\n });\n const matches = this.permissionMatches(allow.permission, permission);\n console.log(`[RBACEngine] Permission match result:`, { \n scopeType,\n allowPermission: allow.permission, \n requestedPermission: permission, \n matches \n });\n if (matches) {\n console.log(`[RBACEngine] Permission GRANTED by ${scopeType} allow rule`);\n hasPermission = true;\n break;\n }\n }\n if (hasPermission) break;\n }\n\n // 6) Return final decision; emit audit event\n const finalDecision = hasPermission;\n const _duration = Date.now() - startTime;\n \n console.log('[RBACEngine] Final decision:', {\n userId,\n permission,\n pageId,\n hasPermission,\n grantsCount: grants.length,\n allowsCount: allows.length,\n deniesCount: denies.length,\n duration: _duration\n });\n\n // Only emit audit event if we have a valid organisation ID\n if (scope.organisationId) {\n // Resolve pageId to UUID if it's a page name\n const resolvedPageId = await this.resolvePageId(pageId, scope.appId);\n await emitAuditEvent({\n type: 'permission_check',\n userId,\n organisationId: scope.organisationId,\n eventId: scope.eventId,\n appId: scope.appId,\n pageId: resolvedPageId,\n permission,\n decision: finalDecision,\n source: 'api',\n duration_ms: _duration,\n });\n }\n\n return finalDecision;\n } catch (error) {\n // Log security event for unexpected errors\n RBACSecurityValidator.logSecurityEvent({\n type: 'suspicious_activity',\n userId,\n details: { \n error: error instanceof Error ? error.message : 'Unknown error',\n permission,\n scope: JSON.stringify(scope)\n },\n });\n\n // Permission check failed - error logged via RBAC logger\n return false;\n }\n }\n\n /**\n * Get user's access level in a scope\n * \n * @param input - Access level input\n * @returns Promise resolving to access level\n */\n async getAccessLevel(input: { userId: UUID; scope: Scope }): Promise<AccessLevel> {\n const { userId, scope } = input;\n\n // Check super admin first - super admins don't need context validation\n const isSuperAdmin = await this.checkSuperAdmin(userId);\n if (isSuperAdmin) {\n return 'super';\n }\n\n // Validate context requirements based on app configuration\n const validatedScope = await this.validateContextRequirements(scope, scope.appId);\n if (!validatedScope) {\n return 'viewer'; // Default to lowest access level for invalid context\n }\n\n // Check cache first\n const cacheKey = RBACCache.generateAccessLevelKey(\n userId,\n validatedScope.organisationId!,\n validatedScope.eventId,\n validatedScope.appId\n );\n \n const cached = rbacCache.get<AccessLevel>(cacheKey);\n if (cached) {\n return cached;\n }\n\n // Check organisation role\n const orgRole = await this.getOrganisationRole(userId, validatedScope.organisationId!);\n if (orgRole === 'org_admin') {\n rbacCache.set(cacheKey, 'admin');\n return 'admin';\n }\n\n // Check event-app role\n if (validatedScope.eventId && validatedScope.appId) {\n const eventRole = await this.getEventAppRole(userId, validatedScope.eventId, validatedScope.appId);\n if (eventRole === 'event_admin') {\n rbacCache.set(cacheKey, 'admin');\n return 'admin';\n }\n if (eventRole === 'planner') {\n rbacCache.set(cacheKey, 'planner');\n return 'planner';\n }\n if (eventRole === 'participant') {\n rbacCache.set(cacheKey, 'participant');\n return 'participant';\n }\n }\n\n // Default to viewer\n rbacCache.set(cacheKey, 'viewer');\n return 'viewer';\n }\n\n /**\n * Get user's permission map for a scope\n * \n * @param input - Permission map input\n * @returns Promise resolving to permission map\n */\n async getPermissionMap(input: { userId: UUID; scope: Scope }): Promise<PermissionMap> {\n const { userId, scope } = input;\n\n // Check super admin first - super admins have all permissions\n const isSuperAdmin = await this.checkSuperAdmin(userId);\n if (isSuperAdmin) {\n return {}; // Super admins have all permissions, return empty map\n }\n\n // Validate context requirements based on app configuration\n const validatedScope = await this.validateContextRequirements(scope, scope.appId);\n if (!validatedScope) {\n return {}; // No permissions without valid context\n }\n\n // Check cache first\n const cacheKey = RBACCache.generatePermissionMapKey(\n userId,\n validatedScope.organisationId!,\n validatedScope.eventId,\n validatedScope.appId\n );\n \n const cached = rbacCache.get<PermissionMap>(cacheKey);\n if (cached) {\n return cached;\n }\n\n const permissionMap: PermissionMap = {};\n\n // Get all pages for the app\n if (validatedScope.appId) {\n const { data: pages } = await this.supabase\n .from('rbac_app_pages')\n .select('id, page_name')\n .eq('app_id', validatedScope.appId) as { data: Array<{ id: string; page_name: string }> | null };\n\n if (pages) {\n for (const page of pages) {\n const operations: Operation[] = [];\n \n // Check each operation\n for (const operation of ['read', 'create', 'update', 'delete', 'manage'] as Operation[]) {\n const hasPermission = await this.isPermitted({\n userId,\n scope: validatedScope,\n permission: `${operation}:${page.page_name}`,\n pageId: page.id,\n });\n \n if (hasPermission) {\n operations.push(operation);\n }\n }\n \n permissionMap[page.id] = operations;\n }\n }\n }\n\n rbacCache.set(cacheKey, permissionMap);\n return permissionMap;\n }\n\n /**\n * Check if user is super admin\n * \n * @param userId - User ID\n * @returns Promise resolving to super admin status\n */\n private async checkSuperAdmin(userId: UUID): Promise<boolean> {\n // Check cache first\n const cacheKey = `super_admin:${userId}`;\n const cached = rbacCache.get<boolean>(cacheKey);\n if (cached !== null) {\n return cached;\n }\n\n const { data, error } = await this.supabase\n .from('rbac_global_roles')\n .select('id')\n .eq('user_id', userId)\n .eq('role', 'super_admin')\n .is('valid_to', null)\n .single();\n\n const isSuperAdmin = !error && !!data;\n \n // Cache the result for 60 seconds\n rbacCache.set(cacheKey, isSuperAdmin, 60000);\n \n return isSuperAdmin;\n }\n\n /**\n * Get app configuration including requires_event setting\n * \n * @param appId - App ID\n * @returns Promise resolving to app configuration\n */\n async getAppConfig(appId: UUID): Promise<{ requires_event: boolean } | null> {\n const { data, error } = await this.supabase\n .from('rbac_apps')\n .select('requires_event')\n .eq('id', appId)\n .eq('is_active', true)\n .single() as { data: { requires_event: boolean } | null; error: any };\n\n if (error || !data) {\n return null;\n }\n\n return { requires_event: data.requires_event };\n }\n\n /**\n * Resolve organisation ID from event ID\n * \n * @param eventId - Event ID\n * @returns Promise resolving to organisation ID\n */\n private async resolveOrganisationFromEvent(eventId: string): Promise<UUID | null> {\n const { data, error } = await this.supabase\n .from('event')\n .select('organisation_id')\n .eq('id', eventId)\n .single() as { data: { organisation_id: string } | null; error: any };\n\n if (error || !data) {\n return null;\n }\n\n return data.organisation_id;\n }\n\n /**\n * Validate context requirements based on app configuration\n * \n * @param scope - Permission scope\n * @param appId - Optional app ID\n * @returns Promise resolving to validated scope with resolved organisation ID\n */\n private async validateContextRequirements(scope: Scope, appId?: UUID): Promise<Scope | null> {\n // If we have an app ID, check its requirements\n if (appId) {\n const appConfig = await this.getAppConfig(appId);\n if (!appConfig) {\n return null; // App not found or inactive\n }\n\n if (appConfig.requires_event) {\n // Event-based app: requires eventId, organisationId is resolved from event\n if (!scope.eventId) {\n return null; // Event context required\n }\n\n // Resolve organisation from event if not provided\n if (!scope.organisationId) {\n const resolvedOrgId = await this.resolveOrganisationFromEvent(scope.eventId);\n if (!resolvedOrgId) {\n return null; // Could not resolve organisation from event\n }\n return {\n ...scope,\n organisationId: resolvedOrgId\n };\n }\n\n return scope;\n } else {\n // Organisation-based app: requires organisationId, eventId is optional\n if (!scope.organisationId) {\n return null; // Organisation context required\n }\n\n return scope;\n }\n }\n\n // No app ID provided - use legacy validation (require organisation)\n if (!scope.organisationId) {\n return null; // Organisation context required for legacy behavior\n }\n\n return scope;\n }\n\n /**\n * Collect active grants for a user in a scope\n * \n * @param userId - User ID\n * @param scope - Permission scope\n * @param pageId - Optional page ID\n * @returns Promise resolving to grants array\n * \n * PRECEDENCE ORDER (closest scope first): page → eventApp → organisation → global\n */\n private async collectActiveGrants(\n userId: UUID, \n scope: Scope, \n pageId?: UUID | string\n ): Promise<Grant[]> {\n const grants: Grant[] = [];\n const now = new Date().toISOString();\n \n // Pre-fetch user roles once (to avoid duplicate queries)\n const userRoles: string[] = [];\n \n // Get event-app roles\n if (scope.eventId && scope.appId) {\n const { data: eventRoles } = await this.supabase\n .from('rbac_event_app_roles')\n .select('role, status, valid_from, valid_to')\n .eq('user_id', userId)\n .eq('event_id', scope.eventId)\n .eq('app_id', scope.appId)\n .eq('status', 'active')\n .lte('valid_from', now)\n .or(`valid_to.is.null,valid_to.gte.${now}`) as { data: Array<{ role: string; status: string; valid_from: string; valid_to: string | null }> | null };\n \n if (eventRoles) {\n userRoles.push(...eventRoles.map(r => r.role));\n // Also add event-app grants\n for (const role of eventRoles) {\n grants.push({\n type: 'allow',\n permission: this.getPermissionForEventRole(role.role as EventAppRole),\n scope: 'eventApp',\n source: 'rbac_event_app_roles',\n });\n }\n }\n }\n \n // Get organisation roles\n if (scope.organisationId) {\n const { data: orgRoles } = await this.supabase\n .from('rbac_organisation_roles')\n .select('role, status, valid_from, valid_to')\n .eq('user_id', userId)\n .eq('organisation_id', scope.organisationId)\n .eq('status', 'active')\n .lte('valid_from', now)\n .or(`valid_to.is.null,valid_to.gte.${now}`) as { data: Array<{ role: string; status: string; valid_from: string; valid_to: string | null }> | null };\n \n if (orgRoles) {\n userRoles.push(...orgRoles.map(r => r.role));\n // Also add org grants\n for (const role of orgRoles) {\n grants.push({\n type: 'allow',\n permission: this.getPermissionForOrgRole(role.role as OrganisationRole),\n scope: 'organisation',\n source: 'rbac_organisation_roles',\n });\n }\n }\n }\n \n console.log('[collectActiveGrants] User roles:', userRoles);\n\n // 1. PAGE GRANTS (closest scope first) - Use RPC to bypass RLS\n if (pageId) {\n // Resolve page ID if it's a page name (string)\n let resolvedPageId: UUID | null = null;\n if (typeof pageId === 'string') {\n // Check if it's already a UUID\n const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n if (uuidRegex.test(pageId)) {\n resolvedPageId = pageId as UUID;\n } else {\n // It's a page name, resolve it to a page ID\n const appId = scope.appId;\n if (appId) {\n const { data: page } = await this.supabase\n .from('rbac_app_pages')\n .select('id')\n .eq('app_id', appId)\n .eq('page_name', pageId)\n .single() as { data: { id: UUID } | null };\n resolvedPageId = page?.id || null;\n }\n }\n } else {\n resolvedPageId = pageId;\n }\n\n if (resolvedPageId && scope.appId) {\n console.log('[collectActiveGrants] Fetching page permissions via RPC for page:', resolvedPageId);\n \n // Get the page name for building specific permission strings\n let pageName: string | null = null;\n if (typeof pageId === 'string' && !/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(pageId)) {\n // pageId is already the page name\n pageName = pageId;\n } else {\n // Fetch page name from database\n const { data: page } = await this.supabase\n .from('rbac_app_pages')\n .select('page_name')\n .eq('id', resolvedPageId)\n .single() as { data: { page_name: string } | null };\n pageName = page?.page_name || null;\n }\n \n // Use RPC to get page permissions (bypasses RLS)\n // @ts-ignore - RPC type inference is incorrect\n const rpcResult = await this.supabase.rpc('get_rbac_permissions', {\n p_user_id: userId,\n p_app_id: scope.appId,\n p_event_id: scope.eventId || null,\n p_organisation_id: scope.organisationId || null,\n p_page_id: resolvedPageId\n });\n \n const { data: rpcPermissions } = rpcResult as { data: Array<{ permission_type: string; role_name: string; has_permission: boolean }> | null; error: any };\n \n console.log('[collectActiveGrants] RPC page permissions:', rpcPermissions);\n \n if (rpcPermissions && pageName) {\n // Filter to only page-level permissions (not org/event-app roles)\n const pagePerms = rpcPermissions.filter(p => \n p.permission_type !== 'all_permissions' && \n p.permission_type !== 'organisation_access' && \n p.permission_type !== 'event_app_access'\n );\n \n for (const perm of pagePerms) {\n // Only add if user has this role\n if (userRoles.includes(perm.role_name)) {\n console.log('[collectActiveGrants] Adding page grant:', { operation: perm.permission_type, role: perm.role_name, allowed: perm.has_permission, pageName });\n grants.push({\n type: perm.has_permission ? 'allow' : 'deny',\n // Use page.${pageName} format for specific page permissions\n permission: `${perm.permission_type}:page.${pageName}` as Permission,\n scope: 'page',\n source: 'rbac_page_permissions',\n });\n }\n }\n }\n }\n }\n\n // 2. GLOBAL GRANTS (widest scope last)\n const { data: globalRoles } = await this.supabase\n .from('rbac_global_roles')\n .select('role, valid_from, valid_to')\n .eq('user_id', userId)\n .lte('valid_from', now)\n .or(`valid_to.is.null,valid_to.gte.${now}`) as { data: Array<{ role: string; valid_from: string; valid_to: string | null }> | null };\n\n if (globalRoles) {\n for (const role of globalRoles) {\n if (role.role === 'super_admin') {\n grants.push({\n type: 'allow',\n permission: 'manage:*' as Permission,\n scope: 'global',\n source: 'rbac_global_roles',\n });\n }\n }\n }\n \n console.log('[collectActiveGrants] Final grants:', grants);\n\n return grants;\n }\n\n /**\n * Check page-specific permissions\n * \n * @param userId - User ID\n * @param pageId - Page ID\n * @param permission - Permission to check\n * @param scope - Permission scope\n * @returns Promise resolving to page permission result\n */\n private async checkPagePermissions(\n userId: UUID,\n pageId: UUID | string | undefined,\n permission: Permission,\n scope: Scope\n ): Promise<boolean> {\n if (!pageId) {\n return true; // No page restrictions\n }\n\n const [operation] = permission.split(':') as [Operation, string];\n\n // Get user's roles in this scope\n const userRoles: string[] = [];\n\n // Add organisation role\n if (scope.organisationId) {\n const orgRole = await this.getOrganisationRole(userId, scope.organisationId);\n if (orgRole) {\n userRoles.push(orgRole);\n }\n }\n\n // Add event-app role\n if (scope.eventId && scope.appId) {\n const eventRole = await this.getEventAppRole(userId, scope.eventId, scope.appId);\n if (eventRole) {\n userRoles.push(eventRole);\n }\n }\n\n // Resolve page ID if it's a page name (string)\n let resolvedPageId: UUID | null = null;\n if (typeof pageId === 'string') {\n // Check if it's already a UUID\n const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n if (uuidRegex.test(pageId)) {\n resolvedPageId = pageId as UUID;\n } else {\n // It's a page name, resolve it to a page ID\n // First, get the app ID from scope or environment\n let appId = scope.appId;\n if (!appId) {\n // Try to get app ID from environment\n const appName = process.env.VITE_APP_NAME || process.env.REACT_APP_NAME;\n if (appName) {\n const { data: app } = await this.supabase\n .from('rbac_apps')\n .select('id')\n .eq('name', appName)\n .eq('is_active', true)\n .single() as { data: { id: UUID } | null };\n if (app) {\n appId = app.id;\n }\n }\n }\n \n if (appId) {\n const { data: page } = await this.supabase\n .from('rbac_app_pages')\n .select('id')\n .eq('app_id', appId)\n .eq('page_name', pageId)\n .single() as { data: { id: UUID } | null };\n resolvedPageId = page?.id || null;\n }\n }\n } else {\n resolvedPageId = pageId;\n }\n\n if (!resolvedPageId) {\n return false; // Page not found\n }\n\n // Check page permissions\n const { data: pagePermissions } = await this.supabase\n .from('rbac_page_permissions')\n .select('allowed')\n .eq('app_page_id', resolvedPageId)\n .eq('operation', operation)\n .in('role_name', userRoles)\n .single() as { data: { allowed: boolean } | null };\n\n return pagePermissions?.allowed ?? false;\n }\n\n /**\n * Get organisation role for a user\n * \n * @param userId - User ID\n * @param organisationId - Organisation ID\n * @returns Promise resolving to organisation role\n */\n private async getOrganisationRole(userId: UUID, organisationId: UUID): Promise<OrganisationRole | null> {\n const { data, error } = await this.supabase\n .from('rbac_organisation_roles')\n .select('role')\n .eq('user_id', userId)\n .eq('organisation_id', organisationId)\n .eq('status', 'active')\n .single() as { data: { role: string } | null; error: any };\n\n return error ? null : (data?.role as OrganisationRole) || null;\n }\n\n /**\n * Get event-app role for a user\n * \n * @param userId - User ID\n * @param eventId - Event ID\n * @param appId - App ID\n * @returns Promise resolving to event-app role\n */\n private async getEventAppRole(userId: UUID, eventId: string, appId: UUID): Promise<EventAppRole | null> {\n const { data, error } = await this.supabase\n .from('rbac_event_app_roles')\n .select('role, status, valid_from, valid_to')\n .eq('user_id', userId)\n .eq('event_id', eventId)\n .eq('app_id', appId)\n .eq('status', 'active')\n .lte('valid_from', new Date().toISOString())\n .or(`valid_to.is.null,valid_to.gte.${new Date().toISOString()}`)\n .single() as { data: { role: string; status: string; valid_from: string; valid_to: string | null } | null; error: any };\n\n return error ? null : (data?.role as EventAppRole) || null;\n }\n\n /**\n * Get permission for organisation role\n * \n * @param role - Organisation role\n * @returns Permission string\n */\n private getPermissionForOrgRole(role: OrganisationRole): Permission {\n switch (role) {\n case 'org_admin':\n return 'manage:*' as Permission;\n case 'leader':\n return 'manage:organisation.*' as Permission;\n case 'member':\n return 'read:organisation.*' as Permission;\n case 'supporter':\n return 'read:organisation.public' as Permission;\n default:\n return 'read:organisation.public' as Permission;\n }\n }\n\n /**\n * Get permission for event-app role\n * \n * @param role - Event-app role\n * @returns Permission string\n */\n private getPermissionForEventRole(role: EventAppRole): Permission {\n switch (role) {\n case 'event_admin':\n return 'manage:event.*' as Permission;\n case 'planner':\n return 'manage:event.planning' as Permission;\n case 'participant':\n return 'read:event.*' as Permission;\n case 'viewer':\n return 'read:event.public' as Permission;\n default:\n return 'read:event.public' as Permission;\n }\n }\n\n /**\n * Check if a permission matches another permission\n * \n * @param grantPermission - Permission from grant\n * @param requestedPermission - Requested permission\n * @returns True if permissions match\n */\n private permissionMatches(grantPermission: Permission, requestedPermission: Permission): boolean {\n console.log('[permissionMatches] Checking:', { grantPermission, requestedPermission });\n \n // Exact match\n if (grantPermission === requestedPermission) {\n console.log('[permissionMatches] Exact match found');\n return true;\n }\n\n // Wildcard match\n if (grantPermission.endsWith(':*') || grantPermission.endsWith('.*')) {\n const [grantOp, grantResource] = grantPermission.split(':');\n const [requestedOp, requestedResource] = requestedPermission.split(':');\n \n console.log('[permissionMatches] Wildcard check:', { \n grantOp, \n grantResource, \n requestedOp, \n requestedResource,\n operationsMatch: grantOp === requestedOp\n });\n \n if (grantOp === requestedOp) {\n // For wildcard permissions like \"read:*\" or \"read:organisation.*\", grantResource is \"*\" or \"organisation.*\"\n // We need to check if the requested resource starts with the prefix before \"*\"\n const prefix = grantResource.slice(0, -1); // Remove the \"*\"\n const matches = prefix === '' || requestedResource.startsWith(prefix);\n console.log('[permissionMatches] Wildcard match result:', { prefix, matches });\n return matches;\n }\n }\n\n // Check for other wildcard patterns\n if (grantPermission.includes('*')) {\n const [grantOp, grantResource] = grantPermission.split(':');\n const [requestedOp, requestedResource] = requestedPermission.split(':');\n \n console.log('[permissionMatches] Other wildcard check:', { \n grantOp, \n grantResource, \n requestedOp, \n requestedResource,\n operationsMatch: grantOp === requestedOp\n });\n \n if (grantOp === requestedOp) {\n // For wildcard permissions like \"read:event*\", grantResource is \"event*\"\n const prefix = grantResource.replace('*', '');\n const matches = requestedResource.startsWith(prefix);\n console.log('[permissionMatches] Other wildcard match result:', { prefix, matches });\n return matches;\n }\n }\n\n console.log('[permissionMatches] No match found');\n return false;\n }\n\n /**\n * Resolve a page ID to UUID if it's a page name\n * \n * @param pageId - Page ID (UUID) or page name (string)\n * @param appId - App ID to look up the page\n * @returns Resolved page ID (UUID) or original pageId if it's already a UUID or can't be resolved\n */\n private async resolvePageId(pageId?: UUID | string, appId?: UUID): Promise<UUID | string | undefined> {\n if (!pageId) {\n return undefined;\n }\n\n // Check if it's already a UUID\n const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n if (uuidRegex.test(pageId)) {\n return pageId as UUID;\n }\n\n // It's a page name, but we need appId to resolve it\n if (!appId) {\n // If we can't resolve it, return the original value\n return pageId;\n }\n\n // It's a page name, resolve it to a page ID\n try {\n const { data: page } = await this.supabase\n .from('rbac_app_pages')\n .select('id')\n .eq('app_id', appId)\n .eq('page_name', pageId)\n .single() as { data: { id: UUID } | null };\n \n return page?.id || pageId; // Return original if not found\n } catch (error) {\n console.warn('[RBAC Engine] Failed to resolve page name to UUID:', { pageId, appId, error });\n return pageId; // Return original on error\n }\n }\n}\n\n/**\n * Create an RBAC engine instance\n * \n * @param supabase - Supabase client\n * @returns RBACEngine instance\n */\nexport function createRBACEngine(supabase: SupabaseClient<Database>): RBACEngine {\n return new RBACEngine(supabase);\n}\n","/**\n * RBAC Configuration\n * @package @jmruthers/pace-core\n * @module RBAC/Config\n * @since 1.0.0\n * \n * This module provides configuration options for the RBAC system.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../types/database';\n\nexport type LogLevel = 'error' | 'warn' | 'info' | 'debug';\n\nexport interface RBACConfig {\n supabase: SupabaseClient<Database>;\n debug?: boolean;\n logLevel?: LogLevel;\n developmentMode?: boolean;\n mockPermissions?: Record<string, boolean>;\n cache?: {\n ttl?: number;\n enabled?: boolean;\n };\n audit?: {\n enabled?: boolean;\n logLevel?: LogLevel;\n };\n}\n\nexport interface RBACLogger {\n error: (message: string, ...args: unknown[]) => void;\n warn: (message: string, ...args: unknown[]) => void;\n info: (message: string, ...args: unknown[]) => void;\n debug: (message: string, ...args: unknown[]) => void;\n}\n\nclass RBACConfigManager {\n private config: RBACConfig | null = null;\n private logger: RBACLogger | null = null;\n\n setConfig(config: RBACConfig): void {\n this.config = config;\n this.setupLogger();\n }\n\n getConfig(): RBACConfig | null {\n return this.config;\n }\n\n getLogger(): RBACLogger {\n if (!this.logger) {\n this.logger = this.createDefaultLogger();\n }\n return this.logger;\n }\n\n private setupLogger(): void {\n if (!this.config) return;\n\n const { debug = false, logLevel = 'warn' } = this.config;\n \n this.logger = {\n error: (message: string, ...args: unknown[]) => {\n console.error(`[RBAC ERROR] ${message}`, ...args);\n },\n warn: (message: string, ...args: unknown[]) => {\n if (logLevel === 'warn' || logLevel === 'info' || logLevel === 'debug') {\n console.warn(`[RBAC WARN] ${message}`, ...args);\n }\n },\n info: (message: string, ...args: unknown[]) => {\n if (logLevel === 'info' || logLevel === 'debug') {\n console.info(`[RBAC INFO] ${message}`, ...args);\n }\n },\n debug: (message: string, ...args: unknown[]) => {\n if (debug && logLevel === 'debug') {\n console.debug(`[RBAC DEBUG] ${message}`, ...args);\n }\n },\n };\n }\n\n private createDefaultLogger(): RBACLogger {\n return {\n error: (message: string, ...args: unknown[]) => console.error(`[RBAC ERROR] ${message}`, ...args),\n warn: (message: string, ...args: unknown[]) => console.warn(`[RBAC WARN] ${message}`, ...args),\n info: (message: string, ...args: unknown[]) => console.info(`[RBAC INFO] ${message}`, ...args),\n debug: (message: string, ...args: unknown[]) => console.debug(`[RBAC DEBUG] ${message}`, ...args),\n };\n }\n\n isDebugMode(): boolean {\n return this.config?.debug ?? false;\n }\n\n isDevelopmentMode(): boolean {\n return this.config?.developmentMode ?? false;\n }\n\n getMockPermissions(): Record<string, boolean> | null {\n return this.config?.mockPermissions ?? null;\n }\n}\n\n// Global config manager instance\nconst configManager = new RBACConfigManager();\n\nexport function createRBACConfig(config: RBACConfig): RBACConfig {\n configManager.setConfig(config);\n return config;\n}\n\nexport function getRBACConfig(): RBACConfig | null {\n return configManager.getConfig();\n}\n\nexport function getRBACLogger(): RBACLogger {\n return configManager.getLogger();\n}\n\nexport function isDebugMode(): boolean {\n return configManager.isDebugMode();\n}\n\nexport function isDevelopmentMode(): boolean {\n return configManager.isDevelopmentMode();\n}\n\nexport function getMockPermissions(): Record<string, boolean> | null {\n return configManager.getMockPermissions();\n}\n","/**\n * RBAC Main API Functions\n * @package @jmruthers/pace-core\n * @module RBAC/API\n * @since 1.0.0\n * \n * This module provides the main API functions for the RBAC system.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../types/database';\nimport { \n UUID, \n Scope, \n Permission, \n AccessLevel, \n PermissionMap, \n PermissionCheck,\n RBACNotInitializedError\n} from './types';\nimport { createRBACEngine, RBACEngine } from './engine';\nimport { createAuditManager, setGlobalAuditManager } from './audit';\nimport { rbacCache, RBACCache, CACHE_PATTERNS } from './cache';\nimport { createRBACConfig, RBACConfig, getRBACLogger } from './config';\n\n// Global engine instance\nlet globalEngine: RBACEngine | null = null;\n\n/**\n * Setup RBAC system\n * \n * @param supabase - Supabase client\n * @param config - Optional configuration\n */\nexport function setupRBAC(supabase: SupabaseClient<Database>, config?: Partial<RBACConfig>): void {\n const logger = getRBACLogger();\n \n // Create full config\n const fullConfig: RBACConfig = {\n supabase,\n debug: process.env.NODE_ENV === 'development',\n logLevel: 'warn',\n developmentMode: process.env.NODE_ENV === 'development',\n ...config,\n };\n \n createRBACConfig(fullConfig);\n \n globalEngine = createRBACEngine(supabase);\n \n // Setup audit manager\n const auditManager = createAuditManager(supabase);\n setGlobalAuditManager(auditManager);\n \n logger.info('RBAC system initialized successfully');\n}\n\n/**\n * Get the global RBAC engine\n * \n * @returns Global RBAC engine\n * @throws Error if RBAC not initialized\n */\nfunction getEngine(): RBACEngine {\n if (!globalEngine) {\n throw new RBACNotInitializedError();\n }\n return globalEngine;\n}\n\n/**\n * Get user's access level in a scope\n * \n * @param input - Access level input\n * @returns Promise resolving to access level\n * \n * @example\n * ```typescript\n * const accessLevel = await getAccessLevel({\n * userId: 'user-123',\n * scope: { organisationId: 'org-456' }\n * });\n * ```\n */\nexport async function getAccessLevel(input: {\n userId: UUID;\n scope: Scope;\n}): Promise<AccessLevel> {\n const engine = getEngine();\n return engine.getAccessLevel(input);\n}\n\n/**\n * Get user's permission map for a scope\n * \n * @param input - Permission map input\n * @returns Promise resolving to permission map\n * \n * @example\n * ```typescript\n * const permissions = await getPermissionMap({\n * userId: 'user-123',\n * scope: { \n * organisationId: 'org-456',\n * eventId: 'event-789',\n * appId: 'app-101'\n * }\n * });\n * ```\n */\nexport async function getPermissionMap(input: {\n userId: UUID;\n scope: Scope;\n}): Promise<PermissionMap> {\n const engine = getEngine();\n return engine.getPermissionMap(input);\n}\n\n/**\n * Check if user has a specific permission\n * \n * @param input - Permission check input\n * @returns Promise resolving to permission result\n * \n * @example\n * ```typescript\n * const canManage = await isPermitted({\n * userId: 'user-123',\n * scope: { organisationId: 'org-456' },\n * permission: 'manage:events',\n * pageId: 'page-789'\n * });\n * ```\n */\nexport async function isPermitted(input: PermissionCheck): Promise<boolean> {\n const engine = getEngine();\n return engine.isPermitted(input);\n}\n\n/**\n * Check if user has a specific permission (cached version)\n * \n * @param input - Permission check input\n * @returns Promise resolving to permission result\n */\nexport async function isPermittedCached(input: PermissionCheck): Promise<boolean> {\n const { userId, scope, permission, pageId } = input;\n \n // Check cache first\n const cacheKey = RBACCache.generatePermissionKey({\n userId,\n organisationId: scope.organisationId!,\n eventId: scope.eventId,\n appId: scope.appId,\n permission,\n pageId,\n });\n \n const cached = rbacCache.get<boolean>(cacheKey);\n if (cached !== null) {\n return cached;\n }\n\n // Check permission\n const result = await isPermitted(input);\n \n // Cache result\n rbacCache.set(cacheKey, result);\n \n return result;\n}\n\n/**\n * Check if a user has a specific permission (alias for isPermitted)\n * \n * @param input - Permission check parameters\n * @returns Promise<boolean> - True if user has permission\n */\nexport async function hasPermission(input: PermissionCheck): Promise<boolean> {\n return isPermitted(input);\n}\n\n/**\n * Check if user has any of the specified permissions\n * \n * @param input - Permission check input with array of permissions\n * @returns Promise resolving to true if user has any permission\n */\nexport async function hasAnyPermission(input: {\n userId: UUID;\n scope: Scope;\n permissions: Permission[];\n pageId?: UUID;\n}): Promise<boolean> {\n const { permissions, ...baseInput } = input;\n \n for (const permission of permissions) {\n const hasPermission = await isPermitted({\n ...baseInput,\n permission,\n });\n \n if (hasPermission) {\n return true;\n }\n }\n \n return false;\n}\n\n/**\n * Check if user has all of the specified permissions\n * \n * @param input - Permission check input with array of permissions\n * @returns Promise resolving to true if user has all permissions\n */\nexport async function hasAllPermissions(input: {\n userId: UUID;\n scope: Scope;\n permissions: Permission[];\n pageId?: UUID;\n}): Promise<boolean> {\n const { permissions, ...baseInput } = input;\n \n for (const permission of permissions) {\n const hasPermission = await isPermitted({\n ...baseInput,\n permission,\n });\n \n if (!hasPermission) {\n return false;\n }\n }\n \n return true;\n}\n\n/**\n * Check if user is super admin\n * \n * @param userId - User ID\n * @returns Promise resolving to super admin status\n */\nexport async function isSuperAdmin(userId: UUID): Promise<boolean> {\n const engine = getEngine();\n return engine['checkSuperAdmin'](userId);\n}\n\n/**\n * Get app configuration including requires_event setting\n * \n * @param appId - App ID\n * @returns Promise resolving to app configuration\n */\nexport async function getAppConfig(appId: UUID): Promise<{ requires_event: boolean } | null> {\n const engine = getEngine();\n return engine['getAppConfig'](appId);\n}\n\n/**\n * Check if user is organisation admin\n * \n * @param userId - User ID\n * @param organisationId - Organisation ID\n * @returns Promise resolving to organisation admin status\n */\nexport async function isOrganisationAdmin(userId: UUID, organisationId: UUID): Promise<boolean> {\n const accessLevel = await getAccessLevel({\n userId,\n scope: { organisationId },\n });\n \n return accessLevel === 'admin' || accessLevel === 'super';\n}\n\n/**\n * Check if user is event admin\n * \n * @param userId - User ID\n * @param scope - Permission scope with eventId and appId\n * @returns Promise resolving to event admin status\n */\nexport async function isEventAdmin(userId: UUID, scope: Scope): Promise<boolean> {\n if (!scope.eventId || !scope.appId) {\n return false;\n }\n \n const accessLevel = await getAccessLevel({ userId, scope });\n return accessLevel === 'admin' || accessLevel === 'super';\n}\n\n/**\n * Invalidate user's permission cache\n * \n * @param userId - User ID\n * @param organisationId - Organisation ID (optional)\n */\nexport function invalidateUserCache(userId: UUID, organisationId?: UUID): void {\n if (organisationId) {\n rbacCache.invalidate(CACHE_PATTERNS.PERMISSION(userId, organisationId));\n } else {\n rbacCache.invalidate(CACHE_PATTERNS.USER(userId));\n }\n}\n\n/**\n * Invalidate organisation's permission cache\n * \n * @param organisationId - Organisation ID\n */\nexport function invalidateOrganisationCache(organisationId: UUID): void {\n rbacCache.invalidate(CACHE_PATTERNS.ORGANISATION(organisationId));\n}\n\n/**\n * Invalidate event's permission cache\n * \n * @param eventId - Event ID\n */\nexport function invalidateEventCache(eventId: string): void {\n rbacCache.invalidate(CACHE_PATTERNS.EVENT(eventId));\n}\n\n/**\n * Invalidate app's permission cache\n * \n * @param appId - App ID\n */\nexport function invalidateAppCache(appId: UUID): void {\n rbacCache.invalidate(CACHE_PATTERNS.APP(appId));\n}\n\n/**\n * Clear all permission cache\n */\nexport function clearCache(): void {\n rbacCache.clear();\n}\n"],"mappings":";;;;;;;;;;;;AAyRO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnC,YACE,SACO,MACA,SACP;AACA,UAAM,OAAO;AAHN;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAaO,IAAM,mCAAN,cAA+C,UAAU;AAAA,EAC9D,cAAc;AACZ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,0BAAN,cAAsC,UAAU;AAAA,EACrD,cAAc;AACZ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AAAA,EACd;AACF;;;ACnTO,IAAM,wBAAN,MAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjC,OAAO,mBAAmB,YAA6B;AACrD,QAAI,OAAO,eAAe,YAAY,WAAW,WAAW,GAAG;AAC7D,aAAO;AAAA,IACT;AAGA,UAAM,kBAAkB;AACxB,WAAO,gBAAgB,KAAK,UAAU;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,aAAa,MAAuB;AACzC,QAAI,OAAO,SAAS,YAAY,KAAK,WAAW,GAAG;AACjD,aAAO;AAAA,IACT;AAGA,UAAM,YAAY;AAClB,WAAO,UAAU,KAAK,IAAI;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,cAAc,OAAuB;AAC1C,QAAI,CAAC,SAAS,OAAO,UAAU,UAAU;AACvC,aAAO;AAAA,IACT;AAGA,QAAI,MAAM,kBAAkB,CAAC,KAAK,aAAa,MAAM,cAAc,GAAG;AACpE,aAAO;AAAA,IACT;AAGA,QAAI,MAAM,WAAW,OAAO,MAAM,YAAY,UAAU;AACtD,aAAO;AAAA,IACT;AAGA,QAAI,MAAM,SAAS,CAAC,KAAK,aAAa,MAAM,KAAK,GAAG;AAClD,aAAO;AAAA,IACT;AAGA,WAAO,CAAC,EAAE,MAAM,kBAAkB,MAAM,WAAW,MAAM;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,cAAc,OAAuB;AAC1C,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;AAAA,IACT;AAGA,WAAO,MACJ,QAAQ,YAAY,EAAE,EACtB,QAAQ,aAAa,EAAE,EACvB,QAAQ,UAAU,EAAE,EACpB,QAAQ,iBAAiB,EAAE,EAC3B,QAAQ,WAAW,EAAE,EACrB,KAAK;AAAA,EACV;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,eAAe,QAAuB;AAC3C,WAAO,KAAK,aAAa,MAAM;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,qBAAqB,YAA6B;AACvD,WAAO,WAAW,SAAS,GAAG,KAAK,WAAW,SAAS,IAAI;AAAA,EAC7D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,4BAA4B,YAAoB,mBAAoC;AACzF,QAAI,CAAC,KAAK,mBAAmB,UAAU,GAAG;AACxC,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,SAAS,IAAI,WAAW,MAAM,GAAG;AACxC,UAAM,YAAY,CAAC,QAAQ,UAAU,UAAU,UAAU,QAAQ;AAEjE,UAAM,kBAAkB,UAAU,QAAQ,SAAS;AACnD,UAAM,gBAAgB,UAAU,QAAQ,iBAAiB;AAEzD,QAAI,oBAAoB,MAAM,kBAAkB,IAAI;AAClD,aAAO;AAAA,IACT;AAGA,WAAO,mBAAmB;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,aAAa,eAAe,QAAc,WAAqC;AAG7E,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,4BAA4B,OAAc,OAAuB;AAEtE,QAAI,CAAC,MAAM,gBAAgB;AACzB,aAAO;AAAA,IACT;AAGA,QAAI,SAAS,MAAM,UAAU,OAAO;AAGlC,UAAI,CAAC,MAAM,SAAS;AAClB,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,iBAAiB,OAKf;AACP,UAAM,gBAAgB;AAAA,MACpB,GAAG;AAAA,MACH,WAAW,MAAM,aAAa,oBAAI,KAAK;AAAA,MACvC,UAAU,KAAK,iBAAiB,MAAM,IAAI;AAAA,IAC5C;AAGA,QAAI,OAAwC;AAC1C,cAAQ,KAAK,mBAAmB,aAAa;AAAA,IAC/C;AAAA,EAGF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAe,iBAAiB,WAA2D;AACzF,YAAQ,WAAW;AAAA,MACjB,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT;AACE,eAAO;AAAA,IACX;AAAA,EACF;AACF;AAgBO,IAAM,0BAA8C;AAAA,EACzD,uBAAuB;AAAA,EACvB,oBAAoB;AAAA,EACpB,oBAAoB;AAAA,EACpB,8BAA8B;AAAA,EAC9B,6BAA6B;AAC/B;AAgBO,IAAM,yBAAN,MAA6B;AAAA,EAGlC,YAAY,SAA6B,yBAAyB;AAChE,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,OAAY,SAG7B;AACD,UAAM,SAAmB,CAAC;AAE1B,QAAI,CAAC,KAAK,OAAO,uBAAuB;AACtC,aAAO,EAAE,SAAS,MAAM,QAAQ,CAAC,EAAE;AAAA,IACrC;AAGA,QAAI,CAAC,sBAAsB,eAAe,QAAQ,MAAM,GAAG;AACzD,aAAO,KAAK,wBAAwB;AAAA,IACtC;AAGA,QAAI,CAAC,sBAAsB,aAAa,QAAQ,cAAc,GAAG;AAC/D,aAAO,KAAK,gCAAgC;AAAA,IAC9C;AAGA,QAAI,MAAM,cAAc,CAAC,sBAAsB,mBAAmB,MAAM,UAAU,GAAG;AACnF,aAAO,KAAK,2BAA2B;AAAA,IACzC;AAGA,QAAI,MAAM,SAAS,CAAC,sBAAsB,cAAc,MAAM,KAAK,GAAG;AACpE,aAAO,KAAK,sBAAsB;AAAA,IACpC;AAGA,QAAI,OAAO,SAAS,GAAG;AACrB,4BAAsB,iBAAiB;AAAA,QACrC,MAAM;AAAA,QACN,QAAQ,QAAQ;AAAA,QAChB,SAAS,EAAE,QAAQ,OAAO,KAAK,cAAc,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,MACtE,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,MACL,SAAS,OAAO,WAAW;AAAA,MAC3B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAAe,SAGlB;AACD,QAAI,CAAC,KAAK,OAAO,oBAAoB;AACnC,aAAO,EAAE,WAAW,MAAM,WAAW,KAAK,OAAO,6BAA6B;AAAA,IAChF;AAGA,UAAM,YAAY,MAAM,sBAAsB;AAAA,MAC5C,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,WAAO;AAAA,MACL;AAAA,MACA,WAAW,KAAK,OAAO;AAAA,IACzB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,cAAc,OAAuB;AAC3C,WAAO,sBAAsB,cAAc,KAAK;AAAA,EAClD;AACF;;;AC1SO,IAAM,aAAN,MAAiB;AAAA,EAItB,YAAY,UAAoC;AAC9C,SAAK,WAAW;AAChB,SAAK,qBAAqB,IAAI,uBAAuB,uBAAuB;AAAA,EAC9E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,YAAY,OAAwB,iBAAqD;AAC7F,UAAM,YAAY,KAAK,IAAI;AAC3B,UAAM,EAAE,QAAQ,YAAY,OAAO,OAAO,IAAI;AAE9C,QAAI;AAEF,UAAI,iBAAiB;AACnB,cAAM,aAAa,MAAM,KAAK,mBAAmB,cAAc,OAAO,eAAe;AACrF,YAAI,CAAC,WAAW,SAAS;AACvB,gCAAsB,iBAAiB;AAAA,YACrC,MAAM;AAAA,YACN;AAAA,YACA,SAAS,EAAE,QAAQ,WAAW,QAAQ,OAAO,KAAK,UAAU,KAAK,EAAE;AAAA,UACrE,CAAC;AACD,iBAAO;AAAA,QACT;AAEA,cAAM,YAAY,MAAM,KAAK,mBAAmB,eAAe,eAAe;AAC9E,YAAI,CAAC,UAAU,WAAW;AACxB,gCAAsB,iBAAiB;AAAA,YACrC,MAAM;AAAA,YACN;AAAA,YACA,SAAS,EAAE,WAAW,UAAU,UAAU;AAAA,UAC5C,CAAC;AACD,iBAAO;AAAA,QACT;AAAA,MACF;AAGA,UAAI,iBAAiB;AACnB,YAAI,CAAC,sBAAsB,eAAe,MAAM,GAAG;AACjD,gCAAsB,iBAAiB;AAAA,YACrC,MAAM;AAAA,YACN;AAAA,YACA,SAAS,EAAE,OAAO,yBAAyB;AAAA,UAC7C,CAAC;AACD,iBAAO;AAAA,QACT;AAEA,YAAI,CAAC,sBAAsB,mBAAmB,UAAU,GAAG;AACzD,gCAAsB,iBAAiB;AAAA,YACrC,MAAM;AAAA,YACN;AAAA,YACA,SAAS,EAAE,OAAO,6BAA6B,WAAW;AAAA,UAC5D,CAAC;AACD,iBAAO;AAAA,QACT;AAEA,YAAI,CAAC,sBAAsB,cAAc,KAAK,GAAG;AAC/C,gCAAsB,iBAAiB;AAAA,YACrC,MAAM;AAAA,YACN;AAAA,YACA,SAAS,EAAE,OAAO,wBAAwB,MAAM;AAAA,UAClD,CAAC;AACD,iBAAO;AAAA,QACT;AAAA,MACF;AAEA,YAAMA,gBAAe,MAAM,KAAK,gBAAgB,MAAM;AACtD,UAAIA,eAAc;AAChB,cAAM,WAAW,KAAK,IAAI,IAAI;AAE9B,YAAI,MAAM,gBAAgB;AAExB,gBAAM,iBAAiB,MAAM,KAAK,cAAc,QAAQ,MAAM,KAAK;AACnE,gBAAM,eAAe;AAAA,YACnB,MAAM;AAAA,YACN;AAAA,YACA,gBAAgB,MAAM;AAAA,YACtB,SAAS,MAAM;AAAA,YACf,OAAO,MAAM;AAAA,YACb,QAAQ;AAAA,YACR;AAAA,YACA,UAAU;AAAA,YACV,QAAQ;AAAA,YACR,QAAQ;AAAA,YACR,aAAa;AAAA,UACf,CAAC;AAAA,QACH;AACA,eAAO;AAAA,MACT;AAGA,YAAM,iBAAiB,MAAM,KAAK,4BAA4B,OAAO,MAAM,KAAK;AAChF,UAAI,CAAC,gBAAgB;AACnB,cAAM,WAAW,KAAK,IAAI,IAAI;AAE9B,YAAI,MAAM,gBAAgB;AAExB,gBAAM,iBAAiB,MAAM,KAAK,cAAc,QAAQ,MAAM,KAAK;AACnE,gBAAM,eAAe;AAAA,YACnB,MAAM;AAAA,YACN;AAAA,YACA,gBAAgB,MAAM;AAAA,YACtB,SAAS,MAAM;AAAA,YACf,OAAO,MAAM;AAAA,YACb,QAAQ;AAAA,YACR;AAAA,YACA,QAAQ;AAAA,YACR,UAAU;AAAA,cACR,QAAQ;AAAA,cACR,oBAAoB,MAAM,QAAQ,MAAM,KAAK,aAAa,MAAM,KAAK,EAAE,KAAK,YAAU,QAAQ,cAAc,IAAI;AAAA,YAClH;AAAA,UACF,CAAC;AAAA,QACH;AACA,eAAO;AAAA,MACT;AAGA,YAAM,SAAS,MAAM,KAAK,oBAAoB,QAAQ,gBAAgB,MAAM;AAC5E,cAAQ,IAAI,kCAAkC,MAAM;AAGpD,YAAM,SAAS,OAAO,OAAO,OAAK,EAAE,SAAS,MAAM;AACnD,cAAQ,IAAI,6BAA6B,MAAM;AAC/C,iBAAW,QAAQ,QAAQ;AACzB,cAAM,UAAU,KAAK,kBAAkB,KAAK,YAAY,UAAU;AAClE,gBAAQ,IAAI,+BAA+B;AAAA,UACzC,gBAAgB,KAAK;AAAA,UACrB,qBAAqB;AAAA,UACrB;AAAA,QACF,CAAC;AACD,YAAI,SAAS;AACX,gBAAM,WAAW,KAAK,IAAI,IAAI;AAC9B,kBAAQ,IAAI,sDAAsD;AAElE,cAAI,MAAM,gBAAgB;AAExB,kBAAM,iBAAiB,MAAM,KAAK,cAAc,QAAQ,MAAM,KAAK;AACnE,kBAAM,eAAe;AAAA,cACnB,MAAM;AAAA,cACN;AAAA,cACA,gBAAgB,MAAM;AAAA,cACtB,SAAS,MAAM;AAAA,cACf,OAAO,MAAM;AAAA,cACb,QAAQ;AAAA,cACR;AAAA,cACA,QAAQ;AAAA,YACV,CAAC;AAAA,UACH;AACA,iBAAO;AAAA,QACT;AAAA,MACF;AAGA,YAAM,SAAS,OAAO,OAAO,OAAK,EAAE,SAAS,OAAO;AACpD,cAAQ,IAAI,8BAA8B,MAAM;AAChD,UAAIC,iBAAgB;AAGpB,YAAM,aAAqE,CAAC,QAAQ,YAAY,gBAAgB,QAAQ;AAExH,iBAAW,aAAa,YAAY;AAClC,cAAM,cAAc,OAAO,OAAO,OAAK,EAAE,UAAU,SAAS;AAC5D,gBAAQ,IAAI,yBAAyB,SAAS,YAAY,WAAW;AACrE,mBAAW,SAAS,aAAa;AAC/B,kBAAQ,IAAI,oDAAoD,SAAS,KAAK;AAAA,YAC5E,iBAAiB,MAAM;AAAA,YACvB,qBAAqB;AAAA,YACrB;AAAA,UACF,CAAC;AACD,gBAAM,UAAU,KAAK,kBAAkB,MAAM,YAAY,UAAU;AACnE,kBAAQ,IAAI,yCAAyC;AAAA,YACnD;AAAA,YACA,iBAAiB,MAAM;AAAA,YACvB,qBAAqB;AAAA,YACrB;AAAA,UACF,CAAC;AACD,cAAI,SAAS;AACX,oBAAQ,IAAI,sCAAsC,SAAS,aAAa;AACxE,YAAAA,iBAAgB;AAChB;AAAA,UACF;AAAA,QACF;AACA,YAAIA,eAAe;AAAA,MACrB;AAGA,YAAM,gBAAgBA;AACtB,YAAM,YAAY,KAAK,IAAI,IAAI;AAE/B,cAAQ,IAAI,gCAAgC;AAAA,QAC1C;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAAA;AAAA,QACA,aAAa,OAAO;AAAA,QACpB,aAAa,OAAO;AAAA,QACpB,aAAa,OAAO;AAAA,QACpB,UAAU;AAAA,MACZ,CAAC;AAGD,UAAI,MAAM,gBAAgB;AAExB,cAAM,iBAAiB,MAAM,KAAK,cAAc,QAAQ,MAAM,KAAK;AACnE,cAAM,eAAe;AAAA,UACnB,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,MAAM;AAAA,UACtB,SAAS,MAAM;AAAA,UACf,OAAO,MAAM;AAAA,UACb,QAAQ;AAAA,UACR;AAAA,UACA,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,aAAa;AAAA,QACf,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AAEd,4BAAsB,iBAAiB;AAAA,QACrC,MAAM;AAAA,QACN;AAAA,QACA,SAAS;AAAA,UACP,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,UAChD;AAAA,UACA,OAAO,KAAK,UAAU,KAAK;AAAA,QAC7B;AAAA,MACF,CAAC;AAGD,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,eAAe,OAA6D;AAChF,UAAM,EAAE,QAAQ,MAAM,IAAI;AAG1B,UAAMD,gBAAe,MAAM,KAAK,gBAAgB,MAAM;AACtD,QAAIA,eAAc;AAChB,aAAO;AAAA,IACT;AAGA,UAAM,iBAAiB,MAAM,KAAK,4BAA4B,OAAO,MAAM,KAAK;AAChF,QAAI,CAAC,gBAAgB;AACnB,aAAO;AAAA,IACT;AAGA,UAAM,WAAW,UAAU;AAAA,MACzB;AAAA,MACA,eAAe;AAAA,MACf,eAAe;AAAA,MACf,eAAe;AAAA,IACjB;AAEA,UAAM,SAAS,UAAU,IAAiB,QAAQ;AAClD,QAAI,QAAQ;AACV,aAAO;AAAA,IACT;AAGA,UAAM,UAAU,MAAM,KAAK,oBAAoB,QAAQ,eAAe,cAAe;AACrF,QAAI,YAAY,aAAa;AAC3B,gBAAU,IAAI,UAAU,OAAO;AAC/B,aAAO;AAAA,IACT;AAGA,QAAI,eAAe,WAAW,eAAe,OAAO;AAClD,YAAM,YAAY,MAAM,KAAK,gBAAgB,QAAQ,eAAe,SAAS,eAAe,KAAK;AACjG,UAAI,cAAc,eAAe;AAC/B,kBAAU,IAAI,UAAU,OAAO;AAC/B,eAAO;AAAA,MACT;AACA,UAAI,cAAc,WAAW;AAC3B,kBAAU,IAAI,UAAU,SAAS;AACjC,eAAO;AAAA,MACT;AACA,UAAI,cAAc,eAAe;AAC/B,kBAAU,IAAI,UAAU,aAAa;AACrC,eAAO;AAAA,MACT;AAAA,IACF;AAGA,cAAU,IAAI,UAAU,QAAQ;AAChC,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,iBAAiB,OAA+D;AACpF,UAAM,EAAE,QAAQ,MAAM,IAAI;AAG1B,UAAMA,gBAAe,MAAM,KAAK,gBAAgB,MAAM;AACtD,QAAIA,eAAc;AAChB,aAAO,CAAC;AAAA,IACV;AAGA,UAAM,iBAAiB,MAAM,KAAK,4BAA4B,OAAO,MAAM,KAAK;AAChF,QAAI,CAAC,gBAAgB;AACnB,aAAO,CAAC;AAAA,IACV;AAGA,UAAM,WAAW,UAAU;AAAA,MACzB;AAAA,MACA,eAAe;AAAA,MACf,eAAe;AAAA,MACf,eAAe;AAAA,IACjB;AAEA,UAAM,SAAS,UAAU,IAAmB,QAAQ;AACpD,QAAI,QAAQ;AACV,aAAO;AAAA,IACT;AAEA,UAAM,gBAA+B,CAAC;AAGtC,QAAI,eAAe,OAAO;AACxB,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,gBAAgB,EACrB,OAAO,eAAe,EACtB,GAAG,UAAU,eAAe,KAAK;AAEpC,UAAI,OAAO;AACT,mBAAW,QAAQ,OAAO;AACxB,gBAAM,aAA0B,CAAC;AAGjC,qBAAW,aAAa,CAAC,QAAQ,UAAU,UAAU,UAAU,QAAQ,GAAkB;AACvF,kBAAMC,iBAAgB,MAAM,KAAK,YAAY;AAAA,cAC3C;AAAA,cACA,OAAO;AAAA,cACP,YAAY,GAAG,SAAS,IAAI,KAAK,SAAS;AAAA,cAC1C,QAAQ,KAAK;AAAA,YACf,CAAC;AAED,gBAAIA,gBAAe;AACjB,yBAAW,KAAK,SAAS;AAAA,YAC3B;AAAA,UACF;AAEA,wBAAc,KAAK,EAAE,IAAI;AAAA,QAC3B;AAAA,MACF;AAAA,IACF;AAEA,cAAU,IAAI,UAAU,aAAa;AACrC,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAc,gBAAgB,QAAgC;AAE5D,UAAM,WAAW,eAAe,MAAM;AACtC,UAAM,SAAS,UAAU,IAAa,QAAQ;AAC9C,QAAI,WAAW,MAAM;AACnB,aAAO;AAAA,IACT;AAEA,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,mBAAmB,EACxB,OAAO,IAAI,EACX,GAAG,WAAW,MAAM,EACpB,GAAG,QAAQ,aAAa,EACxB,GAAG,YAAY,IAAI,EACnB,OAAO;AAEV,UAAMD,gBAAe,CAAC,SAAS,CAAC,CAAC;AAGjC,cAAU,IAAI,UAAUA,eAAc,GAAK;AAE3C,WAAOA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAa,OAA0D;AAC3E,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,WAAW,EAChB,OAAO,gBAAgB,EACvB,GAAG,MAAM,KAAK,EACd,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,QAAI,SAAS,CAAC,MAAM;AAClB,aAAO;AAAA,IACT;AAEA,WAAO,EAAE,gBAAgB,KAAK,eAAe;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAc,6BAA6B,SAAuC;AAChF,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,OAAO,EACZ,OAAO,iBAAiB,EACxB,GAAG,MAAM,OAAO,EAChB,OAAO;AAEV,QAAI,SAAS,CAAC,MAAM;AAClB,aAAO;AAAA,IACT;AAEA,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAc,4BAA4B,OAAc,OAAqC;AAE3F,QAAI,OAAO;AACT,YAAM,YAAY,MAAM,KAAK,aAAa,KAAK;AAC/C,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,MACT;AAEA,UAAI,UAAU,gBAAgB;AAE5B,YAAI,CAAC,MAAM,SAAS;AAClB,iBAAO;AAAA,QACT;AAGA,YAAI,CAAC,MAAM,gBAAgB;AACzB,gBAAM,gBAAgB,MAAM,KAAK,6BAA6B,MAAM,OAAO;AAC3E,cAAI,CAAC,eAAe;AAClB,mBAAO;AAAA,UACT;AACA,iBAAO;AAAA,YACL,GAAG;AAAA,YACH,gBAAgB;AAAA,UAClB;AAAA,QACF;AAEA,eAAO;AAAA,MACT,OAAO;AAEL,YAAI,CAAC,MAAM,gBAAgB;AACzB,iBAAO;AAAA,QACT;AAEA,eAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI,CAAC,MAAM,gBAAgB;AACzB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAc,oBACZ,QACA,OACA,QACkB;AAClB,UAAM,SAAmB,CAAC;AAC1B,UAAM,OAAM,oBAAI,KAAK,GAAE,YAAY;AAGnC,UAAM,YAAsB,CAAC;AAG7B,QAAI,MAAM,WAAW,MAAM,OAAO;AAChC,YAAM,EAAE,MAAM,WAAW,IAAI,MAAM,KAAK,SACrC,KAAK,sBAAsB,EAC3B,OAAO,oCAAoC,EAC3C,GAAG,WAAW,MAAM,EACpB,GAAG,YAAY,MAAM,OAAO,EAC5B,GAAG,UAAU,MAAM,KAAK,EACxB,GAAG,UAAU,QAAQ,EACrB,IAAI,cAAc,GAAG,EACrB,GAAG,iCAAiC,GAAG,EAAE;AAE5C,UAAI,YAAY;AACd,kBAAU,KAAK,GAAG,WAAW,IAAI,OAAK,EAAE,IAAI,CAAC;AAE7C,mBAAW,QAAQ,YAAY;AAC7B,iBAAO,KAAK;AAAA,YACV,MAAM;AAAA,YACN,YAAY,KAAK,0BAA0B,KAAK,IAAoB;AAAA,YACpE,OAAO;AAAA,YACP,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAGA,QAAI,MAAM,gBAAgB;AACxB,YAAM,EAAE,MAAM,SAAS,IAAI,MAAM,KAAK,SACnC,KAAK,yBAAyB,EAC9B,OAAO,oCAAoC,EAC3C,GAAG,WAAW,MAAM,EACpB,GAAG,mBAAmB,MAAM,cAAc,EAC1C,GAAG,UAAU,QAAQ,EACrB,IAAI,cAAc,GAAG,EACrB,GAAG,iCAAiC,GAAG,EAAE;AAE5C,UAAI,UAAU;AACZ,kBAAU,KAAK,GAAG,SAAS,IAAI,OAAK,EAAE,IAAI,CAAC;AAE3C,mBAAW,QAAQ,UAAU;AAC3B,iBAAO,KAAK;AAAA,YACV,MAAM;AAAA,YACN,YAAY,KAAK,wBAAwB,KAAK,IAAwB;AAAA,YACtE,OAAO;AAAA,YACP,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAEA,YAAQ,IAAI,qCAAqC,SAAS;AAG1D,QAAI,QAAQ;AAEV,UAAI,iBAA8B;AAClC,UAAI,OAAO,WAAW,UAAU;AAE9B,cAAM,YAAY;AAClB,YAAI,UAAU,KAAK,MAAM,GAAG;AAC1B,2BAAiB;AAAA,QACnB,OAAO;AAEL,gBAAM,QAAQ,MAAM;AACpB,cAAI,OAAO;AACT,kBAAM,EAAE,MAAM,KAAK,IAAI,MAAM,KAAK,SAC/B,KAAK,gBAAgB,EACrB,OAAO,IAAI,EACX,GAAG,UAAU,KAAK,EAClB,GAAG,aAAa,MAAM,EACtB,OAAO;AACV,6BAAiB,MAAM,MAAM;AAAA,UAC/B;AAAA,QACF;AAAA,MACF,OAAO;AACL,yBAAiB;AAAA,MACnB;AAEA,UAAI,kBAAkB,MAAM,OAAO;AACjC,gBAAQ,IAAI,qEAAqE,cAAc;AAG/F,YAAI,WAA0B;AAC9B,YAAI,OAAO,WAAW,YAAY,CAAC,kEAAkE,KAAK,MAAM,GAAG;AAEjH,qBAAW;AAAA,QACb,OAAO;AAEL,gBAAM,EAAE,MAAM,KAAK,IAAI,MAAM,KAAK,SAC/B,KAAK,gBAAgB,EACrB,OAAO,WAAW,EAClB,GAAG,MAAM,cAAc,EACvB,OAAO;AACV,qBAAW,MAAM,aAAa;AAAA,QAChC;AAIA,cAAM,YAAY,MAAM,KAAK,SAAS,IAAI,wBAAwB;AAAA,UAChE,WAAW;AAAA,UACX,UAAU,MAAM;AAAA,UAChB,YAAY,MAAM,WAAW;AAAA,UAC7B,mBAAmB,MAAM,kBAAkB;AAAA,UAC3C,WAAW;AAAA,QACb,CAAC;AAED,cAAM,EAAE,MAAM,eAAe,IAAI;AAEjC,gBAAQ,IAAI,+CAA+C,cAAc;AAEzE,YAAI,kBAAkB,UAAU;AAE9B,gBAAM,YAAY,eAAe;AAAA,YAAO,OACtC,EAAE,oBAAoB,qBACtB,EAAE,oBAAoB,yBACtB,EAAE,oBAAoB;AAAA,UACxB;AAEA,qBAAW,QAAQ,WAAW;AAE5B,gBAAI,UAAU,SAAS,KAAK,SAAS,GAAG;AACtC,sBAAQ,IAAI,4CAA4C,EAAE,WAAW,KAAK,iBAAiB,MAAM,KAAK,WAAW,SAAS,KAAK,gBAAgB,SAAS,CAAC;AACzJ,qBAAO,KAAK;AAAA,gBACV,MAAM,KAAK,iBAAiB,UAAU;AAAA;AAAA,gBAEtC,YAAY,GAAG,KAAK,eAAe,SAAS,QAAQ;AAAA,gBACpD,OAAO;AAAA,gBACP,QAAQ;AAAA,cACV,CAAC;AAAA,YACH;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,UAAM,EAAE,MAAM,YAAY,IAAI,MAAM,KAAK,SACtC,KAAK,mBAAmB,EACxB,OAAO,4BAA4B,EACnC,GAAG,WAAW,MAAM,EACpB,IAAI,cAAc,GAAG,EACrB,GAAG,iCAAiC,GAAG,EAAE;AAE5C,QAAI,aAAa;AACf,iBAAW,QAAQ,aAAa;AAC9B,YAAI,KAAK,SAAS,eAAe;AAC/B,iBAAO,KAAK;AAAA,YACV,MAAM;AAAA,YACN,YAAY;AAAA,YACZ,OAAO;AAAA,YACP,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAEA,YAAQ,IAAI,uCAAuC,MAAM;AAEzD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAc,qBACZ,QACA,QACA,YACA,OACkB;AAClB,QAAI,CAAC,QAAQ;AACX,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,SAAS,IAAI,WAAW,MAAM,GAAG;AAGxC,UAAM,YAAsB,CAAC;AAG7B,QAAI,MAAM,gBAAgB;AACxB,YAAM,UAAU,MAAM,KAAK,oBAAoB,QAAQ,MAAM,cAAc;AAC3E,UAAI,SAAS;AACX,kBAAU,KAAK,OAAO;AAAA,MACxB;AAAA,IACF;AAGA,QAAI,MAAM,WAAW,MAAM,OAAO;AAChC,YAAM,YAAY,MAAM,KAAK,gBAAgB,QAAQ,MAAM,SAAS,MAAM,KAAK;AAC/E,UAAI,WAAW;AACb,kBAAU,KAAK,SAAS;AAAA,MAC1B;AAAA,IACF;AAGA,QAAI,iBAA8B;AAClC,QAAI,OAAO,WAAW,UAAU;AAE9B,YAAM,YAAY;AAClB,UAAI,UAAU,KAAK,MAAM,GAAG;AAC1B,yBAAiB;AAAA,MACnB,OAAO;AAGL,YAAI,QAAQ,MAAM;AAClB,YAAI,CAAC,OAAO;AAEV,gBAAM,UAAU,QAAQ,IAAI,iBAAiB,QAAQ,IAAI;AACzD,cAAI,SAAS;AACX,kBAAM,EAAE,MAAM,IAAI,IAAI,MAAM,KAAK,SAC9B,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,OAAO,EAClB,GAAG,aAAa,IAAI,EACpB,OAAO;AACV,gBAAI,KAAK;AACP,sBAAQ,IAAI;AAAA,YACd;AAAA,UACF;AAAA,QACF;AAEA,YAAI,OAAO;AACT,gBAAM,EAAE,MAAM,KAAK,IAAI,MAAM,KAAK,SAC/B,KAAK,gBAAgB,EACrB,OAAO,IAAI,EACX,GAAG,UAAU,KAAK,EAClB,GAAG,aAAa,MAAM,EACtB,OAAO;AACV,2BAAiB,MAAM,MAAM;AAAA,QAC/B;AAAA,MACF;AAAA,IACF,OAAO;AACL,uBAAiB;AAAA,IACnB;AAEA,QAAI,CAAC,gBAAgB;AACnB,aAAO;AAAA,IACT;AAGA,UAAM,EAAE,MAAM,gBAAgB,IAAI,MAAM,KAAK,SAC1C,KAAK,uBAAuB,EAC5B,OAAO,SAAS,EAChB,GAAG,eAAe,cAAc,EAChC,GAAG,aAAa,SAAS,EACzB,GAAG,aAAa,SAAS,EACzB,OAAO;AAEV,WAAO,iBAAiB,WAAW;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAc,oBAAoB,QAAc,gBAAwD;AACtG,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,yBAAyB,EAC9B,OAAO,MAAM,EACb,GAAG,WAAW,MAAM,EACpB,GAAG,mBAAmB,cAAc,EACpC,GAAG,UAAU,QAAQ,EACrB,OAAO;AAEV,WAAO,QAAQ,OAAQ,MAAM,QAA6B;AAAA,EAC5D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAc,gBAAgB,QAAc,SAAiB,OAA2C;AACtG,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,sBAAsB,EAC3B,OAAO,oCAAoC,EAC3C,GAAG,WAAW,MAAM,EACpB,GAAG,YAAY,OAAO,EACtB,GAAG,UAAU,KAAK,EAClB,GAAG,UAAU,QAAQ,EACrB,IAAI,eAAc,oBAAI,KAAK,GAAE,YAAY,CAAC,EAC1C,GAAG,kCAAiC,oBAAI,KAAK,GAAE,YAAY,CAAC,EAAE,EAC9D,OAAO;AAEV,WAAO,QAAQ,OAAQ,MAAM,QAAyB;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,wBAAwB,MAAoC;AAClE,YAAQ,MAAM;AAAA,MACZ,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT;AACE,eAAO;AAAA,IACX;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,0BAA0B,MAAgC;AAChE,YAAQ,MAAM;AAAA,MACZ,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT;AACE,eAAO;AAAA,IACX;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASQ,kBAAkB,iBAA6B,qBAA0C;AAC/F,YAAQ,IAAI,iCAAiC,EAAE,iBAAiB,oBAAoB,CAAC;AAGrF,QAAI,oBAAoB,qBAAqB;AAC3C,cAAQ,IAAI,uCAAuC;AACnD,aAAO;AAAA,IACT;AAGA,QAAI,gBAAgB,SAAS,IAAI,KAAK,gBAAgB,SAAS,IAAI,GAAG;AACpE,YAAM,CAAC,SAAS,aAAa,IAAI,gBAAgB,MAAM,GAAG;AAC1D,YAAM,CAAC,aAAa,iBAAiB,IAAI,oBAAoB,MAAM,GAAG;AAEtE,cAAQ,IAAI,uCAAuC;AAAA,QACjD;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,iBAAiB,YAAY;AAAA,MAC/B,CAAC;AAED,UAAI,YAAY,aAAa;AAG3B,cAAM,SAAS,cAAc,MAAM,GAAG,EAAE;AACxC,cAAM,UAAU,WAAW,MAAM,kBAAkB,WAAW,MAAM;AACpE,gBAAQ,IAAI,8CAA8C,EAAE,QAAQ,QAAQ,CAAC;AAC7E,eAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI,gBAAgB,SAAS,GAAG,GAAG;AACjC,YAAM,CAAC,SAAS,aAAa,IAAI,gBAAgB,MAAM,GAAG;AAC1D,YAAM,CAAC,aAAa,iBAAiB,IAAI,oBAAoB,MAAM,GAAG;AAEtE,cAAQ,IAAI,6CAA6C;AAAA,QACvD;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,iBAAiB,YAAY;AAAA,MAC/B,CAAC;AAED,UAAI,YAAY,aAAa;AAE3B,cAAM,SAAS,cAAc,QAAQ,KAAK,EAAE;AAC5C,cAAM,UAAU,kBAAkB,WAAW,MAAM;AACnD,gBAAQ,IAAI,oDAAoD,EAAE,QAAQ,QAAQ,CAAC;AACnF,eAAO;AAAA,MACT;AAAA,IACF;AAEA,YAAQ,IAAI,oCAAoC;AAChD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAc,cAAc,QAAwB,OAAkD;AACpG,QAAI,CAAC,QAAQ;AACX,aAAO;AAAA,IACT;AAGA,UAAM,YAAY;AAClB,QAAI,UAAU,KAAK,MAAM,GAAG;AAC1B,aAAO;AAAA,IACT;AAGA,QAAI,CAAC,OAAO;AAEV,aAAO;AAAA,IACT;AAGA,QAAI;AACF,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,KAAK,SAC/B,KAAK,gBAAgB,EACrB,OAAO,IAAI,EACX,GAAG,UAAU,KAAK,EAClB,GAAG,aAAa,MAAM,EACtB,OAAO;AAEV,aAAO,MAAM,MAAM;AAAA,IACrB,SAAS,OAAO;AACd,cAAQ,KAAK,sDAAsD,EAAE,QAAQ,OAAO,MAAM,CAAC;AAC3F,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAQO,SAAS,iBAAiB,UAAgD;AAC/E,SAAO,IAAI,WAAW,QAAQ;AAChC;;;AC59BA,IAAM,oBAAN,MAAwB;AAAA,EAAxB;AACE,SAAQ,SAA4B;AACpC,SAAQ,SAA4B;AAAA;AAAA,EAEpC,UAAU,QAA0B;AAClC,SAAK,SAAS;AACd,SAAK,YAAY;AAAA,EACnB;AAAA,EAEA,YAA+B;AAC7B,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,YAAwB;AACtB,QAAI,CAAC,KAAK,QAAQ;AAChB,WAAK,SAAS,KAAK,oBAAoB;AAAA,IACzC;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,cAAoB;AAC1B,QAAI,CAAC,KAAK,OAAQ;AAElB,UAAM,EAAE,QAAQ,OAAO,WAAW,OAAO,IAAI,KAAK;AAElD,SAAK,SAAS;AAAA,MACZ,OAAO,CAAC,YAAoB,SAAoB;AAC9C,gBAAQ,MAAM,gBAAgB,OAAO,IAAI,GAAG,IAAI;AAAA,MAClD;AAAA,MACA,MAAM,CAAC,YAAoB,SAAoB;AAC7C,YAAI,aAAa,UAAU,aAAa,UAAU,aAAa,SAAS;AACtE,kBAAQ,KAAK,eAAe,OAAO,IAAI,GAAG,IAAI;AAAA,QAChD;AAAA,MACF;AAAA,MACA,MAAM,CAAC,YAAoB,SAAoB;AAC7C,YAAI,aAAa,UAAU,aAAa,SAAS;AAC/C,kBAAQ,KAAK,eAAe,OAAO,IAAI,GAAG,IAAI;AAAA,QAChD;AAAA,MACF;AAAA,MACA,OAAO,CAAC,YAAoB,SAAoB;AAC9C,YAAI,SAAS,aAAa,SAAS;AACjC,kBAAQ,MAAM,gBAAgB,OAAO,IAAI,GAAG,IAAI;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,sBAAkC;AACxC,WAAO;AAAA,MACL,OAAO,CAAC,YAAoB,SAAoB,QAAQ,MAAM,gBAAgB,OAAO,IAAI,GAAG,IAAI;AAAA,MAChG,MAAM,CAAC,YAAoB,SAAoB,QAAQ,KAAK,eAAe,OAAO,IAAI,GAAG,IAAI;AAAA,MAC7F,MAAM,CAAC,YAAoB,SAAoB,QAAQ,KAAK,eAAe,OAAO,IAAI,GAAG,IAAI;AAAA,MAC7F,OAAO,CAAC,YAAoB,SAAoB,QAAQ,MAAM,gBAAgB,OAAO,IAAI,GAAG,IAAI;AAAA,IAClG;AAAA,EACF;AAAA,EAEA,cAAuB;AACrB,WAAO,KAAK,QAAQ,SAAS;AAAA,EAC/B;AAAA,EAEA,oBAA6B;AAC3B,WAAO,KAAK,QAAQ,mBAAmB;AAAA,EACzC;AAAA,EAEA,qBAAqD;AACnD,WAAO,KAAK,QAAQ,mBAAmB;AAAA,EACzC;AACF;AAGA,IAAM,gBAAgB,IAAI,kBAAkB;AAErC,SAAS,iBAAiB,QAAgC;AAC/D,gBAAc,UAAU,MAAM;AAC9B,SAAO;AACT;AAEO,SAAS,gBAAmC;AACjD,SAAO,cAAc,UAAU;AACjC;AAEO,SAAS,gBAA4B;AAC1C,SAAO,cAAc,UAAU;AACjC;AAEO,SAAS,cAAuB;AACrC,SAAO,cAAc,YAAY;AACnC;AAEO,SAAS,oBAA6B;AAC3C,SAAO,cAAc,kBAAkB;AACzC;;;ACtGA,IAAI,eAAkC;AAQ/B,SAAS,UAAU,UAAoC,QAAoC;AAChG,QAAM,SAAS,cAAc;AAG7B,QAAM,aAAyB;AAAA,IAC7B;AAAA,IACA,OAAO;AAAA,IACP,UAAU;AAAA,IACV,iBAAiB;AAAA,IACjB,GAAG;AAAA,EACL;AAEA,mBAAiB,UAAU;AAE3B,iBAAe,iBAAiB,QAAQ;AAGxC,QAAM,eAAe,mBAAmB,QAAQ;AAChD,wBAAsB,YAAY;AAElC,SAAO,KAAK,sCAAsC;AACpD;AAQA,SAAS,YAAwB;AAC/B,MAAI,CAAC,cAAc;AACjB,UAAM,IAAI,wBAAwB;AAAA,EACpC;AACA,SAAO;AACT;AAgBA,eAAsB,eAAe,OAGZ;AACvB,QAAM,SAAS,UAAU;AACzB,SAAO,OAAO,eAAe,KAAK;AACpC;AAoBA,eAAsB,iBAAiB,OAGZ;AACzB,QAAM,SAAS,UAAU;AACzB,SAAO,OAAO,iBAAiB,KAAK;AACtC;AAkBA,eAAsB,YAAY,OAA0C;AAC1E,QAAM,SAAS,UAAU;AACzB,SAAO,OAAO,YAAY,KAAK;AACjC;AAQA,eAAsB,kBAAkB,OAA0C;AAChF,QAAM,EAAE,QAAQ,OAAO,YAAY,OAAO,IAAI;AAG9C,QAAM,WAAW,UAAU,sBAAsB;AAAA,IAC/C;AAAA,IACA,gBAAgB,MAAM;AAAA,IACtB,SAAS,MAAM;AAAA,IACf,OAAO,MAAM;AAAA,IACb;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,SAAS,UAAU,IAAa,QAAQ;AAC9C,MAAI,WAAW,MAAM;AACnB,WAAO;AAAA,EACT;AAGA,QAAM,SAAS,MAAM,YAAY,KAAK;AAGtC,YAAU,IAAI,UAAU,MAAM;AAE9B,SAAO;AACT;AAQA,eAAsB,cAAc,OAA0C;AAC5E,SAAO,YAAY,KAAK;AAC1B;AAQA,eAAsB,iBAAiB,OAKlB;AACnB,QAAM,EAAE,aAAa,GAAG,UAAU,IAAI;AAEtC,aAAW,cAAc,aAAa;AACpC,UAAME,iBAAgB,MAAM,YAAY;AAAA,MACtC,GAAG;AAAA,MACH;AAAA,IACF,CAAC;AAED,QAAIA,gBAAe;AACjB,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAQA,eAAsB,kBAAkB,OAKnB;AACnB,QAAM,EAAE,aAAa,GAAG,UAAU,IAAI;AAEtC,aAAW,cAAc,aAAa;AACpC,UAAMA,iBAAgB,MAAM,YAAY;AAAA,MACtC,GAAG;AAAA,MACH;AAAA,IACF,CAAC;AAED,QAAI,CAACA,gBAAe;AAClB,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAQA,eAAsB,aAAa,QAAgC;AACjE,QAAM,SAAS,UAAU;AACzB,SAAO,OAAO,iBAAiB,EAAE,MAAM;AACzC;AAQA,eAAsB,aAAa,OAA0D;AAC3F,QAAM,SAAS,UAAU;AACzB,SAAO,OAAO,cAAc,EAAE,KAAK;AACrC;AASA,eAAsB,oBAAoB,QAAc,gBAAwC;AAC9F,QAAM,cAAc,MAAM,eAAe;AAAA,IACvC;AAAA,IACA,OAAO,EAAE,eAAe;AAAA,EAC1B,CAAC;AAED,SAAO,gBAAgB,WAAW,gBAAgB;AACpD;AASA,eAAsB,aAAa,QAAc,OAAgC;AAC/E,MAAI,CAAC,MAAM,WAAW,CAAC,MAAM,OAAO;AAClC,WAAO;AAAA,EACT;AAEA,QAAM,cAAc,MAAM,eAAe,EAAE,QAAQ,MAAM,CAAC;AAC1D,SAAO,gBAAgB,WAAW,gBAAgB;AACpD;AAQO,SAAS,oBAAoB,QAAc,gBAA6B;AAC7E,MAAI,gBAAgB;AAClB,cAAU,WAAW,eAAe,WAAW,QAAQ,cAAc,CAAC;AAAA,EACxE,OAAO;AACL,cAAU,WAAW,eAAe,KAAK,MAAM,CAAC;AAAA,EAClD;AACF;AAOO,SAAS,4BAA4B,gBAA4B;AACtE,YAAU,WAAW,eAAe,aAAa,cAAc,CAAC;AAClE;AAOO,SAAS,qBAAqB,SAAuB;AAC1D,YAAU,WAAW,eAAe,MAAM,OAAO,CAAC;AACpD;AAOO,SAAS,mBAAmB,OAAmB;AACpD,YAAU,WAAW,eAAe,IAAI,KAAK,CAAC;AAChD;AAKO,SAAS,aAAmB;AACjC,YAAU,MAAM;AAClB;","names":["isSuperAdmin","hasPermission","hasPermission"]}

package/dist/chunk-DY5E3AT7.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/providers/AuthProvider.tsx","../src/providers/RBACProvider.tsx","../src/hooks/useInactivityTracker.ts","../src/components/InactivityWarningModal/InactivityWarningModal.tsx","../src/providers/InactivityProvider.tsx","../src/providers/UnifiedAuthProvider.tsx","../src/providers/OrganisationProvider.tsx"],"sourcesContent":["/**\n * @file Authentication Provider\n * @package @jmruthers/pace-core\n * @module Providers/Auth\n * @since 0.1.0\n *\n * Handles user authentication, session management, and auth-related operations.\n * Separated from UnifiedAuthProvider for better maintainability.\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { type SupabaseClient, type User, type Session, AuthError } from '@supabase/supabase-js';\nimport { DebugLogger } from '../utils/debugLogger';\n\n// Auth context type\nexport interface AuthContextType {\n // Auth state\n user: User | null;\n session: Session | null;\n isAuthenticated: boolean;\n authLoading: boolean;\n authError: AuthError | null;\n error: AuthError | null; // Alias for authError for backward compatibility\n supabase: SupabaseClient | null;\n \n // Auth methods\n signIn: (email: string, password?: string) => Promise<{ error: AuthError | null }>;\n signUp: (email: string, password: string) => Promise<{ error: AuthError | null }>;\n signOut: () => Promise<{ error: AuthError | null }>;\n resetPassword: (email: string) => Promise<{ error: AuthError | null }>;\n updatePassword: (password: string) => Promise<{ error: AuthError | null }>;\n refreshSession: () => Promise<{ error: AuthError | null }>;\n}\n\nconst AuthContext = createContext<AuthContextType | undefined>(undefined);\n\nexport const useAuth = () => {\n const context = useContext(AuthContext);\n if (!context) {\n throw new Error('useAuth must be used within an AuthProvider');\n }\n return context;\n};\n\nexport interface AuthProviderProps {\n children: React.ReactNode;\n supabaseClient?: SupabaseClient;\n}\n\nexport function AuthProvider({ children, supabaseClient }: AuthProviderProps) {\n // Auth state\n const [user, setUser] = useState<User | null>(null);\n const [session, setSession] = useState<Session | null>(null);\n const [authLoading, setAuthLoading] = useState(true);\n const [authError, setAuthError] = useState<AuthError | null>(null);\n\n // Global error handler to suppress AuthSessionMissingError during logout\n useEffect(() => {\n const handleError = (event: ErrorEvent) => {\n if (event.error?.message?.includes('AuthSessionMissingError') || \n event.error?.message?.includes('Auth session missing')) {\n console.warn('[AuthProvider] Suppressing AuthSessionMissingError during logout');\n event.preventDefault();\n return false;\n }\n };\n\n const handleUnhandledRejection = (event: PromiseRejectionEvent) => {\n if (event.reason?.message?.includes('AuthSessionMissingError') ||\n event.reason?.message?.includes('Auth session missing')) {\n console.warn('[AuthProvider] Suppressing unhandled AuthSessionMissingError');\n event.preventDefault();\n return false;\n }\n };\n\n window.addEventListener('error', handleError);\n window.addEventListener('unhandledrejection', handleUnhandledRejection);\n\n return () => {\n window.removeEventListener('error', handleError);\n window.removeEventListener('unhandledrejection', handleUnhandledRejection);\n };\n }, []);\n\n // Load initial user if no session but supabase client exists\n useEffect(() => {\n if (!supabaseClient) return;\n\n const loadInitialUser = async () => {\n try {\n const response = await supabaseClient.auth.getUser();\n const { data: { user: initialUser }, error } = response || { data: { user: null }, error: null };\n if (error) {\n console.warn('Failed to get initial user:', error);\n setAuthLoading(false);\n return;\n }\n \n if (initialUser) {\n setUser(initialUser);\n }\n setAuthLoading(false);\n } catch (error) {\n console.error('Error loading initial user:', error);\n setAuthLoading(false);\n }\n };\n\n // Only load initial user if we haven't set up the auth state change listener yet\n // This prevents race conditions between loadInitialUser and auth state change\n const timeoutId = setTimeout(() => {\n if (authLoading && !user && !session) {\n loadInitialUser();\n }\n }, 100);\n\n return () => clearTimeout(timeoutId);\n }, [supabaseClient, authLoading, user, session]);\n\n // Auth state change listener\n useEffect(() => {\n if (!supabaseClient) {\n setAuthLoading(false);\n return;\n }\n\n // Shorter timeout to prevent hanging\n const timeoutId = setTimeout(() => {\n if (authLoading) {\n console.warn('AuthProvider: Auth loading timeout reached');\n setAuthLoading(false);\n }\n }, 2000); // Reduced from 5000 to 2000\n\n try {\n DebugLogger.log('AuthProvider', 'Setting up auth state change listener...');\n const authStateChange = supabaseClient.auth.onAuthStateChange(\n (event, session) => {\n try {\n DebugLogger.log('AuthProvider', 'Auth state changed:', event, session?.user?.email);\n \n // Clear timeout immediately when we get an auth state change\n clearTimeout(timeoutId);\n \n // Handle different auth events\n if (event === 'SIGNED_OUT') {\n DebugLogger.log('AuthProvider', 'User signed out, clearing all state');\n // Clear all state immediately and aggressively\n setSession(null);\n setUser(null);\n setAuthLoading(false);\n setAuthError(null);\n } else {\n setSession(session);\n setUser(session?.user ?? null);\n setAuthLoading(false);\n \n // Only clear auth error if we have a valid session\n if (session) {\n setAuthError(null);\n }\n }\n } catch (error) {\n console.warn('[AuthProvider] Error in auth state change handler:', error);\n // Ensure loading is always set to false\n setAuthLoading(false);\n }\n }\n );\n\n const subscription = authStateChange?.data?.subscription || authStateChange;\n \n return () => {\n clearTimeout(timeoutId);\n if (subscription && typeof subscription.unsubscribe === 'function') {\n DebugLogger.log('AuthProvider', 'Cleaning up auth state listener');\n subscription.unsubscribe();\n }\n };\n } catch (error) {\n console.error('AuthProvider: Error setting up auth state change listener:', error);\n \n // Don't set authError for connection issues or auth session missing errors\n if (error instanceof Error && \n !error.message.includes('No API key found') && \n !error.message.includes('AuthSessionMissingError') &&\n !error.message.includes('Auth session missing')) {\n setAuthError(error as AuthError);\n }\n setAuthLoading(false);\n clearTimeout(timeoutId);\n return () => {};\n }\n }, [supabaseClient]);\n\n // Auth methods\n const signIn = useCallback(async (email: string, password?: string) => {\n if (!supabaseClient) {\n const error = new Error('No Supabase client provided') as AuthError;\n setAuthError(error);\n return { error };\n }\n\n setAuthLoading(true);\n setAuthError(null);\n \n try {\n const { error } = await supabaseClient.auth.signInWithPassword({ email, password: password || '' });\n if (error) {\n setAuthError(error);\n }\n return { error };\n } catch (err: any) {\n const authError = err as AuthError;\n setAuthError(authError);\n return { error: authError };\n } finally {\n setAuthLoading(false);\n }\n }, [supabaseClient]);\n\n const signUp = useCallback(async (email: string, password: string) => {\n if (!supabaseClient) {\n const error = new Error('No Supabase client provided') as AuthError;\n setAuthError(error);\n return { error };\n }\n\n setAuthError(null);\n try {\n const { error } = await supabaseClient.auth.signUp({ email, password });\n if (error) {\n setAuthError(error);\n }\n return { error };\n } catch (err: any) {\n const authError = err as AuthError;\n setAuthError(authError);\n return { error: authError };\n }\n }, [supabaseClient]);\n\n const signOut = useCallback(async () => {\n DebugLogger.log('AuthProvider', 'signOut called');\n \n // Immediately set loading to false to prevent timeout warnings\n setAuthLoading(false);\n \n if (!supabaseClient) {\n DebugLogger.log('AuthProvider', 'No supabase client, clearing state manually');\n setUser(null);\n setSession(null);\n setAuthError(null);\n return { error: null };\n }\n \n // Clear state immediately before calling Supabase signOut\n DebugLogger.log('AuthProvider', 'Pre-clearing state before signOut call');\n setUser(null);\n setSession(null);\n setAuthError(null);\n \n try {\n DebugLogger.log('AuthProvider', 'Calling supabase signOut');\n \n // Add a timeout to prevent hanging\n const signOutPromise = supabaseClient.auth.signOut();\n const timeoutPromise = new Promise((_, reject) => \n setTimeout(() => reject(new Error('SignOut timeout')), 3000)\n );\n \n const { error } = await Promise.race([signOutPromise, timeoutPromise]) as any;\n \n if (error && !error.message?.includes('SignOut timeout')) {\n console.error('[AuthProvider] signOut error:', error);\n // Don't set auth error for logout - we've already cleared state\n }\n \n DebugLogger.log('AuthProvider', 'signOut process completed');\n return { error: null }; // Always return success for logout\n } catch (err) {\n console.warn('[AuthProvider] signOut exception (ignored):', err);\n // Ignore errors during logout - state is already cleared\n return { error: null };\n }\n }, [supabaseClient]);\n\n const resetPassword = useCallback(async (email: string) => {\n if (!supabaseClient) {\n const error = new Error('No Supabase client provided') as AuthError;\n setAuthError(error);\n return { error };\n }\n\n setAuthError(null);\n try {\n const { error } = await supabaseClient.auth.resetPasswordForEmail(email);\n if (error) {\n setAuthError(error);\n }\n return { error };\n } catch (err: any) {\n const authError = err as AuthError;\n setAuthError(authError);\n return { error: authError };\n }\n }, [supabaseClient]);\n\n const updatePassword = useCallback(async (password: string) => {\n if (!supabaseClient) return { error: new AuthError('Supabase client not available.', 500) };\n const { error } = await supabaseClient.auth.updateUser({ password });\n if (error) {\n setAuthError(error);\n }\n return { error };\n }, [supabaseClient]);\n\n const refreshSession = useCallback(async () => {\n if (!supabaseClient) {\n const error = new Error('No Supabase client provided') as AuthError;\n setAuthError(error);\n return { error };\n }\n\n setAuthError(null);\n try {\n const { error } = await supabaseClient.auth.refreshSession();\n if (error) {\n setAuthError(error);\n }\n return { error };\n } catch (err: any) {\n const authError = err as AuthError;\n setAuthError(authError);\n return { error: authError };\n }\n }, [supabaseClient]);\n\n // Memoized derived values\n const isAuthenticated = !!user;\n\n // Memoized context value\n const contextValue = useMemo<AuthContextType>(() => ({\n user,\n session,\n isAuthenticated,\n authLoading,\n authError,\n error: authError, // Alias for backward compatibility\n supabase: supabaseClient || null,\n\n signIn,\n signUp,\n signOut,\n resetPassword,\n updatePassword,\n refreshSession,\n }), [\n user, session, isAuthenticated, authLoading, authError, supabaseClient,\n signIn, signUp, signOut, resetPassword, updatePassword, refreshSession,\n ]);\n\n return (\n <AuthContext.Provider value={contextValue}>\n {children}\n </AuthContext.Provider>\n );\n}\n","/**\n * @file RBAC Provider\n * @package @jmruthers/pace-core\n * @module Providers/RBAC\n * @since 0.1.0\n *\n * Handles role-based access control, permissions, and event access management.\n * Separated from UnifiedAuthProvider for better maintainability.\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { type SupabaseClient, type User, type Session } from '@supabase/supabase-js';\nimport { AccessLevel } from '../types/unified';\nimport { DebugLogger } from '../utils/debugLogger';\n\n// App configuration type\ninterface AppConfig {\n supports_direct_access: boolean;\n requires_event: boolean;\n}\n\n// User event access type - now includes organisation context for security\nexport interface UserEventAccess {\n event_id: string;\n event_name: string;\n event_description?: string | null;\n start_date: string;\n end_date: string;\n event_status: string;\n app_id: string;\n access_level: string;\n granted_at: string;\n organisation_id: string; // MANDATORY for security\n}\n\n// RBAC context type\nexport interface RBACContextType {\n // RBAC state\n permissions: Record<string, boolean>;\n roles: string[];\n accessLevel: AccessLevel;\n rbacLoading: boolean;\n rbacError: Error | null;\n selectedEventId: string | null;\n appConfig: AppConfig | null;\n userEventAccess: UserEventAccess[];\n eventAccessLoading: boolean;\n \n // Organisation context integration\n selectedOrganisationId: string | null;\n requireOrganisationContext: () => string; // Throws if no organisation context\n \n // RBAC methods\n hasPermission: (permission: string, orgId?: string) => boolean;\n hasAnyPermission: (permissions: string[], orgId?: string) => boolean;\n hasAllPermissions: (permissions: string[], orgId?: string) => boolean;\n hasRole: (role: string) => boolean;\n hasAccessLevel: (level: AccessLevel) => boolean;\n canAccess: (resource: string, action: string, orgId?: string) => boolean;\n validatePermission: (permission: string, orgId?: string) => Promise<boolean>;\n validateAccess: (resource: string, action: string, orgId?: string) => Promise<boolean>;\n refreshPermissions: (eventId?: string, orgId?: string) => Promise<void>;\n setSelectedEventId: (eventId: string | null) => void;\n loadUserEventAccess: (orgId?: string) => Promise<void>;\n getUserEventAccess: (eventId: string) => UserEventAccess | undefined;\n \n // New RBAC system support\n rbacEnabled: boolean;\n rbacContext?: any; // Will be populated by useRBAC hook when enabled\n}\n\nconst RBACContext = createContext<RBACContextType | undefined>(undefined);\n\nexport const useRBAC = () => {\n const context = useContext(RBACContext);\n if (!context) {\n throw new Error('useRBAC must be used within an RBACProvider');\n }\n return context;\n};\n\nexport interface RBACProviderProps {\n children: React.ReactNode;\n supabaseClient?: SupabaseClient;\n user: User | null;\n session: Session | null;\n appName: string;\n enableRBAC?: boolean;\n persistState?: boolean;\n enablePersistence?: boolean;\n requireOrganisationContext?: boolean;\n}\n\n// Storage keys for persistence\nconst STORAGE_KEYS = {\n SELECTED_EVENT: 'pace-core-selected-event',\n} as const;\n\n// Helper function to transform RBAC permissions to the format expected by UnifiedAuthProvider\nconst transformRBACPermissions = (rbacData: any[], _appName: string) => {\n const permissions: Record<string, boolean> = {};\n let roles: string[] = [];\n let access_level: AccessLevel = AccessLevel.VIEWER;\n\n if (!rbacData || !Array.isArray(rbacData)) {\n return { permissions: {}, roles: ['viewer'], access_level: AccessLevel.VIEWER };\n }\n\n // Check for super admin first\n const superAdminPerm = rbacData.find((p: any) => p.permission_type === 'all_permissions');\n if (superAdminPerm) {\n return { \n permissions: { 'all:all': true } as Record<string, boolean>, \n roles: ['super'], \n access_level: AccessLevel.SUPER \n };\n }\n\n // Process event-app permissions\n const eventAppPerms = rbacData.filter((p: any) => p.permission_type === 'event_app_access');\n if (eventAppPerms.length > 0) {\n const role = eventAppPerms[0].role_name;\n \n // Map RBAC roles to AccessLevel\n switch (role) {\n case 'event_admin':\n access_level = AccessLevel.ADMIN;\n roles = ['admin'];\n break;\n case 'planner':\n access_level = AccessLevel.PLANNER;\n roles = ['planner'];\n break;\n case 'participant':\n access_level = AccessLevel.PARTICIPANT;\n roles = ['participant'];\n break;\n case 'editor':\n access_level = AccessLevel.EDITOR;\n roles = ['editor'];\n break;\n case 'viewer':\n default:\n access_level = AccessLevel.VIEWER;\n roles = ['viewer'];\n break;\n }\n\n // For now, we'll set basic permissions based on role\n // In a full implementation, you'd want to fetch page-specific permissions\n const basePermissions = ['read'];\n if (['event_admin', 'planner'].includes(role)) {\n basePermissions.push('create', 'update');\n }\n if (role === 'event_admin') {\n basePermissions.push('delete');\n }\n\n // Set permissions for all pages (simplified approach)\n // In a real implementation, you'd want to get actual page permissions\n basePermissions.forEach(operation => {\n permissions[`default:${operation}`] = true;\n });\n }\n\n // Process organisation permissions\n const orgPerms = rbacData.filter((p: any) => p.permission_type === 'organisation_access');\n if (orgPerms.length > 0) {\n const role = orgPerms[0].role_name;\n if (role === 'org_admin') {\n access_level = AccessLevel.ADMIN;\n roles = ['admin'];\n // Org admins get all permissions\n ['create', 'read', 'update', 'delete'].forEach(operation => {\n permissions[`default:${operation}`] = true;\n });\n }\n }\n\n return { permissions, roles, access_level };\n};\n\nexport function RBACProvider({\n children,\n supabaseClient,\n user,\n session,\n appName,\n enableRBAC = false,\n persistState = true,\n enablePersistence,\n requireOrganisationContext: _requireOrganisationContext = true,\n}: RBACProviderProps) {\n // Use enablePersistence if provided, otherwise use persistState\n const shouldPersist = enablePersistence !== undefined ? enablePersistence : persistState;\n\n // RBAC state\n const [permissions, setPermissions] = useState<Record<string, boolean>>({});\n const [roles, setRoles] = useState<string[]>([]);\n const [accessLevel, setAccessLevel] = useState<AccessLevel>(AccessLevel.VIEWER);\n const [rbacLoading, setRbacLoading] = useState(false);\n const [rbacError, setRbacError] = useState<Error | null>(null);\n const [selectedEventId, setSelectedEventId] = useState<string | null>(null);\n const [appConfig, setAppConfig] = useState<AppConfig | null>(null);\n const [userEventAccess, setUserEventAccess] = useState<UserEventAccess[]>([]);\n const [eventAccessLoading, setEventAccessLoading] = useState(false);\n \n // Organisation context state\n const [selectedOrganisationId, _setSelectedOrganisationId] = useState<string | null>(null);\n\n // Load app configuration on mount and when appName changes\n useEffect(() => {\n if (!supabaseClient) return;\n\n const loadAppConfig = async () => {\n try {\n // Use the same app name resolution as PagePermissionGuard\n const { getCurrentAppName } = await import('../utils/appNameResolver');\n const resolvedAppName = getCurrentAppName() || appName;\n \n // First resolve app name to app_id\n const { data: appData, error: appError } = await supabaseClient\n .from('rbac_apps')\n .select('id')\n .eq('name', resolvedAppName)\n .eq('is_active', true)\n .single();\n\n if (appError || !appData) {\n console.warn('App not found or inactive:', resolvedAppName);\n setAppConfig({\n supports_direct_access: false,\n requires_event: true\n });\n return;\n }\n\n const response = await supabaseClient.rpc('get_app_config', {\n p_app_id: appData.id\n });\n \n const { data } = response || {};\n\n if (data && data.length > 0) {\n setAppConfig({\n supports_direct_access: data[0].supports_direct_access,\n requires_event: data[0].requires_event\n });\n } else {\n // Default configuration if app not found\n setAppConfig({\n supports_direct_access: false,\n requires_event: true\n });\n }\n } catch (error) {\n console.warn(\"Clearing corrupted localStorage data\");\n if (typeof localStorage !== 'undefined') {\n localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n }\n console.warn('Failed to load app configuration:', error);\n // Default configuration on error\n setAppConfig({\n supports_direct_access: false,\n requires_event: true\n });\n }\n };\n\n loadAppConfig();\n }, [supabaseClient, appName]);\n\n // Set super admin roles based on user metadata\n useEffect(() => {\n // Check if user has super admin role in metadata\n const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n if (isSuperAdmin) {\n setRoles(['super_admin']);\n } else {\n setRoles([]);\n }\n }, [user]);\n\n // Load persisted auth state on mount\n useEffect(() => {\n if (!shouldPersist) return;\n\n try {\n const persistedEvent = localStorage.getItem(STORAGE_KEYS.SELECTED_EVENT);\n if (persistedEvent) {\n setSelectedEventId(JSON.parse(persistedEvent));\n }\n } catch (error) {\n console.warn(\"Clearing corrupted localStorage data\");\n localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n }\n }, [shouldPersist]);\n\n // Persist auth state changes\n useEffect(() => {\n if (!shouldPersist) return;\n\n try {\n if (selectedEventId) {\n localStorage.setItem(\n STORAGE_KEYS.SELECTED_EVENT,\n JSON.stringify(selectedEventId),\n );\n } else {\n localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n }\n } catch (error) {\n console.warn(\"Clearing corrupted localStorage data\");\n localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n console.warn('Failed to persist auth state:', error);\n }\n }, [selectedEventId, shouldPersist]);\n\n // Load RBAC data when user is authenticated\n const refreshPermissions = useCallback(async (eventId?: string) => {\n if (!supabaseClient || !user || !appConfig || !session) {\n DebugLogger.log('RBACProvider', 'refreshPermissions: Missing required dependencies, clearing permissions');\n setPermissions({});\n setRoles([]);\n setAccessLevel(AccessLevel.VIEWER);\n return;\n }\n\n // Check for super admin first - admin override should happen regardless of app configuration\n const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n if (isSuperAdmin) {\n setPermissions({\n 'admin:create': true,\n 'admin:read': true,\n 'admin:update': true,\n 'admin:delete': true,\n 'users:create': true,\n 'users:read': true,\n 'users:update': true,\n 'users:delete': true,\n 'events:create': true,\n 'events:read': true,\n 'events:update': true,\n 'events:delete': true\n });\n setRoles(['super_admin']);\n setAccessLevel(AccessLevel.ADMIN);\n return;\n }\n\n // Determine if we should load permissions without an event\n const shouldLoadDirectPermissions = !eventId && !appConfig.requires_event;\n const shouldLoadEventPermissions = eventId;\n const shouldClearPermissions = !eventId && appConfig.requires_event;\n\n // If no eventId and app requires events, clear permissions\n if (shouldClearPermissions) {\n setPermissions({});\n setRoles([]);\n setAccessLevel(AccessLevel.VIEWER);\n return;\n }\n\n // Only proceed if we should load permissions\n if (!shouldLoadDirectPermissions && !shouldLoadEventPermissions) {\n return;\n }\n\n setRbacLoading(true);\n setRbacError(null);\n\n try {\n // Use the same app name resolution as PagePermissionGuard\n const { getCurrentAppName } = await import('../utils/appNameResolver');\n const resolvedAppName = getCurrentAppName() || appName;\n \n // First resolve app name to app_id\n const { data: appData, error: appError } = await supabaseClient\n .from('rbac_apps')\n .select('id')\n .eq('name', resolvedAppName)\n .eq('is_active', true)\n .single();\n\n if (appError || !appData) {\n console.warn('App not found or inactive:', resolvedAppName);\n setRbacLoading(false);\n return;\n }\n\n const { data, error } = await supabaseClient.rpc('get_rbac_permissions', {\n p_user_id: user.id,\n p_app_id: appData.id,\n p_event_id: eventId || null,\n p_organisation_id: selectedOrganisationId || null\n });\n\n if (error) {\n throw error;\n }\n\n const { permissions, roles, access_level } = transformRBACPermissions(data, appName);\n\n setPermissions(permissions);\n setRoles(roles);\n setAccessLevel(access_level);\n } catch (err: any) {\n setRbacError(err);\n } finally {\n setRbacLoading(false);\n }\n }, [supabaseClient, user, session, appName, appConfig, selectedOrganisationId]);\n\n // Load user event access data\n const loadUserEventAccess = useCallback(async () => {\n if (!supabaseClient || !user || !session) {\n DebugLogger.log('RBACProvider', 'loadUserEventAccess: Missing required dependencies, clearing event access');\n setUserEventAccess([]);\n return;\n }\n\n setEventAccessLoading(true);\n try {\n // Use the same app name resolution as PagePermissionGuard\n const { getCurrentAppName } = await import('../utils/appNameResolver');\n const resolvedAppName = getCurrentAppName() || appName;\n \n // First resolve app name to app_id\n const { data: appData, error: appError } = await supabaseClient\n .from('rbac_apps')\n .select('id')\n .eq('name', resolvedAppName)\n .eq('is_active', true)\n .single();\n\n if (appError || !appData) {\n console.warn('App not found or inactive:', resolvedAppName);\n setEventAccessLoading(false);\n return;\n }\n\n const { data, error } = await supabaseClient\n .from('rbac_event_app_roles')\n .select(`\n event_id,\n role,\n granted_at\n `)\n .eq('user_id', user.id)\n .eq('app_id', appData.id);\n\n if (error) {\n console.error('Failed to load user event access:', error);\n setUserEventAccess([]);\n return;\n }\n\n const eventAccess = data?.map(item => ({\n event_id: item.event_id,\n event_name: 'Unknown Event', // Event details not available in this query\n event_description: null, // Not available in this schema\n start_date: '', // Event date not available in this query\n end_date: '', // Event date not available in this query\n event_status: 'unknown', // Not available in this schema\n app_id: appData.id,\n access_level: item.role, // Map role to access_level\n granted_at: item.granted_at,\n organisation_id: '' // Will be populated from event's organisation_id if needed\n })) || [];\n\n setUserEventAccess(eventAccess);\n } catch (error) {\n console.warn(\"Clearing corrupted localStorage data\");\n localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n console.error('Error loading user event access:', error);\n setUserEventAccess([]);\n } finally {\n setEventAccessLoading(false);\n }\n }, [supabaseClient, user, session, appName]);\n\n // Helper function to get access for a specific event\n const getUserEventAccess = useCallback((eventId: string) => {\n return userEventAccess.find(access => access.event_id === eventId);\n }, [userEventAccess]);\n\n // When the selected event ID changes, user logs in, or app config loads, refresh permissions\n useEffect(() => {\n // Don't run if user is null (signed out) or no app config\n if (!user || !appConfig || !session) {\n DebugLogger.log('RBACProvider', 'Skipping permission refresh - no user, session, or app config');\n return;\n }\n\n // Check for super admin first - admin override should happen regardless of app configuration\n const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n if (isSuperAdmin) {\n setPermissions({\n 'admin:create': true,\n 'admin:read': true,\n 'admin:update': true,\n 'admin:delete': true,\n 'users:create': true,\n 'users:read': true,\n 'users:update': true,\n 'users:delete': true,\n 'events:create': true,\n 'events:read': true,\n 'events:update': true,\n 'events:delete': true\n });\n setRoles(['super_admin']);\n setAccessLevel(AccessLevel.ADMIN);\n return;\n }\n\n if (selectedEventId) {\n // Event-based permissions\n refreshPermissions(selectedEventId);\n } else if (!appConfig.requires_event) {\n // Direct app permissions (no event needed)\n refreshPermissions();\n } else {\n // No event and app requires events - clear permissions\n setPermissions({});\n setRoles([]);\n setAccessLevel(AccessLevel.VIEWER);\n }\n }, [selectedEventId, user, session, appConfig, refreshPermissions]);\n\n // Load user event access when user changes\n useEffect(() => {\n if (user && session) {\n DebugLogger.log('RBACProvider', 'Loading user event access for authenticated user');\n loadUserEventAccess();\n } else {\n DebugLogger.log('RBACProvider', 'Clearing user event access - no user or session');\n setUserEventAccess([]);\n }\n }, [user, session, loadUserEventAccess]);\n\n // Permission methods\n const hasPermission = useCallback((permission: string) => {\n const hasPerm = !!permissions[permission];\n return hasPerm;\n }, [permissions]);\n const hasAnyPermission = useCallback((perms: string[]) => perms.some(p => !!permissions[p]), [permissions]);\n const hasAllPermissions = useCallback((perms: string[]) => perms.every(p => !!permissions[p]), [permissions]);\n const hasRole = useCallback((role: string) => {\n const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n if (role.toLowerCase() === 'super_admin') {\n return isSuperAdmin;\n }\n return roles.includes(role);\n }, [roles, user]);\n const hasAccessLevel = useCallback((level: AccessLevel) => {\n const levels = Object.values(AccessLevel);\n return levels.indexOf(accessLevel) >= levels.indexOf(level);\n }, [accessLevel]);\n const canAccess = useCallback((resource: string, action: string) => {\n const permission = `${resource}:${action}`;\n const hasAccess = hasPermission(permission);\n return hasAccess;\n }, [hasPermission]);\n const validatePermission = useCallback(async (permission: string) => hasPermission(permission), [hasPermission]);\n const validateAccess = useCallback(async (resource: string, action: string) => {\n // Placeholder for more complex logic, e.g., re-validating with backend\n return Promise.resolve(canAccess(resource, action));\n }, [canAccess]);\n\n // Memoized context value\n const contextValue = useMemo<RBACContextType>(() => ({\n permissions,\n roles,\n accessLevel,\n rbacLoading,\n rbacError,\n selectedEventId,\n appConfig,\n userEventAccess,\n eventAccessLoading,\n\n // Organisation context\n selectedOrganisationId,\n requireOrganisationContext: () => {\n if (!selectedOrganisationId) {\n throw new Error('Organisation context is required but not available');\n }\n return selectedOrganisationId;\n },\n\n hasPermission,\n hasAnyPermission,\n hasAllPermissions,\n hasRole,\n hasAccessLevel,\n canAccess,\n validatePermission,\n validateAccess,\n refreshPermissions,\n setSelectedEventId,\n \n // New RBAC system support\n rbacEnabled: enableRBAC,\n rbacContext: undefined, // Will be populated by useRBAC hook when enabled\n \n loadUserEventAccess,\n getUserEventAccess\n }), [\n permissions, roles, accessLevel, rbacLoading, rbacError, selectedEventId, appConfig,\n userEventAccess, eventAccessLoading, selectedOrganisationId,\n hasPermission, hasAnyPermission, hasAllPermissions, hasRole, hasAccessLevel, canAccess,\n validatePermission, validateAccess, refreshPermissions, setSelectedEventId,\n enableRBAC, loadUserEventAccess, getUserEventAccess\n ]);\n\n return (\n <RBACContext.Provider value={contextValue}>\n {children}\n </RBACContext.Provider>\n );\n}\n","/**\n * @file Inactivity Tracker Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useInactivityTracker\n * @since 0.1.0\n *\n * A custom hook that tracks user inactivity and provides cross-tab synchronization.\n * Monitors various user interactions and manages inactivity timers with persistence.\n *\n * Features:\n * - Cross-tab synchronization using BroadcastChannel and localStorage\n * - Monitors keyboard, mouse, touch, scroll, and focus events\n * - Throttled event handling for performance\n * - Persistence of last activity time across page reloads\n * - SSR-safe implementation with proper cleanup\n * - Configurable timeout and warning thresholds\n * - Production-safe with dev-only escape hatches\n *\n * @example\n * ```tsx\n * const {\n * isIdle,\n * timeRemaining,\n * showWarning,\n * resetActivity,\n * startTracking,\n * stopTracking\n * } = useInactivityTracker({\n * idleTimeoutMs: 30 * 60 * 1000, // 30 minutes\n * warnBeforeMs: 60 * 1000, // 1 minute\n * onIdle: () => console.log('User is idle'),\n * onWarning: () => console.log('Warning should show'),\n * onActivity: () => console.log('User is active')\n * });\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (utility hook)\n * - Enables accessible inactivity warnings\n * - Supports screen reader friendly countdowns\n * - Maintains focus management during warnings\n *\n * @performance\n * - Throttled event handling (100ms intervals)\n * - Efficient timer management with cleanup\n * - Minimal re-renders with stable references\n * - Memory leak prevention\n * - Cross-tab optimization\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Browser APIs - BroadcastChannel, localStorage, timers\n */\n\nimport { useState, useEffect, useCallback, useRef } from 'react';\n\nexport interface UseInactivityTrackerOptions {\n /** Timeout in milliseconds before user is considered idle (default: 30 minutes) */\n idleTimeoutMs?: number;\n /** Time in milliseconds before idle timeout to show warning (default: 60 seconds) */\n warnBeforeMs?: number;\n /** Callback when user becomes idle */\n onIdle?: () => void;\n /** Callback when warning should be shown */\n onWarning?: () => void;\n /** Callback when user becomes active again */\n onActivity?: () => void;\n /** Whether tracking is enabled (default: true) */\n enabled?: boolean;\n /** Storage key for persistence (default: 'pace-core-inactivity') */\n storageKey?: string;\n /** Broadcast channel name for cross-tab sync (default: 'pace-core-inactivity') */\n channelName?: string;\n}\n\nexport interface UseInactivityTrackerReturn {\n /** Whether the user is currently idle */\n isIdle: boolean;\n /** Time remaining in milliseconds before idle timeout */\n timeRemaining: number;\n /** Whether warning should be shown */\n showWarning: boolean;\n /** Reset the activity timer */\n resetActivity: () => void;\n /** Start tracking inactivity */\n startTracking: () => void;\n /** Stop tracking inactivity */\n stopTracking: () => void;\n /** Whether tracking is currently active */\n isTracking: boolean;\n}\n\n// Events that indicate user activity\nconst ACTIVITY_EVENTS = [\n 'mousedown',\n 'mousemove',\n 'mouseup',\n 'click',\n 'scroll',\n 'wheel',\n 'touchstart',\n 'touchmove',\n 'touchend',\n 'keydown',\n 'keyup',\n 'keypress',\n 'focus',\n 'blur',\n 'visibilitychange'\n] as const;\n\n// Throttle function to limit event handler frequency\nfunction throttle<T extends (...args: any[]) => void>(\n func: T,\n limit: number\n): (...args: Parameters<T>) => void {\n let inThrottle: boolean;\n return function (this: any, ...args: Parameters<T>) {\n if (!inThrottle) {\n func.apply(this, args);\n inThrottle = true;\n setTimeout(() => (inThrottle = false), limit);\n }\n };\n}\n\nexport function useInactivityTracker({\n idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n warnBeforeMs = 60 * 1000, // 1 minute\n onIdle,\n onWarning,\n onActivity,\n enabled = true,\n storageKey = 'pace-core-inactivity',\n channelName = 'pace-core-inactivity'\n}: UseInactivityTrackerOptions = {}): UseInactivityTrackerReturn {\n const [isIdle, setIsIdle] = useState(false);\n const [timeRemaining, setTimeRemaining] = useState(idleTimeoutMs);\n const [showWarning, setShowWarning] = useState(false);\n const [isTracking, setIsTracking] = useState(false);\n\n // Reset tracking state when enabled changes\n useEffect(() => {\n if (!enabled) {\n setIsTracking(false);\n setIsIdle(false);\n setShowWarning(false);\n setTimeRemaining(idleTimeoutMs);\n }\n }, [enabled, idleTimeoutMs]);\n\n const timeoutRef = useRef<NodeJS.Timeout | null>(null);\n const warningTimeoutRef = useRef<NodeJS.Timeout | null>(null);\n const countdownIntervalRef = useRef<NodeJS.Timeout | null>(null);\n const lastActivityRef = useRef<number>(Date.now());\n const channelRef = useRef<BroadcastChannel | null>(null);\n\n // Clear all timers\n const clearTimers = useCallback(() => {\n if (timeoutRef.current) {\n clearTimeout(timeoutRef.current);\n timeoutRef.current = null;\n }\n if (warningTimeoutRef.current) {\n clearTimeout(warningTimeoutRef.current);\n warningTimeoutRef.current = null;\n }\n if (countdownIntervalRef.current) {\n clearInterval(countdownIntervalRef.current);\n countdownIntervalRef.current = null;\n }\n }, []);\n\n // Reset activity and restart timers\n const resetActivity = useCallback((skipActivityCallback = false) => {\n if (!enabled) return;\n\n const now = Date.now();\n lastActivityRef.current = now;\n\n // Clear existing timers\n clearTimers();\n\n // Reset state\n setIsIdle(false);\n setShowWarning(false);\n setTimeRemaining(idleTimeoutMs);\n\n // Notify activity callback (unless skipped for initial setup)\n if (!skipActivityCallback) {\n onActivity?.();\n }\n\n // Set up warning timer\n const warningTime = idleTimeoutMs - warnBeforeMs;\n if (warningTime > 0) {\n warningTimeoutRef.current = setTimeout(() => {\n setShowWarning(true);\n onWarning?.();\n }, warningTime);\n }\n\n // Set up idle timeout\n timeoutRef.current = setTimeout(() => {\n setIsIdle(true);\n onIdle?.();\n }, idleTimeoutMs);\n\n // Start countdown interval for time remaining\n countdownIntervalRef.current = setInterval(() => {\n const elapsed = Date.now() - lastActivityRef.current;\n const remaining = Math.max(0, idleTimeoutMs - elapsed);\n setTimeRemaining(remaining);\n\n if (remaining === 0) {\n clearTimers();\n }\n }, 1000);\n\n // Persist activity time\n try {\n localStorage.setItem(storageKey, now.toString());\n } catch (error) {\n console.warn('[useInactivityTracker] Failed to persist activity time:', error);\n }\n\n // Broadcast activity to other tabs\n try {\n if (channelRef.current) {\n channelRef.current.postMessage({ type: 'activity', timestamp: now });\n }\n } catch (error) {\n console.warn('[useInactivityTracker] Failed to broadcast activity:', error);\n }\n }, [enabled, idleTimeoutMs, warnBeforeMs, onIdle, onWarning, onActivity, storageKey, clearTimers]);\n\n // Start tracking\n const startTracking = useCallback(() => {\n if (!enabled) return;\n\n // Always reset state and start fresh\n setIsTracking(false);\n setIsIdle(false);\n setShowWarning(false);\n setTimeRemaining(idleTimeoutMs);\n \n // Clear any existing timers\n clearTimers();\n \n setIsTracking(true);\n\n // Set up cross-tab communication\n try {\n if (typeof BroadcastChannel !== 'undefined') {\n channelRef.current = new BroadcastChannel(channelName);\n channelRef.current.onmessage = (event) => {\n if (event.data.type === 'activity') {\n lastActivityRef.current = event.data.timestamp;\n resetActivity();\n }\n };\n }\n } catch (error) {\n console.warn('[useInactivityTracker] Failed to set up cross-tab communication:', error);\n }\n\n // Check for persisted activity time\n try {\n const persistedTime = localStorage.getItem(storageKey);\n if (persistedTime) {\n const persistedTimestamp = parseInt(persistedTime, 10);\n const elapsed = Date.now() - persistedTimestamp;\n \n if (elapsed < idleTimeoutMs) {\n // User was active recently, continue from where we left off\n lastActivityRef.current = persistedTimestamp;\n const remaining = idleTimeoutMs - elapsed;\n setTimeRemaining(remaining);\n \n if (remaining <= warnBeforeMs) {\n setShowWarning(true);\n onWarning?.();\n }\n \n if (remaining <= 0) {\n setIsIdle(true);\n onIdle?.();\n return;\n }\n }\n }\n } catch (error) {\n console.warn('[useInactivityTracker] Failed to check persisted activity time:', error);\n }\n\n // Set up throttled activity handler\n const throttledResetActivity = throttle((event) => {\n resetActivity();\n }, 100);\n\n // Add event listeners\n const addEventListeners = () => {\n ACTIVITY_EVENTS.forEach(event => {\n document.addEventListener(event, throttledResetActivity, { passive: true });\n });\n };\n\n // Remove event listeners\n const removeEventListeners = () => {\n ACTIVITY_EVENTS.forEach(event => {\n document.removeEventListener(event, throttledResetActivity);\n });\n };\n\n // Add listeners\n addEventListeners();\n\n // Start the timer (skip activity callback for initial setup)\n resetActivity(true);\n\n // Cleanup function\n return () => {\n removeEventListeners();\n clearTimers();\n if (channelRef.current) {\n channelRef.current.close();\n channelRef.current = null;\n }\n };\n }, [enabled, isTracking, channelName, storageKey, idleTimeoutMs, warnBeforeMs, onIdle, onWarning]);\n\n // Stop tracking\n const stopTracking = useCallback(() => {\n setIsTracking(false);\n clearTimers();\n \n if (channelRef.current) {\n channelRef.current.close();\n channelRef.current = null;\n }\n }, [clearTimers]);\n\n // Effect to start/stop tracking based on enabled state\n useEffect(() => {\n if (enabled) {\n const cleanup = startTracking();\n return cleanup;\n } else {\n stopTracking();\n }\n }, [enabled, idleTimeoutMs, warnBeforeMs]);\n\n // Cleanup on unmount\n useEffect(() => {\n return () => {\n clearTimers();\n if (channelRef.current) {\n channelRef.current.close();\n }\n };\n }, [clearTimers]);\n\n return {\n isIdle,\n timeRemaining,\n showWarning,\n resetActivity,\n startTracking,\n stopTracking,\n isTracking\n };\n}\n","/**\n * @file Inactivity Warning Modal\n * @package @jmruthers/pace-core\n * @module Components/InactivityWarningModal\n * @since 0.1.0\n *\n * A modal dialog that warns users about impending auto-logout due to inactivity.\n * Provides a countdown timer and action buttons to either stay signed in or sign out immediately.\n *\n * Features:\n * - Accessible modal dialog with focus management\n * - Live countdown timer with 1-second updates\n * - Clear action buttons (Stay Signed In / Sign Out Now)\n * - Keyboard navigation support (Escape to stay signed in)\n * - Cross-tab awareness and synchronization\n * - Tailwind v4 styling with pace-core theme tokens\n * - Production-safe with no arbitrary bracket classes\n *\n * @example\n * ```tsx\n * <InactivityWarningModal\n * isOpen={showWarning}\n * timeRemaining={45}\n * onStaySignedIn={() => setShowWarning(false)}\n * onSignOutNow={() => signOut()}\n * />\n * ```\n *\n * @accessibility\n * - WCAG 2.1 AA compliant\n * - Focus trap within modal content\n * - Screen reader announcements for countdown changes\n * - Keyboard navigation support\n * - Clear visual hierarchy and contrast\n * - Escape key to stay signed in (safe default)\n *\n * @performance\n * - Efficient countdown updates (1-second intervals)\n * - Minimal re-renders with stable references\n * - Memory leak prevention with cleanup\n * - Optimized timer management\n *\n * @dependencies\n * - React 18+ - Hooks and effects\n * - Dialog components - Modal functionality\n * - Tailwind CSS v4 - Styling\n */\n\nimport React, { useEffect, useState, useCallback } from 'react';\nimport { Dialog, DialogContent, DialogHeader, DialogTitle, DialogDescription } from '../Dialog/Dialog';\nimport { Button } from '../Button/Button';\nimport { Clock, AlertTriangle } from 'lucide-react';\n\nexport interface InactivityWarningModalProps {\n /** Whether the modal is open */\n isOpen: boolean;\n /** Time remaining in seconds before auto-logout */\n timeRemaining: number;\n /** Callback when user chooses to stay signed in */\n onStaySignedIn: () => void;\n /** Callback when user chooses to sign out immediately */\n onSignOutNow: () => void;\n /** Optional custom title */\n title?: string;\n /** Optional custom description */\n description?: string;\n /** Optional custom className */\n className?: string;\n}\n\nexport function InactivityWarningModal({\n isOpen,\n timeRemaining,\n onStaySignedIn,\n onSignOutNow,\n title = \"Session Timeout Warning\",\n description = \"You've been inactive for a while. Your session will expire soon for security reasons.\",\n className\n}: InactivityWarningModalProps) {\n const [displayTime, setDisplayTime] = useState(timeRemaining);\n\n // Update display time when timeRemaining prop changes\n useEffect(() => {\n setDisplayTime(timeRemaining);\n }, [timeRemaining]);\n\n // Format time for display (MM:SS)\n const formatTime = useCallback((seconds: number) => {\n const mins = Math.floor(seconds / 60);\n const secs = seconds % 60;\n return `${mins.toString().padStart(2, '0')}:${secs.toString().padStart(2, '0')}`;\n }, []);\n\n\n\n\n return (\n <Dialog open={isOpen} onOpenChange={(open) => !open && onStaySignedIn()}>\n <DialogContent \n className={`sm:max-w-md ${className || ''}`}\n preventCloseOnEscape={false}\n preventCloseOnOutsideClick={true}\n data-testid=\"inactivity-warning-modal\"\n >\n <DialogHeader>\n <div className=\"flex items-center gap-3\">\n <div className=\"flex-shrink-0\">\n <AlertTriangle className=\"h-6 w-6 text-acc-600\" />\n </div>\n <div>\n <DialogTitle className=\"text-lg font-semibold text-main-900\">\n {title}\n </DialogTitle>\n </div>\n </div>\n <DialogDescription className=\"text-main-700 mt-2\">\n {description}\n </DialogDescription>\n </DialogHeader>\n\n <div className=\"space-y-6\">\n {/* Countdown Timer */}\n <div className=\"text-center\">\n <div className=\"inline-flex items-center gap-2 px-4 py-3 bg-acc-50 border border-acc-200 rounded-lg\">\n <Clock className=\"h-5 w-5 text-acc-600\" />\n <span className=\"text-2xl font-mono font-bold text-acc-700\">\n {formatTime(displayTime)}\n </span>\n </div>\n <p className=\"text-sm text-main-600 mt-2\">\n Time remaining before automatic logout\n </p>\n </div>\n\n {/* Action Buttons */}\n <div className=\"flex flex-col sm:flex-row gap-3\">\n <Button\n onClick={onStaySignedIn}\n className=\"flex-1 bg-main-600 hover:bg-main-700 text-main-50\"\n size=\"lg\"\n >\n Stay Signed In\n </Button>\n <Button\n onClick={onSignOutNow}\n variant=\"outline\"\n className=\"flex-1 border-acc-300 text-acc-700 hover:bg-acc-50\"\n size=\"lg\"\n >\n Sign Out Now\n </Button>\n </div>\n\n {/* Additional Info */}\n <div className=\"text-xs text-main-500 text-center\">\n <p>\n For security reasons, you'll be automatically signed out after 30 minutes of inactivity.\n </p>\n </div>\n </div>\n </DialogContent>\n </Dialog>\n );\n}\n","/**\n * @file Inactivity Provider\n * @package @jmruthers/pace-core\n * @module Providers/Inactivity\n * @since 0.1.0\n *\n * Handles inactivity tracking, auto-logout, and warning modals.\n * Separated from UnifiedAuthProvider for better maintainability.\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { useInactivityTracker } from '../hooks/useInactivityTracker';\nimport { InactivityWarningModal } from '../components/InactivityWarningModal/InactivityWarningModal';\n\n// Inactivity context type\nexport interface InactivityContextType {\n // Inactivity state\n showInactivityWarning: boolean;\n inactivityTimeRemaining: number;\n isIdle: boolean;\n timeRemaining: number;\n showWarning: boolean;\n isTracking: boolean;\n \n // Inactivity methods\n resetActivity: () => void;\n startTracking: () => void;\n stopTracking: () => void;\n handleIdleLogout: () => Promise<void>;\n handleStaySignedIn: () => void;\n handleSignOutNow: () => Promise<void>;\n}\n\nconst InactivityContext = createContext<InactivityContextType | undefined>(undefined);\n\nexport const useInactivity = () => {\n const context = useContext(InactivityContext);\n if (!context) {\n throw new Error('useInactivity must be used within an InactivityProvider');\n }\n return context;\n};\n\nexport interface InactivityProviderProps {\n children: React.ReactNode;\n user: any; // User from auth context\n session: any; // Session from auth context\n supabaseClient: any; // Supabase client\n idleTimeoutMs?: number; // Default: 30 minutes\n warnBeforeMs?: number; // Default: 60 seconds\n onIdleLogout?: (reason: 'inactivity') => void; // App handles redirect/navigation\n renderInactivityWarning?: (args: {\n timeRemaining: number;\n onStaySignedIn: () => void;\n onSignOutNow: () => void;\n }) => React.ReactNode; // Optional custom warning UI\n dangerouslyDisableInactivity?: boolean; // Dev-only; must not disable in production\n}\n\nexport function InactivityProvider({\n children,\n user,\n session,\n supabaseClient,\n idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n warnBeforeMs = 60 * 1000, // 60 seconds\n onIdleLogout,\n renderInactivityWarning,\n dangerouslyDisableInactivity = false\n}: InactivityProviderProps) {\n // Inactivity state\n const [showInactivityWarning, setShowInactivityWarning] = useState(false);\n const [inactivityTimeRemaining, setInactivityTimeRemaining] = useState(0);\n\n // Production safety check for inactivity feature\n useEffect(() => {\n if (typeof window !== 'undefined') {\n const isProduction = process.env.NODE_ENV === 'production';\n \n if (isProduction && dangerouslyDisableInactivity) {\n console.error('[InactivityProvider] CRITICAL: dangerouslyDisableInactivity is not allowed in production! Auto-enabling inactivity feature.');\n }\n \n if (!isProduction && dangerouslyDisableInactivity) {\n console.warn('[InactivityProvider] Inactivity feature disabled for development. This will NOT work in production.');\n }\n }\n }, [dangerouslyDisableInactivity]);\n\n // Inactivity tracking\n const isInactivityEnabled = typeof window !== 'undefined' && \n (process.env.NODE_ENV !== 'production' ? !dangerouslyDisableInactivity : true);\n\n const {\n isIdle,\n timeRemaining,\n showWarning,\n resetActivity,\n startTracking,\n stopTracking,\n isTracking\n } = useInactivityTracker({\n idleTimeoutMs,\n warnBeforeMs,\n enabled: isInactivityEnabled && !!user && !!session,\n onIdle: useCallback(() => {\n // Handle idle logout inline to avoid circular dependency\n setShowInactivityWarning(false);\n setInactivityTimeRemaining(0);\n \n // Sign out via Supabase\n if (supabaseClient) {\n supabaseClient.auth.signOut().catch((error: any) => {\n console.error('[InactivityProvider] Error during idle logout:', error);\n });\n }\n \n // Call app callback for navigation/redirect\n onIdleLogout?.('inactivity');\n }, [supabaseClient, onIdleLogout]),\n onWarning: useCallback(() => {\n setShowInactivityWarning(true);\n setInactivityTimeRemaining(warnBeforeMs);\n }, [warnBeforeMs]),\n onActivity: useCallback(() => {\n setShowInactivityWarning(false);\n setInactivityTimeRemaining(0);\n }, [])\n });\n\n // Handle idle logout (for manual calls)\n const handleIdleLogout = useCallback(async () => {\n // Hide warning\n setShowInactivityWarning(false);\n setInactivityTimeRemaining(0);\n \n // Stop tracking\n stopTracking();\n \n // Sign out via Supabase\n try {\n if (supabaseClient) {\n await supabaseClient.auth.signOut();\n }\n } catch (error: any) {\n console.error('[InactivityProvider] Error during idle logout:', error);\n }\n \n // Call app callback for navigation/redirect\n onIdleLogout?.('inactivity');\n }, [supabaseClient, onIdleLogout, stopTracking]);\n\n // Handle stay signed in\n const handleStaySignedIn = useCallback(() => {\n setShowInactivityWarning(false);\n setInactivityTimeRemaining(0);\n resetActivity();\n }, [resetActivity]);\n\n // Handle sign out now\n const handleSignOutNow = useCallback(async () => {\n setShowInactivityWarning(false);\n setInactivityTimeRemaining(0);\n stopTracking();\n \n // Sign out via Supabase\n try {\n if (supabaseClient) {\n await supabaseClient.auth.signOut();\n }\n } catch (error: any) {\n console.error('[InactivityProvider] Error during manual sign out:', error);\n }\n \n // Call app callback for navigation/redirect\n onIdleLogout?.('inactivity');\n }, [supabaseClient, onIdleLogout, stopTracking]);\n\n // Update inactivity time remaining\n useEffect(() => {\n if (showWarning && timeRemaining > 0) {\n setInactivityTimeRemaining(Math.ceil(timeRemaining / 1000)); // Convert to seconds\n }\n }, [showWarning, timeRemaining]);\n\n // Memoized context value\n const contextValue = useMemo<InactivityContextType>(() => ({\n showInactivityWarning,\n inactivityTimeRemaining,\n isIdle,\n timeRemaining,\n showWarning,\n isTracking,\n resetActivity,\n startTracking,\n stopTracking,\n handleIdleLogout,\n handleStaySignedIn,\n handleSignOutNow,\n }), [\n showInactivityWarning,\n inactivityTimeRemaining,\n isIdle,\n timeRemaining,\n showWarning,\n isTracking,\n resetActivity,\n startTracking,\n stopTracking,\n handleIdleLogout,\n handleStaySignedIn,\n handleSignOutNow,\n ]);\n\n return (\n <InactivityContext.Provider value={contextValue}>\n {children}\n \n {/* Inactivity Warning Modal */}\n {showInactivityWarning && (\n renderInactivityWarning ? (\n renderInactivityWarning({\n timeRemaining: inactivityTimeRemaining,\n onStaySignedIn: handleStaySignedIn,\n onSignOutNow: handleSignOutNow\n })\n ) : (\n <InactivityWarningModal\n isOpen={showInactivityWarning}\n timeRemaining={inactivityTimeRemaining}\n onStaySignedIn={handleStaySignedIn}\n onSignOutNow={handleSignOutNow}\n />\n )\n )}\n </InactivityContext.Provider>\n );\n}\n","/**\n * @file Unified Authentication Provider\n * @package @jmruthers/pace-core\n * @module Providers/UnifiedAuth\n * @since 0.1.0\n *\n * A comprehensive authentication and RBAC provider that combines user authentication,\n * role-based access control, and permission management in a single unified context.\n * \n * This provider now uses composition of smaller, focused providers for better maintainability:\n * - AuthProvider: Handles authentication and session management\n * - RBACProvider: Handles role-based access control and permissions\n * - InactivityProvider: Handles inactivity tracking and auto-logout\n *\n * Features:\n * - Supabase authentication integration\n * - Role-based access control (RBAC)\n * - Permission management with database integration\n * - Access level hierarchy (VIEWER, PARTICIPANT, EDITOR, PLANNER, ADMIN, SUPER)\n * - Event-specific permissions\n * - Cross-device state persistence\n * - Loading state management\n * - Error handling and recovery\n * - Session management\n * - Admin role detection via user metadata\n * - Permission validation and caching\n * - Event selection and context switching\n * - Inactivity tracking and auto-logout\n *\n * @example\n * ```tsx\n * // Basic setup with Supabase\n * import { createClient } from '@supabase/supabase-js';\n * import { UnifiedAuthProvider } from '@jmruthers/pace-core';\n * \n * const supabase = createClient(url, key);\n * \n * function App() {\n * return (\n * <UnifiedAuthProvider supabaseClient={supabase} appName=\"My App\">\n * <Router>\n * <Routes>\n * <Route path=\"/login\" element={<LoginPage />} />\n * <Route path=\"/\" element={<Dashboard />} />\n * </Routes>\n * </Router>\n * </UnifiedAuthProvider>\n * );\n * }\n * \n * // Using authentication in components\n * function Dashboard() {\n * const { user, isAuthenticated, signOut } = useUnifiedAuth();\n * \n * if (!isAuthenticated) {\n * return <Navigate to=\"/login\" />;\n * }\n * \n * return (\n * <div>\n * <h1>Welcome, {user?.email}</h1>\n * <button onClick={signOut}>Sign Out</button>\n * </div>\n * );\n * }\n * \n * // Using RBAC permissions\n * function EventManager() {\n * const { \n * hasPermission, \n * hasRole, \n * hasAccessLevel, \n * setSelectedEventId \n * } = useUnifiedAuth();\n * \n * // Set event context for permissions\n * useEffect(() => {\n * setSelectedEventId('event-123');\n * }, []);\n * \n * return (\n * <div>\n * {hasPermission('events:read') && (\n * <EventList />\n * )}\n * {hasPermission('events:write') && (\n * <CreateEventButton />\n * )}\n * {hasRole('admin') && (\n * <AdminPanel />\n * )}\n * {hasAccessLevel(AccessLevel.PLANNER) && (\n * <EventPlanningTools />\n * )}\n * </div>\n * );\n * }\n * \n * // Advanced permission validation\n * function SecureComponent() {\n * const { validatePermission, canAccess } = useUnifiedAuth();\n * \n * const handleSensitiveAction = async () => {\n * const canPerform = await validatePermission('admin:system');\n * if (canPerform) {\n * // Perform action\n * }\n * };\n * \n * const canEditUsers = canAccess('users', 'write');\n * \n * return (\n * <div>\n * {canEditUsers && <UserEditor />}\n * <button onClick={handleSensitiveAction}>\n * Sensitive Action\n * </button>\n * </div>\n * );\n * }\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (context provider)\n * - Enables accessible permission-based UI rendering\n * - Supports screen reader friendly conditional content\n * - Maintains focus management during auth state changes\n *\n * @security\n * - Secure authentication via Supabase\n * - Permission-based access control\n * - Event-specific permission isolation\n * - Admin role validation via user metadata\n * - Session management and validation\n * - Error handling without exposure of sensitive data\n * - Database-backed permission validation\n *\n * @performance\n * - Optimized with useMemo and useCallback\n * - Permission caching and batching\n * - Minimal re-renders with stable references\n * - Lazy loading of permissions\n * - Event-based permission updates\n * - Composed providers for better code splitting\n *\n * @dependencies\n * - React 18+ - Context, hooks, and effects\n * - @supabase/supabase-js - Authentication backend\n * - AccessLevel enum - Permission levels\n * - Event types - Event context\n * - Local storage - State persistence\n * - AuthProvider - Authentication logic\n * - RBACProvider - RBAC logic\n * - InactivityProvider - Inactivity tracking\n */\n\nimport React, { createContext, useContext, useMemo } from 'react';\nimport { type SupabaseClient, type User, type Session, AuthError } from '@supabase/supabase-js';\nimport { AccessLevel } from '../types/unified';\nimport { AuthProvider, useAuth, type AuthContextType } from './AuthProvider';\nimport { RBACProvider, useRBAC, type RBACContextType, type UserEventAccess } from './RBACProvider';\nimport { InactivityProvider, useInactivity, type InactivityContextType } from './InactivityProvider';\n\n\n// Combined context type - now organisation-aware and secure\nexport interface UnifiedAuthContextType extends AuthContextType, RBACContextType, InactivityContextType {\n // Additional unified properties\n appName: string;\n \n // Combined states\n isLoading: boolean;\n hasErrors: boolean;\n}\n\nconst UnifiedAuthContext = createContext<UnifiedAuthContextType | undefined>(undefined);\n\nexport const useUnifiedAuth = () => {\n const context = useContext(UnifiedAuthContext);\n if (!context) {\n throw new Error('useUnifiedAuth must be used within a UnifiedAuthProvider');\n }\n return context;\n};\n\nexport interface UnifiedAuthProviderProps {\n children: React.ReactNode;\n supabaseClient?: SupabaseClient;\n appName: string;\n persistState?: boolean;\n enablePersistence?: boolean;\n requireOrganisationContext?: boolean; // Default: true for security\n enableRBAC?: boolean; // New prop for RBAC support\n \n // Inactivity auto-logout configuration\n idleTimeoutMs?: number; // Default: 30 minutes\n warnBeforeMs?: number; // Default: 60 seconds\n onIdleLogout?: (reason: 'inactivity') => void; // App handles redirect/navigation\n renderInactivityWarning?: (args: {\n timeRemaining: number;\n onStaySignedIn: () => void;\n onSignOutNow: () => void;\n }) => React.ReactNode; // Optional custom warning UI\n dangerouslyDisableInactivity?: boolean; // Dev-only; must not disable in production\n}\n\n// Re-export types for backward compatibility\nexport type { UserEventAccess } from './RBACProvider';\n\n// Internal component that combines all contexts\nfunction UnifiedAuthContextProvider({ \n children, \n appName,\n ...props \n}: UnifiedAuthProviderProps) {\n const auth = useAuth();\n const rbac = useRBAC();\n const inactivity = useInactivity();\n\n // Memoized combined context value\n const contextValue = useMemo<UnifiedAuthContextType>(() => ({\n ...auth,\n ...rbac,\n ...inactivity,\n appName,\n isLoading: auth.authLoading || rbac.rbacLoading,\n hasErrors: !!auth.authError || !!rbac.rbacError,\n }), [auth, rbac, inactivity, appName]);\n\n return (\n <UnifiedAuthContext.Provider value={contextValue}>\n {children}\n </UnifiedAuthContext.Provider>\n );\n}\n\n// Internal component that provides user/session to child providers\nfunction AuthAwareProviders({ \n children, \n supabaseClient,\n appName,\n persistState,\n enablePersistence,\n requireOrganisationContext,\n enableRBAC,\n idleTimeoutMs,\n warnBeforeMs,\n onIdleLogout,\n renderInactivityWarning,\n dangerouslyDisableInactivity\n}: UnifiedAuthProviderProps) {\n const auth = useAuth();\n\n return (\n <RBACProvider\n supabaseClient={supabaseClient}\n user={auth.user}\n session={auth.session}\n appName={appName}\n enableRBAC={enableRBAC}\n persistState={persistState}\n enablePersistence={enablePersistence}\n requireOrganisationContext={requireOrganisationContext}\n >\n <InactivityProvider\n user={auth.user}\n session={auth.session}\n supabaseClient={supabaseClient}\n idleTimeoutMs={idleTimeoutMs}\n warnBeforeMs={warnBeforeMs}\n onIdleLogout={onIdleLogout}\n renderInactivityWarning={renderInactivityWarning}\n dangerouslyDisableInactivity={dangerouslyDisableInactivity}\n >\n <UnifiedAuthContextProvider\n appName={appName}\n supabaseClient={supabaseClient}\n persistState={persistState}\n enablePersistence={enablePersistence}\n requireOrganisationContext={requireOrganisationContext}\n enableRBAC={enableRBAC}\n idleTimeoutMs={idleTimeoutMs}\n warnBeforeMs={warnBeforeMs}\n onIdleLogout={onIdleLogout}\n renderInactivityWarning={renderInactivityWarning}\n dangerouslyDisableInactivity={dangerouslyDisableInactivity}\n >\n {children}\n </UnifiedAuthContextProvider>\n </InactivityProvider>\n </RBACProvider>\n );\n}\n\nexport function UnifiedAuthProvider({\n children,\n supabaseClient,\n appName,\n persistState = true,\n enablePersistence,\n requireOrganisationContext = true,\n enableRBAC = false,\n idleTimeoutMs = 30 * 60 * 1000, // 30 minutes\n warnBeforeMs = 60 * 1000, // 60 seconds\n onIdleLogout,\n renderInactivityWarning,\n dangerouslyDisableInactivity = false\n}: UnifiedAuthProviderProps) {\n return (\n <AuthProvider supabaseClient={supabaseClient}>\n <AuthAwareProviders\n supabaseClient={supabaseClient}\n appName={appName}\n persistState={persistState}\n enablePersistence={enablePersistence}\n requireOrganisationContext={requireOrganisationContext}\n enableRBAC={enableRBAC}\n idleTimeoutMs={idleTimeoutMs}\n warnBeforeMs={warnBeforeMs}\n onIdleLogout={onIdleLogout}\n renderInactivityWarning={renderInactivityWarning}\n dangerouslyDisableInactivity={dangerouslyDisableInactivity}\n >\n {children}\n </AuthAwareProviders>\n </AuthProvider>\n );\n} ","/**\n * @file Organisation Provider\n * @package @jmruthers/pace-core\n * @module Providers/Organisation\n * @since 0.4.0\n *\n * Security-first organisation provider that enforces mandatory organisation context.\n * No data operations can proceed without valid organisation context.\n * \n * Features:\n * - Mandatory organisation selection for all operations\n * - User organisation membership validation\n * - Role-based access within organisations\n * - Secure organisation switching\n * - Hierarchy support for parent/child organisations\n * - Error handling for security violations\n * - Persistent organisation selection\n *\n * @example\n * ```tsx\n * // Basic setup - organisation context is mandatory\n * import { UnifiedAuthProvider, OrganisationProvider } from '@jmruthers/pace-core';\n * \n * function App() {\n * return (\n * <UnifiedAuthProvider supabaseClient={supabase} appName=\"MY_APP\">\n * <OrganisationProvider>\n * <YourAppContent />\n * </OrganisationProvider>\n * </UnifiedAuthProvider>\n * );\n * }\n * \n * // Using in components\n * function MyComponent() {\n * const { \n * selectedOrganisation, \n * getUserRole, \n * switchOrganisation \n * } = useOrganisations();\n * \n * // selectedOrganisation is guaranteed to be non-null when this renders\n * return (\n * <div>\n * <h1>{selectedOrganisation.display_name}</h1>\n * <p>Your role: {getUserRole()}</p>\n * </div>\n * );\n * }\n * ```\n *\n * @security\n * - All data access requires valid organisation context\n * - User membership validation on organisation load\n * - Role-based access control within organisations\n * - Secure organisation switching with validation\n * - Error states for security violations\n * - No fallback to default organisation - explicit selection required\n *\n * @dependencies\n * - React 18+ - Context, hooks, and effects\n * - UnifiedAuthProvider - Authentication context\n * - Supabase - Database operations\n * - Organisation types - Type definitions\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { useNavigate } from 'react-router-dom';\nimport { useUnifiedAuth } from './UnifiedAuthProvider';\nimport { setOrganisationContext } from '../utils/organisationContext';\nimport { DebugLogger } from '../utils/debugLogger';\nimport type {\n Organisation,\n OrganisationMembership,\n OrganisationContextType,\n OrganisationProviderProps,\n OrganisationSecurityError,\n OrganisationHierarchy\n} from '../types/organisation';\n\n// Create the context\nconst OrganisationContext = createContext<OrganisationContextType | undefined>(undefined);\n\n// Storage keys for persistence\nconst STORAGE_KEYS = {\n SELECTED_ORGANISATION: 'pace-core-selected-organisation',\n ORGANISATION_CONTEXT: 'pace-core-organisation-context',\n} as const;\n\n/**\n * Organisation Provider component that enforces mandatory organisation context\n * \n * This provider:\n * - Loads user's organisation memberships on authentication\n * - Validates user has at least one active organisation\n * - Auto-selects primary organisation or first available\n * - Provides security helpers for organisation validation\n * - Handles organisation switching with validation\n * - Persists organisation selection across sessions\n * \n * SECURITY: No children are rendered without valid organisation context\n */\nexport function OrganisationProvider({ children }: OrganisationProviderProps) {\n const [selectedOrganisation, setSelectedOrganisation] = useState<Organisation | null>(null);\n const [organisations, setOrganisations] = useState<Organisation[]>([]);\n const [userMemberships, setUserMemberships] = useState<OrganisationMembership[]>([]);\n const [roleMapState, setRoleMapState] = useState<Map<string, string>>(new Map());\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState<Error | null>(null);\n const [isContextReady, setIsContextReady] = useState(false);\n \n const { user, session, supabase, signOut } = useUnifiedAuth();\n \n // Use navigate hook conditionally to avoid test failures\n let navigate: any = null;\n try {\n navigate = useNavigate();\n } catch (error) {\n // In test environment or when no router context, navigate will be null\n navigate = null;\n }\n\n // Set organisation context in database session\n const setDatabaseOrganisationContext = useCallback(async (organisation: Organisation): Promise<void> => {\n if (!supabase || !session) {\n console.warn('[OrganisationProvider] No Supabase client or session available for setting organisation context');\n setIsContextReady(false);\n return;\n }\n\n try {\n await setOrganisationContext(supabase, organisation.id);\n DebugLogger.log('OrganisationProvider', 'Database organisation context set to:', organisation.display_name);\n setIsContextReady(true);\n } catch (error) {\n console.error('[OrganisationProvider] Failed to set database organisation context:', error);\n setIsContextReady(false);\n // Don't throw - this is a non-critical operation\n }\n }, [supabase, session]);\n\n // CRITICAL: Set database organisation context when organisation changes\n useEffect(() => {\n if (selectedOrganisation && supabase && session) {\n // Reset context ready state when organisation changes\n setIsContextReady(false);\n \n // Use an async IIFE to properly handle the async operation\n (async () => {\n await setDatabaseOrganisationContext(selectedOrganisation);\n })();\n } else {\n setIsContextReady(false);\n }\n }, [selectedOrganisation, setDatabaseOrganisationContext, supabase, session]);\n\n // CRITICAL: Load user organisations and validate access\n const loadUserOrganisations = useCallback(async () => {\n if (!user || !session || !supabase) {\n // Clear state when no user, session, or supabase client\n DebugLogger.log('OrganisationProvider', 'Clearing organisation state - no user, session, or supabase client');\n setSelectedOrganisation(null);\n setOrganisations([]);\n setUserMemberships([]);\n setIsLoading(false);\n setError(null);\n return;\n }\n setIsLoading(true);\n setError(null);\n \n try {\n DebugLogger.log(\"OrganisationProvider\", \"Loading organisations for user:\", user.id);\n \n // Get user's organisation memberships from consolidated rbac_organisation_roles table\n // Only get actual members (org_admin, leader, member) - exclude supporters\n let memberships, membershipError;\n try {\n const result = await supabase\n .from('rbac_organisation_roles')\n .select(`\n id,\n user_id,\n organisation_id,\n role,\n status,\n granted_at,\n granted_by,\n revoked_at,\n revoked_by,\n notes,\n created_at,\n updated_at\n `)\n .eq('user_id', user.id)\n .eq('status', 'active')\n .is('revoked_at', null)\n .in('role', ['org_admin', 'leader', 'member']); // Only actual members, not supporters\n \n memberships = result.data;\n membershipError = result.error;\n } catch (queryError: any) {\n membershipError = queryError;\n }\n\n if (membershipError) {\n console.error(\"[OrganisationProvider] Error loading memberships:\", membershipError);\n throw membershipError;\n }\n \n DebugLogger.log(\"OrganisationProvider\", \"Raw memberships data:\", memberships);\n \n if (!memberships || memberships.length === 0) {\n throw new Error('User has no active organisation memberships') as OrganisationSecurityError;\n }\n\n // Get organisation details for the memberships\n const organisationIds = memberships.map((m: any) => m.organisation_id);\n const { data: organisations, error: orgError } = await supabase\n .from('organisations')\n .select('id, name, display_name, subscription_tier, settings, is_active, parent_id, created_at, updated_at')\n .in('id', organisationIds);\n\n if (orgError) {\n console.error(\"[OrganisationProvider] Error loading organisations:\", orgError);\n throw orgError;\n }\n\n // Create a map of organisation_id to role from the memberships data\n // Since we're now getting roles directly from the consolidated table\n const roleMap = new Map<string, string>();\n memberships?.forEach((membership: any) => {\n roleMap.set(membership.organisation_id, membership.role);\n });\n\n // Extract organisations and memberships\n const orgs = organisations as Organisation[];\n const activeOrgs = orgs.filter(org => org.is_active);\n \n if (activeOrgs.length === 0) {\n throw new Error('User has no access to active organisations') as OrganisationSecurityError;\n }\n\n DebugLogger.log(\"OrganisationProvider\", \"Active organisations:\", activeOrgs);\n \n setOrganisations(activeOrgs);\n setUserMemberships(memberships as OrganisationMembership[]);\n \n // Store role map in component state for later use\n setRoleMapState(roleMap);\n \n // Auto-select organisation: try persisted, then primary, then first\n let initialOrg: Organisation | null = null;\n \n // 1. Try to restore from localStorage\n try {\n const persistedOrgString = localStorage.getItem(STORAGE_KEYS.SELECTED_ORGANISATION);\n if (persistedOrgString) {\n const persistedOrg = JSON.parse(persistedOrgString) as Organisation;\n const validPersistedOrg = activeOrgs.find(org => org.id === persistedOrg.id);\n if (validPersistedOrg) {\n initialOrg = validPersistedOrg;\n DebugLogger.log(\"OrganisationProvider\", \"Restored persisted organisation:\", initialOrg.display_name);\n }\n }\n } catch (storageError) {\n console.warn(\"[OrganisationProvider] Failed to restore persisted organisation:\", storageError);\n }\n \n // 2. Fall back to org_admin role organisation (highest privilege)\n if (!initialOrg) {\n const adminMembership = memberships.find((m: any) => m.role === 'org_admin');\n if (adminMembership) {\n const foundOrg = organisations.find((org: any) => org.id === adminMembership.organisation_id);\n if (foundOrg) {\n initialOrg = foundOrg;\n DebugLogger.log(\"OrganisationProvider\", \"Selected org_admin organisation:\", initialOrg.display_name);\n }\n }\n }\n \n // 3. Fall back to first organisation\n if (!initialOrg) {\n initialOrg = activeOrgs[0];\n DebugLogger.log(\"OrganisationProvider\", \"Selected first organisation:\", initialOrg.display_name);\n }\n \n if (!initialOrg) {\n throw new Error('No valid organisation found for user') as OrganisationSecurityError;\n }\n\n setSelectedOrganisation(initialOrg);\n \n // Persist selection\n localStorage.setItem(STORAGE_KEYS.SELECTED_ORGANISATION, JSON.stringify(initialOrg));\n \n DebugLogger.log(\"OrganisationProvider\", \"Organisation context established:\", {\n selectedOrganisation: initialOrg.display_name,\n totalOrganisations: activeOrgs.length,\n userRole: roleMap.get(initialOrg.id)\n });\n \n } catch (err) {\n console.error(\"[OrganisationProvider] Failed to load organisations:\", err);\n setError(err as Error);\n // SECURITY: Clear all state on error\n setSelectedOrganisation(null);\n setOrganisations([]);\n setUserMemberships([]);\n localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);\n } finally {\n setIsLoading(false);\n }\n }, [user, session, supabase]);\n\n // Load organisations when dependencies change\n useEffect(() => {\n loadUserOrganisations();\n }, [loadUserOrganisations]);\n\n // Handle logout and redirect to login\n const handleLogoutAndRedirect = useCallback(async () => {\n try {\n await signOut();\n if (navigate) {\n navigate('/login', { replace: true });\n } else {\n // Fallback to window.location if navigate is not available\n window.location.href = '/login';\n }\n } catch (error) {\n console.error('[OrganisationProvider] Error during logout:', error);\n // Even if logout fails, redirect to login\n if (navigate) {\n navigate('/login', { replace: true });\n } else {\n // Fallback to window.location if navigate is not available\n window.location.href = '/login';\n }\n }\n }, [signOut, navigate]);\n\n // Security validation helper\n const ensureOrganisationContext = useCallback((): Organisation => {\n if (!selectedOrganisation) {\n throw new Error('Organisation context is required but not available') as OrganisationSecurityError;\n }\n return selectedOrganisation;\n }, [selectedOrganisation]);\n\n // Get user's role in specified organisation (defaults to current)\n const getUserRole = useCallback((orgId?: string): string => {\n const targetOrgId = orgId || selectedOrganisation?.id;\n if (!targetOrgId) return 'no_access';\n \n // Use roleMapState to get the role for this organisation\n return roleMapState.get(targetOrgId) || 'no_access';\n }, [roleMapState, selectedOrganisation]);\n\n // Validate user has access to organisation\n const validateOrganisationAccess = useCallback((orgId: string): boolean => {\n return userMemberships.some((m: any) => \n m.organisation_id === orgId && \n m.status === 'active' &&\n m.revoked_at === null\n );\n }, [userMemberships]);\n\n // Secure organisation switching\n const switchOrganisation = useCallback(async (orgId: string): Promise<void> => {\n DebugLogger.log(\"OrganisationProvider\", \"Switching to organisation:\", orgId);\n \n // Validate access\n if (!validateOrganisationAccess(orgId)) {\n throw new Error(`User does not have access to organisation ${orgId}`) as OrganisationSecurityError;\n }\n \n const targetOrg = organisations.find(org => org.id === orgId);\n if (!targetOrg) {\n throw new Error(`Organisation ${orgId} not found in user's organisations`) as OrganisationSecurityError;\n }\n \n setSelectedOrganisation(targetOrg);\n \n // Persist selection\n localStorage.setItem(STORAGE_KEYS.SELECTED_ORGANISATION, JSON.stringify(targetOrg));\n \n // Set database organisation context\n await setDatabaseOrganisationContext(targetOrg);\n \n DebugLogger.log(\"OrganisationProvider\", \"Switched to organisation:\", targetOrg.display_name);\n }, [organisations, validateOrganisationAccess, setDatabaseOrganisationContext]);\n\n // Refresh organisations data\n const refreshOrganisations = useCallback(async (): Promise<void> => {\n if (!user || !session || !supabase) return;\n \n // Force reload by triggering the effect\n setIsLoading(true);\n // The useEffect will handle the actual reload\n }, [user, session, supabase]);\n\n // Get primary organisation (highest privilege role)\n const getPrimaryOrganisation = useCallback((): Organisation | null => {\n // Look for org_admin role first, then leader, then member\n const rolePriority = ['org_admin', 'leader', 'member'];\n \n for (const role of rolePriority) {\n const membership = userMemberships.find((m: any) => m.role === role);\n if (membership) {\n return organisations.find((org: any) => org.id === membership.organisation_id) || null;\n }\n }\n \n return null;\n }, [userMemberships, organisations]);\n\n // Security status\n const isOrganisationSecure = useCallback((): boolean => {\n return !!(selectedOrganisation && user);\n }, [selectedOrganisation, user]);\n\n // Build organisation hierarchy (for future use)\n const buildOrganisationHierarchy = useCallback((orgs: Organisation[]): OrganisationHierarchy[] => {\n const orgMap = new Map<string, Organisation>();\n orgs.forEach(org => orgMap.set(org.id, org));\n \n const roots: OrganisationHierarchy[] = [];\n \n orgs.forEach(org => {\n if (!org.parent_id) {\n // Root organisation\n roots.push({\n organisation: org,\n children: [],\n depth: 0\n });\n }\n });\n \n // For now, return flat structure - hierarchy building can be added later\n return roots;\n }, []);\n\n // Computed values\n const hasValidOrganisationContext = useMemo(() => {\n return !!(selectedOrganisation && !isLoading && !error && isContextReady);\n }, [selectedOrganisation, isLoading, error, isContextReady]);\n\n // Memoized context value\n const contextValue = useMemo<OrganisationContextType>(() => {\n // SECURITY: Only provide full context if we have valid organisation\n if (!selectedOrganisation) {\n // This will never be accessed due to the render guards above,\n // but TypeScript requires the interface to be satisfied\n const placeholderOrg: Organisation = {\n id: '',\n name: '',\n display_name: '',\n subscription_tier: 'standard',\n settings: {},\n is_active: false,\n created_at: '',\n updated_at: ''\n };\n \n return {\n selectedOrganisation: placeholderOrg,\n organisations: [],\n userMemberships: [],\n isLoading,\n error,\n hasValidOrganisationContext: false,\n setSelectedOrganisation: () => {},\n switchOrganisation: async () => {},\n getUserRole: () => 'no_access',\n validateOrganisationAccess: () => false,\n refreshOrganisations: async () => {},\n ensureOrganisationContext: () => { throw new Error('No organisation context') as OrganisationSecurityError; },\n isOrganisationSecure: () => false,\n getPrimaryOrganisation: () => null\n };\n }\n\n return {\n selectedOrganisation,\n organisations,\n userMemberships,\n isLoading,\n error,\n hasValidOrganisationContext,\n setSelectedOrganisation,\n switchOrganisation,\n getUserRole,\n validateOrganisationAccess,\n refreshOrganisations,\n ensureOrganisationContext,\n isOrganisationSecure,\n getPrimaryOrganisation\n };\n }, [\n selectedOrganisation,\n organisations,\n userMemberships,\n isLoading,\n error,\n hasValidOrganisationContext,\n switchOrganisation,\n getUserRole,\n validateOrganisationAccess,\n refreshOrganisations,\n ensureOrganisationContext,\n isOrganisationSecure,\n getPrimaryOrganisation\n ]);\n\n // SECURITY: Only render children when we have valid organisation context\n if (isLoading || (selectedOrganisation && !isContextReady)) {\n return (\n <div className=\"organisation-loading\" role=\"status\" aria-label=\"Loading organisation context\">\n <div className=\"flex items-center justify-center min-h-screen\">\n <div className=\"text-center\">\n <div className=\"animate-spin rounded-full h-8 w-8 border-b-2 border-primary mx-auto mb-4\"></div>\n <p className=\"text-muted-foreground\">\n {isLoading ? 'Loading organisation context...' : 'Setting up organisation context...'}\n </p>\n </div>\n </div>\n </div>\n );\n }\n\n if (error || (user && !selectedOrganisation)) {\n return (\n <div className=\"organisation-error\" role=\"alert\">\n <div className=\"flex items-center justify-center min-h-screen\">\n <div className=\"text-center max-w-md mx-auto p-6\">\n <div className=\"text-destructive mb-4\">\n <svg className=\"h-12 w-12 mx-auto\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\">\n <path strokeLinecap=\"round\" strokeLinejoin=\"round\" strokeWidth={2} d=\"M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-2.5L13.732 4c-.77-.833-1.732-.833-2.464 0L4.35 16.5c-.77.833.192 2.5 1.732 2.5z\" />\n </svg>\n </div>\n <h2 className=\"text-xl font-semibold text-foreground mb-2\">\n Organisation Access Required\n </h2>\n <p className=\"text-muted-foreground mb-4\">\n {error?.message || 'No valid organisation context available. Please contact your administrator to be added to an organisation.'}\n </p>\n <button \n onClick={handleLogoutAndRedirect}\n className=\"px-4 py-2 bg-primary text-primary-foreground rounded-md hover:bg-primary/90\"\n >\n Sign Out\n </button>\n </div>\n </div>\n </div>\n );\n }\n\n return (\n <OrganisationContext.Provider value={contextValue}>\n {children}\n </OrganisationContext.Provider>\n );\n}\n\n/**\n * Hook to access organisation context\n * \n * @returns Organisation context with guaranteed non-null selectedOrganisation\n * @throws {Error} If used outside OrganisationProvider\n */\nexport const useOrganisations = (): OrganisationContextType => {\n const context = useContext(OrganisationContext);\n if (!context) {\n throw new Error('useOrganisations must be used within an OrganisationProvider');\n }\n return context;\n};\n\n// Re-export types for convenience\nexport type { \n Organisation, \n OrganisationMembership, \n OrganisationContextType,\n OrganisationSecurityError\n}; "],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAUA,SAAgB,eAAe,YAAY,UAAU,WAAW,aAAa,eAAe;AAC5F,SAAuD,iBAAiB;AAiWpE;AA3TG,SAAS,aAAa,EAAE,UAAU,eAAe,GAAsB;AAE5E,QAAM,CAAC,MAAM,OAAO,IAAI,SAAsB,IAAI;AAClD,QAAM,CAAC,SAAS,UAAU,IAAI,SAAyB,IAAI;AAC3D,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,IAAI;AACnD,QAAM,CAAC,WAAW,YAAY,IAAI,SAA2B,IAAI;AAGjE,YAAU,MAAM;AACd,UAAM,cAAc,CAAC,UAAsB;AACzC,UAAI,MAAM,OAAO,SAAS,SAAS,yBAAyB,KACxD,MAAM,OAAO,SAAS,SAAS,sBAAsB,GAAG;AAC1D,gBAAQ,KAAK,kEAAkE;AAC/E,cAAM,eAAe;AACrB,eAAO;AAAA,MACT;AAAA,IACF;AAEA,UAAM,2BAA2B,CAAC,UAAiC;AACjE,UAAI,MAAM,QAAQ,SAAS,SAAS,yBAAyB,KACzD,MAAM,QAAQ,SAAS,SAAS,sBAAsB,GAAG;AAC3D,gBAAQ,KAAK,8DAA8D;AAC3E,cAAM,eAAe;AACrB,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO,iBAAiB,SAAS,WAAW;AAC5C,WAAO,iBAAiB,sBAAsB,wBAAwB;AAEtE,WAAO,MAAM;AACX,aAAO,oBAAoB,SAAS,WAAW;AAC/C,aAAO,oBAAoB,sBAAsB,wBAAwB;AAAA,IAC3E;AAAA,EACF,GAAG,CAAC,CAAC;AAGL,YAAU,MAAM;AACd,QAAI,CAAC,eAAgB;AAErB,UAAM,kBAAkB,YAAY;AAClC,UAAI;AACF,cAAM,WAAW,MAAM,eAAe,KAAK,QAAQ;AACnD,cAAM,EAAE,MAAM,EAAE,MAAM,YAAY,GAAG,MAAM,IAAI,YAAY,EAAE,MAAM,EAAE,MAAM,KAAK,GAAG,OAAO,KAAK;AAC/F,YAAI,OAAO;AACT,kBAAQ,KAAK,+BAA+B,KAAK;AACjD,yBAAe,KAAK;AACpB;AAAA,QACF;AAEA,YAAI,aAAa;AACf,kBAAQ,WAAW;AAAA,QACrB;AACA,uBAAe,KAAK;AAAA,MACtB,SAAS,OAAO;AACd,gBAAQ,MAAM,+BAA+B,KAAK;AAClD,uBAAe,KAAK;AAAA,MACtB;AAAA,IACF;AAIA,UAAM,YAAY,WAAW,MAAM;AACjC,UAAI,eAAe,CAAC,QAAQ,CAAC,SAAS;AACpC,wBAAgB;AAAA,MAClB;AAAA,IACF,GAAG,GAAG;AAEN,WAAO,MAAM,aAAa,SAAS;AAAA,EACrC,GAAG,CAAC,gBAAgB,aAAa,MAAM,OAAO,CAAC;AAG/C,YAAU,MAAM;AACd,QAAI,CAAC,gBAAgB;AACnB,qBAAe,KAAK;AACpB;AAAA,IACF;AAGA,UAAM,YAAY,WAAW,MAAM;AACjC,UAAI,aAAa;AACf,gBAAQ,KAAK,4CAA4C;AACzD,uBAAe,KAAK;AAAA,MACtB;AAAA,IACF,GAAG,GAAI;AAEP,QAAI;AACF,kBAAY,IAAI,gBAAgB,0CAA0C;AAC1E,YAAM,kBAAkB,eAAe,KAAK;AAAA,QAC1C,CAAC,OAAOA,aAAY;AAClB,cAAI;AACF,wBAAY,IAAI,gBAAgB,uBAAuB,OAAOA,UAAS,MAAM,KAAK;AAGlF,yBAAa,SAAS;AAGtB,gBAAI,UAAU,cAAc;AAC1B,0BAAY,IAAI,gBAAgB,qCAAqC;AAErE,yBAAW,IAAI;AACf,sBAAQ,IAAI;AACZ,6BAAe,KAAK;AACpB,2BAAa,IAAI;AAAA,YACnB,OAAO;AACL,yBAAWA,QAAO;AAClB,sBAAQA,UAAS,QAAQ,IAAI;AAC7B,6BAAe,KAAK;AAGpB,kBAAIA,UAAS;AACX,6BAAa,IAAI;AAAA,cACnB;AAAA,YACF;AAAA,UACF,SAAS,OAAO;AACd,oBAAQ,KAAK,sDAAsD,KAAK;AAExE,2BAAe,KAAK;AAAA,UACtB;AAAA,QACF;AAAA,MACF;AAEA,YAAM,eAAe,iBAAiB,MAAM,gBAAgB;AAE5D,aAAO,MAAM;AACX,qBAAa,SAAS;AACtB,YAAI,gBAAgB,OAAO,aAAa,gBAAgB,YAAY;AAClE,sBAAY,IAAI,gBAAgB,iCAAiC;AACjE,uBAAa,YAAY;AAAA,QAC3B;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,8DAA8D,KAAK;AAGjF,UAAI,iBAAiB,SACjB,CAAC,MAAM,QAAQ,SAAS,kBAAkB,KAC1C,CAAC,MAAM,QAAQ,SAAS,yBAAyB,KACjD,CAAC,MAAM,QAAQ,SAAS,sBAAsB,GAAG;AACnD,qBAAa,KAAkB;AAAA,MACjC;AACA,qBAAe,KAAK;AACpB,mBAAa,SAAS;AACtB,aAAO,MAAM;AAAA,MAAC;AAAA,IAChB;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAGnB,QAAM,SAAS,YAAY,OAAO,OAAe,aAAsB;AACrE,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,mBAAe,IAAI;AACnB,iBAAa,IAAI;AAEjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,mBAAmB,EAAE,OAAO,UAAU,YAAY,GAAG,CAAC;AAClG,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMC,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B,UAAE;AACA,qBAAe,KAAK;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,SAAS,YAAY,OAAO,OAAe,aAAqB;AACpE,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,OAAO,EAAE,OAAO,SAAS,CAAC;AACtE,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,UAAU,YAAY,YAAY;AACtC,gBAAY,IAAI,gBAAgB,gBAAgB;AAGhD,mBAAe,KAAK;AAEpB,QAAI,CAAC,gBAAgB;AACnB,kBAAY,IAAI,gBAAgB,6CAA6C;AAC7E,cAAQ,IAAI;AACZ,iBAAW,IAAI;AACf,mBAAa,IAAI;AACjB,aAAO,EAAE,OAAO,KAAK;AAAA,IACvB;AAGA,gBAAY,IAAI,gBAAgB,wCAAwC;AACxE,YAAQ,IAAI;AACZ,eAAW,IAAI;AACf,iBAAa,IAAI;AAEjB,QAAI;AACF,kBAAY,IAAI,gBAAgB,0BAA0B;AAG1D,YAAM,iBAAiB,eAAe,KAAK,QAAQ;AACnD,YAAM,iBAAiB,IAAI;AAAA,QAAQ,CAAC,GAAG,WACrC,WAAW,MAAM,OAAO,IAAI,MAAM,iBAAiB,CAAC,GAAG,GAAI;AAAA,MAC7D;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM,QAAQ,KAAK,CAAC,gBAAgB,cAAc,CAAC;AAErE,UAAI,SAAS,CAAC,MAAM,SAAS,SAAS,iBAAiB,GAAG;AACxD,gBAAQ,MAAM,iCAAiC,KAAK;AAAA,MAEtD;AAEA,kBAAY,IAAI,gBAAgB,2BAA2B;AAC3D,aAAO,EAAE,OAAO,KAAK;AAAA,IACvB,SAAS,KAAK;AACZ,cAAQ,KAAK,+CAA+C,GAAG;AAE/D,aAAO,EAAE,OAAO,KAAK;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,gBAAgB,YAAY,OAAO,UAAkB;AACzD,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,sBAAsB,KAAK;AACvE,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,iBAAiB,YAAY,OAAO,aAAqB;AAC7D,QAAI,CAAC,eAAgB,QAAO,EAAE,OAAO,IAAI,UAAU,kCAAkC,GAAG,EAAE;AAC1F,UAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,WAAW,EAAE,SAAS,CAAC;AACnE,QAAI,OAAO;AACT,mBAAa,KAAK;AAAA,IACpB;AACA,WAAO,EAAE,MAAM;AAAA,EACjB,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,iBAAiB,YAAY,YAAY;AAC7C,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,eAAe;AAC3D,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAGnB,QAAM,kBAAkB,CAAC,CAAC;AAG1B,QAAM,eAAe,QAAyB,OAAO;AAAA,IACnD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA;AAAA,IACP,UAAU,kBAAkB;AAAA,IAE5B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAAA,IACF;AAAA,IAAM;AAAA,IAAS;AAAA,IAAiB;AAAA,IAAa;AAAA,IAAW;AAAA,IACxD;AAAA,IAAQ;AAAA,IAAQ;AAAA,IAAS;AAAA,IAAe;AAAA,IAAgB;AAAA,EAC1D,CAAC;AAED,SACE,oBAAC,YAAY,UAAZ,EAAqB,OAAO,cAC1B,UACH;AAEJ;AAhXA,IAkCM,aAEO;AApCb;AAAA;AAAA;AAYA;AAsBA,IAAM,cAAc,cAA2C,MAAS;AAEjE,IAAM,UAAU,MAAM;AAC3B,YAAM,UAAU,WAAW,WAAW;AACtC,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,6CAA6C;AAAA,MAC/D;AACA,aAAO;AAAA,IACT;AAAA;AAAA;;;AChCA,SAAgB,iBAAAC,gBAAe,cAAAC,aAAY,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AA+lBxF,gBAAAC,YAAA;AAnbG,SAAS,aAAa;AAAA,EAC3B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,aAAa;AAAA,EACb,eAAe;AAAA,EACf;AAAA,EACA,4BAA4B,8BAA8B;AAC5D,GAAsB;AAEpB,QAAM,gBAAgB,sBAAsB,SAAY,oBAAoB;AAG5E,QAAM,CAAC,aAAa,cAAc,IAAIJ,UAAkC,CAAC,CAAC;AAC1E,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAmB,CAAC,CAAC;AAC/C,QAAM,CAAC,aAAa,cAAc,IAAIA,+BAAwC;AAC9E,QAAM,CAAC,aAAa,cAAc,IAAIA,UAAS,KAAK;AACpD,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAuB,IAAI;AAC7D,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAAwB,IAAI;AAC1E,QAAM,CAAC,WAAW,YAAY,IAAIA,UAA2B,IAAI;AACjE,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAA4B,CAAC,CAAC;AAC5E,QAAM,CAAC,oBAAoB,qBAAqB,IAAIA,UAAS,KAAK;AAGlE,QAAM,CAAC,wBAAwB,0BAA0B,IAAIA,UAAwB,IAAI;AAGzF,EAAAC,WAAU,MAAM;AACd,QAAI,CAAC,eAAgB;AAErB,UAAM,gBAAgB,YAAY;AAChC,UAAI;AAEF,cAAM,EAAE,kBAAkB,IAAI,MAAM,OAAO,+BAA0B;AACrE,cAAM,kBAAkB,kBAAkB,KAAK;AAG/C,cAAM,EAAE,MAAM,SAAS,OAAO,SAAS,IAAI,MAAM,eAC9C,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,eAAe,EAC1B,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,YAAI,YAAY,CAAC,SAAS;AACxB,kBAAQ,KAAK,8BAA8B,eAAe;AAC1D,uBAAa;AAAA,YACX,wBAAwB;AAAA,YACxB,gBAAgB;AAAA,UAClB,CAAC;AACD;AAAA,QACF;AAEA,cAAM,WAAW,MAAM,eAAe,IAAI,kBAAkB;AAAA,UAC1D,UAAU,QAAQ;AAAA,QACpB,CAAC;AAED,cAAM,EAAE,KAAK,IAAI,YAAY,CAAC;AAE9B,YAAI,QAAQ,KAAK,SAAS,GAAG;AAC3B,uBAAa;AAAA,YACX,wBAAwB,KAAK,CAAC,EAAE;AAAA,YAChC,gBAAgB,KAAK,CAAC,EAAE;AAAA,UAC1B,CAAC;AAAA,QACH,OAAO;AAEL,uBAAa;AAAA,YACX,wBAAwB;AAAA,YACxB,gBAAgB;AAAA,UAClB,CAAC;AAAA,QACH;AAAA,MACF,SAAS,OAAO;AACd,gBAAQ,KAAK,sCAAsC;AACnD,YAAI,OAAO,iBAAiB,aAAa;AACvC,uBAAa,WAAW,aAAa,cAAc;AAAA,QACrD;AACA,gBAAQ,KAAK,qCAAqC,KAAK;AAEvD,qBAAa;AAAA,UACX,wBAAwB;AAAA,UACxB,gBAAgB;AAAA,QAClB,CAAC;AAAA,MACH;AAAA,IACF;AAEA,kBAAc;AAAA,EAChB,GAAG,CAAC,gBAAgB,OAAO,CAAC;AAG5B,EAAAA,WAAU,MAAM;AAEd,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,eAAS,CAAC,aAAa,CAAC;AAAA,IAC1B,OAAO;AACL,eAAS,CAAC,CAAC;AAAA,IACb;AAAA,EACF,GAAG,CAAC,IAAI,CAAC;AAGT,EAAAA,WAAU,MAAM;AACd,QAAI,CAAC,cAAe;AAEpB,QAAI;AACF,YAAM,iBAAiB,aAAa,QAAQ,aAAa,cAAc;AACvE,UAAI,gBAAgB;AAClB,2BAAmB,KAAK,MAAM,cAAc,CAAC;AAAA,MAC/C;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AAAA,IACrD;AAAA,EACF,GAAG,CAAC,aAAa,CAAC;AAGlB,EAAAA,WAAU,MAAM;AACd,QAAI,CAAC,cAAe;AAEpB,QAAI;AACF,UAAI,iBAAiB;AACnB,qBAAa;AAAA,UACX,aAAa;AAAA,UACb,KAAK,UAAU,eAAe;AAAA,QAChC;AAAA,MACF,OAAO;AACL,qBAAa,WAAW,aAAa,cAAc;AAAA,MACrD;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AACnD,cAAQ,KAAK,iCAAiC,KAAK;AAAA,IACrD;AAAA,EACF,GAAG,CAAC,iBAAiB,aAAa,CAAC;AAGnC,QAAM,qBAAqBC,aAAY,OAAO,YAAqB;AACjE,QAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,aAAa,CAAC,SAAS;AACtD,kBAAY,IAAI,gBAAgB,yEAAyE;AACzG,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AACjC;AAAA,IACF;AAGA,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,qBAAe;AAAA,QACb,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,QACjB,eAAe;AAAA,QACf,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,MACnB,CAAC;AACD,eAAS,CAAC,aAAa,CAAC;AACxB,wCAAgC;AAChC;AAAA,IACF;AAGA,UAAM,8BAA8B,CAAC,WAAW,CAAC,UAAU;AAC3D,UAAM,6BAA6B;AACnC,UAAM,yBAAyB,CAAC,WAAW,UAAU;AAGrD,QAAI,wBAAwB;AAC1B,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AACjC;AAAA,IACF;AAGA,QAAI,CAAC,+BAA+B,CAAC,4BAA4B;AAC/D;AAAA,IACF;AAEA,mBAAe,IAAI;AACnB,iBAAa,IAAI;AAEjB,QAAI;AAEF,YAAM,EAAE,kBAAkB,IAAI,MAAM,OAAO,+BAA0B;AACrE,YAAM,kBAAkB,kBAAkB,KAAK;AAG/C,YAAM,EAAE,MAAM,SAAS,OAAO,SAAS,IAAI,MAAM,eAC9C,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,eAAe,EAC1B,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,UAAI,YAAY,CAAC,SAAS;AACxB,gBAAQ,KAAK,8BAA8B,eAAe;AAC1D,uBAAe,KAAK;AACpB;AAAA,MACF;AAEA,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,eAAe,IAAI,wBAAwB;AAAA,QACvE,WAAW,KAAK;AAAA,QAChB,UAAU,QAAQ;AAAA,QAClB,YAAY,WAAW;AAAA,QACvB,mBAAmB,0BAA0B;AAAA,MAC/C,CAAC;AAED,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,YAAM,EAAE,aAAAG,cAAa,OAAAC,QAAO,aAAa,IAAI,yBAAyB,MAAM,OAAO;AAEnF,qBAAeD,YAAW;AAC1B,eAASC,MAAK;AACd,qBAAe,YAAY;AAAA,IAC7B,SAAS,KAAU;AACjB,mBAAa,GAAG;AAAA,IAClB,UAAE;AACA,qBAAe,KAAK;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,gBAAgB,MAAM,SAAS,SAAS,WAAW,sBAAsB,CAAC;AAG9E,QAAM,sBAAsBJ,aAAY,YAAY;AAClD,QAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,SAAS;AACxC,kBAAY,IAAI,gBAAgB,2EAA2E;AAC3G,yBAAmB,CAAC,CAAC;AACrB;AAAA,IACF;AAEA,0BAAsB,IAAI;AAC1B,QAAI;AAEF,YAAM,EAAE,kBAAkB,IAAI,MAAM,OAAO,+BAA0B;AACrE,YAAM,kBAAkB,kBAAkB,KAAK;AAG/C,YAAM,EAAE,MAAM,SAAS,OAAO,SAAS,IAAI,MAAM,eAC9C,KAAK,WAAW,EAChB,OAAO,IAAI,EACX,GAAG,QAAQ,eAAe,EAC1B,GAAG,aAAa,IAAI,EACpB,OAAO;AAEV,UAAI,YAAY,CAAC,SAAS;AACxB,gBAAQ,KAAK,8BAA8B,eAAe;AAC1D,8BAAsB,KAAK;AAC3B;AAAA,MACF;AAEA,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,eAC3B,KAAK,sBAAsB,EAC3B,OAAO;AAAA;AAAA;AAAA;AAAA,SAIP,EACA,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,UAAU,QAAQ,EAAE;AAE1B,UAAI,OAAO;AACT,gBAAQ,MAAM,qCAAqC,KAAK;AACxD,2BAAmB,CAAC,CAAC;AACrB;AAAA,MACF;AAEA,YAAM,cAAc,MAAM,IAAI,WAAS;AAAA,QACrC,UAAU,KAAK;AAAA,QACf,YAAY;AAAA;AAAA,QACZ,mBAAmB;AAAA;AAAA,QACnB,YAAY;AAAA;AAAA,QACZ,UAAU;AAAA;AAAA,QACV,cAAc;AAAA;AAAA,QACd,QAAQ,QAAQ;AAAA,QAChB,cAAc,KAAK;AAAA;AAAA,QACnB,YAAY,KAAK;AAAA,QACjB,iBAAiB;AAAA;AAAA,MACnB,EAAE,KAAK,CAAC;AAER,yBAAmB,WAAW;AAAA,IAChC,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AACnD,cAAQ,MAAM,oCAAoC,KAAK;AACvD,yBAAmB,CAAC,CAAC;AAAA,IACvB,UAAE;AACA,4BAAsB,KAAK;AAAA,IAC7B;AAAA,EACF,GAAG,CAAC,gBAAgB,MAAM,SAAS,OAAO,CAAC;AAG3C,QAAM,qBAAqBA,aAAY,CAAC,YAAoB;AAC1D,WAAO,gBAAgB,KAAK,YAAU,OAAO,aAAa,OAAO;AAAA,EACnE,GAAG,CAAC,eAAe,CAAC;AAGpB,EAAAD,WAAU,MAAM;AAEd,QAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,SAAS;AACnC,kBAAY,IAAI,gBAAgB,+DAA+D;AAC/F;AAAA,IACF;AAGA,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,qBAAe;AAAA,QACb,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,QACjB,eAAe;AAAA,QACf,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,MACnB,CAAC;AACD,eAAS,CAAC,aAAa,CAAC;AACxB,wCAAgC;AAChC;AAAA,IACF;AAEA,QAAI,iBAAiB;AAEnB,yBAAmB,eAAe;AAAA,IACpC,WAAW,CAAC,UAAU,gBAAgB;AAEpC,yBAAmB;AAAA,IACrB,OAAO;AAEL,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AAAA,IACnC;AAAA,EACF,GAAG,CAAC,iBAAiB,MAAM,SAAS,WAAW,kBAAkB,CAAC;AAGlE,EAAAA,WAAU,MAAM;AACd,QAAI,QAAQ,SAAS;AACnB,kBAAY,IAAI,gBAAgB,kDAAkD;AAClF,0BAAoB;AAAA,IACtB,OAAO;AACL,kBAAY,IAAI,gBAAgB,iDAAiD;AACjF,yBAAmB,CAAC,CAAC;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,MAAM,SAAS,mBAAmB,CAAC;AAGvC,QAAM,gBAAgBC,aAAY,CAAC,eAAuB;AACxD,UAAM,UAAU,CAAC,CAAC,YAAY,UAAU;AACxC,WAAO;AAAA,EACT,GAAG,CAAC,WAAW,CAAC;AAChB,QAAM,mBAAmBA,aAAY,CAAC,UAAoB,MAAM,KAAK,OAAK,CAAC,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC;AAC1G,QAAM,oBAAoBA,aAAY,CAAC,UAAoB,MAAM,MAAM,OAAK,CAAC,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC;AAC5G,QAAM,UAAUA,aAAY,CAAC,SAAiB;AAC5C,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,KAAK,YAAY,MAAM,eAAe;AACxC,aAAO;AAAA,IACT;AACA,WAAO,MAAM,SAAS,IAAI;AAAA,EAC5B,GAAG,CAAC,OAAO,IAAI,CAAC;AAChB,QAAM,iBAAiBA,aAAY,CAAC,UAAuB;AACzD,UAAM,SAAS,OAAO,OAAO,WAAW;AACxC,WAAO,OAAO,QAAQ,WAAW,KAAK,OAAO,QAAQ,KAAK;AAAA,EAC5D,GAAG,CAAC,WAAW,CAAC;AAChB,QAAM,YAAYA,aAAY,CAAC,UAAkB,WAAmB;AAClE,UAAM,aAAa,GAAG,QAAQ,IAAI,MAAM;AACxC,UAAM,YAAY,cAAc,UAAU;AAC1C,WAAO;AAAA,EACT,GAAG,CAAC,aAAa,CAAC;AAClB,QAAM,qBAAqBA,aAAY,OAAO,eAAuB,cAAc,UAAU,GAAG,CAAC,aAAa,CAAC;AAC/G,QAAM,iBAAiBA,aAAY,OAAO,UAAkB,WAAmB;AAE7E,WAAO,QAAQ,QAAQ,UAAU,UAAU,MAAM,CAAC;AAAA,EACpD,GAAG,CAAC,SAAS,CAAC;AAGd,QAAM,eAAeC,SAAyB,OAAO;AAAA,IACnD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAGA;AAAA,IACA,4BAA4B,MAAM;AAChC,UAAI,CAAC,wBAAwB;AAC3B,cAAM,IAAI,MAAM,oDAAoD;AAAA,MACtE;AACA,aAAO;AAAA,IACT;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAGA,aAAa;AAAA,IACb,aAAa;AAAA;AAAA,IAEb;AAAA,IACA;AAAA,EACF,IAAI;AAAA,IACF;AAAA,IAAa;AAAA,IAAO;AAAA,IAAa;AAAA,IAAa;AAAA,IAAW;AAAA,IAAiB;AAAA,IAC1E;AAAA,IAAiB;AAAA,IAAoB;AAAA,IACrC;AAAA,IAAe;AAAA,IAAkB;AAAA,IAAmB;AAAA,IAAS;AAAA,IAAgB;AAAA,IAC7E;AAAA,IAAoB;AAAA,IAAgB;AAAA,IAAoB;AAAA,IACxD;AAAA,IAAY;AAAA,IAAqB;AAAA,EACnC,CAAC;AAED,SACE,gBAAAC,KAAC,YAAY,UAAZ,EAAqB,OAAO,cAC1B,UACH;AAEJ;AA7mBA,IAuEM,aAEO,SAqBP,cAKA;AAnGN;AAAA;AAAA;AAYA;AACA;AA0DA,IAAM,cAAcN,eAA2C,MAAS;AAEjE,IAAM,UAAU,MAAM;AAC3B,YAAM,UAAUC,YAAW,WAAW;AACtC,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,6CAA6C;AAAA,MAC/D;AACA,aAAO;AAAA,IACT;AAeA,IAAM,eAAe;AAAA,MACnB,gBAAgB;AAAA,IAClB;AAGA,IAAM,2BAA2B,CAAC,UAAiB,aAAqB;AACtE,YAAM,cAAuC,CAAC;AAC9C,UAAI,QAAkB,CAAC;AACvB,UAAI;AAEJ,UAAI,CAAC,YAAY,CAAC,MAAM,QAAQ,QAAQ,GAAG;AACzC,eAAO,EAAE,aAAa,CAAC,GAAG,OAAO,CAAC,QAAQ,GAAG,oCAAiC;AAAA,MAChF;AAGA,YAAM,iBAAiB,SAAS,KAAK,CAAC,MAAW,EAAE,oBAAoB,iBAAiB;AACxF,UAAI,gBAAgB;AAClB,eAAO;AAAA,UACL,aAAa,EAAE,WAAW,KAAK;AAAA,UAC/B,OAAO,CAAC,OAAO;AAAA,UACf;AAAA,QACF;AAAA,MACF;AAGA,YAAM,gBAAgB,SAAS,OAAO,CAAC,MAAW,EAAE,oBAAoB,kBAAkB;AAC1F,UAAI,cAAc,SAAS,GAAG;AAC5B,cAAM,OAAO,cAAc,CAAC,EAAE;AAG9B,gBAAQ,MAAM;AAAA,UACZ,KAAK;AACH;AACA,oBAAQ,CAAC,OAAO;AAChB;AAAA,UACF,KAAK;AACH;AACA,oBAAQ,CAAC,SAAS;AAClB;AAAA,UACF,KAAK;AACH;AACA,oBAAQ,CAAC,aAAa;AACtB;AAAA,UACF,KAAK;AACH;AACA,oBAAQ,CAAC,QAAQ;AACjB;AAAA,UACF,KAAK;AAAA,UACL;AACE;AACA,oBAAQ,CAAC,QAAQ;AACjB;AAAA,QACJ;AAIA,cAAM,kBAAkB,CAAC,MAAM;AAC/B,YAAI,CAAC,eAAe,SAAS,EAAE,SAAS,IAAI,GAAG;AAC7C,0BAAgB,KAAK,UAAU,QAAQ;AAAA,QACzC;AACA,YAAI,SAAS,eAAe;AAC1B,0BAAgB,KAAK,QAAQ;AAAA,QAC/B;AAIA,wBAAgB,QAAQ,eAAa;AACnC,sBAAY,WAAW,SAAS,EAAE,IAAI;AAAA,QACxC,CAAC;AAAA,MACH;AAGA,YAAM,WAAW,SAAS,OAAO,CAAC,MAAW,EAAE,oBAAoB,qBAAqB;AACxF,UAAI,SAAS,SAAS,GAAG;AACvB,cAAM,OAAO,SAAS,CAAC,EAAE;AACzB,YAAI,SAAS,aAAa;AACxB;AACA,kBAAQ,CAAC,OAAO;AAEhB,WAAC,UAAU,QAAQ,UAAU,QAAQ,EAAE,QAAQ,eAAa;AAC1D,wBAAY,WAAW,SAAS,EAAE,IAAI;AAAA,UACxC,CAAC;AAAA,QACH;AAAA,MACF;AAEA,aAAO,EAAE,aAAa,OAAO,aAAa;AAAA,IAC5C;AAAA;AAAA;;;AC9HA,SAAS,YAAAQ,WAAU,aAAAC,YAAW,eAAAC,cAAa,cAAc;AA0DzD,SAAS,SACP,MACA,OACkC;AAClC,MAAI;AACJ,SAAO,YAAwB,MAAqB;AAClD,QAAI,CAAC,YAAY;AACf,WAAK,MAAM,MAAM,IAAI;AACrB,mBAAa;AACb,iBAAW,MAAO,aAAa,OAAQ,KAAK;AAAA,IAC9C;AAAA,EACF;AACF;AAEO,SAAS,qBAAqB;AAAA,EACnC,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAU;AAAA,EACV,aAAa;AAAA,EACb,cAAc;AAChB,IAAiC,CAAC,GAA+B;AAC/D,QAAM,CAAC,QAAQ,SAAS,IAAIF,UAAS,KAAK;AAC1C,QAAM,CAAC,eAAe,gBAAgB,IAAIA,UAAS,aAAa;AAChE,QAAM,CAAC,aAAa,cAAc,IAAIA,UAAS,KAAK;AACpD,QAAM,CAAC,YAAY,aAAa,IAAIA,UAAS,KAAK;AAGlD,EAAAC,WAAU,MAAM;AACd,QAAI,CAAC,SAAS;AACZ,oBAAc,KAAK;AACnB,gBAAU,KAAK;AACf,qBAAe,KAAK;AACpB,uBAAiB,aAAa;AAAA,IAChC;AAAA,EACF,GAAG,CAAC,SAAS,aAAa,CAAC;AAE3B,QAAM,aAAa,OAA8B,IAAI;AACrD,QAAM,oBAAoB,OAA8B,IAAI;AAC5D,QAAM,uBAAuB,OAA8B,IAAI;AAC/D,QAAM,kBAAkB,OAAe,KAAK,IAAI,CAAC;AACjD,QAAM,aAAa,OAAgC,IAAI;AAGvD,QAAM,cAAcC,aAAY,MAAM;AACpC,QAAI,WAAW,SAAS;AACtB,mBAAa,WAAW,OAAO;AAC/B,iBAAW,UAAU;AAAA,IACvB;AACA,QAAI,kBAAkB,SAAS;AAC7B,mBAAa,kBAAkB,OAAO;AACtC,wBAAkB,UAAU;AAAA,IAC9B;AACA,QAAI,qBAAqB,SAAS;AAChC,oBAAc,qBAAqB,OAAO;AAC1C,2BAAqB,UAAU;AAAA,IACjC;AAAA,EACF,GAAG,CAAC,CAAC;AAGL,QAAM,gBAAgBA,aAAY,CAAC,uBAAuB,UAAU;AAClE,QAAI,CAAC,QAAS;AAEd,UAAM,MAAM,KAAK,IAAI;AACrB,oBAAgB,UAAU;AAG1B,gBAAY;AAGZ,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,QAAI,CAAC,sBAAsB;AACzB,mBAAa;AAAA,IACf;AAGA,UAAM,cAAc,gBAAgB;AACpC,QAAI,cAAc,GAAG;AACnB,wBAAkB,UAAU,WAAW,MAAM;AAC3C,uBAAe,IAAI;AACnB,oBAAY;AAAA,MACd,GAAG,WAAW;AAAA,IAChB;AAGA,eAAW,UAAU,WAAW,MAAM;AACpC,gBAAU,IAAI;AACd,eAAS;AAAA,IACX,GAAG,aAAa;AAGhB,yBAAqB,UAAU,YAAY,MAAM;AAC/C,YAAM,UAAU,KAAK,IAAI,IAAI,gBAAgB;AAC7C,YAAM,YAAY,KAAK,IAAI,GAAG,gBAAgB,OAAO;AACrD,uBAAiB,SAAS;AAE1B,UAAI,cAAc,GAAG;AACnB,oBAAY;AAAA,MACd;AAAA,IACF,GAAG,GAAI;AAGP,QAAI;AACF,mBAAa,QAAQ,YAAY,IAAI,SAAS,CAAC;AAAA,IACjD,SAAS,OAAO;AACd,cAAQ,KAAK,2DAA2D,KAAK;AAAA,IAC/E;AAGA,QAAI;AACF,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,YAAY,EAAE,MAAM,YAAY,WAAW,IAAI,CAAC;AAAA,MACrE;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,wDAAwD,KAAK;AAAA,IAC5E;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,cAAc,QAAQ,WAAW,YAAY,YAAY,WAAW,CAAC;AAGjG,QAAM,gBAAgBA,aAAY,MAAM;AACtC,QAAI,CAAC,QAAS;AAGd,kBAAc,KAAK;AACnB,cAAU,KAAK;AACf,mBAAe,KAAK;AACpB,qBAAiB,aAAa;AAG9B,gBAAY;AAEZ,kBAAc,IAAI;AAGlB,QAAI;AACF,UAAI,OAAO,qBAAqB,aAAa;AAC3C,mBAAW,UAAU,IAAI,iBAAiB,WAAW;AACrD,mBAAW,QAAQ,YAAY,CAAC,UAAU;AACxC,cAAI,MAAM,KAAK,SAAS,YAAY;AAClC,4BAAgB,UAAU,MAAM,KAAK;AACrC,0BAAc;AAAA,UAChB;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,oEAAoE,KAAK;AAAA,IACxF;AAGA,QAAI;AACF,YAAM,gBAAgB,aAAa,QAAQ,UAAU;AACrD,UAAI,eAAe;AACjB,cAAM,qBAAqB,SAAS,eAAe,EAAE;AACrD,cAAM,UAAU,KAAK,IAAI,IAAI;AAE7B,YAAI,UAAU,eAAe;AAE3B,0BAAgB,UAAU;AAC1B,gBAAM,YAAY,gBAAgB;AAClC,2BAAiB,SAAS;AAE1B,cAAI,aAAa,cAAc;AAC7B,2BAAe,IAAI;AACnB,wBAAY;AAAA,UACd;AAEA,cAAI,aAAa,GAAG;AAClB,sBAAU,IAAI;AACd,qBAAS;AACT;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,mEAAmE,KAAK;AAAA,IACvF;AAGA,UAAM,yBAAyB,SAAS,CAAC,UAAU;AACjD,oBAAc;AAAA,IAChB,GAAG,GAAG;AAGN,UAAM,oBAAoB,MAAM;AAC9B,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,iBAAiB,OAAO,wBAAwB,EAAE,SAAS,KAAK,CAAC;AAAA,MAC5E,CAAC;AAAA,IACH;AAGA,UAAM,uBAAuB,MAAM;AACjC,sBAAgB,QAAQ,WAAS;AAC/B,iBAAS,oBAAoB,OAAO,sBAAsB;AAAA,MAC5D,CAAC;AAAA,IACH;AAGA,sBAAkB;AAGlB,kBAAc,IAAI;AAGlB,WAAO,MAAM;AACX,2BAAqB;AACrB,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AACzB,mBAAW,UAAU;AAAA,MACvB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,YAAY,aAAa,YAAY,eAAe,cAAc,QAAQ,SAAS,CAAC;AAGjG,QAAM,eAAeA,aAAY,MAAM;AACrC,kBAAc,KAAK;AACnB,gBAAY;AAEZ,QAAI,WAAW,SAAS;AACtB,iBAAW,QAAQ,MAAM;AACzB,iBAAW,UAAU;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAGhB,EAAAD,WAAU,MAAM;AACd,QAAI,SAAS;AACX,YAAM,UAAU,cAAc;AAC9B,aAAO;AAAA,IACT,OAAO;AACL,mBAAa;AAAA,IACf;AAAA,EACF,GAAG,CAAC,SAAS,eAAe,YAAY,CAAC;AAGzC,EAAAA,WAAU,MAAM;AACd,WAAO,MAAM;AACX,kBAAY;AACZ,UAAI,WAAW,SAAS;AACtB,mBAAW,QAAQ,MAAM;AAAA,MAC3B;AAAA,IACF;AAAA,EACF,GAAG,CAAC,WAAW,CAAC;AAEhB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAnXA,IA6FM;AA7FN;AAAA;AAAA;AA6FA,IAAM,kBAAkB;AAAA,MACtB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA;AAAA;;;AC7DA,SAAgB,aAAAE,YAAW,YAAAC,WAAU,eAAAC,oBAAmB;AAGxD,SAAS,OAAO,qBAAqB;AAsD3B,SAEI,OAAAC,MAFJ;AAnCH,SAAS,uBAAuB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ;AAAA,EACR,cAAc;AAAA,EACd;AACF,GAAgC;AAC9B,QAAM,CAAC,aAAa,cAAc,IAAIF,UAAS,aAAa;AAG5D,EAAAD,WAAU,MAAM;AACd,mBAAe,aAAa;AAAA,EAC9B,GAAG,CAAC,aAAa,CAAC;AAGlB,QAAM,aAAaE,aAAY,CAAC,YAAoB;AAClD,UAAM,OAAO,KAAK,MAAM,UAAU,EAAE;AACpC,UAAM,OAAO,UAAU;AACvB,WAAO,GAAG,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,EAChF,GAAG,CAAC,CAAC;AAKL,SACE,gBAAAC,KAAC,UAAO,MAAM,QAAQ,cAAc,CAAC,SAAS,CAAC,QAAQ,eAAe,GACpE;AAAA,IAAC;AAAA;AAAA,MACC,WAAW,eAAe,aAAa,EAAE;AAAA,MACzC,sBAAsB;AAAA,MACtB,4BAA4B;AAAA,MAC5B,eAAY;AAAA,MAEZ;AAAA,6BAAC,gBACC;AAAA,+BAAC,SAAI,WAAU,2BACb;AAAA,4BAAAA,KAAC,SAAI,WAAU,iBACb,0BAAAA,KAAC,iBAAc,WAAU,wBAAuB,GAClD;AAAA,YACA,gBAAAA,KAAC,SACC,0BAAAA,KAAC,eAAY,WAAU,uCACpB,iBACH,GACF;AAAA,aACF;AAAA,UACA,gBAAAA,KAAC,qBAAkB,WAAU,sBAC1B,uBACH;AAAA,WACF;AAAA,QAEA,qBAAC,SAAI,WAAU,aAEb;AAAA,+BAAC,SAAI,WAAU,eACb;AAAA,iCAAC,SAAI,WAAU,uFACb;AAAA,8BAAAA,KAAC,SAAM,WAAU,wBAAuB;AAAA,cACxC,gBAAAA,KAAC,UAAK,WAAU,6CACb,qBAAW,WAAW,GACzB;AAAA,eACF;AAAA,YACA,gBAAAA,KAAC,OAAE,WAAU,8BAA6B,oDAE1C;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,mCACb;AAAA,4BAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,YACA,gBAAAA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS;AAAA,gBACT,SAAQ;AAAA,gBACR,WAAU;AAAA,gBACV,MAAK;AAAA,gBACN;AAAA;AAAA,YAED;AAAA,aACF;AAAA,UAGA,gBAAAA,KAAC,SAAI,WAAU,qCACb,0BAAAA,KAAC,OAAE,sGAEH,GACF;AAAA,WACF;AAAA;AAAA;AAAA,EACF,GACF;AAEJ;AAnKA;AAAA;AAAA;AAiDA;AACA;AAAA;AAAA;;;ACxCA,SAAgB,iBAAAC,gBAAe,cAAAC,aAAY,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AA6MxF,SAYM,OAAAC,MAZN,QAAAC,aAAA;AA5JG,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA,+BAA+B;AACjC,GAA4B;AAE1B,QAAM,CAAC,uBAAuB,wBAAwB,IAAIL,UAAS,KAAK;AACxE,QAAM,CAAC,yBAAyB,0BAA0B,IAAIA,UAAS,CAAC;AAGxE,EAAAC,WAAU,MAAM;AACd,QAAI,OAAO,WAAW,aAAa;AACjC,YAAM,eAAe;AAErB,UAAI,gBAAgB,8BAA8B;AAChD,gBAAQ,MAAM,6HAA6H;AAAA,MAC7I;AAEA,UAAI,CAAC,gBAAgB,8BAA8B;AACjD,gBAAQ,KAAK,qGAAqG;AAAA,MACpH;AAAA,IACF;AAAA,EACF,GAAG,CAAC,4BAA4B,CAAC;AAGjC,QAAM,sBAAsB,OAAO,WAAW,gBAC3C,QAAwC,CAAC,+BAA+B;AAE3E,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,qBAAqB;AAAA,IACvB;AAAA,IACA;AAAA,IACA,SAAS,uBAAuB,CAAC,CAAC,QAAQ,CAAC,CAAC;AAAA,IAC5C,QAAQC,aAAY,MAAM;AAExB,+BAAyB,KAAK;AAC9B,iCAA2B,CAAC;AAG5B,UAAI,gBAAgB;AAClB,uBAAe,KAAK,QAAQ,EAAE,MAAM,CAAC,UAAe;AAClD,kBAAQ,MAAM,kDAAkD,KAAK;AAAA,QACvE,CAAC;AAAA,MACH;AAGA,qBAAe,YAAY;AAAA,IAC7B,GAAG,CAAC,gBAAgB,YAAY,CAAC;AAAA,IACjC,WAAWA,aAAY,MAAM;AAC3B,+BAAyB,IAAI;AAC7B,iCAA2B,YAAY;AAAA,IACzC,GAAG,CAAC,YAAY,CAAC;AAAA,IACjB,YAAYA,aAAY,MAAM;AAC5B,+BAAyB,KAAK;AAC9B,iCAA2B,CAAC;AAAA,IAC9B,GAAG,CAAC,CAAC;AAAA,EACP,CAAC;AAGD,QAAM,mBAAmBA,aAAY,YAAY;AAE/C,6BAAyB,KAAK;AAC9B,+BAA2B,CAAC;AAG5B,iBAAa;AAGb,QAAI;AACF,UAAI,gBAAgB;AAClB,cAAM,eAAe,KAAK,QAAQ;AAAA,MACpC;AAAA,IACF,SAAS,OAAY;AACnB,cAAQ,MAAM,kDAAkD,KAAK;AAAA,IACvE;AAGA,mBAAe,YAAY;AAAA,EAC7B,GAAG,CAAC,gBAAgB,cAAc,YAAY,CAAC;AAG/C,QAAM,qBAAqBA,aAAY,MAAM;AAC3C,6BAAyB,KAAK;AAC9B,+BAA2B,CAAC;AAC5B,kBAAc;AAAA,EAChB,GAAG,CAAC,aAAa,CAAC;AAGlB,QAAM,mBAAmBA,aAAY,YAAY;AAC/C,6BAAyB,KAAK;AAC9B,+BAA2B,CAAC;AAC5B,iBAAa;AAGb,QAAI;AACF,UAAI,gBAAgB;AAClB,cAAM,eAAe,KAAK,QAAQ;AAAA,MACpC;AAAA,IACF,SAAS,OAAY;AACnB,cAAQ,MAAM,sDAAsD,KAAK;AAAA,IAC3E;AAGA,mBAAe,YAAY;AAAA,EAC7B,GAAG,CAAC,gBAAgB,cAAc,YAAY,CAAC;AAG/C,EAAAD,WAAU,MAAM;AACd,QAAI,eAAe,gBAAgB,GAAG;AACpC,iCAA2B,KAAK,KAAK,gBAAgB,GAAI,CAAC;AAAA,IAC5D;AAAA,EACF,GAAG,CAAC,aAAa,aAAa,CAAC;AAG/B,QAAM,eAAeE,SAA+B,OAAO;AAAA,IACzD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,SACE,gBAAAE,MAAC,kBAAkB,UAAlB,EAA2B,OAAO,cAChC;AAAA;AAAA,IAGA,0BACC,0BACE,wBAAwB;AAAA,MACtB,eAAe;AAAA,MACf,gBAAgB;AAAA,MAChB,cAAc;AAAA,IAChB,CAAC,IAED,gBAAAD;AAAA,MAAC;AAAA;AAAA,QACC,QAAQ;AAAA,QACR,eAAe;AAAA,QACf,gBAAgB;AAAA,QAChB,cAAc;AAAA;AAAA,IAChB;AAAA,KAGN;AAEJ;AA7OA,IAiCM,mBAEO;AAnCb;AAAA;AAAA;AAWA;AACA;AAqBA,IAAM,oBAAoBN,eAAiD,MAAS;AAE7E,IAAM,gBAAgB,MAAM;AACjC,YAAM,UAAUC,YAAW,iBAAiB;AAC5C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,yDAAyD;AAAA,MAC3E;AACA,aAAO;AAAA,IACT;AAAA;AAAA;;;ACzCA;AAAA;AAAA;AAAA;AAAA;AA4JA,SAAgB,iBAAAO,gBAAe,cAAAC,aAAY,WAAAC,gBAAe;AAyEtD,gBAAAC,YAAA;AApBJ,SAAS,2BAA2B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,GAAG;AACL,GAA6B;AAC3B,QAAM,OAAO,QAAQ;AACrB,QAAM,OAAO,QAAQ;AACrB,QAAM,aAAa,cAAc;AAGjC,QAAM,eAAeD,SAAgC,OAAO;AAAA,IAC1D,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,IACH;AAAA,IACA,WAAW,KAAK,eAAe,KAAK;AAAA,IACpC,WAAW,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,KAAK;AAAA,EACxC,IAAI,CAAC,MAAM,MAAM,YAAY,OAAO,CAAC;AAErC,SACE,gBAAAC,KAAC,mBAAmB,UAAnB,EAA4B,OAAO,cACjC,UACH;AAEJ;AAGA,SAAS,mBAAmB;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA6B;AAC3B,QAAM,OAAO,QAAQ;AAErB,SACE,gBAAAA;AAAA,IAAC;AAAA;AAAA,MACC;AAAA,MACA,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,MACd;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEA,0BAAAA;AAAA,QAAC;AAAA;AAAA,UACC,MAAM,KAAK;AAAA,UACX,SAAS,KAAK;AAAA,UACd;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UAEA,0BAAAA;AAAA,YAAC;AAAA;AAAA,cACC;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cAEC;AAAA;AAAA,UACH;AAAA;AAAA,MACF;AAAA;AAAA,EACF;AAEJ;AAEO,SAAS,oBAAoB;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAAe;AAAA,EACf;AAAA,EACA,6BAA6B;AAAA,EAC7B,aAAa;AAAA,EACb,gBAAgB,KAAK,KAAK;AAAA;AAAA,EAC1B,eAAe,KAAK;AAAA;AAAA,EACpB;AAAA,EACA;AAAA,EACA,+BAA+B;AACjC,GAA6B;AAC3B,SACE,gBAAAA,KAAC,gBAAa,gBACZ,0BAAAA;AAAA,IAAC;AAAA;AAAA,MACC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MAEC;AAAA;AAAA,EACH,GACF;AAEJ;AAtUA,IA8KM,oBAEO;AAhLb;AAAA;AAAA;AA+JA;AACA;AACA;AAaA,IAAM,qBAAqBH,eAAkD,MAAS;AAE/E,IAAM,iBAAiB,MAAM;AAClC,YAAM,UAAUC,YAAW,kBAAkB;AAC7C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,0DAA0D;AAAA,MAC5E;AACA,aAAO;AAAA,IACT;AAAA;AAAA;;;ACtLA;AAAA;AAAA;AAAA;AAAA;AAkEA,SAAgB,iBAAAG,gBAAe,cAAAC,aAAY,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AAC5F,SAAS,mBAAmB;AAsclB,SACE,OAAAC,MADF,QAAAC,aAAA;AAnaH,SAAS,qBAAqB,EAAE,SAAS,GAA8B;AAC5E,QAAM,CAAC,sBAAsB,uBAAuB,IAAIL,UAA8B,IAAI;AAC1F,QAAM,CAAC,eAAe,gBAAgB,IAAIA,UAAyB,CAAC,CAAC;AACrE,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAAmC,CAAC,CAAC;AACnF,QAAM,CAAC,cAAc,eAAe,IAAIA,UAA8B,oBAAI,IAAI,CAAC;AAC/E,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AACrD,QAAM,CAAC,gBAAgB,iBAAiB,IAAIA,UAAS,KAAK;AAE1D,QAAM,EAAE,MAAM,SAAS,UAAU,QAAQ,IAAI,eAAe;AAG5D,MAAI,WAAgB;AACpB,MAAI;AACF,eAAW,YAAY;AAAA,EACzB,SAASM,QAAO;AAEd,eAAW;AAAA,EACb;AAGA,QAAM,iCAAiCJ,aAAY,OAAO,iBAA8C;AACtG,QAAI,CAAC,YAAY,CAAC,SAAS;AACzB,cAAQ,KAAK,iGAAiG;AAC9G,wBAAkB,KAAK;AACvB;AAAA,IACF;AAEA,QAAI;AACF,YAAM,uBAAuB,UAAU,aAAa,EAAE;AACtD,kBAAY,IAAI,wBAAwB,yCAAyC,aAAa,YAAY;AAC1G,wBAAkB,IAAI;AAAA,IACxB,SAASI,QAAO;AACd,cAAQ,MAAM,uEAAuEA,MAAK;AAC1F,wBAAkB,KAAK;AAAA,IAEzB;AAAA,EACF,GAAG,CAAC,UAAU,OAAO,CAAC;AAGtB,EAAAL,WAAU,MAAM;AACd,QAAI,wBAAwB,YAAY,SAAS;AAE/C,wBAAkB,KAAK;AAGvB,OAAC,YAAY;AACX,cAAM,+BAA+B,oBAAoB;AAAA,MAC3D,GAAG;AAAA,IACL,OAAO;AACL,wBAAkB,KAAK;AAAA,IACzB;AAAA,EACF,GAAG,CAAC,sBAAsB,gCAAgC,UAAU,OAAO,CAAC;AAG5E,QAAM,wBAAwBC,aAAY,YAAY;AACpD,QAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU;AAElC,kBAAY,IAAI,wBAAwB,oEAAoE;AAC5G,8BAAwB,IAAI;AAC5B,uBAAiB,CAAC,CAAC;AACnB,yBAAmB,CAAC,CAAC;AACrB,mBAAa,KAAK;AAClB,eAAS,IAAI;AACb;AAAA,IACF;AACE,iBAAa,IAAI;AACjB,aAAS,IAAI;AAEb,QAAI;AACF,kBAAY,IAAI,wBAAwB,mCAAmC,KAAK,EAAE;AAIlF,UAAI,aAAa;AACjB,UAAI;AACF,cAAM,SAAS,MAAM,SAClB,KAAK,yBAAyB,EAC9B,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,aAaP,EACA,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,UAAU,QAAQ,EACrB,GAAG,cAAc,IAAI,EACrB,GAAG,QAAQ,CAAC,aAAa,UAAU,QAAQ,CAAC;AAE/C,sBAAc,OAAO;AACrB,0BAAkB,OAAO;AAAA,MAC3B,SAAS,YAAiB;AACxB,0BAAkB;AAAA,MACpB;AAEA,UAAI,iBAAiB;AACnB,gBAAQ,MAAM,qDAAqD,eAAe;AAClF,cAAM;AAAA,MACR;AAEA,kBAAY,IAAI,wBAAwB,yBAAyB,WAAW;AAE5E,UAAI,CAAC,eAAe,YAAY,WAAW,GAAG;AAC5C,cAAM,IAAI,MAAM,6CAA6C;AAAA,MAC/D;AAGA,YAAM,kBAAkB,YAAY,IAAI,CAAC,MAAW,EAAE,eAAe;AACrE,YAAM,EAAE,MAAMK,gBAAe,OAAO,SAAS,IAAI,MAAM,SACpD,KAAK,eAAe,EACpB,OAAO,mGAAmG,EAC1G,GAAG,MAAM,eAAe;AAE3B,UAAI,UAAU;AACZ,gBAAQ,MAAM,uDAAuD,QAAQ;AAC7E,cAAM;AAAA,MACR;AAIA,YAAM,UAAU,oBAAI,IAAoB;AACxC,mBAAa,QAAQ,CAAC,eAAoB;AACxC,gBAAQ,IAAI,WAAW,iBAAiB,WAAW,IAAI;AAAA,MACzD,CAAC;AAGD,YAAM,OAAOA;AACb,YAAM,aAAa,KAAK,OAAO,SAAO,IAAI,SAAS;AAEnD,UAAI,WAAW,WAAW,GAAG;AAC3B,cAAM,IAAI,MAAM,4CAA4C;AAAA,MAC9D;AAEA,kBAAY,IAAI,wBAAwB,yBAAyB,UAAU;AAE3E,uBAAiB,UAAU;AAC3B,yBAAmB,WAAuC;AAG1D,sBAAgB,OAAO;AAGvB,UAAI,aAAkC;AAGtC,UAAI;AACF,cAAM,qBAAqB,aAAa,QAAQC,cAAa,qBAAqB;AAClF,YAAI,oBAAoB;AACtB,gBAAM,eAAe,KAAK,MAAM,kBAAkB;AAClD,gBAAM,oBAAoB,WAAW,KAAK,SAAO,IAAI,OAAO,aAAa,EAAE;AAC3E,cAAI,mBAAmB;AACrB,yBAAa;AACb,wBAAY,IAAI,wBAAwB,oCAAoC,WAAW,YAAY;AAAA,UACrG;AAAA,QACF;AAAA,MACF,SAAS,cAAc;AACrB,gBAAQ,KAAK,oEAAoE,YAAY;AAAA,MAC/F;AAGA,UAAI,CAAC,YAAY;AACf,cAAM,kBAAkB,YAAY,KAAK,CAAC,MAAW,EAAE,SAAS,WAAW;AAC3E,YAAI,iBAAiB;AACnB,gBAAM,WAAWD,eAAc,KAAK,CAAC,QAAa,IAAI,OAAO,gBAAgB,eAAe;AAC5F,cAAI,UAAU;AACZ,yBAAa;AACb,wBAAY,IAAI,wBAAwB,oCAAoC,WAAW,YAAY;AAAA,UACrG;AAAA,QACF;AAAA,MACF;AAGA,UAAI,CAAC,YAAY;AACf,qBAAa,WAAW,CAAC;AACzB,oBAAY,IAAI,wBAAwB,gCAAgC,WAAW,YAAY;AAAA,MACjG;AAEA,UAAI,CAAC,YAAY;AACf,cAAM,IAAI,MAAM,sCAAsC;AAAA,MACxD;AAEA,8BAAwB,UAAU;AAGlC,mBAAa,QAAQC,cAAa,uBAAuB,KAAK,UAAU,UAAU,CAAC;AAEnF,kBAAY,IAAI,wBAAwB,qCAAqC;AAAA,QAC3E,sBAAsB,WAAW;AAAA,QACjC,oBAAoB,WAAW;AAAA,QAC/B,UAAU,QAAQ,IAAI,WAAW,EAAE;AAAA,MACrC,CAAC;AAAA,IAEH,SAAS,KAAK;AACZ,cAAQ,MAAM,wDAAwD,GAAG;AACzE,eAAS,GAAY;AAErB,8BAAwB,IAAI;AAC5B,uBAAiB,CAAC,CAAC;AACnB,yBAAmB,CAAC,CAAC;AACrB,mBAAa,WAAWA,cAAa,qBAAqB;AAAA,IAC5D,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACJ,GAAG,CAAC,MAAM,SAAS,QAAQ,CAAC;AAG5B,EAAAP,WAAU,MAAM;AACd,0BAAsB;AAAA,EACxB,GAAG,CAAC,qBAAqB,CAAC;AAG1B,QAAM,0BAA0BC,aAAY,YAAY;AACtD,QAAI;AACF,YAAM,QAAQ;AACd,UAAI,UAAU;AACZ,iBAAS,UAAU,EAAE,SAAS,KAAK,CAAC;AAAA,MACtC,OAAO;AAEL,eAAO,SAAS,OAAO;AAAA,MACzB;AAAA,IACF,SAASI,QAAO;AACd,cAAQ,MAAM,+CAA+CA,MAAK;AAElE,UAAI,UAAU;AACZ,iBAAS,UAAU,EAAE,SAAS,KAAK,CAAC;AAAA,MACtC,OAAO;AAEL,eAAO,SAAS,OAAO;AAAA,MACzB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,QAAQ,CAAC;AAGtB,QAAM,4BAA4BJ,aAAY,MAAoB;AAChE,QAAI,CAAC,sBAAsB;AACzB,YAAM,IAAI,MAAM,oDAAoD;AAAA,IACtE;AACA,WAAO;AAAA,EACT,GAAG,CAAC,oBAAoB,CAAC;AAGzB,QAAM,cAAcA,aAAY,CAAC,UAA2B;AAC1D,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,YAAa,QAAO;AAGzB,WAAO,aAAa,IAAI,WAAW,KAAK;AAAA,EAC1C,GAAG,CAAC,cAAc,oBAAoB,CAAC;AAGvC,QAAM,6BAA6BA,aAAY,CAAC,UAA2B;AACzE,WAAO,gBAAgB;AAAA,MAAK,CAAC,MAC3B,EAAE,oBAAoB,SACtB,EAAE,WAAW,YACb,EAAE,eAAe;AAAA,IACnB;AAAA,EACF,GAAG,CAAC,eAAe,CAAC;AAGpB,QAAM,qBAAqBA,aAAY,OAAO,UAAiC;AAC7E,gBAAY,IAAI,wBAAwB,8BAA8B,KAAK;AAG3E,QAAI,CAAC,2BAA2B,KAAK,GAAG;AACtC,YAAM,IAAI,MAAM,6CAA6C,KAAK,EAAE;AAAA,IACtE;AAEA,UAAM,YAAY,cAAc,KAAK,SAAO,IAAI,OAAO,KAAK;AAC5D,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,gBAAgB,KAAK,oCAAoC;AAAA,IAC3E;AAEA,4BAAwB,SAAS;AAGjC,iBAAa,QAAQM,cAAa,uBAAuB,KAAK,UAAU,SAAS,CAAC;AAGlF,UAAM,+BAA+B,SAAS;AAE9C,gBAAY,IAAI,wBAAwB,6BAA6B,UAAU,YAAY;AAAA,EAC7F,GAAG,CAAC,eAAe,4BAA4B,8BAA8B,CAAC;AAG9E,QAAM,uBAAuBN,aAAY,YAA2B;AAClE,QAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,SAAU;AAGpC,iBAAa,IAAI;AAAA,EAEnB,GAAG,CAAC,MAAM,SAAS,QAAQ,CAAC;AAG5B,QAAM,yBAAyBA,aAAY,MAA2B;AAEpE,UAAM,eAAe,CAAC,aAAa,UAAU,QAAQ;AAErD,eAAW,QAAQ,cAAc;AAC/B,YAAM,aAAa,gBAAgB,KAAK,CAAC,MAAW,EAAE,SAAS,IAAI;AACnE,UAAI,YAAY;AACd,eAAO,cAAc,KAAK,CAAC,QAAa,IAAI,OAAO,WAAW,eAAe,KAAK;AAAA,MACpF;AAAA,IACF;AAEA,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,aAAa,CAAC;AAGnC,QAAM,uBAAuBA,aAAY,MAAe;AACtD,WAAO,CAAC,EAAE,wBAAwB;AAAA,EACpC,GAAG,CAAC,sBAAsB,IAAI,CAAC;AAG/B,QAAM,6BAA6BA,aAAY,CAAC,SAAkD;AAChG,UAAM,SAAS,oBAAI,IAA0B;AAC7C,SAAK,QAAQ,SAAO,OAAO,IAAI,IAAI,IAAI,GAAG,CAAC;AAE3C,UAAM,QAAiC,CAAC;AAExC,SAAK,QAAQ,SAAO;AAClB,UAAI,CAAC,IAAI,WAAW;AAElB,cAAM,KAAK;AAAA,UACT,cAAc;AAAA,UACd,UAAU,CAAC;AAAA,UACX,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAGD,WAAO;AAAA,EACT,GAAG,CAAC,CAAC;AAGL,QAAM,8BAA8BC,SAAQ,MAAM;AAChD,WAAO,CAAC,EAAE,wBAAwB,CAAC,aAAa,CAAC,SAAS;AAAA,EAC5D,GAAG,CAAC,sBAAsB,WAAW,OAAO,cAAc,CAAC;AAG3D,QAAM,eAAeA,SAAiC,MAAM;AAE1D,QAAI,CAAC,sBAAsB;AAGzB,YAAM,iBAA+B;AAAA,QACnC,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,cAAc;AAAA,QACd,mBAAmB;AAAA,QACnB,UAAU,CAAC;AAAA,QACX,WAAW;AAAA,QACX,YAAY;AAAA,QACZ,YAAY;AAAA,MACd;AAEA,aAAO;AAAA,QACL,sBAAsB;AAAA,QACtB,eAAe,CAAC;AAAA,QAChB,iBAAiB,CAAC;AAAA,QAClB;AAAA,QACA;AAAA,QACA,6BAA6B;AAAA,QAC7B,yBAAyB,MAAM;AAAA,QAAC;AAAA,QAChC,oBAAoB,YAAY;AAAA,QAAC;AAAA,QACjC,aAAa,MAAM;AAAA,QACnB,4BAA4B,MAAM;AAAA,QAClC,sBAAsB,YAAY;AAAA,QAAC;AAAA,QACnC,2BAA2B,MAAM;AAAE,gBAAM,IAAI,MAAM,yBAAyB;AAAA,QAAgC;AAAA,QAC5G,sBAAsB,MAAM;AAAA,QAC5B,wBAAwB,MAAM;AAAA,MAChC;AAAA,IACF;AAEA,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF,GAAG;AAAA,IACD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAGD,MAAI,aAAc,wBAAwB,CAAC,gBAAiB;AAC1D,WACE,gBAAAC,KAAC,SAAI,WAAU,wBAAuB,MAAK,UAAS,cAAW,gCAC7D,0BAAAA,KAAC,SAAI,WAAU,iDACb,0BAAAC,MAAC,SAAI,WAAU,eACb;AAAA,sBAAAD,KAAC,SAAI,WAAU,4EAA2E;AAAA,MAC1F,gBAAAA,KAAC,OAAE,WAAU,yBACV,sBAAY,oCAAoC,sCACnD;AAAA,OACF,GACF,GACF;AAAA,EAEJ;AAEA,MAAI,SAAU,QAAQ,CAAC,sBAAuB;AAC5C,WACE,gBAAAA,KAAC,SAAI,WAAU,sBAAqB,MAAK,SACvC,0BAAAA,KAAC,SAAI,WAAU,iDACb,0BAAAC,MAAC,SAAI,WAAU,oCACb;AAAA,sBAAAD,KAAC,SAAI,WAAU,yBACb,0BAAAA,KAAC,SAAI,WAAU,qBAAoB,MAAK,QAAO,SAAQ,aAAY,QAAO,gBACxE,0BAAAA,KAAC,UAAK,eAAc,SAAQ,gBAAe,SAAQ,aAAa,GAAG,GAAE,4IAA2I,GAClN,GACF;AAAA,MACA,gBAAAA,KAAC,QAAG,WAAU,8CAA6C,0CAE3D;AAAA,MACA,gBAAAA,KAAC,OAAE,WAAU,8BACV,iBAAO,WAAW,8GACrB;AAAA,MACA,gBAAAA;AAAA,QAAC;AAAA;AAAA,UACC,SAAS;AAAA,UACT,WAAU;AAAA,UACX;AAAA;AAAA,MAED;AAAA,OACF,GACF,GACF;AAAA,EAEJ;AAEA,SACE,gBAAAA,KAAC,oBAAoB,UAApB,EAA6B,OAAO,cAClC,UACH;AAEJ;AArjBA,IAiFM,qBAGAI,eAyeO;AA7jBb;AAAA;AAAA;AAoEA;AACA;AACA;AAWA,IAAM,sBAAsBV,eAAmD,MAAS;AAGxF,IAAMU,gBAAe;AAAA,MACnB,uBAAuB;AAAA,MACvB,sBAAsB;AAAA,IACxB;AAseO,IAAM,mBAAmB,MAA+B;AAC7D,YAAM,UAAUT,YAAW,mBAAmB;AAC9C,UAAI,CAAC,SAAS;AACZ,cAAM,IAAI,MAAM,8DAA8D;AAAA,MAChF;AACA,aAAO;AAAA,IACT;AAAA;AAAA;","names":["session","authError","createContext","useContext","useState","useEffect","useCallback","useMemo","jsx","permissions","roles","useState","useEffect","useCallback","useEffect","useState","useCallback","jsx","createContext","useContext","useState","useEffect","useCallback","useMemo","jsx","jsxs","createContext","useContext","useMemo","jsx","createContext","useContext","useState","useEffect","useCallback","useMemo","jsx","jsxs","error","organisations","STORAGE_KEYS"]}