@jmruthers/pace-core 0.6.5 → 0.6.7

package/cursor-rules/README.md

@@ -1,192 +0,0 @@
-# pace-core Cursor Rules
-
-This directory contains Cursor rules that ensure consuming apps maintain quality, consistency, and compliance with pace-core standards.
-
-## What are Cursor Rules?
-
-Cursor rules are `.mdc` (Markdown Cursor) files that guide AI assistants (like Cursor) to follow specific patterns and standards when writing code. These rules are automatically loaded by Cursor when present in `.cursor/rules/` directory.
-
-## Installation
-
-### Automatic Installation (Recommended)
-
-Run the installation script from your consuming app root:
-
-```bash
-node node_modules/@jmruthers/pace-core/scripts/install-cursor-rules.cjs
-```
-
-Or add to your `package.json`:
-
-```json
-{
-  "scripts": {
-    "setup:cursor-rules": "node node_modules/@jmruthers/pace-core/scripts/install-cursor-rules.cjs"
-  }
-}
-```
-
-Then run:
-
-```bash
-npm run setup:cursor-rules
-```
-
-### Manual Installation
-
-Copy all `.mdc` files from `node_modules/@jmruthers/pace-core/cursor-rules/` to your `.cursor/rules/` directory.
-
-## Rule Files
-
-The rules are numbered for ordering (00-08):
-
-- **00-pace-core-compliance.mdc** - Enforce pace-core usage patterns
-- **01-standards-compliance.mdc** - Enforce all pace-core standards
-- **02-project-structure.mdc** - Define standard folder structure
-- **03-solid-principles.mdc** - Enforce SOLID architecture principles
-- **04-testing-standards.mdc** - Enforce testing framework consistency
-- **05-bug-reports-and-features.mdc** - Templates for bug reports and feature requests (guidance-only)
-- **06-code-quality.mdc** - Enforce code quality standards
-- **07-tech-stack-compliance.mdc** - Enforce tech stack versions and patterns
-- **08-markup-quality.mdc** - Enforce clean markup standards, semantic HTML usage, and pace-core component patterns
-
-## Rule Numbering System
-
-- **pace-core rules**: `00-09` (reserved for pace-core)
-- **Your app rules**: `50+` (create your own rules starting at 50)
-
-This ensures pace-core rules load first, and your custom rules load after.
-
-## Customization
-
-### Adding Your Own Rules
-
-Create your own rules in `.cursor/rules/` with numbers starting at `50`:
-
-```
-.cursor/rules/
-├── 00-pace-core-compliance.mdc      # pace-core rule
-├── 01-standards-compliance.mdc     # pace-core rule
-├── ...
-├── 50-my-custom-rule.mdc           # Your custom rule
-└── 51-another-custom-rule.mdc      # Your custom rule
-```
-
-### Updating Rules
-
-When pace-core is updated, run the installation script again. The script will:
-- **Automatically update** pace-core rules (00-09) if they've changed (version or content differs)
-- Preserve your custom rules (50+)
-- Skip files that are already up to date
-
-### Force Update
-
-To force update all rules (even when versions match):
-
-```bash
-node node_modules/@jmruthers/pace-core/scripts/install-cursor-rules.cjs --force
-```
-
-**Note**: Normally, pace-core rules (00-09) are automatically updated when they change. The `--force` flag forces an update even when versions match (useful if content changed but version metadata wasn't updated).
-
-## How Cursor Uses Rules
-
-Cursor automatically loads all `.mdc` files from `.cursor/rules/` when:
-- You open a file that matches the rule's `globs` pattern
-- You ask Cursor to write or modify code
-- Cursor needs context for code generation
-
-Rules with `alwaysApply: true` are always considered, while rules with `alwaysApply: false` are only referenced when relevant.
-
-## Explicitly Referencing Rules
-
-When working with Cursor, you can explicitly reference rules:
-
-> "Use pace-core components and follow rules 00–04."
-
-This helps Cursor focus on specific rule sets.
-
-## Rule Format
-
-Each rule file follows this format:
-
-```markdown
----
-description: Brief description
-globs: ["targeted/path/**/*.{ts,tsx}"]  # Files this rule applies to
-alwaysApply: true  # or false
-paceCoreVersion: "0.5.x"  # pace-core version
-rulesVersion: "2025-01-15"  # Rule update date
----
-
-# Rule Title
-
-Content with examples and guidelines.
-```
-
-## Safety Guards
-
-The installation script includes safety guards:
-
-- **Environment variable**: Set `PACE_CURSOR_RULES_DISABLED=1` to skip installation
-- **Git check**: Skips if no `.git` folder exists (CI/safety)
-- **Auto-update**: Automatically updates pace-core rules (00-09) when they change
-- **Protection**: Never overwrites custom app rules (50+)
-
-## Monorepo Support
-
-For monorepos, run the installation script from each app's root directory. Each app maintains its own `.cursor/rules/` directory.
-
-## Troubleshooting
-
-### Rules Not Loading
-
-1. Verify rules are in `.cursor/rules/` directory
-2. Check file extensions are `.mdc`
-3. Restart Cursor if rules were just installed
-4. Check rule frontmatter is valid YAML
-
-### Rules Conflicting
-
-1. Check rule numbering (pace-core: 00-09, yours: 50+)
-2. Verify `globs` patterns don't overlap unnecessarily
-3. Review rule priorities in frontmatter
-
-### Installation Fails
-
-1. Check you're in the app root directory
-2. Verify `node_modules/@jmruthers/pace-core/` exists
-3. Check file permissions
-4. Try with `--force` flag if needed
-
-## Audit Tool
-
-Run the audit tool to check compliance:
-
-```bash
-node node_modules/@jmruthers/pace-core/scripts/audit-consuming-app.cjs
-```
-
-This generates a timestamped markdown report in `audit/` directory.
-
-## Version Tracking
-
-Each rule file includes version metadata:
-- `paceCoreVersion`: pace-core version these rules target
-- `rulesVersion`: Date when rules were last updated
-
-Check these to see if rules need updating.
-
-## Related Documentation
-
-- [pace-core Standards](../docs/standards/README.md)
-- [Getting Started Guide](../docs/getting-started/cursor-rules.md)
-- [pace-core Exports](../docs/api-reference/README.md)
-
-## Support
-
-For issues with cursor rules:
-1. Check this README
-2. Review rule files for guidance
-3. File an issue in pace-core repository
-4. Check pace-core documentation

package/dist/DataTable-AOVNCPTX.js

@@ -1,175 +0,0 @@
-import {
-  ActionButtons,
-  BulkOperationsDropdown,
-  ColumnFactory,
-  ColumnVisibilityDropdown,
-  DataTable,
-  DataTableCore,
-  DataTableErrorBoundary,
-  DataTableModals,
-  DataTableToolbar,
-  EditableRow,
-  EmptyState,
-  EnhancedPaginationControls,
-  GroupHeader,
-  GroupingDropdown,
-  ImportModal,
-  LoadingState,
-  PaginationControls,
-  UnifiedTableBody,
-  announce,
-  announceBulkOperation,
-  announceFilterChange,
-  announceLoadingState,
-  announcePaginationChange,
-  announceSearchResults,
-  announceSelectionChange,
-  announceSortChange,
-  average,
-  calculateAllDepths,
-  calculateAllIndentation,
-  calculateIndentation,
-  calculateOptimalPageSize,
-  cleanupLiveRegion,
-  count,
-  createHierarchicalStructure,
-  defaultDataTableFeatures,
-  exportToCSV,
-  exportToCSVWithTableRows,
-  generateCSVContent,
-  getAriaSortValue,
-  getCellRenderer,
-  getColumnHeaderText,
-  getHierarchicalSortConfig,
-  getPageSizeOptions,
-  getPaginationBinding,
-  getRowDepth,
-  getRowDescription,
-  getRowIdSafe,
-  getSortButtonLabel,
-  groupHierarchicalData,
-  hasValidRowId,
-  initializeLiveRegion,
-  isHierarchicalSortableColumn,
-  max,
-  min,
-  normalizeDataTableFeatures,
-  shouldShowColumnForRow,
-  sortHierarchicalDataByStructure,
-  sortHierarchicalDataWithSorting,
-  sum,
-  validateHierarchicalData,
-  validatePaginationConfig
-} from "./chunk-IVOFDYWT.js";
-import "./chunk-HU2C6SSC.js";
-import {
-  CircuitBreaker,
-  DEFAULT_FALLBACK_CONFIG,
-  DataChunkManager,
-  DataTableError,
-  DataTableErrorType,
-  ErrorRecoveryManager,
-  MemoryMonitor,
-  SearchIndex,
-  VisibilityTracker,
-  chunkData,
-  debounce,
-  determinePaginationMode,
-  getOptimalPageSizeOptions,
-  safeExecute,
-  throttle,
-  useDataTablePerformance
-} from "./chunk-JGRYX5UX.js";
-import "./chunk-NTM7ZSB6.js";
-import "./chunk-KQCRWDSA.js";
-import "./chunk-IHB5DR3H.js";
-import "./chunk-EFN2EIMK.js";
-import "./chunk-63FOKYGO.js";
-import "./chunk-AFVQODI2.js";
-import "./chunk-QXHPKYJV.js";
-import "./chunk-M43Y4SSO.js";
-import "./chunk-M7MPQISP.js";
-import "./chunk-FMUCXFII.js";
-import "./chunk-VBXEHIUJ.js";
-import "./chunk-PWLANIRT.js";
-import "./chunk-DGUM43GV.js";
-export {
-  ActionButtons,
-  BulkOperationsDropdown,
-  CircuitBreaker,
-  ColumnFactory,
-  ColumnVisibilityDropdown,
-  DEFAULT_FALLBACK_CONFIG,
-  DataChunkManager,
-  DataTable,
-  DataTableCore,
-  DataTableError,
-  DataTableErrorBoundary,
-  DataTableErrorType,
-  DataTableModals,
-  DataTableToolbar,
-  EditableRow,
-  EmptyState,
-  EnhancedPaginationControls,
-  ErrorRecoveryManager,
-  GroupHeader,
-  GroupingDropdown,
-  ImportModal,
-  LoadingState,
-  MemoryMonitor,
-  PaginationControls,
-  SearchIndex,
-  UnifiedTableBody,
-  VisibilityTracker,
-  announce,
-  announceBulkOperation,
-  announceFilterChange,
-  announceLoadingState,
-  announcePaginationChange,
-  announceSearchResults,
-  announceSelectionChange,
-  announceSortChange,
-  average,
-  calculateAllDepths,
-  calculateAllIndentation,
-  calculateIndentation,
-  calculateOptimalPageSize,
-  chunkData,
-  cleanupLiveRegion,
-  count,
-  createHierarchicalStructure,
-  debounce,
-  defaultDataTableFeatures,
-  determinePaginationMode,
-  exportToCSV,
-  exportToCSVWithTableRows,
-  generateCSVContent,
-  getAriaSortValue,
-  getCellRenderer,
-  getColumnHeaderText,
-  getHierarchicalSortConfig,
-  getOptimalPageSizeOptions,
-  getPageSizeOptions,
-  getPaginationBinding,
-  getRowDepth,
-  getRowDescription,
-  getRowIdSafe,
-  getSortButtonLabel,
-  groupHierarchicalData,
-  hasValidRowId,
-  initializeLiveRegion,
-  isHierarchicalSortableColumn,
-  max,
-  min,
-  normalizeDataTableFeatures,
-  safeExecute,
-  shouldShowColumnForRow,
-  sortHierarchicalDataByStructure,
-  sortHierarchicalDataWithSorting,
-  sum,
-  throttle,
-  useDataTablePerformance,
-  validateHierarchicalData,
-  validatePaginationConfig
-};
-//# sourceMappingURL=DataTable-AOVNCPTX.js.map

package/dist/DataTable-AOVNCPTX.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/UnifiedAuthProvider-4SBX4LU5.js

@@ -1,18 +0,0 @@
-import {
-  UnifiedAuthContext,
-  UnifiedAuthProvider,
-  useUnifiedAuth
-} from "./chunk-IHB5DR3H.js";
-import "./chunk-EFN2EIMK.js";
-import "./chunk-63FOKYGO.js";
-import "./chunk-AFVQODI2.js";
-import "./chunk-QXHPKYJV.js";
-import "./chunk-VBXEHIUJ.js";
-import "./chunk-PWLANIRT.js";
-import "./chunk-DGUM43GV.js";
-export {
-  UnifiedAuthContext,
-  UnifiedAuthProvider,
-  useUnifiedAuth
-};
-//# sourceMappingURL=UnifiedAuthProvider-4SBX4LU5.js.map

package/dist/UnifiedAuthProvider-4SBX4LU5.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/api-O6HTBX5Y.js

@@ -1,52 +0,0 @@
-import {
-  clearCache,
-  getAccessLevel,
-  getPageScopeType,
-  getPermissionMap,
-  getRoleContext,
-  hasAllPermissions,
-  hasAnyPermission,
-  hasPermission,
-  invalidateAppCache,
-  invalidateEventCache,
-  invalidateOrganisationCache,
-  invalidateUserCache,
-  isEventAdmin,
-  isOrganisationAdmin,
-  isPermitted,
-  isPermittedCached,
-  isRBACInitialized,
-  isSuperAdmin,
-  resolveAppContext,
-  setupRBAC
-} from "./chunk-EFN2EIMK.js";
-import "./chunk-63FOKYGO.js";
-import {
-  OrganisationContextRequiredError
-} from "./chunk-AFVQODI2.js";
-import "./chunk-PWLANIRT.js";
-import "./chunk-DGUM43GV.js";
-export {
-  OrganisationContextRequiredError,
-  clearCache,
-  getAccessLevel,
-  getPageScopeType,
-  getPermissionMap,
-  getRoleContext,
-  hasAllPermissions,
-  hasAnyPermission,
-  hasPermission,
-  invalidateAppCache,
-  invalidateEventCache,
-  invalidateOrganisationCache,
-  invalidateUserCache,
-  isEventAdmin,
-  isOrganisationAdmin,
-  isPermitted,
-  isPermittedCached,
-  isRBACInitialized,
-  isSuperAdmin,
-  resolveAppContext,
-  setupRBAC
-};
-//# sourceMappingURL=api-O6HTBX5Y.js.map

package/dist/api-O6HTBX5Y.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/audit-V53FV5AG.js

@@ -1,17 +0,0 @@
-import {
-  RBACAuditManager,
-  createAuditManager,
-  emitAuditEvent,
-  getGlobalAuditManager,
-  setGlobalAuditManager
-} from "./chunk-63FOKYGO.js";
-import "./chunk-PWLANIRT.js";
-import "./chunk-DGUM43GV.js";
-export {
-  RBACAuditManager,
-  createAuditManager,
-  emitAuditEvent,
-  getGlobalAuditManager,
-  setGlobalAuditManager
-};
-//# sourceMappingURL=audit-V53FV5AG.js.map

package/dist/audit-V53FV5AG.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/chunk-5DRSZLL2.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/styles/index.ts"],"sourcesContent":["/**\n * @file Styles Index\n * @package @jmruthers/pace-core\n * @module Styles\n * @since 2.0.0\n * \n * Central export for all pace-core styles.\n * This file provides easy access to all CSS files for consuming applications.\n * \n * @example\n * ```tsx\n * // Import the core CSS file\n * import '@jmruthers/pace-core/src/styles/core.css';\n * ```\n * \n * @example\n * ```tsx\n * // For dynamic theming, import from theming/runtime\n * import { applyPalette, clearPalette } from '@jmruthers/pace-core/theming/runtime';\n * ```\n */\n\n// Note: CSS files are available at runtime via package exports\n// Import them using the individual file paths\n\n// Type definitions for style imports\nexport interface StyleImport {\n  default: string;\n}\n\n// Style configuration\nexport const styleConfig = {\n  core: {\n    path: './core.css',\n    description: 'Complete CSS foundation including base styles, theme mappings, fonts, resets, and neutral tokens'\n  }\n} as const;\n\n// Helper function to get style paths\nexport function getStylePath(style: keyof typeof styleConfig): string {\n  return styleConfig[style].path;\n}\n\n// Helper function to get all style paths\nexport function getAllStylePaths(): string[] {\n  return Object.values(styleConfig).map(config => config.path);\n}\n"],"mappings":";AA+BO,IAAM,cAAc;AAAA,EACzB,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AACF;AAGO,SAAS,aAAa,OAAyC;AACpE,SAAO,YAAY,KAAK,EAAE;AAC5B;AAGO,SAAS,mBAA6B;AAC3C,SAAO,OAAO,OAAO,WAAW,EAAE,IAAI,YAAU,OAAO,IAAI;AAC7D;","names":[]}

package/dist/chunk-63FOKYGO.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/rbac/audit-batched.ts","../src/rbac/audit.ts"],"sourcesContent":["/**\n * Batched Audit Manager for RBAC\n * @package @jmruthers/pace-core\n * @module RBAC/AuditBatched\n * @since 2.0.0\n * \n * This module provides batched audit logging to reduce network requests\n * by queuing events and sending them in batches.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../types/database';\nimport { RBACAuditEvent, UUID } from './types';\nimport { AuditEventPayload } from './audit';\nimport { logger } from '../utils/core/logger';\n\nexport interface BatchedAuditConfig {\n  /** Enable batched audit logging (default: true) */\n  enabled: boolean;\n  /** Time window in milliseconds to wait before sending batch (default: 100ms) */\n  batchWindow: number;\n  /** Maximum batch size before forcing send (default: 10) */\n  batchSize: number;\n}\n\nconst DEFAULT_CONFIG: BatchedAuditConfig = {\n  enabled: true,\n  batchWindow: 500, // 500ms - increased for better batching\n  batchSize: 20, // Increased from 10 to 20 for better efficiency\n};\n\n/**\n * Batched Audit Manager\n * \n * Queues audit events and sends them in batches to reduce network requests.\n */\nexport class BatchedAuditManager {\n  private supabase: SupabaseClient<Database>;\n  private config: BatchedAuditConfig;\n  private eventQueue: Array<Omit<RBACAuditEvent, 'id' | 'created_at'>> = [];\n  private flushTimer: ReturnType<typeof setTimeout> | null = null;\n  private isFlushing: boolean = false;\n\n  constructor(supabase: SupabaseClient<Database>, config: Partial<BatchedAuditConfig> = {}) {\n    this.supabase = supabase;\n    this.config = { ...DEFAULT_CONFIG, ...config };\n  }\n\n  /**\n   * Update configuration\n   */\n  updateConfig(config: Partial<BatchedAuditConfig>): void {\n    this.config = { ...this.config, ...config };\n  }\n\n  /**\n   * Queue an audit event for batching\n   * \n   * @param event - Audit event payload\n   */\n  async queueEvent(event: AuditEventPayload): Promise<void> {\n    if (!this.config.enabled) {\n      // If batching is disabled, send immediately\n      await this.sendEventImmediately(event);\n      return;\n    }\n\n    // Skip audit logging for cached checks (only log on cache miss)\n    if ('cache_hit' in event && event.cache_hit === true) {\n      return;\n    }\n\n    // Convert event payload to database format\n    const auditEvent = this.convertToAuditEvent(event);\n    if (!auditEvent) {\n      return;\n    }\n\n    // Add to queue\n    this.eventQueue.push(auditEvent);\n\n    // Check if we should flush immediately\n    if (this.eventQueue.length >= this.config.batchSize) {\n      await this.flush();\n    } else {\n      // Schedule flush after batch window\n      this.scheduleFlush();\n    }\n  }\n\n  /**\n   * Convert audit event payload to database format\n   */\n  private convertToAuditEvent(event: AuditEventPayload): Omit<RBACAuditEvent, 'id' | 'created_at'> | null {\n    // Validate required fields\n    if (!event.userId) {\n      logger.error('RBAC Audit', 'Cannot queue audit event without userId:', {\n        eventType: event.type,\n        organisationId: event.organisationId\n      });\n      return null;\n    }\n\n    // Validate pageId: only include in page_id column if it's a valid UUID\n    const rawPageId = 'pageId' in event ? event.pageId : undefined;\n    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n    const isValidPageIdUuid = rawPageId && uuidRegex.test(rawPageId);\n    const pageIdUuid: UUID | undefined = isValidPageIdUuid ? (rawPageId as UUID) : undefined;\n    const pageIdName: string | undefined = rawPageId && !isValidPageIdUuid ? rawPageId : undefined;\n\n    return {\n      event_type: event.type,\n      user_id: event.userId,\n      organisation_id: event.organisationId || null,\n      event_id: 'eventId' in event ? event.eventId : undefined,\n      app_id: 'appId' in event ? event.appId : undefined,\n      page_id: pageIdUuid,\n      permission: 'permission' in event ? event.permission : undefined,\n      decision: 'decision' in event ? event.decision : undefined,\n      source: 'source' in event ? event.source : 'api',\n      bypass: 'bypass' in event ? event.bypass : undefined,\n      duration_ms: 'duration_ms' in event ? event.duration_ms : undefined,\n      metadata: {\n        ...event.metadata,\n        cache_hit: 'cache_hit' in event ? event.cache_hit : undefined,\n        cache_source: 'cache_source' in event ? event.cache_source : undefined,\n        no_organisation_context: !event.organisationId,\n        page_name: pageIdName,\n      },\n    };\n  }\n\n  /**\n   * Schedule a flush after the batch window\n   */\n  private scheduleFlush(): void {\n    if (this.flushTimer) {\n      return; // Already scheduled\n    }\n\n    this.flushTimer = setTimeout(() => {\n      this.flushTimer = null;\n      this.flush();\n    }, this.config.batchWindow);\n  }\n\n  /**\n   * Flush all queued events\n   */\n  async flush(): Promise<void> {\n    if (this.isFlushing || this.eventQueue.length === 0) {\n      return;\n    }\n\n    // Clear any pending timer\n    if (this.flushTimer) {\n      clearTimeout(this.flushTimer);\n      this.flushTimer = null;\n    }\n\n    this.isFlushing = true;\n\n    try {\n      // Get all events from queue\n      const eventsToSend = [...this.eventQueue];\n      this.eventQueue = [];\n\n      if (eventsToSend.length === 0) {\n        return;\n      }\n\n      // Send batch to database\n      const { error } = await (this.supabase as any)\n        .from('rbac_audit_events')\n        .insert(eventsToSend);\n\n      if (error) {\n        logger.warn('RBAC Audit', 'Failed to insert batched audit events:', {\n          error: error.message,\n          code: error.code,\n          batchSize: eventsToSend.length,\n        });\n      }\n    } catch (error) {\n      logger.error('RBAC Audit', 'Unexpected error during batched audit logging:', error);\n    } finally {\n      this.isFlushing = false;\n    }\n  }\n\n  /**\n   * Send event immediately (bypass batching)\n   */\n  private async sendEventImmediately(event: AuditEventPayload): Promise<void> {\n    const auditEvent = this.convertToAuditEvent(event);\n    if (!auditEvent) {\n      return;\n    }\n\n    try {\n      const { error } = await (this.supabase as any)\n        .from('rbac_audit_events')\n        .insert([auditEvent]);\n\n      if (error) {\n        logger.warn('RBAC Audit', 'Failed to insert audit event:', {\n          error: error.message,\n          code: error.code,\n        });\n      }\n    } catch (error) {\n      logger.error('RBAC Audit', 'Unexpected error during audit logging:', error);\n    }\n  }\n\n  /**\n   * Force flush and wait for completion\n   */\n  async forceFlush(): Promise<void> {\n    await this.flush();\n  }\n}\n\n","/**\n * RBAC Audit Events System\n * @package @jmruthers/pace-core\n * @module RBAC/Audit\n * @since 1.0.0\n * \n * This module provides structured audit event emission for all RBAC operations.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../types/database';\nimport { \n  UUID, \n  AuditEventSource, \n  RBACAuditEvent \n} from './types';\nimport type { AuditEventType } from './types/functions';\nimport { logger } from '../utils/core/logger';\nimport { BatchedAuditManager } from './audit-batched';\n\n/**\n * Audit event payload for permission checks\n */\nexport interface PermissionCheckAuditEvent {\n  type: 'permission_check';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  pageId?: UUID;\n  permission: string;\n  decision: boolean;\n  source: AuditEventSource;\n  bypass?: boolean;\n  duration_ms: number;\n  cache_hit?: boolean;\n  cache_source?: 'memory' | 'database' | 'rpc';\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for permission denied\n */\nexport interface PermissionDeniedAuditEvent {\n  type: 'permission_denied';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  pageId?: UUID;\n  permission: string;\n  source: AuditEventSource;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for role granted\n */\nexport interface RoleGrantedAuditEvent {\n  type: 'role_granted';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  role: string;\n  grantedBy: UUID;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for role revoked\n */\nexport interface RoleRevokedAuditEvent {\n  type: 'role_denied';\n  userId: UUID;\n  organisationId: UUID;\n  eventId?: string;\n  appId?: UUID;\n  role: string;\n  revokedBy: UUID;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for RLS denied\n */\nexport interface RLSDeniedAuditEvent {\n  type: 'rls_denied';\n  userId: UUID;\n  organisationId: UUID;\n  table: string;\n  operation: string;\n  metadata?: Record<string, any>;\n}\n\n/**\n * Union type for all audit events\n */\nexport type AuditEventPayload = \n  | PermissionCheckAuditEvent\n  | PermissionDeniedAuditEvent\n  | RoleGrantedAuditEvent\n  | RoleRevokedAuditEvent\n  | RLSDeniedAuditEvent;\n\n/**\n * RBAC Audit Manager\n * \n * Handles emission of structured audit events for all RBAC operations.\n */\nexport class RBACAuditManager {\n  private supabase: SupabaseClient<Database>;\n  private enabled: boolean = true;\n  private fallbackEnabled: boolean = true;\n  private batchedManager: BatchedAuditManager | null = null;\n  private useBatching: boolean = true;\n\n  constructor(\n    supabase: SupabaseClient<Database>, \n    useBatching: boolean = true,\n    batchConfig?: { batchWindow?: number; batchSize?: number }\n  ) {\n    this.supabase = supabase;\n    this.useBatching = useBatching;\n    if (useBatching) {\n      this.batchedManager = new BatchedAuditManager(supabase, batchConfig);\n    }\n  }\n\n  /**\n   * Enable or disable audit logging\n   * \n   * @param enabled - Whether to enable audit logging\n   */\n  setEnabled(enabled: boolean): void {\n    this.enabled = enabled;\n  }\n\n  /**\n   * Check if audit logging is enabled\n   * \n   * @returns True if audit logging is enabled\n   */\n  isEnabled(): boolean {\n    return this.enabled;\n  }\n\n  /**\n   * Enable or disable fallback logging (console logging when database fails)\n   * \n   * @param enabled - Whether to enable fallback logging\n   */\n  setFallbackEnabled(enabled: boolean): void {\n    this.fallbackEnabled = enabled;\n  }\n\n  /**\n   * Emit an audit event\n   * \n   * @param event - Audit event payload\n   * @returns Promise that resolves when event is logged\n   */\n  async emitEvent(event: AuditEventPayload): Promise<void> {\n    if (!this.enabled) {\n      return;\n    }\n\n    // Skip audit logging for cached checks (only log on cache miss)\n    if ('cache_hit' in event && event.cache_hit === true) {\n      return;\n    }\n\n    // Use batched manager if enabled\n    if (this.useBatching && this.batchedManager) {\n      await this.batchedManager.queueEvent(event);\n      return;\n    }\n\n    // Validate required fields before attempting to insert\n    // MANDATORY: All audit events must have userId\n    if (!event.userId) {\n      logger.error('RBAC Audit', 'CRITICAL: Cannot log audit event without userId:', {\n        eventType: event.type,\n        organisationId: event.organisationId\n      });\n      return;\n    }\n\n    // WARNING: Some audit events may not have organisationId (e.g., global admin operations)\n    // Log these for security monitoring even if organisationId is missing\n    if (!event.organisationId) {\n      logger.warn('RBAC Audit', 'Audit event without organisation context:', {\n        userId: event.userId,\n        eventType: event.type,\n        note: 'This should be investigated for security compliance'\n      });\n    }\n\n    try {\n      // Since organisationId is now required in SecurityContext, this should rarely happen\n      // But we still handle the edge case properly without masking it\n      if (!event.organisationId) {\n        logger.warn('RBAC Audit', 'Audit event without organisation context - this should be investigated:', {\n          userId: event.userId,\n          eventType: event.type,\n          note: 'Organisation context is required for RBAC operations. This may indicate a security issue or missing context derivation.'\n        });\n      }\n\n      // Validate pageId: only include in page_id column if it's a valid UUID\n      // Otherwise, store it in metadata to avoid database errors\n      const rawPageId = 'pageId' in event ? event.pageId : undefined;\n      const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n      const isValidPageIdUuid = rawPageId && uuidRegex.test(rawPageId);\n      const pageIdUuid: UUID | undefined = isValidPageIdUuid ? (rawPageId as UUID) : undefined;\n      const pageIdName: string | undefined = rawPageId && !isValidPageIdUuid ? rawPageId : undefined;\n\n      const auditEvent: Omit<RBACAuditEvent, 'id' | 'created_at'> = {\n        event_type: event.type,\n        user_id: event.userId,\n        // Store organisationId - nullable to properly track missing context cases\n        // Do NOT use fallback UUID as it masks security issues\n        organisation_id: event.organisationId || null, // Explicitly null if missing\n        event_id: 'eventId' in event ? event.eventId : undefined,\n        app_id: 'appId' in event ? event.appId : undefined,\n        page_id: pageIdUuid, // Only set if it's a valid UUID\n        permission: 'permission' in event ? event.permission : undefined,\n        decision: 'decision' in event ? event.decision : undefined,\n        source: 'source' in event ? event.source : 'api', // Default to 'api' if not provided\n        bypass: 'bypass' in event ? event.bypass : undefined,\n        duration_ms: 'duration_ms' in event ? event.duration_ms : undefined,\n        metadata: {\n          ...event.metadata,\n          cache_hit: 'cache_hit' in event ? event.cache_hit : undefined,\n          cache_source: 'cache_source' in event ? event.cache_source : undefined,\n          // Explicit flag indicating this event had no organisation context\n          no_organisation_context: !event.organisationId,\n          // Store page name/identifier in metadata if it's not a UUID\n          page_name: pageIdName,\n        },\n      };\n\n      const { error } = await (this.supabase as any)\n        .from('rbac_audit_events')\n        .insert([auditEvent]);\n\n      if (error) {\n        // Log the error for debugging\n        logger.warn('RBAC Audit', 'Failed to insert audit event:', {\n          error: error.message,\n          code: error.code,\n          details: error.details,\n          hint: error.hint,\n          event: auditEvent\n        });\n\n        // Use fallback logging if enabled\n        if (this.fallbackEnabled) {\n          this.logFallbackEvent(event, error);\n        }\n      }\n    } catch (error) {\n      // Log unexpected errors\n      logger.error('RBAC Audit', 'Unexpected error during audit logging:', error);\n      \n      // Use fallback logging if enabled\n      if (this.fallbackEnabled) {\n        this.logFallbackEvent(event, error);\n      }\n    }\n  }\n\n  /**\n   * Log event to console as fallback when database logging fails\n   * \n   * @param event - Audit event payload\n   * @param error - The error that occurred\n   */\n  private logFallbackEvent(event: AuditEventPayload, error: any): void {\n    logger.debug('RBAC Audit Fallback', 'Database audit logging failed, using console fallback', {\n      timestamp: new Date().toISOString(),\n      event,\n      error: error?.message || error\n    });\n  }\n\n  /**\n   * Emit a permission check audit event\n   * \n   * @param event - Permission check event data\n   */\n  async emitPermissionCheck(event: Omit<PermissionCheckAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'permission_check',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit a permission denied audit event\n   * \n   * @param event - Permission denied event data\n   */\n  async emitPermissionDenied(event: Omit<PermissionDeniedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'permission_denied',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit a role granted audit event\n   * \n   * @param event - Role granted event data\n   */\n  async emitRoleGranted(event: Omit<RoleGrantedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'role_granted',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit a role revoked audit event\n   * \n   * @param event - Role revoked event data\n   */\n  async emitRoleRevoked(event: Omit<RoleRevokedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'role_denied',\n      ...event,\n    });\n  }\n\n  /**\n   * Emit an RLS denied audit event\n   * \n   * @param event - RLS denied event data\n   */\n  async emitRLSDenied(event: Omit<RLSDeniedAuditEvent, 'type'>): Promise<void> {\n    await this.emitEvent({\n      type: 'rls_denied',\n      ...event,\n    });\n  }\n\n  /**\n   * Get audit events for a user\n   * \n   * @param userId - User ID\n   * @param limit - Maximum number of events to return\n   * @returns Promise resolving to audit events\n   */\n  async getUserAuditEvents(userId: UUID, limit: number = 100): Promise<RBACAuditEvent[]> {\n    const { data, error } = await this.supabase\n      .from('rbac_audit_events')\n      .select('id, event_type, user_id, organisation_id, event_id, app_id, page_id, permission, decision, source, bypass, duration_ms, metadata, created_at')\n      .eq('user_id', userId)\n      .order('created_at', { ascending: false })\n      .limit(limit);\n\n    if (error) {\n      // Detect CORS errors (they typically have null status or specific error codes)\n      const isCorsError = \n        error.message?.toLowerCase().includes('cors') ||\n        error.message?.toLowerCase().includes('cross-origin') ||\n        error.code === null ||\n        (error as any).status === null;\n      \n      if (isCorsError) {\n        const corsError = new Error(\n          `CORS error when querying audit events. This is a Supabase configuration issue. ` +\n          `Please configure CORS in your Supabase Dashboard: Settings → API → CORS. ` +\n          `Add your app's origin (e.g., http://localhost:8087) to the allowed origins list. ` +\n          `Original error: ${error.message || 'CORS request did not succeed'}`\n        );\n        (corsError as any).isCorsError = true;\n        (corsError as any).originalError = error;\n        throw corsError;\n      }\n      \n      throw new Error(`Failed to get audit events: ${error.message}`);\n    }\n\n    return (data || []).map(event => ({\n      ...event,\n      event_type: event.event_type as AuditEventType\n    })) as RBACAuditEvent[];\n  }\n\n  /**\n   * Get audit events for an organisation\n   * \n   * @param organisationId - Organisation ID\n   * @param limit - Maximum number of events to return\n   * @returns Promise resolving to audit events\n   */\n  async getOrganisationAuditEvents(organisationId: UUID, limit: number = 100): Promise<RBACAuditEvent[]> {\n    const { data, error } = await this.supabase\n      .from('rbac_audit_events')\n      .select('id, event_type, user_id, organisation_id, event_id, app_id, page_id, permission, decision, source, bypass, duration_ms, metadata, created_at')\n      .eq('organisation_id', organisationId)\n      .order('created_at', { ascending: false })\n      .limit(limit);\n\n    if (error) {\n      // Detect CORS errors (they typically have null status or specific error codes)\n      const isCorsError = \n        error.message?.toLowerCase().includes('cors') ||\n        error.message?.toLowerCase().includes('cross-origin') ||\n        error.code === null ||\n        (error as any).status === null;\n      \n      if (isCorsError) {\n        const corsError = new Error(\n          `CORS error when querying audit events. This is a Supabase configuration issue. ` +\n          `Please configure CORS in your Supabase Dashboard: Settings → API → CORS. ` +\n          `Add your app's origin (e.g., http://localhost:8087) to the allowed origins list. ` +\n          `Original error: ${error.message || 'CORS request did not succeed'}`\n        );\n        (corsError as any).isCorsError = true;\n        (corsError as any).originalError = error;\n        throw corsError;\n      }\n      \n      throw new Error(`Failed to get audit events: ${error.message}`);\n    }\n\n    return (data || []).map(event => ({\n      ...event,\n      event_type: event.event_type as AuditEventType\n    })) as RBACAuditEvent[];\n  }\n}\n\n/**\n * Create an audit manager instance\n * \n * @param supabase - Supabase client\n * @param useBatching - Whether to use batched audit logging (default: true)\n * @param batchConfig - Optional batch configuration\n * @returns RBACAuditManager instance\n */\nexport function createAuditManager(\n  supabase: SupabaseClient<Database>, \n  useBatching: boolean = true,\n  batchConfig?: { batchWindow?: number; batchSize?: number }\n): RBACAuditManager {\n  return new RBACAuditManager(supabase, useBatching, batchConfig);\n}\n\n/**\n * Global audit manager instance\n * \n * This is set by the RBAC engine when it initializes.\n */\nlet globalAuditManager: RBACAuditManager | null = null;\n\n/**\n * Set the global audit manager\n * \n * @param manager - Audit manager instance\n */\nexport function setGlobalAuditManager(manager: RBACAuditManager): void {\n  globalAuditManager = manager;\n}\n\n/**\n * Get the global audit manager\n * \n * @returns Global audit manager or null if not set\n */\nexport function getGlobalAuditManager(): RBACAuditManager | null {\n  return globalAuditManager;\n}\n\n/**\n * Emit an audit event using the global audit manager\n * \n * @param event - Audit event payload\n */\nexport async function emitAuditEvent(event: AuditEventPayload): Promise<void> {\n  if (globalAuditManager) {\n    await globalAuditManager.emitEvent(event);\n  }\n}\n"],"mappings":";;;;;AAyBA,IAAM,iBAAqC;AAAA,EACzC,SAAS;AAAA,EACT,aAAa;AAAA;AAAA,EACb,WAAW;AAAA;AACb;AAOO,IAAM,sBAAN,MAA0B;AAAA,EAO/B,YAAY,UAAoC,SAAsC,CAAC,GAAG;AAJ1F,SAAQ,aAA+D,CAAC;AACxE,SAAQ,aAAmD;AAC3D,SAAQ,aAAsB;AAG5B,SAAK,WAAW;AAChB,SAAK,SAAS,EAAE,GAAG,gBAAgB,GAAG,OAAO;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA2C;AACtD,SAAK,SAAS,EAAE,GAAG,KAAK,QAAQ,GAAG,OAAO;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,WAAW,OAAyC;AACxD,QAAI,CAAC,KAAK,OAAO,SAAS;AAExB,YAAM,KAAK,qBAAqB,KAAK;AACrC;AAAA,IACF;AAGA,QAAI,eAAe,SAAS,MAAM,cAAc,MAAM;AACpD;AAAA,IACF;AAGA,UAAM,aAAa,KAAK,oBAAoB,KAAK;AACjD,QAAI,CAAC,YAAY;AACf;AAAA,IACF;AAGA,SAAK,WAAW,KAAK,UAAU;AAG/B,QAAI,KAAK,WAAW,UAAU,KAAK,OAAO,WAAW;AACnD,YAAM,KAAK,MAAM;AAAA,IACnB,OAAO;AAEL,WAAK,cAAc;AAAA,IACrB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,oBAAoB,OAA4E;AAEtG,QAAI,CAAC,MAAM,QAAQ;AACjB,aAAO,MAAM,cAAc,4CAA4C;AAAA,QACrE,WAAW,MAAM;AAAA,QACjB,gBAAgB,MAAM;AAAA,MACxB,CAAC;AACD,aAAO;AAAA,IACT;AAGA,UAAM,YAAY,YAAY,QAAQ,MAAM,SAAS;AACrD,UAAM,YAAY;AAClB,UAAM,oBAAoB,aAAa,UAAU,KAAK,SAAS;AAC/D,UAAM,aAA+B,oBAAqB,YAAqB;AAC/E,UAAM,aAAiC,aAAa,CAAC,oBAAoB,YAAY;AAErF,WAAO;AAAA,MACL,YAAY,MAAM;AAAA,MAClB,SAAS,MAAM;AAAA,MACf,iBAAiB,MAAM,kBAAkB;AAAA,MACzC,UAAU,aAAa,QAAQ,MAAM,UAAU;AAAA,MAC/C,QAAQ,WAAW,QAAQ,MAAM,QAAQ;AAAA,MACzC,SAAS;AAAA,MACT,YAAY,gBAAgB,QAAQ,MAAM,aAAa;AAAA,MACvD,UAAU,cAAc,QAAQ,MAAM,WAAW;AAAA,MACjD,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,MAC3C,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,MAC3C,aAAa,iBAAiB,QAAQ,MAAM,cAAc;AAAA,MAC1D,UAAU;AAAA,QACR,GAAG,MAAM;AAAA,QACT,WAAW,eAAe,QAAQ,MAAM,YAAY;AAAA,QACpD,cAAc,kBAAkB,QAAQ,MAAM,eAAe;AAAA,QAC7D,yBAAyB,CAAC,MAAM;AAAA,QAChC,WAAW;AAAA,MACb;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAsB;AAC5B,QAAI,KAAK,YAAY;AACnB;AAAA,IACF;AAEA,SAAK,aAAa,WAAW,MAAM;AACjC,WAAK,aAAa;AAClB,WAAK,MAAM;AAAA,IACb,GAAG,KAAK,OAAO,WAAW;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAuB;AAC3B,QAAI,KAAK,cAAc,KAAK,WAAW,WAAW,GAAG;AACnD;AAAA,IACF;AAGA,QAAI,KAAK,YAAY;AACnB,mBAAa,KAAK,UAAU;AAC5B,WAAK,aAAa;AAAA,IACpB;AAEA,SAAK,aAAa;AAElB,QAAI;AAEF,YAAM,eAAe,CAAC,GAAG,KAAK,UAAU;AACxC,WAAK,aAAa,CAAC;AAEnB,UAAI,aAAa,WAAW,GAAG;AAC7B;AAAA,MACF;AAGA,YAAM,EAAE,MAAM,IAAI,MAAO,KAAK,SAC3B,KAAK,mBAAmB,EACxB,OAAO,YAAY;AAEtB,UAAI,OAAO;AACT,eAAO,KAAK,cAAc,0CAA0C;AAAA,UAClE,OAAO,MAAM;AAAA,UACb,MAAM,MAAM;AAAA,UACZ,WAAW,aAAa;AAAA,QAC1B,CAAC;AAAA,MACH;AAAA,IACF,SAAS,OAAO;AACd,aAAO,MAAM,cAAc,kDAAkD,KAAK;AAAA,IACpF,UAAE;AACA,WAAK,aAAa;AAAA,IACpB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,qBAAqB,OAAyC;AAC1E,UAAM,aAAa,KAAK,oBAAoB,KAAK;AACjD,QAAI,CAAC,YAAY;AACf;AAAA,IACF;AAEA,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAO,KAAK,SAC3B,KAAK,mBAAmB,EACxB,OAAO,CAAC,UAAU,CAAC;AAEtB,UAAI,OAAO;AACT,eAAO,KAAK,cAAc,iCAAiC;AAAA,UACzD,OAAO,MAAM;AAAA,UACb,MAAM,MAAM;AAAA,QACd,CAAC;AAAA,MACH;AAAA,IACF,SAAS,OAAO;AACd,aAAO,MAAM,cAAc,0CAA0C,KAAK;AAAA,IAC5E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAA4B;AAChC,UAAM,KAAK,MAAM;AAAA,EACnB;AACF;;;AC/GO,IAAM,mBAAN,MAAuB;AAAA,EAO5B,YACE,UACA,cAAuB,MACvB,aACA;AATF,SAAQ,UAAmB;AAC3B,SAAQ,kBAA2B;AACnC,SAAQ,iBAA6C;AACrD,SAAQ,cAAuB;AAO7B,SAAK,WAAW;AAChB,SAAK,cAAc;AACnB,QAAI,aAAa;AACf,WAAK,iBAAiB,IAAI,oBAAoB,UAAU,WAAW;AAAA,IACrE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAW,SAAwB;AACjC,SAAK,UAAU;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,YAAqB;AACnB,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,mBAAmB,SAAwB;AACzC,SAAK,kBAAkB;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAU,OAAyC;AACvD,QAAI,CAAC,KAAK,SAAS;AACjB;AAAA,IACF;AAGA,QAAI,eAAe,SAAS,MAAM,cAAc,MAAM;AACpD;AAAA,IACF;AAGA,QAAI,KAAK,eAAe,KAAK,gBAAgB;AAC3C,YAAM,KAAK,eAAe,WAAW,KAAK;AAC1C;AAAA,IACF;AAIA,QAAI,CAAC,MAAM,QAAQ;AACjB,aAAO,MAAM,cAAc,oDAAoD;AAAA,QAC7E,WAAW,MAAM;AAAA,QACjB,gBAAgB,MAAM;AAAA,MACxB,CAAC;AACD;AAAA,IACF;AAIA,QAAI,CAAC,MAAM,gBAAgB;AACzB,aAAO,KAAK,cAAc,6CAA6C;AAAA,QACrE,QAAQ,MAAM;AAAA,QACd,WAAW,MAAM;AAAA,QACjB,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,QAAI;AAGF,UAAI,CAAC,MAAM,gBAAgB;AACzB,eAAO,KAAK,cAAc,2EAA2E;AAAA,UACnG,QAAQ,MAAM;AAAA,UACd,WAAW,MAAM;AAAA,UACjB,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAIA,YAAM,YAAY,YAAY,QAAQ,MAAM,SAAS;AACrD,YAAM,YAAY;AAClB,YAAM,oBAAoB,aAAa,UAAU,KAAK,SAAS;AAC/D,YAAM,aAA+B,oBAAqB,YAAqB;AAC/E,YAAM,aAAiC,aAAa,CAAC,oBAAoB,YAAY;AAErF,YAAM,aAAwD;AAAA,QAC5D,YAAY,MAAM;AAAA,QAClB,SAAS,MAAM;AAAA;AAAA;AAAA,QAGf,iBAAiB,MAAM,kBAAkB;AAAA;AAAA,QACzC,UAAU,aAAa,QAAQ,MAAM,UAAU;AAAA,QAC/C,QAAQ,WAAW,QAAQ,MAAM,QAAQ;AAAA,QACzC,SAAS;AAAA;AAAA,QACT,YAAY,gBAAgB,QAAQ,MAAM,aAAa;AAAA,QACvD,UAAU,cAAc,QAAQ,MAAM,WAAW;AAAA,QACjD,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA;AAAA,QAC3C,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,QAC3C,aAAa,iBAAiB,QAAQ,MAAM,cAAc;AAAA,QAC1D,UAAU;AAAA,UACR,GAAG,MAAM;AAAA,UACT,WAAW,eAAe,QAAQ,MAAM,YAAY;AAAA,UACpD,cAAc,kBAAkB,QAAQ,MAAM,eAAe;AAAA;AAAA,UAE7D,yBAAyB,CAAC,MAAM;AAAA;AAAA,UAEhC,WAAW;AAAA,QACb;AAAA,MACF;AAEA,YAAM,EAAE,MAAM,IAAI,MAAO,KAAK,SAC3B,KAAK,mBAAmB,EACxB,OAAO,CAAC,UAAU,CAAC;AAEtB,UAAI,OAAO;AAET,eAAO,KAAK,cAAc,iCAAiC;AAAA,UACzD,OAAO,MAAM;AAAA,UACb,MAAM,MAAM;AAAA,UACZ,SAAS,MAAM;AAAA,UACf,MAAM,MAAM;AAAA,UACZ,OAAO;AAAA,QACT,CAAC;AAGD,YAAI,KAAK,iBAAiB;AACxB,eAAK,iBAAiB,OAAO,KAAK;AAAA,QACpC;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AAEd,aAAO,MAAM,cAAc,0CAA0C,KAAK;AAG1E,UAAI,KAAK,iBAAiB;AACxB,aAAK,iBAAiB,OAAO,KAAK;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,iBAAiB,OAA0B,OAAkB;AACnE,WAAO,MAAM,uBAAuB,yDAAyD;AAAA,MAC3F,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC;AAAA,MACA,OAAO,OAAO,WAAW;AAAA,IAC3B,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,oBAAoB,OAA+D;AACvF,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,qBAAqB,OAAgE;AACzF,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,gBAAgB,OAA2D;AAC/E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,gBAAgB,OAA2D;AAC/E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,cAAc,OAAyD;AAC3E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,mBAAmB,QAAc,QAAgB,KAAgC;AACrF,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,mBAAmB,EACxB,OAAO,8IAA8I,EACrJ,GAAG,WAAW,MAAM,EACpB,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,KAAK;AAEd,QAAI,OAAO;AAET,YAAM,cACJ,MAAM,SAAS,YAAY,EAAE,SAAS,MAAM,KAC5C,MAAM,SAAS,YAAY,EAAE,SAAS,cAAc,KACpD,MAAM,SAAS,QACd,MAAc,WAAW;AAE5B,UAAI,aAAa;AACf,cAAM,YAAY,IAAI;AAAA,UACpB,sQAGmB,MAAM,WAAW,8BAA8B;AAAA,QACpE;AACA,QAAC,UAAkB,cAAc;AACjC,QAAC,UAAkB,gBAAgB;AACnC,cAAM;AAAA,MACR;AAEA,YAAM,IAAI,MAAM,+BAA+B,MAAM,OAAO,EAAE;AAAA,IAChE;AAEA,YAAQ,QAAQ,CAAC,GAAG,IAAI,YAAU;AAAA,MAChC,GAAG;AAAA,MACH,YAAY,MAAM;AAAA,IACpB,EAAE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,2BAA2B,gBAAsB,QAAgB,KAAgC;AACrG,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,mBAAmB,EACxB,OAAO,8IAA8I,EACrJ,GAAG,mBAAmB,cAAc,EACpC,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,KAAK;AAEd,QAAI,OAAO;AAET,YAAM,cACJ,MAAM,SAAS,YAAY,EAAE,SAAS,MAAM,KAC5C,MAAM,SAAS,YAAY,EAAE,SAAS,cAAc,KACpD,MAAM,SAAS,QACd,MAAc,WAAW;AAE5B,UAAI,aAAa;AACf,cAAM,YAAY,IAAI;AAAA,UACpB,sQAGmB,MAAM,WAAW,8BAA8B;AAAA,QACpE;AACA,QAAC,UAAkB,cAAc;AACjC,QAAC,UAAkB,gBAAgB;AACnC,cAAM;AAAA,MACR;AAEA,YAAM,IAAI,MAAM,+BAA+B,MAAM,OAAO,EAAE;AAAA,IAChE;AAEA,YAAQ,QAAQ,CAAC,GAAG,IAAI,YAAU;AAAA,MAChC,GAAG;AAAA,MACH,YAAY,MAAM;AAAA,IACpB,EAAE;AAAA,EACJ;AACF;AAUO,SAAS,mBACd,UACA,cAAuB,MACvB,aACkB;AAClB,SAAO,IAAI,iBAAiB,UAAU,aAAa,WAAW;AAChE;AAOA,IAAI,qBAA8C;AAO3C,SAAS,sBAAsB,SAAiC;AACrE,uBAAqB;AACvB;AAOO,SAAS,wBAAiD;AAC/D,SAAO;AACT;AAOA,eAAsB,eAAe,OAAyC;AAC5E,MAAI,oBAAoB;AACtB,UAAM,mBAAmB,UAAU,KAAK;AAAA,EAC1C;AACF;","names":[]}