@kya-os/mcp-i-cloudflare 1.5.10-canary.8 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +130 -0
- package/dist/__tests__/e2e/test-config.d.ts +37 -0
- package/dist/__tests__/e2e/test-config.d.ts.map +1 -0
- package/dist/__tests__/e2e/test-config.js +62 -0
- package/dist/__tests__/e2e/test-config.js.map +1 -0
- package/dist/adapter.d.ts +44 -1
- package/dist/adapter.d.ts.map +1 -1
- package/dist/adapter.js +712 -112
- package/dist/adapter.js.map +1 -1
- package/dist/agent.d.ts +103 -25
- package/dist/agent.d.ts.map +1 -1
- package/dist/agent.js +617 -40
- package/dist/agent.js.map +1 -1
- package/dist/app.d.ts +0 -8
- package/dist/app.d.ts.map +1 -1
- package/dist/app.js +277 -119
- package/dist/app.js.map +1 -1
- package/dist/cache/kv-oauth-config-cache.d.ts +47 -0
- package/dist/cache/kv-oauth-config-cache.d.ts.map +1 -0
- package/dist/cache/kv-oauth-config-cache.js +82 -0
- package/dist/cache/kv-oauth-config-cache.js.map +1 -0
- package/dist/cache/kv-tool-protection-cache.d.ts +26 -1
- package/dist/cache/kv-tool-protection-cache.d.ts.map +1 -1
- package/dist/cache/kv-tool-protection-cache.js +19 -11
- package/dist/cache/kv-tool-protection-cache.js.map +1 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +39 -14
- package/dist/config.js.map +1 -1
- package/dist/helpers/env-mapper.d.ts +60 -1
- package/dist/helpers/env-mapper.d.ts.map +1 -1
- package/dist/helpers/env-mapper.js +136 -6
- package/dist/helpers/env-mapper.js.map +1 -1
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +16 -3
- package/dist/index.js.map +1 -1
- package/dist/runtime/audit-logger.d.ts +96 -0
- package/dist/runtime/audit-logger.d.ts.map +1 -0
- package/dist/runtime/audit-logger.js +276 -0
- package/dist/runtime/audit-logger.js.map +1 -0
- package/dist/runtime/oauth-handler.d.ts +5 -0
- package/dist/runtime/oauth-handler.d.ts.map +1 -1
- package/dist/runtime/oauth-handler.js +287 -35
- package/dist/runtime/oauth-handler.js.map +1 -1
- package/dist/runtime.d.ts +12 -1
- package/dist/runtime.d.ts.map +1 -1
- package/dist/runtime.js +34 -4
- package/dist/runtime.js.map +1 -1
- package/dist/server.d.ts +7 -0
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +133 -18
- package/dist/server.js.map +1 -1
- package/dist/services/admin.service.d.ts +1 -3
- package/dist/services/admin.service.d.ts.map +1 -1
- package/dist/services/admin.service.js +175 -146
- package/dist/services/admin.service.js.map +1 -1
- package/dist/services/consent-audit.service.d.ts +91 -0
- package/dist/services/consent-audit.service.d.ts.map +1 -0
- package/dist/services/consent-audit.service.js +243 -0
- package/dist/services/consent-audit.service.js.map +1 -0
- package/dist/services/consent-config.service.d.ts +2 -2
- package/dist/services/consent-config.service.d.ts.map +1 -1
- package/dist/services/consent-config.service.js +55 -28
- package/dist/services/consent-config.service.js.map +1 -1
- package/dist/services/consent-page-renderer.d.ts +14 -0
- package/dist/services/consent-page-renderer.d.ts.map +1 -1
- package/dist/services/consent-page-renderer.js +54 -27
- package/dist/services/consent-page-renderer.js.map +1 -1
- package/dist/services/consent.service.d.ts +93 -8
- package/dist/services/consent.service.d.ts.map +1 -1
- package/dist/services/consent.service.js +1817 -553
- package/dist/services/consent.service.js.map +1 -1
- package/dist/services/delegation.service.d.ts.map +1 -1
- package/dist/services/delegation.service.js +67 -29
- package/dist/services/delegation.service.js.map +1 -1
- package/dist/services/idp-token-storage.d.ts +68 -0
- package/dist/services/idp-token-storage.d.ts.map +1 -0
- package/dist/services/idp-token-storage.js +157 -0
- package/dist/services/idp-token-storage.js.map +1 -0
- package/dist/services/oauth-service.d.ts +66 -0
- package/dist/services/oauth-service.d.ts.map +1 -0
- package/dist/services/oauth-service.js +223 -0
- package/dist/services/oauth-service.js.map +1 -0
- package/dist/services/proof.service.d.ts +8 -6
- package/dist/services/proof.service.d.ts.map +1 -1
- package/dist/services/proof.service.js +131 -75
- package/dist/services/proof.service.js.map +1 -1
- package/dist/services/tool-context-builder.d.ts +55 -0
- package/dist/services/tool-context-builder.d.ts.map +1 -0
- package/dist/services/tool-context-builder.js +124 -0
- package/dist/services/tool-context-builder.js.map +1 -0
- package/dist/types/tool-context.d.ts +35 -0
- package/dist/types/tool-context.d.ts.map +1 -0
- package/dist/types/tool-context.js +13 -0
- package/dist/types/tool-context.js.map +1 -0
- package/dist/types.d.ts +31 -2
- package/dist/types.d.ts.map +1 -1
- package/dist/utils/oauth-service-registry.d.ts +65 -0
- package/dist/utils/oauth-service-registry.d.ts.map +1 -0
- package/dist/utils/oauth-service-registry.js +125 -0
- package/dist/utils/oauth-service-registry.js.map +1 -0
- package/package.json +27 -60
package/dist/index.js
CHANGED
|
@@ -4,6 +4,14 @@
|
|
|
4
4
|
* Cloudflare Workers implementation of MCP-I framework.
|
|
5
5
|
* Provides Web Crypto and KV-based providers for edge runtime.
|
|
6
6
|
*/
|
|
7
|
+
// CRITICAL: Import OAuth service registry FIRST to ensure tree-shaking prevention
|
|
8
|
+
// This must be at the package entry point to guarantee module execution before any other imports
|
|
9
|
+
// This is the root fix for the "OAuth services not available - bundler tree-shaking issue" error
|
|
10
|
+
import { isOAuthServicesAvailable } from "./utils/oauth-service-registry";
|
|
11
|
+
// Force evaluation at module load - belt-and-suspenders approach
|
|
12
|
+
// This ensures the oauth-service-registry module is executed and services are
|
|
13
|
+
// registered on globalThis BEFORE any other code that might need them
|
|
14
|
+
const _indexOAuthRegistryLoaded = isOAuthServicesAvailable();
|
|
7
15
|
import { WELL_KNOWN_CORS_HEADERS, AccessControlApiService, ProofVerifier, } from "@kya-os/mcp-i-core";
|
|
8
16
|
import { WebCryptoProvider } from "./providers/crypto";
|
|
9
17
|
import { KVStorageProvider, KVNonceCacheProvider, WorkersClockProvider, WorkersFetchProvider, WorkersIdentityProvider, } from "./providers/storage";
|
|
@@ -28,15 +36,16 @@ export { CloudflareProofGenerator, } from "./proof-generator";
|
|
|
28
36
|
export { CloudflareRuntime } from "./runtime";
|
|
29
37
|
// Re-export cache implementations
|
|
30
38
|
export { KVToolProtectionCache, } from "./cache/kv-tool-protection-cache";
|
|
39
|
+
export { KVOAuthConfigCache } from "./cache/kv-oauth-config-cache";
|
|
31
40
|
// Re-export OAuth handler utilities
|
|
32
41
|
export { createOAuthCallbackHandler, extractDelegationToken, } from "./runtime/oauth-handler";
|
|
33
42
|
// Re-export MCPICloudflareServer and services
|
|
34
43
|
export { MCPICloudflareServer, } from "./server";
|
|
35
44
|
export { AdminService } from "./services/admin.service";
|
|
36
45
|
// Re-export agent base class and app factory
|
|
37
|
-
export { MCPICloudflareAgent
|
|
46
|
+
export { MCPICloudflareAgent } from "./agent";
|
|
38
47
|
export { createMCPIApp } from "./app";
|
|
39
|
-
export { mapPrefixedEnv } from "./helpers/env-mapper";
|
|
48
|
+
export { mapPrefixedEnv, normalizeCloudflareEnv, detectEnvPrefix, } from "./helpers/env-mapper";
|
|
40
49
|
// Re-export constants
|
|
41
50
|
export * from "./constants";
|
|
42
51
|
// Re-export config utilities
|
|
@@ -77,7 +86,11 @@ export function createCloudflareRuntime(config) {
|
|
|
77
86
|
apiKey: config.env.AGENTSHIELD_API_KEY,
|
|
78
87
|
fetchProvider: fetchProvider,
|
|
79
88
|
logger: (msg, data) => {
|
|
80
|
-
|
|
89
|
+
// Always log errors and validation failures, even in production
|
|
90
|
+
const isError = msg.toLowerCase().includes("error") ||
|
|
91
|
+
msg.toLowerCase().includes("failed") ||
|
|
92
|
+
msg.toLowerCase().includes("validation");
|
|
93
|
+
if (isError || config.environment === "development") {
|
|
81
94
|
console.log(`[AccessControl] ${msg}`, data);
|
|
82
95
|
}
|
|
83
96
|
},
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAGL,uBAAuB,EAEvB,uBAAuB,EACvB,aAAa,GACd,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAI9C,sBAAsB;AACtB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,EACvB,kBAAkB,GACnB,CAAC;AAEF,4BAA4B;AAC5B,OAAO,EACL,cAAc,GAKf,MAAM,4BAA4B,CAAC;AAEpC,qBAAqB;AACrB,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE,oCAAoC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,GAEnB,MAAM,qBAAqB,CAAC;AAE7B,6BAA6B;AAC7B,OAAO,EACL,wBAAwB,GAMzB,MAAM,mBAAmB,CAAC;AAE3B,6DAA6D;AAC7D,OAAO,EAAE,iBAAiB,EAAwB,MAAM,WAAW,CAAC;AAEpE,kCAAkC;AAClC,OAAO,EACL,qBAAqB,GAEtB,MAAM,kCAAkC,CAAC;AAE1C,oCAAoC;AACpC,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,GAOvB,MAAM,yBAAyB,CAAC;AAKjC,8CAA8C;AAC9C,OAAO,EACL,oBAAoB,GAErB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,6CAA6C;AAC7C,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,kFAAkF;AAClF,iGAAiG;AACjG,iGAAiG;AACjG,OAAO,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAE1E,iEAAiE;AACjE,8EAA8E;AAC9E,sEAAsE;AACtE,MAAM,yBAAyB,GAAG,wBAAwB,EAAE,CAAC;AAE7D,OAAO,EAGL,uBAAuB,EAEvB,uBAAuB,EACvB,aAAa,GACd,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAI9C,sBAAsB;AACtB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,EACvB,kBAAkB,GACnB,CAAC;AAEF,4BAA4B;AAC5B,OAAO,EACL,cAAc,GAKf,MAAM,4BAA4B,CAAC;AAEpC,qBAAqB;AACrB,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE,oCAAoC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,GAEnB,MAAM,qBAAqB,CAAC;AAE7B,6BAA6B;AAC7B,OAAO,EACL,wBAAwB,GAMzB,MAAM,mBAAmB,CAAC;AAE3B,6DAA6D;AAC7D,OAAO,EAAE,iBAAiB,EAAwB,MAAM,WAAW,CAAC;AAEpE,kCAAkC;AAClC,OAAO,EACL,qBAAqB,GAEtB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,oCAAoC;AACpC,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,GAOvB,MAAM,yBAAyB,CAAC;AAKjC,8CAA8C;AAC9C,OAAO,EACL,oBAAoB,GAErB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,6CAA6C;AAC7C,OAAO,EAAE,mBAAmB,EAA8B,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,aAAa,EAA6B,MAAM,OAAO,CAAC;AACjE,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,eAAe,GAChB,MAAM,sBAAsB,CAAC;AAE9B,sBAAsB;AACtB,cAAc,aAAa,CAAC;AAE5B,6BAA6B;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAwBxC;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,MAA4B;IAE5B,MAAM,cAAc,GAAG,IAAI,iBAAiB,EAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAI,oBAAoB,EAAE,CAAC;IACjD,MAAM,aAAa,GAAG,IAAI,oBAAoB,EAAE,CAAC;IACjD,MAAM,eAAe,GAAG,IAAI,iBAAiB,CAC3C,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,CAAQ,CAC/D,CAAC;IACF,MAAM,kBAAkB,GAAG,IAAI,oBAAoB,CACjD,MAAM,CAAC,GAAG,CAAC,WAAkB,CAC9B,CAAC;IAEF,uDAAuD;IACvD,MAAM,oBAAoB,GAAG,IAAI,uBAAuB,CACtD,MAAM,CAAC,GAAG,EACV,cAAc,EACd,MAAM,CAAC,GAAG,CAAC,mBAA0B,CAAC,yCAAyC;KAChF,CAAC;IAEF,uEAAuE;IACvE,uEAAuE;IACvE,MAAM,gBAAgB,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB;QAClD,CAAC,CAAC,IAAI,kBAAkB,CACpB,MAAM,CAAC,GAAG,CAAC,gBAAuB,EAClC,oBAAoB,EACpB,cAAc,CACf;QACH,CAAC,CAAC,oBAAoB,CAAC;IAEzB,4BAA4B;IAC5B,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC;QACtC,cAAc;QACd,aAAa;QACb,kBAAkB;QAClB,aAAa;QACb,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,GAAG;KACzD,CAAC,CAAC;IAEH,8DAA8D;IAC9D,IAAI,oBAAyD,CAAC;IAC9D,IAAI,MAAM,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC;QACnC,oBAAoB,GAAG,IAAI,uBAAuB,CAAC;YACjD,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,mBAAmB,IAAI,wBAAwB;YACnE,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,mBAAmB;YACtC,aAAa,EAAE,aAAa;YAC5B,MAAM,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;gBACpB,gEAAgE;gBAChE,MAAM,OAAO,GACX,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC;oBACnC,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACpC,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;gBAE3C,IAAI,OAAO,IAAI,MAAM,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;oBACpD,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,EAAE,EAAE,IAAI,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,aAAa,GAA0B;QAC3C,cAAc;QACd,aAAa;QACb,aAAa;QACb,eAAe;QACf,kBAAkB;QAClB,gBAAgB;QAChB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,YAAY;QAC/C,OAAO,EAAE;YACP,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,GAAG;YACxD,UAAU,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE;SAC3C;QACD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,qBAAqB,EAAE,MAAM,CAAC,qBAAqB;KACpD,CAAC;IAEF,0DAA0D;IAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;IAE5C,uEAAuE;IACvE,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC;IAE9C,MAAM,OAAO,GAAG,IAAI,iBAAiB,CACnC,aAAa,EACb,SAAS,EACT,gBAAgB,CACjB,CAAC;IAEF,+BAA+B;IAC/B,IAAI,oBAAoB,EAAE,CAAC;QACzB,OAAO,CAAC,uBAAuB,CAAC,oBAAoB,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAExC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAA4B;IAC5D,MAAM,OAAO,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAEhD,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,OAAgB;YAC1B,sCAAsC;YACtC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBACzB,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;YAC7B,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAEjC,8BAA8B;YAC9B,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;gBACjD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAE3C,IAAI,MAAM,EAAE,CAAC;oBACX,gEAAgE;oBAChE,IAAI,QAAQ,IAAI,MAAM,IAAI,SAAS,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,CAAC;wBAClE,OAAO,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE;4BAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;4BACrB,OAAO,EAAE;gCACP,GAAG,MAAM,CAAC,OAAO;gCACjB,GAAG,uBAAuB;6BAC3B;yBACF,CAAC,CAAC;oBACL,CAAC;oBACD,uDAAuD;oBACvD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE;wBAC1C,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE;4BACP,cAAc,EAAE,kBAAkB;4BAClC,GAAG,uBAAuB;yBAC3B;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,sBAAsB;YACtB,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC9B,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAQ,CAAC;oBAE3C,mBAAmB;oBACnB,IAAI,IAAI,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;wBAChC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;wBAC1D,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE;4BAC1C,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;yBAChD,CAAC,CAAC;oBACL,CAAC;oBAED,oBAAoB;oBACpB,IAAI,IAAI,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;wBACjC,2CAA2C;wBAC3C,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;4BACb,MAAM,EAAE,mBAAmB;yBAC5B,CAAC,EACF;4BACE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;yBAChD,CACF,CAAC;oBACJ,CAAC;oBAED,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;wBACb,KAAK,EAAE,gBAAgB;qBACxB,CAAC,EACF;wBACE,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;qBAChD,CACF,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAU,EAAE,CAAC;oBACpB,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;wBACb,KAAK,EAAE,KAAK,CAAC,OAAO,IAAI,gBAAgB;qBACzC,CAAC,EACF;wBACE,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;qBAChD,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,OAAO,IAAI,QAAQ,CAAC,oBAAoB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC7D,CAAC;KACF,CAAC;AACJ,CAAC;AAED,mDAAmD;AACnD,OAAO,EACL,2BAA2B,GAG5B,MAAM,WAAW,CAAC;AAEnB,2CAA2C;AAC3C,cAAc,UAAU,CAAC"}
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cloudflare Audit Logger
|
|
3
|
+
*
|
|
4
|
+
* Cloudflare Workers-compatible implementation of IAuditLogger using Web Crypto API.
|
|
5
|
+
* This implementation uses Web Crypto API instead of Node.js crypto for compatibility
|
|
6
|
+
* with Cloudflare Workers environment.
|
|
7
|
+
*/
|
|
8
|
+
import type { AuditContext, AuditEventContext } from "@kya-os/contracts/audit";
|
|
9
|
+
import type { IAuditLogger } from "@kya-os/mcp-i-core/runtime/audit-logger";
|
|
10
|
+
/**
|
|
11
|
+
* Audit log rotation strategy
|
|
12
|
+
*/
|
|
13
|
+
type AuditRotationStrategy = "size" | "time" | "count" | "custom";
|
|
14
|
+
/**
|
|
15
|
+
* Audit rotation context passed to hooks
|
|
16
|
+
*/
|
|
17
|
+
interface AuditRotationContext {
|
|
18
|
+
strategy: AuditRotationStrategy;
|
|
19
|
+
trigger: string;
|
|
20
|
+
recordsLogged: number;
|
|
21
|
+
timestamp: number;
|
|
22
|
+
}
|
|
23
|
+
/**
|
|
24
|
+
* Audit rotation hooks
|
|
25
|
+
*/
|
|
26
|
+
interface AuditRotationHooks {
|
|
27
|
+
onRotation?: (context: AuditRotationContext) => Promise<void>;
|
|
28
|
+
onSizeLimit?: (sizeBytes: number, limit: number) => Promise<void>;
|
|
29
|
+
onTimeBased?: (interval: string) => Promise<void>;
|
|
30
|
+
onCountThreshold?: (count: number, threshold: number) => Promise<void>;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Audit logging configuration
|
|
34
|
+
*/
|
|
35
|
+
interface AuditConfig {
|
|
36
|
+
enabled?: boolean;
|
|
37
|
+
logFunction?: (record: string) => void;
|
|
38
|
+
includePayloads?: boolean;
|
|
39
|
+
rotation?: {
|
|
40
|
+
strategy?: AuditRotationStrategy;
|
|
41
|
+
sizeLimit?: number;
|
|
42
|
+
timeInterval?: number;
|
|
43
|
+
countThreshold?: number;
|
|
44
|
+
hooks?: AuditRotationHooks;
|
|
45
|
+
};
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Cloudflare-compatible audit logger implementation
|
|
49
|
+
*
|
|
50
|
+
* Uses Web Crypto API for cryptographic operations instead of Node.js crypto.
|
|
51
|
+
* Implements the same audit.v1 format and rotation logic as the Node.js version.
|
|
52
|
+
*/
|
|
53
|
+
export declare class CloudflareAuditLogger implements IAuditLogger {
|
|
54
|
+
private config;
|
|
55
|
+
private sessionAuditLog;
|
|
56
|
+
private totalRecordsLogged;
|
|
57
|
+
private currentLogSize;
|
|
58
|
+
private lastRotationTime;
|
|
59
|
+
private destroyed;
|
|
60
|
+
constructor(config?: AuditConfig);
|
|
61
|
+
/**
|
|
62
|
+
* Log an audit record (with session deduplication)
|
|
63
|
+
*/
|
|
64
|
+
logAuditRecord(context: AuditContext): Promise<void>;
|
|
65
|
+
/**
|
|
66
|
+
* Log an event (without session deduplication)
|
|
67
|
+
*/
|
|
68
|
+
logEvent(context: AuditEventContext): Promise<void>;
|
|
69
|
+
/**
|
|
70
|
+
* Generate deterministic hash for event using Web Crypto API
|
|
71
|
+
*/
|
|
72
|
+
private hashEvent;
|
|
73
|
+
/**
|
|
74
|
+
* Generate random hex string using Web Crypto API
|
|
75
|
+
*/
|
|
76
|
+
private generateRandomHex;
|
|
77
|
+
/**
|
|
78
|
+
* Format audit record as frozen audit line
|
|
79
|
+
* Format: audit.v1 ts=<unix> session=<id> audience=<host> did=<did> kid=<kid> reqHash=<sha256:..> resHash=<sha256:..> verified=yes|no scope=<scopeId|->
|
|
80
|
+
*/
|
|
81
|
+
private formatAuditLine;
|
|
82
|
+
/**
|
|
83
|
+
* Check if rotation is needed and trigger if necessary (event-driven)
|
|
84
|
+
*/
|
|
85
|
+
private checkRotation;
|
|
86
|
+
/**
|
|
87
|
+
* Rotate audit log now (manually triggered)
|
|
88
|
+
*/
|
|
89
|
+
rotateNow(trigger?: string): Promise<void>;
|
|
90
|
+
/**
|
|
91
|
+
* Destroy the logger (cleanup)
|
|
92
|
+
*/
|
|
93
|
+
destroy(): void;
|
|
94
|
+
}
|
|
95
|
+
export {};
|
|
96
|
+
//# sourceMappingURL=audit-logger.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-logger.d.ts","sourceRoot":"","sources":["../../src/runtime/audit-logger.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,iBAAiB,EAElB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yCAAyC,CAAC;AAE5E;;GAEG;AACH,KAAK,qBAAqB,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;AAElE;;GAEG;AACH,UAAU,oBAAoB;IAC5B,QAAQ,EAAE,qBAAqB,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,UAAU,kBAAkB;IAC1B,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9D,WAAW,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,WAAW,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACxE;AAED;;GAEG;AACH,UAAU,WAAW;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,EAAE;QACT,QAAQ,CAAC,EAAE,qBAAqB,CAAC;QACjC,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,KAAK,CAAC,EAAE,kBAAkB,CAAC;KAC5B,CAAC;CACH;AAwCD;;;;;GAKG;AACH,qBAAa,qBAAsB,YAAW,YAAY;IACxD,OAAO,CAAC,MAAM,CAAwB;IACtC,OAAO,CAAC,eAAe,CAAqB;IAC5C,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,cAAc,CAAK;IAC3B,OAAO,CAAC,gBAAgB,CAAc;IACtC,OAAO,CAAC,SAAS,CAAS;gBAEd,MAAM,GAAE,WAAgB;IAiBpC;;OAEG;IACG,cAAc,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAuD1D;;OAEG;IACG,QAAQ,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAoDzD;;OAEG;YACW,SAAS;IAoBvB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAOzB;;;OAGG;IACH,OAAO,CAAC,eAAe;IAiBvB;;OAEG;YACW,aAAa;IA+C3B;;OAEG;IACG,SAAS,CAAC,OAAO,GAAE,MAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAqB1D;;OAEG;IACH,OAAO,IAAI,IAAI;CAIhB"}
|
|
@@ -0,0 +1,276 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cloudflare Audit Logger
|
|
3
|
+
*
|
|
4
|
+
* Cloudflare Workers-compatible implementation of IAuditLogger using Web Crypto API.
|
|
5
|
+
* This implementation uses Web Crypto API instead of Node.js crypto for compatibility
|
|
6
|
+
* with Cloudflare Workers environment.
|
|
7
|
+
*/
|
|
8
|
+
/**
|
|
9
|
+
* Format milliseconds into human-readable interval string
|
|
10
|
+
*/
|
|
11
|
+
function formatTimeInterval(ms) {
|
|
12
|
+
if (ms === undefined || ms === null)
|
|
13
|
+
return "unknown";
|
|
14
|
+
if (ms === 0)
|
|
15
|
+
return "0ms";
|
|
16
|
+
const TIME_INTERVALS = {
|
|
17
|
+
SECOND: 1000,
|
|
18
|
+
MINUTE: 60 * 1000,
|
|
19
|
+
HOUR: 60 * 60 * 1000,
|
|
20
|
+
DAY: 24 * 60 * 60 * 1000,
|
|
21
|
+
WEEK: 7 * 24 * 60 * 60 * 1000,
|
|
22
|
+
};
|
|
23
|
+
if (ms % TIME_INTERVALS.WEEK === 0) {
|
|
24
|
+
const weeks = ms / TIME_INTERVALS.WEEK;
|
|
25
|
+
return weeks === 1 ? "weekly" : `${weeks}-weekly`;
|
|
26
|
+
}
|
|
27
|
+
if (ms % TIME_INTERVALS.DAY === 0) {
|
|
28
|
+
const days = ms / TIME_INTERVALS.DAY;
|
|
29
|
+
return days === 1 ? "daily" : `${days}-daily`;
|
|
30
|
+
}
|
|
31
|
+
if (ms % TIME_INTERVALS.HOUR === 0) {
|
|
32
|
+
const hours = ms / TIME_INTERVALS.HOUR;
|
|
33
|
+
return hours === 1 ? "hourly" : `${hours}-hourly`;
|
|
34
|
+
}
|
|
35
|
+
if (ms % TIME_INTERVALS.MINUTE === 0) {
|
|
36
|
+
const minutes = ms / TIME_INTERVALS.MINUTE;
|
|
37
|
+
return minutes === 1 ? "minutely" : `${minutes}-minutely`;
|
|
38
|
+
}
|
|
39
|
+
if (ms % TIME_INTERVALS.SECOND === 0) {
|
|
40
|
+
const seconds = ms / TIME_INTERVALS.SECOND;
|
|
41
|
+
return seconds === 1 ? "every-second" : `${seconds}-secondly`;
|
|
42
|
+
}
|
|
43
|
+
return `${ms}ms`;
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Cloudflare-compatible audit logger implementation
|
|
47
|
+
*
|
|
48
|
+
* Uses Web Crypto API for cryptographic operations instead of Node.js crypto.
|
|
49
|
+
* Implements the same audit.v1 format and rotation logic as the Node.js version.
|
|
50
|
+
*/
|
|
51
|
+
export class CloudflareAuditLogger {
|
|
52
|
+
config;
|
|
53
|
+
sessionAuditLog = new Set(); // Track first call per session
|
|
54
|
+
totalRecordsLogged = 0; // Total records logged (for count rotation)
|
|
55
|
+
currentLogSize = 0; // Current log size in bytes (for size rotation)
|
|
56
|
+
lastRotationTime = Date.now(); // Last rotation timestamp (for time rotation)
|
|
57
|
+
destroyed = false; // Track if logger has been destroyed
|
|
58
|
+
constructor(config = {}) {
|
|
59
|
+
const rotationConfig = config.rotation
|
|
60
|
+
? {
|
|
61
|
+
strategy: "custom",
|
|
62
|
+
...config.rotation,
|
|
63
|
+
}
|
|
64
|
+
: undefined;
|
|
65
|
+
this.config = {
|
|
66
|
+
enabled: true,
|
|
67
|
+
logFunction: console.log,
|
|
68
|
+
includePayloads: false,
|
|
69
|
+
...config,
|
|
70
|
+
rotation: rotationConfig,
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Log an audit record (with session deduplication)
|
|
75
|
+
*/
|
|
76
|
+
async logAuditRecord(context) {
|
|
77
|
+
if (this.destroyed) {
|
|
78
|
+
throw new Error("CloudflareAuditLogger has been destroyed");
|
|
79
|
+
}
|
|
80
|
+
if (!this.config.enabled) {
|
|
81
|
+
return;
|
|
82
|
+
}
|
|
83
|
+
// Check if this is the first call for this session
|
|
84
|
+
const sessionKey = `${context.session.sessionId}:${context.session.audience}`;
|
|
85
|
+
if (this.sessionAuditLog.has(sessionKey)) {
|
|
86
|
+
return; // Already logged for this session
|
|
87
|
+
}
|
|
88
|
+
// Mark session as logged
|
|
89
|
+
this.sessionAuditLog.add(sessionKey);
|
|
90
|
+
// Create audit record
|
|
91
|
+
// Extract kid from identity (may be kid, keyId, or derived from did)
|
|
92
|
+
const kid = context.identity.kid ||
|
|
93
|
+
context.identity.keyId ||
|
|
94
|
+
context.identity.did.split(":").pop() ||
|
|
95
|
+
"unknown";
|
|
96
|
+
const auditRecord = {
|
|
97
|
+
version: "audit.v1",
|
|
98
|
+
ts: Math.floor(Date.now() / 1000),
|
|
99
|
+
session: context.session.sessionId,
|
|
100
|
+
audience: context.session.audience,
|
|
101
|
+
did: context.identity.did,
|
|
102
|
+
kid,
|
|
103
|
+
reqHash: context.requestHash,
|
|
104
|
+
resHash: context.responseHash,
|
|
105
|
+
verified: context.verified,
|
|
106
|
+
scope: context.scopeId || "-",
|
|
107
|
+
};
|
|
108
|
+
// Format as frozen audit line
|
|
109
|
+
const auditLine = this.formatAuditLine(auditRecord);
|
|
110
|
+
// Track size in bytes (UTF-8) - using TextEncoder instead of Buffer
|
|
111
|
+
const encoder = new TextEncoder();
|
|
112
|
+
const sizeBytes = encoder.encode(auditLine).length;
|
|
113
|
+
this.currentLogSize += sizeBytes;
|
|
114
|
+
this.totalRecordsLogged++;
|
|
115
|
+
// Emit audit record
|
|
116
|
+
this.config.logFunction(auditLine);
|
|
117
|
+
// Check if rotation is needed (event-driven)
|
|
118
|
+
await this.checkRotation();
|
|
119
|
+
}
|
|
120
|
+
/**
|
|
121
|
+
* Log an event (without session deduplication)
|
|
122
|
+
*/
|
|
123
|
+
async logEvent(context) {
|
|
124
|
+
if (this.destroyed) {
|
|
125
|
+
throw new Error("CloudflareAuditLogger has been destroyed");
|
|
126
|
+
}
|
|
127
|
+
if (!this.config.enabled) {
|
|
128
|
+
return;
|
|
129
|
+
}
|
|
130
|
+
// Generate event hash using Web Crypto API
|
|
131
|
+
const eventHash = await this.hashEvent(context.eventType, context.eventData);
|
|
132
|
+
// Create audit record (same format as regular audit logs)
|
|
133
|
+
// Extract kid from identity (may be kid, keyId, or derived from did)
|
|
134
|
+
const kid = context.identity.kid ||
|
|
135
|
+
context.identity.keyId ||
|
|
136
|
+
context.identity.did.split(":").pop() ||
|
|
137
|
+
"unknown";
|
|
138
|
+
const auditRecord = {
|
|
139
|
+
version: "audit.v1",
|
|
140
|
+
ts: Math.floor(Date.now() / 1000),
|
|
141
|
+
session: context.session.sessionId,
|
|
142
|
+
audience: context.session.audience,
|
|
143
|
+
did: context.identity.did,
|
|
144
|
+
kid,
|
|
145
|
+
reqHash: `sha256:${eventHash}`,
|
|
146
|
+
resHash: `sha256:${eventHash}`, // Same hash for events
|
|
147
|
+
verified: "yes",
|
|
148
|
+
scope: context.eventType, // Use eventType as scope
|
|
149
|
+
};
|
|
150
|
+
// Format and log (NO session deduplication check)
|
|
151
|
+
const auditLine = this.formatAuditLine(auditRecord);
|
|
152
|
+
// Track size and count
|
|
153
|
+
const encoder = new TextEncoder();
|
|
154
|
+
const sizeBytes = encoder.encode(auditLine).length;
|
|
155
|
+
this.currentLogSize += sizeBytes;
|
|
156
|
+
this.totalRecordsLogged++;
|
|
157
|
+
// Emit audit record
|
|
158
|
+
this.config.logFunction(auditLine);
|
|
159
|
+
// Check rotation
|
|
160
|
+
await this.checkRotation();
|
|
161
|
+
}
|
|
162
|
+
/**
|
|
163
|
+
* Generate deterministic hash for event using Web Crypto API
|
|
164
|
+
*/
|
|
165
|
+
async hashEvent(type, data) {
|
|
166
|
+
const content = JSON.stringify({
|
|
167
|
+
type,
|
|
168
|
+
data,
|
|
169
|
+
ts: Date.now(),
|
|
170
|
+
nonce: this.generateRandomHex(16),
|
|
171
|
+
});
|
|
172
|
+
// Use Web Crypto API for SHA-256 hashing
|
|
173
|
+
const encoder = new TextEncoder();
|
|
174
|
+
const dataBuffer = encoder.encode(content);
|
|
175
|
+
const hashBuffer = await crypto.subtle.digest("SHA-256", dataBuffer);
|
|
176
|
+
const hashArray = Array.from(new Uint8Array(hashBuffer));
|
|
177
|
+
const hashHex = hashArray
|
|
178
|
+
.map((b) => b.toString(16).padStart(2, "0"))
|
|
179
|
+
.join("");
|
|
180
|
+
return hashHex;
|
|
181
|
+
}
|
|
182
|
+
/**
|
|
183
|
+
* Generate random hex string using Web Crypto API
|
|
184
|
+
*/
|
|
185
|
+
generateRandomHex(length) {
|
|
186
|
+
const randomBytes = crypto.getRandomValues(new Uint8Array(length));
|
|
187
|
+
return Array.from(randomBytes)
|
|
188
|
+
.map((b) => b.toString(16).padStart(2, "0"))
|
|
189
|
+
.join("");
|
|
190
|
+
}
|
|
191
|
+
/**
|
|
192
|
+
* Format audit record as frozen audit line
|
|
193
|
+
* Format: audit.v1 ts=<unix> session=<id> audience=<host> did=<did> kid=<kid> reqHash=<sha256:..> resHash=<sha256:..> verified=yes|no scope=<scopeId|->
|
|
194
|
+
*/
|
|
195
|
+
formatAuditLine(record) {
|
|
196
|
+
const fields = [
|
|
197
|
+
`${record.version}`,
|
|
198
|
+
`ts=${record.ts}`,
|
|
199
|
+
`session=${record.session}`,
|
|
200
|
+
`audience=${record.audience}`,
|
|
201
|
+
`did=${record.did}`,
|
|
202
|
+
`kid=${record.kid}`,
|
|
203
|
+
`reqHash=${record.reqHash}`,
|
|
204
|
+
`resHash=${record.resHash}`,
|
|
205
|
+
`verified=${record.verified}`,
|
|
206
|
+
`scope=${record.scope}`,
|
|
207
|
+
];
|
|
208
|
+
return fields.join(" ");
|
|
209
|
+
}
|
|
210
|
+
/**
|
|
211
|
+
* Check if rotation is needed and trigger if necessary (event-driven)
|
|
212
|
+
*/
|
|
213
|
+
async checkRotation() {
|
|
214
|
+
if (!this.config.rotation) {
|
|
215
|
+
return;
|
|
216
|
+
}
|
|
217
|
+
const { strategy, sizeLimit, timeInterval, countThreshold, hooks } = this.config.rotation;
|
|
218
|
+
let shouldRotate = false;
|
|
219
|
+
let trigger = "";
|
|
220
|
+
// Size-based rotation
|
|
221
|
+
if (strategy === "size" && sizeLimit && this.currentLogSize >= sizeLimit) {
|
|
222
|
+
shouldRotate = true;
|
|
223
|
+
trigger = "size-limit";
|
|
224
|
+
await hooks?.onSizeLimit?.(this.currentLogSize, sizeLimit);
|
|
225
|
+
}
|
|
226
|
+
// Time-based rotation (event-driven, not timer-based)
|
|
227
|
+
if (strategy === "time" &&
|
|
228
|
+
timeInterval &&
|
|
229
|
+
Date.now() - this.lastRotationTime >= timeInterval) {
|
|
230
|
+
shouldRotate = true;
|
|
231
|
+
trigger = "time-interval";
|
|
232
|
+
const interval = formatTimeInterval(timeInterval);
|
|
233
|
+
await hooks?.onTimeBased?.(interval);
|
|
234
|
+
}
|
|
235
|
+
// Count-based rotation
|
|
236
|
+
if (strategy === "count" &&
|
|
237
|
+
countThreshold &&
|
|
238
|
+
this.totalRecordsLogged >= countThreshold) {
|
|
239
|
+
shouldRotate = true;
|
|
240
|
+
trigger = "count-threshold";
|
|
241
|
+
await hooks?.onCountThreshold?.(this.totalRecordsLogged, countThreshold);
|
|
242
|
+
}
|
|
243
|
+
// Trigger rotation if needed
|
|
244
|
+
if (shouldRotate) {
|
|
245
|
+
await this.rotateNow(trigger);
|
|
246
|
+
}
|
|
247
|
+
}
|
|
248
|
+
/**
|
|
249
|
+
* Rotate audit log now (manually triggered)
|
|
250
|
+
*/
|
|
251
|
+
async rotateNow(trigger = "manual") {
|
|
252
|
+
if (!this.config.rotation?.hooks?.onRotation) {
|
|
253
|
+
return;
|
|
254
|
+
}
|
|
255
|
+
const context = {
|
|
256
|
+
strategy: this.config.rotation.strategy || "custom",
|
|
257
|
+
trigger,
|
|
258
|
+
recordsLogged: this.totalRecordsLogged,
|
|
259
|
+
timestamp: Date.now(),
|
|
260
|
+
};
|
|
261
|
+
// Call rotation hook
|
|
262
|
+
await this.config.rotation.hooks.onRotation(context);
|
|
263
|
+
// Reset rotation counters
|
|
264
|
+
this.currentLogSize = 0;
|
|
265
|
+
this.lastRotationTime = Date.now();
|
|
266
|
+
this.totalRecordsLogged = 0;
|
|
267
|
+
}
|
|
268
|
+
/**
|
|
269
|
+
* Destroy the logger (cleanup)
|
|
270
|
+
*/
|
|
271
|
+
destroy() {
|
|
272
|
+
this.destroyed = true;
|
|
273
|
+
this.sessionAuditLog.clear();
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
//# sourceMappingURL=audit-logger.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-logger.js","sourceRoot":"","sources":["../../src/runtime/audit-logger.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkDH;;GAEG;AACH,SAAS,kBAAkB,CAAC,EAAsB;IAChD,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,IAAI;QAAE,OAAO,SAAS,CAAC;IACtD,IAAI,EAAE,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAE3B,MAAM,cAAc,GAAG;QACrB,MAAM,EAAE,IAAI;QACZ,MAAM,EAAE,EAAE,GAAG,IAAI;QACjB,IAAI,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;QACpB,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;QACxB,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;KACrB,CAAC;IAEX,IAAI,EAAE,GAAG,cAAc,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,KAAK,GAAG,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC;QACvC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC;IACpD,CAAC;IACD,IAAI,EAAE,GAAG,cAAc,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,EAAE,GAAG,cAAc,CAAC,GAAG,CAAC;QACrC,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,QAAQ,CAAC;IAChD,CAAC;IACD,IAAI,EAAE,GAAG,cAAc,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,KAAK,GAAG,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC;QACvC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC;IACpD,CAAC;IACD,IAAI,EAAE,GAAG,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,OAAO,GAAG,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC;QAC3C,OAAO,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,OAAO,WAAW,CAAC;IAC5D,CAAC;IACD,IAAI,EAAE,GAAG,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,OAAO,GAAG,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC;QAC3C,OAAO,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,OAAO,WAAW,CAAC;IAChE,CAAC;IACD,OAAO,GAAG,EAAE,IAAI,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,qBAAqB;IACxB,MAAM,CAAwB;IAC9B,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC,CAAC,+BAA+B;IACpE,kBAAkB,GAAG,CAAC,CAAC,CAAC,4CAA4C;IACpE,cAAc,GAAG,CAAC,CAAC,CAAC,gDAAgD;IACpE,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,8CAA8C;IAC7E,SAAS,GAAG,KAAK,CAAC,CAAC,qCAAqC;IAEhE,YAAY,SAAsB,EAAE;QAClC,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ;YACpC,CAAC,CAAC;gBACE,QAAQ,EAAE,QAAiC;gBAC3C,GAAG,MAAM,CAAC,QAAQ;aACnB;YACH,CAAC,CAAC,SAAS,CAAC;QAEd,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,OAAO,CAAC,GAAG;YACxB,eAAe,EAAE,KAAK;YACtB,GAAG,MAAM;YACT,QAAQ,EAAE,cAAc;SACA,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,OAAqB;QACxC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;QACT,CAAC;QAED,mDAAmD;QACnD,MAAM,UAAU,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC9E,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACzC,OAAO,CAAC,kCAAkC;QAC5C,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAErC,sBAAsB;QACtB,qEAAqE;QACrE,MAAM,GAAG,GACN,OAAO,CAAC,QAAgB,CAAC,GAAG;YAC5B,OAAO,CAAC,QAAgB,CAAC,KAAK;YAC/B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE;YACrC,SAAS,CAAC;QAEZ,MAAM,WAAW,GAAgB;YAC/B,OAAO,EAAE,UAAU;YACnB,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACjC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS;YAClC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ;YAClC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG;YACzB,GAAG;YACH,OAAO,EAAE,OAAO,CAAC,WAAW;YAC5B,OAAO,EAAE,OAAO,CAAC,YAAY;YAC7B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,KAAK,EAAE,OAAO,CAAC,OAAO,IAAI,GAAG;SAC9B,CAAC;QAEF,8BAA8B;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAEpD,oEAAoE;QACpE,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC;QACnD,IAAI,CAAC,cAAc,IAAI,SAAS,CAAC;QACjC,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE1B,oBAAoB;QACpB,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAEnC,6CAA6C;QAC7C,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,OAA0B;QACvC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;QACT,CAAC;QAED,2CAA2C;QAC3C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CACpC,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,SAAS,CAClB,CAAC;QAEF,0DAA0D;QAC1D,qEAAqE;QACrE,MAAM,GAAG,GACN,OAAO,CAAC,QAAgB,CAAC,GAAG;YAC5B,OAAO,CAAC,QAAgB,CAAC,KAAK;YAC/B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE;YACrC,SAAS,CAAC;QAEZ,MAAM,WAAW,GAAgB;YAC/B,OAAO,EAAE,UAAU;YACnB,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACjC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS;YAClC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ;YAClC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG;YACzB,GAAG;YACH,OAAO,EAAE,UAAU,SAAS,EAAE;YAC9B,OAAO,EAAE,UAAU,SAAS,EAAE,EAAE,uBAAuB;YACvD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,OAAO,CAAC,SAAS,EAAE,yBAAyB;SACpD,CAAC;QAEF,kDAAkD;QAClD,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAEpD,uBAAuB;QACvB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC;QACnD,IAAI,CAAC,cAAc,IAAI,SAAS,CAAC;QACjC,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE1B,oBAAoB;QACpB,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAEnC,iBAAiB;QACjB,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,SAAS,CAAC,IAAY,EAAE,IAAU;QAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;YAC7B,IAAI;YACJ,IAAI;YACJ,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;YACd,KAAK,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;SAClC,CAAC,CAAC;QAEH,yCAAyC;QACzC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,SAAS;aACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;QAEZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,MAAc;QACtC,MAAM,WAAW,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QACnE,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;aAC3B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;IACd,CAAC;IAED;;;OAGG;IACK,eAAe,CAAC,MAAmB;QACzC,MAAM,MAAM,GAAG;YACb,GAAG,MAAM,CAAC,OAAO,EAAE;YACnB,MAAM,MAAM,CAAC,EAAE,EAAE;YACjB,WAAW,MAAM,CAAC,OAAO,EAAE;YAC3B,YAAY,MAAM,CAAC,QAAQ,EAAE;YAC7B,OAAO,MAAM,CAAC,GAAG,EAAE;YACnB,OAAO,MAAM,CAAC,GAAG,EAAE;YACnB,WAAW,MAAM,CAAC,OAAO,EAAE;YAC3B,WAAW,MAAM,CAAC,OAAO,EAAE;YAC3B,YAAY,MAAM,CAAC,QAAQ,EAAE;YAC7B,SAAS,MAAM,CAAC,KAAK,EAAE;SACxB,CAAC;QAEF,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa;QACzB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE,KAAK,EAAE,GAChE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;QAEvB,IAAI,YAAY,GAAG,KAAK,CAAC;QACzB,IAAI,OAAO,GAAG,EAAE,CAAC;QAEjB,sBAAsB;QACtB,IAAI,QAAQ,KAAK,MAAM,IAAI,SAAS,IAAI,IAAI,CAAC,cAAc,IAAI,SAAS,EAAE,CAAC;YACzE,YAAY,GAAG,IAAI,CAAC;YACpB,OAAO,GAAG,YAAY,CAAC;YACvB,MAAM,KAAK,EAAE,WAAW,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QAC7D,CAAC;QAED,sDAAsD;QACtD,IACE,QAAQ,KAAK,MAAM;YACnB,YAAY;YACZ,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,gBAAgB,IAAI,YAAY,EAClD,CAAC;YACD,YAAY,GAAG,IAAI,CAAC;YACpB,OAAO,GAAG,eAAe,CAAC;YAC1B,MAAM,QAAQ,GAAG,kBAAkB,CAAC,YAAY,CAAC,CAAC;YAClD,MAAM,KAAK,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC;QAED,uBAAuB;QACvB,IACE,QAAQ,KAAK,OAAO;YACpB,cAAc;YACd,IAAI,CAAC,kBAAkB,IAAI,cAAc,EACzC,CAAC;YACD,YAAY,GAAG,IAAI,CAAC;YACpB,OAAO,GAAG,iBAAiB,CAAC;YAC5B,MAAM,KAAK,EAAE,gBAAgB,EAAE,CAAC,IAAI,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAC;QAC3E,CAAC;QAED,6BAA6B;QAC7B,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,UAAkB,QAAQ;QACxC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAyB;YACpC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,IAAI,QAAQ;YACnD,OAAO;YACP,aAAa,EAAE,IAAI,CAAC,kBAAkB;YACtC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;QAEF,qBAAqB;QACrB,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAErD,0BAA0B;QAC1B,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC;QACxB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACnC,IAAI,CAAC,kBAAkB,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACtB,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;IAC/B,CAAC;CACF"}
|
|
@@ -14,6 +14,7 @@ export interface HonoContext {
|
|
|
14
14
|
header: (name: string, value: string) => void;
|
|
15
15
|
}
|
|
16
16
|
import type { ConsentService } from '../services/consent.service';
|
|
17
|
+
import type { OAuthSecurityService } from '../services/oauth-security.service';
|
|
17
18
|
export interface OAuthCallbackConfig {
|
|
18
19
|
/**
|
|
19
20
|
* AgentShield API URL (defaults to AGENTSHIELD_API_URL env var)
|
|
@@ -27,6 +28,10 @@ export interface OAuthCallbackConfig {
|
|
|
27
28
|
* ConsentService instance for OAuth identity linking (Phase 4)
|
|
28
29
|
*/
|
|
29
30
|
consentService?: ConsentService;
|
|
31
|
+
/**
|
|
32
|
+
* OAuthSecurityService instance for CSRF-protected state validation
|
|
33
|
+
*/
|
|
34
|
+
oauthSecurityService?: OAuthSecurityService;
|
|
30
35
|
/**
|
|
31
36
|
* Custom success HTML template (optional)
|
|
32
37
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-handler.d.ts","sourceRoot":"","sources":["../../src/runtime/oauth-handler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,GAAG,CAAC;IACT,GAAG,EAAE;QACH,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAC;QAC3C,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAC;KAC9C,CAAC;IACF,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,QAAQ,CAAC;IAClD,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,QAAQ,CAAC;IACjD,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;CAC/C;AAID,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"oauth-handler.d.ts","sourceRoot":"","sources":["../../src/runtime/oauth-handler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,GAAG,CAAC;IACT,GAAG,EAAE;QACH,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAC;QAC3C,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAC;KAC9C,CAAC;IACF,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,QAAQ,CAAC;IAClD,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,QAAQ,CAAC;IACjD,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;CAC/C;AAID,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAElE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAE/E,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,iBAAiB,CAAC,EAAE,WAAW,CAAC;IAEhC;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC;;OAEG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAE5C;;OAEG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE,gBAAgB,KAAK,MAAM,CAAC;IAErD;;OAEG;IACH,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,MAAM,CAAC;IAElD;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,qBAAqB;IACpC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AA8KD;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,GAAE,mBAAwB,IAC3D,GAAG,WAAW,uBAyjB7B;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CAAC,CAAC,EAAE,WAAW,GAAG,MAAM,GAAG,IAAI,CAoBpE"}
|