@kyro-cms/core 0.9.0 → 0.9.2

package/dist/{chunk-REK7AYOC.js → chunk-L5UKKZQN.js}

@@ -1,8 +1,52 @@
-import { evaluateAccess } from './chunk-SDMNUYVU.js';
-import { GraphQLObjectType, GraphQLString, GraphQLInputObjectType, GraphQLInt, GraphQLBoolean, GraphQLList, GraphQLNonNull, GraphQLSchema, GraphQLFloat } from 'graphql';
+import { hasApiKeyPermission, evaluateAccess } from './chunk-CJONKRHJ.js';
+import { hasPermission } from './chunk-L4EZKIEX.js';
+import { GraphQLObjectType, GraphQLString, GraphQLInputObjectType, GraphQLBoolean, GraphQLInt, GraphQLList, GraphQLNonNull, GraphQLSchema, GraphQLFloat } from 'graphql';
 
 async function checkGraphQLAccess(collection, operation, context) {
   const accessRule = collection.access?.[operation];
+  if (context.apiKey?.permissions?.length > 0) {
+    const resource = collection.slug;
+    const action = operation === "read" ? "read" : operation === "create" ? "create" : "update";
+    const permission = `${resource}:${action}`;
+    if (!hasApiKeyPermission(context.apiKey.permissions, permission) && !hasApiKeyPermission(context.apiKey.permissions, `${resource}:admin`)) {
+      return { allowed: false };
+    }
+  }
+  if (context.user) {
+    const resource = collection.slug;
+    const action = operation === "read" ? "read" : operation === "create" ? "create" : operation === "update" ? "update" : "delete";
+    const permission = `${resource}:${action}`;
+    const userHasPermission = hasPermission(
+      { id: context.user.id, email: context.user.email, role: context.user.role },
+      permission
+    );
+    if (!userHasPermission && !hasPermission(
+      { id: context.user.id, email: context.user.email, role: context.user.role },
+      `${resource}:admin`
+    )) {
+      if (!accessRule) {
+        return { allowed: false };
+      }
+    }
+  }
+  if (!accessRule) {
+    if (!context.user && !context.apiKey) {
+      return { allowed: false };
+    }
+    return { allowed: true };
+  }
+  const result = await evaluateAccess(accessRule, {
+    req: context.req,
+    user: context.user,
+    tenantID: context.tenantID
+  });
+  if (typeof result === "boolean") {
+    return { allowed: result };
+  }
+  return { allowed: true, extraWhere: result };
+}
+async function checkGlobalAccess(global, operation, context) {
+  const accessRule = global.access?.[operation];
   if (!accessRule) {
     if (!context.user) {
       return { allowed: false };
@@ -21,9 +65,9 @@ async function checkGraphQLAccess(collection, operation, context) {
   if (typeof result === "boolean") {
     return { allowed: result };
   }
-  return { allowed: true, extraWhere: result };
+  return { allowed: true };
 }
-function fieldToGraphQLType(field, registry) {
+function fieldToGraphQLType(field, registry, collectionTypes, isInputType = false) {
   switch (field.type) {
     case "text":
     case "email":
@@ -47,13 +91,19 @@ function fieldToGraphQLType(field, registry) {
     // JSON as string
     case "relationship":
       if (typeof field.relationTo === "string") {
+        if (isInputType) {
+          return GraphQLString;
+        }
+        if (collectionTypes?.[field.relationTo]) {
+          return collectionTypes[field.relationTo];
+        }
         const relatedCollection = registry.getCollection(field.relationTo);
         if (relatedCollection) {
           return new GraphQLObjectType({
             name: `${field.relationTo}_ref`,
             fields: () => ({
               id: { type: GraphQLString },
-              ...buildFieldsFromCollection(relatedCollection, registry)
+              ...buildFieldsFromCollection(relatedCollection, registry, collectionTypes)
             })
           });
         }
@@ -76,12 +126,12 @@ function fieldToGraphQLType(field, registry) {
       return GraphQLString;
   }
 }
-function buildFieldsFromCollection(config, registry) {
+function buildFieldsFromCollection(config, registry, collectionTypes) {
   const fields = {};
   for (const field of config.fields) {
     if (field.name && field.admin?.hidden !== true) {
       fields[field.name] = {
-        type: field.required ? new GraphQLNonNull(fieldToGraphQLType(field, registry)) : fieldToGraphQLType(field, registry),
+        type: field.required ? new GraphQLNonNull(fieldToGraphQLType(field, registry, collectionTypes)) : fieldToGraphQLType(field, registry, collectionTypes),
         description: field.admin?.description || field.label
       };
     }
@@ -89,7 +139,7 @@ function buildFieldsFromCollection(config, registry) {
   return fields;
 }
 function buildGraphQLSchema(options) {
-  const { registry, db, user, req, tenantID, settings } = options;
+  const { registry, db, user, req, tenantID, apiKey, settings } = options;
   const apiAccess = settings?.access?.apiAccess;
   if (apiAccess?.graphqlEnabled === false) {
     throw new Error("GraphQL API is disabled");
@@ -103,7 +153,7 @@ function buildGraphQLSchema(options) {
       name: `${collection.slug.replace(/-/g, "_")}_type`,
       fields: () => ({
         id: { type: GraphQLString },
-        ...buildFieldsFromCollection(collection, registry),
+        ...buildFieldsFromCollection(collection, registry, collectionTypes),
         ...collection.timestamps ? {
           createdAt: { type: GraphQLString },
           updatedAt: { type: GraphQLString }
@@ -117,7 +167,7 @@ function buildGraphQLSchema(options) {
     for (const field of collection.fields) {
       if (field.name && field.name !== "id") {
         inputFields[field.name] = {
-          type: fieldToGraphQLType(field, registry)
+          type: fieldToGraphQLType(field, registry, collectionTypes, true)
         };
       }
     }
@@ -127,6 +177,7 @@ function buildGraphQLSchema(options) {
     });
   }
   const globalTypes = {};
+  const globalInputTypes = {};
   for (const global of globals) {
     globalTypes[global.slug] = new GraphQLObjectType({
       name: `${global.slug.replace(/-/g, "_")}_global_type`,
@@ -134,16 +185,31 @@ function buildGraphQLSchema(options) {
         id: { type: GraphQLString },
         ...buildFieldsFromCollection(
           { slug: global.slug, fields: global.fields },
-          registry
+          registry,
+          collectionTypes
         )
       })
     });
+    globalInputTypes[global.slug] = new GraphQLInputObjectType({
+      name: `${global.slug.replace(/-/g, "_")}_global_input`,
+      fields: () => {
+        const inputFields = {};
+        for (const field of global.fields) {
+          if (field.name && field.name !== "id") {
+            inputFields[field.name] = {
+              type: fieldToGraphQLType(field, registry, collectionTypes, true)
+            };
+          }
+        }
+        return inputFields;
+      }
+    });
   }
   const queryFields = {};
   for (const collection of collections) {
     const type = collectionTypes[collection.slug];
     if (!type) continue;
-    queryFields[`${collection.slug}Find`] = {
+    queryFields[`${collection.slug.replace(/-/g, "_")}Find`] = {
       type: new GraphQLObjectType({
         name: `${collection.slug.replace(/-/g, "_")}_find_result`,
         fields: {
@@ -159,17 +225,22 @@ function buildGraphQLSchema(options) {
         where: { type: GraphQLString },
         sort: { type: GraphQLString },
         limit: { type: GraphQLInt },
-        page: { type: GraphQLInt }
+        page: { type: GraphQLInt },
+        draft: { type: GraphQLBoolean }
       },
       resolve: async (_, args, context) => {
         const access = await checkGraphQLAccess(collection, "read", {
           user,
           req,
-          tenantID
+          tenantID,
+          apiKey
         });
         if (!access.allowed) {
           throw new Error("Access denied");
         }
+        if (tenantID) {
+          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
+        }
         let where = {};
         if (args.where) {
           try {
@@ -180,39 +251,48 @@ function buildGraphQLSchema(options) {
         if (access.extraWhere) {
           where = { ...where, ...access.extraWhere };
         }
+        const isDraft = args.draft ?? !!user;
         return db.find({
           collection: collection.slug,
           where,
           sort: args.sort,
           limit: args.limit || 10,
           page: args.page || 1,
-          tenantID
+          tenantID,
+          draft: isDraft
         });
       }
     };
-    queryFields[`${collection.slug}FindByID`] = {
+    queryFields[`${collection.slug.replace(/-/g, "_")}FindByID`] = {
       type,
       args: {
-        id: { type: new GraphQLNonNull(GraphQLString) }
+        id: { type: new GraphQLNonNull(GraphQLString) },
+        draft: { type: GraphQLBoolean }
       },
       resolve: async (_, args, context) => {
         const access = await checkGraphQLAccess(collection, "read", {
           user,
           req,
-          tenantID
+          tenantID,
+          apiKey
         });
         if (!access.allowed) {
           throw new Error("Access denied");
         }
+        if (tenantID) {
+          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
+        }
+        const isDraft = args.draft ?? !!user;
         const doc = await db.findByID({
           collection: collection.slug,
           id: args.id,
-          tenantID
+          tenantID,
+          draft: isDraft
         });
         return doc;
       }
     };
-    queryFields[`${collection.slug}Count`] = {
+    queryFields[`${collection.slug.replace(/-/g, "_")}Count`] = {
       type: new GraphQLObjectType({
         name: `${collection.slug.replace(/-/g, "_")}_count`,
         fields: {
@@ -226,7 +306,8 @@ function buildGraphQLSchema(options) {
         const access = await checkGraphQLAccess(collection, "read", {
           user,
           req,
-          tenantID
+          tenantID,
+          apiKey
         });
         if (!access.allowed) {
           return { totalDocs: 0 };
@@ -250,9 +331,20 @@ function buildGraphQLSchema(options) {
   for (const global of globals) {
     const type = globalTypes[global.slug];
     if (!type) continue;
-    queryFields[`${global.slug}Get`] = {
+    queryFields[`${global.slug.replace(/-/g, "_")}Get`] = {
       type,
       resolve: async () => {
+        const access = await checkGlobalAccess(global, "read", {
+          user,
+          req,
+          tenantID
+        });
+        if (!access.allowed) {
+          throw new Error("Access denied: cannot read global");
+        }
+        if (tenantID) {
+          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
+        }
         return db.findOne({
           collection: `_globals_${global.slug}`,
           where: {},
@@ -270,7 +362,7 @@ function buildGraphQLSchema(options) {
     const type = collectionTypes[collection.slug];
     const inputType = collectionInputTypes[collection.slug];
     if (!type || !inputType) continue;
-    mutationFields[`${collection.slug}Create`] = {
+    mutationFields[`${collection.slug.replace(/-/g, "_")}Create`] = {
       type: new GraphQLObjectType({
         name: `${collection.slug.replace(/-/g, "_")}_create_result`,
         fields: {
@@ -285,11 +377,15 @@ function buildGraphQLSchema(options) {
         const access = await checkGraphQLAccess(collection, "create", {
           user,
           req,
-          tenantID
+          tenantID,
+          apiKey
         });
         if (!access.allowed) {
           throw new Error("Access denied: cannot create");
         }
+        if (tenantID) {
+          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
+        }
         const schema = registry.getCreateZodSchema(collection.slug);
         const validated = schema.parse(args.data);
         const doc = await db.create({
@@ -300,7 +396,7 @@ function buildGraphQLSchema(options) {
         return { doc, message: "Created successfully" };
       }
     };
-    mutationFields[`${collection.slug}Update`] = {
+    mutationFields[`${collection.slug.replace(/-/g, "_")}Update`] = {
       type: new GraphQLObjectType({
         name: `${collection.slug.replace(/-/g, "_")}_update_result`,
         fields: {
@@ -310,17 +406,33 @@ function buildGraphQLSchema(options) {
       }),
       args: {
         id: { type: new GraphQLNonNull(GraphQLString) },
-        data: { type: new GraphQLNonNull(inputType) }
+        data: { type: new GraphQLNonNull(inputType) },
+        baseUpdatedAt: { type: GraphQLString }
       },
       resolve: async (_, args, context) => {
         const access = await checkGraphQLAccess(collection, "update", {
           user,
           req,
-          tenantID
+          tenantID,
+          apiKey
         });
         if (!access.allowed) {
           throw new Error("Access denied: cannot update");
         }
+        if (tenantID) {
+          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
+        }
+        if (args.baseUpdatedAt) {
+          const originalDoc = await db.findByID({
+            collection: collection.slug,
+            id: args.id,
+            tenantID,
+            draft: true
+          });
+          if (originalDoc && originalDoc.updatedAt && args.baseUpdatedAt !== originalDoc.updatedAt) {
+            throw new Error(`Revision conflict: document has changed since ${args.baseUpdatedAt}. Current updatedAt: ${originalDoc.updatedAt}`);
+          }
+        }
         const schema = registry.getUpdateZodSchema(collection.slug);
         const validated = schema.parse(args.data);
         const doc = await db.update({
@@ -332,7 +444,7 @@ function buildGraphQLSchema(options) {
         return { doc, message: "Updated successfully" };
       }
     };
-    mutationFields[`${collection.slug}Delete`] = {
+    mutationFields[`${collection.slug.replace(/-/g, "_")}Delete`] = {
       type: new GraphQLObjectType({
         name: `${collection.slug.replace(/-/g, "_")}_delete_result`,
         fields: {
@@ -347,11 +459,15 @@ function buildGraphQLSchema(options) {
         const access = await checkGraphQLAccess(collection, "delete", {
           user,
           req,
-          tenantID
+          tenantID,
+          apiKey
         });
         if (!access.allowed) {
           throw new Error("Access denied: cannot delete");
         }
+        if (tenantID) {
+          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
+        }
         const doc = await db.delete({
           collection: collection.slug,
           id: args.id,
@@ -361,6 +477,56 @@ function buildGraphQLSchema(options) {
       }
     };
   }
+  for (const global of globals) {
+    const inputType = globalInputTypes[global.slug];
+    if (!inputType) continue;
+    mutationFields[`${global.slug.replace(/-/g, "_")}Update`] = {
+      type: new GraphQLObjectType({
+        name: `${global.slug.replace(/-/g, "_")}_update_result`,
+        fields: {
+          doc: { type: globalTypes[global.slug] || GraphQLString },
+          message: { type: GraphQLString }
+        }
+      }),
+      args: {
+        data: { type: new GraphQLNonNull(inputType) }
+      },
+      resolve: async (_, args, context) => {
+        const access = await checkGlobalAccess(global, "update", {
+          user,
+          req,
+          tenantID
+        });
+        if (!access.allowed) {
+          throw new Error("Access denied: cannot update global");
+        }
+        if (tenantID) {
+          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
+        }
+        const doc = await db.findOne({
+          collection: `_globals_${global.slug}`,
+          where: {},
+          tenantID
+        });
+        let result;
+        if (doc) {
+          result = await db.update({
+            collection: `_globals_${global.slug}`,
+            id: doc.id,
+            data: args.data,
+            tenantID
+          });
+        } else {
+          result = await db.create({
+            collection: `_globals_${global.slug}`,
+            data: args.data,
+            tenantID
+          });
+        }
+        return { doc: result, message: "Updated successfully" };
+      }
+    };
+  }
   const Mutation = new GraphQLObjectType({
     name: "Mutation",
     fields: mutationFields
@@ -376,10 +542,11 @@ function createGraphQLSchema(registry, db, options) {
     db,
     user: options?.user,
     req: options?.req,
-    tenantID: options?.tenantID
+    tenantID: options?.tenantID,
+    apiKey: options?.apiKey
   });
 }
 
 export { buildGraphQLSchema, createGraphQLSchema };
-//# sourceMappingURL=chunk-REK7AYOC.js.map
-//# sourceMappingURL=chunk-REK7AYOC.js.map
+//# sourceMappingURL=chunk-L5UKKZQN.js.map
+//# sourceMappingURL=chunk-L5UKKZQN.js.map

package/dist/chunk-L5UKKZQN.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/api/graphql/schema.ts"],"names":[],"mappings":";;;;AA8BA,eAAe,kBAAA,CACb,UAAA,EACA,SAAA,EACA,OAAA,EACyD;AACzD,EAAA,MAAM,UAAA,GAAa,UAAA,CAAW,MAAA,GAAS,SAAS,CAAA;AAGhD,EAAA,IAAI,OAAA,CAAQ,MAAA,EAAQ,WAAA,EAAa,MAAA,GAAS,CAAA,EAAG;AAC3C,IAAA,MAAM,WAAW,UAAA,CAAW,IAAA;AAC5B,IAAA,MAAM,SAAS,SAAA,KAAc,MAAA,GAAS,MAAA,GAAS,SAAA,KAAc,WAAW,QAAA,GAAW,QAAA;AACnF,IAAA,MAAM,UAAA,GAAa,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACxC,IAAA,IACE,CAAC,mBAAA,CAAoB,OAAA,CAAQ,MAAA,CAAO,aAAa,UAAU,CAAA,IAC3D,CAAC,mBAAA,CAAoB,QAAQ,MAAA,CAAO,WAAA,EAAa,CAAA,EAAG,QAAQ,QAAQ,CAAA,EACpE;AACA,MAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,IAC1B;AAAA,EACF;AAGA,EAAA,IAAI,QAAQ,IAAA,EAAM;AAChB,IAAA,MAAM,WAAW,UAAA,CAAW,IAAA;AAC5B,IAAA,MAAM,MAAA,GAAS,cAAc,MAAA,GAAS,MAAA,GAAS,cAAc,QAAA,GAAW,QAAA,GAAW,SAAA,KAAc,QAAA,GAAW,QAAA,GAAW,QAAA;AACvH,IAAA,MAAM,UAAA,GAAa,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACxC,IAAA,MAAM,iBAAA,GAAoB,aAAA;AAAA,MACxB,EAAE,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,EAAA,EAAI,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,OAAA,CAAQ,IAAA,CAAK,IAAA,EAAK;AAAA,MAC1E;AAAA,KACF;AACA,IAAA,IAAI,CAAC,qBAAqB,CAAC,aAAA;AAAA,MACzB,EAAE,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,EAAA,EAAI,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,OAAA,CAAQ,IAAA,CAAK,IAAA,EAAK;AAAA,MAC1E,GAAG,QAAQ,CAAA,MAAA;AAAA,KACb,EAAG;AACD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,MAC1B;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,IAAI,CAAC,OAAA,CAAQ,IAAA,IAAQ,CAAC,QAAQ,MAAA,EAAQ;AACpC,MAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,IAC1B;AACA,IAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AAAA,EACzB;AAEA,EAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,UAAA,EAAY;AAAA,IAC9C,KAAK,OAAA,CAAQ,GAAA;AAAA,IACb,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,UAAU,OAAA,CAAQ;AAAA,GACnB,CAAA;AAED,EAAA,IAAI,OAAO,WAAW,SAAA,EAAW;AAC/B,IAAA,OAAO,EAAE,SAAS,MAAA,EAAO;AAAA,EAC3B;AAEA,EAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,MAAA,EAAO;AAC7C;AAEA,eAAe,iBAAA,CACb,MAAA,EACA,SAAA,EACA,OAAA,EAC+B;AAC/B,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,MAAA,GAAS,SAAS,CAAA;AAE5C,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,IAC1B;AACA,IAAA,MAAM,QAAA,GAAW,QAAQ,IAAA,CAAK,IAAA;AAC9B,IAAA,IAAI,QAAA,KAAa,aAAA,IAAiB,QAAA,KAAa,OAAA,EAAS;AACtD,MAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AAAA,IACzB;AACA,IAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,EAC1B;AAEA,EAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,UAAA,EAAY;AAAA,IAC9C,KAAK,OAAA,CAAQ,GAAA;AAAA,IACb,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,UAAU,OAAA,CAAQ;AAAA,GACnB,CAAA;AAED,EAAA,IAAI,OAAO,WAAW,SAAA,EAAW;AAC/B,IAAA,OAAO,EAAE,SAAS,MAAA,EAAO;AAAA,EAC3B;AAEA,EAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AACzB;AAMA,SAAS,kBAAA,CACP,KAAA,EACA,QAAA,EACA,eAAA,EACA,cAAc,KAAA,EACD;AACb,EAAA,QAAQ,MAAM,IAAA;AAAM,IAClB,KAAK,MAAA;AAAA,IACL,KAAK,OAAA;AAAA,IACL,KAAK,UAAA;AAAA,IACL,KAAK,UAAA;AAAA,IACL,KAAK,OAAA;AAAA,IACL,KAAK,MAAA;AAAA,IACL,KAAK,UAAA;AAAA,IACL,KAAK,MAAA;AAAA,IACL,KAAK,QAAA;AAAA,IACL,KAAK,OAAA;AAAA,IACL,KAAK,QAAA;AACH,MAAA,OAAO,aAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,KAAA,CAAM,UAAU,UAAA,GAAa,YAAA;AAAA,IACtC,KAAK,UAAA;AACH,MAAA,OAAO,cAAA;AAAA,IACT,KAAK,MAAA;AAAA,IACL,KAAK,UAAA;AACH,MAAA,OAAO,aAAA;AAAA;AAAA,IACT,KAAK,cAAA;AACH,MAAA,IAAI,OAAO,KAAA,CAAM,UAAA,KAAe,QAAA,EAAU;AACxC,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,OAAO,aAAA;AAAA,QACT;AACA,QAAA,IAAI,eAAA,GAAkB,KAAA,CAAM,UAAU,CAAA,EAAG;AACvC,UAAA,OAAO,eAAA,CAAgB,MAAM,UAAU,CAAA;AAAA,QACzC;AACA,QAAA,MAAM,iBAAA,GAAoB,QAAA,CAAS,aAAA,CAAc,KAAA,CAAM,UAAU,CAAA;AACjE,QAAA,IAAI,iBAAA,EAAmB;AACrB,UAAA,OAAO,IAAI,iBAAA,CAAkB;AAAA,YAC3B,IAAA,EAAM,CAAA,EAAG,KAAA,CAAM,UAAU,CAAA,IAAA,CAAA;AAAA,YACzB,QAAQ,OAAO;AAAA,cACb,EAAA,EAAI,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,cAC1B,GAAG,yBAAA,CAA0B,iBAAA,EAAmB,QAAA,EAAU,eAAe;AAAA,aAC3E;AAAA,WACD,CAAA;AAAA,QACH;AAAA,MACF;AACA,MAAA,OAAO,aAAA;AAAA,IACT,KAAK,OAAA;AACH,MAAA,OAAO,IAAI,YAAY,aAAa,CAAA;AAAA;AAAA,IACtC,KAAK,OAAA;AACH,MAAA,OAAO,aAAA;AAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,YAAY,aAAa,CAAA;AAAA;AAAA,IACtC,KAAK,KAAA;AAAA,IACL,KAAK,aAAA;AAAA,IACL,KAAK,MAAA;AACH,MAAA,OAAO,aAAA;AAAA,IACT;AACE,MAAA,OAAO,aAAA;AAAA;AAEb;AAEA,SAAS,yBAAA,CACP,MAAA,EACA,QAAA,EACA,eAAA,EAC8C;AAC9C,EAAA,MAAM,SAAuD,EAAC;AAE9D,EAAA,KAAA,MAAW,KAAA,IAAS,OAAO,MAAA,EAAQ;AACjC,IAAA,IAAI,KAAA,CAAM,IAAA,IAAQ,KAAA,CAAM,KAAA,EAAO,WAAW,IAAA,EAAM;AAC9C,MAAA,MAAA,CAAO,KAAA,CAAM,IAAI,CAAA,GAAI;AAAA,QACnB,IAAA,EAAM,KAAA,CAAM,QAAA,GACR,IAAI,eAAe,kBAAA,CAAmB,KAAA,EAAO,QAAA,EAAU,eAAe,CAAQ,CAAA,GAC7E,kBAAA,CAAmB,KAAA,EAAO,UAAU,eAAe,CAAA;AAAA,QACxD,WAAA,EAAa,KAAA,CAAM,KAAA,EAAO,WAAA,IAAe,KAAA,CAAM;AAAA,OACjD;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAgBO,SAAS,mBACd,OAAA,EACe;AACf,EAAA,MAAM,EAAE,UAAU,EAAA,EAAI,IAAA,EAAM,KAAK,QAAA,EAAU,MAAA,EAAQ,UAAS,GAAI,OAAA;AAGhE,EAAA,MAAM,SAAA,GAAY,UAAU,MAAA,EAAQ,SAAA;AACpC,EAAA,IAAI,SAAA,EAAW,mBAAmB,KAAA,EAAO;AACvC,IAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,EAC3C;AAEA,EAAA,MAAM,WAAA,GAAc,SAAS,cAAA,EAAe;AAC5C,EAAA,MAAM,OAAA,GAAU,SAAS,UAAA,EAAW;AAGpC,EAAA,MAAM,kBAAqD,EAAC;AAC5D,EAAA,MAAM,uBAA+D,EAAC;AAEtE,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AAEpC,IAAA,eAAA,CAAgB,UAAA,CAAW,IAAI,CAAA,GAAI,IAAI,iBAAA,CAAkB;AAAA,MACvD,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,KAAA,CAAA;AAAA,MAC3C,QAAQ,OAAO;AAAA,QACb,EAAA,EAAI,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,QAC1B,GAAG,yBAAA,CAA0B,UAAA,EAAY,QAAA,EAAU,eAAe,CAAA;AAAA,QAClE,GAAI,WAAW,UAAA,GACX;AAAA,UACE,SAAA,EAAW,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,UACjC,SAAA,EAAW,EAAE,IAAA,EAAM,aAAA;AAAc,YAEnC,EAAC;AAAA,QACL,GAAI,WAAW,YAAA,GACX;AAAA,UACE,QAAA,EAAU,EAAE,IAAA,EAAM,aAAA;AAAc,YAElC;AAAC,OACP;AAAA,KACD,CAAA;AAGD,IAAA,MAAM,cAAqD,EAAC;AAC5D,IAAA,KAAA,MAAW,KAAA,IAAS,WAAW,MAAA,EAAQ;AACrC,MAAA,IAAI,KAAA,CAAM,IAAA,IAAQ,KAAA,CAAM,IAAA,KAAS,IAAA,EAAM;AACrC,QAAA,WAAA,CAAY,KAAA,CAAM,IAAI,CAAA,GAAI;AAAA,UACxB,IAAA,EAAM,kBAAA,CAAmB,KAAA,EAAO,QAAA,EAAU,iBAAiB,IAAI;AAAA,SACjE;AAAA,MACF;AAAA,IACF;AAEA,IAAA,oBAAA,CAAqB,UAAA,CAAW,IAAI,CAAA,GAAI,IAAI,sBAAA,CAAuB;AAAA,MACjE,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,MAAA,CAAA;AAAA,MAC3C,QAAQ,MAAM;AAAA,KACf,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,cAAiD,EAAC;AACxD,EAAA,MAAM,mBAA2D,EAAC;AAElE,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,WAAA,CAAY,MAAA,CAAO,IAAI,CAAA,GAAI,IAAI,iBAAA,CAAkB;AAAA,MAC/C,MAAM,CAAA,EAAG,MAAA,CAAO,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,YAAA,CAAA;AAAA,MACvC,QAAQ,OAAO;AAAA,QACb,EAAA,EAAI,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,QAC1B,GAAG,yBAAA;AAAA,UACD,EAAE,IAAA,EAAM,MAAA,CAAO,IAAA,EAAM,MAAA,EAAQ,OAAO,MAAA,EAAO;AAAA,UAC3C,QAAA;AAAA,UACA;AAAA;AACF,OACF;AAAA,KACD,CAAA;AAED,IAAA,gBAAA,CAAiB,MAAA,CAAO,IAAI,CAAA,GAAI,IAAI,sBAAA,CAAuB;AAAA,MACzD,MAAM,CAAA,EAAG,MAAA,CAAO,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,aAAA,CAAA;AAAA,MACvC,QAAQ,MAAM;AACZ,QAAA,MAAM,cAAqD,EAAC;AAC5D,QAAA,KAAA,MAAW,KAAA,IAAS,OAAO,MAAA,EAAQ;AACjC,UAAA,IAAI,KAAA,CAAM,IAAA,IAAQ,KAAA,CAAM,IAAA,KAAS,IAAA,EAAM;AACrC,YAAA,WAAA,CAAY,KAAA,CAAM,IAAI,CAAA,GAAI;AAAA,cACxB,IAAA,EAAM,kBAAA,CAAmB,KAAA,EAAO,QAAA,EAAU,iBAAiB,IAAI;AAAA,aACjE;AAAA,UACF;AAAA,QACF;AACA,QAAA,OAAO,WAAA;AAAA,MACT;AAAA,KACD,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,cAA4D,EAAC;AAGnE,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,IAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,UAAA,CAAW,IAAI,CAAA;AAC5C,IAAA,IAAI,CAAC,IAAA,EAAM;AAGX,IAAA,WAAA,CAAY,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,MAAM,CAAA,GAAI;AAAA,MACzD,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,YAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,MAAM,EAAE,IAAA,EAAM,IAAI,WAAA,CAAY,IAAI,CAAA,EAAE;AAAA,UACpC,SAAA,EAAW,EAAE,IAAA,EAAM,UAAA,EAAW;AAAA,UAC9B,IAAA,EAAM,EAAE,IAAA,EAAM,UAAA,EAAW;AAAA,UACzB,UAAA,EAAY,EAAE,IAAA,EAAM,UAAA,EAAW;AAAA,UAC/B,WAAA,EAAa,EAAE,IAAA,EAAM,cAAA,EAAe;AAAA,UACpC,WAAA,EAAa,EAAE,IAAA,EAAM,cAAA;AAAe;AACtC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,QAC7B,IAAA,EAAM,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,QAC5B,KAAA,EAAO,EAAE,IAAA,EAAM,UAAA,EAAW;AAAA,QAC1B,IAAA,EAAM,EAAE,IAAA,EAAM,UAAA,EAAW;AAAA,QACzB,KAAA,EAAO,EAAE,IAAA,EAAM,cAAA;AAAe,OAChC;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,MAAA,EAAQ;AAAA,UAC1D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,eAAe,CAAA;AAAA,QACjC;AAEA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAEA,QAAA,IAAI,QAAQ,EAAC;AACb,QAAA,IAAI,KAAK,KAAA,EAAO;AACd,UAAA,IAAI;AACF,YAAA,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,KAAK,CAAA;AAAA,UAC/B,CAAA,CAAA,MAAQ;AAAA,UAAC;AAAA,QACX;AAEA,QAAA,IAAI,OAAO,UAAA,EAAY;AACrB,UAAA,KAAA,GAAQ,EAAE,GAAG,KAAA,EAAO,GAAG,OAAO,UAAA,EAAW;AAAA,QAC3C;AAEA,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,IAAS,CAAC,CAAC,IAAA;AAEhC,QAAA,OAAO,GAAG,IAAA,CAAK;AAAA,UACb,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,KAAA;AAAA,UACA,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,KAAA,EAAO,KAAK,KAAA,IAAS,EAAA;AAAA,UACrB,IAAA,EAAM,KAAK,IAAA,IAAQ,CAAA;AAAA,UACnB,QAAA;AAAA,UACA,KAAA,EAAO;AAAA,SACR,CAAA;AAAA,MACH;AAAA,KACF;AAGA,IAAA,WAAA,CAAY,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,UAAU,CAAA,GAAI;AAAA,MAC7D,IAAA;AAAA,MACA,IAAA,EAAM;AAAA,QACJ,IAAI,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,aAAa,CAAA,EAAE;AAAA,QAC9C,KAAA,EAAO,EAAE,IAAA,EAAM,cAAA;AAAe,OAChC;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,MAAA,EAAQ;AAAA,UAC1D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,eAAe,CAAA;AAAA,QACjC;AAEA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAEA,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,IAAS,CAAC,CAAC,IAAA;AAChC,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,QAAA,CAAS;AAAA,UAC5B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,QAAA;AAAA,UACA,KAAA,EAAO;AAAA,SACR,CAAA;AACD,QAAA,OAAO,GAAA;AAAA,MACT;AAAA,KACF;AAGA,IAAA,WAAA,CAAY,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,OAAO,CAAA,GAAI;AAAA,MAC1D,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,MAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,SAAA,EAAW,EAAE,IAAA,EAAM,UAAA;AAAW;AAChC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO,EAAE,IAAA,EAAM,aAAA;AAAc,OAC/B;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,MAAA,EAAQ;AAAA,UAC1D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,OAAO,EAAE,WAAW,CAAA,EAAE;AAAA,QACxB;AACA,QAAA,IAAI,QAAQ,EAAC;AACb,QAAA,IAAI,KAAK,KAAA,EAAO;AACd,UAAA,IAAI;AACF,YAAA,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,KAAK,CAAA;AAAA,UAC/B,CAAA,CAAA,MAAQ;AAAA,UAAC;AAAA,QACX;AACA,QAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,CAAG,KAAA,CAAM;AAAA,UAC3B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,KAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,OAAO,EAAE,WAAW,KAAA,EAAM;AAAA,MAC5B;AAAA,KACF;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,IAAA,GAAO,WAAA,CAAY,MAAA,CAAO,IAAI,CAAA;AACpC,IAAA,IAAI,CAAC,IAAA,EAAM;AAEX,IAAA,WAAA,CAAY,CAAA,EAAG,OAAO,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,KAAK,CAAA,GAAI;AAAA,MACpD,IAAA;AAAA,MACA,SAAS,YAAY;AACnB,QAAA,MAAM,MAAA,GAAS,MAAM,iBAAA,CAAkB,MAAA,EAAQ,MAAA,EAAQ;AAAA,UACrD,IAAA;AAAA,UACA,GAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,mCAAmC,CAAA;AAAA,QACrD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AACA,QAAA,OAAO,GAAG,OAAA,CAAQ;AAAA,UAChB,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,UACnC,OAAO,EAAC;AAAA,UACR;AAAA,SACD,CAAA;AAAA,MACH;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,KAAA,GAAQ,IAAI,iBAAA,CAAkB;AAAA,IAClC,IAAA,EAAM,OAAA;AAAA,IACN,MAAA,EAAQ;AAAA,GACT,CAAA;AAGD,EAAA,MAAM,iBAA+D,EAAC;AAEtE,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,IAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,UAAA,CAAW,IAAI,CAAA;AAC5C,IAAA,MAAM,SAAA,GAAY,oBAAA,CAAqB,UAAA,CAAW,IAAI,CAAA;AACtD,IAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,SAAA,EAAW;AAGzB,IAAA,cAAA,CAAe,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC9D,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,GAAA,EAAK,EAAE,IAAA,EAAK;AAAA,UACZ,OAAA,EAAS,EAAE,IAAA,EAAM,aAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,MAAM,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,SAAS,CAAA;AAAE,OAC9C;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,QAAA,EAAU;AAAA,UAC5D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,QAChD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AACA,QAAA,MAAM,MAAA,GAAS,QAAA,CAAS,kBAAA,CAAmB,UAAA,CAAW,IAAI,CAAA;AAE1D,QAAA,MAAM,SAAA,GAAY,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA;AAExC,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,MAAA,CAAO;AAAA,UAC1B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAA,EAAM,SAAA;AAAA,UACN;AAAA,SACD,CAAA;AAED,QAAA,OAAO,EAAE,GAAA,EAAK,OAAA,EAAS,sBAAA,EAAuB;AAAA,MAChD;AAAA,KACF;AAGA,IAAA,cAAA,CAAe,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC9D,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,GAAA,EAAK,EAAE,IAAA,EAAK;AAAA,UACZ,OAAA,EAAS,EAAE,IAAA,EAAM,aAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,IAAI,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,aAAa,CAAA,EAAE;AAAA,QAC9C,MAAM,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,SAAS,CAAA,EAAE;AAAA,QAC5C,aAAA,EAAe,EAAE,IAAA,EAAM,aAAA;AAAc,OACvC;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,QAAA,EAAU;AAAA,UAC5D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,QAChD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAGA,QAAA,IAAI,KAAK,aAAA,EAAe;AACtB,UAAA,MAAM,WAAA,GAAc,MAAM,EAAA,CAAG,QAAA,CAA8B;AAAA,YACzD,YAAY,UAAA,CAAW,IAAA;AAAA,YACvB,IAAI,IAAA,CAAK,EAAA;AAAA,YACT,QAAA;AAAA,YACA,KAAA,EAAO;AAAA,WACR,CAAA;AACD,UAAA,IAAI,eAAe,WAAA,CAAY,SAAA,IAAa,IAAA,CAAK,aAAA,KAAkB,YAAY,SAAA,EAAW;AACxF,YAAA,MAAM,IAAI,MAAM,CAAA,8CAAA,EAAiD,IAAA,CAAK,aAAa,CAAA,qBAAA,EAAwB,WAAA,CAAY,SAAS,CAAA,CAAE,CAAA;AAAA,UACpI;AAAA,QACF;AAEA,QAAA,MAAM,MAAA,GAAS,QAAA,CAAS,kBAAA,CAAmB,UAAA,CAAW,IAAI,CAAA;AAE1D,QAAA,MAAM,SAAA,GAAY,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA;AAExC,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,MAAA,CAAO;AAAA,UAC1B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,IAAA,EAAM,SAAA;AAAA,UACN;AAAA,SACD,CAAA;AAED,QAAA,OAAO,EAAE,GAAA,EAAK,OAAA,EAAS,sBAAA,EAAuB;AAAA,MAChD;AAAA,KACF;AAGA,IAAA,cAAA,CAAe,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC9D,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,GAAA,EAAK,EAAE,IAAA,EAAK;AAAA,UACZ,OAAA,EAAS,EAAE,IAAA,EAAM,aAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,IAAI,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,aAAa,CAAA;AAAE,OAChD;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,QAAA,EAAU;AAAA,UAC5D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,QAChD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AACA,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,MAAA,CAAO;AAAA,UAC1B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAI,IAAA,CAAK,EAAA;AAAA,UACT;AAAA,SACD,CAAA;AAED,QAAA,OAAO,EAAE,GAAA,EAAK,OAAA,EAAS,sBAAA,EAAuB;AAAA,MAChD;AAAA,KACF;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,MAAA,CAAO,IAAI,CAAA;AAC9C,IAAA,IAAI,CAAC,SAAA,EAAW;AAEhB,IAAA,cAAA,CAAe,CAAA,EAAG,OAAO,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC1D,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,MAAA,CAAO,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QACvC,MAAA,EAAQ;AAAA,UACN,KAAK,EAAE,IAAA,EAAM,YAAY,MAAA,CAAO,IAAI,KAAK,aAAA,EAAc;AAAA,UACvD,OAAA,EAAS,EAAE,IAAA,EAAM,aAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,MAAM,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,SAAS,CAAA;AAAE,OAC9C;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,iBAAA,CAAkB,MAAA,EAAQ,QAAA,EAAU;AAAA,UACvD,IAAA;AAAA,UACA,GAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,qCAAqC,CAAA;AAAA,QACvD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAEA,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,OAAA,CAAQ;AAAA,UAC3B,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,UACnC,OAAO,EAAC;AAAA,UACR;AAAA,SACD,CAAA;AAED,QAAA,IAAI,MAAA;AACJ,QAAA,IAAI,GAAA,EAAK;AACP,UAAA,MAAA,GAAS,MAAM,GAAG,MAAA,CAAO;AAAA,YACvB,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,YACnC,IAAI,GAAA,CAAI,EAAA;AAAA,YACR,MAAM,IAAA,CAAK,IAAA;AAAA,YACX;AAAA,WACD,CAAA;AAAA,QACH,CAAA,MAAO;AACL,UAAA,MAAA,GAAS,MAAM,GAAG,MAAA,CAAO;AAAA,YACvB,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,YACnC,MAAM,IAAA,CAAK,IAAA;AAAA,YACX;AAAA,WACD,CAAA;AAAA,QACH;AAEA,QAAA,OAAO,EAAE,GAAA,EAAK,MAAA,EAAQ,OAAA,EAAS,sBAAA,EAAuB;AAAA,MACxD;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,IAAI,iBAAA,CAAkB;AAAA,IACrC,IAAA,EAAM,UAAA;AAAA,IACN,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,OAAO,IAAI,aAAA,CAAc;AAAA,IACvB,KAAA,EAAO,KAAA;AAAA,IACP,QAAA,EAAU;AAAA,GACX,CAAA;AACH;AAMO,SAAS,mBAAA,CACd,QAAA,EACA,EAAA,EACA,OAAA,EAMe;AACf,EAAA,OAAO,kBAAA,CAAmB;AAAA,IACxB,QAAA;AAAA,IACA,EAAA;AAAA,IACA,MAAM,OAAA,EAAS,IAAA;AAAA,IACf,KAAK,OAAA,EAAS,GAAA;AAAA,IACd,UAAU,OAAA,EAAS,QAAA;AAAA,IACnB,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AACH","file":"chunk-L5UKKZQN.js","sourcesContent":["import {\n  GraphQLSchema,\n  GraphQLObjectType,\n  GraphQLString,\n  GraphQLInt,\n  GraphQLBoolean,\n  GraphQLFloat,\n  GraphQLList,\n  GraphQLNonNull,\n  GraphQLInputObjectType,\n  type GraphQLFieldConfig,\n  type GraphQLType,\n} from \"graphql\";\nimport type {\n  CollectionConfig,\n  GlobalConfig,\n  BaseAdapter,\n} from \"../../registry/types.js\";\nimport { Registry } from \"../../registry/index.js\";\nimport type { Field, SelectField } from \"../../fields/types.js\";\nimport { evaluateAccess, type WhereClause } from \"../../access/types.js\";\nimport type { User, Request } from \"../../hooks/types.js\";\nimport type { TenantContext } from \"../../auth/rls/tenant.js\";\nimport { hasApiKeyPermission } from \"../../auth/api-key.js\";\nimport { hasPermission } from \"../../auth/rbac/checker.js\";\n\n// ============================================================================\n// Access Control Helper\n// ============================================================================\n\nasync function checkGraphQLAccess(\n  collection: { access?: any; slug: string },\n  operation: \"read\" | \"create\" | \"update\" | \"delete\",\n  context: { user?: User; req?: Request; tenantID?: string; apiKey?: any },\n): Promise<{ allowed: boolean; extraWhere?: WhereClause }> {\n  const accessRule = collection.access?.[operation];\n\n  // API key permission check\n  if (context.apiKey?.permissions?.length > 0) {\n    const resource = collection.slug;\n    const action = operation === \"read\" ? \"read\" : operation === \"create\" ? \"create\" : \"update\";\n    const permission = `${resource}:${action}`;\n    if (\n      !hasApiKeyPermission(context.apiKey.permissions, permission) &&\n      !hasApiKeyPermission(context.apiKey.permissions, `${resource}:admin`)\n    ) {\n      return { allowed: false };\n    }\n  }\n\n  // RBAC check for authenticated users\n  if (context.user) {\n    const resource = collection.slug;\n    const action = operation === \"read\" ? \"read\" : operation === \"create\" ? \"create\" : operation === \"update\" ? \"update\" : \"delete\";\n    const permission = `${resource}:${action}`;\n    const userHasPermission = hasPermission(\n      { id: context.user.id, email: context.user.email, role: context.user.role } as any,\n      permission,\n    );\n    if (!userHasPermission && !hasPermission(\n      { id: context.user.id, email: context.user.email, role: context.user.role } as any,\n      `${resource}:admin`,\n    )) {\n      if (!accessRule) {\n        return { allowed: false };\n      }\n    }\n  }\n\n  if (!accessRule) {\n    if (!context.user && !context.apiKey) {\n      return { allowed: false };\n    }\n    return { allowed: true };\n  }\n\n  const result = await evaluateAccess(accessRule, {\n    req: context.req!,\n    user: context.user,\n    tenantID: context.tenantID,\n  });\n\n  if (typeof result === \"boolean\") {\n    return { allowed: result };\n  }\n\n  return { allowed: true, extraWhere: result };\n}\n\nasync function checkGlobalAccess(\n  global: { access?: any },\n  operation: \"read\" | \"update\",\n  context: { user?: User; req?: Request; tenantID?: string },\n): Promise<{ allowed: boolean }> {\n  const accessRule = global.access?.[operation];\n\n  if (!accessRule) {\n    if (!context.user) {\n      return { allowed: false };\n    }\n    const userRole = context.user.role;\n    if (userRole === \"super_admin\" || userRole === \"admin\") {\n      return { allowed: true };\n    }\n    return { allowed: false };\n  }\n\n  const result = await evaluateAccess(accessRule, {\n    req: context.req!,\n    user: context.user,\n    tenantID: context.tenantID,\n  });\n\n  if (typeof result === \"boolean\") {\n    return { allowed: result };\n  }\n\n  return { allowed: true };\n}\n\n// ============================================================================\n// Field → GraphQL Type Mapping\n// ============================================================================\n\nfunction fieldToGraphQLType(\n  field: Field,\n  registry: Registry,\n  collectionTypes?: Record<string, GraphQLObjectType>,\n  isInputType = false,\n): GraphQLType {\n  switch (field.type) {\n    case \"text\":\n    case \"email\":\n    case \"password\":\n    case \"textarea\":\n    case \"color\":\n    case \"code\":\n    case \"markdown\":\n    case \"date\":\n    case \"select\":\n    case \"radio\":\n    case \"upload\":\n      return GraphQLString;\n    case \"number\":\n      return field.integer ? GraphQLInt : GraphQLFloat;\n    case \"checkbox\":\n      return GraphQLBoolean;\n    case \"json\":\n    case \"richtext\":\n      return GraphQLString; // JSON as string\n    case \"relationship\":\n      if (typeof field.relationTo === \"string\") {\n        if (isInputType) {\n          return GraphQLString;\n        }\n        if (collectionTypes?.[field.relationTo]) {\n          return collectionTypes[field.relationTo];\n        }\n        const relatedCollection = registry.getCollection(field.relationTo);\n        if (relatedCollection) {\n          return new GraphQLObjectType({\n            name: `${field.relationTo}_ref`,\n            fields: () => ({\n              id: { type: GraphQLString },\n              ...buildFieldsFromCollection(relatedCollection, registry, collectionTypes),\n            }),\n          });\n        }\n      }\n      return GraphQLString;\n    case \"array\":\n      return new GraphQLList(GraphQLString); // Simplified\n    case \"group\":\n      return GraphQLString; // Simplified - JSON string\n    case \"blocks\":\n      return new GraphQLList(GraphQLString); // Simplified\n    case \"row\":\n    case \"collapsible\":\n    case \"tabs\":\n      return GraphQLString;\n    default:\n      return GraphQLString;\n  }\n}\n\nfunction buildFieldsFromCollection(\n  config: CollectionConfig,\n  registry: Registry,\n  collectionTypes?: Record<string, GraphQLObjectType>,\n): Record<string, GraphQLFieldConfig<any, any>> {\n  const fields: Record<string, GraphQLFieldConfig<any, any>> = {};\n\n  for (const field of config.fields) {\n    if (field.name && field.admin?.hidden !== true) {\n      fields[field.name] = {\n        type: field.required\n          ? new GraphQLNonNull(fieldToGraphQLType(field, registry, collectionTypes) as any)\n          : (fieldToGraphQLType(field, registry, collectionTypes) as any),\n        description: field.admin?.description || field.label,\n      };\n    }\n  }\n\n  return fields;\n}\n\n// ============================================================================\n// GraphQL Schema Builder\n// ============================================================================\n\nexport interface GraphQLSchemaOptions {\n  registry: Registry;\n  db: BaseAdapter;\n  user?: User;\n  req?: Request;\n  tenantID?: string;\n  apiKey?: any;\n  settings?: Record<string, any>;\n}\n\nexport function buildGraphQLSchema(\n  options: GraphQLSchemaOptions,\n): GraphQLSchema {\n  const { registry, db, user, req, tenantID, apiKey, settings } = options;\n\n  // Check if GraphQL is disabled in settings\n  const apiAccess = settings?.access?.apiAccess;\n  if (apiAccess?.graphqlEnabled === false) {\n    throw new Error(\"GraphQL API is disabled\");\n  }\n\n  const collections = registry.getCollections();\n  const globals = registry.getGlobals();\n\n  // Build collection types\n  const collectionTypes: Record<string, GraphQLObjectType> = {};\n  const collectionInputTypes: Record<string, GraphQLInputObjectType> = {};\n\n  for (const collection of collections) {\n    // Output type\n    collectionTypes[collection.slug] = new GraphQLObjectType({\n      name: `${collection.slug.replace(/-/g, \"_\")}_type`,\n      fields: () => ({\n        id: { type: GraphQLString },\n        ...buildFieldsFromCollection(collection, registry, collectionTypes),\n        ...(collection.timestamps\n          ? {\n              createdAt: { type: GraphQLString },\n              updatedAt: { type: GraphQLString },\n            }\n          : {}),\n        ...(collection.tenantScoped\n          ? {\n              tenantID: { type: GraphQLString },\n            }\n          : {}),\n      }),\n    });\n\n    // Input type for create/update\n    const inputFields: Record<string, { type: GraphQLType }> = {};\n    for (const field of collection.fields) {\n      if (field.name && field.name !== \"id\") {\n        inputFields[field.name] = {\n          type: fieldToGraphQLType(field, registry, collectionTypes, true) as any,\n        };\n      }\n    }\n\n    collectionInputTypes[collection.slug] = new GraphQLInputObjectType({\n      name: `${collection.slug.replace(/-/g, \"_\")}_input`,\n      fields: () => inputFields as any,\n    });\n  }\n\n  // Build global types and input types\n  const globalTypes: Record<string, GraphQLObjectType> = {};\n  const globalInputTypes: Record<string, GraphQLInputObjectType> = {};\n\n  for (const global of globals) {\n    globalTypes[global.slug] = new GraphQLObjectType({\n      name: `${global.slug.replace(/-/g, \"_\")}_global_type`,\n      fields: () => ({\n        id: { type: GraphQLString },\n        ...buildFieldsFromCollection(\n          { slug: global.slug, fields: global.fields } as CollectionConfig,\n          registry,\n          collectionTypes,\n        ),\n      }),\n    });\n\n    globalInputTypes[global.slug] = new GraphQLInputObjectType({\n      name: `${global.slug.replace(/-/g, \"_\")}_global_input`,\n      fields: () => {\n        const inputFields: Record<string, { type: GraphQLType }> = {};\n        for (const field of global.fields) {\n          if (field.name && field.name !== \"id\") {\n            inputFields[field.name] = {\n              type: fieldToGraphQLType(field, registry, collectionTypes, true) as any,\n            };\n          }\n        }\n        return inputFields as any;\n      },\n    });\n  }\n\n  // Build query type\n  const queryFields: Record<string, GraphQLFieldConfig<any, any>> = {};\n\n  // List queries for each collection\n  for (const collection of collections) {\n    const type = collectionTypes[collection.slug];\n    if (!type) continue;\n\n    // FindMany query\n    queryFields[`${collection.slug.replace(/-/g, \"_\")}Find`] = {\n      type: new GraphQLObjectType({\n        name: `${collection.slug.replace(/-/g, \"_\")}_find_result`,\n        fields: {\n          docs: { type: new GraphQLList(type) },\n          totalDocs: { type: GraphQLInt },\n          page: { type: GraphQLInt },\n          totalPages: { type: GraphQLInt },\n          hasNextPage: { type: GraphQLBoolean },\n          hasPrevPage: { type: GraphQLBoolean },\n        },\n      }),\n      args: {\n        where: { type: GraphQLString },\n        sort: { type: GraphQLString },\n        limit: { type: GraphQLInt },\n        page: { type: GraphQLInt },\n        draft: { type: GraphQLBoolean },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"read\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied\");\n        }\n\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n\n        let where = {};\n        if (args.where) {\n          try {\n            where = JSON.parse(args.where);\n          } catch {}\n        }\n\n        if (access.extraWhere) {\n          where = { ...where, ...access.extraWhere };\n        }\n\n        const isDraft = args.draft ?? !!user;\n\n        return db.find({\n          collection: collection.slug,\n          where,\n          sort: args.sort,\n          limit: args.limit || 10,\n          page: args.page || 1,\n          tenantID,\n          draft: isDraft,\n        });\n      },\n    };\n\n    // FindByID query\n    queryFields[`${collection.slug.replace(/-/g, \"_\")}FindByID`] = {\n      type,\n      args: {\n        id: { type: new GraphQLNonNull(GraphQLString) },\n        draft: { type: GraphQLBoolean },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"read\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied\");\n        }\n\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n\n        const isDraft = args.draft ?? !!user;\n        const doc = await db.findByID({\n          collection: collection.slug,\n          id: args.id,\n          tenantID,\n          draft: isDraft,\n        });\n        return doc;\n      },\n    };\n\n    // Count query\n    queryFields[`${collection.slug.replace(/-/g, \"_\")}Count`] = {\n      type: new GraphQLObjectType({\n        name: `${collection.slug.replace(/-/g, \"_\")}_count`,\n        fields: {\n          totalDocs: { type: GraphQLInt },\n        },\n      }),\n      args: {\n        where: { type: GraphQLString },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"read\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          return { totalDocs: 0 };\n        }\n        let where = {};\n        if (args.where) {\n          try {\n            where = JSON.parse(args.where);\n          } catch {}\n        }\n        const count = await db.count({\n          collection: collection.slug,\n          where,\n          tenantID,\n        });\n        return { totalDocs: count };\n      },\n    };\n  }\n\n  // Global queries\n  for (const global of globals) {\n    const type = globalTypes[global.slug];\n    if (!type) continue;\n\n    queryFields[`${global.slug.replace(/-/g, \"_\")}Get`] = {\n      type,\n      resolve: async () => {\n        const access = await checkGlobalAccess(global, \"read\", {\n          user,\n          req,\n          tenantID,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied: cannot read global\");\n        }\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n        return db.findOne({\n          collection: `_globals_${global.slug}`,\n          where: {},\n          tenantID,\n        });\n      },\n    };\n  }\n\n  const Query = new GraphQLObjectType({\n    name: \"Query\",\n    fields: queryFields,\n  });\n\n  // Build mutation type\n  const mutationFields: Record<string, GraphQLFieldConfig<any, any>> = {};\n\n  for (const collection of collections) {\n    const type = collectionTypes[collection.slug];\n    const inputType = collectionInputTypes[collection.slug];\n    if (!type || !inputType) continue;\n\n    // Create mutation\n    mutationFields[`${collection.slug.replace(/-/g, \"_\")}Create`] = {\n      type: new GraphQLObjectType({\n        name: `${collection.slug.replace(/-/g, \"_\")}_create_result`,\n        fields: {\n          doc: { type },\n          message: { type: GraphQLString },\n        },\n      }),\n      args: {\n        data: { type: new GraphQLNonNull(inputType) },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"create\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied: cannot create\");\n        }\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n        const schema = registry.getCreateZodSchema(collection.slug);\n\n        const validated = schema.parse(args.data);\n\n        const doc = await db.create({\n          collection: collection.slug,\n          data: validated,\n          tenantID,\n        });\n\n        return { doc, message: \"Created successfully\" };\n      },\n    };\n\n    // Update mutation\n    mutationFields[`${collection.slug.replace(/-/g, \"_\")}Update`] = {\n      type: new GraphQLObjectType({\n        name: `${collection.slug.replace(/-/g, \"_\")}_update_result`,\n        fields: {\n          doc: { type },\n          message: { type: GraphQLString },\n        },\n      }),\n      args: {\n        id: { type: new GraphQLNonNull(GraphQLString) },\n        data: { type: new GraphQLNonNull(inputType) },\n        baseUpdatedAt: { type: GraphQLString },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"update\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied: cannot update\");\n        }\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n\n        // Revision conflict detection\n        if (args.baseUpdatedAt) {\n          const originalDoc = await db.findByID<Record<string, any>>({\n            collection: collection.slug,\n            id: args.id,\n            tenantID,\n            draft: true,\n          });\n          if (originalDoc && originalDoc.updatedAt && args.baseUpdatedAt !== originalDoc.updatedAt) {\n            throw new Error(`Revision conflict: document has changed since ${args.baseUpdatedAt}. Current updatedAt: ${originalDoc.updatedAt}`);\n          }\n        }\n\n        const schema = registry.getUpdateZodSchema(collection.slug);\n\n        const validated = schema.parse(args.data);\n\n        const doc = await db.update({\n          collection: collection.slug,\n          id: args.id,\n          data: validated,\n          tenantID,\n        });\n\n        return { doc, message: \"Updated successfully\" };\n      },\n    };\n\n    // Delete mutation\n    mutationFields[`${collection.slug.replace(/-/g, \"_\")}Delete`] = {\n      type: new GraphQLObjectType({\n        name: `${collection.slug.replace(/-/g, \"_\")}_delete_result`,\n        fields: {\n          doc: { type },\n          message: { type: GraphQLString },\n        },\n      }),\n      args: {\n        id: { type: new GraphQLNonNull(GraphQLString) },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"delete\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied: cannot delete\");\n        }\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n        const doc = await db.delete({\n          collection: collection.slug,\n          id: args.id,\n          tenantID,\n        });\n\n        return { doc, message: \"Deleted successfully\" };\n      },\n    };\n  }\n\n  // Global mutations\n  for (const global of globals) {\n    const inputType = globalInputTypes[global.slug];\n    if (!inputType) continue;\n\n    mutationFields[`${global.slug.replace(/-/g, \"_\")}Update`] = {\n      type: new GraphQLObjectType({\n        name: `${global.slug.replace(/-/g, \"_\")}_update_result`,\n        fields: {\n          doc: { type: globalTypes[global.slug] || GraphQLString },\n          message: { type: GraphQLString },\n        },\n      }),\n      args: {\n        data: { type: new GraphQLNonNull(inputType) },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGlobalAccess(global, \"update\", {\n          user,\n          req,\n          tenantID,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied: cannot update global\");\n        }\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n\n        const doc = await db.findOne({\n          collection: `_globals_${global.slug}`,\n          where: {},\n          tenantID,\n        });\n\n        let result;\n        if (doc) {\n          result = await db.update({\n            collection: `_globals_${global.slug}`,\n            id: doc.id,\n            data: args.data,\n            tenantID,\n          });\n        } else {\n          result = await db.create({\n            collection: `_globals_${global.slug}`,\n            data: args.data,\n            tenantID,\n          });\n        }\n\n        return { doc: result, message: \"Updated successfully\" };\n      },\n    };\n  }\n\n  const Mutation = new GraphQLObjectType({\n    name: \"Mutation\",\n    fields: mutationFields,\n  });\n\n  return new GraphQLSchema({\n    query: Query,\n    mutation: Mutation,\n  });\n}\n\n// ============================================================================\n// Factory\n// ============================================================================\n\nexport function createGraphQLSchema(\n  registry: Registry,\n  db: BaseAdapter,\n  options?: {\n    user?: User;\n    req?: Request;\n    tenantID?: string;\n    apiKey?: any;\n  },\n): GraphQLSchema {\n  return buildGraphQLSchema({\n    registry,\n    db,\n    user: options?.user,\n    req: options?.req,\n    tenantID: options?.tenantID,\n    apiKey: options?.apiKey,\n  });\n}\n"]}