@makroz/mobile 1.0.1

package/dist/auth/MkAuthProvider.js

@@ -0,0 +1,282 @@
+import { jsx as _jsx } from "react/jsx-runtime";
+/**
+ * `MkAuthProvider` — the React provider that powers `useMkAuth`.
+ *
+ * Responsibilities:
+ * - Hydrate tokens + user from `expo-secure-store` on mount.
+ * - Expose `login`, `logout`, `refresh`, `hasAbility` via context.
+ * - Provide a memoised `authedFetch` helper that automatically
+ *   attaches the access token and refreshes once on 401.
+ *
+ * Networking note: this provider does NOT use TanStack Query
+ * (the mk-director monorepo does not currently declare it as a
+ * peer dep). It uses the same plain `fetch`-based pattern that
+ * the legacy `useApi.ts` hook uses, so the surface stays
+ * consistent across the package. Consumers that need query
+ * caching should layer TanStack Query on top of `authedFetch`
+ * at the call site.
+ */
+import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
+import { MkAuthContext } from './MkAuthContext';
+import { clearAll, getAccessToken, getRefreshToken, getUser, setAccessToken, setRefreshToken, setUser, } from './secureStorage';
+/**
+ * Normalise the refresh response payload into our internal shape.
+ */
+function normaliseRefreshPayload(raw) {
+    var _a, _b;
+    const accessToken = (_a = raw.access_token) !== null && _a !== void 0 ? _a : raw.accessToken;
+    const refreshToken = (_b = raw.refresh_token) !== null && _b !== void 0 ? _b : raw.refreshToken;
+    if (!accessToken || !refreshToken) {
+        throw new Error('Refresh response missing access or refresh token');
+    }
+    return { accessToken, refreshToken };
+}
+/**
+ * Helper: read both tokens from SecureStore in a single batch.
+ */
+async function readPersistedSession() {
+    const [access, refresh, user] = await Promise.all([
+        getAccessToken(),
+        getRefreshToken(),
+        getUser(),
+    ]);
+    return { access, refresh, user };
+}
+/**
+ * The provider component.
+ *
+ * Marked `'use client'` equivalent — RN doesn't use the Next.js
+ * `'use client'` directive, but conceptually this component is
+ * a Client Component (it owns state, effects, and side effects).
+ */
+export function MkAuthProvider({ scope, apiBaseUrl, 
+// Accepted for forward-compat; not yet enforced.
+requestTimeoutMs: _requestTimeoutMs = 15000, children, }) {
+    const [user, setUserState] = useState(null);
+    const [isLoading, setIsLoading] = useState(true);
+    const [error, setError] = useState(null);
+    // Used to deduplicate concurrent refresh calls: if a 401
+    // arrives while a refresh is already in flight, all callers
+    // share the same promise instead of each firing a refresh.
+    const refreshInFlight = useRef(null);
+    // Stable ref to the latest `scope` / `apiBaseUrl` so the
+    // `authedFetch` closure doesn't capture stale values.
+    const baseUrlRef = useRef(apiBaseUrl);
+    const scopeRef = useRef(scope);
+    useEffect(() => {
+        baseUrlRef.current = apiBaseUrl;
+        scopeRef.current = scope;
+    }, [apiBaseUrl, scope]);
+    const buildUrl = useCallback((path) => {
+        const base = baseUrlRef.current.replace(/\/+$/, '');
+        const cleanPath = path.startsWith('/') ? path : `/${path}`;
+        return `${base}${cleanPath}`;
+    }, []);
+    // --- internal: refresh ---
+    const doRefresh = useCallback(async () => {
+        // Coalesce concurrent refresh calls.
+        if (refreshInFlight.current) {
+            return refreshInFlight.current;
+        }
+        const promise = (async () => {
+            const current = await getRefreshToken();
+            if (!current) {
+                return null;
+            }
+            try {
+                const res = await fetch(buildUrl(`/api/${scopeRef.current}/auth/refresh`), {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify({ refreshToken: current }),
+                });
+                if (!res.ok) {
+                    return null;
+                }
+                const raw = (await res.json());
+                const tokens = normaliseRefreshPayload(raw);
+                await Promise.all([
+                    setAccessToken(tokens.accessToken),
+                    setRefreshToken(tokens.refreshToken),
+                ]);
+                if (raw.user) {
+                    await setUser(raw.user);
+                    setUserState(raw.user);
+                }
+                return tokens;
+            }
+            catch (_a) {
+                return null;
+            }
+        })();
+        refreshInFlight.current = promise;
+        try {
+            return await promise;
+        }
+        finally {
+            refreshInFlight.current = null;
+        }
+    }, [buildUrl]);
+    // --- mount: hydrate from SecureStore ---
+    useEffect(() => {
+        let cancelled = false;
+        void (async () => {
+            setIsLoading(true);
+            try {
+                const persisted = await readPersistedSession();
+                if (cancelled)
+                    return;
+                if (persisted.user) {
+                    // We have a user in SecureStore — trust it
+                    // until a 401 proves otherwise. The actual
+                    // /me check happens lazily on the first
+                    // authed request, which keeps the cold-start
+                    // path fast.
+                    setUserState(persisted.user);
+                }
+                if (!persisted.access && persisted.refresh) {
+                    // Access token missing but refresh token is
+                    // present — try to silently mint a new one.
+                    const tokens = await doRefresh();
+                    if (cancelled)
+                        return;
+                    if (!tokens) {
+                        await clearAll();
+                        setUserState(null);
+                    }
+                }
+                else if (!persisted.access && !persisted.refresh) {
+                    setUserState(null);
+                }
+            }
+            catch (e) {
+                if (cancelled)
+                    return;
+                setError(e instanceof Error ? e : new Error(String(e)));
+            }
+            finally {
+                if (!cancelled) {
+                    setIsLoading(false);
+                }
+            }
+        })();
+        return () => {
+            cancelled = true;
+        };
+    }, [doRefresh]);
+    // --- login ---
+    const login = useCallback(async (input) => {
+        var _a, _b;
+        setIsLoading(true);
+        setError(null);
+        try {
+            const res = await fetch(buildUrl(`/api/${scopeRef.current}/auth/login`), {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify(input),
+            });
+            if (!res.ok) {
+                // Try to extract a structured error message
+                // from the backend; fall back to status text.
+                let message = `Login failed (${res.status})`;
+                try {
+                    const body = (await res.json());
+                    if (body.message) {
+                        message = body.message;
+                    }
+                    else if (body.errors) {
+                        const firstField = Object.values(body.errors)[0];
+                        if (firstField && firstField[0]) {
+                            message = firstField[0];
+                        }
+                    }
+                }
+                catch (_c) {
+                    // Body wasn't JSON — keep the generic message.
+                }
+                throw new Error(message);
+            }
+            const body = (await res.json());
+            const accessToken = (_a = body.access_token) !== null && _a !== void 0 ? _a : body.accessToken;
+            const refreshToken = (_b = body.refresh_token) !== null && _b !== void 0 ? _b : body.refreshToken;
+            if (!accessToken || !refreshToken) {
+                throw new Error('Login response missing tokens');
+            }
+            await Promise.all([
+                setAccessToken(accessToken),
+                setRefreshToken(refreshToken),
+                setUser(body.user),
+            ]);
+            setUserState(body.user);
+            return body.user;
+        }
+        catch (e) {
+            const err = e instanceof Error ? e : new Error(String(e));
+            setError(err);
+            throw err;
+        }
+        finally {
+            setIsLoading(false);
+        }
+    }, [buildUrl]);
+    // --- logout ---
+    const logout = useCallback(async () => {
+        // Best-effort: tell the backend, then ALWAYS wipe local state.
+        const access = await getAccessToken();
+        try {
+            if (access) {
+                await fetch(buildUrl(`/api/${scopeRef.current}/auth/logout`), {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        Authorization: `Bearer ${access}`,
+                    },
+                });
+            }
+        }
+        catch (_a) {
+            // Backend unreachable — continue with local cleanup.
+        }
+        await clearAll();
+        setUserState(null);
+        setError(null);
+    }, [buildUrl]);
+    // --- hasAbility ---
+    const hasAbility = useCallback((ability) => {
+        var _a;
+        if (!((_a = user === null || user === void 0 ? void 0 : user.role) === null || _a === void 0 ? void 0 : _a.abilities)) {
+            return false;
+        }
+        // The `abilities` string is pipe-delimited:
+        //   "users:CRUD|roles:R"
+        // A user "has" the ability if any entry matches
+        // either exactly or as a prefix (`ability:...`).
+        const entries = user.role.abilities.split('|');
+        return entries.some((entry) => {
+            const [name] = entry.split(':');
+            return name === ability;
+        });
+    }, [user]);
+    // --- public refresh wrapper ---
+    const refresh = useCallback(async () => {
+        const tokens = await doRefresh();
+        if (!tokens) {
+            // Refresh failed → the user is effectively logged out.
+            await clearAll();
+            setUserState(null);
+        }
+        return tokens;
+    }, [doRefresh]);
+    const value = useMemo(() => ({
+        user,
+        isAuthenticated: user !== null,
+        isLoading,
+        error,
+        login,
+        logout,
+        refresh,
+        hasAbility,
+    }), [user, isLoading, error, login, logout, refresh, hasAbility]);
+    return _jsx(MkAuthContext.Provider, { value: value, children: children });
+}
+export default MkAuthProvider;
+//# sourceMappingURL=MkAuthProvider.js.map

package/dist/auth/MkAuthProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MkAuthProvider.js","sourceRoot":"","sources":["../../src/auth/MkAuthProvider.tsx"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAE1E,OAAO,EAAE,aAAa,EAA2B,MAAM,iBAAiB,CAAC;AAEzE,OAAO,EACH,QAAQ,EACR,cAAc,EACd,eAAe,EACf,OAAO,EACP,cAAc,EACd,eAAe,EACf,OAAO,GACV,MAAM,iBAAiB,CAAC;AAiDzB;;GAEG;AACH,SAAS,uBAAuB,CAAC,GAAuB;;IACpD,MAAM,WAAW,GAAG,MAAA,GAAG,CAAC,YAAY,mCAAI,GAAG,CAAC,WAAW,CAAC;IACxD,MAAM,YAAY,GAAG,MAAA,GAAG,CAAC,aAAa,mCAAI,GAAG,CAAC,YAAY,CAAC;IAC3D,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,oBAAoB;IAK/B,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC9C,cAAc,EAAE;QAChB,eAAe,EAAE;QACjB,OAAO,EAAE;KACZ,CAAC,CAAC;IACH,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AACrC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,EAC3B,KAAK,EACL,UAAU;AACV,iDAAiD;AACjD,gBAAgB,EAAE,iBAAiB,GAAG,KAAM,EAC5C,QAAQ,GACU;IAClB,MAAM,CAAC,IAAI,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAkB,IAAI,CAAC,CAAC;IAC7D,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAU,IAAI,CAAC,CAAC;IAC1D,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAe,IAAI,CAAC,CAAC;IAEvD,yDAAyD;IACzD,4DAA4D;IAC5D,2DAA2D;IAC3D,MAAM,eAAe,GAAG,MAAM,CAAoC,IAAI,CAAC,CAAC;IAExE,yDAAyD;IACzD,sDAAsD;IACtD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,SAAS,CAAC,GAAG,EAAE;QACX,UAAU,CAAC,OAAO,GAAG,UAAU,CAAC;QAChC,QAAQ,CAAC,OAAO,GAAG,KAAK,CAAC;IAC7B,CAAC,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC;IAExB,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,IAAY,EAAU,EAAE;QAClD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3D,OAAO,GAAG,IAAI,GAAG,SAAS,EAAE,CAAC;IACjC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,4BAA4B;IAC5B,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,IAAgC,EAAE;QACjE,qCAAqC;QACrC,IAAI,eAAe,CAAC,OAAO,EAAE,CAAC;YAC1B,OAAO,eAAe,CAAC,OAAO,CAAC;QACnC,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,KAAK,IAAgC,EAAE;YACpD,MAAM,OAAO,GAAG,MAAM,eAAe,EAAE,CAAC;YACxC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,OAAO,IAAI,CAAC;YAChB,CAAC;YACD,IAAI,CAAC;gBACD,MAAM,GAAG,GAAG,MAAM,KAAK,CACnB,QAAQ,CAAC,QAAQ,QAAQ,CAAC,OAAO,eAAe,CAAC,EACjD;oBACI,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;iBAClD,CACJ,CAAC;gBACF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;oBACV,OAAO,IAAI,CAAC;gBAChB,CAAC;gBACD,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;gBACrD,MAAM,MAAM,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAC;gBAC5C,MAAM,OAAO,CAAC,GAAG,CAAC;oBACd,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC;oBAClC,eAAe,CAAC,MAAM,CAAC,YAAY,CAAC;iBACvC,CAAC,CAAC;gBACH,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;oBACX,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBACxB,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC3B,CAAC;gBACD,OAAO,MAAM,CAAC;YAClB,CAAC;YAAC,WAAM,CAAC;gBACL,OAAO,IAAI,CAAC;YAChB,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;QAEL,eAAe,CAAC,OAAO,GAAG,OAAO,CAAC;QAClC,IAAI,CAAC;YACD,OAAO,MAAM,OAAO,CAAC;QACzB,CAAC;gBAAS,CAAC;YACP,eAAe,CAAC,OAAO,GAAG,IAAI,CAAC;QACnC,CAAC;IACL,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEf,0CAA0C;IAC1C,SAAS,CAAC,GAAG,EAAE;QACX,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,KAAK,CAAC,KAAK,IAAmB,EAAE;YAC5B,YAAY,CAAC,IAAI,CAAC,CAAC;YACnB,IAAI,CAAC;gBACD,MAAM,SAAS,GAAG,MAAM,oBAAoB,EAAE,CAAC;gBAC/C,IAAI,SAAS;oBAAE,OAAO;gBAEtB,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;oBACjB,2CAA2C;oBAC3C,2CAA2C;oBAC3C,wCAAwC;oBACxC,6CAA6C;oBAC7C,aAAa;oBACb,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACjC,CAAC;gBAED,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;oBACzC,4CAA4C;oBAC5C,4CAA4C;oBAC5C,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;oBACjC,IAAI,SAAS;wBAAE,OAAO;oBACtB,IAAI,CAAC,MAAM,EAAE,CAAC;wBACV,MAAM,QAAQ,EAAE,CAAC;wBACjB,YAAY,CAAC,IAAI,CAAC,CAAC;oBACvB,CAAC;gBACL,CAAC;qBAAM,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;oBACjD,YAAY,CAAC,IAAI,CAAC,CAAC;gBACvB,CAAC;YACL,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,IAAI,SAAS;oBAAE,OAAO;gBACtB,QAAQ,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5D,CAAC;oBAAS,CAAC;gBACP,IAAI,CAAC,SAAS,EAAE,CAAC;oBACb,YAAY,CAAC,KAAK,CAAC,CAAC;gBACxB,CAAC;YACL,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;QAEL,OAAO,GAAG,EAAE;YACR,SAAS,GAAG,IAAI,CAAC;QACrB,CAAC,CAAC;IACN,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IAEhB,gBAAgB;IAChB,MAAM,KAAK,GAAG,WAAW,CACrB,KAAK,EAAE,KAAiB,EAAqB,EAAE;;QAC3C,YAAY,CAAC,IAAI,CAAC,CAAC;QACnB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACD,MAAM,GAAG,GAAG,MAAM,KAAK,CACnB,QAAQ,CAAC,QAAQ,QAAQ,CAAC,OAAO,aAAa,CAAC,EAC/C;gBACI,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;aAC9B,CACJ,CAAC;YAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACV,4CAA4C;gBAC5C,8CAA8C;gBAC9C,IAAI,OAAO,GAAG,iBAAiB,GAAG,CAAC,MAAM,GAAG,CAAC;gBAC7C,IAAI,CAAC;oBACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAG7B,CAAC;oBACF,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;wBACf,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;oBAC3B,CAAC;yBAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;wBACrB,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;wBACjD,IAAI,UAAU,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;4BAC9B,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;wBAC5B,CAAC;oBACL,CAAC;gBACL,CAAC;gBAAC,WAAM,CAAC;oBACL,+CAA+C;gBACnD,CAAC;gBACD,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7B,CAAC;YAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAM7B,CAAC;YAEF,MAAM,WAAW,GAAG,MAAA,IAAI,CAAC,YAAY,mCAAI,IAAI,CAAC,WAAW,CAAC;YAC1D,MAAM,YAAY,GAAG,MAAA,IAAI,CAAC,aAAa,mCAAI,IAAI,CAAC,YAAY,CAAC;YAC7D,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,EAAE,CAAC;gBAChC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACrD,CAAC;YAED,MAAM,OAAO,CAAC,GAAG,CAAC;gBACd,cAAc,CAAC,WAAW,CAAC;gBAC3B,eAAe,CAAC,YAAY,CAAC;gBAC7B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;aACrB,CAAC,CAAC;YACH,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxB,OAAO,IAAI,CAAC,IAAI,CAAC;QACrB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1D,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,MAAM,GAAG,CAAC;QACd,CAAC;gBAAS,CAAC;YACP,YAAY,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;IACL,CAAC,EACD,CAAC,QAAQ,CAAC,CACb,CAAC;IAEF,iBAAiB;IACjB,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,IAAmB,EAAE;QACjD,+DAA+D;QAC/D,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;QACtC,IAAI,CAAC;YACD,IAAI,MAAM,EAAE,CAAC;gBACT,MAAM,KAAK,CACP,QAAQ,CAAC,QAAQ,QAAQ,CAAC,OAAO,cAAc,CAAC,EAChD;oBACI,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE;wBACL,cAAc,EAAE,kBAAkB;wBAClC,aAAa,EAAE,UAAU,MAAM,EAAE;qBACpC;iBACJ,CACJ,CAAC;YACN,CAAC;QACL,CAAC;QAAC,WAAM,CAAC;YACL,qDAAqD;QACzD,CAAC;QACD,MAAM,QAAQ,EAAE,CAAC;QACjB,YAAY,CAAC,IAAI,CAAC,CAAC;QACnB,QAAQ,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEf,qBAAqB;IACrB,MAAM,UAAU,GAAG,WAAW,CAC1B,CAAC,OAAe,EAAW,EAAE;;QACzB,IAAI,CAAC,CAAA,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,0CAAE,SAAS,CAAA,EAAE,CAAC;YACzB,OAAO,KAAK,CAAC;QACjB,CAAC;QACD,4CAA4C;QAC5C,yBAAyB;QACzB,gDAAgD;QAChD,iDAAiD;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;YAC1B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChC,OAAO,IAAI,KAAK,OAAO,CAAC;QAC5B,CAAC,CAAC,CAAC;IACP,CAAC,EACD,CAAC,IAAI,CAAC,CACT,CAAC;IAEF,iCAAiC;IACjC,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,IAAgC,EAAE;QAC/D,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,uDAAuD;YACvD,MAAM,QAAQ,EAAE,CAAC;YACjB,YAAY,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IAEhB,MAAM,KAAK,GAAG,OAAO,CACjB,GAAG,EAAE,CAAC,CAAC;QACH,IAAI;QACJ,eAAe,EAAE,IAAI,KAAK,IAAI;QAC9B,SAAS;QACT,KAAK;QACL,KAAK;QACL,MAAM;QACN,OAAO;QACP,UAAU;KACb,CAAC,EACF,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,CAC/D,CAAC;IAEF,OAAO,KAAC,aAAa,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAAG,QAAQ,GAA0B,CAAC;AACrF,CAAC;AAED,eAAe,cAAc,CAAC"}

package/dist/auth/secureStorage.d.ts

@@ -0,0 +1,63 @@
+/**
+ * Thin wrapper around `expo-secure-store` for credentials.
+ *
+ * IMPORTANT: This module is the SOLE place in `@mk/mobile` that
+ * touches persistent credential storage. Do NOT introduce
+ * `AsyncStorage` for tokens — they are credentials and must live in
+ * the device keychain (iOS) / Keystore (Android).
+ *
+ * The module imports `expo-secure-store` at the top level so the
+ * Vitest test suite can `vi.mock('expo-secure-store', ...)` to
+ * substitute an in-memory implementation.
+ */
+import type { AdminDto } from './types';
+/**
+ * SecureStore keys. Keep these stable — they are part of the
+ * on-disk schema. If you ever need to bump them (e.g. for a
+ * breaking schema change) use a migration rather than a rename.
+ */
+export declare const SECURE_KEYS: {
+    readonly accessToken: "access_token";
+    readonly refreshToken: "refresh_token";
+    readonly user: "user";
+};
+export type SecureKey = (typeof SECURE_KEYS)[keyof typeof SECURE_KEYS];
+/**
+ * Get the persisted access token, or `null` if none is stored
+ * or the store is unavailable (e.g. running in a test that
+ * mocked `expo-secure-store` without a backing map).
+ */
+export declare function getAccessToken(): Promise<string | null>;
+/**
+ * Persist the access token. `null` clears it.
+ */
+export declare function setAccessToken(token: string | null): Promise<void>;
+/**
+ * Get the persisted refresh token, or `null` if none is stored.
+ */
+export declare function getRefreshToken(): Promise<string | null>;
+/**
+ * Persist the refresh token. `null` clears it.
+ */
+export declare function setRefreshToken(token: string | null): Promise<void>;
+/**
+ * Get the persisted admin user, or `null` if none is stored.
+ *
+ * The user is JSON-serialised — SecureStore stores strings only.
+ */
+export declare function getUser(): Promise<AdminDto | null>;
+/**
+ * Persist the admin user. `null` clears it.
+ */
+export declare function setUser(user: AdminDto | null): Promise<void>;
+/**
+ * Wipe all three credential keys. Called on logout and on any
+ * unrecoverable refresh failure.
+ *
+ * The implementation is best-effort: a single failed `deleteItemAsync`
+ * is swallowed because the *next* successful login will overwrite
+ * the value anyway, and we don't want a transient SecureStore
+ * hiccup to brick the user out of the app.
+ */
+export declare function clearAll(): Promise<void>;
+//# sourceMappingURL=secureStorage.d.ts.map

package/dist/auth/secureStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secureStorage.d.ts","sourceRoot":"","sources":["../../src/auth/secureStorage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC;;;;GAIG;AACH,eAAO,MAAM,WAAW;;;;CAId,CAAC;AAEX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC;AAEvE;;;;GAIG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAE7D;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAMxE;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAE9D;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAMzE;AAED;;;;GAIG;AACH,wBAAsB,OAAO,IAAI,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAaxD;AAED;;GAEG;AACH,wBAAsB,OAAO,CAAC,IAAI,EAAE,QAAQ,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAMlE;AAED;;;;;;;;GAQG;AACH,wBAAsB,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,CAM9C"}

package/dist/auth/secureStorage.js

@@ -0,0 +1,104 @@
+/**
+ * Thin wrapper around `expo-secure-store` for credentials.
+ *
+ * IMPORTANT: This module is the SOLE place in `@mk/mobile` that
+ * touches persistent credential storage. Do NOT introduce
+ * `AsyncStorage` for tokens — they are credentials and must live in
+ * the device keychain (iOS) / Keystore (Android).
+ *
+ * The module imports `expo-secure-store` at the top level so the
+ * Vitest test suite can `vi.mock('expo-secure-store', ...)` to
+ * substitute an in-memory implementation.
+ */
+import * as SecureStore from 'expo-secure-store';
+/**
+ * SecureStore keys. Keep these stable — they are part of the
+ * on-disk schema. If you ever need to bump them (e.g. for a
+ * breaking schema change) use a migration rather than a rename.
+ */
+export const SECURE_KEYS = {
+    accessToken: 'access_token',
+    refreshToken: 'refresh_token',
+    user: 'user',
+};
+/**
+ * Get the persisted access token, or `null` if none is stored
+ * or the store is unavailable (e.g. running in a test that
+ * mocked `expo-secure-store` without a backing map).
+ */
+export async function getAccessToken() {
+    return SecureStore.getItemAsync(SECURE_KEYS.accessToken);
+}
+/**
+ * Persist the access token. `null` clears it.
+ */
+export async function setAccessToken(token) {
+    if (token === null) {
+        await SecureStore.deleteItemAsync(SECURE_KEYS.accessToken);
+        return;
+    }
+    await SecureStore.setItemAsync(SECURE_KEYS.accessToken, token);
+}
+/**
+ * Get the persisted refresh token, or `null` if none is stored.
+ */
+export async function getRefreshToken() {
+    return SecureStore.getItemAsync(SECURE_KEYS.refreshToken);
+}
+/**
+ * Persist the refresh token. `null` clears it.
+ */
+export async function setRefreshToken(token) {
+    if (token === null) {
+        await SecureStore.deleteItemAsync(SECURE_KEYS.refreshToken);
+        return;
+    }
+    await SecureStore.setItemAsync(SECURE_KEYS.refreshToken, token);
+}
+/**
+ * Get the persisted admin user, or `null` if none is stored.
+ *
+ * The user is JSON-serialised — SecureStore stores strings only.
+ */
+export async function getUser() {
+    const raw = await SecureStore.getItemAsync(SECURE_KEYS.user);
+    if (!raw) {
+        return null;
+    }
+    try {
+        return JSON.parse(raw);
+    }
+    catch (_a) {
+        // Corrupt payload — treat as a missing user so the next
+        // login flow can recover.
+        await SecureStore.deleteItemAsync(SECURE_KEYS.user);
+        return null;
+    }
+}
+/**
+ * Persist the admin user. `null` clears it.
+ */
+export async function setUser(user) {
+    if (user === null) {
+        await SecureStore.deleteItemAsync(SECURE_KEYS.user);
+        return;
+    }
+    await SecureStore.setItemAsync(SECURE_KEYS.user, JSON.stringify(user));
+}
+/**
+ * Wipe all three credential keys. Called on logout and on any
+ * unrecoverable refresh failure.
+ *
+ * The implementation is best-effort: a single failed `deleteItemAsync`
+ * is swallowed because the *next* successful login will overwrite
+ * the value anyway, and we don't want a transient SecureStore
+ * hiccup to brick the user out of the app.
+ */
+export async function clearAll() {
+    await Promise.allSettled([
+        SecureStore.deleteItemAsync(SECURE_KEYS.accessToken),
+        SecureStore.deleteItemAsync(SECURE_KEYS.refreshToken),
+        SecureStore.deleteItemAsync(SECURE_KEYS.user),
+    ]);
+}
+//# sourceMappingURL=secureStorage.js.map

package/dist/auth/secureStorage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secureStorage.js","sourceRoot":"","sources":["../../src/auth/secureStorage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,WAAW,MAAM,mBAAmB,CAAC;AAGjD;;;;GAIG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACvB,WAAW,EAAE,cAAc;IAC3B,YAAY,EAAE,eAAe;IAC7B,IAAI,EAAE,MAAM;CACN,CAAC;AAIX;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAChC,OAAO,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAoB;IACrD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,eAAe,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC3D,OAAO;IACX,CAAC;IACD,MAAM,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACjC,OAAO,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAoB;IACtD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,eAAe,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAC5D,OAAO;IACX,CAAC;IACD,MAAM,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;AACpE,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO;IACzB,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC7D,IAAI,CAAC,GAAG,EAAE,CAAC;QACP,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,IAAI,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAC;IACvC,CAAC;IAAC,WAAM,CAAC;QACL,wDAAwD;QACxD,0BAA0B;QAC1B,MAAM,WAAW,CAAC,eAAe,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC;IAChB,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAqB;IAC/C,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAChB,MAAM,WAAW,CAAC,eAAe,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACpD,OAAO;IACX,CAAC;IACD,MAAM,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC1B,MAAM,OAAO,CAAC,UAAU,CAAC;QACrB,WAAW,CAAC,eAAe,CAAC,WAAW,CAAC,WAAW,CAAC;QACpD,WAAW,CAAC,eAAe,CAAC,WAAW,CAAC,YAAY,CAAC;QACrD,WAAW,CAAC,eAAe,CAAC,WAAW,CAAC,IAAI,CAAC;KAChD,CAAC,CAAC;AACP,CAAC"}

package/dist/auth/types.d.ts

@@ -0,0 +1,65 @@
+/**
+ * Auth types for `@mk/mobile`.
+ *
+ * Wire-format DTOs returned by the MK-Director backend
+ * (e.g. Laravel `mk-laravel` package). Keep these decoupled from
+ * the existing `MkUser` in `@mk/core` — this is the new
+ * SecureStore-backed auth surface introduced in MK-MOB-1.0.3.
+ */
+/**
+ * Standard admin record as returned by `/api/{scope}/auth/me` and friends.
+ *
+ * `abilities` is a pipe-delimited string in the format
+ * `"users:CRUD|roles:R"` — the same convention the legacy
+ * `MkAuthContext` uses via `canUser` from `@mk/core`.
+ */
+export interface AdminDto {
+    id: string | number;
+    name: string;
+    email: string;
+    role?: {
+        name: string;
+        abilities: string;
+    };
+    [key: string]: unknown;
+}
+/**
+ * Access + refresh token pair persisted in `expo-secure-store`.
+ *
+ * - `accessToken` is short-lived (15 min) and sent on every API request.
+ * - `refreshToken` is long-lived and only used by the auto-refresh
+ *   interceptor inside `MkAuthProvider`.
+ */
+export interface AuthTokens {
+    accessToken: string;
+    refreshToken: string;
+}
+/**
+ * Payload accepted by `POST /api/{scope}/auth/login`.
+ *
+ * The `scope` itself comes from the provider props, NOT the body,
+ * so this is just the user-supplied credentials.
+ */
+export interface LoginInput {
+    email: string;
+    password: string;
+}
+/**
+ * Internal representation of the refresh-token response.
+ *
+ * Mirrors the wire shape returned by the Laravel `refresh` endpoint.
+ */
+export interface RefreshResponse {
+    accessToken: string;
+    refreshToken: string;
+    user?: AdminDto;
+}
+/**
+ * Internal representation of the login response.
+ */
+export interface LoginResponse {
+    user: AdminDto;
+    accessToken: string;
+    refreshToken: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/auth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;;;GAMG;AACH,MAAM,WAAW,QAAQ;IACrB,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE;QACH,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED;;;;;;GAMG;AACH,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACxB;AAED;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CACpB;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,QAAQ,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC1B,IAAI,EAAE,QAAQ,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACxB"}

package/dist/auth/types.js

@@ -0,0 +1,10 @@
+/**
+ * Auth types for `@mk/mobile`.
+ *
+ * Wire-format DTOs returned by the MK-Director backend
+ * (e.g. Laravel `mk-laravel` package). Keep these decoupled from
+ * the existing `MkUser` in `@mk/core` — this is the new
+ * SecureStore-backed auth surface introduced in MK-MOB-1.0.3.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/auth/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG"}

package/dist/auth/useMkAuth.d.ts

@@ -0,0 +1,17 @@
+/**
+ * `useMkAuth` — the public hook for consuming the auth context.
+ *
+ * Kept in its own module so the *type* of the context (and the
+ * `createContext` call) can be imported in isolation by tests
+ * and tooling without dragging in the full provider tree.
+ */
+import { type MkAuthContextValue } from './MkAuthContext';
+/**
+ * Access the current auth context value.
+ *
+ * Throws if used outside an `<MkAuthProvider>` — this is a
+ * developer error, not a runtime condition, so failing loudly
+ * is the right call.
+ */
+export declare function useMkAuth(): MkAuthContextValue;
+//# sourceMappingURL=useMkAuth.d.ts.map

package/dist/auth/useMkAuth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useMkAuth.d.ts","sourceRoot":"","sources":["../../src/auth/useMkAuth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAiB,KAAK,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAEzE;;;;;;GAMG;AACH,wBAAgB,SAAS,IAAI,kBAAkB,CAM9C"}

package/dist/auth/useMkAuth.js

@@ -0,0 +1,24 @@
+/**
+ * `useMkAuth` — the public hook for consuming the auth context.
+ *
+ * Kept in its own module so the *type* of the context (and the
+ * `createContext` call) can be imported in isolation by tests
+ * and tooling without dragging in the full provider tree.
+ */
+import { useContext } from 'react';
+import { MkAuthContext } from './MkAuthContext';
+/**
+ * Access the current auth context value.
+ *
+ * Throws if used outside an `<MkAuthProvider>` — this is a
+ * developer error, not a runtime condition, so failing loudly
+ * is the right call.
+ */
+export function useMkAuth() {
+    const ctx = useContext(MkAuthContext);
+    if (!ctx) {
+        throw new Error('useMkAuth must be used within an <MkAuthProvider>');
+    }
+    return ctx;
+}
+//# sourceMappingURL=useMkAuth.js.map

package/dist/auth/useMkAuth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useMkAuth.js","sourceRoot":"","sources":["../../src/auth/useMkAuth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,OAAO,CAAC;AACnC,OAAO,EAAE,aAAa,EAA2B,MAAM,iBAAiB,CAAC;AAEzE;;;;;;GAMG;AACH,MAAM,UAAU,SAAS;IACrB,MAAM,GAAG,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;IACtC,IAAI,CAAC,GAAG,EAAE,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,GAAG,CAAC;AACf,CAAC"}

package/dist/components/MkAccordion.d.ts

@@ -0,0 +1,19 @@
+import React from 'react';
+import type { ViewStyle } from 'react-native';
+export interface MkAccordionItem {
+    key: string;
+    title: string;
+    content: React.ReactNode;
+    disabled?: boolean;
+}
+export interface MkAccordionProps {
+    items: MkAccordionItem[];
+    multiple?: boolean;
+    defaultExpanded?: string[];
+    expanded?: string[];
+    onChange?: (expandedKeys: string[]) => void;
+    variant?: 'default' | 'bordered' | 'separated';
+    style?: ViewStyle;
+}
+export declare const MkAccordion: React.FC<MkAccordionProps>;
+//# sourceMappingURL=MkAccordion.d.ts.map

package/dist/components/MkAccordion.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MkAccordion.d.ts","sourceRoot":"","sources":["../../src/components/MkAccordion.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAgC,MAAM,OAAO,CAAC;AACrD,OAAO,KAAK,EAAE,SAAS,EAAC,MAAM,cAAc,CAAC;AAU7C,MAAM,WAAW,eAAe;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,KAAK,CAAC,SAAS,CAAC;IACzB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC7B,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,CAAC,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,KAAK,IAAI,CAAC;IAC5C,OAAO,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,WAAW,CAAC;IAC/C,KAAK,CAAC,EAAE,SAAS,CAAC;CACrB;AAED,eAAO,MAAM,WAAW,EAAE,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAqElD,CAAC"}