@nexttylabs/echo 0.2.0

package/next-env.d.ts

@@ -0,0 +1,6 @@
+/// <reference types="next" />
+/// <reference types="next/image-types/global" />
+import "./.next/types/routes.d.ts";
+
+// NOTE: This file should not be edited
+// see https://nextjs.org/docs/app/api-reference/config/typescript for more information.

package/next.config.ts

@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import type { NextConfig } from "next";
+import createNextIntlPlugin from "next-intl/plugin";
+
+const withNextIntl = createNextIntlPlugin("./i18n/request.ts");
+
+const nextConfig: NextConfig = {
+  // Required for standalone Docker build
+  output: "standalone",
+
+  images: {
+    remotePatterns: [
+      {
+        protocol: "https",
+        hostname: "images.unsplash.com",
+      },
+    ],
+  },
+  async headers() {
+    return [
+      {
+        source: "/widget/:path*",
+        headers: [
+          {
+            key: "Access-Control-Allow-Origin",
+            value: "*",
+          },
+          {
+            key: "Access-Control-Allow-Methods",
+            value: "GET, OPTIONS",
+          },
+          {
+            key: "Access-Control-Allow-Headers",
+            value: "Content-Type, Authorization",
+          },
+          {
+            key: "X-Frame-Options",
+            value: "ALLOWALL",
+          },
+          {
+            key: "Content-Security-Policy",
+            value: "frame-ancestors *",
+          },
+        ],
+      },
+    ];
+  },
+};
+
+export default withNextIntl(nextConfig);

package/package.json

@@ -0,0 +1,84 @@
+{
+  "name": "@nexttylabs/echo",
+  "version": "0.2.0",
+  "private": false,
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "dev": "bun --bun next dev",
+    "build": "node node_modules/next/dist/bin/next build",
+    "start": "bun --bun next start",
+    "lint": "eslint",
+    "test": "bun test --setup ./tests/setup.ts tests/api tests/app tests/components tests/hooks ",
+    "test:e2e": "bunx playwright test",
+    "test:e2e:ui": "bunx playwright test --ui",
+    "db:generate": "drizzle-kit generate",
+    "db:migrate": "drizzle-kit migrate",
+    "db:push": "drizzle-kit push:pg",
+    "db:studio": "drizzle-kit studio",
+    "db:introspect": "drizzle-kit introspect:pg",
+    "db:check": "drizzle-kit check",
+    "generate:openapi": "bun run scripts/generate-openapi.ts",
+    "changeset": "changeset",
+    "changeset:version": "changeset version",
+    "changeset:publish": "changeset publish"
+  },
+  "dependencies": {
+    "@base-ui/react": "^1.0.0",
+    "@hookform/resolvers": "^5.2.2",
+    "better-auth": "^1.4.10",
+    "class-variance-authority": "^0.7.1",
+    "clsx": "^2.1.1",
+    "date-fns": "^4.1.0",
+    "drizzle-orm": "^0.45.1",
+    "lucide-react": "^0.562.0",
+    "next": "16.1.1",
+    "next-intl": "^4.7.0",
+    "pg": "^8.16.3",
+    "pino": "^10.1.0",
+    "pino-pretty": "^13.1.3",
+    "radix-ui": "^1.4.3",
+    "react": "19.2.3",
+    "react-dom": "19.2.3",
+    "react-hook-form": "^7.70.0",
+    "recharts": "^3.6.0",
+    "resend": "^6.6.0",
+    "shadcn": "^3.6.2",
+    "swagger-jsdoc": "^6.2.8",
+    "swagger-ui-react": "^5.31.0",
+    "tailwind-merge": "^3.4.0",
+    "tw-animate-css": "^1.4.0",
+    "zod": "^4.3.4"
+  },
+  "devDependencies": {
+    "@changesets/cli": "^2.29.8",
+    "@happy-dom/global-registrator": "^20.1.0",
+    "@playwright/test": "^1.57.0",
+    "@tailwindcss/postcss": "^4",
+    "@testing-library/dom": "^10.4.1",
+    "@testing-library/react": "^16.3.1",
+    "@types/node": "^20",
+    "@types/pg": "^8.16.0",
+    "@types/pino": "^7.0.5",
+    "@types/react": "^19",
+    "@types/react-dom": "^19",
+    "@types/swagger-jsdoc": "^6.0.4",
+    "@types/swagger-ui-react": "^5.18.0",
+    "dotenv": "^17.2.3",
+    "drizzle-kit": "^0.31.8",
+    "eslint": "^9",
+    "eslint-config-next": "16.1.1",
+    "happy-dom": "^20.1.0",
+    "tailwindcss": "^4",
+    "typescript": "^5"
+  },
+  "ignoreScripts": [
+    "sharp",
+    "unrs-resolver"
+  ],
+  "trustedDependencies": [
+    "sharp",
+    "unrs-resolver"
+  ]
+}

package/playwright.config.ts

@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { defineConfig, devices } from "@playwright/test";
+
+export default defineConfig({
+  workers: 1,
+  testDir: "./tests/e2e",
+  testMatch: "**/*.e2e.ts",
+  timeout: 60_000,
+  expect: { timeout: 10_000 },
+  use: {
+    baseURL: process.env.E2E_BASE_URL ?? "http://localhost:3000",
+    trace: "retain-on-failure",
+    screenshot: "only-on-failure",
+    video: "retain-on-failure",
+  },
+  webServer: {
+    command: "bun dev",
+    url: "http://localhost:3000",
+    reuseExistingServer: !process.env.CI,
+    timeout: 120_000,
+  },
+  projects: [
+    {
+      name: "chromium",
+      use: { ...devices["Desktop Chrome"] },
+    },
+  ],
+});

package/postcss.config.mjs

@@ -0,0 +1,7 @@
+const config = {
+  plugins: {
+    "@tailwindcss/postcss": {},
+  },
+};
+
+export default config;

package/proxy.test.ts

@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { afterAll, describe, it, expect, mock } from "bun:test";
+import { NextRequest } from "next/server";
+import { PERMISSIONS } from "@/lib/auth/permissions";
+
+const previousDatabaseUrl = process.env.DATABASE_URL;
+process.env.DATABASE_URL ??= "postgres://test";
+
+mock.module("@/lib/auth/session", () => ({
+  getServerSession: async (req: NextRequest) => {
+    const isAuthed = req.headers.get("x-test-auth") === "1";
+    if (!isAuthed) return null;
+    const role = req.headers.get("x-test-role");
+    return role ? { user: { id: "u_test", role } } : { user: { id: "u_test" } };
+  },
+}));
+
+const { proxy } = await import("./proxy");
+const { requirePermission } = await import("@/lib/middleware/rbac");
+
+afterAll(() => {
+  if (previousDatabaseUrl === undefined) {
+    delete process.env.DATABASE_URL;
+  } else {
+    process.env.DATABASE_URL = previousDatabaseUrl;
+  }
+});
+
+describe("proxy", () => {
+  it("adds x-request-id to response", async () => {
+    const req = new NextRequest("http://localhost/api/health");
+    const res = await proxy(req);
+    expect(res.headers.get("x-request-id")).toBeTruthy();
+  });
+});
+
+describe("proxy auth", () => {
+  it("redirects unauthenticated users from protected routes", async () => {
+    const req = new NextRequest("http://localhost/dashboard");
+    const res = await proxy(req);
+    expect(res.headers.get("location")).toBe("http://localhost/login");
+  });
+
+  it("allows unauthenticated users on public routes", async () => {
+    const req = new NextRequest("http://localhost/login");
+    const res = await proxy(req);
+    expect(res.headers.get("location")).toBeNull();
+  });
+
+  it("allows authenticated users on protected routes", async () => {
+    const req = new NextRequest("http://localhost/dashboard", {
+      headers: { "x-test-auth": "1" },
+    });
+    const res = await proxy(req);
+    expect(res.headers.get("location")).toBeNull();
+  });
+});
+
+describe("proxy locale cookie", () => {
+  it("sets NEXT_LOCALE from Accept-Language when missing", async () => {
+    const req = new NextRequest("http://localhost/dashboard", {
+      headers: {
+        "accept-language": "zh-CN,zh;q=0.9,en;q=0.8",
+      },
+    });
+    const res = await proxy(req);
+    expect(res.headers.get("set-cookie")).toContain("NEXT_LOCALE=zh-CN");
+  });
+
+  it("does not override existing NEXT_LOCALE cookie", async () => {
+    const req = new NextRequest("http://localhost/login", {
+      headers: {
+        cookie: "NEXT_LOCALE=jp",
+        "accept-language": "zh-CN,zh;q=0.9,en;q=0.8",
+      },
+    });
+    const res = await proxy(req);
+    expect(res.headers.get("set-cookie")).toBeNull();
+  });
+});
+
+describe("rbac requirePermission", () => {
+  it("returns 401 when session is missing", async () => {
+    const req = new NextRequest("http://localhost/api/secure");
+    const res = await requirePermission(PERMISSIONS.CREATE_FEEDBACK, req);
+    expect(res.status).toBe(401);
+    await expect(res.json()).resolves.toEqual({ error: "Unauthorized" });
+  });
+
+  it("returns 401 when role is missing", async () => {
+    const req = new NextRequest("http://localhost/api/secure", {
+      headers: { "x-test-auth": "1" },
+    });
+    const res = await requirePermission(PERMISSIONS.CREATE_FEEDBACK, req);
+    expect(res.status).toBe(401);
+    await expect(res.json()).resolves.toEqual({ error: "Unauthorized" });
+  });
+
+  it("returns 403 when role lacks permission", async () => {
+    const req = new NextRequest("http://localhost/api/secure", {
+      headers: { "x-test-auth": "1", "x-test-role": "customer" },
+    });
+    const res = await requirePermission(PERMISSIONS.MANAGE_ORG, req);
+    expect(res.status).toBe(403);
+    await expect(res.json()).resolves.toEqual({ error: "Forbidden" });
+  });
+
+  it("returns NextResponse.next when permission is allowed", async () => {
+    const req = new NextRequest("http://localhost/api/secure", {
+      headers: { "x-test-auth": "1", "x-test-role": "admin" },
+    });
+    const res = await requirePermission(PERMISSIONS.MANAGE_ORG, req);
+    expect(res.status).toBe(200);
+  });
+});

package/proxy.ts

@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { NextRequest, NextResponse } from "next/server";
+import {
+  DEFAULT_LOCALE,
+  LOCALE_COOKIE_NAME,
+  getPreferredLocaleFromHeader,
+  isSupportedLocale,
+} from "@/i18n/config";
+
+// Default session cookie name used by better-auth
+const SESSION_COOKIE_NAME = "better-auth.session_token";
+
+const publicRoutes = ["/login", "/register", "/invite", "/invite/", "/api/auth", "/widget", "/portal"];
+const protectedRoutes = ["/dashboard", "/feedback", "/settings"];
+const LOCALE_COOKIE_MAX_AGE_SECONDS = 60 * 60 * 24 * 365;
+
+// Primary app hosts (custom domains will not match these)
+const APP_HOSTS = new Set([
+  "localhost",
+  "localhost:3000",
+  "127.0.0.1:3000",
+  // Add production domains when deployed
+]);
+
+// Simple in-memory cache for domain lookups
+const domainCache = new Map<string, { orgSlug: string; projectSlug: string } | null>();
+const CACHE_TTL = 60 * 1000; // 1 minute
+const cacheTimestamps = new Map<string, number>();
+
+function generateRequestId(): string {
+  return crypto.randomUUID();
+}
+
+function isRouteMatch(pathname: string, routes: string[]) {
+  return routes.some((route) => pathname === route || pathname.startsWith(route));
+}
+
+function shouldSetLocaleCookie(req: NextRequest, pathname: string) {
+  if (req.method !== "GET") return false;
+  if (pathname.startsWith("/api/") || pathname.startsWith("/_next/")) return false;
+  if (pathname.includes(".")) return false;
+  const existingLocale = req.cookies.get(LOCALE_COOKIE_NAME)?.value;
+  return !existingLocale;
+}
+
+function resolveLocaleFromRequest(req: NextRequest): string {
+  const cookieLocale = req.cookies.get(LOCALE_COOKIE_NAME)?.value;
+  if (cookieLocale && isSupportedLocale(cookieLocale)) return cookieLocale;
+  return getPreferredLocaleFromHeader(req.headers.get("accept-language")) || DEFAULT_LOCALE;
+}
+
+function maybeSetLocaleCookie(req: NextRequest, response: NextResponse, pathname: string) {
+  if (!shouldSetLocaleCookie(req, pathname)) return;
+  const locale = resolveLocaleFromRequest(req);
+  response.cookies.set(LOCALE_COOKIE_NAME, locale, {
+    path: "/",
+    sameSite: "lax",
+    secure: req.nextUrl.protocol === "https:",
+    maxAge: LOCALE_COOKIE_MAX_AGE_SECONDS,
+  });
+}
+
+// Helper to determine if request is authenticated for tests
+function isAuthenticated(req: NextRequest): boolean {
+  // Real auth uses session cookie
+  const sessionCookie = req.cookies.get(SESSION_COOKIE_NAME);
+  if (sessionCookie?.value) return true;
+  // Test auth can be simulated via custom header
+  const testAuth = req.headers.get('x-test-auth');
+  return testAuth === '1';
+}
+
+async function lookupCustomDomain(hostname: string, requestUrl: string): Promise<{ orgSlug: string; projectSlug: string } | null> {
+  const now = Date.now();
+  const cachedResult = domainCache.get(hostname);
+  const cacheTime = cacheTimestamps.get(hostname);
+  
+  if (cachedResult !== undefined && cacheTime && now - cacheTime < CACHE_TTL) {
+    return cachedResult;
+  }
+
+  try {
+    const lookupUrl = new URL("/api/internal/domain-lookup", requestUrl);
+    lookupUrl.searchParams.set("domain", hostname);
+    
+    const response = await fetch(lookupUrl, {
+      headers: {
+        "x-middleware-secret": process.env.MIDDLEWARE_SECRET || "",
+      },
+    });
+
+    if (response.ok) {
+      const data = await response.json();
+      if (data.orgSlug && data.projectSlug) {
+        const result = { orgSlug: data.orgSlug, projectSlug: data.projectSlug };
+        domainCache.set(hostname, result);
+        cacheTimestamps.set(hostname, now);
+        return result;
+      }
+    }
+    
+    domainCache.set(hostname, null);
+    cacheTimestamps.set(hostname, now);
+  } catch (error) {
+    console.error("Domain lookup failed:", error);
+  }
+
+  return null;
+}
+
+export async function proxy(req: NextRequest) {
+  const startTime = Date.now();
+  const reqId = req.headers.get("x-request-id") || generateRequestId();
+
+  const requestHeaders = new Headers(req.headers);
+  requestHeaders.set("x-request-id", reqId);
+
+  // Log request (Edge-compatible)
+  console.log(`[${reqId}] ${req.method} ${req.nextUrl.pathname}`);
+
+  const pathname = req.nextUrl.pathname;
+  const hostname = req.headers.get("host") || "";
+  const hostnameWithoutPort = hostname.split(":")[0];
+
+  // Custom domain routing - check if this is a custom domain request
+  if (!APP_HOSTS.has(hostname) && !APP_HOSTS.has(hostnameWithoutPort)) {
+    // Skip API routes and static assets
+    if (!pathname.startsWith("/api/") && !pathname.startsWith("/_next/") && !pathname.includes(".")) {
+      const domainInfo = await lookupCustomDomain(hostname, req.url);
+      if (domainInfo) {
+        const url = req.nextUrl.clone();
+        url.pathname = `/portal/${domainInfo.orgSlug}/${domainInfo.projectSlug}${pathname === "/" ? "" : pathname}`;
+        
+        const response = NextResponse.rewrite(url, {
+          request: { headers: requestHeaders },
+        });
+        maybeSetLocaleCookie(req, response, pathname);
+        response.headers.set("x-request-id", reqId);
+        const duration = Date.now() - startTime;
+        console.log(`[${reqId}] ${response.status} ${duration}ms (rewrite)`);
+        return response;
+      }
+    }
+  }
+
+  const isPublic = isRouteMatch(pathname, publicRoutes);
+  const isProtected = isRouteMatch(pathname, protectedRoutes);
+
+  let response = NextResponse.next({
+    request: {
+      headers: requestHeaders,
+    },
+  });
+
+  if (isProtected && !isPublic) {
+    // Optimistic check: only verify session cookie presence
+    // Full session validation happens in page/layout components
+    if (!isAuthenticated(req)) {
+      response = NextResponse.redirect(new URL("/login", req.url));
+    }
+  }
+
+  maybeSetLocaleCookie(req, response, pathname);
+  response.headers.set("x-request-id", reqId);
+
+  const duration = Date.now() - startTime;
+  console.log(`[${reqId}] ${response.status} ${duration}ms`);
+
+  return response;
+}
+
+export const config = {
+  matcher: ["/api/:path*", "/((?!_next/static|_next/image|favicon.ico).*)"],
+};

package/public/file.svg

@@ -0,0 +1 @@
+<svg fill="none" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M14.5 13.5V5.41a1 1 0 0 0-.3-.7L9.8.29A1 1 0 0 0 9.08 0H1.5v13.5A2.5 2.5 0 0 0 4 16h8a2.5 2.5 0 0 0 2.5-2.5m-1.5 0v-7H8v-5H3v12a1 1 0 0 0 1 1h8a1 1 0 0 0 1-1M9.5 5V2.12L12.38 5zM5.13 5h-.62v1.25h2.12V5zm-.62 3h7.12v1.25H4.5zm.62 3h-.62v1.25h7.12V11z" clip-rule="evenodd" fill="#666" fill-rule="evenodd"/></svg>

package/public/globe.svg

@@ -0,0 +1 @@
+<svg fill="none" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><g clip-path="url(#a)"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.27 14.1a6.5 6.5 0 0 0 3.67-3.45q-1.24.21-2.7.34-.31 1.83-.97 3.1M8 16A8 8 0 1 0 8 0a8 8 0 0 0 0 16m.48-1.52a7 7 0 0 1-.96 0H7.5a4 4 0 0 1-.84-1.32q-.38-.89-.63-2.08a40 40 0 0 0 3.92 0q-.25 1.2-.63 2.08a4 4 0 0 1-.84 1.31zm2.94-4.76q1.66-.15 2.95-.43a7 7 0 0 0 0-2.58q-1.3-.27-2.95-.43a18 18 0 0 1 0 3.44m-1.27-3.54a17 17 0 0 1 0 3.64 39 39 0 0 1-4.3 0 17 17 0 0 1 0-3.64 39 39 0 0 1 4.3 0m1.1-1.17q1.45.13 2.69.34a6.5 6.5 0 0 0-3.67-3.44q.65 1.26.98 3.1M8.48 1.5l.01.02q.41.37.84 1.31.38.89.63 2.08a40 40 0 0 0-3.92 0q.25-1.2.63-2.08a4 4 0 0 1 .85-1.32 7 7 0 0 1 .96 0m-2.75.4a6.5 6.5 0 0 0-3.67 3.44 29 29 0 0 1 2.7-.34q.31-1.83.97-3.1M4.58 6.28q-1.66.16-2.95.43a7 7 0 0 0 0 2.58q1.3.27 2.95.43a18 18 0 0 1 0-3.44m.17 4.71q-1.45-.12-2.69-.34a6.5 6.5 0 0 0 3.67 3.44q-.65-1.27-.98-3.1" fill="#666"/></g><defs><clipPath id="a"><path fill="#fff" d="M0 0h16v16H0z"/></clipPath></defs></svg>

package/public/logo-64.svg

@@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" width="64" height="64">
+  <rect width="512" height="512" rx="120" fill="#4f46e5"/>
+  <path d="M352 128H160V384H352" stroke="white" stroke-width="64" stroke-linecap="round" stroke-linejoin="round" fill="none"/>
+  <line x1="160" y1="256" x2="320" y2="256" stroke="white" stroke-width="64" stroke-linecap="round"/>
+</svg>

package/public/logo.svg

@@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
+  <rect width="512" height="512" rx="120" fill="#4f46e5"/>
+  <path d="M352 128H160V384H352" stroke="white" stroke-width="64" stroke-linecap="round" stroke-linejoin="round" fill="none"/>
+  <line x1="160" y1="256" x2="320" y2="256" stroke="white" stroke-width="64" stroke-linecap="round"/>
+</svg>

package/public/next.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 394 80"><path fill="#000" d="M262 0h68.5v12.7h-27.2v66.6h-13.6V12.7H262V0ZM149 0v12.7H94v20.4h44.3v12.6H94v21h55v12.6H80.5V0h68.7zm34.3 0h-17.8l63.8 79.4h17.9l-32-39.7 32-39.6h-17.9l-23 28.6-23-28.6zm18.3 56.7-9-11-27.1 33.7h17.8l18.3-22.7z"/><path fill="#000" d="M81 79.3 17 0H0v79.3h13.6V17l50.2 62.3H81Zm252.6-.4c-1 0-1.8-.4-2.5-1s-1.1-1.6-1.1-2.6.3-1.8 1-2.5 1.6-1 2.6-1 1.8.3 2.5 1a3.4 3.4 0 0 1 .6 4.3 3.7 3.7 0 0 1-3 1.8zm23.2-33.5h6v23.3c0 2.1-.4 4-1.3 5.5a9.1 9.1 0 0 1-3.8 3.5c-1.6.8-3.5 1.3-5.7 1.3-2 0-3.7-.4-5.3-1s-2.8-1.8-3.7-3.2c-.9-1.3-1.4-3-1.4-5h6c.1.8.3 1.6.7 2.2s1 1.2 1.6 1.5c.7.4 1.5.5 2.4.5 1 0 1.8-.2 2.4-.6a4 4 0 0 0 1.6-1.8c.3-.8.5-1.8.5-3V45.5zm30.9 9.1a4.4 4.4 0 0 0-2-3.3 7.5 7.5 0 0 0-4.3-1.1c-1.3 0-2.4.2-3.3.5-.9.4-1.6 1-2 1.6a3.5 3.5 0 0 0-.3 4c.3.5.7.9 1.3 1.2l1.8 1 2 .5 3.2.8c1.3.3 2.5.7 3.7 1.2a13 13 0 0 1 3.2 1.8 8.1 8.1 0 0 1 3 6.5c0 2-.5 3.7-1.5 5.1a10 10 0 0 1-4.4 3.5c-1.8.8-4.1 1.2-6.8 1.2-2.6 0-4.9-.4-6.8-1.2-2-.8-3.4-2-4.5-3.5a10 10 0 0 1-1.7-5.6h6a5 5 0 0 0 3.5 4.6c1 .4 2.2.6 3.4.6 1.3 0 2.5-.2 3.5-.6 1-.4 1.8-1 2.4-1.7a4 4 0 0 0 .8-2.4c0-.9-.2-1.6-.7-2.2a11 11 0 0 0-2.1-1.4l-3.2-1-3.8-1c-2.8-.7-5-1.7-6.6-3.2a7.2 7.2 0 0 1-2.4-5.7 8 8 0 0 1 1.7-5 10 10 0 0 1 4.3-3.5c2-.8 4-1.2 6.4-1.2 2.3 0 4.4.4 6.2 1.2 1.8.8 3.2 2 4.3 3.4 1 1.4 1.5 3 1.5 5h-5.8z"/></svg>