npm - @oathmesh/sdk - Versions diffs - 1.0.2 - Mend

@oathmesh/sdk 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,238 @@
+# @oathmesh/sdk
+<p align="center">
+  <img src="../../assets/logo.png" width="80" alt="OathMesh Logo">
+</p>
+<p align="center">
+  <b>OathMesh token verification for Node.js</b> — TypeScript-first, Express & Next.js.
+</p>
+<p align="center">
+  <a href="https://www.npmjs.com/package/@oathmesh/oathmesh">
+    <img src="https://img.shields.io/npm/v/@oathmesh/oathmesh.svg" alt="npm version">
+  </a>
+  <a href="https://www.npmjs.com/package/@oathmesh/oathmesh">
+    <img src="https://img.shields.io/npm/dm/@oathmesh/oathmesh" alt="npm downloads">
+  </a>
+  <a href="https://github.com/oathmesh/oathmesh/actions/workflows/ci.yml">
+    <img src="https://github.com/oathmesh/oathmesh/actions/workflows/ci.yml/badge.svg" alt="CI Status">
+  </a>
+  <a href="https://github.com/oathmesh/oathmesh/blob/main/LICENSE">
+    <img src="https://img.shields.io/github/license/oathmesh/oathmesh" alt="License">
+  </a>
+</p>
+---
+## Installation
+```bash
+npm install @oathmesh/oathmesh
+# or
+yarn add @oathmesh/oathmesh
+# or
+pnpm add @oathmesh/oathmesh
+```
+### Requirements
+- Node.js 18+
+- Express 4+ (optional, middleware works with any framework)
+- Next.js 13+ (optional, for Next.js integrations)
+---
+## Quick Start
+```typescript
+import { verifyToken } from '@oathmesh/oathmesh';
+app.use(verifyToken({
+  audience: 'https://inventory.internal',
+  trustedIssuers: ['https://issuer.oathmesh.dev'],
+}));
+app.get('/inventory', (req, res) => {
+  const caller = req.oathmeshContext!;
+  res.json({ subject: caller.principal.subject });
+});
+```
+---
+## Framework Support
+| Framework | Integration | Export |
+|-----------|-------------|--------|
+| **Express** | Middleware | `@oathmesh/oathmesh` |
+| **Next.js App** | Route handler | `@oathmesh/oathmesh/next` |
+| **Next.js Pages** | API wrapper | `@oathmesh/oathmesh/next` |
+| **Next.js Edge** | Edge middleware | `@oathmesh/oathmesh/next` |
+| **Any** | Core verifier | `@oathmesh/oathmesh` |
+---
+## Express.js
+```typescript
+import express from 'express';
+import { verifyToken } from '@oathmesh/oathmesh';
+const app = express();
+app.use(verifyToken({
+  audience: 'https://inventory.internal',
+  trustedIssuers: ['https://issuer.oathmesh.dev'],
+}));
+app.get('/inventory', (req, res) => {
+  const caller = req.oathmeshContext!;
+  res.json({ subject: caller.principal.subject, action: caller.action });
+});
+```
+---
+## Next.js — App Router (Route Handlers)
+```typescript
+// app/api/inventory/route.ts
+import { NextRequest, NextResponse } from 'next/server';
+import { withOathMesh } from '@oathmesh/oathmesh/next';
+const oathmesh = withOathMesh({
+  audience: 'https://inventory.internal',
+  trustedIssuers: ['https://issuer.oathmesh.dev'],
+});
+export async function GET(request: NextRequest) {
+  const { caller, error } = await oathmesh(request);
+  if (error) return error;     // 401 with structured error body
+  return NextResponse.json({
+    subject: caller.principal.subject,
+    action: caller.action,
+  });
+}
+```
+## Next.js — Pages Router (API Routes)
+```typescript
+// pages/api/inventory.ts
+import { withOathMeshApi } from '@oathmesh/oathmesh/next';
+export default withOathMeshApi(
+  {
+    audience: 'https://inventory.internal',
+    trustedIssuers: ['https://issuer.oathmesh.dev'],
+  },
+  (req, res) => {
+    const caller = (req as any).oathmeshContext;
+    res.json({ subject: caller.principal.subject });
+  }
+);
+```
+## Next.js — Edge Middleware
+```typescript
+// middleware.ts (project root)
+import { NextRequest, NextResponse } from 'next/server';
+import { createEdgeVerifier } from '@oathmesh/oathmesh/next';
+const verify = createEdgeVerifier({
+  audience: 'https://inventory.internal',
+  trustedIssuers: ['https://issuer.oathmesh.dev'],
+});
+export async function middleware(request: NextRequest) {
+  const denied = await verify(request);
+  if (denied) return denied;     // 401 — stops the request
+  return NextResponse.next();    // Continue to the route handler
+}
+export const config = {
+  matcher: '/api/:path*',
+};
+```
+---
+## Core Verifier (Framework-agnostic)
+Use `verifyOathToken` directly in any runtime — Hono, Fastify, or raw Node:
+```typescript
+import { verifyOathToken, extractToken, OathMeshError } from '@oathmesh/oathmesh';
+const token = extractToken(headers.authorization);
+try {
+  const caller = await verifyOathToken(token!, {
+    audience: 'https://inventory.internal',
+    trustedIssuers: ['https://issuer.oathmesh.dev'],
+  });
+  console.log(caller.principal.subject);
+} catch (err) {
+  if (err instanceof OathMeshError) {
+    console.error(err.code, err.fix);
+  }
+}
+```
+---
+## Lifecycle Hooks
+Monitor verification events with `onVerified` and `onDenied`:
+```typescript
+verifyToken({
+  audience: 'https://inventory.internal',
+  trustedIssuers: ['https://issuer.oathmesh.dev'],
+  onVerified: (caller) => {
+    metrics.increment('oathmesh.allow', { sub: caller.principal.subject });
+  },
+  onDenied: (err) => {
+    logger.warn('oathmesh denied', { code: err.code, message: err.message });
+  },
+});
+```
+---
+## Error Responses
+All verification failures return HTTP 401 with a stable JSON shape:
+```json
+{
+  "error": "audience_mismatch",
+  "message": "token audience does not match",
+  "fix": "mint with --aud https://inventory.internal"
+}
+```
+| Code | Trigger |
+|---|---|
+| `claim_missing:token` | Missing/invalid Authorization header |
+| `algorithm_not_allowed` | `typ` ≠ `om+jwt` or `alg` = `none`/unsupported |
+| `issuer_untrusted` | Issuer not in trusted list |
+| `signature_invalid` | JWKS signature verification failed |
+| `token_expired` | Past expiry + 10s clock skew |
+| `audience_mismatch` | `aud` doesn't match configured audience |
+| `claim_missing:{sub,act,jti}` | Missing required claim |
+| `verification_failed` | Catch-all for malformed tokens |
+---
+## Development
+```bash
+npm install
+npm test          # vitest — 12 tests
+npm run build     # tsc → dist/
+```

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * @oathmesh/sdk — OathMesh verification SDK for Node.js / TypeScript
+ *
+ * Entry points:
+ *   - `@oathmesh/sdk`       → Express middleware + core verifier
+ *   - `@oathmesh/sdk/next`  → Next.js App Router, Pages Router, Edge Middleware
+ *
+ * @example Express
+ * ```typescript
+ * import { verifyToken } from '@oathmesh/sdk';
+ *
+ * app.use(verifyToken({
+ *   audience: 'https://inventory.internal',
+ *   trustedIssuers: ['https://issuer.oathmesh.dev'],
+ * }));
+ * ```
+ *
+ * @example Next.js App Router
+ * ```typescript
+ * import { withOathMesh } from '@oathmesh/sdk/next';
+ *
+ * const oathmesh = withOathMesh({
+ *   audience: 'https://inventory.internal',
+ *   trustedIssuers: ['https://issuer.oathmesh.dev'],
+ * });
+ *
+ * export async function GET(request: NextRequest) {
+ *   const { caller, error } = await oathmesh(request);
+ *   if (error) return error;
+ *   return NextResponse.json({ subject: caller.principal.subject });
+ * }
+ * ```
+ */
+export { verifyToken } from './middleware';
+export { verifyOathToken, extractToken } from './verify';
+export { OathMeshError, type VerifiedCallerContext, type VerifierConfig, type Principal, type Source, type ErrorCode, type OathMeshErrorBody, } from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3C,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAGzD,OAAO,EACL,aAAa,EACb,KAAK,qBAAqB,EAC1B,KAAK,cAAc,EACnB,KAAK,SAAS,EACd,KAAK,MAAM,EACX,KAAK,SAAS,EACd,KAAK,iBAAiB,GACvB,MAAM,SAAS,CAAC"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,47 @@
+"use strict";
+/**
+ * @oathmesh/sdk — OathMesh verification SDK for Node.js / TypeScript
+ *
+ * Entry points:
+ *   - `@oathmesh/sdk`       → Express middleware + core verifier
+ *   - `@oathmesh/sdk/next`  → Next.js App Router, Pages Router, Edge Middleware
+ *
+ * @example Express
+ * ```typescript
+ * import { verifyToken } from '@oathmesh/sdk';
+ *
+ * app.use(verifyToken({
+ *   audience: 'https://inventory.internal',
+ *   trustedIssuers: ['https://issuer.oathmesh.dev'],
+ * }));
+ * ```
+ *
+ * @example Next.js App Router
+ * ```typescript
+ * import { withOathMesh } from '@oathmesh/sdk/next';
+ *
+ * const oathmesh = withOathMesh({
+ *   audience: 'https://inventory.internal',
+ *   trustedIssuers: ['https://issuer.oathmesh.dev'],
+ * });
+ *
+ * export async function GET(request: NextRequest) {
+ *   const { caller, error } = await oathmesh(request);
+ *   if (error) return error;
+ *   return NextResponse.json({ subject: caller.principal.subject });
+ * }
+ * ```
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OathMeshError = exports.extractToken = exports.verifyOathToken = exports.verifyToken = void 0;
+// Express middleware
+var middleware_1 = require("./middleware");
+Object.defineProperty(exports, "verifyToken", { enumerable: true, get: function () { return middleware_1.verifyToken; } });
+// Core verifier (framework-agnostic)
+var verify_1 = require("./verify");
+Object.defineProperty(exports, "verifyOathToken", { enumerable: true, get: function () { return verify_1.verifyOathToken; } });
+Object.defineProperty(exports, "extractToken", { enumerable: true, get: function () { return verify_1.extractToken; } });
+// Types
+var types_1 = require("./types");
+Object.defineProperty(exports, "OathMeshError", { enumerable: true, get: function () { return types_1.OathMeshError; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;;;AAEH,qBAAqB;AACrB,2CAA2C;AAAlC,yGAAA,WAAW,OAAA;AAEpB,qCAAqC;AACrC,mCAAyD;AAAhD,yGAAA,eAAe,OAAA;AAAE,sGAAA,YAAY,OAAA;AAEtC,QAAQ;AACR,iCAQiB;AAPf,sGAAA,aAAa,OAAA"}

package/dist/middleware.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * OathMesh Express middleware adapter.
+ *
+ * Wraps the core verifier for Express.js / Connect-compatible frameworks.
+ */
+import type { Request, Response, NextFunction } from 'express';
+import { type VerifierConfig, type VerifiedCallerContext } from './types';
+declare global {
+    namespace Express {
+        interface Request {
+            oathmeshContext?: VerifiedCallerContext;
+        }
+    }
+}
+/**
+ * Creates an Express middleware that verifies OathMesh tokens.
+ *
+ * On success, populates `req.oathmeshContext` with the verified caller identity.
+ * On failure, responds with 401 and a structured error body.
+ *
+ * @example
+ * ```typescript
+ * import express from 'express';
+ * import { verifyToken } from '@oathmesh/sdk';
+ *
+ * const app = express();
+ * app.use(verifyToken({
+ *   audience: 'https://inventory.internal',
+ *   trustedIssuers: ['https://issuer.oathmesh.dev'],
+ * }));
+ *
+ * app.get('/inventory', (req, res) => {
+ *   const caller = req.oathmeshContext!;
+ *   res.json({ subject: caller.principal.subject });
+ * });
+ * ```
+ */
+export declare function verifyToken(config: VerifierConfig): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/middleware.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAiB,KAAK,cAAc,EAAE,KAAK,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAIzF,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,eAAe,CAAC,EAAE,qBAAqB,CAAC;SACzC;KACF;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,cAAc,IAClC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,OAAO,CAAC,IAAI,CAAC,CA2B9E"}

package/dist/middleware.js ADDED Viewed

@@ -0,0 +1,58 @@
+"use strict";
+/**
+ * OathMesh Express middleware adapter.
+ *
+ * Wraps the core verifier for Express.js / Connect-compatible frameworks.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyToken = verifyToken;
+const types_1 = require("./types");
+const verify_1 = require("./verify");
+/**
+ * Creates an Express middleware that verifies OathMesh tokens.
+ *
+ * On success, populates `req.oathmeshContext` with the verified caller identity.
+ * On failure, responds with 401 and a structured error body.
+ *
+ * @example
+ * ```typescript
+ * import express from 'express';
+ * import { verifyToken } from '@oathmesh/sdk';
+ *
+ * const app = express();
+ * app.use(verifyToken({
+ *   audience: 'https://inventory.internal',
+ *   trustedIssuers: ['https://issuer.oathmesh.dev'],
+ * }));
+ *
+ * app.get('/inventory', (req, res) => {
+ *   const caller = req.oathmeshContext!;
+ *   res.json({ subject: caller.principal.subject });
+ * });
+ * ```
+ */
+function verifyToken(config) {
+    return async (req, res, next) => {
+        const token = (0, verify_1.extractToken)(req.headers.authorization);
+        if (!token) {
+            const err = new types_1.OathMeshError('claim_missing:token', 'missing or invalid Authorization header', "provide a token in the format 'Authorization: OathMesh <token>'");
+            await config.onDenied?.(err, req.headers);
+            res.status(401).json(err.toJSON());
+            return;
+        }
+        try {
+            const context = await (0, verify_1.verifyOathToken)(token, config);
+            req.oathmeshContext = context;
+            await config.onVerified?.(context, req.headers);
+            next();
+        }
+        catch (err) {
+            const oathErr = err instanceof types_1.OathMeshError
+                ? err
+                : new types_1.OathMeshError('verification_failed', err.message, 'check token format');
+            await config.onDenied?.(oathErr, req.headers);
+            res.status(401).json(oathErr.toJSON());
+        }
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/middleware.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAsCH,kCA4BC;AA/DD,mCAAyF;AACzF,qCAAyD;AAWzD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,SAAgB,WAAW,CAAC,MAAsB;IAChD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;QAC9E,MAAM,KAAK,GAAG,IAAA,qBAAY,EAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAEtD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,IAAI,qBAAa,CAC3B,qBAAqB,EACrB,yCAAyC,EACzC,iEAAiE,CAClE,CAAC;YACF,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,OAA6C,CAAC,CAAC;YAChF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAA,wBAAe,EAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YACrD,GAAG,CAAC,eAAe,GAAG,OAAO,CAAC;YAC9B,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,OAA6C,CAAC,CAAC;YACtF,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,qBAAa;gBAC1C,CAAC,CAAC,GAAG;gBACL,CAAC,CAAC,IAAI,qBAAa,CAAC,qBAAqB,EAAG,GAAa,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;YAC3F,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,OAA6C,CAAC,CAAC;YACpF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACzC,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/next.d.ts ADDED Viewed

@@ -0,0 +1,117 @@
+/**
+ * OathMesh Next.js adapters.
+ *
+ * Provides verification for:
+ *   - App Router Route Handlers (GET, POST, etc.)
+ *   - Pages Router API Routes
+ *   - Next.js Edge Middleware
+ *
+ * All adapters use the same core verifier — no framework-specific crypto.
+ */
+import { type VerifierConfig, type VerifiedCallerContext } from './types';
+/**
+ * Verify an OathMesh token inside a Next.js App Router Route Handler.
+ *
+ * Returns the verified caller context or throws an OathMeshError.
+ * Use with `NextRequest` in route handlers.
+ *
+ * @example
+ * ```typescript
+ * // app/api/inventory/route.ts
+ * import { NextRequest, NextResponse } from 'next/server';
+ * import { withOathMesh } from '@oathmesh/sdk/next';
+ *
+ * const oathmesh = withOathMesh({
+ *   audience: 'https://inventory.internal',
+ *   trustedIssuers: ['https://issuer.oathmesh.dev'],
+ * });
+ *
+ * export async function GET(request: NextRequest) {
+ *   const { caller, error } = await oathmesh(request);
+ *   if (error) return error;
+ *
+ *   return NextResponse.json({
+ *     subject: caller.principal.subject,
+ *     action: caller.action,
+ *   });
+ * }
+ * ```
+ */
+export declare function withOathMesh(config: VerifierConfig): (request: Request) => Promise<{
+    caller: VerifiedCallerContext;
+    error: null;
+} | {
+    caller: null;
+    error: Response;
+}>;
+/** Minimal Next.js Pages Router request type (avoids hard next dependency). */
+interface NextApiRequest {
+    headers: Record<string, string | string[] | undefined>;
+    body?: unknown;
+    query?: Record<string, string | string[] | undefined>;
+    method?: string;
+}
+/** Minimal Next.js Pages Router response type. */
+interface NextApiResponse {
+    status(code: number): NextApiResponse;
+    json(body: unknown): void;
+}
+/** Next.js Pages Router API handler type. */
+type NextApiHandler = (req: NextApiRequest, res: NextApiResponse) => void | Promise<void>;
+/**
+ * Wrap a Next.js Pages Router API handler with OathMesh verification.
+ *
+ * The verified caller context is injected into `req.oathmeshContext`.
+ *
+ * @example
+ * ```typescript
+ * // pages/api/inventory.ts
+ * import { withOathMeshApi } from '@oathmesh/sdk/next';
+ *
+ * export default withOathMeshApi(
+ *   {
+ *     audience: 'https://inventory.internal',
+ *     trustedIssuers: ['https://issuer.oathmesh.dev'],
+ *   },
+ *   (req, res) => {
+ *     const caller = (req as any).oathmeshContext;
+ *     res.json({ subject: caller.principal.subject });
+ *   }
+ * );
+ * ```
+ */
+export declare function withOathMeshApi(config: VerifierConfig, handler: NextApiHandler): NextApiHandler;
+/**
+ * Create a Next.js Edge Middleware verifier.
+ *
+ * Returns a function you call inside your `middleware.ts`. If verification
+ * fails it returns a `Response` you should return immediately. If it passes,
+ * it returns `null` and you should call `NextResponse.next()`.
+ *
+ * @example
+ * ```typescript
+ * // middleware.ts (project root)
+ * import { NextRequest, NextResponse } from 'next/server';
+ * import { createEdgeVerifier } from '@oathmesh/sdk/next';
+ *
+ * const verify = createEdgeVerifier({
+ *   audience: 'https://inventory.internal',
+ *   trustedIssuers: ['https://issuer.oathmesh.dev'],
+ * });
+ *
+ * export async function middleware(request: NextRequest) {
+ *   const denied = await verify(request);
+ *   if (denied) return denied;
+ *
+ *   // Verification passed — forward with injected headers
+ *   return NextResponse.next();
+ * }
+ *
+ * export const config = {
+ *   matcher: '/api/:path*',
+ * };
+ * ```
+ */
+export declare function createEdgeVerifier(config: VerifierConfig): (request: Request) => Promise<Response | null>;
+export {};
+//# sourceMappingURL=next.d.ts.map

package/dist/next.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"next.d.ts","sourceRoot":"","sources":["../src/next.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAiB,KAAK,cAAc,EAAE,KAAK,qBAAqB,EAA0B,MAAM,SAAS,CAAC;AAKjH;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,cAAc,IAE/C,SAAS,OAAO,KACf,OAAO,CACN;IAAE,MAAM,EAAE,qBAAqB,CAAC;IAAC,KAAK,EAAE,IAAI,CAAA;CAAE,GAC9C;IAAE,MAAM,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,QAAQ,CAAA;CAAE,CACpC,CAgCF;AAID,+EAA+E;AAC/E,UAAU,cAAc;IACtB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACvD,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACtD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,kDAAkD;AAClD,UAAU,eAAe;IACvB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,CAAC;IACtC,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;CAC3B;AAED,6CAA6C;AAC7C,KAAK,cAAc,GAAG,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE,eAAe,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE1F;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,cAAc,EACtB,OAAO,EAAE,cAAc,GACtB,cAAc,CAgChB;AAID;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,cAAc,IACzC,SAAS,OAAO,KAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CA4B1D"}