@oculum/scanner 1.0.12 → 1.0.13

package/dist/model/project-context.js

@@ -0,0 +1,534 @@
+"use strict";
+/**
+ * Project Context Builder
+ *
+ * Builds a generic project context summary for AI validation by analyzing
+ * common patterns across the codebase. This context helps the AI validator
+ * understand the project's security architecture without hardcoding any
+ * specific framework or vendor.
+ *
+ * Key areas analyzed:
+ * - Authentication & access control patterns
+ * - Data access patterns (ORMs, query builders, raw queries)
+ * - Secrets & configuration handling
+ * - Framework detection
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildProjectContext = buildProjectContext;
+exports.getFileValidationContext = getFileValidationContext;
+const middleware_detector_1 = require("./middleware-detector");
+const auth_helper_detector_1 = require("./auth-helper-detector");
+const oauth_flow_detector_1 = require("./oauth-flow-detector");
+const trpc_analyzer_1 = require("./trpc-analyzer");
+// ============================================================================
+// Pattern Definitions
+// ============================================================================
+const AUTH_HELPER_PATTERNS = [
+    { pattern: /getCurrentUser|getUser|fetchUser/i, name: 'getCurrentUser' },
+    { pattern: /getCurrentUserId|getUserId/i, name: 'getCurrentUserId' },
+    { pattern: /getSession|getServerSession/i, name: 'getSession' },
+    { pattern: /requireAuth|ensureAuth|checkAuth/i, name: 'requireAuth' },
+    { pattern: /verifyToken|validateToken/i, name: 'verifyToken' },
+    { pattern: /isAuthenticated|isLoggedIn/i, name: 'isAuthenticated' },
+    { pattern: /withAuth|authGuard/i, name: 'withAuth' },
+    { pattern: /useAuth|useSession/i, name: 'useAuth (hook)' },
+    { pattern: /auth\(\)|getAuth\(\)/i, name: 'auth()' },
+];
+const ORM_PATTERNS = [
+    { pattern: /from\s+['"]@prisma\/client['"]|PrismaClient/i, orm: 'prisma' },
+    { pattern: /from\s+['"]drizzle-orm['"]|drizzle\(/i, orm: 'drizzle' },
+    { pattern: /from\s+['"]@supabase\/supabase-js['"]|createClient.*supabase/i, orm: 'supabase' },
+    { pattern: /from\s+['"]mongoose['"]|mongoose\.connect/i, orm: 'mongoose' },
+    { pattern: /from\s+['"]sequelize['"]|Sequelize/i, orm: 'sequelize' },
+    { pattern: /from\s+['"]typeorm['"]|DataSource/i, orm: 'typeorm' },
+    { pattern: /from\s+['"]knex['"]|knex\(/i, orm: 'knex' },
+];
+const VALIDATION_LIBRARY_PATTERNS = [
+    { pattern: /from\s+['"]zod['"]|z\.object/i, lib: 'zod' },
+    { pattern: /from\s+['"]yup['"]|yup\.object/i, lib: 'yup' },
+    { pattern: /from\s+['"]joi['"]|Joi\.object/i, lib: 'joi' },
+    { pattern: /from\s+['"]valibot['"]|v\.object/i, lib: 'valibot' },
+    { pattern: /from\s+['"]class-validator['"]|@IsString|@IsEmail/i, lib: 'class-validator' },
+];
+const SECRET_MANAGER_PATTERNS = [
+    { pattern: /aws-sdk.*secretsmanager|SecretsManager/i, type: 'AWS Secrets Manager' },
+    { pattern: /google-cloud.*secret-manager|SecretManagerServiceClient/i, type: 'Google Secret Manager' },
+    { pattern: /@azure\/keyvault|KeyVaultSecret/i, type: 'Azure Key Vault' },
+    { pattern: /hashicorp.*vault|vault\.read/i, type: 'HashiCorp Vault' },
+    { pattern: /doppler|infisical/i, type: 'Doppler/Infisical' },
+];
+// ============================================================================
+// Main Builder Function
+// ============================================================================
+/**
+ * Build a comprehensive project context from scanned files
+ * This context is used to inform AI validation decisions
+ */
+function buildProjectContext(files) {
+    // Detect middleware configuration
+    const middlewareConfig = (0, middleware_detector_1.detectGlobalAuthMiddleware)(files);
+    // Build individual context sections
+    const auth = buildAuthContext(files, middlewareConfig);
+    const dataAccess = buildDataAccessContext(files);
+    const secrets = buildSecretsContext(files);
+    const frameworks = buildFrameworkContext(files);
+    const structure = buildStructureContext(files);
+    const oauth = (0, oauth_flow_detector_1.detectOAuthFlow)(files);
+    const trpc = (0, trpc_analyzer_1.analyzeTRPCRouters)(files);
+    // Generate summary string for AI prompt
+    const summary = generateContextSummary({
+        auth,
+        dataAccess,
+        secrets,
+        frameworks,
+        structure,
+        oauth,
+        trpc,
+    });
+    return {
+        summary,
+        auth,
+        dataAccess,
+        secrets,
+        frameworks,
+        structure,
+        oauth,
+        trpc,
+    };
+}
+// ============================================================================
+// Context Builders
+// ============================================================================
+function buildAuthContext(files, middlewareConfig) {
+    const authHelperNames = [];
+    let hasUserScoping = false;
+    const userScopingPatterns = [];
+    // Detect auth helpers using the dedicated detector (includes throwing detection)
+    const authHelperContext = (0, auth_helper_detector_1.detectAuthHelpers)(files);
+    const throwingAuthHelpers = authHelperContext.helpers.filter(h => h.throwsOnMissing);
+    // Scan all files for additional auth patterns and user scoping
+    for (const file of files) {
+        // Skip non-code files
+        if (!isCodeFile(file.path))
+            continue;
+        // Detect auth helper functions by name patterns
+        for (const { pattern, name } of AUTH_HELPER_PATTERNS) {
+            if (pattern.test(file.content) && !authHelperNames.includes(name)) {
+                authHelperNames.push(name);
+            }
+        }
+        // Detect user scoping patterns
+        const scoping = (0, middleware_detector_1.detectUserScopingPatterns)(file.content);
+        if (scoping.hasUserScoping) {
+            hasUserScoping = true;
+            for (const p of scoping.patterns) {
+                if (!userScopingPatterns.includes(p)) {
+                    userScopingPatterns.push(p);
+                }
+            }
+        }
+    }
+    // Merge detected helper names from both sources
+    for (const helper of authHelperContext.helpers) {
+        if (!authHelperNames.includes(helper.name)) {
+            authHelperNames.push(helper.name);
+        }
+    }
+    return {
+        hasGlobalMiddleware: middlewareConfig.hasAuthMiddleware,
+        authProvider: middlewareConfig.authType,
+        middlewareFile: middlewareConfig.middlewareFile,
+        protectedPaths: middlewareConfig.protectedPaths,
+        publicPaths: middlewareConfig.publicPaths,
+        authHelpers: authHelperNames,
+        authHelperContext,
+        throwingAuthHelpers,
+        hasUserScoping,
+        userScopingPatterns,
+    };
+}
+function buildDataAccessContext(files) {
+    let orm = undefined;
+    let usesParameterizedQueries = false;
+    let databaseType = undefined;
+    let hasRLS = false;
+    let validationLibrary = undefined;
+    for (const file of files) {
+        if (!isCodeFile(file.path))
+            continue;
+        const content = file.content;
+        // Detect ORM
+        if (!orm) {
+            for (const { pattern, orm: ormType } of ORM_PATTERNS) {
+                if (pattern.test(content)) {
+                    orm = ormType;
+                    break;
+                }
+            }
+        }
+        // Detect parameterized queries
+        if (!usesParameterizedQueries) {
+            // Prisma, Drizzle, Supabase all use parameterized by default
+            if (orm === 'prisma' || orm === 'drizzle' || orm === 'supabase') {
+                usesParameterizedQueries = true;
+            }
+            // Check for explicit parameterized patterns
+            if (/\$\d+|\?\s*,|\?(?=\s*\))|:[\w]+/i.test(content) && /query|execute|sql/i.test(content)) {
+                usesParameterizedQueries = true;
+            }
+        }
+        // Detect database type
+        if (!databaseType) {
+            if (/postgres|pg\.|@vercel\/postgres/i.test(content)) {
+                databaseType = 'postgres';
+            }
+            else if (/mysql|mysql2/i.test(content)) {
+                databaseType = 'mysql';
+            }
+            else if (/mongodb|mongoose/i.test(content)) {
+                databaseType = 'mongodb';
+            }
+            else if (/sqlite|better-sqlite/i.test(content)) {
+                databaseType = 'sqlite';
+            }
+        }
+        // Detect RLS
+        if (!hasRLS && /row.?level.?security|RLS|\.rls\(|enable_rls/i.test(content)) {
+            hasRLS = true;
+        }
+        // Detect validation library
+        if (!validationLibrary) {
+            for (const { pattern, lib } of VALIDATION_LIBRARY_PATTERNS) {
+                if (pattern.test(content)) {
+                    validationLibrary = lib;
+                    break;
+                }
+            }
+        }
+    }
+    // If no ORM detected but SQL patterns found, mark as raw_sql
+    if (!orm) {
+        const hasRawSql = files.some(f => /SELECT\s+.*FROM|INSERT\s+INTO|UPDATE\s+.*SET|DELETE\s+FROM/i.test(f.content));
+        if (hasRawSql) {
+            orm = 'raw_sql';
+        }
+    }
+    return {
+        orm,
+        usesParameterizedQueries,
+        databaseType,
+        hasRLS,
+        validationLibrary,
+    };
+}
+function buildSecretsContext(files) {
+    let usesEnvVars = false;
+    let usesSecretManager = false;
+    let secretManagerType = undefined;
+    let hasEnvFiles = false;
+    let hasClientExposedEnvVars = false;
+    for (const file of files) {
+        // Check for .env files
+        if (file.path.includes('.env')) {
+            hasEnvFiles = true;
+        }
+        // Check for env var usage
+        if (/process\.env\.|import\.meta\.env\.|Deno\.env/i.test(file.content)) {
+            usesEnvVars = true;
+        }
+        // Check for NEXT_PUBLIC_ pattern
+        if (/NEXT_PUBLIC_/i.test(file.content)) {
+            hasClientExposedEnvVars = true;
+        }
+        // Check for secret managers
+        if (!usesSecretManager) {
+            for (const { pattern, type } of SECRET_MANAGER_PATTERNS) {
+                if (pattern.test(file.content)) {
+                    usesSecretManager = true;
+                    secretManagerType = type;
+                    break;
+                }
+            }
+        }
+    }
+    return {
+        usesEnvVars,
+        usesSecretManager,
+        secretManagerType,
+        hasEnvFiles,
+        hasClientExposedEnvVars,
+    };
+}
+function buildFrameworkContext(files) {
+    let primary = undefined;
+    let frontend = undefined;
+    let isMonorepo = false;
+    let usesTypeScript = false;
+    let usesServerComponents = false;
+    let usesServerActions = false;
+    // Check for package.json to detect frameworks
+    const packageJson = files.find(f => f.path === 'package.json' || f.path.endsWith('/package.json'));
+    if (packageJson) {
+        const content = packageJson.content;
+        // Primary framework detection
+        if (/["']next["']/i.test(content)) {
+            primary = 'nextjs';
+        }
+        else if (/["']express["']/i.test(content)) {
+            primary = 'express';
+        }
+        else if (/["']fastify["']/i.test(content)) {
+            primary = 'fastify';
+        }
+        else if (/["']@nestjs\/core["']/i.test(content)) {
+            primary = 'nestjs';
+        }
+        // Frontend framework detection
+        if (/["']react["']/i.test(content)) {
+            frontend = 'react';
+        }
+        else if (/["']vue["']/i.test(content)) {
+            frontend = 'vue';
+        }
+        else if (/["']svelte["']/i.test(content)) {
+            frontend = 'svelte';
+        }
+        else if (/["']@angular\/core["']/i.test(content)) {
+            frontend = 'angular';
+        }
+        // Monorepo detection
+        if (/["']workspaces["']|turbo\.json|lerna\.json|pnpm-workspace/i.test(content)) {
+            isMonorepo = true;
+        }
+    }
+    // Check for TypeScript
+    usesTypeScript = files.some(f => f.path.endsWith('.ts') || f.path.endsWith('.tsx'));
+    // Check for Next.js 13+ patterns
+    for (const file of files) {
+        if (/['"]use server['"]/.test(file.content)) {
+            usesServerActions = true;
+        }
+        if (/['"]use client['"]/.test(file.content) || file.path.includes('/app/')) {
+            usesServerComponents = true; // App Router implies server components
+        }
+    }
+    return {
+        primary,
+        frontend,
+        isMonorepo,
+        usesTypeScript,
+        usesServerComponents,
+        usesServerActions,
+    };
+}
+function buildStructureContext(files) {
+    const fileTypes = {};
+    let hasApiRoutes = false;
+    let hasMiddleware = false;
+    let hasServerActions = false;
+    for (const file of files) {
+        // Count file types
+        const ext = getFileExtension(file.path);
+        fileTypes[ext] = (fileTypes[ext] || 0) + 1;
+        // Check for API routes
+        if (/\/api\/|route\.(ts|js)$|\/routes\//i.test(file.path)) {
+            hasApiRoutes = true;
+        }
+        // Check for middleware
+        if (/middleware\.(ts|js)$/i.test(file.path)) {
+            hasMiddleware = true;
+        }
+        // Check for server actions
+        if (/\/actions\/|\.action\.(ts|js)$/i.test(file.path) || /['"]use server['"]/.test(file.content)) {
+            hasServerActions = true;
+        }
+    }
+    return {
+        hasApiRoutes,
+        hasMiddleware,
+        hasServerActions,
+        totalFiles: files.length,
+        fileTypes,
+    };
+}
+// ============================================================================
+// Summary Generator
+// ============================================================================
+function generateContextSummary(ctx) {
+    const lines = [];
+    lines.push('## Project Security Context');
+    lines.push('');
+    // Framework info
+    if (ctx.frameworks.primary) {
+        lines.push(`**Framework:** ${ctx.frameworks.primary}${ctx.frameworks.frontend ? ` + ${ctx.frameworks.frontend}` : ''}`);
+    }
+    if (ctx.frameworks.usesTypeScript) {
+        lines.push('**Language:** TypeScript');
+    }
+    if (ctx.frameworks.usesServerComponents || ctx.frameworks.usesServerActions) {
+        lines.push(`**Patterns:** ${[
+            ctx.frameworks.usesServerComponents && 'Server Components',
+            ctx.frameworks.usesServerActions && 'Server Actions',
+        ].filter(Boolean).join(', ')}`);
+    }
+    lines.push('');
+    // Auth info
+    lines.push('### Authentication & Access Control');
+    if (ctx.auth.hasGlobalMiddleware) {
+        lines.push(`- **Global auth middleware detected** (${ctx.auth.authProvider || 'custom'})`);
+        if (ctx.auth.middlewareFile) {
+            lines.push(`  - Middleware file: \`${ctx.auth.middlewareFile}\``);
+        }
+        if (ctx.auth.protectedPaths.length > 0) {
+            lines.push(`  - Protected paths: ${ctx.auth.protectedPaths.join(', ')}`);
+        }
+        if (ctx.auth.publicPaths.length > 0) {
+            lines.push(`  - Public paths: ${ctx.auth.publicPaths.join(', ')}`);
+        }
+    }
+    else {
+        lines.push('- No global auth middleware detected');
+    }
+    if (ctx.auth.authHelpers.length > 0) {
+        lines.push(`- **Auth helpers found:** ${ctx.auth.authHelpers.join(', ')}`);
+    }
+    // Throwing auth helpers - CRITICAL for AI validation
+    if (ctx.auth.throwingAuthHelpers && ctx.auth.throwingAuthHelpers.length > 0) {
+        lines.push('- **Throwing auth helpers detected** (these GUARANTEE authenticated context):');
+        for (const helper of ctx.auth.throwingAuthHelpers) {
+            const location = helper.definedIn ? ` (in ${helper.definedIn})` : '';
+            lines.push(`  - \`${helper.name}()\`${location} - throws/redirects on missing auth`);
+        }
+        lines.push('  - Code AFTER these calls is guaranteed to have an authenticated user');
+        lines.push('  - Do NOT flag "missing auth" or suggest `if (!userId)` checks after these calls');
+    }
+    if (ctx.auth.hasUserScoping) {
+        lines.push('- **User scoping detected** in database queries (data is filtered by user/tenant ID)');
+    }
+    lines.push('');
+    // Data access info
+    lines.push('### Data Access');
+    if (ctx.dataAccess.orm) {
+        lines.push(`- **ORM/Query Builder:** ${ctx.dataAccess.orm}`);
+        if (ctx.dataAccess.usesParameterizedQueries) {
+            lines.push('  - Uses parameterized queries by default (SQL injection protection)');
+        }
+    }
+    if (ctx.dataAccess.databaseType) {
+        lines.push(`- **Database:** ${ctx.dataAccess.databaseType}`);
+    }
+    if (ctx.dataAccess.hasRLS) {
+        lines.push('- **Row Level Security (RLS)** is enabled');
+    }
+    if (ctx.dataAccess.validationLibrary) {
+        lines.push(`- **Input validation:** ${ctx.dataAccess.validationLibrary}`);
+    }
+    lines.push('');
+    // Secrets info
+    lines.push('### Secrets & Configuration');
+    if (ctx.secrets.usesEnvVars) {
+        lines.push('- Uses environment variables for configuration');
+    }
+    if (ctx.secrets.usesSecretManager) {
+        lines.push(`- Uses secret manager: ${ctx.secrets.secretManagerType}`);
+    }
+    if (ctx.secrets.hasClientExposedEnvVars) {
+        lines.push('- Has NEXT_PUBLIC_ env vars (intentionally client-exposed)');
+    }
+    lines.push('');
+    // Validation guidance
+    lines.push('### Validation Guidance');
+    lines.push('Based on this context:');
+    if (ctx.auth.hasGlobalMiddleware) {
+        lines.push(`- Routes under protected paths are guarded by ${ctx.auth.authProvider || 'auth'} middleware`);
+        lines.push('- Downgrade "missing auth" findings for routes covered by middleware');
+    }
+    if (ctx.auth.throwingAuthHelpers && ctx.auth.throwingAuthHelpers.length > 0) {
+        lines.push('- Throwing auth helpers provide guaranteed auth context - do NOT suggest redundant null checks');
+    }
+    if (ctx.auth.hasUserScoping) {
+        lines.push('- Database queries are scoped by user ID - cross-tenant access is mitigated');
+    }
+    if (ctx.dataAccess.usesParameterizedQueries) {
+        lines.push('- SQL injection risk is low due to parameterized queries');
+    }
+    if (ctx.dataAccess.hasRLS) {
+        lines.push('- RLS provides database-level access control');
+    }
+    // OAuth flow context
+    if (ctx.oauth && (ctx.oauth.hasStateGeneration || ctx.oauth.hasStateValidation || ctx.oauth.hasCodeVerifier)) {
+        lines.push('');
+        lines.push('### OAuth Flow');
+        if ((0, oauth_flow_detector_1.isOAuthStateImplemented)(ctx.oauth)) {
+            lines.push('- **OAuth state is properly implemented** across files');
+            if (ctx.oauth.stateGenerationFile) {
+                lines.push(`  - State generated in: \`${ctx.oauth.stateGenerationFile}\``);
+            }
+            if (ctx.oauth.stateValidationFile) {
+                lines.push(`  - State validated in: \`${ctx.oauth.stateValidationFile}\``);
+            }
+            lines.push('- Do NOT flag "OAuth state missing" - it is implemented correctly');
+        }
+        else if (ctx.oauth.flowType === 'client_credentials') {
+            lines.push('- **Client credentials flow detected** - no state parameter needed');
+        }
+        else if (ctx.oauth.hasCodeVerifier) {
+            lines.push('- **PKCE flow detected** - code_verifier provides CSRF protection');
+        }
+        if (ctx.oauth.providers.length > 0) {
+            lines.push(`- OAuth providers: ${ctx.oauth.providers.join(', ')}`);
+        }
+    }
+    // tRPC context
+    if (ctx.trpc && ctx.trpc.hasTRPC) {
+        lines.push('');
+        lines.push('### tRPC');
+        lines.push(`- ${(0, trpc_analyzer_1.getTRPCSummary)(ctx.trpc)}`);
+        const protectedRouters = Array.from(ctx.trpc.routers.values()).filter(r => r.isProtected);
+        if (protectedRouters.length > 0) {
+            lines.push('- **Protected tRPC routers detected:**');
+            for (const router of protectedRouters) {
+                lines.push(`  - \`${router.name}\` router is protected by auth middleware`);
+            }
+            lines.push('- Frontend calls to protected tRPC procedures are SAFE - backend handles auth');
+            lines.push('- Do NOT flag "missing role check" on frontend components calling protected tRPC procedures');
+        }
+    }
+    return lines.join('\n');
+}
+// ============================================================================
+// Helpers
+// ============================================================================
+function isCodeFile(path) {
+    return /\.(ts|tsx|js|jsx|mjs|cjs|py|rb|php|go|java|cs)$/i.test(path);
+}
+function getFileExtension(path) {
+    const match = path.match(/\.([^.]+)$/);
+    return match ? `.${match[1]}` : 'unknown';
+}
+/**
+ * Generate a compact context string for a single file validation
+ * Used when validating findings in a specific file
+ */
+function getFileValidationContext(file, projectContext) {
+    const lines = [];
+    // Include relevant project context
+    lines.push(projectContext.summary);
+    lines.push('');
+    // Add file-specific context
+    lines.push(`### Current File: \`${file.path}\``);
+    // Determine if this file is server-only
+    const isServerFile = /\/api\/|\/server\/|\.server\.|\/actions\/|route\.(ts|js)$|middleware\.(ts|js)$/i.test(file.path);
+    if (isServerFile) {
+        lines.push('- This is a **server-only** file (not bundled to client)');
+    }
+    // Check if file is under protected routes
+    if (projectContext.auth.hasGlobalMiddleware) {
+        const isProtected = projectContext.auth.protectedPaths.some(p => file.path.includes(p.replace(/\*\*/g, '').replace(/\*/g, '')));
+        if (isProtected) {
+            lines.push(`- This route is **protected by ${projectContext.auth.authProvider || 'auth'} middleware**`);
+        }
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=project-context.js.map

package/dist/model/project-context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-context.js","sourceRoot":"","sources":["../../src/model/project-context.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAqKH,kDAkCC;AAgdD,4DA8BC;AAlrBD,+DAAwH;AACxH,iEAAmG;AACnG,+DAA4H;AAC5H,mDAA4F;AA6G5F,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E,MAAM,oBAAoB,GAAG;IAC3B,EAAE,OAAO,EAAE,mCAAmC,EAAE,IAAI,EAAE,gBAAgB,EAAE;IACxE,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,kBAAkB,EAAE;IACpE,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,YAAY,EAAE;IAC/D,EAAE,OAAO,EAAE,mCAAmC,EAAE,IAAI,EAAE,aAAa,EAAE;IACrE,EAAE,OAAO,EAAE,4BAA4B,EAAE,IAAI,EAAE,aAAa,EAAE;IAC9D,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACnE,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,UAAU,EAAE;IACpD,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC1D,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,QAAQ,EAAE;CACrD,CAAA;AAED,MAAM,YAAY,GAAG;IACnB,EAAE,OAAO,EAAE,8CAA8C,EAAE,GAAG,EAAE,QAAiB,EAAE;IACnF,EAAE,OAAO,EAAE,uCAAuC,EAAE,GAAG,EAAE,SAAkB,EAAE;IAC7E,EAAE,OAAO,EAAE,+DAA+D,EAAE,GAAG,EAAE,UAAmB,EAAE;IACtG,EAAE,OAAO,EAAE,4CAA4C,EAAE,GAAG,EAAE,UAAmB,EAAE;IACnF,EAAE,OAAO,EAAE,qCAAqC,EAAE,GAAG,EAAE,WAAoB,EAAE;IAC7E,EAAE,OAAO,EAAE,oCAAoC,EAAE,GAAG,EAAE,SAAkB,EAAE;IAC1E,EAAE,OAAO,EAAE,6BAA6B,EAAE,GAAG,EAAE,MAAe,EAAE;CACjE,CAAA;AAED,MAAM,2BAA2B,GAAG;IAClC,EAAE,OAAO,EAAE,+BAA+B,EAAE,GAAG,EAAE,KAAK,EAAE;IACxD,EAAE,OAAO,EAAE,iCAAiC,EAAE,GAAG,EAAE,KAAK,EAAE;IAC1D,EAAE,OAAO,EAAE,iCAAiC,EAAE,GAAG,EAAE,KAAK,EAAE;IAC1D,EAAE,OAAO,EAAE,mCAAmC,EAAE,GAAG,EAAE,SAAS,EAAE;IAChE,EAAE,OAAO,EAAE,oDAAoD,EAAE,GAAG,EAAE,iBAAiB,EAAE;CAC1F,CAAA;AAED,MAAM,uBAAuB,GAAG;IAC9B,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,qBAAqB,EAAE;IACnF,EAAE,OAAO,EAAE,0DAA0D,EAAE,IAAI,EAAE,uBAAuB,EAAE;IACtG,EAAE,OAAO,EAAE,kCAAkC,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACxE,EAAE,OAAO,EAAE,+BAA+B,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACrE,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,mBAAmB,EAAE;CAC7D,CAAA;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,KAAiB;IACnD,kCAAkC;IAClC,MAAM,gBAAgB,GAAG,IAAA,gDAA0B,EAAC,KAAK,CAAC,CAAA;IAE1D,oCAAoC;IACpC,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAA;IACtD,MAAM,UAAU,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAA;IAChD,MAAM,OAAO,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAA;IAC1C,MAAM,UAAU,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAA;IAC/C,MAAM,SAAS,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAA;IAC9C,MAAM,KAAK,GAAG,IAAA,qCAAe,EAAC,KAAK,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,IAAA,kCAAkB,EAAC,KAAK,CAAC,CAAA;IAEtC,wCAAwC;IACxC,MAAM,OAAO,GAAG,sBAAsB,CAAC;QACrC,IAAI;QACJ,UAAU;QACV,OAAO;QACP,UAAU;QACV,SAAS;QACT,KAAK;QACL,IAAI;KACL,CAAC,CAAA;IAEF,OAAO;QACL,OAAO;QACP,IAAI;QACJ,UAAU;QACV,OAAO;QACP,UAAU;QACV,SAAS;QACT,KAAK;QACL,IAAI;KACL,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,SAAS,gBAAgB,CAAC,KAAiB,EAAE,gBAAsC;IACjF,MAAM,eAAe,GAAa,EAAE,CAAA;IACpC,IAAI,cAAc,GAAG,KAAK,CAAA;IAC1B,MAAM,mBAAmB,GAAa,EAAE,CAAA;IAExC,iFAAiF;IACjF,MAAM,iBAAiB,GAAG,IAAA,wCAAiB,EAAC,KAAK,CAAC,CAAA;IAClD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,CAAA;IAEpF,+DAA+D;IAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,sBAAsB;QACtB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAQ;QAEpC,gDAAgD;QAChD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,oBAAoB,EAAE,CAAC;YACrD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClE,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC5B,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,MAAM,OAAO,GAAG,IAAA,+CAAyB,EAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACvD,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,cAAc,GAAG,IAAI,CAAA;YACrB,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACjC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;oBACrC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gBAC7B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,KAAK,MAAM,MAAM,IAAI,iBAAiB,CAAC,OAAO,EAAE,CAAC;QAC/C,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QACnC,CAAC;IACH,CAAC;IAED,OAAO;QACL,mBAAmB,EAAE,gBAAgB,CAAC,iBAAiB;QACvD,YAAY,EAAE,gBAAgB,CAAC,QAAQ;QACvC,cAAc,EAAE,gBAAgB,CAAC,cAAc;QAC/C,cAAc,EAAE,gBAAgB,CAAC,cAAc;QAC/C,WAAW,EAAE,gBAAgB,CAAC,WAAW;QACzC,WAAW,EAAE,eAAe;QAC5B,iBAAiB;QACjB,mBAAmB;QACnB,cAAc;QACd,mBAAmB;KACpB,CAAA;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAiB;IAC/C,IAAI,GAAG,GAA6B,SAAS,CAAA;IAC7C,IAAI,wBAAwB,GAAG,KAAK,CAAA;IACpC,IAAI,YAAY,GAAsC,SAAS,CAAA;IAC/D,IAAI,MAAM,GAAG,KAAK,CAAA;IAClB,IAAI,iBAAiB,GAAuB,SAAS,CAAA;IAErD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAQ;QACpC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;QAE5B,aAAa;QACb,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,KAAK,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,YAAY,EAAE,CAAC;gBACrD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC1B,GAAG,GAAG,OAAO,CAAA;oBACb,MAAK;gBACP,CAAC;YACH,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC,wBAAwB,EAAE,CAAC;YAC9B,6DAA6D;YAC7D,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;gBAChE,wBAAwB,GAAG,IAAI,CAAA;YACjC,CAAC;YACD,4CAA4C;YAC5C,IAAI,kCAAkC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3F,wBAAwB,GAAG,IAAI,CAAA;YACjC,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,IAAI,kCAAkC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACrD,YAAY,GAAG,UAAU,CAAA;YAC3B,CAAC;iBAAM,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzC,YAAY,GAAG,OAAO,CAAA;YACxB,CAAC;iBAAM,IAAI,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7C,YAAY,GAAG,SAAS,CAAA;YAC1B,CAAC;iBAAM,IAAI,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjD,YAAY,GAAG,QAAQ,CAAA;YACzB,CAAC;QACH,CAAC;QAED,aAAa;QACb,IAAI,CAAC,MAAM,IAAI,8CAA8C,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5E,MAAM,GAAG,IAAI,CAAA;QACf,CAAC;QAED,4BAA4B;QAC5B,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,KAAK,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,2BAA2B,EAAE,CAAC;gBAC3D,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC1B,iBAAiB,GAAG,GAAG,CAAA;oBACvB,MAAK;gBACP,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC/B,6DAA6D,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAC9E,CAAA;QACD,IAAI,SAAS,EAAE,CAAC;YACd,GAAG,GAAG,SAAS,CAAA;QACjB,CAAC;IACH,CAAC;IAED,OAAO;QACL,GAAG;QACH,wBAAwB;QACxB,YAAY;QACZ,MAAM;QACN,iBAAiB;KAClB,CAAA;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAiB;IAC5C,IAAI,WAAW,GAAG,KAAK,CAAA;IACvB,IAAI,iBAAiB,GAAG,KAAK,CAAA;IAC7B,IAAI,iBAAiB,GAAuB,SAAS,CAAA;IACrD,IAAI,WAAW,GAAG,KAAK,CAAA;IACvB,IAAI,uBAAuB,GAAG,KAAK,CAAA;IAEnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,uBAAuB;QACvB,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,WAAW,GAAG,IAAI,CAAA;QACpB,CAAC;QAED,0BAA0B;QAC1B,IAAI,+CAA+C,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACvE,WAAW,GAAG,IAAI,CAAA;QACpB,CAAC;QAED,iCAAiC;QACjC,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACvC,uBAAuB,GAAG,IAAI,CAAA;QAChC,CAAC;QAED,4BAA4B;QAC5B,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,uBAAuB,EAAE,CAAC;gBACxD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/B,iBAAiB,GAAG,IAAI,CAAA;oBACxB,iBAAiB,GAAG,IAAI,CAAA;oBACxB,MAAK;gBACP,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW;QACX,iBAAiB;QACjB,iBAAiB;QACjB,WAAW;QACX,uBAAuB;KACxB,CAAA;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAiB;IAC9C,IAAI,OAAO,GAAgC,SAAS,CAAA;IACpD,IAAI,QAAQ,GAAiC,SAAS,CAAA;IACtD,IAAI,UAAU,GAAG,KAAK,CAAA;IACtB,IAAI,cAAc,GAAG,KAAK,CAAA;IAC1B,IAAI,oBAAoB,GAAG,KAAK,CAAA;IAChC,IAAI,iBAAiB,GAAG,KAAK,CAAA;IAE7B,8CAA8C;IAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAA;IAClG,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAA;QAEnC,8BAA8B;QAC9B,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,OAAO,GAAG,QAAQ,CAAA;QACpB,CAAC;aAAM,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5C,OAAO,GAAG,SAAS,CAAA;QACrB,CAAC;aAAM,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5C,OAAO,GAAG,SAAS,CAAA;QACrB,CAAC;aAAM,IAAI,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAClD,OAAO,GAAG,QAAQ,CAAA;QACpB,CAAC;QAED,+BAA+B;QAC/B,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,QAAQ,GAAG,OAAO,CAAA;QACpB,CAAC;aAAM,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACxC,QAAQ,GAAG,KAAK,CAAA;QAClB,CAAC;aAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3C,QAAQ,GAAG,QAAQ,CAAA;QACrB,CAAC;aAAM,IAAI,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACnD,QAAQ,GAAG,SAAS,CAAA;QACtB,CAAC;QAED,qBAAqB;QACrB,IAAI,4DAA4D,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/E,UAAU,GAAG,IAAI,CAAA;QACnB,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAA;IAEnF,iCAAiC;IACjC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5C,iBAAiB,GAAG,IAAI,CAAA;QAC1B,CAAC;QACD,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3E,oBAAoB,GAAG,IAAI,CAAA,CAAC,uCAAuC;QACrE,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO;QACP,QAAQ;QACR,UAAU;QACV,cAAc;QACd,oBAAoB;QACpB,iBAAiB;KAClB,CAAA;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAiB;IAC9C,MAAM,SAAS,GAA2B,EAAE,CAAA;IAC5C,IAAI,YAAY,GAAG,KAAK,CAAA;IACxB,IAAI,aAAa,GAAG,KAAK,CAAA;IACzB,IAAI,gBAAgB,GAAG,KAAK,CAAA;IAE5B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,mBAAmB;QACnB,MAAM,GAAG,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACvC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;QAE1C,uBAAuB;QACvB,IAAI,qCAAqC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1D,YAAY,GAAG,IAAI,CAAA;QACrB,CAAC;QAED,uBAAuB;QACvB,IAAI,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5C,aAAa,GAAG,IAAI,CAAA;QACtB,CAAC;QAED,2BAA2B;QAC3B,IAAI,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACjG,gBAAgB,GAAG,IAAI,CAAA;QACzB,CAAC;IACH,CAAC;IAED,OAAO;QACL,YAAY;QACZ,aAAa;QACb,gBAAgB;QAChB,UAAU,EAAE,KAAK,CAAC,MAAM;QACxB,SAAS;KACV,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,SAAS,sBAAsB,CAAC,GAAoC;IAClE,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAA;IACzC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,iBAAiB;IACjB,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,kBAAkB,GAAG,CAAC,UAAU,CAAC,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACzH,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAA;IACxC,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,IAAI,GAAG,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC;QAC5E,KAAK,CAAC,IAAI,CAAC,iBAAiB;YAC1B,GAAG,CAAC,UAAU,CAAC,oBAAoB,IAAI,mBAAmB;YAC1D,GAAG,CAAC,UAAU,CAAC,iBAAiB,IAAI,gBAAgB;SACrD,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACjC,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,YAAY;IACZ,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAA;IACjD,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,0CAA0C,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,QAAQ,GAAG,CAAC,CAAA;QAC1F,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,0BAA0B,GAAG,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,CAAA;QACnE,CAAC;QACD,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,wBAAwB,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC1E,CAAC;QACD,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,KAAK,CAAC,IAAI,CAAC,qBAAqB,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACpE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAA;IACpD,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,6BAA6B,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC5E,CAAC;IAED,qDAAqD;IACrD,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5E,KAAK,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAA;QAC3F,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAClD,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;YACpE,KAAK,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,IAAI,OAAO,QAAQ,qCAAqC,CAAC,CAAA;QACtF,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAA;QACpF,KAAK,CAAC,IAAI,CAAC,mFAAmF,CAAC,CAAA;IACjG,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,sFAAsF,CAAC,CAAA;IACpG,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,mBAAmB;IACnB,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;IAC7B,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,4BAA4B,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAA;QAC5D,IAAI,GAAG,CAAC,UAAU,CAAC,wBAAwB,EAAE,CAAC;YAC5C,KAAK,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAA;QACpF,CAAC;IACH,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,mBAAmB,GAAG,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAA;IAC9D,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAA;IACzD,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,2BAA2B,GAAG,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAA;IAC3E,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,eAAe;IACf,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAA;IACzC,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAA;IAC9D,CAAC;IACD,IAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,0BAA0B,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAA;IACvE,CAAC;IACD,IAAI,GAAG,CAAC,OAAO,CAAC,uBAAuB,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAA;IAC1E,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,sBAAsB;IACtB,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAA;IACrC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAA;IAEpC,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,iDAAiD,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,MAAM,aAAa,CAAC,CAAA;QACzG,KAAK,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAA;IACpF,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5E,KAAK,CAAC,IAAI,CAAC,gGAAgG,CAAC,CAAA;IAC9G,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,6EAA6E,CAAC,CAAA;IAC3F,CAAC;IAED,IAAI,GAAG,CAAC,UAAU,CAAC,wBAAwB,EAAE,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAA;IACxE,CAAC;IAED,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAA;IAC5D,CAAC;IAED,qBAAqB;IACrB,IAAI,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;QAC7G,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACd,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;QAC5B,IAAI,IAAA,6CAAuB,EAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAA;YACpE,IAAI,GAAG,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;gBAClC,KAAK,CAAC,IAAI,CAAC,6BAA6B,GAAG,CAAC,KAAK,CAAC,mBAAmB,IAAI,CAAC,CAAA;YAC5E,CAAC;YACD,IAAI,GAAG,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;gBAClC,KAAK,CAAC,IAAI,CAAC,6BAA6B,GAAG,CAAC,KAAK,CAAC,mBAAmB,IAAI,CAAC,CAAA;YAC5E,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAA;QACjF,CAAC;aAAM,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,KAAK,oBAAoB,EAAE,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAA;QAClF,CAAC;aAAM,IAAI,GAAG,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAA;QACjF,CAAC;QACD,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,sBAAsB,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACpE,CAAC;IACH,CAAC;IAED,eAAe;IACf,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACd,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACtB,KAAK,CAAC,IAAI,CAAC,KAAK,IAAA,8BAAc,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAE3C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;QACzF,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAA;YACpD,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;gBACtC,KAAK,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,IAAI,2CAA2C,CAAC,CAAA;YAC7E,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAA;YAC3F,KAAK,CAAC,IAAI,CAAC,6FAA6F,CAAC,CAAA;QAC3G,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC;AAED,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,kDAAkD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACtE,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;IACtC,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;AAC3C,CAAC;AAED;;;GAGG;AACH,SAAgB,wBAAwB,CACtC,IAAc,EACd,cAA8B;IAE9B,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,mCAAmC;IACnC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAA;IAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,4BAA4B;IAC5B,KAAK,CAAC,IAAI,CAAC,uBAAuB,IAAI,CAAC,IAAI,IAAI,CAAC,CAAA;IAEhD,wCAAwC;IACxC,MAAM,YAAY,GAAG,iFAAiF,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACtH,IAAI,YAAY,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAA;IACxE,CAAC;IAED,0CAA0C;IAC1C,IAAI,cAAc,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC5C,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC9D,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAC9D,CAAA;QACD,IAAI,WAAW,EAAE,CAAC;YAChB,KAAK,CAAC,IAAI,CAAC,kCAAkC,cAAc,CAAC,IAAI,CAAC,YAAY,IAAI,MAAM,eAAe,CAAC,CAAA;QACzG,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC"}

package/dist/model/route-auth-resolver.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Route Auth Resolver
+ *
+ * Resolves authentication chains for discovered routes by combining
+ * multiple auth signals: direct middleware, mount-level, global,
+ * filesystem middleware, route hierarchy, and throwing auth helpers.
+ */
+import type { ScanFile } from '../shared/types';
+import type { RouteMap, MountPoint } from './route-discovery';
+import type { MiddlewareAuthConfig } from './middleware-detector';
+import type { ModuleGraph } from './module-graph';
+/**
+ * Resolve auth middleware for all routes in the route map.
+ *
+ * Resolution sources (priority order):
+ * 1. Direct middleware on route definition (already populated by extractors)
+ * 2. Mount-level middleware (app.use('/api', authMw))
+ * 2.5. Cross-file mount auth (file B imported by A which has mount-level auth)
+ * 3. Global middleware (app.use(authMw))
+ * 4. Next.js filesystem middleware (via isRouteProtectedByMiddleware)
+ * 5. Route hierarchy (via getRouteProtectionContext)
+ * 6. Throwing auth helpers in handler body
+ *
+ * Returns a new RouteMap with authMiddleware populated.
+ */
+export declare function resolveRouteAuth(routeMap: RouteMap, mountPoints: MountPoint[], files: ScanFile[], middlewareConfig: MiddlewareAuthConfig, moduleGraph?: ModuleGraph): RouteMap;
+//# sourceMappingURL=route-auth-resolver.d.ts.map

package/dist/model/route-auth-resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"route-auth-resolver.d.ts","sourceRoot":"","sources":["../../src/model/route-auth-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,KAAK,EAAE,QAAQ,EAAmB,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9E,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAA;AAIjE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AA+BjD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,UAAU,EAAE,EACzB,KAAK,EAAE,QAAQ,EAAE,EACjB,gBAAgB,EAAE,oBAAoB,EACtC,WAAW,CAAC,EAAE,WAAW,GACxB,QAAQ,CA0EV"}