npm - @open-mercato/core - Versions diffs - 0.6.4-develop.4217.1.c9aa050183 → 0.6.4-develop.4239.1.4a264a5828 - Mend

@open-mercato/core 0.6.4-develop.4217.1.c9aa050183 → 0.6.4-develop.4239.1.4a264a5828

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (408) hide show

package/dist/helpers/integration/timesheetFixtures.js ADDED Viewed

@@ -0,0 +1,50 @@
+import { expect } from "@playwright/test";
+import { apiRequest } from "./api.js";
+import { deleteStaffEntityIfExists } from "./staffFixtures.js";
+async function createTimeProjectFixture(request, token, input) {
+  const response = await apiRequest(request, "POST", "/api/staff/timesheets/time-projects", {
+    token,
+    data: {
+      name: input?.name ?? `QA Project ${Date.now()}`,
+      code: input?.code ?? `QA-${Date.now()}`,
+      projectType: "internal",
+      status: "active"
+    }
+  });
+  expect(response.ok(), `Failed to create time project fixture: ${response.status()}`).toBeTruthy();
+  const body = await response.json();
+  expect(typeof body.id === "string" && body.id.length > 0).toBeTruthy();
+  return body.id;
+}
+async function assignEmployeeToProjectFixture(request, token, projectId, staffMemberId) {
+  const response = await apiRequest(request, "POST", `/api/staff/timesheets/time-projects/${projectId}/employees`, {
+    token,
+    data: { staffMemberId, status: "active", assignedStartDate: (/* @__PURE__ */ new Date()).toISOString().slice(0, 10) }
+  });
+  expect(response.ok(), `Failed to assign employee to project: ${response.status()}`).toBeTruthy();
+  const body = await response.json();
+  return body.id ?? "";
+}
+async function createTimeEntryFixture(request, token, input) {
+  const response = await apiRequest(request, "POST", "/api/staff/timesheets/time-entries", {
+    token,
+    data: {
+      staffMemberId: input.staffMemberId,
+      timeProjectId: input.timeProjectId,
+      date: input.date,
+      durationMinutes: input.durationMinutes,
+      source: "manual"
+    }
+  });
+  expect(response.ok(), `Failed to create time entry fixture: ${response.status()}`).toBeTruthy();
+  const body = await response.json();
+  expect(typeof body.id === "string" && body.id.length > 0).toBeTruthy();
+  return body.id;
+}
+export {
+  assignEmployeeToProjectFixture,
+  createTimeEntryFixture,
+  createTimeProjectFixture,
+  deleteStaffEntityIfExists
+};
+//# sourceMappingURL=timesheetFixtures.js.map

package/dist/helpers/integration/timesheetFixtures.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/helpers/integration/timesheetFixtures.ts"],
+  "sourcesContent": ["import { expect, type APIRequestContext } from '@playwright/test'\nimport { apiRequest } from './api'\nimport { deleteStaffEntityIfExists } from './staffFixtures'\n\nexport async function createTimeProjectFixture(\n  request: APIRequestContext,\n  token: string,\n  input?: { name?: string; code?: string },\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', '/api/staff/timesheets/time-projects', {\n    token,\n    data: {\n      name: input?.name ?? `QA Project ${Date.now()}`,\n      code: input?.code ?? `QA-${Date.now()}`,\n      projectType: 'internal',\n      status: 'active',\n    },\n  })\n  expect(response.ok(), `Failed to create time project fixture: ${response.status()}`).toBeTruthy()\n  const body = (await response.json()) as { id?: string }\n  expect(typeof body.id === 'string' && body.id.length > 0).toBeTruthy()\n  return body.id as string\n}\n\nexport async function assignEmployeeToProjectFixture(\n  request: APIRequestContext,\n  token: string,\n  projectId: string,\n  staffMemberId: string,\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', `/api/staff/timesheets/time-projects/${projectId}/employees`, {\n    token,\n    data: { staffMemberId, status: 'active', assignedStartDate: new Date().toISOString().slice(0, 10) },\n  })\n  expect(response.ok(), `Failed to assign employee to project: ${response.status()}`).toBeTruthy()\n  const body = (await response.json()) as { id?: string }\n  return body.id ?? ''\n}\n\nexport async function createTimeEntryFixture(\n  request: APIRequestContext,\n  token: string,\n  input: { staffMemberId: string; timeProjectId: string; date: string; durationMinutes: number },\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', '/api/staff/timesheets/time-entries', {\n    token,\n    data: {\n      staffMemberId: input.staffMemberId,\n      timeProjectId: input.timeProjectId,\n      date: input.date,\n      durationMinutes: input.durationMinutes,\n      source: 'manual',\n    },\n  })\n  expect(response.ok(), `Failed to create time entry fixture: ${response.status()}`).toBeTruthy()\n  const body = (await response.json()) as { id?: string }\n  expect(typeof body.id === 'string' && body.id.length > 0).toBeTruthy()\n  return body.id as string\n}\n\nexport { deleteStaffEntityIfExists }\n"],
+  "mappings": "AAAA,SAAS,cAAsC;AAC/C,SAAS,kBAAkB;AAC3B,SAAS,iCAAiC;AAE1C,eAAsB,yBACpB,SACA,OACA,OACiB;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,uCAAuC;AAAA,IACxF;AAAA,IACA,MAAM;AAAA,MACJ,MAAM,OAAO,QAAQ,cAAc,KAAK,IAAI,CAAC;AAAA,MAC7C,MAAM,OAAO,QAAQ,MAAM,KAAK,IAAI,CAAC;AAAA,MACrC,aAAa;AAAA,MACb,QAAQ;AAAA,IACV;AAAA,EACF,CAAC;AACD,SAAO,SAAS,GAAG,GAAG,0CAA0C,SAAS,OAAO,CAAC,EAAE,EAAE,WAAW;AAChG,QAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,SAAO,OAAO,KAAK,OAAO,YAAY,KAAK,GAAG,SAAS,CAAC,EAAE,WAAW;AACrE,SAAO,KAAK;AACd;AAEA,eAAsB,+BACpB,SACA,OACA,WACA,eACiB;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,uCAAuC,SAAS,cAAc;AAAA,IAC/G;AAAA,IACA,MAAM,EAAE,eAAe,QAAQ,UAAU,oBAAmB,oBAAI,KAAK,GAAE,YAAY,EAAE,MAAM,GAAG,EAAE,EAAE;AAAA,EACpG,CAAC;AACD,SAAO,SAAS,GAAG,GAAG,yCAAyC,SAAS,OAAO,CAAC,EAAE,EAAE,WAAW;AAC/F,QAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,SAAO,KAAK,MAAM;AACpB;AAEA,eAAsB,uBACpB,SACA,OACA,OACiB;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,sCAAsC;AAAA,IACvF;AAAA,IACA,MAAM;AAAA,MACJ,eAAe,MAAM;AAAA,MACrB,eAAe,MAAM;AAAA,MACrB,MAAM,MAAM;AAAA,MACZ,iBAAiB,MAAM;AAAA,MACvB,QAAQ;AAAA,IACV;AAAA,EACF,CAAC;AACD,SAAO,SAAS,GAAG,GAAG,wCAAwC,SAAS,OAAO,CAAC,EAAE,EAAE,WAAW;AAC9F,QAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,SAAO,OAAO,KAAK,OAAO,YAAY,KAAK,GAAG,SAAS,CAAC,EAAE,WAAW;AACrE,SAAO,KAAK;AACd;",
+  "names": []
+}

package/dist/modules/attachments/api/library/[id]/route.js CHANGED Viewed

@@ -146,21 +146,23 @@ async function PATCH(req, ctx) {
   if (parsed.data.tags) patch.tags = normalizeAttachmentTags(parsed.data.tags);
   if (parsed.data.assignments) patch.assignments = normalizeAttachmentAssignments(parsed.data.assignments);
   record.storageMetadata = mergeAttachmentMetadata(record.storageMetadata, patch);
-  await em.flush();
-  if (dataEngine && custom && Object.keys(custom).length) {
-    try {
-      await setCustomFieldsIfAny({
-        dataEngine,
-        entityId: E.attachments.attachment,
-        recordId: record.id,
-        tenantId: record.tenantId ?? auth.tenantId ?? null,
-        organizationId: record.organizationId ?? auth.orgId ?? null,
-        values: custom
-      });
-    } catch (error) {
-      console.error("[attachments] failed to persist custom attributes", error);
-      return NextResponse.json({ error: "Failed to save attachment attributes." }, { status: 500 });
-    }
+  try {
+    await em.transactional(async (tx) => {
+      await tx.flush();
+      if (dataEngine && custom && Object.keys(custom).length) {
+        await setCustomFieldsIfAny({
+          dataEngine,
+          entityId: E.attachments.attachment,
+          recordId: record.id,
+          tenantId: record.tenantId ?? auth.tenantId ?? null,
+          organizationId: record.organizationId ?? auth.orgId ?? null,
+          values: custom
+        });
+      }
+    });
+  } catch (error) {
+    console.error("[attachments] failed to persist custom attributes", error);
+    return NextResponse.json({ error: "Failed to save attachment attributes." }, { status: 500 });
   }
   if (dataEngine) {
     await emitCrudSideEffects({
@@ -221,8 +223,10 @@ async function DELETE(req, ctx) {
     tenantId: record.tenantId ?? auth.tenantId,
     organizationId: record.organizationId ?? auth.orgId
   });
-  await deleteDriver.delete(record.partitionCode, record.storagePath);
+  const recordPartitionCode = record.partitionCode;
+  const recordStoragePath = record.storagePath;
   await em.remove(record).flush();
+  await deleteDriver.delete(recordPartitionCode, recordStoragePath);
   if (dataEngine) {
     await emitCrudSideEffects({
       dataEngine,

package/dist/modules/attachments/api/library/[id]/route.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../../src/modules/attachments/api/library/%5Bid%5D/route.ts"],
-  "sourcesContent": ["import { NextRequest, NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { Attachment, AttachmentPartition } from '../../../data/entities'\nimport {\n  mergeAttachmentMetadata,\n  normalizeAttachmentAssignments,\n  normalizeAttachmentTags,\n  readAttachmentMetadata,\n} from '../../../lib/metadata'\nimport type { StorageDriverFactory } from '../../../lib/drivers'\nimport { splitCustomFieldPayload, loadCustomFieldValues } from '@open-mercato/shared/lib/crud/custom-fields'\nimport { emitCrudSideEffects, setCustomFieldsIfAny } from '@open-mercato/shared/lib/commands/helpers'\nimport { normalizeCustomFieldResponse } from '@open-mercato/shared/lib/custom-fields/normalize'\nimport { E } from '#generated/entities.ids.generated'\nimport type { QueryEngine } from '@open-mercato/shared/lib/query/types'\nimport type { DataEngine } from '@open-mercato/shared/lib/data/engine'\nimport { attachmentCrudEvents, attachmentCrudIndexer } from '../../../lib/crud'\nimport { applyAssignmentEnrichments, resolveAssignmentEnrichments } from '../../../lib/assignmentDetails'\nimport {\n  attachmentsTag,\n  attachmentDetailResponseSchema,\n  attachmentErrorSchema,\n} from '../../openapi'\n\nconst updateSchema = z.object({\n  tags: z.array(z.string()).optional(),\n  assignments: z\n    .array(\n      z.object({\n        type: z.string().min(1),\n        id: z.string().min(1),\n        href: z.string().nullable().optional(),\n        label: z.string().nullable().optional(),\n      }),\n    )\n    .optional(),\n})\n\nexport const metadata = {\n  GET: { requireAuth: true, requireFeatures: ['attachments.view'] },\n  PATCH: { requireAuth: true, requireFeatures: ['attachments.manage'] },\n  DELETE: { requireAuth: true, requireFeatures: ['attachments.manage'] },\n}\n\ntype RouteParams = { id: string }\ntype RouteContext = { params: Promise<RouteParams> }\n\nasync function resolveAttachmentId(ctx: RouteContext): Promise<string | null> {\n  const params = ctx?.params\n  try {\n    const { id } = await params\n    if (typeof id === 'string' && id.trim().length) {\n      return id\n    }\n    return null\n  } catch {\n    return null\n  }\n}\n\nexport async function GET(req: NextRequest, ctx: RouteContext) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || (!auth.orgId && !auth.isSuperAdmin)) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n  const attachmentId = await resolveAttachmentId(ctx)\n  if (!attachmentId) {\n    return NextResponse.json({ error: 'Attachment id is required' }, { status: 400 })\n  }\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  let queryEngine: QueryEngine | null = null\n  try {\n    queryEngine = resolve('queryEngine') as QueryEngine\n  } catch {\n    queryEngine = null\n  }\n  const findFilter: Record<string, unknown> = {\n    id: attachmentId,\n    tenantId: auth.tenantId,\n  }\n  if (auth.orgId) {\n    findFilter.organizationId = auth.orgId\n  }\n  const record = await em.findOne(Attachment, findFilter)\n  if (!record) {\n    return NextResponse.json({ error: 'Attachment not found' }, { status: 404 })\n  }\n  const metadata = readAttachmentMetadata(record.storageMetadata)\n  const partition = record.partitionCode\n    ? await em.findOne(AttachmentPartition, { code: record.partitionCode })\n    : null\n  const customFieldValues = await loadCustomFieldValues({\n    em,\n    entityId: E.attachments.attachment,\n    recordIds: [record.id],\n    tenantIdByRecord: { [record.id]: record.tenantId ?? auth.tenantId ?? null },\n    organizationIdByRecord: { [record.id]: record.organizationId ?? auth.orgId ?? null },\n    tenantFallbacks: [auth.tenantId ?? null].filter((value): value is string => !!value),\n  })\n  const customFields = normalizeCustomFieldResponse(customFieldValues[record.id])\n  const assignments = metadata.assignments ?? []\n  const enrichments = await resolveAssignmentEnrichments(assignments, {\n    queryEngine,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  })\n  const enrichedAssignments = applyAssignmentEnrichments(assignments, enrichments)\n  return NextResponse.json({\n    item: {\n      id: record.id,\n      fileName: record.fileName,\n      fileSize: record.fileSize,\n      mimeType: record.mimeType,\n      partitionCode: record.partitionCode,\n      partitionTitle: partition?.title ?? null,\n      tags: metadata.tags ?? [],\n      assignments: enrichedAssignments,\n      content: record.content && record.content.trim() ? record.content : null,\n      customFields,\n    },\n  })\n}\n\nexport async function PATCH(req: NextRequest, ctx: RouteContext) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || !auth.orgId) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n  const attachmentId = await resolveAttachmentId(ctx)\n  if (!attachmentId) {\n    return NextResponse.json({ error: 'Attachment id is required' }, { status: 400 })\n  }\n  const rawBody = await req.json().catch(() => null)\n  const { base, custom } = splitCustomFieldPayload(rawBody)\n  const parsed = updateSchema.safeParse(base)\n  if (!parsed.success) {\n    return NextResponse.json({ error: 'Invalid payload' }, { status: 400 })\n  }\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  let queryEngine: QueryEngine | null = null\n  try {\n    queryEngine = resolve('queryEngine') as QueryEngine\n  } catch {\n    queryEngine = null\n  }\n  const dataEngine = resolve('dataEngine') as DataEngine\n  const patchFilter: Record<string, unknown> = {\n    id: attachmentId,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  }\n  const record = await em.findOne(Attachment, patchFilter)\n  if (!record) {\n    return NextResponse.json({ error: 'Attachment not found' }, { status: 404 })\n  }\n  const patch: Record<string, unknown> = {}\n  if (parsed.data.tags) patch.tags = normalizeAttachmentTags(parsed.data.tags)\n  if (parsed.data.assignments) patch.assignments = normalizeAttachmentAssignments(parsed.data.assignments)\n  record.storageMetadata = mergeAttachmentMetadata(record.storageMetadata, patch)\n  await em.flush()\n\n  if (dataEngine && custom && Object.keys(custom).length) {\n    try {\n      await setCustomFieldsIfAny({\n        dataEngine,\n        entityId: E.attachments.attachment,\n        recordId: record.id,\n        tenantId: record.tenantId ?? auth.tenantId ?? null,\n        organizationId: record.organizationId ?? auth.orgId ?? null,\n        values: custom,\n      })\n    } catch (error) {\n      console.error('[attachments] failed to persist custom attributes', error)\n      return NextResponse.json({ error: 'Failed to save attachment attributes.' }, { status: 500 })\n    }\n  }\n\n  if (dataEngine) {\n    await emitCrudSideEffects({\n      dataEngine,\n      action: 'updated',\n      entity: record,\n      identifiers: {\n        id: record.id,\n        organizationId: record.organizationId ?? auth.orgId ?? null,\n        tenantId: record.tenantId ?? auth.tenantId ?? null,\n      },\n      events: attachmentCrudEvents,\n      indexer: attachmentCrudIndexer,\n    })\n    await dataEngine.flushOrmEntityChanges()\n  }\n\n  const metadata = readAttachmentMetadata(record.storageMetadata)\n  const assignments = metadata.assignments ?? []\n  const enrichments = await resolveAssignmentEnrichments(assignments, {\n    queryEngine,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  })\n  const enrichedAssignments = applyAssignmentEnrichments(assignments, enrichments)\n  return NextResponse.json({\n    ok: true,\n    item: {\n      id: record.id,\n      tags: metadata.tags ?? [],\n      assignments: enrichedAssignments,\n      customFields: normalizeCustomFieldResponse(custom ?? null),\n    },\n  })\n}\n\nexport async function DELETE(req: NextRequest, ctx: RouteContext) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || !auth.orgId) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n  const attachmentId = await resolveAttachmentId(ctx)\n  if (!attachmentId) {\n    return NextResponse.json({ error: 'Attachment id is required' }, { status: 400 })\n  }\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  const dataEngine = resolve('dataEngine') as DataEngine\n  const storageDriverFactory = resolve('storageDriverFactory') as StorageDriverFactory\n  const deleteFilter: Record<string, unknown> = {\n    id: attachmentId,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  }\n  const record = await em.findOne(Attachment, deleteFilter)\n  if (!record) {\n    return NextResponse.json({ error: 'Attachment not found' }, { status: 404 })\n  }\n  const deleteDriver = await storageDriverFactory.resolveForPartition(record.partitionCode, {\n    tenantId: record.tenantId ?? auth.tenantId,\n    organizationId: record.organizationId ?? auth.orgId,\n  })\n  await deleteDriver.delete(record.partitionCode, record.storagePath)\n  await em.remove(record).flush()\n\n  if (dataEngine) {\n    await emitCrudSideEffects({\n      dataEngine,\n      action: 'deleted',\n      entity: record,\n      identifiers: {\n        id: record.id,\n        organizationId: record.organizationId ?? auth.orgId ?? null,\n        tenantId: record.tenantId ?? auth.tenantId ?? null,\n      },\n      events: attachmentCrudEvents,\n      indexer: attachmentCrudIndexer,\n    })\n    await dataEngine.flushOrmEntityChanges()\n  }\n\n  return NextResponse.json({ ok: true })\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: attachmentsTag,\n  summary: 'Attachment detail management',\n  methods: {\n    GET: {\n      summary: 'Get attachment details',\n      description: 'Returns complete details of an attachment including metadata, tags, assignments, and custom fields.',\n      responses: [\n        { status: 200, description: 'Attachment details', schema: attachmentDetailResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid attachment ID', schema: attachmentErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: attachmentErrorSchema },\n        { status: 404, description: 'Attachment not found', schema: attachmentErrorSchema },\n      ],\n    },\n    PATCH: {\n      summary: 'Update attachment metadata',\n      description: 'Updates attachment tags, assignments, and custom fields. Emits CRUD side effects for indexing and events.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: updateSchema,\n      },\n      responses: [\n        { status: 200, description: 'Attachment updated successfully', schema: z.object({ ok: z.literal(true), item: z.any() }) },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid payload or attachment ID', schema: attachmentErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: attachmentErrorSchema },\n        { status: 404, description: 'Attachment not found', schema: attachmentErrorSchema },\n        { status: 500, description: 'Failed to save attributes', schema: attachmentErrorSchema },\n      ],\n    },\n    DELETE: {\n      summary: 'Delete attachment',\n      description: 'Permanently deletes an attachment file from storage and database. Emits CRUD side effects.',\n      responses: [\n        { status: 200, description: 'Attachment deleted successfully', schema: z.object({ ok: z.literal(true) }) },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid attachment ID', schema: attachmentErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: attachmentErrorSchema },\n        { status: 404, description: 'Attachment not found', schema: attachmentErrorSchema },\n      ],\n    },\n  },\n}\n"],
-  "mappings": "AAAA,SAAsB,oBAAoB;AAC1C,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,YAAY,2BAA2B;AAChD;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,yBAAyB,6BAA6B;AAC/D,SAAS,qBAAqB,4BAA4B;AAC1D,SAAS,oCAAoC;AAC7C,SAAS,SAAS;AAGlB,SAAS,sBAAsB,6BAA6B;AAC5D,SAAS,4BAA4B,oCAAoC;AACzE;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,MAAM,eAAe,EAAE,OAAO;AAAA,EAC5B,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACnC,aAAa,EACV;AAAA,IACC,EAAE,OAAO;AAAA,MACP,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MACtB,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MACpB,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,MACrC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACxC,CAAC;AAAA,EACH,EACC,SAAS;AACd,CAAC;AAEM,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,kBAAkB,EAAE;AAAA,EAChE,OAAO,EAAE,aAAa,MAAM,iBAAiB,CAAC,oBAAoB,EAAE;AAAA,EACpE,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,oBAAoB,EAAE;AACvE;AAKA,eAAe,oBAAoB,KAA2C;AAC5E,QAAM,SAAS,KAAK;AACpB,MAAI;AACF,UAAM,EAAE,GAAG,IAAI,MAAM;AACrB,QAAI,OAAO,OAAO,YAAY,GAAG,KAAK,EAAE,QAAQ;AAC9C,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,IAAI,KAAkB,KAAmB;AAC7D,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAa,CAAC,KAAK,SAAS,CAAC,KAAK,cAAe;AAClE,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AACA,QAAM,eAAe,MAAM,oBAAoB,GAAG;AAClD,MAAI,CAAC,cAAc;AACjB,WAAO,aAAa,KAAK,EAAE,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AACA,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,MAAI,cAAkC;AACtC,MAAI;AACF,kBAAc,QAAQ,aAAa;AAAA,EACrC,QAAQ;AACN,kBAAc;AAAA,EAChB;AACA,QAAM,aAAsC;AAAA,IAC1C,IAAI;AAAA,IACJ,UAAU,KAAK;AAAA,EACjB;AACA,MAAI,KAAK,OAAO;AACd,eAAW,iBAAiB,KAAK;AAAA,EACnC;AACA,QAAM,SAAS,MAAM,GAAG,QAAQ,YAAY,UAAU;AACtD,MAAI,CAAC,QAAQ;AACX,WAAO,aAAa,KAAK,EAAE,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7E;AACA,QAAMA,YAAW,uBAAuB,OAAO,eAAe;AAC9D,QAAM,YAAY,OAAO,gBACrB,MAAM,GAAG,QAAQ,qBAAqB,EAAE,MAAM,OAAO,cAAc,CAAC,IACpE;AACJ,QAAM,oBAAoB,MAAM,sBAAsB;AAAA,IACpD;AAAA,IACA,UAAU,EAAE,YAAY;AAAA,IACxB,WAAW,CAAC,OAAO,EAAE;AAAA,IACrB,kBAAkB,EAAE,CAAC,OAAO,EAAE,GAAG,OAAO,YAAY,KAAK,YAAY,KAAK;AAAA,IAC1E,wBAAwB,EAAE,CAAC,OAAO,EAAE,GAAG,OAAO,kBAAkB,KAAK,SAAS,KAAK;AAAA,IACnF,iBAAiB,CAAC,KAAK,YAAY,IAAI,EAAE,OAAO,CAAC,UAA2B,CAAC,CAAC,KAAK;AAAA,EACrF,CAAC;AACD,QAAM,eAAe,6BAA6B,kBAAkB,OAAO,EAAE,CAAC;AAC9E,QAAM,cAAcA,UAAS,eAAe,CAAC;AAC7C,QAAM,cAAc,MAAM,6BAA6B,aAAa;AAAA,IAClE;AAAA,IACA,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB,CAAC;AACD,QAAM,sBAAsB,2BAA2B,aAAa,WAAW;AAC/E,SAAO,aAAa,KAAK;AAAA,IACvB,MAAM;AAAA,MACJ,IAAI,OAAO;AAAA,MACX,UAAU,OAAO;AAAA,MACjB,UAAU,OAAO;AAAA,MACjB,UAAU,OAAO;AAAA,MACjB,eAAe,OAAO;AAAA,MACtB,gBAAgB,WAAW,SAAS;AAAA,MACpC,MAAMA,UAAS,QAAQ,CAAC;AAAA,MACxB,aAAa;AAAA,MACb,SAAS,OAAO,WAAW,OAAO,QAAQ,KAAK,IAAI,OAAO,UAAU;AAAA,MACpE;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAEA,eAAsB,MAAM,KAAkB,KAAmB;AAC/D,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,KAAK,OAAO;AAC1C,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AACA,QAAM,eAAe,MAAM,oBAAoB,GAAG;AAClD,MAAI,CAAC,cAAc;AACjB,WAAO,aAAa,KAAK,EAAE,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AACA,QAAM,UAAU,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,IAAI;AACjD,QAAM,EAAE,MAAM,OAAO,IAAI,wBAAwB,OAAO;AACxD,QAAM,SAAS,aAAa,UAAU,IAAI;AAC1C,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,OAAO,kBAAkB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxE;AACA,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,MAAI,cAAkC;AACtC,MAAI;AACF,kBAAc,QAAQ,aAAa;AAAA,EACrC,QAAQ;AACN,kBAAc;AAAA,EAChB;AACA,QAAM,aAAa,QAAQ,YAAY;AACvC,QAAM,cAAuC;AAAA,IAC3C,IAAI;AAAA,IACJ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB;AACA,QAAM,SAAS,MAAM,GAAG,QAAQ,YAAY,WAAW;AACvD,MAAI,CAAC,QAAQ;AACX,WAAO,aAAa,KAAK,EAAE,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7E;AACA,QAAM,QAAiC,CAAC;AACxC,MAAI,OAAO,KAAK,KAAM,OAAM,OAAO,wBAAwB,OAAO,KAAK,IAAI;AAC3E,MAAI,OAAO,KAAK,YAAa,OAAM,cAAc,+BAA+B,OAAO,KAAK,WAAW;AACvG,SAAO,kBAAkB,wBAAwB,OAAO,iBAAiB,KAAK;AAC9E,QAAM,GAAG,MAAM;AAEf,MAAI,cAAc,UAAU,OAAO,KAAK,MAAM,EAAE,QAAQ;AACtD,QAAI;AACF,YAAM,qBAAqB;AAAA,QACzB;AAAA,QACA,UAAU,EAAE,YAAY;AAAA,QACxB,UAAU,OAAO;AAAA,QACjB,UAAU,OAAO,YAAY,KAAK,YAAY;AAAA,QAC9C,gBAAgB,OAAO,kBAAkB,KAAK,SAAS;AAAA,QACvD,QAAQ;AAAA,MACV,CAAC;AAAA,IACH,SAAS,OAAO;AACd,cAAQ,MAAM,qDAAqD,KAAK;AACxE,aAAO,aAAa,KAAK,EAAE,OAAO,wCAAwC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9F;AAAA,EACF;AAEA,MAAI,YAAY;AACd,UAAM,oBAAoB;AAAA,MACxB;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,aAAa;AAAA,QACX,IAAI,OAAO;AAAA,QACX,gBAAgB,OAAO,kBAAkB,KAAK,SAAS;AAAA,QACvD,UAAU,OAAO,YAAY,KAAK,YAAY;AAAA,MAChD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,IACX,CAAC;AACD,UAAM,WAAW,sBAAsB;AAAA,EACzC;AAEA,QAAMA,YAAW,uBAAuB,OAAO,eAAe;AAC9D,QAAM,cAAcA,UAAS,eAAe,CAAC;AAC7C,QAAM,cAAc,MAAM,6BAA6B,aAAa;AAAA,IAClE;AAAA,IACA,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB,CAAC;AACD,QAAM,sBAAsB,2BAA2B,aAAa,WAAW;AAC/E,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,MAAM;AAAA,MACJ,IAAI,OAAO;AAAA,MACX,MAAMA,UAAS,QAAQ,CAAC;AAAA,MACxB,aAAa;AAAA,MACb,cAAc,6BAA6B,UAAU,IAAI;AAAA,IAC3D;AAAA,EACF,CAAC;AACH;AAEA,eAAsB,OAAO,KAAkB,KAAmB;AAChE,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,KAAK,OAAO;AAC1C,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AACA,QAAM,eAAe,MAAM,oBAAoB,GAAG;AAClD,MAAI,CAAC,cAAc;AACjB,WAAO,aAAa,KAAK,EAAE,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AACA,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,aAAa,QAAQ,YAAY;AACvC,QAAM,uBAAuB,QAAQ,sBAAsB;AAC3D,QAAM,eAAwC;AAAA,IAC5C,IAAI;AAAA,IACJ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB;AACA,QAAM,SAAS,MAAM,GAAG,QAAQ,YAAY,YAAY;AACxD,MAAI,CAAC,QAAQ;AACX,WAAO,aAAa,KAAK,EAAE,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7E;AACA,QAAM,eAAe,MAAM,qBAAqB,oBAAoB,OAAO,eAAe;AAAA,IACxF,UAAU,OAAO,YAAY,KAAK;AAAA,IAClC,gBAAgB,OAAO,kBAAkB,KAAK;AAAA,EAChD,CAAC;AACD,QAAM,aAAa,OAAO,OAAO,eAAe,OAAO,WAAW;AAClE,QAAM,GAAG,OAAO,MAAM,EAAE,MAAM;AAE9B,MAAI,YAAY;AACd,UAAM,oBAAoB;AAAA,MACxB;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,aAAa;AAAA,QACX,IAAI,OAAO;AAAA,QACX,gBAAgB,OAAO,kBAAkB,KAAK,SAAS;AAAA,QACvD,UAAU,OAAO,YAAY,KAAK,YAAY;AAAA,MAChD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,IACX,CAAC;AACD,UAAM,WAAW,sBAAsB;AAAA,EACzC;AAEA,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,sBAAsB,QAAQ,+BAA+B;AAAA,MAC3F;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,yBAAyB,QAAQ,sBAAsB;AAAA,QACnF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,sBAAsB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,sBAAsB;AAAA,MACpF;AAAA,IACF;AAAA,IACA,OAAO;AAAA,MACL,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,mCAAmC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE;AAAA,MAC1H;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,oCAAoC,QAAQ,sBAAsB;AAAA,QAC9F,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,sBAAsB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,sBAAsB;AAAA,QAClF,EAAE,QAAQ,KAAK,aAAa,6BAA6B,QAAQ,sBAAsB;AAAA,MACzF;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,mCAAmC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC,EAAE;AAAA,MAC3G;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,yBAAyB,QAAQ,sBAAsB;AAAA,QACnF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,sBAAsB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,sBAAsB;AAAA,MACpF;AAAA,IACF;AAAA,EACF;AACF;",
+  "sourcesContent": ["import { NextRequest, NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { Attachment, AttachmentPartition } from '../../../data/entities'\nimport {\n  mergeAttachmentMetadata,\n  normalizeAttachmentAssignments,\n  normalizeAttachmentTags,\n  readAttachmentMetadata,\n} from '../../../lib/metadata'\nimport type { StorageDriverFactory } from '../../../lib/drivers'\nimport { splitCustomFieldPayload, loadCustomFieldValues } from '@open-mercato/shared/lib/crud/custom-fields'\nimport { emitCrudSideEffects, setCustomFieldsIfAny } from '@open-mercato/shared/lib/commands/helpers'\nimport { normalizeCustomFieldResponse } from '@open-mercato/shared/lib/custom-fields/normalize'\nimport { E } from '#generated/entities.ids.generated'\nimport type { QueryEngine } from '@open-mercato/shared/lib/query/types'\nimport type { DataEngine } from '@open-mercato/shared/lib/data/engine'\nimport { attachmentCrudEvents, attachmentCrudIndexer } from '../../../lib/crud'\nimport { applyAssignmentEnrichments, resolveAssignmentEnrichments } from '../../../lib/assignmentDetails'\nimport {\n  attachmentsTag,\n  attachmentDetailResponseSchema,\n  attachmentErrorSchema,\n} from '../../openapi'\n\nconst updateSchema = z.object({\n  tags: z.array(z.string()).optional(),\n  assignments: z\n    .array(\n      z.object({\n        type: z.string().min(1),\n        id: z.string().min(1),\n        href: z.string().nullable().optional(),\n        label: z.string().nullable().optional(),\n      }),\n    )\n    .optional(),\n})\n\nexport const metadata = {\n  GET: { requireAuth: true, requireFeatures: ['attachments.view'] },\n  PATCH: { requireAuth: true, requireFeatures: ['attachments.manage'] },\n  DELETE: { requireAuth: true, requireFeatures: ['attachments.manage'] },\n}\n\ntype RouteParams = { id: string }\ntype RouteContext = { params: Promise<RouteParams> }\n\nasync function resolveAttachmentId(ctx: RouteContext): Promise<string | null> {\n  const params = ctx?.params\n  try {\n    const { id } = await params\n    if (typeof id === 'string' && id.trim().length) {\n      return id\n    }\n    return null\n  } catch {\n    return null\n  }\n}\n\nexport async function GET(req: NextRequest, ctx: RouteContext) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || (!auth.orgId && !auth.isSuperAdmin)) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n  const attachmentId = await resolveAttachmentId(ctx)\n  if (!attachmentId) {\n    return NextResponse.json({ error: 'Attachment id is required' }, { status: 400 })\n  }\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  let queryEngine: QueryEngine | null = null\n  try {\n    queryEngine = resolve('queryEngine') as QueryEngine\n  } catch {\n    queryEngine = null\n  }\n  const findFilter: Record<string, unknown> = {\n    id: attachmentId,\n    tenantId: auth.tenantId,\n  }\n  if (auth.orgId) {\n    findFilter.organizationId = auth.orgId\n  }\n  const record = await em.findOne(Attachment, findFilter)\n  if (!record) {\n    return NextResponse.json({ error: 'Attachment not found' }, { status: 404 })\n  }\n  const metadata = readAttachmentMetadata(record.storageMetadata)\n  const partition = record.partitionCode\n    ? await em.findOne(AttachmentPartition, { code: record.partitionCode })\n    : null\n  const customFieldValues = await loadCustomFieldValues({\n    em,\n    entityId: E.attachments.attachment,\n    recordIds: [record.id],\n    tenantIdByRecord: { [record.id]: record.tenantId ?? auth.tenantId ?? null },\n    organizationIdByRecord: { [record.id]: record.organizationId ?? auth.orgId ?? null },\n    tenantFallbacks: [auth.tenantId ?? null].filter((value): value is string => !!value),\n  })\n  const customFields = normalizeCustomFieldResponse(customFieldValues[record.id])\n  const assignments = metadata.assignments ?? []\n  const enrichments = await resolveAssignmentEnrichments(assignments, {\n    queryEngine,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  })\n  const enrichedAssignments = applyAssignmentEnrichments(assignments, enrichments)\n  return NextResponse.json({\n    item: {\n      id: record.id,\n      fileName: record.fileName,\n      fileSize: record.fileSize,\n      mimeType: record.mimeType,\n      partitionCode: record.partitionCode,\n      partitionTitle: partition?.title ?? null,\n      tags: metadata.tags ?? [],\n      assignments: enrichedAssignments,\n      content: record.content && record.content.trim() ? record.content : null,\n      customFields,\n    },\n  })\n}\n\nexport async function PATCH(req: NextRequest, ctx: RouteContext) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || !auth.orgId) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n  const attachmentId = await resolveAttachmentId(ctx)\n  if (!attachmentId) {\n    return NextResponse.json({ error: 'Attachment id is required' }, { status: 400 })\n  }\n  const rawBody = await req.json().catch(() => null)\n  const { base, custom } = splitCustomFieldPayload(rawBody)\n  const parsed = updateSchema.safeParse(base)\n  if (!parsed.success) {\n    return NextResponse.json({ error: 'Invalid payload' }, { status: 400 })\n  }\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  let queryEngine: QueryEngine | null = null\n  try {\n    queryEngine = resolve('queryEngine') as QueryEngine\n  } catch {\n    queryEngine = null\n  }\n  const dataEngine = resolve('dataEngine') as DataEngine\n  const patchFilter: Record<string, unknown> = {\n    id: attachmentId,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  }\n  const record = await em.findOne(Attachment, patchFilter)\n  if (!record) {\n    return NextResponse.json({ error: 'Attachment not found' }, { status: 404 })\n  }\n  const patch: Record<string, unknown> = {}\n  if (parsed.data.tags) patch.tags = normalizeAttachmentTags(parsed.data.tags)\n  if (parsed.data.assignments) patch.assignments = normalizeAttachmentAssignments(parsed.data.assignments)\n  record.storageMetadata = mergeAttachmentMetadata(record.storageMetadata, patch)\n  // Commit the metadata mutation and the custom-field write atomically so a\n  // custom-field failure cannot leave the attachment metadata partially updated.\n  try {\n    await em.transactional(async (tx) => {\n      await tx.flush()\n      if (dataEngine && custom && Object.keys(custom).length) {\n        await setCustomFieldsIfAny({\n          dataEngine,\n          entityId: E.attachments.attachment,\n          recordId: record.id,\n          tenantId: record.tenantId ?? auth.tenantId ?? null,\n          organizationId: record.organizationId ?? auth.orgId ?? null,\n          values: custom,\n        })\n      }\n    })\n  } catch (error) {\n    console.error('[attachments] failed to persist custom attributes', error)\n    return NextResponse.json({ error: 'Failed to save attachment attributes.' }, { status: 500 })\n  }\n\n  if (dataEngine) {\n    await emitCrudSideEffects({\n      dataEngine,\n      action: 'updated',\n      entity: record,\n      identifiers: {\n        id: record.id,\n        organizationId: record.organizationId ?? auth.orgId ?? null,\n        tenantId: record.tenantId ?? auth.tenantId ?? null,\n      },\n      events: attachmentCrudEvents,\n      indexer: attachmentCrudIndexer,\n    })\n    await dataEngine.flushOrmEntityChanges()\n  }\n\n  const metadata = readAttachmentMetadata(record.storageMetadata)\n  const assignments = metadata.assignments ?? []\n  const enrichments = await resolveAssignmentEnrichments(assignments, {\n    queryEngine,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  })\n  const enrichedAssignments = applyAssignmentEnrichments(assignments, enrichments)\n  return NextResponse.json({\n    ok: true,\n    item: {\n      id: record.id,\n      tags: metadata.tags ?? [],\n      assignments: enrichedAssignments,\n      customFields: normalizeCustomFieldResponse(custom ?? null),\n    },\n  })\n}\n\nexport async function DELETE(req: NextRequest, ctx: RouteContext) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || !auth.orgId) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n  const attachmentId = await resolveAttachmentId(ctx)\n  if (!attachmentId) {\n    return NextResponse.json({ error: 'Attachment id is required' }, { status: 400 })\n  }\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  const dataEngine = resolve('dataEngine') as DataEngine\n  const storageDriverFactory = resolve('storageDriverFactory') as StorageDriverFactory\n  const deleteFilter: Record<string, unknown> = {\n    id: attachmentId,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  }\n  const record = await em.findOne(Attachment, deleteFilter)\n  if (!record) {\n    return NextResponse.json({ error: 'Attachment not found' }, { status: 404 })\n  }\n  const deleteDriver = await storageDriverFactory.resolveForPartition(record.partitionCode, {\n    tenantId: record.tenantId ?? auth.tenantId,\n    organizationId: record.organizationId ?? auth.orgId,\n  })\n  // Commit the DB row removal before deleting the irreversible storage file so a\n  // failed commit cannot leave a dangling record whose backing file is already gone.\n  const recordPartitionCode = record.partitionCode\n  const recordStoragePath = record.storagePath\n  await em.remove(record).flush()\n  await deleteDriver.delete(recordPartitionCode, recordStoragePath)\n\n  if (dataEngine) {\n    await emitCrudSideEffects({\n      dataEngine,\n      action: 'deleted',\n      entity: record,\n      identifiers: {\n        id: record.id,\n        organizationId: record.organizationId ?? auth.orgId ?? null,\n        tenantId: record.tenantId ?? auth.tenantId ?? null,\n      },\n      events: attachmentCrudEvents,\n      indexer: attachmentCrudIndexer,\n    })\n    await dataEngine.flushOrmEntityChanges()\n  }\n\n  return NextResponse.json({ ok: true })\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: attachmentsTag,\n  summary: 'Attachment detail management',\n  methods: {\n    GET: {\n      summary: 'Get attachment details',\n      description: 'Returns complete details of an attachment including metadata, tags, assignments, and custom fields.',\n      responses: [\n        { status: 200, description: 'Attachment details', schema: attachmentDetailResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid attachment ID', schema: attachmentErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: attachmentErrorSchema },\n        { status: 404, description: 'Attachment not found', schema: attachmentErrorSchema },\n      ],\n    },\n    PATCH: {\n      summary: 'Update attachment metadata',\n      description: 'Updates attachment tags, assignments, and custom fields. Emits CRUD side effects for indexing and events.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: updateSchema,\n      },\n      responses: [\n        { status: 200, description: 'Attachment updated successfully', schema: z.object({ ok: z.literal(true), item: z.any() }) },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid payload or attachment ID', schema: attachmentErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: attachmentErrorSchema },\n        { status: 404, description: 'Attachment not found', schema: attachmentErrorSchema },\n        { status: 500, description: 'Failed to save attributes', schema: attachmentErrorSchema },\n      ],\n    },\n    DELETE: {\n      summary: 'Delete attachment',\n      description: 'Permanently deletes an attachment file from storage and database. Emits CRUD side effects.',\n      responses: [\n        { status: 200, description: 'Attachment deleted successfully', schema: z.object({ ok: z.literal(true) }) },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid attachment ID', schema: attachmentErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: attachmentErrorSchema },\n        { status: 404, description: 'Attachment not found', schema: attachmentErrorSchema },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAsB,oBAAoB;AAC1C,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,YAAY,2BAA2B;AAChD;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,yBAAyB,6BAA6B;AAC/D,SAAS,qBAAqB,4BAA4B;AAC1D,SAAS,oCAAoC;AAC7C,SAAS,SAAS;AAGlB,SAAS,sBAAsB,6BAA6B;AAC5D,SAAS,4BAA4B,oCAAoC;AACzE;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,MAAM,eAAe,EAAE,OAAO;AAAA,EAC5B,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACnC,aAAa,EACV;AAAA,IACC,EAAE,OAAO;AAAA,MACP,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MACtB,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,MACpB,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,MACrC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACxC,CAAC;AAAA,EACH,EACC,SAAS;AACd,CAAC;AAEM,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,kBAAkB,EAAE;AAAA,EAChE,OAAO,EAAE,aAAa,MAAM,iBAAiB,CAAC,oBAAoB,EAAE;AAAA,EACpE,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,oBAAoB,EAAE;AACvE;AAKA,eAAe,oBAAoB,KAA2C;AAC5E,QAAM,SAAS,KAAK;AACpB,MAAI;AACF,UAAM,EAAE,GAAG,IAAI,MAAM;AACrB,QAAI,OAAO,OAAO,YAAY,GAAG,KAAK,EAAE,QAAQ;AAC9C,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,IAAI,KAAkB,KAAmB;AAC7D,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAa,CAAC,KAAK,SAAS,CAAC,KAAK,cAAe;AAClE,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AACA,QAAM,eAAe,MAAM,oBAAoB,GAAG;AAClD,MAAI,CAAC,cAAc;AACjB,WAAO,aAAa,KAAK,EAAE,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AACA,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,MAAI,cAAkC;AACtC,MAAI;AACF,kBAAc,QAAQ,aAAa;AAAA,EACrC,QAAQ;AACN,kBAAc;AAAA,EAChB;AACA,QAAM,aAAsC;AAAA,IAC1C,IAAI;AAAA,IACJ,UAAU,KAAK;AAAA,EACjB;AACA,MAAI,KAAK,OAAO;AACd,eAAW,iBAAiB,KAAK;AAAA,EACnC;AACA,QAAM,SAAS,MAAM,GAAG,QAAQ,YAAY,UAAU;AACtD,MAAI,CAAC,QAAQ;AACX,WAAO,aAAa,KAAK,EAAE,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7E;AACA,QAAMA,YAAW,uBAAuB,OAAO,eAAe;AAC9D,QAAM,YAAY,OAAO,gBACrB,MAAM,GAAG,QAAQ,qBAAqB,EAAE,MAAM,OAAO,cAAc,CAAC,IACpE;AACJ,QAAM,oBAAoB,MAAM,sBAAsB;AAAA,IACpD;AAAA,IACA,UAAU,EAAE,YAAY;AAAA,IACxB,WAAW,CAAC,OAAO,EAAE;AAAA,IACrB,kBAAkB,EAAE,CAAC,OAAO,EAAE,GAAG,OAAO,YAAY,KAAK,YAAY,KAAK;AAAA,IAC1E,wBAAwB,EAAE,CAAC,OAAO,EAAE,GAAG,OAAO,kBAAkB,KAAK,SAAS,KAAK;AAAA,IACnF,iBAAiB,CAAC,KAAK,YAAY,IAAI,EAAE,OAAO,CAAC,UAA2B,CAAC,CAAC,KAAK;AAAA,EACrF,CAAC;AACD,QAAM,eAAe,6BAA6B,kBAAkB,OAAO,EAAE,CAAC;AAC9E,QAAM,cAAcA,UAAS,eAAe,CAAC;AAC7C,QAAM,cAAc,MAAM,6BAA6B,aAAa;AAAA,IAClE;AAAA,IACA,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB,CAAC;AACD,QAAM,sBAAsB,2BAA2B,aAAa,WAAW;AAC/E,SAAO,aAAa,KAAK;AAAA,IACvB,MAAM;AAAA,MACJ,IAAI,OAAO;AAAA,MACX,UAAU,OAAO;AAAA,MACjB,UAAU,OAAO;AAAA,MACjB,UAAU,OAAO;AAAA,MACjB,eAAe,OAAO;AAAA,MACtB,gBAAgB,WAAW,SAAS;AAAA,MACpC,MAAMA,UAAS,QAAQ,CAAC;AAAA,MACxB,aAAa;AAAA,MACb,SAAS,OAAO,WAAW,OAAO,QAAQ,KAAK,IAAI,OAAO,UAAU;AAAA,MACpE;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAEA,eAAsB,MAAM,KAAkB,KAAmB;AAC/D,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,KAAK,OAAO;AAC1C,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AACA,QAAM,eAAe,MAAM,oBAAoB,GAAG;AAClD,MAAI,CAAC,cAAc;AACjB,WAAO,aAAa,KAAK,EAAE,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AACA,QAAM,UAAU,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,IAAI;AACjD,QAAM,EAAE,MAAM,OAAO,IAAI,wBAAwB,OAAO;AACxD,QAAM,SAAS,aAAa,UAAU,IAAI;AAC1C,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,OAAO,kBAAkB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxE;AACA,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,MAAI,cAAkC;AACtC,MAAI;AACF,kBAAc,QAAQ,aAAa;AAAA,EACrC,QAAQ;AACN,kBAAc;AAAA,EAChB;AACA,QAAM,aAAa,QAAQ,YAAY;AACvC,QAAM,cAAuC;AAAA,IAC3C,IAAI;AAAA,IACJ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB;AACA,QAAM,SAAS,MAAM,GAAG,QAAQ,YAAY,WAAW;AACvD,MAAI,CAAC,QAAQ;AACX,WAAO,aAAa,KAAK,EAAE,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7E;AACA,QAAM,QAAiC,CAAC;AACxC,MAAI,OAAO,KAAK,KAAM,OAAM,OAAO,wBAAwB,OAAO,KAAK,IAAI;AAC3E,MAAI,OAAO,KAAK,YAAa,OAAM,cAAc,+BAA+B,OAAO,KAAK,WAAW;AACvG,SAAO,kBAAkB,wBAAwB,OAAO,iBAAiB,KAAK;AAG9E,MAAI;AACF,UAAM,GAAG,cAAc,OAAO,OAAO;AACnC,YAAM,GAAG,MAAM;AACf,UAAI,cAAc,UAAU,OAAO,KAAK,MAAM,EAAE,QAAQ;AACtD,cAAM,qBAAqB;AAAA,UACzB;AAAA,UACA,UAAU,EAAE,YAAY;AAAA,UACxB,UAAU,OAAO;AAAA,UACjB,UAAU,OAAO,YAAY,KAAK,YAAY;AAAA,UAC9C,gBAAgB,OAAO,kBAAkB,KAAK,SAAS;AAAA,UACvD,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,YAAQ,MAAM,qDAAqD,KAAK;AACxE,WAAO,aAAa,KAAK,EAAE,OAAO,wCAAwC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC9F;AAEA,MAAI,YAAY;AACd,UAAM,oBAAoB;AAAA,MACxB;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,aAAa;AAAA,QACX,IAAI,OAAO;AAAA,QACX,gBAAgB,OAAO,kBAAkB,KAAK,SAAS;AAAA,QACvD,UAAU,OAAO,YAAY,KAAK,YAAY;AAAA,MAChD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,IACX,CAAC;AACD,UAAM,WAAW,sBAAsB;AAAA,EACzC;AAEA,QAAMA,YAAW,uBAAuB,OAAO,eAAe;AAC9D,QAAM,cAAcA,UAAS,eAAe,CAAC;AAC7C,QAAM,cAAc,MAAM,6BAA6B,aAAa;AAAA,IAClE;AAAA,IACA,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB,CAAC;AACD,QAAM,sBAAsB,2BAA2B,aAAa,WAAW;AAC/E,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,MAAM;AAAA,MACJ,IAAI,OAAO;AAAA,MACX,MAAMA,UAAS,QAAQ,CAAC;AAAA,MACxB,aAAa;AAAA,MACb,cAAc,6BAA6B,UAAU,IAAI;AAAA,IAC3D;AAAA,EACF,CAAC;AACH;AAEA,eAAsB,OAAO,KAAkB,KAAmB;AAChE,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,KAAK,OAAO;AAC1C,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AACA,QAAM,eAAe,MAAM,oBAAoB,GAAG;AAClD,MAAI,CAAC,cAAc;AACjB,WAAO,aAAa,KAAK,EAAE,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AACA,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,aAAa,QAAQ,YAAY;AACvC,QAAM,uBAAuB,QAAQ,sBAAsB;AAC3D,QAAM,eAAwC;AAAA,IAC5C,IAAI;AAAA,IACJ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB;AACA,QAAM,SAAS,MAAM,GAAG,QAAQ,YAAY,YAAY;AACxD,MAAI,CAAC,QAAQ;AACX,WAAO,aAAa,KAAK,EAAE,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7E;AACA,QAAM,eAAe,MAAM,qBAAqB,oBAAoB,OAAO,eAAe;AAAA,IACxF,UAAU,OAAO,YAAY,KAAK;AAAA,IAClC,gBAAgB,OAAO,kBAAkB,KAAK;AAAA,EAChD,CAAC;AAGD,QAAM,sBAAsB,OAAO;AACnC,QAAM,oBAAoB,OAAO;AACjC,QAAM,GAAG,OAAO,MAAM,EAAE,MAAM;AAC9B,QAAM,aAAa,OAAO,qBAAqB,iBAAiB;AAEhE,MAAI,YAAY;AACd,UAAM,oBAAoB;AAAA,MACxB;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,aAAa;AAAA,QACX,IAAI,OAAO;AAAA,QACX,gBAAgB,OAAO,kBAAkB,KAAK,SAAS;AAAA,QACvD,UAAU,OAAO,YAAY,KAAK,YAAY;AAAA,MAChD;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,IACX,CAAC;AACD,UAAM,WAAW,sBAAsB;AAAA,EACzC;AAEA,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,sBAAsB,QAAQ,+BAA+B;AAAA,MAC3F;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,yBAAyB,QAAQ,sBAAsB;AAAA,QACnF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,sBAAsB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,sBAAsB;AAAA,MACpF;AAAA,IACF;AAAA,IACA,OAAO;AAAA,MACL,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,mCAAmC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE;AAAA,MAC1H;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,oCAAoC,QAAQ,sBAAsB;AAAA,QAC9F,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,sBAAsB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,sBAAsB;AAAA,QAClF,EAAE,QAAQ,KAAK,aAAa,6BAA6B,QAAQ,sBAAsB;AAAA,MACzF;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,mCAAmC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC,EAAE;AAAA,MAC3G;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,yBAAyB,QAAQ,sBAAsB;AAAA,QACnF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,sBAAsB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,sBAAsB;AAAA,MACpF;AAAA,IACF;AAAA,EACF;AACF;",
   "names": ["metadata"]
 }

package/dist/modules/attachments/api/route.js CHANGED Viewed

@@ -392,7 +392,24 @@ async function POST(req) {
     content: extractedContent,
     storageMetadata: metadata2
   });
-  await em.persist(att).flush();
+  try {
+    await em.transactional(async (tx) => {
+      await tx.persist(att).flush();
+      if (dataEngine) {
+        await setCustomFieldsIfAny({
+          dataEngine,
+          entityId: E.attachments.attachment,
+          recordId: attachmentId,
+          tenantId,
+          organizationId: orgId,
+          values: customFieldValues
+        });
+      }
+    });
+  } catch (error) {
+    console.error("[attachments] failed to persist attachment with custom attributes", error);
+    return NextResponse.json({ error: "Failed to save attachment attributes." }, { status: 500 });
+  }
   if (useLlmOcr) {
     requestOcrProcessing(em, att, uploadDriver, storedPath).catch((error) => {
       console.error("[attachments] failed to queue OCR processing", error);
@@ -401,19 +418,6 @@ async function POST(req) {
     console.warn("[attachments] OCR requested but OPENAI_API_KEY not configured, falling back to text extraction when available");
   }
   if (dataEngine) {
-    try {
-      await setCustomFieldsIfAny({
-        dataEngine,
-        entityId: E.attachments.attachment,
-        recordId: attachmentId,
-        tenantId,
-        organizationId: orgId,
-        values: customFieldValues
-      });
-    } catch (error) {
-      console.error("[attachments] failed to persist custom attributes", error);
-      return NextResponse.json({ error: "Failed to save attachment attributes." }, { status: 500 });
-    }
     await emitCrudSideEffects({
       dataEngine,
       action: "created",

package/dist/modules/attachments/api/route.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/attachments/api/route.ts"],
-  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { z } from 'zod'\nimport { sql } from 'kysely'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { buildAttachmentFileUrl, buildAttachmentImageUrl, slugifyAttachmentFileName } from '../lib/imageUrls'\nimport { ensureDefaultPartitions, resolveDefaultPartitionCode, sanitizePartitionCode } from '../lib/partitions'\nimport { Attachment, AttachmentPartition } from '../data/entities'\nimport { extractAttachmentContent } from '../lib/textExtraction'\nimport { requestOcrProcessing } from '../lib/ocrQueue'\nimport { StorageDriverFactory } from '../lib/drivers'\nimport { OcrService, shouldUseLlmOcr } from '../lib/ocrService'\nimport { clearAttachmentThumbnailCache } from '../lib/thumbnailCache'\nimport {\n  mergeAttachmentMetadata,\n  normalizeAttachmentAssignments,\n  normalizeAttachmentTags,\n  readAttachmentMetadata,\n  upsertAssignment,\n  type AttachmentAssignment,\n} from '../lib/metadata'\nimport { randomUUID } from 'crypto'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { splitCustomFieldPayload } from '@open-mercato/shared/lib/crud/custom-fields'\nimport { emitCrudSideEffects, setCustomFieldsIfAny } from '@open-mercato/shared/lib/commands/helpers'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { attachmentCrudEvents, attachmentCrudIndexer } from '../lib/crud'\nimport { E } from '#generated/entities.ids.generated'\nimport { resolveDefaultAttachmentOcrEnabled } from '../lib/ocrConfig'\nimport {\n  detectAttachmentMimeType,\n  hasDangerousExecutableExtension,\n  isActiveContentAttachment,\n  sanitizeUploadedFileName,\n} from '../lib/security'\nimport {\n  isMultipartRequestWithinUploadLimit,\n  resolveAttachmentMaxBytes,\n  willExceedAttachmentTenantQuota,\n} from '../lib/upload-limits'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport const metadata = {\n  GET: { requireAuth: true, requireFeatures: ['attachments.view'] },\n  POST: { requireAuth: true, requireFeatures: ['attachments.manage'] },\n  DELETE: { requireAuth: true, requireFeatures: ['attachments.manage'] },\n}\n\nconst attachmentQuerySchema = z.object({\n  entityId: z.string().min(1).describe('Entity identifier that owns the attachments'),\n  recordId: z.string().min(1).describe('Record identifier within the entity'),\n  page: z.coerce.number().min(1).optional(),\n  pageSize: z.coerce.number().min(1).max(100).optional(),\n})\n\nconst attachmentAssignmentSchema = z.object({\n  type: z.string().describe('Assignment type identifier'),\n  id: z.string().describe('Assignment record identifier'),\n  href: z.string().nullable().optional().describe('Optional link to the related record'),\n  label: z.string().nullable().optional().describe('Optional label for the assignment'),\n})\n\nconst attachmentItemSchema = z.object({\n  id: z.string().describe('Attachment identifier'),\n  url: z.string().describe('Public path to the stored asset'),\n  fileName: z.string().describe('Original filename'),\n  fileSize: z.number().int().nonnegative().describe('File size in bytes'),\n  createdAt: z.string().describe('Upload timestamp (ISO 8601)'),\n  mimeType: z.string().nullable().optional().describe('MIME type of the file'),\n  thumbnailUrl: z.string().optional().describe('Helper route that renders a thumbnail'),\n  partitionCode: z.string().optional().describe('Partition identifier'),\n  tags: z.array(z.string()).optional().describe('Tags assigned to the attachment'),\n  content: z.string().nullable().optional().describe('Extracted text or markdown content'),\n  assignments: z.array(attachmentAssignmentSchema).optional().describe('Records that reference this attachment'),\n})\n\nconst attachmentListResponseSchema = z.object({\n  items: z.array(attachmentItemSchema),\n  total: z.number().int().nonnegative().optional(),\n  page: z.number().int().min(1).optional(),\n  pageSize: z.number().int().min(1).optional(),\n  totalPages: z.number().int().min(1).optional(),\n})\n\nconst attachmentUploadBodySchema = z.object({\n  entityId: z.string().min(1),\n  recordId: z.string().min(1),\n  fieldKey: z.string().optional(),\n  file: z.string().min(1).describe('Binary file payload; supplied as multipart form-data'),\n  customFields: z\n    .string()\n    .optional()\n    .describe('JSON encoded map of custom field values collected from the upload form.'),\n})\n\nconst attachmentDeleteQuerySchema = z.object({\n  id: z.string().uuid(),\n})\n\nconst uploadResponseSchema = z.object({\n  ok: z.literal(true),\n  item: z.object({\n    id: z.string(),\n    url: z.string(),\n    fileName: z.string(),\n    fileSize: z.number().int().nonnegative(),\n    thumbnailUrl: z.string().optional(),\n    content: z.string().nullable().optional(),\n    tags: z.array(z.string()).optional(),\n    assignments: z.array(attachmentAssignmentSchema).optional(),\n    customFields: z.record(z.string(), z.unknown()).optional(),\n  }),\n})\n\nconst errorSchema = z.object({\n  error: z.string(),\n})\n\nconst LIBRARY_ENTITY_ID = 'attachments:library'\n\nfunction parseCustomFieldsEntry(value: FormDataEntryValue | null): Record<string, unknown> {\n  if (!value) return {}\n  if (typeof value === 'string') {\n    const trimmed = value.trim()\n    if (!trimmed) return {}\n    try {\n      const parsed = JSON.parse(trimmed)\n      if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {\n        return parsed as Record<string, unknown>\n      }\n    } catch {\n      return {}\n    }\n  }\n  if (typeof value === 'object' && !Array.isArray(value) && !(value instanceof File)) {\n    return { ...(value as Record<string, unknown>) }\n  }\n  return {}\n}\n\nfunction buildFormPayload(form: FormData): Record<string, unknown> {\n  const payload: Record<string, unknown> = {}\n  form.forEach((value, key) => {\n    if (key === 'customFields') {\n      payload.customFields = parseCustomFieldsEntry(value)\n      return\n    }\n    payload[key] = value\n  })\n  return payload\n}\n\nfunction parseFormTags(value: FormDataEntryValue | null): string[] {\n  if (!value) return []\n  if (typeof value === 'string') {\n    const trimmed = value.trim()\n    if (!trimmed) return []\n    try {\n      const parsed = JSON.parse(trimmed)\n      return normalizeAttachmentTags(parsed)\n    } catch {\n      return normalizeAttachmentTags(value)\n    }\n  }\n  return []\n}\n\nfunction parseFormAssignments(value: FormDataEntryValue | null): AttachmentAssignment[] {\n  if (!value) return []\n  if (typeof value !== 'string') return []\n  const trimmed = value.trim()\n  if (!trimmed) return []\n  try {\n    const parsed = JSON.parse(trimmed)\n    return normalizeAttachmentAssignments(parsed)\n  } catch {\n    return []\n  }\n}\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || (!auth.orgId && !auth.isSuperAdmin)) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  const url = new URL(req.url)\n  const parsedQuery = attachmentQuerySchema.safeParse({\n    entityId: url.searchParams.get('entityId') || '',\n    recordId: url.searchParams.get('recordId') || '',\n    page: url.searchParams.get('page') ?? undefined,\n    pageSize: url.searchParams.get('pageSize') ?? undefined,\n  })\n  if (!parsedQuery.success) {\n    return NextResponse.json({ error: 'entityId and recordId are required' }, { status: 400 })\n  }\n  const { entityId, recordId, page, pageSize } = parsedQuery.data\n\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  const filter: Record<string, unknown> = { entityId, recordId, tenantId: auth.tenantId! }\n  if (auth.orgId) filter.organizationId = auth.orgId\n  const orderBy: Record<string, 'ASC' | 'DESC'> = { createdAt: 'DESC' }\n  const usePaging = typeof page === 'number' && typeof pageSize === 'number'\n  const total = usePaging ? await em.count(Attachment, filter) : null\n  const currentPage = usePaging ? Math.max(1, page) : null\n  const currentPageSize = usePaging ? pageSize : null\n  const totalPages = usePaging && total !== null ? Math.max(1, Math.ceil(total / currentPageSize!)) : null\n  const pageOffset = usePaging ? (Math.min(currentPage!, totalPages!) - 1) * currentPageSize! : undefined\n  const items = await findWithDecryption(\n    em,\n    Attachment,\n    filter,\n    {\n      orderBy,\n      ...(usePaging\n        ? {\n            limit: currentPageSize!,\n            offset: pageOffset,\n          }\n        : {}),\n    },\n    {\n      tenantId: auth.tenantId ?? null,\n      organizationId: auth.orgId ?? null,\n    },\n  )\n  return NextResponse.json({\n    items: items.map((a: any) => {\n      const metadata = readAttachmentMetadata(a.storageMetadata)\n      return {\n        id: a.id,\n        url: a.url,\n        fileName: a.fileName,\n        fileSize: a.fileSize,\n        createdAt: a.createdAt,\n        mimeType: a.mimeType ?? null,\n        partitionCode: a.partitionCode,\n        content: a.content ?? null,\n        thumbnailUrl: buildAttachmentImageUrl(a.id, {\n          width: 320,\n          height: 320,\n          slug: slugifyAttachmentFileName(a.fileName),\n        }),\n        tags: metadata.tags ?? [],\n        assignments: metadata.assignments ?? [],\n      }\n    }),\n    ...(usePaging\n      ? {\n          total,\n          page: Math.min(currentPage!, totalPages!),\n          pageSize: currentPageSize,\n          totalPages,\n        }\n      : {}),\n  })\n}\n\nexport async function POST(req: Request) {\n  const { t } = await resolveTranslations()\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || !auth.orgId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  const tenantId = auth.tenantId\n  const orgId = auth.orgId\n\n  const contentType = req.headers.get('content-type') || ''\n  if (!contentType.toLowerCase().includes('multipart/form-data')) {\n    return NextResponse.json({ error: 'Expected multipart/form-data' }, { status: 400 })\n  }\n  if (!isMultipartRequestWithinUploadLimit(req.headers.get('content-length'))) {\n    return NextResponse.json({ error: 'Attachment exceeds the maximum upload size.' }, { status: 413 })\n  }\n\n  const form = await req.formData()\n  const formPayload = buildFormPayload(form)\n  const customFieldValues = splitCustomFieldPayload(formPayload).custom\n  const entityId = String(form.get('entityId') || '')\n  const recordId = String(form.get('recordId') || '')\n  const fieldKey = String(form.get('fieldKey') || '')\n  const file = form.get('file') as unknown as File | null\n  if (!entityId || !recordId || !file) return NextResponse.json({ error: 'entityId, recordId and file are required' }, { status: 400 })\n  const partitionOverrideRaw = form.get('partitionCode')\n  const partitionOverride =\n    typeof partitionOverrideRaw === 'string' && partitionOverrideRaw.trim().length > 0\n      ? sanitizePartitionCode(partitionOverrideRaw)\n      : null\n  const tags = parseFormTags(form.get('tags'))\n  const assignmentsFromForm = parseFormAssignments(form.get('assignments'))\n\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  const dataEngine = resolve('dataEngine')\n  const storageDriverFactory =\n    (resolve('storageDriverFactory') as StorageDriverFactory | null) ?? new StorageDriverFactory(em)\n  await ensureDefaultPartitions(em)\n  // Optional per-field validations\n  let partitionFromField: string | null = null\n  let fieldMaxAttachmentSizeMb: number | null = null\n  if (fieldKey) {\n    try {\n      const { CustomFieldDef } = await import('@open-mercato/core/modules/entities/data/entities')\n      const def = await em.findOne(CustomFieldDef, {\n        entityId,\n        key: fieldKey,\n        $and: [\n          { $or: [ { tenantId: auth.tenantId }, { tenantId: null } ] },\n        ],\n        isActive: true,\n      })\n      const cfg = (def as any)?.configJson || {}\n      const ext = (file.name || '').split('.').pop()?.toLowerCase() || ''\n      if (Array.isArray(cfg.acceptExtensions) && cfg.acceptExtensions.length) {\n        const allowed = new Set((cfg.acceptExtensions as any[]).map((x: any) => String(x).toLowerCase().replace(/^\\./, '')))\n        if (!allowed.has(ext)) return NextResponse.json({ error: 'File type not allowed' }, { status: 400 })\n      }\n      if (typeof cfg.maxAttachmentSizeMb === 'number' && cfg.maxAttachmentSizeMb > 0) {\n        fieldMaxAttachmentSizeMb = cfg.maxAttachmentSizeMb\n      }\n      if (typeof cfg.partitionCode === 'string' && cfg.partitionCode.trim().length > 0) {\n        partitionFromField = sanitizePartitionCode(cfg.partitionCode)\n      }\n    } catch {}\n  }\n  if (hasDangerousExecutableExtension(file.name)) {\n    return NextResponse.json({\n      error: t('attachments.errors.dangerousExecutable', 'Executable file types are not allowed as attachments.'),\n    }, { status: 400 })\n  }\n  const effectiveMaxBytes = resolveAttachmentMaxBytes(fieldMaxAttachmentSizeMb)\n  if (file.size > effectiveMaxBytes) {\n    return NextResponse.json({\n      error: t('attachments.errors.maxUploadSize', 'Attachment exceeds the maximum upload size.'),\n    }, { status: 413 })\n  }\n  const tenantUsageBytes = await readTenantAttachmentUsageBytes(em, tenantId)\n  if (willExceedAttachmentTenantQuota(tenantUsageBytes, file.size)) {\n    return NextResponse.json({\n      error: t('attachments.errors.quotaExceeded', 'Attachment storage quota exceeded for this tenant.'),\n    }, { status: 413 })\n  }\n  const buf = Buffer.from(await file.arrayBuffer())\n  const safeName = sanitizeUploadedFileName(file.name)\n  const fileMimeType = detectAttachmentMimeType(buf, safeName, (file as any).type)\n  if (isActiveContentAttachment(buf, safeName, fileMimeType)) {\n    return NextResponse.json({ error: t('attachments.errors.activeContentBlocked', 'Active content uploads are not allowed.') }, { status: 400 })\n  }\n  const defaultPartitionCode = resolveDefaultPartitionCode(entityId)\n  const resolvedPartitionCode = partitionOverride ?? partitionFromField ?? defaultPartitionCode\n  const partitionCodeCandidates = Array.from(\n    new Set(\n      [partitionOverride, partitionFromField, resolvedPartitionCode].filter(\n        (code): code is string => typeof code === 'string' && code.length > 0,\n      ),\n    ),\n  )\n  let partition: AttachmentPartition | null = null\n  for (const code of partitionCodeCandidates) {\n    const record = await em.findOne(AttachmentPartition, { code })\n    if (record) {\n      partition = record\n      break\n    }\n  }\n  if (!partition) {\n    partition = await em.findOne(AttachmentPartition, { code: defaultPartitionCode })\n  }\n  if (!partition) {\n    return NextResponse.json({ error: 'Storage partition is not configured.' }, { status: 400 })\n  }\n  const requestedPublicOverride =\n    typeof partitionOverride === 'string' &&\n    partitionOverride.length > 0 &&\n    partition.code === partitionOverride &&\n    partition.isPublic === true &&\n    partition.code !== defaultPartitionCode &&\n    partition.code !== partitionFromField\n  if (requestedPublicOverride) {\n    return NextResponse.json({ error: t('attachments.errors.publicPartitionBlocked', 'Public storage partitions cannot be selected explicitly for this upload.') }, { status: 403 })\n  }\n  const uploadDriver = await storageDriverFactory.resolveForPartition(partition.code, { tenantId, organizationId: orgId })\n  let storedPath: string\n  try {\n    const stored = await uploadDriver.store({\n      partitionCode: partition.code,\n      orgId,\n      tenantId,\n      fileName: safeName,\n      buffer: buf,\n    })\n    storedPath = stored.storagePath\n  } catch (error) {\n    console.error('[attachments] failed to persist file', error)\n    return NextResponse.json({ error: 'Failed to persist attachment.' }, { status: 500 })\n  }\n\n  const requiresOcr =\n    typeof (partition as any).requiresOcr === 'boolean'\n      ? Boolean((partition as any).requiresOcr)\n      : resolveDefaultAttachmentOcrEnabled()\n  let extractedContent: string | null = null\n  const wantsLlmOcr = requiresOcr && shouldUseLlmOcr(fileMimeType, safeName)\n  const ocrService = wantsLlmOcr ? new OcrService() : null\n  const useLlmOcr = Boolean(wantsLlmOcr && ocrService?.available)\n\n  if (requiresOcr && !useLlmOcr) {\n    const { filePath: localPath, cleanup } = await uploadDriver.toLocalPath(partition.code, storedPath)\n    try {\n      extractedContent = await extractAttachmentContent({\n        filePath: localPath,\n        mimeType: fileMimeType,\n      })\n    } catch (error) {\n      console.error('[attachments] failed to extract attachment content', error)\n    } finally {\n      await cleanup().catch(() => {})\n    }\n  }\n\n  let assignments = assignmentsFromForm.slice()\n  if (entityId !== LIBRARY_ENTITY_ID) {\n    assignments = upsertAssignment(assignments, { type: entityId, id: recordId })\n  }\n  const metadata = mergeAttachmentMetadata(null, { assignments, tags })\n  const attachmentId = randomUUID()\n  const att = em.create(Attachment, {\n    id: attachmentId,\n    entityId,\n    recordId,\n    organizationId: auth.orgId!,\n    tenantId: auth.tenantId!,\n    fileName: safeName,\n    mimeType: fileMimeType,\n    fileSize: buf.length,\n    partitionCode: partition.code,\n    storageDriver: partition.storageDriver || 'local',\n    storagePath: storedPath,\n    url: buildAttachmentFileUrl(attachmentId),\n    content: extractedContent,\n    storageMetadata: metadata,\n  })\n  await em.persist(att).flush()\n\n  if (useLlmOcr) {\n    requestOcrProcessing(em, att, uploadDriver, storedPath).catch((error) => {\n      console.error('[attachments] failed to queue OCR processing', error)\n    })\n  } else if (wantsLlmOcr) {\n    console.warn('[attachments] OCR requested but OPENAI_API_KEY not configured, falling back to text extraction when available')\n  }\n\n  if (dataEngine) {\n    try {\n      await setCustomFieldsIfAny({\n        dataEngine,\n        entityId: E.attachments.attachment,\n        recordId: attachmentId,\n        tenantId,\n        organizationId: orgId,\n        values: customFieldValues,\n      })\n    } catch (error) {\n      console.error('[attachments] failed to persist custom attributes', error)\n      return NextResponse.json({ error: 'Failed to save attachment attributes.' }, { status: 500 })\n    }\n    await emitCrudSideEffects({\n      dataEngine,\n      action: 'created',\n      entity: att,\n      identifiers: {\n        id: att.id,\n        organizationId: att.organizationId ?? null,\n        tenantId: att.tenantId ?? null,\n      },\n      events: attachmentCrudEvents,\n      indexer: attachmentCrudIndexer,\n    })\n    await dataEngine.flushOrmEntityChanges()\n  }\n\n  return NextResponse.json({\n    ok: true,\n    item: {\n      id: attachmentId,\n      url: att.url,\n      fileName: safeName,\n      fileSize: buf.length,\n      partitionCode: partition.code,\n      thumbnailUrl: buildAttachmentImageUrl(attachmentId, {\n        width: 320,\n        height: 320,\n        slug: slugifyAttachmentFileName(safeName),\n      }),\n      content: extractedContent ?? null,\n      tags: metadata.tags ?? [],\n      assignments: metadata.assignments ?? [],\n      customFields: Object.keys(customFieldValues).length ? customFieldValues : undefined,\n    },\n  })\n}\n\nasync function readTenantAttachmentUsageBytes(em: EntityManager, tenantId: string): Promise<number> {\n  try {\n    const db = em.getKysely<any>() as any\n    const row = await db\n      .selectFrom('attachments')\n      .select(sql<string>`sum(file_size)`.as('total_size'))\n      .where('tenant_id', '=', tenantId)\n      .executeTakeFirst() as { total_size: string | number | null } | undefined\n    const total = row?.total_size\n    if (typeof total === 'number') return Number.isFinite(total) ? total : 0\n    if (typeof total === 'string') {\n      const parsed = Number(total)\n      return Number.isFinite(parsed) ? parsed : 0\n    }\n    return 0\n  } catch {\n    return 0\n  }\n}\n\nexport async function DELETE(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || !auth.orgId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  const url = new URL(req.url)\n  const id = url.searchParams.get('id') || ''\n  if (!id) return NextResponse.json({ error: 'Attachment id is required' }, { status: 400 })\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  const dataEngine = resolve('dataEngine')\n  const storageDriverFactory =\n    (resolve('storageDriverFactory') as StorageDriverFactory | null) ?? new StorageDriverFactory(em)\n  const deleteFilter: Record<string, unknown> = { id, tenantId: auth.tenantId!, organizationId: auth.orgId }\n  const record = await em.findOne(Attachment, deleteFilter)\n  if (!record) return NextResponse.json({ error: 'Attachment not found' }, { status: 404 })\n  await em.remove(record).flush()\n  await clearAttachmentThumbnailCache(record.partitionCode, record.id).catch((error) => {\n    console.error('[attachments] failed to cleanup cached thumbnails', error)\n  })\n  if (record.storagePath) {\n    const delDriver = await storageDriverFactory.resolveForPartition(record.partitionCode, {\n      tenantId: record.tenantId ?? auth.tenantId!,\n      organizationId: record.organizationId ?? auth.orgId,\n    })\n    await delDriver.delete(record.partitionCode, record.storagePath)\n  }\n  if (dataEngine) {\n    await emitCrudSideEffects({\n      dataEngine,\n      action: 'deleted',\n      entity: record,\n      identifiers: {\n        id: record.id,\n        organizationId: record.organizationId ?? null,\n        tenantId: record.tenantId ?? null,\n      },\n      events: attachmentCrudEvents,\n      indexer: attachmentCrudIndexer,\n    })\n    await dataEngine.flushOrmEntityChanges()\n  }\n  return NextResponse.json({ ok: true })\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Manage entity attachments',\n  description: 'Upload and list attachments associated with module entities and records.',\n  methods: {\n    GET: {\n      summary: 'List attachments for a record',\n      description: 'Returns uploaded attachments for the given entity record, ordered by newest first.',\n      query: attachmentQuerySchema,\n      responses: [\n        { status: 200, description: 'Attachments found for the record', schema: attachmentListResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Missing entity or record identifiers', schema: errorSchema },\n        { status: 401, description: 'Unauthorized', schema: errorSchema },\n      ],\n    },\n    POST: {\n      summary: 'Upload attachment',\n      description: 'Uploads a new attachment using multipart form-data and stores metadata for later retrieval.',\n      requestBody: {\n        contentType: 'multipart/form-data',\n        schema: attachmentUploadBodySchema,\n      },\n      responses: [\n        { status: 200, description: 'Attachment stored successfully', schema: uploadResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Payload validation error', schema: errorSchema },\n        { status: 401, description: 'Unauthorized', schema: errorSchema },\n        { status: 403, description: 'Attachment violates field constraints', schema: errorSchema },\n      ],\n    },\n    DELETE: {\n      summary: 'Delete attachment',\n      description: 'Removes an uploaded attachment and deletes the stored asset.',\n      query: attachmentDeleteQuerySchema,\n      responses: [\n        { status: 200, description: 'Attachment deleted', schema: z.object({ ok: z.literal(true) }) },\n        { status: 404, description: 'Attachment not found', schema: errorSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Missing attachment identifier', schema: errorSchema },\n        { status: 401, description: 'Unauthorized', schema: errorSchema },\n      ],\n    },\n  },\n}\n"],
-  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC,SAAS,SAAS;AAClB,SAAS,WAAW;AAEpB,SAAS,wBAAwB,yBAAyB,iCAAiC;AAC3F,SAAS,yBAAyB,6BAA6B,6BAA6B;AAC5F,SAAS,YAAY,2BAA2B;AAChD,SAAS,gCAAgC;AACzC,SAAS,4BAA4B;AACrC,SAAS,4BAA4B;AACrC,SAAS,YAAY,uBAAuB;AAC5C,SAAS,qCAAqC;AAC9C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAEK;AACP,SAAS,kBAAkB;AAE3B,SAAS,+BAA+B;AACxC,SAAS,qBAAqB,4BAA4B;AAC1D,SAAS,2BAA2B;AACpC,SAAS,sBAAsB,6BAA6B;AAC5D,SAAS,SAAS;AAClB,SAAS,0CAA0C;AACnD;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,0BAA0B;AAE5B,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,kBAAkB,EAAE;AAAA,EAChE,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,oBAAoB,EAAE;AAAA,EACnE,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,oBAAoB,EAAE;AACvE;AAEA,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,6CAA6C;AAAA,EAClF,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,qCAAqC;AAAA,EAC1E,MAAM,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACxC,UAAU,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AACvD,CAAC;AAED,MAAM,6BAA6B,EAAE,OAAO;AAAA,EAC1C,MAAM,EAAE,OAAO,EAAE,SAAS,4BAA4B;AAAA,EACtD,IAAI,EAAE,OAAO,EAAE,SAAS,8BAA8B;AAAA,EACtD,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,qCAAqC;AAAA,EACrF,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,mCAAmC;AACtF,CAAC;AAED,MAAM,uBAAuB,EAAE,OAAO;AAAA,EACpC,IAAI,EAAE,OAAO,EAAE,SAAS,uBAAuB;AAAA,EAC/C,KAAK,EAAE,OAAO,EAAE,SAAS,iCAAiC;AAAA,EAC1D,UAAU,EAAE,OAAO,EAAE,SAAS,mBAAmB;AAAA,EACjD,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,oBAAoB;AAAA,EACtE,WAAW,EAAE,OAAO,EAAE,SAAS,6BAA6B;AAAA,EAC5D,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,uBAAuB;AAAA,EAC3E,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,uCAAuC;AAAA,EACpF,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,sBAAsB;AAAA,EACpE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS,iCAAiC;AAAA,EAC/E,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,oCAAoC;AAAA,EACvF,aAAa,EAAE,MAAM,0BAA0B,EAAE,SAAS,EAAE,SAAS,wCAAwC;AAC/G,CAAC;AAED,MAAM,+BAA+B,EAAE,OAAO;AAAA,EAC5C,OAAO,EAAE,MAAM,oBAAoB;AAAA,EACnC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS;AAAA,EAC/C,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACvC,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EAC3C,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAC/C,CAAC;AAED,MAAM,6BAA6B,EAAE,OAAO;AAAA,EAC1C,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,sDAAsD;AAAA,EACvF,cAAc,EACX,OAAO,EACP,SAAS,EACT,SAAS,yEAAyE;AACvF,CAAC;AAED,MAAM,8BAA8B,EAAE,OAAO;AAAA,EAC3C,IAAI,EAAE,OAAO,EAAE,KAAK;AACtB,CAAC;AAED,MAAM,uBAAuB,EAAE,OAAO;AAAA,EACpC,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,MAAM,EAAE,OAAO;AAAA,IACb,IAAI,EAAE,OAAO;AAAA,IACb,KAAK,EAAE,OAAO;AAAA,IACd,UAAU,EAAE,OAAO;AAAA,IACnB,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY;AAAA,IACvC,cAAc,EAAE,OAAO,EAAE,SAAS;AAAA,IAClC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACxC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IACnC,aAAa,EAAE,MAAM,0BAA0B,EAAE,SAAS;AAAA,IAC1D,cAAc,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,QAAQ,CAAC,EAAE,SAAS;AAAA,EAC3D,CAAC;AACH,CAAC;AAED,MAAM,cAAc,EAAE,OAAO;AAAA,EAC3B,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,MAAM,oBAAoB;AAE1B,SAAS,uBAAuB,OAA2D;AACzF,MAAI,CAAC,MAAO,QAAO,CAAC;AACpB,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,UAAU,MAAM,KAAK;AAC3B,QAAI,CAAC,QAAS,QAAO,CAAC;AACtB,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,OAAO;AACjC,UAAI,UAAU,OAAO,WAAW,YAAY,CAAC,MAAM,QAAQ,MAAM,GAAG;AAClE,eAAO;AAAA,MACT;AAAA,IACF,QAAQ;AACN,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AACA,MAAI,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ,KAAK,KAAK,EAAE,iBAAiB,OAAO;AAClF,WAAO,EAAE,GAAI,MAAkC;AAAA,EACjD;AACA,SAAO,CAAC;AACV;AAEA,SAAS,iBAAiB,MAAyC;AACjE,QAAM,UAAmC,CAAC;AAC1C,OAAK,QAAQ,CAAC,OAAO,QAAQ;AAC3B,QAAI,QAAQ,gBAAgB;AAC1B,cAAQ,eAAe,uBAAuB,KAAK;AACnD;AAAA,IACF;AACA,YAAQ,GAAG,IAAI;AAAA,EACjB,CAAC;AACD,SAAO;AACT;AAEA,SAAS,cAAc,OAA4C;AACjE,MAAI,CAAC,MAAO,QAAO,CAAC;AACpB,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,UAAU,MAAM,KAAK;AAC3B,QAAI,CAAC,QAAS,QAAO,CAAC;AACtB,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,OAAO;AACjC,aAAO,wBAAwB,MAAM;AAAA,IACvC,QAAQ;AACN,aAAO,wBAAwB,KAAK;AAAA,IACtC;AAAA,EACF;AACA,SAAO,CAAC;AACV;AAEA,SAAS,qBAAqB,OAA0D;AACtF,MAAI,CAAC,MAAO,QAAO,CAAC;AACpB,MAAI,OAAO,UAAU,SAAU,QAAO,CAAC;AACvC,QAAM,UAAU,MAAM,KAAK;AAC3B,MAAI,CAAC,QAAS,QAAO,CAAC;AACtB,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,OAAO;AACjC,WAAO,+BAA+B,MAAM;AAAA,EAC9C,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAEA,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAa,CAAC,KAAK,SAAS,CAAC,KAAK,aAAe,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AACvI,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,cAAc,sBAAsB,UAAU;AAAA,IAClD,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,IAC9C,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,IAC9C,MAAM,IAAI,aAAa,IAAI,MAAM,KAAK;AAAA,IACtC,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,EAChD,CAAC;AACD,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO,aAAa,KAAK,EAAE,OAAO,qCAAqC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AACA,QAAM,EAAE,UAAU,UAAU,MAAM,SAAS,IAAI,YAAY;AAE3D,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,SAAkC,EAAE,UAAU,UAAU,UAAU,KAAK,SAAU;AACvF,MAAI,KAAK,MAAO,QAAO,iBAAiB,KAAK;AAC7C,QAAM,UAA0C,EAAE,WAAW,OAAO;AACpE,QAAM,YAAY,OAAO,SAAS,YAAY,OAAO,aAAa;AAClE,QAAM,QAAQ,YAAY,MAAM,GAAG,MAAM,YAAY,MAAM,IAAI;AAC/D,QAAM,cAAc,YAAY,KAAK,IAAI,GAAG,IAAI,IAAI;AACpD,QAAM,kBAAkB,YAAY,WAAW;AAC/C,QAAM,aAAa,aAAa,UAAU,OAAO,KAAK,IAAI,GAAG,KAAK,KAAK,QAAQ,eAAgB,CAAC,IAAI;AACpG,QAAM,aAAa,aAAa,KAAK,IAAI,aAAc,UAAW,IAAI,KAAK,kBAAmB;AAC9F,QAAM,QAAQ,MAAM;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,MACE;AAAA,MACA,GAAI,YACA;AAAA,QACE,OAAO;AAAA,QACP,QAAQ;AAAA,MACV,IACA,CAAC;AAAA,IACP;AAAA,IACA;AAAA,MACE,UAAU,KAAK,YAAY;AAAA,MAC3B,gBAAgB,KAAK,SAAS;AAAA,IAChC;AAAA,EACF;AACA,SAAO,aAAa,KAAK;AAAA,IACvB,OAAO,MAAM,IAAI,CAAC,MAAW;AAC3B,YAAMA,YAAW,uBAAuB,EAAE,eAAe;AACzD,aAAO;AAAA,QACL,IAAI,EAAE;AAAA,QACN,KAAK,EAAE;AAAA,QACP,UAAU,EAAE;AAAA,QACZ,UAAU,EAAE;AAAA,QACZ,WAAW,EAAE;AAAA,QACb,UAAU,EAAE,YAAY;AAAA,QACxB,eAAe,EAAE;AAAA,QACjB,SAAS,EAAE,WAAW;AAAA,QACtB,cAAc,wBAAwB,EAAE,IAAI;AAAA,UAC1C,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,MAAM,0BAA0B,EAAE,QAAQ;AAAA,QAC5C,CAAC;AAAA,QACD,MAAMA,UAAS,QAAQ,CAAC;AAAA,QACxB,aAAaA,UAAS,eAAe,CAAC;AAAA,MACxC;AAAA,IACF,CAAC;AAAA,IACD,GAAI,YACA;AAAA,MACE;AAAA,MACA,MAAM,KAAK,IAAI,aAAc,UAAW;AAAA,MACxC,UAAU;AAAA,MACV;AAAA,IACF,IACA,CAAC;AAAA,EACP,CAAC;AACH;AAEA,eAAsB,KAAK,KAAc;AACvC,QAAM,EAAE,EAAE,IAAI,MAAM,oBAAoB;AACxC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,KAAK,MAAO,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC/G,QAAM,WAAW,KAAK;AACtB,QAAM,QAAQ,KAAK;AAEnB,QAAM,cAAc,IAAI,QAAQ,IAAI,cAAc,KAAK;AACvD,MAAI,CAAC,YAAY,YAAY,EAAE,SAAS,qBAAqB,GAAG;AAC9D,WAAO,aAAa,KAAK,EAAE,OAAO,+BAA+B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrF;AACA,MAAI,CAAC,oCAAoC,IAAI,QAAQ,IAAI,gBAAgB,CAAC,GAAG;AAC3E,WAAO,aAAa,KAAK,EAAE,OAAO,8CAA8C,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpG;AAEA,QAAM,OAAO,MAAM,IAAI,SAAS;AAChC,QAAM,cAAc,iBAAiB,IAAI;AACzC,QAAM,oBAAoB,wBAAwB,WAAW,EAAE;AAC/D,QAAM,WAAW,OAAO,KAAK,IAAI,UAAU,KAAK,EAAE;AAClD,QAAM,WAAW,OAAO,KAAK,IAAI,UAAU,KAAK,EAAE;AAClD,QAAM,WAAW,OAAO,KAAK,IAAI,UAAU,KAAK,EAAE;AAClD,QAAM,OAAO,KAAK,IAAI,MAAM;AAC5B,MAAI,CAAC,YAAY,CAAC,YAAY,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,2CAA2C,GAAG,EAAE,QAAQ,IAAI,CAAC;AACpI,QAAM,uBAAuB,KAAK,IAAI,eAAe;AACrD,QAAM,oBACJ,OAAO,yBAAyB,YAAY,qBAAqB,KAAK,EAAE,SAAS,IAC7E,sBAAsB,oBAAoB,IAC1C;AACN,QAAM,OAAO,cAAc,KAAK,IAAI,MAAM,CAAC;AAC3C,QAAM,sBAAsB,qBAAqB,KAAK,IAAI,aAAa,CAAC;AAExE,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,aAAa,QAAQ,YAAY;AACvC,QAAM,uBACH,QAAQ,sBAAsB,KAAqC,IAAI,qBAAqB,EAAE;AACjG,QAAM,wBAAwB,EAAE;AAEhC,MAAI,qBAAoC;AACxC,MAAI,2BAA0C;AAC9C,MAAI,UAAU;AACZ,QAAI;AACF,YAAM,EAAE,eAAe,IAAI,MAAM,OAAO,mDAAmD;AAC3F,YAAM,MAAM,MAAM,GAAG,QAAQ,gBAAgB;AAAA,QAC3C;AAAA,QACA,KAAK;AAAA,QACL,MAAM;AAAA,UACJ,EAAE,KAAK,CAAE,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAE,EAAE;AAAA,QAC7D;AAAA,QACA,UAAU;AAAA,MACZ,CAAC;AACD,YAAM,MAAO,KAAa,cAAc,CAAC;AACzC,YAAM,OAAO,KAAK,QAAQ,IAAI,MAAM,GAAG,EAAE,IAAI,GAAG,YAAY,KAAK;AACjE,UAAI,MAAM,QAAQ,IAAI,gBAAgB,KAAK,IAAI,iBAAiB,QAAQ;AACtE,cAAM,UAAU,IAAI,IAAK,IAAI,iBAA2B,IAAI,CAAC,MAAW,OAAO,CAAC,EAAE,YAAY,EAAE,QAAQ,OAAO,EAAE,CAAC,CAAC;AACnH,YAAI,CAAC,QAAQ,IAAI,GAAG,EAAG,QAAO,aAAa,KAAK,EAAE,OAAO,wBAAwB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrG;AACA,UAAI,OAAO,IAAI,wBAAwB,YAAY,IAAI,sBAAsB,GAAG;AAC9E,mCAA2B,IAAI;AAAA,MACjC;AACA,UAAI,OAAO,IAAI,kBAAkB,YAAY,IAAI,cAAc,KAAK,EAAE,SAAS,GAAG;AAChF,6BAAqB,sBAAsB,IAAI,aAAa;AAAA,MAC9D;AAAA,IACF,QAAQ;AAAA,IAAC;AAAA,EACX;AACA,MAAI,gCAAgC,KAAK,IAAI,GAAG;AAC9C,WAAO,aAAa,KAAK;AAAA,MACvB,OAAO,EAAE,0CAA0C,uDAAuD;AAAA,IAC5G,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpB;AACA,QAAM,oBAAoB,0BAA0B,wBAAwB;AAC5E,MAAI,KAAK,OAAO,mBAAmB;AACjC,WAAO,aAAa,KAAK;AAAA,MACvB,OAAO,EAAE,oCAAoC,6CAA6C;AAAA,IAC5F,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpB;AACA,QAAM,mBAAmB,MAAM,+BAA+B,IAAI,QAAQ;AAC1E,MAAI,gCAAgC,kBAAkB,KAAK,IAAI,GAAG;AAChE,WAAO,aAAa,KAAK;AAAA,MACvB,OAAO,EAAE,oCAAoC,oDAAoD;AAAA,IACnG,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpB;AACA,QAAM,MAAM,OAAO,KAAK,MAAM,KAAK,YAAY,CAAC;AAChD,QAAM,WAAW,yBAAyB,KAAK,IAAI;AACnD,QAAM,eAAe,yBAAyB,KAAK,UAAW,KAAa,IAAI;AAC/E,MAAI,0BAA0B,KAAK,UAAU,YAAY,GAAG;AAC1D,WAAO,aAAa,KAAK,EAAE,OAAO,EAAE,2CAA2C,yCAAyC,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC9I;AACA,QAAM,uBAAuB,4BAA4B,QAAQ;AACjE,QAAM,wBAAwB,qBAAqB,sBAAsB;AACzE,QAAM,0BAA0B,MAAM;AAAA,IACpC,IAAI;AAAA,MACF,CAAC,mBAAmB,oBAAoB,qBAAqB,EAAE;AAAA,QAC7D,CAAC,SAAyB,OAAO,SAAS,YAAY,KAAK,SAAS;AAAA,MACtE;AAAA,IACF;AAAA,EACF;AACA,MAAI,YAAwC;AAC5C,aAAW,QAAQ,yBAAyB;AAC1C,UAAM,SAAS,MAAM,GAAG,QAAQ,qBAAqB,EAAE,KAAK,CAAC;AAC7D,QAAI,QAAQ;AACV,kBAAY;AACZ;AAAA,IACF;AAAA,EACF;AACA,MAAI,CAAC,WAAW;AACd,gBAAY,MAAM,GAAG,QAAQ,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAAA,EAClF;AACA,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,OAAO,uCAAuC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AACA,QAAM,0BACJ,OAAO,sBAAsB,YAC7B,kBAAkB,SAAS,KAC3B,UAAU,SAAS,qBACnB,UAAU,aAAa,QACvB,UAAU,SAAS,wBACnB,UAAU,SAAS;AACrB,MAAI,yBAAyB;AAC3B,WAAO,aAAa,KAAK,EAAE,OAAO,EAAE,6CAA6C,0EAA0E,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACjL;AACA,QAAM,eAAe,MAAM,qBAAqB,oBAAoB,UAAU,MAAM,EAAE,UAAU,gBAAgB,MAAM,CAAC;AACvH,MAAI;AACJ,MAAI;AACF,UAAM,SAAS,MAAM,aAAa,MAAM;AAAA,MACtC,eAAe,UAAU;AAAA,MACzB;AAAA,MACA;AAAA,MACA,UAAU;AAAA,MACV,QAAQ;AAAA,IACV,CAAC;AACD,iBAAa,OAAO;AAAA,EACtB,SAAS,OAAO;AACd,YAAQ,MAAM,wCAAwC,KAAK;AAC3D,WAAO,aAAa,KAAK,EAAE,OAAO,gCAAgC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACtF;AAEA,QAAM,cACJ,OAAQ,UAAkB,gBAAgB,YACtC,QAAS,UAAkB,WAAW,IACtC,mCAAmC;AACzC,MAAI,mBAAkC;AACtC,QAAM,cAAc,eAAe,gBAAgB,cAAc,QAAQ;AACzE,QAAM,aAAa,cAAc,IAAI,WAAW,IAAI;AACpD,QAAM,YAAY,QAAQ,eAAe,YAAY,SAAS;AAE9D,MAAI,eAAe,CAAC,WAAW;AAC7B,UAAM,EAAE,UAAU,WAAW,QAAQ,IAAI,MAAM,aAAa,YAAY,UAAU,MAAM,UAAU;AAClG,QAAI;AACF,yBAAmB,MAAM,yBAAyB;AAAA,QAChD,UAAU;AAAA,QACV,UAAU;AAAA,MACZ,CAAC;AAAA,IACH,SAAS,OAAO;AACd,cAAQ,MAAM,sDAAsD,KAAK;AAAA,IAC3E,UAAE;AACA,YAAM,QAAQ,EAAE,MAAM,MAAM;AAAA,MAAC,CAAC;AAAA,IAChC;AAAA,EACF;AAEA,MAAI,cAAc,oBAAoB,MAAM;AAC5C,MAAI,aAAa,mBAAmB;AAClC,kBAAc,iBAAiB,aAAa,EAAE,MAAM,UAAU,IAAI,SAAS,CAAC;AAAA,EAC9E;AACA,QAAMA,YAAW,wBAAwB,MAAM,EAAE,aAAa,KAAK,CAAC;AACpE,QAAM,eAAe,WAAW;AAChC,QAAM,MAAM,GAAG,OAAO,YAAY;AAAA,IAChC,IAAI;AAAA,IACJ;AAAA,IACA;AAAA,IACA,gBAAgB,KAAK;AAAA,IACrB,UAAU,KAAK;AAAA,IACf,UAAU;AAAA,IACV,UAAU;AAAA,IACV,UAAU,IAAI;AAAA,IACd,eAAe,UAAU;AAAA,IACzB,eAAe,UAAU,iBAAiB;AAAA,IAC1C,aAAa;AAAA,IACb,KAAK,uBAAuB,YAAY;AAAA,IACxC,SAAS;AAAA,IACT,iBAAiBA;AAAA,EACnB,CAAC;AACD,QAAM,GAAG,QAAQ,GAAG,EAAE,MAAM;AAE5B,MAAI,WAAW;AACb,yBAAqB,IAAI,KAAK,cAAc,UAAU,EAAE,MAAM,CAAC,UAAU;AACvE,cAAQ,MAAM,gDAAgD,KAAK;AAAA,IACrE,CAAC;AAAA,EACH,WAAW,aAAa;AACtB,YAAQ,KAAK,+GAA+G;AAAA,EAC9H;AAEA,MAAI,YAAY;AACd,QAAI;AACF,YAAM,qBAAqB;AAAA,QACzB;AAAA,QACA,UAAU,EAAE,YAAY;AAAA,QACxB,UAAU;AAAA,QACV;AAAA,QACA,gBAAgB;AAAA,QAChB,QAAQ;AAAA,MACV,CAAC;AAAA,IACH,SAAS,OAAO;AACd,cAAQ,MAAM,qDAAqD,KAAK;AACxE,aAAO,aAAa,KAAK,EAAE,OAAO,wCAAwC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9F;AACA,UAAM,oBAAoB;AAAA,MACxB;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,aAAa;AAAA,QACX,IAAI,IAAI;AAAA,QACR,gBAAgB,IAAI,kBAAkB;AAAA,QACtC,UAAU,IAAI,YAAY;AAAA,MAC5B;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,IACX,CAAC;AACD,UAAM,WAAW,sBAAsB;AAAA,EACzC;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,KAAK,IAAI;AAAA,MACT,UAAU;AAAA,MACV,UAAU,IAAI;AAAA,MACd,eAAe,UAAU;AAAA,MACzB,cAAc,wBAAwB,cAAc;AAAA,QAClD,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,MAAM,0BAA0B,QAAQ;AAAA,MAC1C,CAAC;AAAA,MACD,SAAS,oBAAoB;AAAA,MAC7B,MAAMA,UAAS,QAAQ,CAAC;AAAA,MACxB,aAAaA,UAAS,eAAe,CAAC;AAAA,MACtC,cAAc,OAAO,KAAK,iBAAiB,EAAE,SAAS,oBAAoB;AAAA,IAC5E;AAAA,EACF,CAAC;AACH;AAEA,eAAe,+BAA+B,IAAmB,UAAmC;AAClG,MAAI;AACF,UAAM,KAAK,GAAG,UAAe;AAC7B,UAAM,MAAM,MAAM,GACf,WAAW,aAAa,EACxB,OAAO,oBAA4B,GAAG,YAAY,CAAC,EACnD,MAAM,aAAa,KAAK,QAAQ,EAChC,iBAAiB;AACpB,UAAM,QAAQ,KAAK;AACnB,QAAI,OAAO,UAAU,SAAU,QAAO,OAAO,SAAS,KAAK,IAAI,QAAQ;AACvE,QAAI,OAAO,UAAU,UAAU;AAC7B,YAAM,SAAS,OAAO,KAAK;AAC3B,aAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAAA,IAC5C;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,OAAO,KAAc;AACzC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,KAAK,MAAO,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC/G,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,KAAK,IAAI,aAAa,IAAI,IAAI,KAAK;AACzC,MAAI,CAAC,GAAI,QAAO,aAAa,KAAK,EAAE,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AACzF,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,aAAa,QAAQ,YAAY;AACvC,QAAM,uBACH,QAAQ,sBAAsB,KAAqC,IAAI,qBAAqB,EAAE;AACjG,QAAM,eAAwC,EAAE,IAAI,UAAU,KAAK,UAAW,gBAAgB,KAAK,MAAM;AACzG,QAAM,SAAS,MAAM,GAAG,QAAQ,YAAY,YAAY;AACxD,MAAI,CAAC,OAAQ,QAAO,aAAa,KAAK,EAAE,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AACxF,QAAM,GAAG,OAAO,MAAM,EAAE,MAAM;AAC9B,QAAM,8BAA8B,OAAO,eAAe,OAAO,EAAE,EAAE,MAAM,CAAC,UAAU;AACpF,YAAQ,MAAM,qDAAqD,KAAK;AAAA,EAC1E,CAAC;AACD,MAAI,OAAO,aAAa;AACtB,UAAM,YAAY,MAAM,qBAAqB,oBAAoB,OAAO,eAAe;AAAA,MACrF,UAAU,OAAO,YAAY,KAAK;AAAA,MAClC,gBAAgB,OAAO,kBAAkB,KAAK;AAAA,IAChD,CAAC;AACD,UAAM,UAAU,OAAO,OAAO,eAAe,OAAO,WAAW;AAAA,EACjE;AACA,MAAI,YAAY;AACd,UAAM,oBAAoB;AAAA,MACxB;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,aAAa;AAAA,QACX,IAAI,OAAO;AAAA,QACX,gBAAgB,OAAO,kBAAkB;AAAA,QACzC,UAAU,OAAO,YAAY;AAAA,MAC/B;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,IACX,CAAC;AACD,UAAM,WAAW,sBAAsB;AAAA,EACzC;AACA,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,oCAAoC,QAAQ,6BAA6B;AAAA,MACvG;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,YAAY;AAAA,QACxF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,MAClE;AAAA,IACF;AAAA,IACA,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,kCAAkC,QAAQ,qBAAqB;AAAA,MAC7F;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,QAC5E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,QAChE,EAAE,QAAQ,KAAK,aAAa,yCAAyC,QAAQ,YAAY;AAAA,MAC3F;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,sBAAsB,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC,EAAE;AAAA,QAC5F,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,YAAY;AAAA,MAC1E;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,iCAAiC,QAAQ,YAAY;AAAA,QACjF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,MAClE;AAAA,IACF;AAAA,EACF;AACF;",
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { z } from 'zod'\nimport { sql } from 'kysely'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { buildAttachmentFileUrl, buildAttachmentImageUrl, slugifyAttachmentFileName } from '../lib/imageUrls'\nimport { ensureDefaultPartitions, resolveDefaultPartitionCode, sanitizePartitionCode } from '../lib/partitions'\nimport { Attachment, AttachmentPartition } from '../data/entities'\nimport { extractAttachmentContent } from '../lib/textExtraction'\nimport { requestOcrProcessing } from '../lib/ocrQueue'\nimport { StorageDriverFactory } from '../lib/drivers'\nimport { OcrService, shouldUseLlmOcr } from '../lib/ocrService'\nimport { clearAttachmentThumbnailCache } from '../lib/thumbnailCache'\nimport {\n  mergeAttachmentMetadata,\n  normalizeAttachmentAssignments,\n  normalizeAttachmentTags,\n  readAttachmentMetadata,\n  upsertAssignment,\n  type AttachmentAssignment,\n} from '../lib/metadata'\nimport { randomUUID } from 'crypto'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { splitCustomFieldPayload } from '@open-mercato/shared/lib/crud/custom-fields'\nimport { emitCrudSideEffects, setCustomFieldsIfAny } from '@open-mercato/shared/lib/commands/helpers'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { attachmentCrudEvents, attachmentCrudIndexer } from '../lib/crud'\nimport { E } from '#generated/entities.ids.generated'\nimport { resolveDefaultAttachmentOcrEnabled } from '../lib/ocrConfig'\nimport {\n  detectAttachmentMimeType,\n  hasDangerousExecutableExtension,\n  isActiveContentAttachment,\n  sanitizeUploadedFileName,\n} from '../lib/security'\nimport {\n  isMultipartRequestWithinUploadLimit,\n  resolveAttachmentMaxBytes,\n  willExceedAttachmentTenantQuota,\n} from '../lib/upload-limits'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport const metadata = {\n  GET: { requireAuth: true, requireFeatures: ['attachments.view'] },\n  POST: { requireAuth: true, requireFeatures: ['attachments.manage'] },\n  DELETE: { requireAuth: true, requireFeatures: ['attachments.manage'] },\n}\n\nconst attachmentQuerySchema = z.object({\n  entityId: z.string().min(1).describe('Entity identifier that owns the attachments'),\n  recordId: z.string().min(1).describe('Record identifier within the entity'),\n  page: z.coerce.number().min(1).optional(),\n  pageSize: z.coerce.number().min(1).max(100).optional(),\n})\n\nconst attachmentAssignmentSchema = z.object({\n  type: z.string().describe('Assignment type identifier'),\n  id: z.string().describe('Assignment record identifier'),\n  href: z.string().nullable().optional().describe('Optional link to the related record'),\n  label: z.string().nullable().optional().describe('Optional label for the assignment'),\n})\n\nconst attachmentItemSchema = z.object({\n  id: z.string().describe('Attachment identifier'),\n  url: z.string().describe('Public path to the stored asset'),\n  fileName: z.string().describe('Original filename'),\n  fileSize: z.number().int().nonnegative().describe('File size in bytes'),\n  createdAt: z.string().describe('Upload timestamp (ISO 8601)'),\n  mimeType: z.string().nullable().optional().describe('MIME type of the file'),\n  thumbnailUrl: z.string().optional().describe('Helper route that renders a thumbnail'),\n  partitionCode: z.string().optional().describe('Partition identifier'),\n  tags: z.array(z.string()).optional().describe('Tags assigned to the attachment'),\n  content: z.string().nullable().optional().describe('Extracted text or markdown content'),\n  assignments: z.array(attachmentAssignmentSchema).optional().describe('Records that reference this attachment'),\n})\n\nconst attachmentListResponseSchema = z.object({\n  items: z.array(attachmentItemSchema),\n  total: z.number().int().nonnegative().optional(),\n  page: z.number().int().min(1).optional(),\n  pageSize: z.number().int().min(1).optional(),\n  totalPages: z.number().int().min(1).optional(),\n})\n\nconst attachmentUploadBodySchema = z.object({\n  entityId: z.string().min(1),\n  recordId: z.string().min(1),\n  fieldKey: z.string().optional(),\n  file: z.string().min(1).describe('Binary file payload; supplied as multipart form-data'),\n  customFields: z\n    .string()\n    .optional()\n    .describe('JSON encoded map of custom field values collected from the upload form.'),\n})\n\nconst attachmentDeleteQuerySchema = z.object({\n  id: z.string().uuid(),\n})\n\nconst uploadResponseSchema = z.object({\n  ok: z.literal(true),\n  item: z.object({\n    id: z.string(),\n    url: z.string(),\n    fileName: z.string(),\n    fileSize: z.number().int().nonnegative(),\n    thumbnailUrl: z.string().optional(),\n    content: z.string().nullable().optional(),\n    tags: z.array(z.string()).optional(),\n    assignments: z.array(attachmentAssignmentSchema).optional(),\n    customFields: z.record(z.string(), z.unknown()).optional(),\n  }),\n})\n\nconst errorSchema = z.object({\n  error: z.string(),\n})\n\nconst LIBRARY_ENTITY_ID = 'attachments:library'\n\nfunction parseCustomFieldsEntry(value: FormDataEntryValue | null): Record<string, unknown> {\n  if (!value) return {}\n  if (typeof value === 'string') {\n    const trimmed = value.trim()\n    if (!trimmed) return {}\n    try {\n      const parsed = JSON.parse(trimmed)\n      if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {\n        return parsed as Record<string, unknown>\n      }\n    } catch {\n      return {}\n    }\n  }\n  if (typeof value === 'object' && !Array.isArray(value) && !(value instanceof File)) {\n    return { ...(value as Record<string, unknown>) }\n  }\n  return {}\n}\n\nfunction buildFormPayload(form: FormData): Record<string, unknown> {\n  const payload: Record<string, unknown> = {}\n  form.forEach((value, key) => {\n    if (key === 'customFields') {\n      payload.customFields = parseCustomFieldsEntry(value)\n      return\n    }\n    payload[key] = value\n  })\n  return payload\n}\n\nfunction parseFormTags(value: FormDataEntryValue | null): string[] {\n  if (!value) return []\n  if (typeof value === 'string') {\n    const trimmed = value.trim()\n    if (!trimmed) return []\n    try {\n      const parsed = JSON.parse(trimmed)\n      return normalizeAttachmentTags(parsed)\n    } catch {\n      return normalizeAttachmentTags(value)\n    }\n  }\n  return []\n}\n\nfunction parseFormAssignments(value: FormDataEntryValue | null): AttachmentAssignment[] {\n  if (!value) return []\n  if (typeof value !== 'string') return []\n  const trimmed = value.trim()\n  if (!trimmed) return []\n  try {\n    const parsed = JSON.parse(trimmed)\n    return normalizeAttachmentAssignments(parsed)\n  } catch {\n    return []\n  }\n}\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || (!auth.orgId && !auth.isSuperAdmin)) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  const url = new URL(req.url)\n  const parsedQuery = attachmentQuerySchema.safeParse({\n    entityId: url.searchParams.get('entityId') || '',\n    recordId: url.searchParams.get('recordId') || '',\n    page: url.searchParams.get('page') ?? undefined,\n    pageSize: url.searchParams.get('pageSize') ?? undefined,\n  })\n  if (!parsedQuery.success) {\n    return NextResponse.json({ error: 'entityId and recordId are required' }, { status: 400 })\n  }\n  const { entityId, recordId, page, pageSize } = parsedQuery.data\n\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  const filter: Record<string, unknown> = { entityId, recordId, tenantId: auth.tenantId! }\n  if (auth.orgId) filter.organizationId = auth.orgId\n  const orderBy: Record<string, 'ASC' | 'DESC'> = { createdAt: 'DESC' }\n  const usePaging = typeof page === 'number' && typeof pageSize === 'number'\n  const total = usePaging ? await em.count(Attachment, filter) : null\n  const currentPage = usePaging ? Math.max(1, page) : null\n  const currentPageSize = usePaging ? pageSize : null\n  const totalPages = usePaging && total !== null ? Math.max(1, Math.ceil(total / currentPageSize!)) : null\n  const pageOffset = usePaging ? (Math.min(currentPage!, totalPages!) - 1) * currentPageSize! : undefined\n  const items = await findWithDecryption(\n    em,\n    Attachment,\n    filter,\n    {\n      orderBy,\n      ...(usePaging\n        ? {\n            limit: currentPageSize!,\n            offset: pageOffset,\n          }\n        : {}),\n    },\n    {\n      tenantId: auth.tenantId ?? null,\n      organizationId: auth.orgId ?? null,\n    },\n  )\n  return NextResponse.json({\n    items: items.map((a: any) => {\n      const metadata = readAttachmentMetadata(a.storageMetadata)\n      return {\n        id: a.id,\n        url: a.url,\n        fileName: a.fileName,\n        fileSize: a.fileSize,\n        createdAt: a.createdAt,\n        mimeType: a.mimeType ?? null,\n        partitionCode: a.partitionCode,\n        content: a.content ?? null,\n        thumbnailUrl: buildAttachmentImageUrl(a.id, {\n          width: 320,\n          height: 320,\n          slug: slugifyAttachmentFileName(a.fileName),\n        }),\n        tags: metadata.tags ?? [],\n        assignments: metadata.assignments ?? [],\n      }\n    }),\n    ...(usePaging\n      ? {\n          total,\n          page: Math.min(currentPage!, totalPages!),\n          pageSize: currentPageSize,\n          totalPages,\n        }\n      : {}),\n  })\n}\n\nexport async function POST(req: Request) {\n  const { t } = await resolveTranslations()\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || !auth.orgId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  const tenantId = auth.tenantId\n  const orgId = auth.orgId\n\n  const contentType = req.headers.get('content-type') || ''\n  if (!contentType.toLowerCase().includes('multipart/form-data')) {\n    return NextResponse.json({ error: 'Expected multipart/form-data' }, { status: 400 })\n  }\n  if (!isMultipartRequestWithinUploadLimit(req.headers.get('content-length'))) {\n    return NextResponse.json({ error: 'Attachment exceeds the maximum upload size.' }, { status: 413 })\n  }\n\n  const form = await req.formData()\n  const formPayload = buildFormPayload(form)\n  const customFieldValues = splitCustomFieldPayload(formPayload).custom\n  const entityId = String(form.get('entityId') || '')\n  const recordId = String(form.get('recordId') || '')\n  const fieldKey = String(form.get('fieldKey') || '')\n  const file = form.get('file') as unknown as File | null\n  if (!entityId || !recordId || !file) return NextResponse.json({ error: 'entityId, recordId and file are required' }, { status: 400 })\n  const partitionOverrideRaw = form.get('partitionCode')\n  const partitionOverride =\n    typeof partitionOverrideRaw === 'string' && partitionOverrideRaw.trim().length > 0\n      ? sanitizePartitionCode(partitionOverrideRaw)\n      : null\n  const tags = parseFormTags(form.get('tags'))\n  const assignmentsFromForm = parseFormAssignments(form.get('assignments'))\n\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  const dataEngine = resolve('dataEngine')\n  const storageDriverFactory =\n    (resolve('storageDriverFactory') as StorageDriverFactory | null) ?? new StorageDriverFactory(em)\n  await ensureDefaultPartitions(em)\n  // Optional per-field validations\n  let partitionFromField: string | null = null\n  let fieldMaxAttachmentSizeMb: number | null = null\n  if (fieldKey) {\n    try {\n      const { CustomFieldDef } = await import('@open-mercato/core/modules/entities/data/entities')\n      const def = await em.findOne(CustomFieldDef, {\n        entityId,\n        key: fieldKey,\n        $and: [\n          { $or: [ { tenantId: auth.tenantId }, { tenantId: null } ] },\n        ],\n        isActive: true,\n      })\n      const cfg = (def as any)?.configJson || {}\n      const ext = (file.name || '').split('.').pop()?.toLowerCase() || ''\n      if (Array.isArray(cfg.acceptExtensions) && cfg.acceptExtensions.length) {\n        const allowed = new Set((cfg.acceptExtensions as any[]).map((x: any) => String(x).toLowerCase().replace(/^\\./, '')))\n        if (!allowed.has(ext)) return NextResponse.json({ error: 'File type not allowed' }, { status: 400 })\n      }\n      if (typeof cfg.maxAttachmentSizeMb === 'number' && cfg.maxAttachmentSizeMb > 0) {\n        fieldMaxAttachmentSizeMb = cfg.maxAttachmentSizeMb\n      }\n      if (typeof cfg.partitionCode === 'string' && cfg.partitionCode.trim().length > 0) {\n        partitionFromField = sanitizePartitionCode(cfg.partitionCode)\n      }\n    } catch {}\n  }\n  if (hasDangerousExecutableExtension(file.name)) {\n    return NextResponse.json({\n      error: t('attachments.errors.dangerousExecutable', 'Executable file types are not allowed as attachments.'),\n    }, { status: 400 })\n  }\n  const effectiveMaxBytes = resolveAttachmentMaxBytes(fieldMaxAttachmentSizeMb)\n  if (file.size > effectiveMaxBytes) {\n    return NextResponse.json({\n      error: t('attachments.errors.maxUploadSize', 'Attachment exceeds the maximum upload size.'),\n    }, { status: 413 })\n  }\n  const tenantUsageBytes = await readTenantAttachmentUsageBytes(em, tenantId)\n  if (willExceedAttachmentTenantQuota(tenantUsageBytes, file.size)) {\n    return NextResponse.json({\n      error: t('attachments.errors.quotaExceeded', 'Attachment storage quota exceeded for this tenant.'),\n    }, { status: 413 })\n  }\n  const buf = Buffer.from(await file.arrayBuffer())\n  const safeName = sanitizeUploadedFileName(file.name)\n  const fileMimeType = detectAttachmentMimeType(buf, safeName, (file as any).type)\n  if (isActiveContentAttachment(buf, safeName, fileMimeType)) {\n    return NextResponse.json({ error: t('attachments.errors.activeContentBlocked', 'Active content uploads are not allowed.') }, { status: 400 })\n  }\n  const defaultPartitionCode = resolveDefaultPartitionCode(entityId)\n  const resolvedPartitionCode = partitionOverride ?? partitionFromField ?? defaultPartitionCode\n  const partitionCodeCandidates = Array.from(\n    new Set(\n      [partitionOverride, partitionFromField, resolvedPartitionCode].filter(\n        (code): code is string => typeof code === 'string' && code.length > 0,\n      ),\n    ),\n  )\n  let partition: AttachmentPartition | null = null\n  for (const code of partitionCodeCandidates) {\n    const record = await em.findOne(AttachmentPartition, { code })\n    if (record) {\n      partition = record\n      break\n    }\n  }\n  if (!partition) {\n    partition = await em.findOne(AttachmentPartition, { code: defaultPartitionCode })\n  }\n  if (!partition) {\n    return NextResponse.json({ error: 'Storage partition is not configured.' }, { status: 400 })\n  }\n  const requestedPublicOverride =\n    typeof partitionOverride === 'string' &&\n    partitionOverride.length > 0 &&\n    partition.code === partitionOverride &&\n    partition.isPublic === true &&\n    partition.code !== defaultPartitionCode &&\n    partition.code !== partitionFromField\n  if (requestedPublicOverride) {\n    return NextResponse.json({ error: t('attachments.errors.publicPartitionBlocked', 'Public storage partitions cannot be selected explicitly for this upload.') }, { status: 403 })\n  }\n  const uploadDriver = await storageDriverFactory.resolveForPartition(partition.code, { tenantId, organizationId: orgId })\n  let storedPath: string\n  try {\n    const stored = await uploadDriver.store({\n      partitionCode: partition.code,\n      orgId,\n      tenantId,\n      fileName: safeName,\n      buffer: buf,\n    })\n    storedPath = stored.storagePath\n  } catch (error) {\n    console.error('[attachments] failed to persist file', error)\n    return NextResponse.json({ error: 'Failed to persist attachment.' }, { status: 500 })\n  }\n\n  const requiresOcr =\n    typeof (partition as any).requiresOcr === 'boolean'\n      ? Boolean((partition as any).requiresOcr)\n      : resolveDefaultAttachmentOcrEnabled()\n  let extractedContent: string | null = null\n  const wantsLlmOcr = requiresOcr && shouldUseLlmOcr(fileMimeType, safeName)\n  const ocrService = wantsLlmOcr ? new OcrService() : null\n  const useLlmOcr = Boolean(wantsLlmOcr && ocrService?.available)\n\n  if (requiresOcr && !useLlmOcr) {\n    const { filePath: localPath, cleanup } = await uploadDriver.toLocalPath(partition.code, storedPath)\n    try {\n      extractedContent = await extractAttachmentContent({\n        filePath: localPath,\n        mimeType: fileMimeType,\n      })\n    } catch (error) {\n      console.error('[attachments] failed to extract attachment content', error)\n    } finally {\n      await cleanup().catch(() => {})\n    }\n  }\n\n  let assignments = assignmentsFromForm.slice()\n  if (entityId !== LIBRARY_ENTITY_ID) {\n    assignments = upsertAssignment(assignments, { type: entityId, id: recordId })\n  }\n  const metadata = mergeAttachmentMetadata(null, { assignments, tags })\n  const attachmentId = randomUUID()\n  const att = em.create(Attachment, {\n    id: attachmentId,\n    entityId,\n    recordId,\n    organizationId: auth.orgId!,\n    tenantId: auth.tenantId!,\n    fileName: safeName,\n    mimeType: fileMimeType,\n    fileSize: buf.length,\n    partitionCode: partition.code,\n    storageDriver: partition.storageDriver || 'local',\n    storagePath: storedPath,\n    url: buildAttachmentFileUrl(attachmentId),\n    content: extractedContent,\n    storageMetadata: metadata,\n  })\n  // Persist the attachment row and its custom-field values atomically so a\n  // custom-field failure cannot leave behind a committed orphan attachment.\n  try {\n    await em.transactional(async (tx) => {\n      await tx.persist(att).flush()\n      if (dataEngine) {\n        await setCustomFieldsIfAny({\n          dataEngine,\n          entityId: E.attachments.attachment,\n          recordId: attachmentId,\n          tenantId,\n          organizationId: orgId,\n          values: customFieldValues,\n        })\n      }\n    })\n  } catch (error) {\n    console.error('[attachments] failed to persist attachment with custom attributes', error)\n    return NextResponse.json({ error: 'Failed to save attachment attributes.' }, { status: 500 })\n  }\n\n  if (useLlmOcr) {\n    requestOcrProcessing(em, att, uploadDriver, storedPath).catch((error) => {\n      console.error('[attachments] failed to queue OCR processing', error)\n    })\n  } else if (wantsLlmOcr) {\n    console.warn('[attachments] OCR requested but OPENAI_API_KEY not configured, falling back to text extraction when available')\n  }\n\n  if (dataEngine) {\n    await emitCrudSideEffects({\n      dataEngine,\n      action: 'created',\n      entity: att,\n      identifiers: {\n        id: att.id,\n        organizationId: att.organizationId ?? null,\n        tenantId: att.tenantId ?? null,\n      },\n      events: attachmentCrudEvents,\n      indexer: attachmentCrudIndexer,\n    })\n    await dataEngine.flushOrmEntityChanges()\n  }\n\n  return NextResponse.json({\n    ok: true,\n    item: {\n      id: attachmentId,\n      url: att.url,\n      fileName: safeName,\n      fileSize: buf.length,\n      partitionCode: partition.code,\n      thumbnailUrl: buildAttachmentImageUrl(attachmentId, {\n        width: 320,\n        height: 320,\n        slug: slugifyAttachmentFileName(safeName),\n      }),\n      content: extractedContent ?? null,\n      tags: metadata.tags ?? [],\n      assignments: metadata.assignments ?? [],\n      customFields: Object.keys(customFieldValues).length ? customFieldValues : undefined,\n    },\n  })\n}\n\nasync function readTenantAttachmentUsageBytes(em: EntityManager, tenantId: string): Promise<number> {\n  try {\n    const db = em.getKysely<any>() as any\n    const row = await db\n      .selectFrom('attachments')\n      .select(sql<string>`sum(file_size)`.as('total_size'))\n      .where('tenant_id', '=', tenantId)\n      .executeTakeFirst() as { total_size: string | number | null } | undefined\n    const total = row?.total_size\n    if (typeof total === 'number') return Number.isFinite(total) ? total : 0\n    if (typeof total === 'string') {\n      const parsed = Number(total)\n      return Number.isFinite(parsed) ? parsed : 0\n    }\n    return 0\n  } catch {\n    return 0\n  }\n}\n\nexport async function DELETE(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth || !auth.tenantId || !auth.orgId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  const url = new URL(req.url)\n  const id = url.searchParams.get('id') || ''\n  if (!id) return NextResponse.json({ error: 'Attachment id is required' }, { status: 400 })\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as EntityManager\n  const dataEngine = resolve('dataEngine')\n  const storageDriverFactory =\n    (resolve('storageDriverFactory') as StorageDriverFactory | null) ?? new StorageDriverFactory(em)\n  const deleteFilter: Record<string, unknown> = { id, tenantId: auth.tenantId!, organizationId: auth.orgId }\n  const record = await em.findOne(Attachment, deleteFilter)\n  if (!record) return NextResponse.json({ error: 'Attachment not found' }, { status: 404 })\n  await em.remove(record).flush()\n  await clearAttachmentThumbnailCache(record.partitionCode, record.id).catch((error) => {\n    console.error('[attachments] failed to cleanup cached thumbnails', error)\n  })\n  if (record.storagePath) {\n    const delDriver = await storageDriverFactory.resolveForPartition(record.partitionCode, {\n      tenantId: record.tenantId ?? auth.tenantId!,\n      organizationId: record.organizationId ?? auth.orgId,\n    })\n    await delDriver.delete(record.partitionCode, record.storagePath)\n  }\n  if (dataEngine) {\n    await emitCrudSideEffects({\n      dataEngine,\n      action: 'deleted',\n      entity: record,\n      identifiers: {\n        id: record.id,\n        organizationId: record.organizationId ?? null,\n        tenantId: record.tenantId ?? null,\n      },\n      events: attachmentCrudEvents,\n      indexer: attachmentCrudIndexer,\n    })\n    await dataEngine.flushOrmEntityChanges()\n  }\n  return NextResponse.json({ ok: true })\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Manage entity attachments',\n  description: 'Upload and list attachments associated with module entities and records.',\n  methods: {\n    GET: {\n      summary: 'List attachments for a record',\n      description: 'Returns uploaded attachments for the given entity record, ordered by newest first.',\n      query: attachmentQuerySchema,\n      responses: [\n        { status: 200, description: 'Attachments found for the record', schema: attachmentListResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Missing entity or record identifiers', schema: errorSchema },\n        { status: 401, description: 'Unauthorized', schema: errorSchema },\n      ],\n    },\n    POST: {\n      summary: 'Upload attachment',\n      description: 'Uploads a new attachment using multipart form-data and stores metadata for later retrieval.',\n      requestBody: {\n        contentType: 'multipart/form-data',\n        schema: attachmentUploadBodySchema,\n      },\n      responses: [\n        { status: 200, description: 'Attachment stored successfully', schema: uploadResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Payload validation error', schema: errorSchema },\n        { status: 401, description: 'Unauthorized', schema: errorSchema },\n        { status: 403, description: 'Attachment violates field constraints', schema: errorSchema },\n      ],\n    },\n    DELETE: {\n      summary: 'Delete attachment',\n      description: 'Removes an uploaded attachment and deletes the stored asset.',\n      query: attachmentDeleteQuerySchema,\n      responses: [\n        { status: 200, description: 'Attachment deleted', schema: z.object({ ok: z.literal(true) }) },\n        { status: 404, description: 'Attachment not found', schema: errorSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Missing attachment identifier', schema: errorSchema },\n        { status: 401, description: 'Unauthorized', schema: errorSchema },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC,SAAS,SAAS;AAClB,SAAS,WAAW;AAEpB,SAAS,wBAAwB,yBAAyB,iCAAiC;AAC3F,SAAS,yBAAyB,6BAA6B,6BAA6B;AAC5F,SAAS,YAAY,2BAA2B;AAChD,SAAS,gCAAgC;AACzC,SAAS,4BAA4B;AACrC,SAAS,4BAA4B;AACrC,SAAS,YAAY,uBAAuB;AAC5C,SAAS,qCAAqC;AAC9C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAEK;AACP,SAAS,kBAAkB;AAE3B,SAAS,+BAA+B;AACxC,SAAS,qBAAqB,4BAA4B;AAC1D,SAAS,2BAA2B;AACpC,SAAS,sBAAsB,6BAA6B;AAC5D,SAAS,SAAS;AAClB,SAAS,0CAA0C;AACnD;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,0BAA0B;AAE5B,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,kBAAkB,EAAE;AAAA,EAChE,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,oBAAoB,EAAE;AAAA,EACnE,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,oBAAoB,EAAE;AACvE;AAEA,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,6CAA6C;AAAA,EAClF,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,qCAAqC;AAAA,EAC1E,MAAM,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACxC,UAAU,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AACvD,CAAC;AAED,MAAM,6BAA6B,EAAE,OAAO;AAAA,EAC1C,MAAM,EAAE,OAAO,EAAE,SAAS,4BAA4B;AAAA,EACtD,IAAI,EAAE,OAAO,EAAE,SAAS,8BAA8B;AAAA,EACtD,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,qCAAqC;AAAA,EACrF,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,mCAAmC;AACtF,CAAC;AAED,MAAM,uBAAuB,EAAE,OAAO;AAAA,EACpC,IAAI,EAAE,OAAO,EAAE,SAAS,uBAAuB;AAAA,EAC/C,KAAK,EAAE,OAAO,EAAE,SAAS,iCAAiC;AAAA,EAC1D,UAAU,EAAE,OAAO,EAAE,SAAS,mBAAmB;AAAA,EACjD,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,oBAAoB;AAAA,EACtE,WAAW,EAAE,OAAO,EAAE,SAAS,6BAA6B;AAAA,EAC5D,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,uBAAuB;AAAA,EAC3E,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,uCAAuC;AAAA,EACpF,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,sBAAsB;AAAA,EACpE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS,iCAAiC;AAAA,EAC/E,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,oCAAoC;AAAA,EACvF,aAAa,EAAE,MAAM,0BAA0B,EAAE,SAAS,EAAE,SAAS,wCAAwC;AAC/G,CAAC;AAED,MAAM,+BAA+B,EAAE,OAAO;AAAA,EAC5C,OAAO,EAAE,MAAM,oBAAoB;AAAA,EACnC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS;AAAA,EAC/C,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACvC,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EAC3C,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAC/C,CAAC;AAED,MAAM,6BAA6B,EAAE,OAAO;AAAA,EAC1C,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,sDAAsD;AAAA,EACvF,cAAc,EACX,OAAO,EACP,SAAS,EACT,SAAS,yEAAyE;AACvF,CAAC;AAED,MAAM,8BAA8B,EAAE,OAAO;AAAA,EAC3C,IAAI,EAAE,OAAO,EAAE,KAAK;AACtB,CAAC;AAED,MAAM,uBAAuB,EAAE,OAAO;AAAA,EACpC,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,MAAM,EAAE,OAAO;AAAA,IACb,IAAI,EAAE,OAAO;AAAA,IACb,KAAK,EAAE,OAAO;AAAA,IACd,UAAU,EAAE,OAAO;AAAA,IACnB,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY;AAAA,IACvC,cAAc,EAAE,OAAO,EAAE,SAAS;AAAA,IAClC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACxC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IACnC,aAAa,EAAE,MAAM,0BAA0B,EAAE,SAAS;AAAA,IAC1D,cAAc,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,QAAQ,CAAC,EAAE,SAAS;AAAA,EAC3D,CAAC;AACH,CAAC;AAED,MAAM,cAAc,EAAE,OAAO;AAAA,EAC3B,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,MAAM,oBAAoB;AAE1B,SAAS,uBAAuB,OAA2D;AACzF,MAAI,CAAC,MAAO,QAAO,CAAC;AACpB,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,UAAU,MAAM,KAAK;AAC3B,QAAI,CAAC,QAAS,QAAO,CAAC;AACtB,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,OAAO;AACjC,UAAI,UAAU,OAAO,WAAW,YAAY,CAAC,MAAM,QAAQ,MAAM,GAAG;AAClE,eAAO;AAAA,MACT;AAAA,IACF,QAAQ;AACN,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AACA,MAAI,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ,KAAK,KAAK,EAAE,iBAAiB,OAAO;AAClF,WAAO,EAAE,GAAI,MAAkC;AAAA,EACjD;AACA,SAAO,CAAC;AACV;AAEA,SAAS,iBAAiB,MAAyC;AACjE,QAAM,UAAmC,CAAC;AAC1C,OAAK,QAAQ,CAAC,OAAO,QAAQ;AAC3B,QAAI,QAAQ,gBAAgB;AAC1B,cAAQ,eAAe,uBAAuB,KAAK;AACnD;AAAA,IACF;AACA,YAAQ,GAAG,IAAI;AAAA,EACjB,CAAC;AACD,SAAO;AACT;AAEA,SAAS,cAAc,OAA4C;AACjE,MAAI,CAAC,MAAO,QAAO,CAAC;AACpB,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,UAAU,MAAM,KAAK;AAC3B,QAAI,CAAC,QAAS,QAAO,CAAC;AACtB,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,OAAO;AACjC,aAAO,wBAAwB,MAAM;AAAA,IACvC,QAAQ;AACN,aAAO,wBAAwB,KAAK;AAAA,IACtC;AAAA,EACF;AACA,SAAO,CAAC;AACV;AAEA,SAAS,qBAAqB,OAA0D;AACtF,MAAI,CAAC,MAAO,QAAO,CAAC;AACpB,MAAI,OAAO,UAAU,SAAU,QAAO,CAAC;AACvC,QAAM,UAAU,MAAM,KAAK;AAC3B,MAAI,CAAC,QAAS,QAAO,CAAC;AACtB,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,OAAO;AACjC,WAAO,+BAA+B,MAAM;AAAA,EAC9C,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAEA,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAa,CAAC,KAAK,SAAS,CAAC,KAAK,aAAe,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AACvI,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,cAAc,sBAAsB,UAAU;AAAA,IAClD,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,IAC9C,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,IAC9C,MAAM,IAAI,aAAa,IAAI,MAAM,KAAK;AAAA,IACtC,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,EAChD,CAAC;AACD,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO,aAAa,KAAK,EAAE,OAAO,qCAAqC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AACA,QAAM,EAAE,UAAU,UAAU,MAAM,SAAS,IAAI,YAAY;AAE3D,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,SAAkC,EAAE,UAAU,UAAU,UAAU,KAAK,SAAU;AACvF,MAAI,KAAK,MAAO,QAAO,iBAAiB,KAAK;AAC7C,QAAM,UAA0C,EAAE,WAAW,OAAO;AACpE,QAAM,YAAY,OAAO,SAAS,YAAY,OAAO,aAAa;AAClE,QAAM,QAAQ,YAAY,MAAM,GAAG,MAAM,YAAY,MAAM,IAAI;AAC/D,QAAM,cAAc,YAAY,KAAK,IAAI,GAAG,IAAI,IAAI;AACpD,QAAM,kBAAkB,YAAY,WAAW;AAC/C,QAAM,aAAa,aAAa,UAAU,OAAO,KAAK,IAAI,GAAG,KAAK,KAAK,QAAQ,eAAgB,CAAC,IAAI;AACpG,QAAM,aAAa,aAAa,KAAK,IAAI,aAAc,UAAW,IAAI,KAAK,kBAAmB;AAC9F,QAAM,QAAQ,MAAM;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,MACE;AAAA,MACA,GAAI,YACA;AAAA,QACE,OAAO;AAAA,QACP,QAAQ;AAAA,MACV,IACA,CAAC;AAAA,IACP;AAAA,IACA;AAAA,MACE,UAAU,KAAK,YAAY;AAAA,MAC3B,gBAAgB,KAAK,SAAS;AAAA,IAChC;AAAA,EACF;AACA,SAAO,aAAa,KAAK;AAAA,IACvB,OAAO,MAAM,IAAI,CAAC,MAAW;AAC3B,YAAMA,YAAW,uBAAuB,EAAE,eAAe;AACzD,aAAO;AAAA,QACL,IAAI,EAAE;AAAA,QACN,KAAK,EAAE;AAAA,QACP,UAAU,EAAE;AAAA,QACZ,UAAU,EAAE;AAAA,QACZ,WAAW,EAAE;AAAA,QACb,UAAU,EAAE,YAAY;AAAA,QACxB,eAAe,EAAE;AAAA,QACjB,SAAS,EAAE,WAAW;AAAA,QACtB,cAAc,wBAAwB,EAAE,IAAI;AAAA,UAC1C,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,MAAM,0BAA0B,EAAE,QAAQ;AAAA,QAC5C,CAAC;AAAA,QACD,MAAMA,UAAS,QAAQ,CAAC;AAAA,QACxB,aAAaA,UAAS,eAAe,CAAC;AAAA,MACxC;AAAA,IACF,CAAC;AAAA,IACD,GAAI,YACA;AAAA,MACE;AAAA,MACA,MAAM,KAAK,IAAI,aAAc,UAAW;AAAA,MACxC,UAAU;AAAA,MACV;AAAA,IACF,IACA,CAAC;AAAA,EACP,CAAC;AACH;AAEA,eAAsB,KAAK,KAAc;AACvC,QAAM,EAAE,EAAE,IAAI,MAAM,oBAAoB;AACxC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,KAAK,MAAO,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC/G,QAAM,WAAW,KAAK;AACtB,QAAM,QAAQ,KAAK;AAEnB,QAAM,cAAc,IAAI,QAAQ,IAAI,cAAc,KAAK;AACvD,MAAI,CAAC,YAAY,YAAY,EAAE,SAAS,qBAAqB,GAAG;AAC9D,WAAO,aAAa,KAAK,EAAE,OAAO,+BAA+B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrF;AACA,MAAI,CAAC,oCAAoC,IAAI,QAAQ,IAAI,gBAAgB,CAAC,GAAG;AAC3E,WAAO,aAAa,KAAK,EAAE,OAAO,8CAA8C,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpG;AAEA,QAAM,OAAO,MAAM,IAAI,SAAS;AAChC,QAAM,cAAc,iBAAiB,IAAI;AACzC,QAAM,oBAAoB,wBAAwB,WAAW,EAAE;AAC/D,QAAM,WAAW,OAAO,KAAK,IAAI,UAAU,KAAK,EAAE;AAClD,QAAM,WAAW,OAAO,KAAK,IAAI,UAAU,KAAK,EAAE;AAClD,QAAM,WAAW,OAAO,KAAK,IAAI,UAAU,KAAK,EAAE;AAClD,QAAM,OAAO,KAAK,IAAI,MAAM;AAC5B,MAAI,CAAC,YAAY,CAAC,YAAY,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,2CAA2C,GAAG,EAAE,QAAQ,IAAI,CAAC;AACpI,QAAM,uBAAuB,KAAK,IAAI,eAAe;AACrD,QAAM,oBACJ,OAAO,yBAAyB,YAAY,qBAAqB,KAAK,EAAE,SAAS,IAC7E,sBAAsB,oBAAoB,IAC1C;AACN,QAAM,OAAO,cAAc,KAAK,IAAI,MAAM,CAAC;AAC3C,QAAM,sBAAsB,qBAAqB,KAAK,IAAI,aAAa,CAAC;AAExE,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,aAAa,QAAQ,YAAY;AACvC,QAAM,uBACH,QAAQ,sBAAsB,KAAqC,IAAI,qBAAqB,EAAE;AACjG,QAAM,wBAAwB,EAAE;AAEhC,MAAI,qBAAoC;AACxC,MAAI,2BAA0C;AAC9C,MAAI,UAAU;AACZ,QAAI;AACF,YAAM,EAAE,eAAe,IAAI,MAAM,OAAO,mDAAmD;AAC3F,YAAM,MAAM,MAAM,GAAG,QAAQ,gBAAgB;AAAA,QAC3C;AAAA,QACA,KAAK;AAAA,QACL,MAAM;AAAA,UACJ,EAAE,KAAK,CAAE,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAE,EAAE;AAAA,QAC7D;AAAA,QACA,UAAU;AAAA,MACZ,CAAC;AACD,YAAM,MAAO,KAAa,cAAc,CAAC;AACzC,YAAM,OAAO,KAAK,QAAQ,IAAI,MAAM,GAAG,EAAE,IAAI,GAAG,YAAY,KAAK;AACjE,UAAI,MAAM,QAAQ,IAAI,gBAAgB,KAAK,IAAI,iBAAiB,QAAQ;AACtE,cAAM,UAAU,IAAI,IAAK,IAAI,iBAA2B,IAAI,CAAC,MAAW,OAAO,CAAC,EAAE,YAAY,EAAE,QAAQ,OAAO,EAAE,CAAC,CAAC;AACnH,YAAI,CAAC,QAAQ,IAAI,GAAG,EAAG,QAAO,aAAa,KAAK,EAAE,OAAO,wBAAwB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrG;AACA,UAAI,OAAO,IAAI,wBAAwB,YAAY,IAAI,sBAAsB,GAAG;AAC9E,mCAA2B,IAAI;AAAA,MACjC;AACA,UAAI,OAAO,IAAI,kBAAkB,YAAY,IAAI,cAAc,KAAK,EAAE,SAAS,GAAG;AAChF,6BAAqB,sBAAsB,IAAI,aAAa;AAAA,MAC9D;AAAA,IACF,QAAQ;AAAA,IAAC;AAAA,EACX;AACA,MAAI,gCAAgC,KAAK,IAAI,GAAG;AAC9C,WAAO,aAAa,KAAK;AAAA,MACvB,OAAO,EAAE,0CAA0C,uDAAuD;AAAA,IAC5G,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpB;AACA,QAAM,oBAAoB,0BAA0B,wBAAwB;AAC5E,MAAI,KAAK,OAAO,mBAAmB;AACjC,WAAO,aAAa,KAAK;AAAA,MACvB,OAAO,EAAE,oCAAoC,6CAA6C;AAAA,IAC5F,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpB;AACA,QAAM,mBAAmB,MAAM,+BAA+B,IAAI,QAAQ;AAC1E,MAAI,gCAAgC,kBAAkB,KAAK,IAAI,GAAG;AAChE,WAAO,aAAa,KAAK;AAAA,MACvB,OAAO,EAAE,oCAAoC,oDAAoD;AAAA,IACnG,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpB;AACA,QAAM,MAAM,OAAO,KAAK,MAAM,KAAK,YAAY,CAAC;AAChD,QAAM,WAAW,yBAAyB,KAAK,IAAI;AACnD,QAAM,eAAe,yBAAyB,KAAK,UAAW,KAAa,IAAI;AAC/E,MAAI,0BAA0B,KAAK,UAAU,YAAY,GAAG;AAC1D,WAAO,aAAa,KAAK,EAAE,OAAO,EAAE,2CAA2C,yCAAyC,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC9I;AACA,QAAM,uBAAuB,4BAA4B,QAAQ;AACjE,QAAM,wBAAwB,qBAAqB,sBAAsB;AACzE,QAAM,0BAA0B,MAAM;AAAA,IACpC,IAAI;AAAA,MACF,CAAC,mBAAmB,oBAAoB,qBAAqB,EAAE;AAAA,QAC7D,CAAC,SAAyB,OAAO,SAAS,YAAY,KAAK,SAAS;AAAA,MACtE;AAAA,IACF;AAAA,EACF;AACA,MAAI,YAAwC;AAC5C,aAAW,QAAQ,yBAAyB;AAC1C,UAAM,SAAS,MAAM,GAAG,QAAQ,qBAAqB,EAAE,KAAK,CAAC;AAC7D,QAAI,QAAQ;AACV,kBAAY;AACZ;AAAA,IACF;AAAA,EACF;AACA,MAAI,CAAC,WAAW;AACd,gBAAY,MAAM,GAAG,QAAQ,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAAA,EAClF;AACA,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,OAAO,uCAAuC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AACA,QAAM,0BACJ,OAAO,sBAAsB,YAC7B,kBAAkB,SAAS,KAC3B,UAAU,SAAS,qBACnB,UAAU,aAAa,QACvB,UAAU,SAAS,wBACnB,UAAU,SAAS;AACrB,MAAI,yBAAyB;AAC3B,WAAO,aAAa,KAAK,EAAE,OAAO,EAAE,6CAA6C,0EAA0E,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACjL;AACA,QAAM,eAAe,MAAM,qBAAqB,oBAAoB,UAAU,MAAM,EAAE,UAAU,gBAAgB,MAAM,CAAC;AACvH,MAAI;AACJ,MAAI;AACF,UAAM,SAAS,MAAM,aAAa,MAAM;AAAA,MACtC,eAAe,UAAU;AAAA,MACzB;AAAA,MACA;AAAA,MACA,UAAU;AAAA,MACV,QAAQ;AAAA,IACV,CAAC;AACD,iBAAa,OAAO;AAAA,EACtB,SAAS,OAAO;AACd,YAAQ,MAAM,wCAAwC,KAAK;AAC3D,WAAO,aAAa,KAAK,EAAE,OAAO,gCAAgC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACtF;AAEA,QAAM,cACJ,OAAQ,UAAkB,gBAAgB,YACtC,QAAS,UAAkB,WAAW,IACtC,mCAAmC;AACzC,MAAI,mBAAkC;AACtC,QAAM,cAAc,eAAe,gBAAgB,cAAc,QAAQ;AACzE,QAAM,aAAa,cAAc,IAAI,WAAW,IAAI;AACpD,QAAM,YAAY,QAAQ,eAAe,YAAY,SAAS;AAE9D,MAAI,eAAe,CAAC,WAAW;AAC7B,UAAM,EAAE,UAAU,WAAW,QAAQ,IAAI,MAAM,aAAa,YAAY,UAAU,MAAM,UAAU;AAClG,QAAI;AACF,yBAAmB,MAAM,yBAAyB;AAAA,QAChD,UAAU;AAAA,QACV,UAAU;AAAA,MACZ,CAAC;AAAA,IACH,SAAS,OAAO;AACd,cAAQ,MAAM,sDAAsD,KAAK;AAAA,IAC3E,UAAE;AACA,YAAM,QAAQ,EAAE,MAAM,MAAM;AAAA,MAAC,CAAC;AAAA,IAChC;AAAA,EACF;AAEA,MAAI,cAAc,oBAAoB,MAAM;AAC5C,MAAI,aAAa,mBAAmB;AAClC,kBAAc,iBAAiB,aAAa,EAAE,MAAM,UAAU,IAAI,SAAS,CAAC;AAAA,EAC9E;AACA,QAAMA,YAAW,wBAAwB,MAAM,EAAE,aAAa,KAAK,CAAC;AACpE,QAAM,eAAe,WAAW;AAChC,QAAM,MAAM,GAAG,OAAO,YAAY;AAAA,IAChC,IAAI;AAAA,IACJ;AAAA,IACA;AAAA,IACA,gBAAgB,KAAK;AAAA,IACrB,UAAU,KAAK;AAAA,IACf,UAAU;AAAA,IACV,UAAU;AAAA,IACV,UAAU,IAAI;AAAA,IACd,eAAe,UAAU;AAAA,IACzB,eAAe,UAAU,iBAAiB;AAAA,IAC1C,aAAa;AAAA,IACb,KAAK,uBAAuB,YAAY;AAAA,IACxC,SAAS;AAAA,IACT,iBAAiBA;AAAA,EACnB,CAAC;AAGD,MAAI;AACF,UAAM,GAAG,cAAc,OAAO,OAAO;AACnC,YAAM,GAAG,QAAQ,GAAG,EAAE,MAAM;AAC5B,UAAI,YAAY;AACd,cAAM,qBAAqB;AAAA,UACzB;AAAA,UACA,UAAU,EAAE,YAAY;AAAA,UACxB,UAAU;AAAA,UACV;AAAA,UACA,gBAAgB;AAAA,UAChB,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,YAAQ,MAAM,qEAAqE,KAAK;AACxF,WAAO,aAAa,KAAK,EAAE,OAAO,wCAAwC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC9F;AAEA,MAAI,WAAW;AACb,yBAAqB,IAAI,KAAK,cAAc,UAAU,EAAE,MAAM,CAAC,UAAU;AACvE,cAAQ,MAAM,gDAAgD,KAAK;AAAA,IACrE,CAAC;AAAA,EACH,WAAW,aAAa;AACtB,YAAQ,KAAK,+GAA+G;AAAA,EAC9H;AAEA,MAAI,YAAY;AACd,UAAM,oBAAoB;AAAA,MACxB;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,aAAa;AAAA,QACX,IAAI,IAAI;AAAA,QACR,gBAAgB,IAAI,kBAAkB;AAAA,QACtC,UAAU,IAAI,YAAY;AAAA,MAC5B;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,IACX,CAAC;AACD,UAAM,WAAW,sBAAsB;AAAA,EACzC;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,KAAK,IAAI;AAAA,MACT,UAAU;AAAA,MACV,UAAU,IAAI;AAAA,MACd,eAAe,UAAU;AAAA,MACzB,cAAc,wBAAwB,cAAc;AAAA,QAClD,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,MAAM,0BAA0B,QAAQ;AAAA,MAC1C,CAAC;AAAA,MACD,SAAS,oBAAoB;AAAA,MAC7B,MAAMA,UAAS,QAAQ,CAAC;AAAA,MACxB,aAAaA,UAAS,eAAe,CAAC;AAAA,MACtC,cAAc,OAAO,KAAK,iBAAiB,EAAE,SAAS,oBAAoB;AAAA,IAC5E;AAAA,EACF,CAAC;AACH;AAEA,eAAe,+BAA+B,IAAmB,UAAmC;AAClG,MAAI;AACF,UAAM,KAAK,GAAG,UAAe;AAC7B,UAAM,MAAM,MAAM,GACf,WAAW,aAAa,EACxB,OAAO,oBAA4B,GAAG,YAAY,CAAC,EACnD,MAAM,aAAa,KAAK,QAAQ,EAChC,iBAAiB;AACpB,UAAM,QAAQ,KAAK;AACnB,QAAI,OAAO,UAAU,SAAU,QAAO,OAAO,SAAS,KAAK,IAAI,QAAQ;AACvE,QAAI,OAAO,UAAU,UAAU;AAC7B,YAAM,SAAS,OAAO,KAAK;AAC3B,aAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAAA,IAC5C;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,OAAO,KAAc;AACzC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,KAAK,MAAO,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC/G,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,KAAK,IAAI,aAAa,IAAI,IAAI,KAAK;AACzC,MAAI,CAAC,GAAI,QAAO,aAAa,KAAK,EAAE,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AACzF,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,aAAa,QAAQ,YAAY;AACvC,QAAM,uBACH,QAAQ,sBAAsB,KAAqC,IAAI,qBAAqB,EAAE;AACjG,QAAM,eAAwC,EAAE,IAAI,UAAU,KAAK,UAAW,gBAAgB,KAAK,MAAM;AACzG,QAAM,SAAS,MAAM,GAAG,QAAQ,YAAY,YAAY;AACxD,MAAI,CAAC,OAAQ,QAAO,aAAa,KAAK,EAAE,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AACxF,QAAM,GAAG,OAAO,MAAM,EAAE,MAAM;AAC9B,QAAM,8BAA8B,OAAO,eAAe,OAAO,EAAE,EAAE,MAAM,CAAC,UAAU;AACpF,YAAQ,MAAM,qDAAqD,KAAK;AAAA,EAC1E,CAAC;AACD,MAAI,OAAO,aAAa;AACtB,UAAM,YAAY,MAAM,qBAAqB,oBAAoB,OAAO,eAAe;AAAA,MACrF,UAAU,OAAO,YAAY,KAAK;AAAA,MAClC,gBAAgB,OAAO,kBAAkB,KAAK;AAAA,IAChD,CAAC;AACD,UAAM,UAAU,OAAO,OAAO,eAAe,OAAO,WAAW;AAAA,EACjE;AACA,MAAI,YAAY;AACd,UAAM,oBAAoB;AAAA,MACxB;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,aAAa;AAAA,QACX,IAAI,OAAO;AAAA,QACX,gBAAgB,OAAO,kBAAkB;AAAA,QACzC,UAAU,OAAO,YAAY;AAAA,MAC/B;AAAA,MACA,QAAQ;AAAA,MACR,SAAS;AAAA,IACX,CAAC;AACD,UAAM,WAAW,sBAAsB;AAAA,EACzC;AACA,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,oCAAoC,QAAQ,6BAA6B;AAAA,MACvG;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,YAAY;AAAA,QACxF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,MAClE;AAAA,IACF;AAAA,IACA,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,kCAAkC,QAAQ,qBAAqB;AAAA,MAC7F;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,QAC5E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,QAChE,EAAE,QAAQ,KAAK,aAAa,yCAAyC,QAAQ,YAAY;AAAA,MAC3F;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,sBAAsB,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC,EAAE;AAAA,QAC5F,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,YAAY;AAAA,MAC1E;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,iCAAiC,QAAQ,YAAY;AAAA,QACjF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,MAClE;AAAA,IACF;AAAA,EACF;AACF;",
   "names": ["metadata"]
 }

package/dist/modules/auth/api/roles/acl/route.js CHANGED Viewed

@@ -6,6 +6,7 @@ import { logCrudAccess } from "@open-mercato/shared/lib/crud/factory";
 import { isCrudHttpError } from "@open-mercato/shared/lib/crud/errors";
 import { RoleAcl, Role } from "@open-mercato/core/modules/auth/data/entities";
 import { resolveIsSuperAdmin } from "@open-mercato/core/modules/auth/lib/tenantAccess";
+import { withAtomicFlush } from "@open-mercato/shared/lib/commands/flush";
 import {
   assertActorCanGrantAcl,
   assertActorCanModifySuperAdminRoleTarget,
@@ -175,10 +176,15 @@ async function PUT(req) {
     if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status });
     throw err;
   }
-  acl.organizationsJson = requestedOrganizations;
-  acl.isSuperAdmin = requestedIsSuperAdmin;
-  acl.featuresJson = requestedFeatures;
-  await em.persist(acl).flush();
+  const aclToPersist = acl;
+  await withAtomicFlush(em, [
+    () => {
+      aclToPersist.organizationsJson = requestedOrganizations;
+      aclToPersist.isSuperAdmin = requestedIsSuperAdmin;
+      aclToPersist.featuresJson = requestedFeatures;
+      em.persist(aclToPersist);
+    }
+  ], { transaction: true });
   if (targetTenantId) {
     await rbacService.invalidateTenantCache(targetTenantId);
     try {

package/dist/modules/auth/api/roles/acl/route.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../../src/modules/auth/api/roles/acl/route.ts"],
-  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { logCrudAccess } from '@open-mercato/shared/lib/crud/factory'\nimport { isCrudHttpError } from '@open-mercato/shared/lib/crud/errors'\nimport { RoleAcl, Role } from '@open-mercato/core/modules/auth/data/entities'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { resolveIsSuperAdmin } from '@open-mercato/core/modules/auth/lib/tenantAccess'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport {\n  assertActorCanGrantAcl,\n  assertActorCanModifySuperAdminRoleTarget,\n  normalizeGrantFeatureList,\n} from '@open-mercato/core/modules/auth/lib/grantChecks'\n\ntype TaggableCache = { deleteByTags?: (tags: string[]) => Promise<void> | void }\n\nconst getSchema = z.object({\n  roleId: z.string().uuid(),\n  tenantId: z.string().uuid().optional(),\n})\nconst putSchema = z.object({\n  roleId: z.string().uuid(),\n  isSuperAdmin: z.boolean().optional(),\n  features: z.array(z.string()).optional(),\n  organizations: z.array(z.string()).nullable().optional(),\n  tenantId: z.string().uuid().optional(),\n})\n\nexport const metadata = {\n  GET: { requireAuth: true, requireFeatures: ['auth.acl.manage'] },\n  PUT: { requireAuth: true, requireFeatures: ['auth.acl.manage'] },\n}\n\nconst roleAclResponseSchema = z.object({\n  isSuperAdmin: z.boolean(),\n  features: z.array(z.string()),\n  organizations: z.array(z.string()).nullable(),\n})\n\nconst roleAclUpdateResponseSchema = z.object({\n  ok: z.literal(true),\n  sanitized: z.boolean(),\n})\n\nconst roleAclErrorSchema = z.object({ error: z.string() })\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  const url = new URL(req.url)\n  const parsed = getSchema.safeParse({\n    roleId: url.searchParams.get('roleId'),\n    tenantId: url.searchParams.get('tenantId') || undefined,\n  })\n  if (!parsed.success) return NextResponse.json({ error: 'Invalid input' }, { status: 400 })\n  const container = await createRequestContainer()\n  const isSuperAdmin = await resolveIsSuperAdmin({ auth, container })\n  const em = container.resolve('em') as EntityManager\n  const authTenantId = auth.tenantId ?? null\n  const roleFilter: Record<string, unknown> = { id: parsed.data.roleId }\n  if (!isSuperAdmin && authTenantId) {\n    roleFilter.$or = [{ tenantId: authTenantId }, { tenantId: null }]\n  }\n  const role = await em.findOne(Role, roleFilter)\n  if (!role) return NextResponse.json({ error: 'Not found' }, { status: 404 })\n  const roleTenantId = role?.tenantId ? String(role.tenantId) : null\n\n  let tenantScope = parsed.data.tenantId ?? roleTenantId ?? authTenantId ?? null\n  if (parsed.data.tenantId && parsed.data.tenantId !== tenantScope) {\n    if (isSuperAdmin || parsed.data.tenantId === authTenantId) tenantScope = parsed.data.tenantId\n    else return NextResponse.json({ error: 'Forbidden' }, { status: 403 })\n  }\n  if (!tenantScope && !isSuperAdmin) tenantScope = authTenantId ?? null\n\n  if (!isSuperAdmin && auth.sub) {\n    try {\n      await assertActorCanModifySuperAdminRoleTarget({\n        em,\n        rbacService: container.resolve('rbacService') as RbacService,\n        actorUserId: auth.sub,\n        tenantId: tenantScope,\n        organizationId: auth.orgId ?? null,\n        targetRoleId: parsed.data.roleId,\n        actorIsSuperAdmin: false,\n      })\n    } catch (err) {\n      if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n      throw err\n    }\n  }\n\n  const acl = tenantScope\n    ? await em.findOne(RoleAcl, { role, tenantId: tenantScope })\n    : null\n  const response = acl\n    ? {\n        isSuperAdmin: !!acl.isSuperAdmin,\n        features: Array.isArray(acl.featuresJson) ? acl.featuresJson : [],\n        organizations: Array.isArray(acl.organizationsJson) ? acl.organizationsJson : null,\n      }\n    : { isSuperAdmin: false, features: [], organizations: null }\n\n  await logCrudAccess({\n    container,\n    auth,\n    request: req,\n    items: [{ id: parsed.data.roleId, ...response }],\n    idField: 'id',\n    resourceKind: 'auth.role_acl',\n    organizationId: auth.orgId ?? null,\n    tenantId: tenantScope,\n    query: { roleId: parsed.data.roleId, tenantId: tenantScope },\n    accessType: 'read:item',\n  })\n\n  return NextResponse.json(response)\n}\n\nexport async function PUT(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  const body = await req.json().catch(() => ({}))\n  const parsed = putSchema.safeParse(body)\n  if (!parsed.success) return NextResponse.json({ error: 'Invalid input' }, { status: 400 })\n  const container = await createRequestContainer()\n  const em = container.resolve('em') as EntityManager\n  const isSuperAdmin = await resolveIsSuperAdmin({ auth, container })\n  const rbacService = container.resolve('rbacService') as RbacService\n  const authTenantId = auth.tenantId ?? null\n  const putRoleFilter: Record<string, unknown> = { id: parsed.data.roleId }\n  if (!isSuperAdmin && authTenantId) {\n    putRoleFilter.$or = [{ tenantId: authTenantId }, { tenantId: null }]\n  }\n  const role = await em.findOne(Role, putRoleFilter)\n  if (!role) return NextResponse.json({ error: 'Not found' }, { status: 404 })\n\n  const roleTenantId = role?.tenantId ? String(role.tenantId) : null\n\n  let targetTenantId = parsed.data.tenantId ?? roleTenantId ?? authTenantId ?? null\n  if (parsed.data.tenantId && parsed.data.tenantId !== targetTenantId) {\n    if (isSuperAdmin || parsed.data.tenantId === authTenantId) {\n      targetTenantId = parsed.data.tenantId\n    } else {\n      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })\n    }\n  }\n  if (!targetTenantId && !isSuperAdmin) targetTenantId = authTenantId ?? null\n  if (!targetTenantId) return NextResponse.json({ error: 'Tenant required' }, { status: 400 })\n\n  if (!isSuperAdmin && targetTenantId !== authTenantId) {\n    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })\n  }\n\n  if (!isSuperAdmin && auth.sub) {\n    try {\n      await assertActorCanModifySuperAdminRoleTarget({\n        em,\n        rbacService,\n        actorUserId: auth.sub,\n        tenantId: targetTenantId,\n        organizationId: auth.orgId ?? null,\n        targetRoleId: parsed.data.roleId,\n        actorIsSuperAdmin: false,\n      })\n    } catch (err) {\n      if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n      throw err\n    }\n  }\n\n  let acl = await em.findOne(RoleAcl, { role, tenantId: targetTenantId })\n  if (!acl) {\n    acl = em.create(RoleAcl, {\n      role,\n      tenantId: targetTenantId,\n      createdAt: new Date(),\n      isSuperAdmin: false,\n    })\n  }\n\n  const existingIsSuperAdmin = !!acl.isSuperAdmin\n  const existingFeatures = normalizeGrantFeatureList(acl.featuresJson)\n  const existingOrganizations = normalizeOrganizations(acl.organizationsJson)\n  const requestedIsSuperAdmin = parsed.data.isSuperAdmin ?? existingIsSuperAdmin\n  const requestedFeatures = parsed.data.features === undefined\n    ? existingFeatures\n    : normalizeGrantFeatureList(parsed.data.features)\n  const requestedOrganizations = parsed.data.organizations === undefined\n    ? existingOrganizations\n    : normalizeOrganizations(parsed.data.organizations)\n\n  try {\n    await assertActorCanGrantAcl({\n      em,\n      rbacService,\n      actorUserId: auth.sub,\n      tenantId: targetTenantId,\n      organizationId: auth.orgId ?? null,\n      isSuperAdmin: requestedIsSuperAdmin,\n      features: requestedFeatures,\n      organizations: requestedOrganizations,\n    })\n  } catch (err) {\n    if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n    throw err\n  }\n\n  acl.organizationsJson = requestedOrganizations\n  acl.isSuperAdmin = requestedIsSuperAdmin\n  acl.featuresJson = requestedFeatures\n  await em.persist(acl).flush()\n  \n  // Invalidate cache for all users in this tenant since role ACL changed\n  if (targetTenantId) {\n    await rbacService.invalidateTenantCache(targetTenantId)\n    // Sidebar nav caches depend on RBAC; invalidate tenant scope nav caches\n    try {\n      const cache = container.resolve('cache') as TaggableCache | undefined\n      if (cache?.deleteByTags) await cache.deleteByTags([`rbac:tenant:${targetTenantId}`])\n    } catch {}\n  }\n  \n  return NextResponse.json({\n    ok: true,\n    sanitized: false,\n  })\n}\n\nfunction normalizeOrganizations(organizations: unknown): string[] | null {\n  if (!Array.isArray(organizations)) return null\n  return normalizeGrantFeatureList(organizations)\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Role ACL management',\n  methods: {\n    GET: {\n      summary: 'Fetch role ACL',\n      description: 'Returns the feature and organization assignments associated with a role within the current tenant.',\n      query: getSchema,\n      responses: [\n        { status: 200, description: 'Role ACL entry', schema: roleAclResponseSchema },\n        { status: 400, description: 'Invalid role id', schema: roleAclErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: roleAclErrorSchema },\n        { status: 404, description: 'Role not found', schema: roleAclErrorSchema },\n      ],\n    },\n    PUT: {\n      summary: 'Update role ACL',\n      description: 'Replaces the feature list, super admin flag, and optional organization assignments for a role.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: putSchema,\n      },\n      responses: [\n        { status: 200, description: 'Role ACL updated', schema: roleAclUpdateResponseSchema },\n        { status: 400, description: 'Invalid payload', schema: roleAclErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: roleAclErrorSchema },\n        { status: 403, description: 'Insufficient privileges to modify ACL', schema: roleAclErrorSchema },\n        { status: 404, description: 'Role not found', schema: roleAclErrorSchema },\n      ],\n    },\n  },\n}\n"],
-  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,qBAAqB;AAC9B,SAAS,uBAAuB;AAChC,SAAS,SAAS,YAAY;AAE9B,SAAS,2BAA2B;AAEpC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAIP,MAAM,YAAY,EAAE,OAAO;AAAA,EACzB,QAAQ,EAAE,OAAO,EAAE,KAAK;AAAA,EACxB,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AACvC,CAAC;AACD,MAAM,YAAY,EAAE,OAAO;AAAA,EACzB,QAAQ,EAAE,OAAO,EAAE,KAAK;AAAA,EACxB,cAAc,EAAE,QAAQ,EAAE,SAAS;AAAA,EACnC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACvC,eAAe,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACvD,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AACvC,CAAC;AAEM,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AAAA,EAC/D,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AACjE;AAEA,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,cAAc,EAAE,QAAQ;AAAA,EACxB,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAC5B,eAAe,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAC9C,CAAC;AAED,MAAM,8BAA8B,EAAE,OAAO;AAAA,EAC3C,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,WAAW,EAAE,QAAQ;AACvB,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAEzD,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9E,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,SAAS,UAAU,UAAU;AAAA,IACjC,QAAQ,IAAI,aAAa,IAAI,QAAQ;AAAA,IACrC,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,EAChD,CAAC;AACD,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,OAAO,gBAAgB,GAAG,EAAE,QAAQ,IAAI,CAAC;AACzF,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,eAAe,MAAM,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAClE,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,QAAM,eAAe,KAAK,YAAY;AACtC,QAAM,aAAsC,EAAE,IAAI,OAAO,KAAK,OAAO;AACrE,MAAI,CAAC,gBAAgB,cAAc;AACjC,eAAW,MAAM,CAAC,EAAE,UAAU,aAAa,GAAG,EAAE,UAAU,KAAK,CAAC;AAAA,EAClE;AACA,QAAM,OAAO,MAAM,GAAG,QAAQ,MAAM,UAAU;AAC9C,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC3E,QAAM,eAAe,MAAM,WAAW,OAAO,KAAK,QAAQ,IAAI;AAE9D,MAAI,cAAc,OAAO,KAAK,YAAY,gBAAgB,gBAAgB;AAC1E,MAAI,OAAO,KAAK,YAAY,OAAO,KAAK,aAAa,aAAa;AAChE,QAAI,gBAAgB,OAAO,KAAK,aAAa,aAAc,eAAc,OAAO,KAAK;AAAA,QAChF,QAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACvE;AACA,MAAI,CAAC,eAAe,CAAC,aAAc,eAAc,gBAAgB;AAEjE,MAAI,CAAC,gBAAgB,KAAK,KAAK;AAC7B,QAAI;AACF,YAAM,yCAAyC;AAAA,QAC7C;AAAA,QACA,aAAa,UAAU,QAAQ,aAAa;AAAA,QAC5C,aAAa,KAAK;AAAA,QAClB,UAAU;AAAA,QACV,gBAAgB,KAAK,SAAS;AAAA,QAC9B,cAAc,OAAO,KAAK;AAAA,QAC1B,mBAAmB;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,YAAM;AAAA,IACR;AAAA,EACF;AAEA,QAAM,MAAM,cACR,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,UAAU,YAAY,CAAC,IACzD;AACJ,QAAM,WAAW,MACb;AAAA,IACE,cAAc,CAAC,CAAC,IAAI;AAAA,IACpB,UAAU,MAAM,QAAQ,IAAI,YAAY,IAAI,IAAI,eAAe,CAAC;AAAA,IAChE,eAAe,MAAM,QAAQ,IAAI,iBAAiB,IAAI,IAAI,oBAAoB;AAAA,EAChF,IACA,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK;AAE7D,QAAM,cAAc;AAAA,IAClB;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT,OAAO,CAAC,EAAE,IAAI,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,IAC/C,SAAS;AAAA,IACT,cAAc;AAAA,IACd,gBAAgB,KAAK,SAAS;AAAA,IAC9B,UAAU;AAAA,IACV,OAAO,EAAE,QAAQ,OAAO,KAAK,QAAQ,UAAU,YAAY;AAAA,IAC3D,YAAY;AAAA,EACd,CAAC;AAED,SAAO,aAAa,KAAK,QAAQ;AACnC;AAEA,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9E,QAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AAC9C,QAAM,SAAS,UAAU,UAAU,IAAI;AACvC,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,OAAO,gBAAgB,GAAG,EAAE,QAAQ,IAAI,CAAC;AACzF,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,QAAM,eAAe,MAAM,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAClE,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,eAAe,KAAK,YAAY;AACtC,QAAM,gBAAyC,EAAE,IAAI,OAAO,KAAK,OAAO;AACxE,MAAI,CAAC,gBAAgB,cAAc;AACjC,kBAAc,MAAM,CAAC,EAAE,UAAU,aAAa,GAAG,EAAE,UAAU,KAAK,CAAC;AAAA,EACrE;AACA,QAAM,OAAO,MAAM,GAAG,QAAQ,MAAM,aAAa;AACjD,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE3E,QAAM,eAAe,MAAM,WAAW,OAAO,KAAK,QAAQ,IAAI;AAE9D,MAAI,iBAAiB,OAAO,KAAK,YAAY,gBAAgB,gBAAgB;AAC7E,MAAI,OAAO,KAAK,YAAY,OAAO,KAAK,aAAa,gBAAgB;AACnE,QAAI,gBAAgB,OAAO,KAAK,aAAa,cAAc;AACzD,uBAAiB,OAAO,KAAK;AAAA,IAC/B,OAAO;AACL,aAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAClE;AAAA,EACF;AACA,MAAI,CAAC,kBAAkB,CAAC,aAAc,kBAAiB,gBAAgB;AACvE,MAAI,CAAC,eAAgB,QAAO,aAAa,KAAK,EAAE,OAAO,kBAAkB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE3F,MAAI,CAAC,gBAAgB,mBAAmB,cAAc;AACpD,WAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,MAAI,CAAC,gBAAgB,KAAK,KAAK;AAC7B,QAAI;AACF,YAAM,yCAAyC;AAAA,QAC7C;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA,QAClB,UAAU;AAAA,QACV,gBAAgB,KAAK,SAAS;AAAA,QAC9B,cAAc,OAAO,KAAK;AAAA,QAC1B,mBAAmB;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,YAAM;AAAA,IACR;AAAA,EACF;AAEA,MAAI,MAAM,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,UAAU,eAAe,CAAC;AACtE,MAAI,CAAC,KAAK;AACR,UAAM,GAAG,OAAO,SAAS;AAAA,MACvB;AAAA,MACA,UAAU;AAAA,MACV,WAAW,oBAAI,KAAK;AAAA,MACpB,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AAEA,QAAM,uBAAuB,CAAC,CAAC,IAAI;AACnC,QAAM,mBAAmB,0BAA0B,IAAI,YAAY;AACnE,QAAM,wBAAwB,uBAAuB,IAAI,iBAAiB;AAC1E,QAAM,wBAAwB,OAAO,KAAK,gBAAgB;AAC1D,QAAM,oBAAoB,OAAO,KAAK,aAAa,SAC/C,mBACA,0BAA0B,OAAO,KAAK,QAAQ;AAClD,QAAM,yBAAyB,OAAO,KAAK,kBAAkB,SACzD,wBACA,uBAAuB,OAAO,KAAK,aAAa;AAEpD,MAAI;AACF,UAAM,uBAAuB;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,aAAa,KAAK;AAAA,MAClB,UAAU;AAAA,MACV,gBAAgB,KAAK,SAAS;AAAA,MAC9B,cAAc;AAAA,MACd,UAAU;AAAA,MACV,eAAe;AAAA,IACjB,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,QAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAM;AAAA,EACR;AAEA,MAAI,oBAAoB;AACxB,MAAI,eAAe;AACnB,MAAI,eAAe;AACnB,QAAM,GAAG,QAAQ,GAAG,EAAE,MAAM;AAG5B,MAAI,gBAAgB;AAClB,UAAM,YAAY,sBAAsB,cAAc;AAEtD,QAAI;AACF,YAAM,QAAQ,UAAU,QAAQ,OAAO;AACvC,UAAI,OAAO,aAAc,OAAM,MAAM,aAAa,CAAC,eAAe,cAAc,EAAE,CAAC;AAAA,IACrF,QAAQ;AAAA,IAAC;AAAA,EACX;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,WAAW;AAAA,EACb,CAAC;AACH;AAEA,SAAS,uBAAuB,eAAyC;AACvE,MAAI,CAAC,MAAM,QAAQ,aAAa,EAAG,QAAO;AAC1C,SAAO,0BAA0B,aAAa;AAChD;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,sBAAsB;AAAA,QAC5E,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,mBAAmB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,QACvE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,mBAAmB;AAAA,MAC3E;AAAA,IACF;AAAA,IACA,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,oBAAoB,QAAQ,4BAA4B;AAAA,QACpF,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,mBAAmB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,QACvE,EAAE,QAAQ,KAAK,aAAa,yCAAyC,QAAQ,mBAAmB;AAAA,QAChG,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,mBAAmB;AAAA,MAC3E;AAAA,IACF;AAAA,EACF;AACF;",
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { logCrudAccess } from '@open-mercato/shared/lib/crud/factory'\nimport { isCrudHttpError } from '@open-mercato/shared/lib/crud/errors'\nimport { RoleAcl, Role } from '@open-mercato/core/modules/auth/data/entities'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { resolveIsSuperAdmin } from '@open-mercato/core/modules/auth/lib/tenantAccess'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { withAtomicFlush } from '@open-mercato/shared/lib/commands/flush'\nimport {\n  assertActorCanGrantAcl,\n  assertActorCanModifySuperAdminRoleTarget,\n  normalizeGrantFeatureList,\n} from '@open-mercato/core/modules/auth/lib/grantChecks'\n\ntype TaggableCache = { deleteByTags?: (tags: string[]) => Promise<void> | void }\n\nconst getSchema = z.object({\n  roleId: z.string().uuid(),\n  tenantId: z.string().uuid().optional(),\n})\nconst putSchema = z.object({\n  roleId: z.string().uuid(),\n  isSuperAdmin: z.boolean().optional(),\n  features: z.array(z.string()).optional(),\n  organizations: z.array(z.string()).nullable().optional(),\n  tenantId: z.string().uuid().optional(),\n})\n\nexport const metadata = {\n  GET: { requireAuth: true, requireFeatures: ['auth.acl.manage'] },\n  PUT: { requireAuth: true, requireFeatures: ['auth.acl.manage'] },\n}\n\nconst roleAclResponseSchema = z.object({\n  isSuperAdmin: z.boolean(),\n  features: z.array(z.string()),\n  organizations: z.array(z.string()).nullable(),\n})\n\nconst roleAclUpdateResponseSchema = z.object({\n  ok: z.literal(true),\n  sanitized: z.boolean(),\n})\n\nconst roleAclErrorSchema = z.object({ error: z.string() })\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  const url = new URL(req.url)\n  const parsed = getSchema.safeParse({\n    roleId: url.searchParams.get('roleId'),\n    tenantId: url.searchParams.get('tenantId') || undefined,\n  })\n  if (!parsed.success) return NextResponse.json({ error: 'Invalid input' }, { status: 400 })\n  const container = await createRequestContainer()\n  const isSuperAdmin = await resolveIsSuperAdmin({ auth, container })\n  const em = container.resolve('em') as EntityManager\n  const authTenantId = auth.tenantId ?? null\n  const roleFilter: Record<string, unknown> = { id: parsed.data.roleId }\n  if (!isSuperAdmin && authTenantId) {\n    roleFilter.$or = [{ tenantId: authTenantId }, { tenantId: null }]\n  }\n  const role = await em.findOne(Role, roleFilter)\n  if (!role) return NextResponse.json({ error: 'Not found' }, { status: 404 })\n  const roleTenantId = role?.tenantId ? String(role.tenantId) : null\n\n  let tenantScope = parsed.data.tenantId ?? roleTenantId ?? authTenantId ?? null\n  if (parsed.data.tenantId && parsed.data.tenantId !== tenantScope) {\n    if (isSuperAdmin || parsed.data.tenantId === authTenantId) tenantScope = parsed.data.tenantId\n    else return NextResponse.json({ error: 'Forbidden' }, { status: 403 })\n  }\n  if (!tenantScope && !isSuperAdmin) tenantScope = authTenantId ?? null\n\n  if (!isSuperAdmin && auth.sub) {\n    try {\n      await assertActorCanModifySuperAdminRoleTarget({\n        em,\n        rbacService: container.resolve('rbacService') as RbacService,\n        actorUserId: auth.sub,\n        tenantId: tenantScope,\n        organizationId: auth.orgId ?? null,\n        targetRoleId: parsed.data.roleId,\n        actorIsSuperAdmin: false,\n      })\n    } catch (err) {\n      if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n      throw err\n    }\n  }\n\n  const acl = tenantScope\n    ? await em.findOne(RoleAcl, { role, tenantId: tenantScope })\n    : null\n  const response = acl\n    ? {\n        isSuperAdmin: !!acl.isSuperAdmin,\n        features: Array.isArray(acl.featuresJson) ? acl.featuresJson : [],\n        organizations: Array.isArray(acl.organizationsJson) ? acl.organizationsJson : null,\n      }\n    : { isSuperAdmin: false, features: [], organizations: null }\n\n  await logCrudAccess({\n    container,\n    auth,\n    request: req,\n    items: [{ id: parsed.data.roleId, ...response }],\n    idField: 'id',\n    resourceKind: 'auth.role_acl',\n    organizationId: auth.orgId ?? null,\n    tenantId: tenantScope,\n    query: { roleId: parsed.data.roleId, tenantId: tenantScope },\n    accessType: 'read:item',\n  })\n\n  return NextResponse.json(response)\n}\n\nexport async function PUT(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  const body = await req.json().catch(() => ({}))\n  const parsed = putSchema.safeParse(body)\n  if (!parsed.success) return NextResponse.json({ error: 'Invalid input' }, { status: 400 })\n  const container = await createRequestContainer()\n  const em = container.resolve('em') as EntityManager\n  const isSuperAdmin = await resolveIsSuperAdmin({ auth, container })\n  const rbacService = container.resolve('rbacService') as RbacService\n  const authTenantId = auth.tenantId ?? null\n  const putRoleFilter: Record<string, unknown> = { id: parsed.data.roleId }\n  if (!isSuperAdmin && authTenantId) {\n    putRoleFilter.$or = [{ tenantId: authTenantId }, { tenantId: null }]\n  }\n  const role = await em.findOne(Role, putRoleFilter)\n  if (!role) return NextResponse.json({ error: 'Not found' }, { status: 404 })\n\n  const roleTenantId = role?.tenantId ? String(role.tenantId) : null\n\n  let targetTenantId = parsed.data.tenantId ?? roleTenantId ?? authTenantId ?? null\n  if (parsed.data.tenantId && parsed.data.tenantId !== targetTenantId) {\n    if (isSuperAdmin || parsed.data.tenantId === authTenantId) {\n      targetTenantId = parsed.data.tenantId\n    } else {\n      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })\n    }\n  }\n  if (!targetTenantId && !isSuperAdmin) targetTenantId = authTenantId ?? null\n  if (!targetTenantId) return NextResponse.json({ error: 'Tenant required' }, { status: 400 })\n\n  if (!isSuperAdmin && targetTenantId !== authTenantId) {\n    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })\n  }\n\n  if (!isSuperAdmin && auth.sub) {\n    try {\n      await assertActorCanModifySuperAdminRoleTarget({\n        em,\n        rbacService,\n        actorUserId: auth.sub,\n        tenantId: targetTenantId,\n        organizationId: auth.orgId ?? null,\n        targetRoleId: parsed.data.roleId,\n        actorIsSuperAdmin: false,\n      })\n    } catch (err) {\n      if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n      throw err\n    }\n  }\n\n  let acl = await em.findOne(RoleAcl, { role, tenantId: targetTenantId })\n  if (!acl) {\n    acl = em.create(RoleAcl, {\n      role,\n      tenantId: targetTenantId,\n      createdAt: new Date(),\n      isSuperAdmin: false,\n    })\n  }\n\n  const existingIsSuperAdmin = !!acl.isSuperAdmin\n  const existingFeatures = normalizeGrantFeatureList(acl.featuresJson)\n  const existingOrganizations = normalizeOrganizations(acl.organizationsJson)\n  const requestedIsSuperAdmin = parsed.data.isSuperAdmin ?? existingIsSuperAdmin\n  const requestedFeatures = parsed.data.features === undefined\n    ? existingFeatures\n    : normalizeGrantFeatureList(parsed.data.features)\n  const requestedOrganizations = parsed.data.organizations === undefined\n    ? existingOrganizations\n    : normalizeOrganizations(parsed.data.organizations)\n\n  try {\n    await assertActorCanGrantAcl({\n      em,\n      rbacService,\n      actorUserId: auth.sub,\n      tenantId: targetTenantId,\n      organizationId: auth.orgId ?? null,\n      isSuperAdmin: requestedIsSuperAdmin,\n      features: requestedFeatures,\n      organizations: requestedOrganizations,\n    })\n  } catch (err) {\n    if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n    throw err\n  }\n\n  const aclToPersist = acl\n  await withAtomicFlush(em, [\n    () => {\n      aclToPersist.organizationsJson = requestedOrganizations\n      aclToPersist.isSuperAdmin = requestedIsSuperAdmin\n      aclToPersist.featuresJson = requestedFeatures\n      em.persist(aclToPersist)\n    },\n  ], { transaction: true })\n\n  // Invalidate cache for all users in this tenant since role ACL changed\n  if (targetTenantId) {\n    await rbacService.invalidateTenantCache(targetTenantId)\n    // Sidebar nav caches depend on RBAC; invalidate tenant scope nav caches\n    try {\n      const cache = container.resolve('cache') as TaggableCache | undefined\n      if (cache?.deleteByTags) await cache.deleteByTags([`rbac:tenant:${targetTenantId}`])\n    } catch {}\n  }\n  \n  return NextResponse.json({\n    ok: true,\n    sanitized: false,\n  })\n}\n\nfunction normalizeOrganizations(organizations: unknown): string[] | null {\n  if (!Array.isArray(organizations)) return null\n  return normalizeGrantFeatureList(organizations)\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Role ACL management',\n  methods: {\n    GET: {\n      summary: 'Fetch role ACL',\n      description: 'Returns the feature and organization assignments associated with a role within the current tenant.',\n      query: getSchema,\n      responses: [\n        { status: 200, description: 'Role ACL entry', schema: roleAclResponseSchema },\n        { status: 400, description: 'Invalid role id', schema: roleAclErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: roleAclErrorSchema },\n        { status: 404, description: 'Role not found', schema: roleAclErrorSchema },\n      ],\n    },\n    PUT: {\n      summary: 'Update role ACL',\n      description: 'Replaces the feature list, super admin flag, and optional organization assignments for a role.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: putSchema,\n      },\n      responses: [\n        { status: 200, description: 'Role ACL updated', schema: roleAclUpdateResponseSchema },\n        { status: 400, description: 'Invalid payload', schema: roleAclErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: roleAclErrorSchema },\n        { status: 403, description: 'Insufficient privileges to modify ACL', schema: roleAclErrorSchema },\n        { status: 404, description: 'Role not found', schema: roleAclErrorSchema },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,qBAAqB;AAC9B,SAAS,uBAAuB;AAChC,SAAS,SAAS,YAAY;AAE9B,SAAS,2BAA2B;AAEpC,SAAS,uBAAuB;AAChC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAIP,MAAM,YAAY,EAAE,OAAO;AAAA,EACzB,QAAQ,EAAE,OAAO,EAAE,KAAK;AAAA,EACxB,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AACvC,CAAC;AACD,MAAM,YAAY,EAAE,OAAO;AAAA,EACzB,QAAQ,EAAE,OAAO,EAAE,KAAK;AAAA,EACxB,cAAc,EAAE,QAAQ,EAAE,SAAS;AAAA,EACnC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACvC,eAAe,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACvD,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AACvC,CAAC;AAEM,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AAAA,EAC/D,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AACjE;AAEA,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,cAAc,EAAE,QAAQ;AAAA,EACxB,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAC5B,eAAe,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAC9C,CAAC;AAED,MAAM,8BAA8B,EAAE,OAAO;AAAA,EAC3C,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,WAAW,EAAE,QAAQ;AACvB,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAEzD,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9E,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,SAAS,UAAU,UAAU;AAAA,IACjC,QAAQ,IAAI,aAAa,IAAI,QAAQ;AAAA,IACrC,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,EAChD,CAAC;AACD,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,OAAO,gBAAgB,GAAG,EAAE,QAAQ,IAAI,CAAC;AACzF,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,eAAe,MAAM,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAClE,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,QAAM,eAAe,KAAK,YAAY;AACtC,QAAM,aAAsC,EAAE,IAAI,OAAO,KAAK,OAAO;AACrE,MAAI,CAAC,gBAAgB,cAAc;AACjC,eAAW,MAAM,CAAC,EAAE,UAAU,aAAa,GAAG,EAAE,UAAU,KAAK,CAAC;AAAA,EAClE;AACA,QAAM,OAAO,MAAM,GAAG,QAAQ,MAAM,UAAU;AAC9C,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC3E,QAAM,eAAe,MAAM,WAAW,OAAO,KAAK,QAAQ,IAAI;AAE9D,MAAI,cAAc,OAAO,KAAK,YAAY,gBAAgB,gBAAgB;AAC1E,MAAI,OAAO,KAAK,YAAY,OAAO,KAAK,aAAa,aAAa;AAChE,QAAI,gBAAgB,OAAO,KAAK,aAAa,aAAc,eAAc,OAAO,KAAK;AAAA,QAChF,QAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACvE;AACA,MAAI,CAAC,eAAe,CAAC,aAAc,eAAc,gBAAgB;AAEjE,MAAI,CAAC,gBAAgB,KAAK,KAAK;AAC7B,QAAI;AACF,YAAM,yCAAyC;AAAA,QAC7C;AAAA,QACA,aAAa,UAAU,QAAQ,aAAa;AAAA,QAC5C,aAAa,KAAK;AAAA,QAClB,UAAU;AAAA,QACV,gBAAgB,KAAK,SAAS;AAAA,QAC9B,cAAc,OAAO,KAAK;AAAA,QAC1B,mBAAmB;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,YAAM;AAAA,IACR;AAAA,EACF;AAEA,QAAM,MAAM,cACR,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,UAAU,YAAY,CAAC,IACzD;AACJ,QAAM,WAAW,MACb;AAAA,IACE,cAAc,CAAC,CAAC,IAAI;AAAA,IACpB,UAAU,MAAM,QAAQ,IAAI,YAAY,IAAI,IAAI,eAAe,CAAC;AAAA,IAChE,eAAe,MAAM,QAAQ,IAAI,iBAAiB,IAAI,IAAI,oBAAoB;AAAA,EAChF,IACA,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK;AAE7D,QAAM,cAAc;AAAA,IAClB;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT,OAAO,CAAC,EAAE,IAAI,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,IAC/C,SAAS;AAAA,IACT,cAAc;AAAA,IACd,gBAAgB,KAAK,SAAS;AAAA,IAC9B,UAAU;AAAA,IACV,OAAO,EAAE,QAAQ,OAAO,KAAK,QAAQ,UAAU,YAAY;AAAA,IAC3D,YAAY;AAAA,EACd,CAAC;AAED,SAAO,aAAa,KAAK,QAAQ;AACnC;AAEA,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9E,QAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AAC9C,QAAM,SAAS,UAAU,UAAU,IAAI;AACvC,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,OAAO,gBAAgB,GAAG,EAAE,QAAQ,IAAI,CAAC;AACzF,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,QAAM,eAAe,MAAM,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAClE,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,eAAe,KAAK,YAAY;AACtC,QAAM,gBAAyC,EAAE,IAAI,OAAO,KAAK,OAAO;AACxE,MAAI,CAAC,gBAAgB,cAAc;AACjC,kBAAc,MAAM,CAAC,EAAE,UAAU,aAAa,GAAG,EAAE,UAAU,KAAK,CAAC;AAAA,EACrE;AACA,QAAM,OAAO,MAAM,GAAG,QAAQ,MAAM,aAAa;AACjD,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE3E,QAAM,eAAe,MAAM,WAAW,OAAO,KAAK,QAAQ,IAAI;AAE9D,MAAI,iBAAiB,OAAO,KAAK,YAAY,gBAAgB,gBAAgB;AAC7E,MAAI,OAAO,KAAK,YAAY,OAAO,KAAK,aAAa,gBAAgB;AACnE,QAAI,gBAAgB,OAAO,KAAK,aAAa,cAAc;AACzD,uBAAiB,OAAO,KAAK;AAAA,IAC/B,OAAO;AACL,aAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAClE;AAAA,EACF;AACA,MAAI,CAAC,kBAAkB,CAAC,aAAc,kBAAiB,gBAAgB;AACvE,MAAI,CAAC,eAAgB,QAAO,aAAa,KAAK,EAAE,OAAO,kBAAkB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE3F,MAAI,CAAC,gBAAgB,mBAAmB,cAAc;AACpD,WAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AAEA,MAAI,CAAC,gBAAgB,KAAK,KAAK;AAC7B,QAAI;AACF,YAAM,yCAAyC;AAAA,QAC7C;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA,QAClB,UAAU;AAAA,QACV,gBAAgB,KAAK,SAAS;AAAA,QAC9B,cAAc,OAAO,KAAK;AAAA,QAC1B,mBAAmB;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,YAAM;AAAA,IACR;AAAA,EACF;AAEA,MAAI,MAAM,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,UAAU,eAAe,CAAC;AACtE,MAAI,CAAC,KAAK;AACR,UAAM,GAAG,OAAO,SAAS;AAAA,MACvB;AAAA,MACA,UAAU;AAAA,MACV,WAAW,oBAAI,KAAK;AAAA,MACpB,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AAEA,QAAM,uBAAuB,CAAC,CAAC,IAAI;AACnC,QAAM,mBAAmB,0BAA0B,IAAI,YAAY;AACnE,QAAM,wBAAwB,uBAAuB,IAAI,iBAAiB;AAC1E,QAAM,wBAAwB,OAAO,KAAK,gBAAgB;AAC1D,QAAM,oBAAoB,OAAO,KAAK,aAAa,SAC/C,mBACA,0BAA0B,OAAO,KAAK,QAAQ;AAClD,QAAM,yBAAyB,OAAO,KAAK,kBAAkB,SACzD,wBACA,uBAAuB,OAAO,KAAK,aAAa;AAEpD,MAAI;AACF,UAAM,uBAAuB;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,aAAa,KAAK;AAAA,MAClB,UAAU;AAAA,MACV,gBAAgB,KAAK,SAAS;AAAA,MAC9B,cAAc;AAAA,MACd,UAAU;AAAA,MACV,eAAe;AAAA,IACjB,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,QAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAM;AAAA,EACR;AAEA,QAAM,eAAe;AACrB,QAAM,gBAAgB,IAAI;AAAA,IACxB,MAAM;AACJ,mBAAa,oBAAoB;AACjC,mBAAa,eAAe;AAC5B,mBAAa,eAAe;AAC5B,SAAG,QAAQ,YAAY;AAAA,IACzB;AAAA,EACF,GAAG,EAAE,aAAa,KAAK,CAAC;AAGxB,MAAI,gBAAgB;AAClB,UAAM,YAAY,sBAAsB,cAAc;AAEtD,QAAI;AACF,YAAM,QAAQ,UAAU,QAAQ,OAAO;AACvC,UAAI,OAAO,aAAc,OAAM,MAAM,aAAa,CAAC,eAAe,cAAc,EAAE,CAAC;AAAA,IACrF,QAAQ;AAAA,IAAC;AAAA,EACX;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,WAAW;AAAA,EACb,CAAC;AACH;AAEA,SAAS,uBAAuB,eAAyC;AACvE,MAAI,CAAC,MAAM,QAAQ,aAAa,EAAG,QAAO;AAC1C,SAAO,0BAA0B,aAAa;AAChD;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,sBAAsB;AAAA,QAC5E,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,mBAAmB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,QACvE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,mBAAmB;AAAA,MAC3E;AAAA,IACF;AAAA,IACA,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,oBAAoB,QAAQ,4BAA4B;AAAA,QACpF,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,mBAAmB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,QACvE,EAAE,QAAQ,KAAK,aAAa,yCAAyC,QAAQ,mBAAmB;AAAA,QAChG,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,mBAAmB;AAAA,MAC3E;AAAA,IACF;AAAA,EACF;AACF;",
   "names": []
 }