@pawells/nestjs-auth 1.0.0-dev.3052c75

package/build/admin/client/types/event.types.d.ts

@@ -0,0 +1,176 @@
+/**
+ * Query Parameters for Admin Events
+ *
+ * Filters and pagination options for querying administrative events.
+ */
+export interface AdminEventQuery {
+    /**
+     * Filter by operation types to include
+     */
+    operationTypes?: ('CREATE' | 'UPDATE' | 'DELETE' | 'ACTION')[];
+    /**
+     * Filter by resource types affected
+     */
+    resourceTypes?: string[];
+    /**
+     * Filter by resource path (e.g., 'users/123', 'clients/abc')
+     */
+    resourcePath?: string;
+    /**
+     * Start of date range (inclusive)
+     */
+    dateFrom?: Date;
+    /**
+     * End of date range (inclusive)
+     */
+    dateTo?: Date;
+    /**
+     * Offset for pagination (start index)
+     */
+    first?: number;
+    /**
+     * Maximum number of results to return.
+     * Keycloak caps this at 100; larger values are silently truncated.
+     */
+    max?: number;
+}
+/**
+ * Query Parameters for Access Events
+ *
+ * Filters and pagination options for querying authentication and authorization events.
+ */
+export interface AccessEventQuery {
+    /**
+     * Filter by event types to include (e.g., ['LOGIN', 'LOGOUT', 'LOGIN_ERROR'])
+     */
+    type?: string[];
+    /**
+     * Filter by client ID making the request
+     */
+    client?: string;
+    /**
+     * Filter by user ID involved in the event
+     */
+    user?: string;
+    /**
+     * Start of date range (inclusive)
+     */
+    dateFrom?: Date;
+    /**
+     * End of date range (inclusive)
+     */
+    dateTo?: Date;
+    /**
+     * Offset for pagination (start index)
+     */
+    first?: number;
+    /**
+     * Maximum number of results to return.
+     * Keycloak caps this at 100; larger values are silently truncated.
+     */
+    max?: number;
+}
+/**
+ * Keycloak Admin Event Representation
+ *
+ * Represents a single administrative event (user creation, role assignment, client updates, etc.)
+ * in a Keycloak realm.
+ */
+export interface KeycloakAdminEvent {
+    /**
+     * Event timestamp (milliseconds since epoch)
+     */
+    time: number;
+    /**
+     * ID of the realm where the event occurred
+     */
+    realmId: string;
+    /**
+     * Type of operation: CREATE, UPDATE, DELETE, or ACTION
+     */
+    operationType: 'CREATE' | 'UPDATE' | 'DELETE' | 'ACTION';
+    /**
+     * Type of resource affected (e.g., USER, CLIENT, ROLE, GROUP, etc.)
+     */
+    resourceType: string;
+    /**
+     * Path to the resource (e.g., 'users/user-id' or 'clients/client-id')
+     */
+    resourcePath: string;
+    /**
+     * Double-encoded JSON string containing the full representation of the created or updated resource.
+     * Present only on CREATE and UPDATE operations.
+     *
+     * **Important**: Must be decoded twice:
+     * ```typescript
+     * const decoded = JSON.parse(JSON.parse(event.representation));
+     * ```
+     */
+    representation?: string;
+    /**
+     * Authentication details of who performed the operation
+     */
+    authDetails?: {
+        /**
+         * Realm where the admin authenticated
+         */
+        realmId: string;
+        /**
+         * Client ID of the admin application
+         */
+        clientId: string;
+        /**
+         * User ID of the admin who performed the operation
+         */
+        userId: string;
+        /**
+         * IP address from which the operation was performed
+         */
+        ipAddress: string;
+    };
+}
+/**
+ * Keycloak Access Event Representation
+ *
+ * Represents a single authentication or authorization event (login, logout, permission check, etc.)
+ * in a Keycloak realm.
+ */
+export interface KeycloakAccessEvent {
+    /**
+     * Event timestamp (milliseconds since epoch)
+     */
+    time: number;
+    /**
+     * ID of the realm where the event occurred
+     */
+    realmId: string;
+    /**
+     * Type of event (e.g., LOGIN, LOGOUT, LOGIN_ERROR, CODE_TO_TOKEN, etc.)
+     */
+    type: string;
+    /**
+     * Keycloak session ID, if available
+     */
+    sessionId?: string;
+    /**
+     * Keycloak user ID, if the event is tied to a user
+     */
+    userId?: string;
+    /**
+     * IP address from which the request originated
+     */
+    ipAddress?: string;
+    /**
+     * Client ID making the request
+     */
+    clientId?: string;
+    /**
+     * Additional event-specific details (keys and values depend on event type)
+     */
+    details?: Record<string, string>;
+    /**
+     * Error message, present only if the event represents a failure (e.g., LOGIN_ERROR)
+     */
+    error?: string;
+}
+//# sourceMappingURL=event.types.d.ts.map

package/build/admin/client/types/event.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"event.types.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/types/event.types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC/B;;OAEG;IACH,cAAc,CAAC,EAAE,CAAC,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC,EAAE,CAAC;IAE/D;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,IAAI,CAAC;IAEhB;;OAEG;IACH,MAAM,CAAC,EAAE,IAAI,CAAC;IAEd;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;CACb;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAChC;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAEhB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,QAAQ,CAAC,EAAE,IAAI,CAAC;IAEhB;;OAEG;IACH,MAAM,CAAC,EAAE,IAAI,CAAC;IAEd;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,MAAM,WAAW,kBAAkB;IAClC;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,aAAa,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAEzD;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;;;;;;;OAQG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB;;OAEG;IACH,WAAW,CAAC,EAAE;QACb;;WAEG;QACH,OAAO,EAAE,MAAM,CAAC;QAEhB;;WAEG;QACH,QAAQ,EAAE,MAAM,CAAC;QAEjB;;WAEG;QACH,MAAM,EAAE,MAAM,CAAC;QAEf;;WAEG;QACH,SAAS,EAAE,MAAM,CAAC;KAClB,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IACnC;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;CACf"}

package/build/admin/client/types/event.types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=event.types.js.map

package/build/admin/client/types/event.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"event.types.js","sourceRoot":"","sources":["../../../../src/admin/client/types/event.types.ts"],"names":[],"mappings":""}

package/build/admin/client/types/index.d.ts

@@ -0,0 +1,4 @@
+export * from './config.types.js';
+export * from './keycloak.types.js';
+export * from './event.types.js';
+//# sourceMappingURL=index.d.ts.map

package/build/admin/client/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/types/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,kBAAkB,CAAC"}

package/build/admin/client/types/index.js

@@ -0,0 +1,4 @@
+export * from './config.types.js';
+export * from './keycloak.types.js';
+export * from './event.types.js';
+//# sourceMappingURL=index.js.map

package/build/admin/client/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/admin/client/types/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,kBAAkB,CAAC"}

package/build/admin/client/types/keycloak.types.d.ts

@@ -0,0 +1,169 @@
+/**
+ * Keycloak realm representation
+ */
+export interface RealmRepresentation {
+    id?: string;
+    realm?: string;
+    displayName?: string;
+    enabled?: boolean;
+    sslRequired?: string;
+    registrationAllowed?: boolean;
+    loginWithEmailAllowed?: boolean;
+    duplicateEmailsAllowed?: boolean;
+    resetPasswordAllowed?: boolean;
+    editUsernameAllowed?: boolean;
+    bruteForceProtected?: boolean;
+    [key: string]: unknown;
+}
+/**
+ * Keycloak user representation
+ */
+export interface UserRepresentation {
+    id?: string;
+    username?: string;
+    email?: string;
+    firstName?: string;
+    lastName?: string;
+    enabled?: boolean;
+    emailVerified?: boolean;
+    attributes?: Record<string, string[]>;
+    requiredActions?: string[];
+    credentials?: CredentialRepresentation[];
+    groups?: string[];
+    [key: string]: unknown;
+}
+/**
+ * Keycloak credential representation
+ */
+export interface CredentialRepresentation {
+    type?: string;
+    value?: string;
+    temporary?: boolean;
+    [key: string]: unknown;
+}
+/**
+ * Keycloak client representation
+ */
+export interface ClientRepresentation {
+    id?: string;
+    clientId?: string;
+    name?: string;
+    description?: string;
+    enabled?: boolean;
+    clientAuthenticatorType?: string;
+    secret?: string;
+    publicClient?: boolean;
+    protocol?: string;
+    redirectUris?: string[];
+    webOrigins?: string[];
+    directAccessGrantsEnabled?: boolean;
+    serviceAccountsEnabled?: boolean;
+    standardFlowEnabled?: boolean;
+    implicitFlowEnabled?: boolean;
+    bearerOnly?: boolean;
+    consentRequired?: boolean;
+    attributes?: Record<string, string>;
+    [key: string]: unknown;
+}
+/**
+ * Keycloak role representation
+ */
+export interface RoleRepresentation {
+    id?: string;
+    name?: string;
+    description?: string;
+    composite?: boolean;
+    clientRole?: boolean;
+    containerId?: string;
+    attributes?: Record<string, string[]>;
+    [key: string]: unknown;
+}
+/**
+ * Keycloak group representation
+ */
+export interface GroupRepresentation {
+    id?: string;
+    name?: string;
+    path?: string;
+    attributes?: Record<string, string[]>;
+    realmRoles?: string[];
+    clientRoles?: Record<string, string[]>;
+    subGroups?: GroupRepresentation[];
+    [key: string]: unknown;
+}
+/**
+ * Keycloak identity provider representation
+ */
+export interface IdentityProviderRepresentation {
+    alias?: string;
+    displayName?: string;
+    providerId?: string;
+    enabled?: boolean;
+    trustEmail?: boolean;
+    storeToken?: boolean;
+    addReadTokenRoleOnCreate?: boolean;
+    authenticateByDefault?: boolean;
+    linkOnly?: boolean;
+    firstBrokerLoginFlowAlias?: string;
+    config?: Record<string, string>;
+    [key: string]: unknown;
+}
+/**
+ * Keycloak authentication flow representation
+ */
+export interface AuthenticationFlowRepresentation {
+    id?: string;
+    alias?: string;
+    description?: string;
+    providerId?: string;
+    topLevel?: boolean;
+    builtIn?: boolean;
+    authenticationExecutions?: AuthenticationExecutionInfoRepresentation[];
+    [key: string]: unknown;
+}
+/**
+ * Keycloak authentication execution representation
+ */
+export interface AuthenticationExecutionInfoRepresentation {
+    id?: string;
+    requirement?: string;
+    displayName?: string;
+    alias?: string;
+    description?: string;
+    requirementChoices?: string[];
+    configurable?: boolean;
+    providerId?: string;
+    level?: number;
+    index?: number;
+    [key: string]: unknown;
+}
+/**
+ * Keycloak protocol mapper representation
+ */
+export interface ProtocolMapperRepresentation {
+    id?: string;
+    name?: string;
+    protocol?: string;
+    protocolMapper?: string;
+    consentRequired?: boolean;
+    config?: Record<string, string>;
+    [key: string]: unknown;
+}
+/**
+ * User query parameters
+ */
+export interface UserQuery {
+    briefRepresentation?: boolean;
+    email?: string;
+    emailVerified?: boolean;
+    enabled?: boolean;
+    exact?: boolean;
+    first?: number;
+    firstName?: string;
+    lastName?: string;
+    max?: number;
+    search?: string;
+    username?: string;
+    [key: string]: unknown;
+}
+//# sourceMappingURL=keycloak.types.d.ts.map

package/build/admin/client/types/keycloak.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keycloak.types.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/types/keycloak.types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,mBAAmB;IACnC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,WAAW,CAAC,EAAE,wBAAwB,EAAE,CAAC;IACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACxC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,yBAAyB,CAAC,EAAE,OAAO,CAAC;IACpC,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACtC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IACnC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACtC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACvC,SAAS,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAClC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC9C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAChD,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,wBAAwB,CAAC,EAAE,yCAAyC,EAAE,CAAC;IACvE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,yCAAyC;IACzD,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC5C,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACzB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB"}

package/build/admin/client/types/keycloak.types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=keycloak.types.js.map

package/build/admin/client/types/keycloak.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keycloak.types.js","sourceRoot":"","sources":["../../../../src/admin/client/types/keycloak.types.ts"],"names":[],"mappings":""}

package/build/admin/client/utils/index.d.ts

@@ -0,0 +1,2 @@
+export * from './retry.js';
+//# sourceMappingURL=index.d.ts.map

package/build/admin/client/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC"}

package/build/admin/client/utils/index.js

@@ -0,0 +1,2 @@
+export * from './retry.js';
+//# sourceMappingURL=index.js.map

package/build/admin/client/utils/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/admin/client/utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC"}

package/build/admin/client/utils/retry.d.ts

@@ -0,0 +1,40 @@
+import type { Logger } from '@pawells/logger';
+/**
+ * Retry configuration options
+ */
+export interface RetryConfig {
+    /**
+     * Maximum number of retry attempts
+     * @default 3
+     */
+    maxRetries?: number;
+    /**
+     * Initial delay in milliseconds before first retry
+     * @default 1000
+     */
+    initialDelay?: number;
+    /**
+     * Maximum delay in milliseconds between retries
+     * @default 30000
+     */
+    maxDelay?: number;
+    /**
+     * Backoff multiplier for exponential backoff
+     * @default 2
+     */
+    backoffMultiplier?: number;
+    /**
+     * HTTP status codes that should trigger a retry
+     * @default [408, 429, 500, 502, 503, 504]
+     */
+    retryableStatuses?: number[];
+    /**
+     * Logger instance for retry logging
+     */
+    logger?: Logger;
+}
+/**
+ * Execute a function with retry logic
+ */
+export declare function withRetry<T>(fn: () => Promise<T>, config?: RetryConfig): Promise<T>;
+//# sourceMappingURL=retry.d.ts.map

package/build/admin/client/utils/retry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/utils/retry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAW9C;;GAEG;AACH,MAAM,WAAW,WAAW;IAC3B;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE7B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AA8CD;;GAEG;AACH,wBAAsB,SAAS,CAAC,CAAC,EAChC,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,MAAM,GAAE,WAAgB,GACtB,OAAO,CAAC,CAAC,CAAC,CA0CZ"}

package/build/admin/client/utils/retry.js

@@ -0,0 +1,72 @@
+import { TimeoutError, RateLimitError, NetworkError } from '../errors/index.js';
+const HTTP_STATUS_TIMEOUT = 408;
+const HTTP_STATUS_RATE_LIMIT = 429;
+const HTTP_STATUS_INTERNAL_ERROR = 500;
+const HTTP_STATUS_BAD_GATEWAY = 502;
+const HTTP_STATUS_SERVICE_UNAVAILABLE = 503;
+const HTTP_STATUS_GATEWAY_TIMEOUT = 504;
+const JITTER_FACTOR = 0.2;
+/**
+ * Default retry configuration
+ */
+const DEFAULT_RETRY_CONFIG = {
+    maxRetries: 3,
+    initialDelay: 1000,
+    maxDelay: 30000,
+    backoffMultiplier: 2,
+    retryableStatuses: [HTTP_STATUS_TIMEOUT, HTTP_STATUS_RATE_LIMIT, HTTP_STATUS_INTERNAL_ERROR, HTTP_STATUS_BAD_GATEWAY, HTTP_STATUS_SERVICE_UNAVAILABLE, HTTP_STATUS_GATEWAY_TIMEOUT],
+};
+/**
+ * Determine if an error is retryable
+ */
+function isRetryableError(error, retryableStatuses) {
+    if (error instanceof TimeoutError || error instanceof RateLimitError || error instanceof NetworkError) {
+        return true;
+    }
+    if (error && typeof error === 'object' && 'statusCode' in error) {
+        const { statusCode } = error;
+        return statusCode !== undefined && retryableStatuses.includes(statusCode);
+    }
+    return false;
+}
+/**
+ * Calculate delay with exponential backoff and jitter
+ */
+function calculateDelay(attempt, initialDelay, maxDelay, backoffMultiplier) {
+    const exponentialDelay = initialDelay * Math.pow(backoffMultiplier, attempt);
+    const delayWithCap = Math.min(exponentialDelay, maxDelay);
+    // Add jitter (±20%)
+    const jitter = delayWithCap * JITTER_FACTOR * (Math.random() * 2 - 1);
+    return Math.floor(delayWithCap + jitter);
+}
+/**
+ * Execute a function with retry logic
+ */
+export async function withRetry(fn, config = {}) {
+    const { maxRetries, initialDelay, maxDelay, backoffMultiplier, retryableStatuses, } = { ...DEFAULT_RETRY_CONFIG, ...config };
+    let lastError;
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+        try {
+            return await fn();
+        }
+        catch (error) {
+            lastError = error instanceof Error ? error : new Error(String(error));
+            // Don't retry on last attempt
+            if (attempt === maxRetries) {
+                break;
+            }
+            // Check if error is retryable
+            if (!isRetryableError(error, retryableStatuses)) {
+                throw error;
+            }
+            // Calculate delay and wait
+            const delay = calculateDelay(attempt, initialDelay, maxDelay, backoffMultiplier);
+            if (config.logger) {
+                config.logger.warn(`Retrying after ${delay}ms (attempt ${attempt + 1}/${maxRetries})`, { error: lastError.message });
+            }
+            await new Promise(resolve => setTimeout(resolve, delay));
+        }
+    }
+    throw lastError ?? new Error('Max retries exceeded');
+}
+//# sourceMappingURL=retry.js.map

package/build/admin/client/utils/retry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry.js","sourceRoot":"","sources":["../../../../src/admin/client/utils/retry.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEhF,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAChC,MAAM,sBAAsB,GAAG,GAAG,CAAC;AACnC,MAAM,0BAA0B,GAAG,GAAG,CAAC;AACvC,MAAM,uBAAuB,GAAG,GAAG,CAAC;AACpC,MAAM,+BAA+B,GAAG,GAAG,CAAC;AAC5C,MAAM,2BAA2B,GAAG,GAAG,CAAC;AACxC,MAAM,aAAa,GAAG,GAAG,CAAC;AA0C1B;;GAEG;AACH,MAAM,oBAAoB,GAA0C;IACnE,UAAU,EAAE,CAAC;IACb,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,KAAK;IACf,iBAAiB,EAAE,CAAC;IACpB,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,sBAAsB,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,+BAA+B,EAAE,2BAA2B,CAAC;CACnL,CAAC;AAEF;;GAEG;AACH,SAAS,gBAAgB,CAAC,KAAc,EAAE,iBAA2B;IACpE,IAAI,KAAK,YAAY,YAAY,IAAI,KAAK,YAAY,cAAc,IAAI,KAAK,YAAY,YAAY,EAAE,CAAC;QACvG,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,YAAY,IAAI,KAAK,EAAE,CAAC;QACjE,MAAM,EAAE,UAAU,EAAE,GAAI,KAAiC,CAAC;QAC1D,OAAO,UAAU,KAAK,SAAS,IAAI,iBAAiB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACtB,OAAe,EACf,YAAoB,EACpB,QAAgB,EAChB,iBAAyB;IAEzB,MAAM,gBAAgB,GAAG,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;IAC7E,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;IAE1D,oBAAoB;IACpB,MAAM,MAAM,GAAG,YAAY,GAAG,aAAa,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACtE,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,MAAM,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC9B,EAAoB,EACpB,SAAsB,EAAE;IAExB,MAAM,EACL,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,iBAAiB,EACjB,iBAAiB,GACjB,GAAG,EAAE,GAAG,oBAAoB,EAAE,GAAG,MAAM,EAAE,CAAC;IAE3C,IAAI,SAA4B,CAAC;IAEjC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,IAAI,CAAC;YACJ,OAAO,MAAM,EAAE,EAAE,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,SAAS,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAEtE,8BAA8B;YAC9B,IAAI,OAAO,KAAK,UAAU,EAAE,CAAC;gBAC5B,MAAM;YACP,CAAC;YAED,8BAA8B;YAC9B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,iBAAiB,CAAC,EAAE,CAAC;gBACjD,MAAM,KAAK,CAAC;YACb,CAAC;YAED,2BAA2B;YAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC;YAEjF,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,IAAI,CACjB,kBAAkB,KAAK,eAAe,OAAO,GAAG,CAAC,IAAI,UAAU,GAAG,EAClE,EAAE,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,CAC5B,CAAC;YACH,CAAC;YAED,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;QAC1D,CAAC;IACF,CAAC;IAED,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;AACtD,CAAC"}

package/build/admin/config/keycloak.config.d.ts

@@ -0,0 +1,33 @@
+import type { KeycloakAdminScope } from '../permissions/keycloak-admin.permissions.js';
+export interface KeycloakAdminConfig {
+    enabled: boolean;
+    baseUrl: string;
+    realmName: string;
+    credentials: {
+        type: 'password';
+        username: string;
+        password: string;
+    } | {
+        type: 'clientCredentials';
+        clientId: string;
+        clientSecret: string;
+    };
+    timeout?: number;
+    retry?: {
+        maxRetries: number;
+        initialDelay: number;
+    };
+    /**
+     * Explicit list of permitted operation scopes.
+     *
+     * Defaults to all read-only scopes ({@link KEYCLOAK_DEFAULT_SCOPES}) when omitted.
+     * Write scopes must be explicitly declared.
+     *
+     * @example
+     * ```typescript
+     * permissions: ['users:read', 'users:write', 'federated-identity:read', 'federated-identity:write']
+     * ```
+     */
+    permissions?: KeycloakAdminScope[];
+}
+//# sourceMappingURL=keycloak.config.d.ts.map

package/build/admin/config/keycloak.config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keycloak.config.d.ts","sourceRoot":"","sources":["../../../src/admin/config/keycloak.config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,8CAA8C,CAAC;AAEvF,MAAM,WAAW,mBAAmB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EACR;QACD,IAAI,EAAE,UAAU,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KACjB,GACC;QACD,IAAI,EAAE,mBAAmB,CAAC;QAC1B,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;KACrB,CAAC;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE;QACP,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;KACrB,CAAC;IACF;;;;;;;;;;OAUG;IACH,WAAW,CAAC,EAAE,kBAAkB,EAAE,CAAC;CACnC"}

package/build/admin/config/keycloak.config.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=keycloak.config.js.map

package/build/admin/config/keycloak.config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keycloak.config.js","sourceRoot":"","sources":["../../../src/admin/config/keycloak.config.ts"],"names":[],"mappings":""}

package/build/admin/config/keycloak.defaults.d.ts

@@ -0,0 +1,11 @@
+import type { KeycloakAdminConfig } from './keycloak.config.js';
+/**
+ * SECURITY: Default Keycloak configuration
+ * Credentials are intentionally left empty and MUST be provided via environment variables:
+ * - For password auth: KEYCLOAK_USERNAME and KEYCLOAK_PASSWORD
+ * - For client credentials: KEYCLOAK_CLIENT_ID and KEYCLOAK_CLIENT_SECRET
+ * Do not commit credentials to source code.
+ */
+export declare const KeycloakAdminDefaults: KeycloakAdminConfig;
+export declare function validateKeycloakAdminConfig(config: KeycloakAdminConfig): void;
+//# sourceMappingURL=keycloak.defaults.d.ts.map

package/build/admin/config/keycloak.defaults.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keycloak.defaults.d.ts","sourceRoot":"","sources":["../../../src/admin/config/keycloak.defaults.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAOhE;;;;;;GAMG;AAEH,eAAO,MAAM,qBAAqB,EAAE,mBAcnC,CAAC;AAEF,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,mBAAmB,GAAG,IAAI,CAmC7E"}

package/build/admin/config/keycloak.defaults.js

@@ -0,0 +1,60 @@
+import Joi from 'joi';
+import { KEYCLOAK_ALL_SCOPES } from '../permissions/keycloak-admin.permissions.js';
+// Keycloak timeout constants (in milliseconds)
+const KEYCLOAK_TIMEOUT = 1000;
+const KEYCLOAK_TIMEOUT_30_SECONDS_MULTIPLIER = 30;
+/**
+ * SECURITY: Default Keycloak configuration
+ * Credentials are intentionally left empty and MUST be provided via environment variables:
+ * - For password auth: KEYCLOAK_USERNAME and KEYCLOAK_PASSWORD
+ * - For client credentials: KEYCLOAK_CLIENT_ID and KEYCLOAK_CLIENT_SECRET
+ * Do not commit credentials to source code.
+ */
+export const KeycloakAdminDefaults = {
+    enabled: false,
+    baseUrl: 'http://localhost:8080',
+    realmName: 'master',
+    credentials: {
+        type: 'password',
+        username: '', // Must be set via environment variable
+        password: '', // Must be set via environment variable
+    },
+    timeout: KEYCLOAK_TIMEOUT * KEYCLOAK_TIMEOUT_30_SECONDS_MULTIPLIER, // 30 seconds
+    retry: {
+        maxRetries: 3,
+        initialDelay: KEYCLOAK_TIMEOUT,
+    },
+};
+export function validateKeycloakAdminConfig(config) {
+    const schema = Joi.object({
+        enabled: Joi.boolean().required(),
+        baseUrl: Joi.string()
+            .uri({ scheme: ['http', 'https'] })
+            .required(),
+        realmName: Joi.string().min(1).required(),
+        credentials: Joi.alternatives()
+            .try(Joi.object({
+            type: Joi.string().valid('password').required(),
+            username: Joi.string().required(),
+            password: Joi.string().required(),
+        }), Joi.object({
+            type: Joi.string().valid('clientCredentials').required(),
+            clientId: Joi.string().required(),
+            clientSecret: Joi.string().required(),
+        }))
+            .required(),
+        timeout: Joi.number().min(KEYCLOAK_TIMEOUT).optional(),
+        retry: Joi.object({
+            maxRetries: Joi.number().min(0).required(),
+            initialDelay: Joi.number().min(0).required(),
+        }).optional(),
+        permissions: Joi.array()
+            .items(Joi.string().valid(...KEYCLOAK_ALL_SCOPES))
+            .optional(),
+    });
+    const { error } = schema.validate(config);
+    if (error) {
+        throw new Error(`Keycloak configuration validation failed: ${error.details.map((d) => d.message).join(', ')}`);
+    }
+}
+//# sourceMappingURL=keycloak.defaults.js.map

package/build/admin/config/keycloak.defaults.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keycloak.defaults.js","sourceRoot":"","sources":["../../../src/admin/config/keycloak.defaults.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,KAAK,CAAC;AAEtB,OAAO,EAAE,mBAAmB,EAAE,MAAM,8CAA8C,CAAC;AAEnF,+CAA+C;AAC/C,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAC9B,MAAM,sCAAsC,GAAG,EAAE,CAAC;AAElD;;;;;;GAMG;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAwB;IACzD,OAAO,EAAE,KAAK;IACd,OAAO,EAAE,uBAAuB;IAChC,SAAS,EAAE,QAAQ;IACnB,WAAW,EAAE;QACZ,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,EAAE,EAAE,uCAAuC;QACrD,QAAQ,EAAE,EAAE,EAAE,uCAAuC;KACrD;IACD,OAAO,EAAE,gBAAgB,GAAG,sCAAsC,EAAE,aAAa;IACjF,KAAK,EAAE;QACN,UAAU,EAAE,CAAC;QACb,YAAY,EAAE,gBAAgB;KAC9B;CACD,CAAC;AAEF,MAAM,UAAU,2BAA2B,CAAC,MAA2B;IACtE,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;QACzB,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACjC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE;aACnB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;aAClC,QAAQ,EAAE;QACZ,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;QACzC,WAAW,EAAE,GAAG,CAAC,YAAY,EAAE;aAC7B,GAAG,CACH,GAAG,CAAC,MAAM,CAAC;YACV,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE;YAC/C,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YACjC,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACjC,CAAC,EACF,GAAG,CAAC,MAAM,CAAC;YACV,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,QAAQ,EAAE;YACxD,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YACjC,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACrC,CAAC,CACF;aACA,QAAQ,EAAE;QACZ,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,QAAQ,EAAE;QACtD,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC;YACjB,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;YAC1C,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;SAC5C,CAAC,CAAC,QAAQ,EAAE;QACb,WAAW,EAAE,GAAG,CAAC,KAAK,EAAE;aACtB,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,mBAAmB,CAAC,CAAC;aACjD,QAAQ,EAAE;KACZ,CAAC,CAAC;IAEH,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1C,IAAI,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,6CAA6C,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAChH,CAAC;AACF,CAAC"}