@peac/policy-kit 0.10.8 → 0.10.10

package/dist/compiler.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"compiler.js","sourceRoot":"","sources":["../src/compiler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAoEH,wCAmEC;AAYD,oDA+CC;AAaD,wDAiCC;AAWD,oDA2FC;AAlVD;;;;;;;GAOG;AACU,QAAA,qBAAqB,GAAG,KAAc,CAAC;AA0CpD;;;;;;;;;;;;;GAaG;AACH,SAAgB,cAAc,CAAC,MAAsB,EAAE,UAA0B,EAAE;IACjF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,EAAE,eAAe,GAAG,IAAI,EAAE,WAAW,GAAG,6BAAqB,EAAE,GAAG,OAAO,CAAC;IAEhF,IAAI,eAAe,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,IAAI,IAAI,kBAAkB,EAAE,CAAC,CAAC;QACrE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QAClD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,IAAI,CAAC,YAAY,WAAW,EAAE,CAAC,CAAC;IAEtC,mEAAmE;IACnE,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC;IAC5E,KAAK,CAAC,IAAI,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC;IAC9B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,uFAAuF;IACvF,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACzC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,cAAc,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnD,CAAC;IAED,2BAA2B;IAC3B,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,gBAAgB,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,gEAAgE;IAChE,kEAAkE;IAClE,qEAAqE;IACrE,MAAM,eAAe,GAAG,KAAK,KAAK,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC;IAC1E,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IAC1D,IAAI,aAAa,KAAK,MAAM,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,aAAa,aAAa,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,oDAAoD;IACpD,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,eAAe,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,wDAAwD;IACxD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,cAAc,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,sBAAsB;IACtB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,YAAY,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,mFAAmF;IACnF,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QACzE,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,IAAI,IAAI,kBAAkB,KAAK,MAAM,CAAC,KAAK,CAAC,MAAM,SAAS,CAAC,CAAC;QAC5F,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AACjC,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,MAAsB,EAAE,UAA0B,EAAE;IACvF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,EAAE,eAAe,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAE3C,wDAAwD;IACxD,MAAM,UAAU,GAAG;QACjB,cAAc;QACd,OAAO;QACP,cAAc;QACd,YAAY;QACZ,WAAW;QACX,QAAQ;QACR,iBAAiB;QACjB,oBAAoB;QACpB,sBAAsB;QACtB,eAAe;QACf,cAAc;QACd,WAAW;KACZ,CAAC;IAEF,IAAI,eAAe,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,iCAAiC,MAAM,CAAC,IAAI,IAAI,kBAAkB,EAAE,CAAC,CAAC;QACjF,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,qEAAqE;IACrE,sEAAsE;IACtE,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,OAAO,CAAC;IAE5D,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,eAAe,OAAO,EAAE,CAAC,CAAC;QACrC,IAAI,cAAc,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAC1B,IAAI,eAAe,EAAE,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,sBAAsB,CACpC,MAAsB,EACtB,UAA0B,EAAE;IAE5B,MAAM,SAAS,GAAqB,EAAE,CAAC;IACvC,MAAM,EAAE,WAAW,GAAG,6BAAqB,EAAE,GAAG,OAAO,CAAC;IACxD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC;IAE5E,mFAAmF;IACnF,SAAS,CAAC,IAAI,CAAC;QACb,MAAM,EAAE,aAAa;QACrB,KAAK,EAAE,WAAW,WAAW,WAAW,KAAK,WAAW,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE;QAC7E,WAAW,EAAE,oEAAoE;KAClF,CAAC,CAAC;IAEH,wDAAwD;IACxD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxC,SAAS,CAAC,IAAI,CAAC;YACb,MAAM,EAAE,cAAc;YACtB,KAAK,EAAE,iBAAiB;YACxB,WAAW,EAAE,mEAAmE;SACjF,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,SAAS,CAAC,IAAI,CAAC;QACb,MAAM,EAAE,sBAAsB;QAC9B,KAAK,EAAE,oDAAoD;QAC3D,WAAW,EACT,yIAAyI;KAC5I,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAAC,MAAsB,EAAE,UAA0B,EAAE;IACvF,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,IAAI,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,iCAAiC,MAAM,CAAC,OAAO,GAAG,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,UAAU;IACV,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,2BAA2B,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IAClE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,yBAAyB,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAChE,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACxD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,UAAU;IACV,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,eAAe;IACf,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACvC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,0GAA0G,CAC3G,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IAC9C,KAAK,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IACjE,KAAK,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IAClE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,iFAAiF;IACjF,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;QAC5E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,mBAAmB,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC/C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,KAAK,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,YAAY,GAAa,EAAE,CAAC;gBAClC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;oBACtB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;wBAC5C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;wBAC9B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;oBACtB,YAAY,CAAC,IAAI,CAAC,SAAS,KAAK,EAAE,CAAC,CAAC;gBACtC,CAAC;gBACD,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACxB,YAAY,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACjE,CAAC;gBACD,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;oBACpB,YAAY,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9C,CAAC;gBACD,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5B,KAAK,CAAC,IAAI,CAAC,kBAAkB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC1D,CAAC;YACH,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;gBACtF,KAAK,CAAC,IAAI,CAAC,kBAAkB,QAAQ,EAAE,CAAC,CAAC;YAC3C,CAAC;YACD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC;oBAC9C,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;oBAChC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;gBACxB,KAAK,CAAC,IAAI,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,6HAA6H,CAC9H,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,2BAA2B;AAE3B;;GAEG;AACH,SAAS,eAAe,CAAC,MAAsB;IAC7C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE3C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAChC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBAC7B,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;AACrC,CAAC"}

package/dist/enforce.js

@@ -1,309 +0,0 @@
-"use strict";
-/**
- * Decision Enforcement
- *
- * Helpers for enforcing policy decisions with explicit semantics.
- *
- * The `review` decision means "challenge unless requirement is satisfied".
- * By default, this means a valid receipt is required.
- *
- * @example
- * ```typescript
- * import { evaluate, enforceDecision } from '@peac/policy-kit';
- *
- * const result = evaluate(policy, context);
- * const enforcement = enforceDecision(result.decision, {
- *   receiptVerified: hasValidReceipt,
- * });
- *
- * if (enforcement.allowed) {
- *   // proceed
- * } else {
- *   // return enforcement.statusCode (402 or 403)
- * }
- * ```
- *
- * @packageDocumentation
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.enforceDecision = enforceDecision;
-exports.requiresChallenge = requiresChallenge;
-exports.getChallengeHeader = getChallengeHeader;
-exports.enforceForHttp = enforceForHttp;
-exports.enforcePurposeDecision = enforcePurposeDecision;
-exports.getPurposeDecisionStatusCode = getPurposeDecisionStatusCode;
-/**
- * Enforce a policy decision with explicit semantics.
- *
- * Decision meanings:
- * - `allow`: Access is permitted (200)
- * - `deny`: Access is forbidden (403)
- * - `review`: Challenge unless requirement is satisfied (default: receipt required)
- *
- * The `review` decision is a "soft deny" that becomes "allow" when the
- * requirement (typically a valid receipt) is satisfied.
- *
- * @param decision - The policy decision to enforce
- * @param context - Enforcement context with requirement flags
- * @returns Enforcement result with allowed status and HTTP code
- *
- * @example
- * ```typescript
- * // Allow decision
- * enforceDecision('allow', {});
- * // { allowed: true, statusCode: 200, challenge: false }
- *
- * // Deny decision
- * enforceDecision('deny', {});
- * // { allowed: false, statusCode: 403, challenge: false }
- *
- * // Review without receipt
- * enforceDecision('review', { receiptVerified: false });
- * // { allowed: false, statusCode: 402, challenge: true }
- *
- * // Review with valid receipt
- * enforceDecision('review', { receiptVerified: true });
- * // { allowed: true, statusCode: 200, challenge: false }
- * ```
- */
-function enforceDecision(decision, context = {}) {
-    switch (decision) {
-        case 'allow':
-            return {
-                allowed: true,
-                statusCode: 200,
-                reason: 'Access allowed by policy',
-                challenge: false,
-                decision,
-            };
-        case 'deny':
-            return {
-                allowed: false,
-                statusCode: 403,
-                reason: 'Access denied by policy',
-                challenge: false,
-                decision,
-            };
-        case 'review': {
-            // review = "challenge unless receiptVerified === true"
-            // This is the only requirement in v0.9.23
-            if (context.receiptVerified === true) {
-                return {
-                    allowed: true,
-                    statusCode: 200,
-                    reason: 'Access allowed - receipt verified',
-                    challenge: false,
-                    decision,
-                };
-            }
-            // No valid receipt - return 402 Payment Required with challenge
-            return {
-                allowed: false,
-                statusCode: 402,
-                reason: 'Access requires verification - present valid receipt',
-                challenge: true,
-                decision,
-            };
-        }
-        default: {
-            // Exhaustive check - should never reach here
-            const _exhaustive = decision;
-            return {
-                allowed: false,
-                statusCode: 403,
-                reason: `Unknown decision: ${_exhaustive}`,
-                challenge: false,
-                decision,
-            };
-        }
-    }
-}
-/**
- * Check if an enforcement result requires a challenge response
- *
- * @param result - Enforcement result
- * @returns true if a challenge should be issued
- */
-function requiresChallenge(result) {
-    return result.challenge;
-}
-/**
- * Get the WWW-Authenticate header value for a challenge
- *
- * @param result - Enforcement result requiring challenge
- * @returns WWW-Authenticate header value or undefined if no challenge needed
- *
- * @example
- * ```typescript
- * const result = enforceDecision('review', { receiptVerified: false });
- * const header = getChallengeHeader(result);
- * // 'PEAC realm="receipt", error="receipt_required"'
- * ```
- */
-function getChallengeHeader(result) {
-    if (!result.challenge) {
-        return undefined;
-    }
-    return 'PEAC realm="receipt", error="receipt_required"';
-}
-/**
- * Convenience function to enforce and get HTTP response details
- *
- * @param decision - Policy decision
- * @param context - Enforcement context
- * @returns Object with status code and headers for HTTP response
- *
- * @example
- * ```typescript
- * const { status, headers, allowed } = enforceForHttp('review', {
- *   receiptVerified: false,
- * });
- * // { status: 402, headers: { 'WWW-Authenticate': '...' }, allowed: false }
- * ```
- */
-function enforceForHttp(decision, context = {}) {
-    const result = enforceDecision(decision, context);
-    const headers = {};
-    if (result.challenge) {
-        const challengeHeader = getChallengeHeader(result);
-        if (challengeHeader) {
-            headers['WWW-Authenticate'] = challengeHeader;
-        }
-    }
-    return {
-        status: result.statusCode,
-        headers,
-        allowed: result.allowed,
-        reason: result.reason,
-    };
-}
-/**
- * Enforce a policy decision for purpose-based access control.
- *
- * This function is specifically for purpose enforcement and NEVER returns 402.
- * 402 is reserved for payment/receipt challenges (use `enforceDecision` for that).
- *
- * Status code semantics:
- * - 200: Purpose allowed
- * - 400: Invalid purpose token (grammar violation or explicit "undeclared")
- * - 403: Purpose denied by policy
- *
- * @param decision - The policy decision to enforce
- * @param context - Purpose enforcement context
- * @returns Purpose enforcement result with HTTP status code
- *
- * @example
- * ```typescript
- * import { enforcePurposeDecision } from '@peac/policy-kit';
- *
- * // Valid purpose, allowed
- * enforcePurposeDecision('allow', { purposeValid: true });
- * // { allowed: true, statusCode: 200, decision: 'allow' }
- *
- * // Valid purpose, denied by policy
- * enforcePurposeDecision('deny', { purposeValid: true });
- * // { allowed: false, statusCode: 403, decision: 'deny' }
- *
- * // Invalid purpose token
- * enforcePurposeDecision('allow', { purposeValid: false, invalidTokens: ['train-'] });
- * // { allowed: false, statusCode: 400, reason: 'Invalid purpose token(s): train-' }
- *
- * // Explicit "undeclared" in request (forbidden)
- * enforcePurposeDecision('allow', { purposeValid: true, explicitUndeclared: true });
- * // { allowed: false, statusCode: 400, reason: '"undeclared" is not a valid purpose token' }
- * ```
- */
-function enforcePurposeDecision(decision, context) {
-    // Check for explicit "undeclared" first (always 400)
-    if (context.explicitUndeclared) {
-        return {
-            allowed: false,
-            statusCode: 400,
-            reason: '"undeclared" is not a valid purpose token - it is internal-only',
-            decision,
-        };
-    }
-    // Check for invalid purpose tokens (400)
-    if (!context.purposeValid) {
-        const tokenList = context.invalidTokens?.join(', ') || 'unknown';
-        return {
-            allowed: false,
-            statusCode: 400,
-            reason: `Invalid purpose token(s): ${tokenList}`,
-            decision,
-        };
-    }
-    // Valid purpose - apply policy decision
-    switch (decision) {
-        case 'allow':
-            return {
-                allowed: true,
-                statusCode: 200,
-                reason: 'Purpose allowed by policy',
-                decision,
-            };
-        case 'deny':
-            return {
-                allowed: false,
-                statusCode: 403,
-                reason: 'Purpose denied by policy',
-                decision,
-            };
-        case 'review':
-            // For purpose enforcement, 'review' is treated as 'deny' (403)
-            // 402 is reserved for payment/receipt challenges
-            return {
-                allowed: false,
-                statusCode: 403,
-                reason: 'Purpose requires review - treated as denied for purpose enforcement',
-                decision,
-            };
-        default: {
-            const _exhaustive = decision;
-            return {
-                allowed: false,
-                statusCode: 403,
-                reason: `Unknown decision: ${_exhaustive}`,
-                decision,
-            };
-        }
-    }
-}
-/**
- * Get HTTP status code for a purpose decision (low-level helper).
- *
- * This helper maps policy decisions to HTTP status codes for purpose enforcement.
- * It NEVER returns 402 - that is reserved for payment/receipt challenges.
- *
- * For evaluating purpose with profiles, use getPurposeStatusCode from enforcement-profiles
- * which takes a PurposeEvaluationResult directly.
- *
- * @param decision - Policy decision
- * @param purposeValid - Whether the purpose token(s) passed validation
- * @returns HTTP status code (200, 400, or 403)
- *
- * @example
- * ```typescript
- * getPurposeDecisionStatusCode('allow', true);  // 200
- * getPurposeDecisionStatusCode('deny', true);   // 403
- * getPurposeDecisionStatusCode('review', true); // 403 (NOT 402!)
- * getPurposeDecisionStatusCode('allow', false); // 400 (invalid token)
- * ```
- */
-function getPurposeDecisionStatusCode(decision, purposeValid) {
-    // Invalid purpose always returns 400
-    if (!purposeValid) {
-        return 400;
-    }
-    // Map decision to status code (never 402)
-    switch (decision) {
-        case 'allow':
-            return 200;
-        case 'deny':
-        case 'review':
-            return 403;
-        default:
-            return 403;
-    }
-}
-//# sourceMappingURL=enforce.js.map

package/dist/enforce.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"enforce.js","sourceRoot":"","sources":["../src/enforce.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;AAqFH,0CA0DC;AAQD,8CAEC;AAeD,gDAMC;AAiBD,wCAyBC;AAoGD,wDA+DC;AAuBD,oEAmBC;AAlXD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,SAAgB,eAAe,CAC7B,QAAyB,EACzB,UAA8B,EAAE;IAEhC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,0BAA0B;gBAClC,SAAS,EAAE,KAAK;gBAChB,QAAQ;aACT,CAAC;QAEJ,KAAK,MAAM;YACT,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,yBAAyB;gBACjC,SAAS,EAAE,KAAK;gBAChB,QAAQ;aACT,CAAC;QAEJ,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,uDAAuD;YACvD,0CAA0C;YAC1C,IAAI,OAAO,CAAC,eAAe,KAAK,IAAI,EAAE,CAAC;gBACrC,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,UAAU,EAAE,GAAG;oBACf,MAAM,EAAE,mCAAmC;oBAC3C,SAAS,EAAE,KAAK;oBAChB,QAAQ;iBACT,CAAC;YACJ,CAAC;YAED,gEAAgE;YAChE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,sDAAsD;gBAC9D,SAAS,EAAE,IAAI;gBACf,QAAQ;aACT,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,CAAC,CAAC;YACR,6CAA6C;YAC7C,MAAM,WAAW,GAAU,QAAQ,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,qBAAqB,WAAW,EAAE;gBAC1C,SAAS,EAAE,KAAK;gBAChB,QAAQ;aACT,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,MAAyB;IACzD,OAAO,MAAM,CAAC,SAAS,CAAC;AAC1B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAgB,kBAAkB,CAAC,MAAyB;IAC1D,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,gDAAgD,CAAC;AAC1D,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAgB,cAAc,CAC5B,QAAyB,EACzB,UAA8B,EAAE;IAOhC,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,OAAO,GAA2B,EAAE,CAAC;IAE3C,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,eAAe,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACnD,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,CAAC,kBAAkB,CAAC,GAAG,eAAe,CAAC;QAChD,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,UAAU;QACzB,OAAO;QACP,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC;AACJ,CAAC;AAgED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,SAAgB,sBAAsB,CACpC,QAAyB,EACzB,OAAkC;IAElC,qDAAqD;IACrD,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;QAC/B,OAAO;YACL,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,GAAG;YACf,MAAM,EAAE,iEAAiE;YACzE,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC;QACjE,OAAO;YACL,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,GAAG;YACf,MAAM,EAAE,6BAA6B,SAAS,EAAE;YAChD,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,wCAAwC;IACxC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,2BAA2B;gBACnC,QAAQ;aACT,CAAC;QAEJ,KAAK,MAAM;YACT,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,0BAA0B;gBAClC,QAAQ;aACT,CAAC;QAEJ,KAAK,QAAQ;YACX,+DAA+D;YAC/D,iDAAiD;YACjD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,qEAAqE;gBAC7E,QAAQ;aACT,CAAC;QAEJ,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,WAAW,GAAU,QAAQ,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,qBAAqB,WAAW,EAAE;gBAC1C,QAAQ;aACT,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,4BAA4B,CAC1C,QAAyB,EACzB,YAAqB;IAErB,qCAAqC;IACrC,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,GAAG,CAAC;IACb,CAAC;IAED,0CAA0C;IAC1C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,GAAG,CAAC;QACb,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ;YACX,OAAO,GAAG,CAAC;QACb;YACE,OAAO,GAAG,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/enforcement-profiles.js

@@ -1,293 +0,0 @@
-"use strict";
-/**
- * Enforcement Profiles (v0.9.24+)
- *
- * Pre-defined profiles for handling undeclared and unknown purposes.
- * These are distinct from use-case profiles (api-provider, news-media, etc.).
- *
- * Three canonical profiles:
- * - `strict`: Deny undeclared purposes (regulated data, private APIs)
- * - `balanced`: Review + constraints for undeclared (general web, DEFAULT)
- * - `open`: Allow undeclared purposes with recording (public content, research)
- *
- * @example
- * ```typescript
- * import {
- *   getEnforcementProfile,
- *   evaluateWithProfile,
- *   ENFORCEMENT_PROFILES,
- * } from '@peac/policy-kit';
- *
- * // Get the balanced profile (default)
- * const profile = getEnforcementProfile('balanced');
- *
- * // Evaluate with enforcement profile
- * const result = evaluateWithProfile(policy, context, 'balanced');
- * ```
- *
- * @packageDocumentation
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ENFORCEMENT_PROFILE_IDS = exports.DEFAULT_ENFORCEMENT_PROFILE = exports.ENFORCEMENT_PROFILES = exports.OPEN_PROFILE = exports.BALANCED_PROFILE = exports.STRICT_PROFILE = void 0;
-exports.getEnforcementProfile = getEnforcementProfile;
-exports.isEnforcementProfileId = isEnforcementProfileId;
-exports.getDefaultEnforcementProfile = getDefaultEnforcementProfile;
-exports.evaluatePurpose = evaluatePurpose;
-exports.getPurposeStatusCode = getPurposeStatusCode;
-exports.getRetryAfter = getRetryAfter;
-// -----------------------------------------------------------------------------
-// Canonical Enforcement Profiles
-// -----------------------------------------------------------------------------
-/**
- * Strict enforcement profile.
- *
- * Use for: Regulated data, private APIs, compliance-critical resources.
- * - Undeclared purposes: DENY
- * - Unknown purpose tokens: DENY
- * - Receipts: Required
- */
-exports.STRICT_PROFILE = {
-    id: 'strict',
-    name: 'Strict',
-    description: 'Deny undeclared purposes. Use for regulated data, private APIs, or compliance-critical resources.',
-    undeclared_decision: 'deny',
-    unknown_decision: 'deny',
-    purpose_reason: 'denied',
-    receipts: 'required',
-};
-/**
- * Balanced enforcement profile (DEFAULT).
- *
- * Use for: General web, gradual compliance, typical publisher use case.
- * - Undeclared purposes: REVIEW + constraints
- * - Unknown purpose tokens: REVIEW + preserve
- * - Receipts: Optional (encouraged)
- */
-exports.BALANCED_PROFILE = {
-    id: 'balanced',
-    name: 'Balanced',
-    description: 'Review undeclared purposes with rate limits. Default for general web publishers.',
-    undeclared_decision: 'review',
-    unknown_decision: 'review',
-    purpose_reason: 'undeclared_default',
-    default_constraints: {
-        rate_limit: {
-            window_s: 3600, // 1 hour
-            max: 100,
-            retry_after_s: 60,
-        },
-    },
-    receipts: 'optional',
-};
-/**
- * Open enforcement profile.
- *
- * Use for: Public content, research data, open access resources.
- * - Undeclared purposes: ALLOW (recorded)
- * - Unknown purpose tokens: ALLOW (preserved)
- * - Receipts: Optional (for attribution)
- */
-exports.OPEN_PROFILE = {
-    id: 'open',
-    name: 'Open',
-    description: 'Allow undeclared purposes with recording. Use for public content and research data.',
-    undeclared_decision: 'allow',
-    unknown_decision: 'allow',
-    purpose_reason: 'allowed',
-    receipts: 'optional',
-};
-/**
- * All canonical enforcement profiles indexed by ID.
- */
-exports.ENFORCEMENT_PROFILES = {
-    strict: exports.STRICT_PROFILE,
-    balanced: exports.BALANCED_PROFILE,
-    open: exports.OPEN_PROFILE,
-};
-/**
- * Default enforcement profile ID.
- *
- * `balanced` is the default to encourage adoption while maintaining some protection.
- */
-exports.DEFAULT_ENFORCEMENT_PROFILE = 'balanced';
-/**
- * All enforcement profile IDs.
- */
-exports.ENFORCEMENT_PROFILE_IDS = [
-    'strict',
-    'balanced',
-    'open',
-];
-// -----------------------------------------------------------------------------
-// Profile Lookup Functions
-// -----------------------------------------------------------------------------
-/**
- * Get an enforcement profile by ID.
- *
- * @param id - Profile ID
- * @returns Enforcement profile
- * @throws Error if profile ID is invalid
- *
- * @example
- * ```typescript
- * const profile = getEnforcementProfile('balanced');
- * console.log(profile.undeclared_decision); // 'review'
- * ```
- */
-function getEnforcementProfile(id) {
-    const profile = exports.ENFORCEMENT_PROFILES[id];
-    if (!profile) {
-        throw new Error(`Invalid enforcement profile ID: ${id}`);
-    }
-    return profile;
-}
-/**
- * Check if a string is a valid enforcement profile ID.
- *
- * @param id - String to check
- * @returns true if valid profile ID
- */
-function isEnforcementProfileId(id) {
-    return exports.ENFORCEMENT_PROFILE_IDS.includes(id);
-}
-/**
- * Get the default enforcement profile.
- *
- * @returns The balanced profile (default)
- */
-function getDefaultEnforcementProfile() {
-    return exports.ENFORCEMENT_PROFILES[exports.DEFAULT_ENFORCEMENT_PROFILE];
-}
-/**
- * Canonical purpose tokens that PEAC defines semantics for.
- */
-const CANONICAL_PURPOSES = new Set(['train', 'search', 'user_action', 'inference', 'index']);
-/**
- * Legacy purpose tokens that map to canonical purposes.
- */
-const LEGACY_PURPOSE_MAP = {
-    crawl: 'index',
-    ai_input: 'inference',
-    ai_index: 'index',
-};
-/**
- * Check if a purpose token is canonical.
- */
-function isCanonicalPurpose(token) {
-    return CANONICAL_PURPOSES.has(token);
-}
-/**
- * Check if a purpose token is a known legacy token.
- */
-function isLegacyPurpose(token) {
-    return token in LEGACY_PURPOSE_MAP;
-}
-/**
- * Evaluate declared purposes against an enforcement profile.
- *
- * This determines what decision to make based on the declared purposes
- * and the enforcement profile's rules for undeclared/unknown purposes.
- *
- * @param declaredPurposes - Array of purpose tokens from PEAC-Purpose header
- * @param profileId - Enforcement profile ID (default: 'balanced')
- * @returns Purpose evaluation result
- *
- * @example
- * ```typescript
- * // No purposes declared - uses undeclared_decision from profile
- * const result1 = evaluatePurpose([], 'strict');
- * // { decision: 'deny', purpose_reason: 'denied', ... }
- *
- * // Known purpose declared
- * const result2 = evaluatePurpose(['train'], 'balanced');
- * // { decision: 'allow', purpose_enforced: 'train', ... }
- *
- * // Unknown purpose token
- * const result3 = evaluatePurpose(['vendor:custom'], 'balanced');
- * // { decision: 'review', has_unknown_tokens: true, unknown_tokens: ['vendor:custom'], ... }
- * ```
- */
-function evaluatePurpose(declaredPurposes, profileId = exports.DEFAULT_ENFORCEMENT_PROFILE) {
-    const profile = getEnforcementProfile(profileId);
-    // No purposes declared - apply undeclared handling
-    if (declaredPurposes.length === 0) {
-        return {
-            decision: profile.undeclared_decision,
-            purpose_reason: 'undeclared_default',
-            constraints: profile.undeclared_decision === 'review' ? profile.default_constraints : undefined,
-            purpose_declared: false,
-            has_unknown_tokens: false,
-            unknown_tokens: [],
-            profile_id: profileId,
-        };
-    }
-    // Categorize declared purposes
-    const canonicalTokens = [];
-    const legacyTokens = [];
-    const unknownTokens = [];
-    for (const token of declaredPurposes) {
-        if (isCanonicalPurpose(token)) {
-            canonicalTokens.push(token);
-        }
-        else if (isLegacyPurpose(token)) {
-            legacyTokens.push(token);
-        }
-        else {
-            unknownTokens.push(token);
-        }
-    }
-    // If we have unknown tokens, apply unknown_decision
-    if (unknownTokens.length > 0 && canonicalTokens.length === 0 && legacyTokens.length === 0) {
-        // Only unknown tokens - apply unknown handling
-        return {
-            decision: profile.unknown_decision,
-            purpose_reason: 'unknown_preserved',
-            constraints: profile.unknown_decision === 'review' ? profile.default_constraints : undefined,
-            purpose_declared: true,
-            has_unknown_tokens: true,
-            unknown_tokens: unknownTokens,
-            profile_id: profileId,
-        };
-    }
-    // We have at least some known tokens - allow with the first canonical/legacy purpose
-    const enforcedPurpose = canonicalTokens[0] ?? LEGACY_PURPOSE_MAP[legacyTokens[0]];
-    return {
-        decision: 'allow',
-        purpose_enforced: enforcedPurpose,
-        purpose_reason: unknownTokens.length > 0 ? 'unknown_preserved' : 'allowed',
-        purpose_declared: true,
-        has_unknown_tokens: unknownTokens.length > 0,
-        unknown_tokens: unknownTokens,
-        profile_id: profileId,
-    };
-}
-/**
- * Get the HTTP status code for a purpose evaluation result.
- *
- * NOTE: 402 is RESERVED for payment - purpose decisions never return 402.
- * - allow -> 200
- * - review -> 403 (NOT 402)
- * - deny -> 403
- *
- * @param result - Purpose evaluation result
- * @returns HTTP status code (200 or 403)
- */
-function getPurposeStatusCode(result) {
-    switch (result.decision) {
-        case 'allow':
-            return 200;
-        case 'review':
-        case 'deny':
-            return 403;
-    }
-}
-/**
- * Get the Retry-After header value from constraints.
- *
- * @param constraints - Policy constraints
- * @returns Retry-After seconds or undefined
- */
-function getRetryAfter(constraints) {
-    return constraints?.rate_limit?.retry_after_s;
-}
-//# sourceMappingURL=enforcement-profiles.js.map

package/dist/enforcement-profiles.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"enforcement-profiles.js","sourceRoot":"","sources":["../src/enforcement-profiles.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;;AAsHH,sDAMC;AAQD,wDAEC;AAOD,oEAEC;AAwFD,0CA6DC;AAaD,oDAQC;AAQD,sCAEC;AA1TD,gFAAgF;AAChF,iCAAiC;AACjC,gFAAgF;AAEhF;;;;;;;GAOG;AACU,QAAA,cAAc,GAAuB;IAChD,EAAE,EAAE,QAAQ;IACZ,IAAI,EAAE,QAAQ;IACd,WAAW,EACT,mGAAmG;IACrG,mBAAmB,EAAE,MAAM;IAC3B,gBAAgB,EAAE,MAAM;IACxB,cAAc,EAAE,QAAQ;IACxB,QAAQ,EAAE,UAAU;CACrB,CAAC;AAEF;;;;;;;GAOG;AACU,QAAA,gBAAgB,GAAuB;IAClD,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,kFAAkF;IAC/F,mBAAmB,EAAE,QAAQ;IAC7B,gBAAgB,EAAE,QAAQ;IAC1B,cAAc,EAAE,oBAAoB;IACpC,mBAAmB,EAAE;QACnB,UAAU,EAAE;YACV,QAAQ,EAAE,IAAI,EAAE,SAAS;YACzB,GAAG,EAAE,GAAG;YACR,aAAa,EAAE,EAAE;SAClB;KACF;IACD,QAAQ,EAAE,UAAU;CACrB,CAAC;AAEF;;;;;;;GAOG;AACU,QAAA,YAAY,GAAuB;IAC9C,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,MAAM;IACZ,WAAW,EACT,qFAAqF;IACvF,mBAAmB,EAAE,OAAO;IAC5B,gBAAgB,EAAE,OAAO;IACzB,cAAc,EAAE,SAAS;IACzB,QAAQ,EAAE,UAAU;CACrB,CAAC;AAEF;;GAEG;AACU,QAAA,oBAAoB,GAAqD;IACpF,MAAM,EAAE,sBAAc;IACtB,QAAQ,EAAE,wBAAgB;IAC1B,IAAI,EAAE,oBAAY;CACnB,CAAC;AAEF;;;;GAIG;AACU,QAAA,2BAA2B,GAAyB,UAAU,CAAC;AAE5E;;GAEG;AACU,QAAA,uBAAuB,GAAoC;IACtE,QAAQ;IACR,UAAU;IACV,MAAM;CACP,CAAC;AAEF,gFAAgF;AAChF,2BAA2B;AAC3B,gFAAgF;AAEhF;;;;;;;;;;;;GAYG;AACH,SAAgB,qBAAqB,CAAC,EAAwB;IAC5D,MAAM,OAAO,GAAG,4BAAoB,CAAC,EAAE,CAAC,CAAC;IACzC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mCAAmC,EAAE,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,EAAU;IAC/C,OAAO,+BAAuB,CAAC,QAAQ,CAAC,EAA0B,CAAC,CAAC;AACtE,CAAC;AAED;;;;GAIG;AACH,SAAgB,4BAA4B;IAC1C,OAAO,4BAAoB,CAAC,mCAA2B,CAAC,CAAC;AAC3D,CAAC;AAmCD;;GAEG;AACH,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAE7F;;GAEG;AACH,MAAM,kBAAkB,GAA2B;IACjD,KAAK,EAAE,OAAO;IACd,QAAQ,EAAE,WAAW;IACrB,QAAQ,EAAE,OAAO;CAClB,CAAC;AAEF;;GAEG;AACH,SAAS,kBAAkB,CAAC,KAAa;IACvC,OAAO,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,KAAa;IACpC,OAAO,KAAK,IAAI,kBAAkB,CAAC;AACrC,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,SAAgB,eAAe,CAC7B,gBAA0B,EAC1B,YAAkC,mCAA2B;IAE7D,MAAM,OAAO,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAEjD,mDAAmD;IACnD,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO;YACL,QAAQ,EAAE,OAAO,CAAC,mBAAmB;YACrC,cAAc,EAAE,oBAAoB;YACpC,WAAW,EACT,OAAO,CAAC,mBAAmB,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;YACpF,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,KAAK;YACzB,cAAc,EAAE,EAAE;YAClB,UAAU,EAAE,SAAS;SACtB,CAAC;IACJ,CAAC;IAED,+BAA+B;IAC/B,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACrC,IAAI,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9B,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC;aAAM,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1F,+CAA+C;QAC/C,OAAO;YACL,QAAQ,EAAE,OAAO,CAAC,gBAAgB;YAClC,cAAc,EAAE,mBAAmB;YACnC,WAAW,EAAE,OAAO,CAAC,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;YAC5F,gBAAgB,EAAE,IAAI;YACtB,kBAAkB,EAAE,IAAI;YACxB,cAAc,EAAE,aAAa;YAC7B,UAAU,EAAE,SAAS;SACtB,CAAC;IACJ,CAAC;IAED,qFAAqF;IACrF,MAAM,eAAe,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,kBAAkB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAElF,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,gBAAgB,EAAE,eAAe;QACjC,cAAc,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QAC1E,gBAAgB,EAAE,IAAI;QACtB,kBAAkB,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC;QAC5C,cAAc,EAAE,aAAa;QAC7B,UAAU,EAAE,SAAS;KACtB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,oBAAoB,CAAC,MAA+B;IAClE,QAAQ,MAAM,CAAC,QAAQ,EAAE,CAAC;QACxB,KAAK,OAAO;YACV,OAAO,GAAG,CAAC;QACb,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM;YACT,OAAO,GAAG,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,WAA0C;IACtE,OAAO,WAAW,EAAE,UAAU,EAAE,aAAa,CAAC;AAChD,CAAC"}