@powerhousedao/reactor-api 6.2.0-dev.5 → 6.2.0-dev.50
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{adapter-gateway-apollo-IZuGzFaY.mjs → adapter-gateway-apollo-CxV_hMTv.mjs} +27 -5
- package/dist/adapter-gateway-apollo-CxV_hMTv.mjs.map +1 -0
- package/dist/index.d.mts +135 -270
- package/dist/index.d.mts.map +1 -1
- package/dist/index.mjs +625 -693
- package/dist/index.mjs.map +1 -1
- package/dist/src/packages/https-hooks.d.mts.map +1 -1
- package/dist/src/packages/https-hooks.mjs +14 -4
- package/dist/src/packages/https-hooks.mjs.map +1 -1
- package/dist/src/packages/vite-loader.mjs +3 -3
- package/dist/src/packages/vite-loader.mjs.map +1 -1
- package/dist/{utils-CtC8sjRo.mjs → utils-iibOQ50e.mjs} +216 -50
- package/dist/utils-iibOQ50e.mjs.map +1 -0
- package/package.json +28 -16
- package/dist/adapter-gateway-apollo-IZuGzFaY.mjs.map +0 -1
- package/dist/utils-CtC8sjRo.mjs.map +0 -1
package/package.json
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@powerhousedao/reactor-api",
|
|
3
|
-
"version": "6.2.0-dev.
|
|
4
|
-
"description": "",
|
|
3
|
+
"version": "6.2.0-dev.50",
|
|
4
|
+
"description": "GraphQL API layer for the Powerhouse reactor — auto-generated subgraphs per document model plus the core reactor subgraph for drive and document management.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"repository": {
|
|
7
7
|
"type": "git",
|
|
8
|
-
"url": "https://github.com/powerhouse-inc/powerhouse"
|
|
8
|
+
"url": "https://github.com/powerhouse-inc/powerhouse",
|
|
9
|
+
"directory": "packages/reactor-api"
|
|
9
10
|
},
|
|
10
11
|
"exports": {
|
|
11
12
|
".": {
|
|
@@ -35,7 +36,17 @@
|
|
|
35
36
|
"publishConfig": {
|
|
36
37
|
"access": "public"
|
|
37
38
|
},
|
|
38
|
-
"keywords": [
|
|
39
|
+
"keywords": [
|
|
40
|
+
"powerhouse",
|
|
41
|
+
"vetra",
|
|
42
|
+
"document-model",
|
|
43
|
+
"local-first",
|
|
44
|
+
"event-sourcing",
|
|
45
|
+
"reactor",
|
|
46
|
+
"graphql",
|
|
47
|
+
"subgraph",
|
|
48
|
+
"api"
|
|
49
|
+
],
|
|
39
50
|
"author": "",
|
|
40
51
|
"license": "AGPL-3.0-only",
|
|
41
52
|
"dependencies": {
|
|
@@ -65,18 +76,18 @@
|
|
|
65
76
|
"read-pkg": "10.1.0",
|
|
66
77
|
"ws": "^8.18.3",
|
|
67
78
|
"zod": "4.3.6",
|
|
68
|
-
"@powerhousedao/analytics-engine-
|
|
69
|
-
"@powerhousedao/analytics-engine-
|
|
70
|
-
"@powerhousedao/analytics-engine-pg": "6.2.0-dev.
|
|
71
|
-
"@powerhousedao/config": "6.2.0-dev.
|
|
72
|
-
"@powerhousedao/pglite-fs": "6.2.0-dev.
|
|
73
|
-
"@powerhousedao/reactor": "6.2.0-dev.
|
|
74
|
-
"@powerhousedao/reactor-
|
|
75
|
-
"@powerhousedao/reactor-
|
|
76
|
-
"@powerhousedao/
|
|
77
|
-
"@powerhousedao/
|
|
78
|
-
"document-model": "6.2.0-dev.
|
|
79
|
-
"@renown/sdk": "6.2.0-dev.
|
|
79
|
+
"@powerhousedao/analytics-engine-core": "6.2.0-dev.50",
|
|
80
|
+
"@powerhousedao/analytics-engine-graphql": "6.2.0-dev.50",
|
|
81
|
+
"@powerhousedao/analytics-engine-pg": "6.2.0-dev.50",
|
|
82
|
+
"@powerhousedao/config": "6.2.0-dev.50",
|
|
83
|
+
"@powerhousedao/pglite-fs": "6.2.0-dev.50",
|
|
84
|
+
"@powerhousedao/reactor": "6.2.0-dev.50",
|
|
85
|
+
"@powerhousedao/reactor-drive": "6.2.0-dev.50",
|
|
86
|
+
"@powerhousedao/reactor-attachments": "6.2.0-dev.50",
|
|
87
|
+
"@powerhousedao/reactor-mcp": "6.2.0-dev.50",
|
|
88
|
+
"@powerhousedao/shared": "6.2.0-dev.50",
|
|
89
|
+
"document-model": "6.2.0-dev.50",
|
|
90
|
+
"@renown/sdk": "6.2.0-dev.50"
|
|
80
91
|
},
|
|
81
92
|
"devDependencies": {
|
|
82
93
|
"@fastify/cors": "^11.0.1",
|
|
@@ -136,6 +147,7 @@
|
|
|
136
147
|
"optional": true
|
|
137
148
|
}
|
|
138
149
|
},
|
|
150
|
+
"homepage": "https://academy.vetra.io",
|
|
139
151
|
"scripts": {
|
|
140
152
|
"tsc": "tsc",
|
|
141
153
|
"build": "tsdown",
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"adapter-gateway-apollo-IZuGzFaY.mjs","sources":["../src/graphql/gateway/adapter-gateway-apollo.ts"],"sourcesContent":["import type {\n GetDataSourceFunction,\n GraphQLDataSourceProcessOptions,\n ServiceDefinition,\n SubgraphHealthCheckFunction,\n SupergraphSdlUpdateFunction,\n} from \"@apollo/gateway\";\nimport {\n ApolloGateway,\n LocalCompose,\n RemoteGraphQLDataSource,\n} from \"@apollo/gateway\";\nimport { ApolloServer, HeaderMap } from \"@apollo/server\";\nimport { ApolloServerPluginInlineTraceDisabled } from \"@apollo/server/plugin/disabled\";\nimport { ApolloServerPluginDrainHttpServer } from \"@apollo/server/plugin/drainHttpServer\";\nimport { ApolloServerPluginLandingPageLocalDefault } from \"@apollo/server/plugin/landingPage/default\";\nimport type { ILogger } from \"document-model\";\nimport type { GraphQLSchema } from \"graphql\";\nimport type http from \"node:http\";\nimport type { WebSocketServer } from \"ws\";\nimport type { Context } from \"../types.js\";\nimport { useServer } from \"../websocket.js\";\nimport type {\n FetchHandler,\n GatewayContextFactory,\n IGatewayAdapter,\n SubgraphDefinition,\n WsContextFactory,\n WsDisposer,\n} from \"./types.js\";\n\n// Forwards the incoming authorization header to federated subgraph requests.\nclass AuthenticatedDataSource extends RemoteGraphQLDataSource {\n willSendRequest(options: GraphQLDataSourceProcessOptions) {\n const { authorization } = options.context.headers as {\n authorization: string;\n };\n if (authorization && options?.request.http) {\n options.request.http.headers.set(\"authorization\", authorization);\n }\n }\n}\n\nexport class ApolloGatewayAdapter implements IGatewayAdapter<Context> {\n readonly #logger: ILogger;\n readonly #servers: ApolloServer<Context>[] = [];\n\n #supergraphServer: ApolloServer<Context> | null = null;\n #gatewayOptions: {\n update: SupergraphSdlUpdateFunction;\n healthCheck: SubgraphHealthCheckFunction;\n getDataSource: GetDataSourceFunction;\n } | null = null;\n #getSubgraphs: (() => SubgraphDefinition[]) | null = null;\n\n constructor(logger: ILogger) {\n this.#logger = logger;\n }\n\n async start(_httpServer: http.Server): Promise<void> {\n // Per-subgraph Apollo servers start lazily in createHandler.\n // Nothing to do here.\n }\n\n async createHandler(\n schema: GraphQLSchema,\n contextFactory: GatewayContextFactory<Context>,\n ): Promise<FetchHandler> {\n const server = new ApolloServer<Context>({\n schema,\n logger: this.#logger,\n introspection: true,\n // Each ApolloServer otherwise registers its own SIGINT/SIGTERM handler\n // that re-emits the signal via process.kill after server.stop() resolves.\n // With many subgraph servers that re-emit lands while the reactor's\n // graceful-shutdown chain is mid-flight, looking like a \"second SIGINT\"\n // to the reactor and aborting cleanup. The reactor drives our shutdown\n // end-to-end (see ReactorBuilder.attachSignalHandlers), so opt out.\n stopOnTerminationSignals: false,\n plugins: [\n ApolloServerPluginInlineTraceDisabled(),\n ApolloServerPluginLandingPageLocalDefault(),\n ],\n });\n await server.start();\n this.#servers.push(server);\n return createApolloFetchHandler(server, contextFactory);\n }\n\n async createSupergraphHandler(\n getSubgraphs: () => SubgraphDefinition[],\n httpServer: http.Server,\n contextFactory: GatewayContextFactory<Context>,\n ): Promise<FetchHandler> {\n if (this.#supergraphServer) {\n throw new Error(\"Supergraph server is already running\");\n }\n\n this.#getSubgraphs = getSubgraphs;\n\n const gateway = new ApolloGateway({\n supergraphSdl: async (options) => {\n this.#gatewayOptions = options;\n return await this.#buildSupergraphSdl();\n },\n buildService: (serviceConfig) =>\n new AuthenticatedDataSource(serviceConfig),\n });\n\n this.#supergraphServer = new ApolloServer<Context>({\n gateway,\n logger: this.#logger,\n introspection: true,\n stopOnTerminationSignals: false,\n plugins: [\n ApolloServerPluginDrainHttpServer({ httpServer }),\n ApolloServerPluginInlineTraceDisabled(),\n ApolloServerPluginLandingPageLocalDefault(),\n ],\n });\n\n await this.#supergraphServer.start();\n return createApolloFetchHandler(this.#supergraphServer, contextFactory);\n }\n\n async updateSupergraph(): Promise<void> {\n if (!this.#gatewayOptions || !this.#getSubgraphs) {\n // Not yet initialized - no-op.\n return;\n }\n const { supergraphSdl } = await this.#buildSupergraphSdl();\n this.#gatewayOptions.update(supergraphSdl);\n }\n\n async #buildSupergraphSdl() {\n if (!this.#gatewayOptions || !this.#getSubgraphs) {\n throw new Error(\"Gateway is not ready\");\n }\n const serviceList: ServiceDefinition[] = this.#getSubgraphs().map((s) => ({\n name: s.name,\n typeDefs: s.typeDefs,\n url: s.url,\n }));\n const localCompose = new LocalCompose({ localServiceList: serviceList });\n return localCompose.initialize(this.#gatewayOptions);\n }\n\n attachWebSocket(\n wsServer: WebSocketServer,\n schema: GraphQLSchema,\n contextFactory: WsContextFactory<Context>,\n ): WsDisposer {\n return useServer(\n {\n schema,\n context: async (ctx: {\n connectionParams?: Record<string, unknown>;\n }) => {\n const connectionParams = (ctx.connectionParams ?? {}) as Record<\n string,\n unknown\n >;\n return contextFactory(connectionParams);\n },\n },\n wsServer,\n );\n }\n\n async stop(): Promise<void> {\n await Promise.all(this.#servers.map((s) => s.stop()));\n this.#servers.length = 0;\n\n if (this.#supergraphServer) {\n await this.#supergraphServer.stop();\n this.#supergraphServer = null;\n }\n this.#gatewayOptions = null;\n this.#getSubgraphs = null;\n }\n}\n\n/**\n * Wrap an existing ApolloServer as a Fetch API handler.\n * Does not manage server lifecycle; caller is responsible for start/stop.\n */\nexport function createApolloFetchHandler(\n server: ApolloServer<Context>,\n contextFactory: GatewayContextFactory<Context>,\n): FetchHandler {\n return async (request: Request): Promise<Response> => {\n const url = new URL(request.url);\n const headers = new HeaderMap();\n request.headers.forEach((value, key) => headers.set(key, value));\n\n let body: unknown = undefined;\n if (request.method !== \"GET\" && request.method !== \"HEAD\") {\n try {\n body = (await request.json()) as unknown;\n } catch {\n // body may be empty for some requests\n }\n }\n\n const result = await server.executeHTTPGraphQLRequest({\n httpGraphQLRequest: {\n method: request.method.toUpperCase(),\n headers,\n search: url.search,\n body,\n },\n context: () => contextFactory(request),\n });\n\n const responseHeaders = new Headers();\n for (const [key, value] of result.headers) {\n responseHeaders.set(key, value);\n }\n\n let responseBody: string;\n if (result.body.kind === \"complete\") {\n responseBody = result.body.string;\n } else {\n const chunks: string[] = [];\n for await (const chunk of result.body.asyncIterator) {\n chunks.push(chunk);\n }\n responseBody = chunks.join(\"\");\n }\n\n return new Response(responseBody, {\n status: result.status ?? 200,\n headers: responseHeaders,\n });\n };\n}\n"],"names":["#logger","#servers","#supergraphServer","#getSubgraphs","#gatewayOptions","#buildSupergraphSdl"],"mappings":";;;;;;;;;AAgCA,IAAM,0BAAN,cAAsC,wBAAwB;CAC5D,gBAAgB,SAA0C;EACxD,MAAM,EAAE,kBAAkB,QAAQ,QAAQ;AAG1C,MAAI,iBAAiB,SAAS,QAAQ,KACpC,SAAQ,QAAQ,KAAK,QAAQ,IAAI,iBAAiB,cAAc;;;AAKtE,IAAa,uBAAb,MAAsE;CACpE;CACA,WAA6C,EAAE;CAE/C,oBAAkD;CAClD,kBAIW;CACX,gBAAqD;CAErD,YAAY,QAAiB;AAC3B,QAAA,SAAe;;CAGjB,MAAM,MAAM,aAAyC;CAKrD,MAAM,cACJ,QACA,gBACuB;EACvB,MAAM,SAAS,IAAI,aAAsB;GACvC;GACA,QAAQ,MAAA;GACR,eAAe;GAOf,0BAA0B;GAC1B,SAAS,CACP,uCAAuC,EACvC,2CAA2C,CAC5C;GACF,CAAC;AACF,QAAM,OAAO,OAAO;AACpB,QAAA,QAAc,KAAK,OAAO;AAC1B,SAAO,yBAAyB,QAAQ,eAAe;;CAGzD,MAAM,wBACJ,cACA,YACA,gBACuB;AACvB,MAAI,MAAA,iBACF,OAAM,IAAI,MAAM,uCAAuC;AAGzD,QAAA,eAAqB;AAWrB,QAAA,mBAAyB,IAAI,aAAsB;GACjD,SAVc,IAAI,cAAc;IAChC,eAAe,OAAO,YAAY;AAChC,WAAA,iBAAuB;AACvB,YAAO,MAAM,MAAA,oBAA0B;;IAEzC,eAAe,kBACb,IAAI,wBAAwB,cAAc;IAC7C,CAAC;GAIA,QAAQ,MAAA;GACR,eAAe;GACf,0BAA0B;GAC1B,SAAS;IACP,kCAAkC,EAAE,YAAY,CAAC;IACjD,uCAAuC;IACvC,2CAA2C;IAC5C;GACF,CAAC;AAEF,QAAM,MAAA,iBAAuB,OAAO;AACpC,SAAO,yBAAyB,MAAA,kBAAwB,eAAe;;CAGzE,MAAM,mBAAkC;AACtC,MAAI,CAAC,MAAA,kBAAwB,CAAC,MAAA,aAE5B;EAEF,MAAM,EAAE,kBAAkB,MAAM,MAAA,oBAA0B;AAC1D,QAAA,eAAqB,OAAO,cAAc;;CAG5C,OAAA,qBAA4B;AAC1B,MAAI,CAAC,MAAA,kBAAwB,CAAC,MAAA,aAC5B,OAAM,IAAI,MAAM,uBAAuB;AAQzC,SADqB,IAAI,aAAa,EAAE,kBALC,MAAA,cAAoB,CAAC,KAAK,OAAO;GACxE,MAAM,EAAE;GACR,UAAU,EAAE;GACZ,KAAK,EAAE;GACR,EAAE,EACoE,CAAC,CACpD,WAAW,MAAA,eAAqB;;CAGtD,gBACE,UACA,QACA,gBACY;AACZ,SAAO,UACL;GACE;GACA,SAAS,OAAO,QAEV;AAKJ,WAAO,eAJmB,IAAI,oBAAoB,EAAE,CAIb;;GAE1C,EACD,SACD;;CAGH,MAAM,OAAsB;AAC1B,QAAM,QAAQ,IAAI,MAAA,QAAc,KAAK,MAAM,EAAE,MAAM,CAAC,CAAC;AACrD,QAAA,QAAc,SAAS;AAEvB,MAAI,MAAA,kBAAwB;AAC1B,SAAM,MAAA,iBAAuB,MAAM;AACnC,SAAA,mBAAyB;;AAE3B,QAAA,iBAAuB;AACvB,QAAA,eAAqB;;;;;;;AAQzB,SAAgB,yBACd,QACA,gBACc;AACd,QAAO,OAAO,YAAwC;EACpD,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;EAChC,MAAM,UAAU,IAAI,WAAW;AAC/B,UAAQ,QAAQ,SAAS,OAAO,QAAQ,QAAQ,IAAI,KAAK,MAAM,CAAC;EAEhE,IAAI,OAAgB,KAAA;AACpB,MAAI,QAAQ,WAAW,SAAS,QAAQ,WAAW,OACjD,KAAI;AACF,UAAQ,MAAM,QAAQ,MAAM;UACtB;EAKV,MAAM,SAAS,MAAM,OAAO,0BAA0B;GACpD,oBAAoB;IAClB,QAAQ,QAAQ,OAAO,aAAa;IACpC;IACA,QAAQ,IAAI;IACZ;IACD;GACD,eAAe,eAAe,QAAQ;GACvC,CAAC;EAEF,MAAM,kBAAkB,IAAI,SAAS;AACrC,OAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAChC,iBAAgB,IAAI,KAAK,MAAM;EAGjC,IAAI;AACJ,MAAI,OAAO,KAAK,SAAS,WACvB,gBAAe,OAAO,KAAK;OACtB;GACL,MAAM,SAAmB,EAAE;AAC3B,cAAW,MAAM,SAAS,OAAO,KAAK,cACpC,QAAO,KAAK,MAAM;AAEpB,kBAAe,OAAO,KAAK,GAAG;;AAGhC,SAAO,IAAI,SAAS,cAAc;GAChC,QAAQ,OAAO,UAAU;GACzB,SAAS;GACV,CAAC","debug_id":"7f597280-1b64-50b2-9735-754051857add"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"utils-CtC8sjRo.mjs","sources":["../src/services/authorization.service.ts","../src/graphql/base-subgraph.ts","../src/packages/import-resolver.ts","../src/packages/util.ts","../src/graphql/utils.ts"],"sourcesContent":["import type {\n DocumentPermissionService,\n GetParentIdsFn,\n} from \"./document-permission.service.js\";\n\nexport const AuthorizationPolicy = {\n OPEN: \"OPEN\",\n ADMIN_ONLY: \"ADMIN_ONLY\",\n DOCUMENT_PERMISSIONS: \"DOCUMENT_PERMISSIONS\",\n} as const;\n\nexport type AuthorizationPolicy =\n (typeof AuthorizationPolicy)[keyof typeof AuthorizationPolicy];\n\nexport interface AuthorizationConfig {\n admins: string[];\n defaultProtection: boolean;\n policy: AuthorizationPolicy;\n}\n\n/**\n * Single source of truth for every permission decision. Always present (never\n * null) so callers branch on data, not on the existence of a service.\n *\n * The policy selects an implementation once at boot:\n * - OPEN: authentication disabled — everyone (incl. anonymous) is allowed.\n * - ADMIN_ONLY: authentication on, document permissions off — only ADMINS.\n * - DOCUMENT_PERMISSIONS: the full per-document protection + grant model.\n */\nexport interface IAuthorizationService {\n readonly config: AuthorizationConfig;\n\n isSupremeAdmin(userAddress?: string): boolean;\n\n canRead(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n canWrite(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n canManage(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n canMutate(\n documentId: string,\n operationType: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n}\n\n/** Shared config holder and admin-list check for the policy strategies. */\nabstract class BaseAuthorizationService implements IAuthorizationService {\n constructor(readonly config: AuthorizationConfig) {}\n\n isSupremeAdmin(userAddress?: string): boolean {\n if (!userAddress) return false;\n return this.config.admins.includes(userAddress.toLowerCase());\n }\n\n abstract canRead(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n abstract canWrite(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n abstract canManage(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n abstract canMutate(\n documentId: string,\n operationType: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n}\n\n/** OPEN: authentication disabled — everyone (incl. anonymous) is allowed. */\nclass OpenAuthorizationService extends BaseAuthorizationService {\n isSupremeAdmin(): boolean {\n return true;\n }\n\n canRead(): Promise<boolean> {\n return Promise.resolve(true);\n }\n\n canWrite(): Promise<boolean> {\n return Promise.resolve(true);\n }\n\n canManage(): Promise<boolean> {\n return Promise.resolve(true);\n }\n\n canMutate(): Promise<boolean> {\n return Promise.resolve(true);\n }\n}\n\n/** ADMIN_ONLY: authentication on, document permissions off — only ADMINS. */\nclass AdminOnlyAuthorizationService extends BaseAuthorizationService {\n canRead(_documentId: string, userAddress?: string): Promise<boolean> {\n return Promise.resolve(this.isSupremeAdmin(userAddress));\n }\n\n canWrite(_documentId: string, userAddress?: string): Promise<boolean> {\n return Promise.resolve(this.isSupremeAdmin(userAddress));\n }\n\n canManage(_documentId: string, userAddress?: string): Promise<boolean> {\n return Promise.resolve(this.isSupremeAdmin(userAddress));\n }\n\n canMutate(\n _documentId: string,\n _operationType: string,\n userAddress?: string,\n ): Promise<boolean> {\n return Promise.resolve(this.isSupremeAdmin(userAddress));\n }\n}\n\n/** DOCUMENT_PERMISSIONS: the full per-document protection + grant model. */\nclass DocumentPermissionsAuthorizationService extends BaseAuthorizationService {\n constructor(\n private readonly permissions: DocumentPermissionService,\n config: AuthorizationConfig,\n ) {\n super(config);\n }\n\n async canRead(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean> {\n if (this.isSupremeAdmin(userAddress)) return true;\n\n const isProtected = getParentIds\n ? await this.permissions.isProtectedWithAncestors(\n documentId,\n getParentIds,\n )\n : await this.permissions.isDocumentProtected(documentId);\n\n if (!isProtected) return true;\n if (!userAddress) return false;\n\n const owner = await this.permissions.getDocumentOwner(documentId);\n if (owner && owner === userAddress.toLowerCase()) return true;\n\n if (getParentIds) {\n return this.permissions.canRead(documentId, userAddress, getParentIds);\n }\n return this.permissions.canReadDocument(documentId, userAddress);\n }\n\n async canWrite(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean> {\n if (this.isSupremeAdmin(userAddress)) return true;\n return this.#permissionCanWrite(documentId, userAddress, getParentIds);\n }\n\n async canManage(documentId: string, userAddress?: string): Promise<boolean> {\n if (this.isSupremeAdmin(userAddress)) return true;\n if (!userAddress) return false;\n\n const owner = await this.permissions.getDocumentOwner(documentId);\n if (owner && owner === userAddress.toLowerCase()) return true;\n\n return this.permissions.canManageDocument(documentId, userAddress);\n }\n\n async canMutate(\n documentId: string,\n operationType: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean> {\n if (this.isSupremeAdmin(userAddress)) return true;\n\n const isRestricted = await this.permissions.isOperationRestricted(\n documentId,\n operationType,\n );\n\n if (isRestricted) {\n return this.permissions.canExecuteOperation(\n documentId,\n operationType,\n userAddress?.toLowerCase(),\n );\n }\n\n return this.#permissionCanWrite(documentId, userAddress, getParentIds);\n }\n\n async #permissionCanWrite(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean> {\n const isProtected = getParentIds\n ? await this.permissions.isProtectedWithAncestors(\n documentId,\n getParentIds,\n )\n : await this.permissions.isDocumentProtected(documentId);\n\n if (!isProtected) return true;\n if (!userAddress) return false;\n\n const owner = await this.permissions.getDocumentOwner(documentId);\n if (owner && owner === userAddress.toLowerCase()) return true;\n\n if (getParentIds) {\n return this.permissions.canWrite(documentId, userAddress, getParentIds);\n }\n return this.permissions.canWriteDocument(documentId, userAddress);\n }\n}\n\n/**\n * Selects the strategy for the configured policy. The strategy classes are\n * not exported, so this guard is the only construction path.\n */\nexport function createAuthorizationService(\n config: AuthorizationConfig,\n documentPermissionService?: DocumentPermissionService,\n): IAuthorizationService {\n if (config.policy === AuthorizationPolicy.OPEN) {\n return new OpenAuthorizationService(config);\n }\n if (config.policy === AuthorizationPolicy.ADMIN_ONLY) {\n return new AdminOnlyAuthorizationService(config);\n }\n if (!documentPermissionService) {\n throw new Error(\n \"DocumentPermissionService is required for the DOCUMENT_PERMISSIONS policy\",\n );\n }\n return new DocumentPermissionsAuthorizationService(\n documentPermissionService,\n config,\n );\n}\n","import type {\n IReactorClient,\n IRelationalDb,\n ISyncManager,\n} from \"@powerhousedao/reactor\";\nimport type {\n GraphQLManager,\n ISubgraph,\n SubgraphArgs,\n} from \"@powerhousedao/reactor-api\";\nimport type { DocumentNode } from \"graphql\";\nimport { GraphQLError } from \"graphql\";\nimport { gql } from \"graphql-tag\";\nimport {\n AuthorizationPolicy,\n type IAuthorizationService,\n} from \"../services/authorization.service.js\";\nimport type {\n DocumentPermissionService,\n GetParentIdsFn,\n} from \"../services/document-permission.service.js\";\nimport type { Context } from \"./types.js\";\n\nexport class BaseSubgraph implements ISubgraph {\n name = \"example\";\n path = \"\";\n resolvers: Record<string, any> = {\n Query: {\n hello: () => this.name,\n },\n };\n typeDefs: DocumentNode = gql`\n type Query {\n hello: String\n }\n `;\n reactorClient: IReactorClient;\n graphqlManager: GraphQLManager;\n relationalDb: IRelationalDb;\n syncManager: ISyncManager;\n documentPermissionService?: DocumentPermissionService;\n authorizationService: IAuthorizationService;\n\n constructor(args: SubgraphArgs) {\n this.reactorClient = args.reactorClient;\n this.graphqlManager = args.graphqlManager;\n this.relationalDb = args.relationalDb;\n this.syncManager = args.syncManager;\n this.documentPermissionService = args.documentPermissionService;\n this.authorizationService = args.authorizationService;\n this.path = args.path ?? \"\";\n }\n\n async onSetup() {\n // noop\n }\n\n // ============================================\n // Shared permission helpers\n // ============================================\n\n protected getParentIdsFn(): GetParentIdsFn {\n return async (documentId: string): Promise<string[]> => {\n try {\n const result = await this.reactorClient.getIncomingRelationships(\n documentId,\n \"child\",\n );\n return result.results.map((doc) => doc.header.id);\n } catch {\n return [];\n }\n };\n }\n\n protected async canReadDocument(\n documentId: string,\n ctx: Context,\n ): Promise<boolean> {\n return this.authorizationService.canRead(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n }\n\n protected async assertCanRead(\n documentId: string,\n ctx: Context,\n ): Promise<void> {\n const canRead = await this.authorizationService.canRead(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n if (!canRead) {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to read this document\",\n );\n }\n }\n\n protected async assertCanWrite(\n documentId: string,\n ctx: Context,\n ): Promise<void> {\n const canWrite = await this.authorizationService.canWrite(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n if (!canWrite) {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to write to this document\",\n );\n }\n }\n\n protected async assertCanExecuteOperation(\n documentId: string,\n operationType: string,\n ctx: Context,\n ): Promise<void> {\n const canMutate = await this.authorizationService.canMutate(\n documentId,\n operationType,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n if (!canMutate) {\n throw new GraphQLError(\n `Forbidden: insufficient permissions to execute operation \"${operationType}\" on this document`,\n );\n }\n }\n\n protected assertCanCreate(ctx: Context): void {\n const policy = this.authorizationService.config.policy;\n if (policy === AuthorizationPolicy.OPEN) return;\n if (this.authorizationService.isSupremeAdmin(ctx.user?.address)) return;\n if (policy === AuthorizationPolicy.ADMIN_ONLY) {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to create documents\",\n );\n }\n if (!ctx.user?.address) {\n throw new GraphQLError(\n \"Forbidden: authentication required to create documents\",\n );\n }\n }\n}\n","import path from \"node:path\";\n\n/**\n * Attempts to import from suggested Node.js paths\n */\nasync function tryNodeSuggestedPaths<T>(\n packageName: string,\n subPath: string,\n): Promise<T | null> {\n const suggestedPaths = [\n `${packageName}/dist/node/${subPath}/index.mjs`,\n `${packageName}/dist/node/${subPath}.mjs`,\n `${packageName}/dist/${subPath}/index.js`,\n `${packageName}/dist/${subPath}.js`,\n ];\n\n for (const suggestedPath of suggestedPaths) {\n try {\n return (await import(/* @vite-ignore */ suggestedPath)) as T;\n } catch {\n // Continue to next attempt\n }\n }\n\n return null;\n}\n\n/**\n * Attempts to resolve package using import.meta.resolve\n */\nasync function tryImportMetaResolve<T>(\n packageName: string,\n subPath: string,\n): Promise<T | null> {\n try {\n const resolvedUrl = import.meta.resolve?.(`${packageName}/package.json`);\n if (!resolvedUrl) return null;\n\n const packageRoot = path.dirname(new URL(resolvedUrl).pathname);\n const pathsToTry = [\n path.join(packageRoot, \"dist\", \"node\", subPath, \"index.mjs\"),\n path.join(packageRoot, \"dist\", \"node\", `${subPath}.mjs`),\n path.join(packageRoot, \"dist\", subPath, \"index.js\"),\n path.join(packageRoot, \"dist\", `${subPath}.js`),\n path.join(packageRoot, subPath, \"index.js\"),\n path.join(packageRoot, `${subPath}.js`),\n ];\n\n for (const attemptPath of pathsToTry) {\n try {\n return (await import(/* @vite-ignore */ attemptPath)) as T;\n } catch {\n // Continue to next attempt\n }\n }\n } catch {\n // import.meta.resolve failed\n }\n\n return null;\n}\n\n/**\n * Resolves symlinks in node_modules to find the real package location\n */\nasync function resolveSymlinkedPaths(\n packageName: string,\n subPath: string,\n): Promise<string[]> {\n const packageBaseName = packageName.includes(\"/\")\n ? packageName.split(\"/\").pop()\n : packageName;\n const nodeModulesPatterns = [\n path.join(process.cwd(), \"node_modules\", packageName),\n path.join(process.cwd(), \"node_modules\", packageBaseName || packageName),\n ];\n\n const workspacePatterns: string[] = [];\n\n for (const nodeModulesPath of nodeModulesPatterns) {\n try {\n const fs = await import(\"node:fs\");\n if (fs.existsSync(nodeModulesPath)) {\n const realPath = fs.realpathSync(nodeModulesPath);\n\n workspacePatterns.push(\n path.join(realPath, \"dist\", \"node\", subPath, \"index.mjs\"),\n path.join(realPath, \"dist\", \"node\", `${subPath}.mjs`),\n path.join(realPath, \"dist\", subPath, \"index.js\"),\n path.join(realPath, \"dist\", `${subPath}.js`),\n path.join(realPath, subPath, \"index.js\"),\n path.join(realPath, `${subPath}.js`),\n );\n }\n } catch {\n // Continue to next attempt\n }\n }\n\n return workspacePatterns;\n}\n\n/**\n * Generates common workspace pattern paths\n */\nfunction getCommonWorkspacePaths(\n packageName: string,\n subPath: string,\n): string[] {\n const packageBaseName = packageName.includes(\"/\")\n ? packageName.split(\"/\").pop()\n : packageName;\n const commonRoots = [process.cwd(), path.dirname(process.cwd())];\n\n const workspacePatterns: string[] = [];\n for (const root of commonRoots) {\n workspacePatterns.push(\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n \"node\",\n subPath,\n \"index.mjs\",\n ),\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n \"node\",\n `${subPath}.mjs`,\n ),\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n subPath,\n \"index.js\",\n ),\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n `${subPath}.js`,\n ),\n );\n }\n\n return workspacePatterns;\n}\n\n/**\n * Attempts to import from a list of workspace patterns\n */\nasync function tryWorkspacePatterns<T>(patterns: string[]): Promise<T | null> {\n for (const workspacePath of patterns) {\n try {\n return (await import(/* @vite-ignore */ workspacePath)) as T;\n } catch {\n // Continue to next attempt\n }\n }\n\n return null;\n}\n\n/**\n * Attempts to resolve linked packages using various fallback strategies\n */\nexport async function resolveLinkedPackage<T>(\n packageName: string,\n subPath: string,\n): Promise<T | null> {\n // Try Node.js suggested paths first\n let result = await tryNodeSuggestedPaths<T>(packageName, subPath);\n if (result) return result;\n\n // Try import.meta.resolve\n result = await tryImportMetaResolve<T>(packageName, subPath);\n if (result) return result;\n\n // Try symlink resolution\n const symlinkPaths = await resolveSymlinkedPaths(packageName, subPath);\n result = await tryWorkspacePatterns<T>(symlinkPaths);\n if (result) return result;\n\n // Try common workspace patterns as final fallback\n const commonPaths = getCommonWorkspacePaths(packageName, subPath);\n result = await tryWorkspacePatterns<T>(commonPaths);\n if (result) return result;\n\n return null;\n}\n","import type {\n ProcessorFactoryBuilder,\n SubgraphClass,\n} from \"@powerhousedao/reactor-api\";\nimport type { DocumentModelModule } from \"@powerhousedao/shared/document-model\";\nimport { childLogger } from \"document-model\";\nimport { execSync } from \"node:child_process\";\nimport path from \"node:path\";\nimport { resolveLinkedPackage } from \"./import-resolver.js\";\n\n// Define the expected module export structures\ntype DocumentModelsExport = Record<string, DocumentModelModule>;\ntype SubgraphsExport = Record<string, Record<string, SubgraphClass>>;\ntype ProcessorsExport = {\n processorFactory?: ProcessorFactoryBuilder;\n processorFactoryLegacy?: ProcessorFactoryBuilder;\n};\n\nconst _logger = childLogger([\"reactor-api\", \"packages/util\"]);\n\nexport const installPackages = (packages: string[]): Promise<void> => {\n for (const packageName of packages) {\n execSync(`ph install ${packageName}`);\n }\n return Promise.resolve();\n};\n\nexport const readManifest = () => {\n const manifest = execSync(`ph manifest`).toString();\n return manifest;\n};\n\n/**\n * Tries to import document models from a package. This function cannot throw.\n */\nexport async function loadDocumentModels(\n packageName: string,\n): Promise<DocumentModelsExport | null> {\n return loadDependency(packageName, \"document-models\");\n}\n\n/**\n * Tries to import subgraphs from a package. This function cannot throw.\n */\nexport async function loadSubgraphs(\n packageName: string,\n): Promise<SubgraphsExport | null> {\n return loadDependency(packageName, \"subgraphs\");\n}\n\n/**\n * Tries to import processors from a package. This function cannot throw.\n */\nexport async function loadProcessors(\n packageName: string,\n): Promise<ProcessorsExport | null> {\n return loadDependency(packageName, \"processors\");\n}\n\n/**\n * Generic dependency loader - tries to import a dependency from a package. This function cannot throw.\n * Returns null if the dependency cannot be loaded.\n */\nasync function loadDependency<T = unknown>(\n packageName: string,\n subPath: string,\n): Promise<T> {\n const fullPath = `${packageName}/${subPath}`;\n\n // Try the standard import first\n try {\n // vite does not support this, but that's okay as we have provided the\n // vite-loader for this purpose\n\n const module = (await import(/* @vite-ignore */ fullPath)) as T;\n return module;\n } catch (e) {\n // Handle module not found errors with fallback resolution\n if (\n e instanceof Error &&\n \"code\" in e &&\n (e.code === \"ERR_MODULE_NOT_FOUND\" ||\n e.code === \"ERR_UNSUPPORTED_DIR_IMPORT\")\n ) {\n const result = await resolveLinkedPackage<T>(packageName, subPath);\n if (result) return result;\n }\n throw e;\n }\n}\n\nexport function debounce<T extends unknown[], R>(\n func: (...args: T) => Promise<R>,\n delay = 250,\n) {\n let timer: number;\n return (immediate = false, ...args: T) => {\n if (timer) {\n clearTimeout(timer);\n }\n return new Promise<R>((resolve, reject) => {\n if (immediate) {\n func(...args)\n .then(resolve)\n .catch(reject);\n } else {\n timer = setTimeout(() => {\n func(...args)\n .then(resolve)\n .catch(reject);\n }, delay) as unknown as number;\n }\n });\n };\n}\n\nexport function isSubpath(parent: string, dir: string) {\n const relative = path.relative(parent, dir);\n return relative && !relative.startsWith(\"..\") && !path.isAbsolute(relative);\n}\n","import type {\n GqlDocument,\n GqlDriveDocument,\n GqlOperation,\n SubgraphClass,\n} from \"@powerhousedao/reactor-api\";\nimport type { DocumentDriveDocument } from \"@powerhousedao/shared/document-drive\";\nimport type {\n Operation,\n PHDocument,\n} from \"@powerhousedao/shared/document-model\";\nimport { BaseSubgraph } from \"./base-subgraph.js\";\n\nexport function isSubgraphClass(\n candidate: unknown,\n): candidate is SubgraphClass {\n if (typeof candidate !== \"function\") return false;\n\n let proto: unknown = Object.getPrototypeOf(candidate);\n while (proto) {\n if (Object.prototype.isPrototypeOf.call(proto, BaseSubgraph)) return true;\n\n proto = Object.getPrototypeOf(proto);\n }\n\n return false;\n}\n\nexport function buildGraphqlOperations(\n operations: Operation[],\n skip: number,\n first: number,\n): GqlOperation[] {\n return operations.slice(skip, skip + first).map(buildGraphqlOperation);\n}\n\nexport function buildGraphqlOperation(operation: Operation): GqlOperation {\n const signer = operation.action.context?.signer;\n return {\n id: operation.id ?? \"\",\n type: operation.action.type,\n index: operation.index,\n timestampUtcMs: operation.timestampUtcMs,\n hash: operation.hash,\n skip: operation.skip,\n inputText:\n typeof operation.action.input === \"string\"\n ? operation.action.input\n : JSON.stringify(operation.action.input),\n error: operation.error,\n context: {\n signer: signer\n ? {\n user: signer.user,\n app: signer.app,\n signatures: signer.signatures.map((sig) =>\n Array.isArray(sig) ? sig.join(\", \") : sig,\n ),\n }\n : undefined,\n },\n };\n}\n\nexport function buildGraphQlDocument(doc: PHDocument): GqlDocument {\n // Return full state with all scopes (auth, document, global, local)\n // This matches the ReactorSubgraph pattern in adapters.ts\n const state = doc.state;\n const initialState = doc.initialState;\n // For stateJSON, use global state for backward compatibility\n const globalState = \"global\" in doc.state ? doc.state.global : {};\n return {\n id: doc.header.id,\n name: doc.header.name,\n documentType: doc.header.documentType,\n revision: doc.header.revision.global || 0,\n createdAtUtcIso: doc.header.createdAtUtcIso,\n lastModifiedAtUtcIso: doc.header.lastModifiedAtUtcIso,\n operations: [],\n stateJSON: globalState as JSON,\n state,\n initialState,\n };\n}\n\nexport function buildGraphQlDriveDocument(\n doc: DocumentDriveDocument,\n): GqlDriveDocument {\n const gqlDoc = buildGraphQlDocument(doc);\n return {\n ...gqlDoc,\n meta: {\n preferredEditor: doc.header.meta?.preferredEditor,\n },\n slug: doc.header.slug,\n state: doc.state.global,\n initialState: doc.state.global,\n };\n}\n"],"names":["#permissionCanWrite"],"mappings":";;;;;;;AAKA,MAAa,sBAAsB;CACjC,MAAM;CACN,YAAY;CACZ,sBAAsB;CACvB;;AAoDD,IAAe,2BAAf,MAAyE;CACvE,YAAY,QAAsC;AAA7B,OAAA,SAAA;;CAErB,eAAe,aAA+B;AAC5C,MAAI,CAAC,YAAa,QAAO;AACzB,SAAO,KAAK,OAAO,OAAO,SAAS,YAAY,aAAa,CAAC;;;;AA8BjE,IAAM,2BAAN,cAAuC,yBAAyB;CAC9D,iBAA0B;AACxB,SAAO;;CAGT,UAA4B;AAC1B,SAAO,QAAQ,QAAQ,KAAK;;CAG9B,WAA6B;AAC3B,SAAO,QAAQ,QAAQ,KAAK;;CAG9B,YAA8B;AAC5B,SAAO,QAAQ,QAAQ,KAAK;;CAG9B,YAA8B;AAC5B,SAAO,QAAQ,QAAQ,KAAK;;;;AAKhC,IAAM,gCAAN,cAA4C,yBAAyB;CACnE,QAAQ,aAAqB,aAAwC;AACnE,SAAO,QAAQ,QAAQ,KAAK,eAAe,YAAY,CAAC;;CAG1D,SAAS,aAAqB,aAAwC;AACpE,SAAO,QAAQ,QAAQ,KAAK,eAAe,YAAY,CAAC;;CAG1D,UAAU,aAAqB,aAAwC;AACrE,SAAO,QAAQ,QAAQ,KAAK,eAAe,YAAY,CAAC;;CAG1D,UACE,aACA,gBACA,aACkB;AAClB,SAAO,QAAQ,QAAQ,KAAK,eAAe,YAAY,CAAC;;;;AAK5D,IAAM,0CAAN,cAAsD,yBAAyB;CAC7E,YACE,aACA,QACA;AACA,QAAM,OAAO;AAHI,OAAA,cAAA;;CAMnB,MAAM,QACJ,YACA,aACA,cACkB;AAClB,MAAI,KAAK,eAAe,YAAY,CAAE,QAAO;AAS7C,MAAI,EAPgB,eAChB,MAAM,KAAK,YAAY,yBACrB,YACA,aACD,GACD,MAAM,KAAK,YAAY,oBAAoB,WAAW,EAExC,QAAO;AACzB,MAAI,CAAC,YAAa,QAAO;EAEzB,MAAM,QAAQ,MAAM,KAAK,YAAY,iBAAiB,WAAW;AACjE,MAAI,SAAS,UAAU,YAAY,aAAa,CAAE,QAAO;AAEzD,MAAI,aACF,QAAO,KAAK,YAAY,QAAQ,YAAY,aAAa,aAAa;AAExE,SAAO,KAAK,YAAY,gBAAgB,YAAY,YAAY;;CAGlE,MAAM,SACJ,YACA,aACA,cACkB;AAClB,MAAI,KAAK,eAAe,YAAY,CAAE,QAAO;AAC7C,SAAO,MAAA,mBAAyB,YAAY,aAAa,aAAa;;CAGxE,MAAM,UAAU,YAAoB,aAAwC;AAC1E,MAAI,KAAK,eAAe,YAAY,CAAE,QAAO;AAC7C,MAAI,CAAC,YAAa,QAAO;EAEzB,MAAM,QAAQ,MAAM,KAAK,YAAY,iBAAiB,WAAW;AACjE,MAAI,SAAS,UAAU,YAAY,aAAa,CAAE,QAAO;AAEzD,SAAO,KAAK,YAAY,kBAAkB,YAAY,YAAY;;CAGpE,MAAM,UACJ,YACA,eACA,aACA,cACkB;AAClB,MAAI,KAAK,eAAe,YAAY,CAAE,QAAO;AAO7C,MALqB,MAAM,KAAK,YAAY,sBAC1C,YACA,cACD,CAGC,QAAO,KAAK,YAAY,oBACtB,YACA,eACA,aAAa,aAAa,CAC3B;AAGH,SAAO,MAAA,mBAAyB,YAAY,aAAa,aAAa;;CAGxE,OAAA,mBACE,YACA,aACA,cACkB;AAQlB,MAAI,EAPgB,eAChB,MAAM,KAAK,YAAY,yBACrB,YACA,aACD,GACD,MAAM,KAAK,YAAY,oBAAoB,WAAW,EAExC,QAAO;AACzB,MAAI,CAAC,YAAa,QAAO;EAEzB,MAAM,QAAQ,MAAM,KAAK,YAAY,iBAAiB,WAAW;AACjE,MAAI,SAAS,UAAU,YAAY,aAAa,CAAE,QAAO;AAEzD,MAAI,aACF,QAAO,KAAK,YAAY,SAAS,YAAY,aAAa,aAAa;AAEzE,SAAO,KAAK,YAAY,iBAAiB,YAAY,YAAY;;;;;;;AAQrE,SAAgB,2BACd,QACA,2BACuB;AACvB,KAAI,OAAO,WAAW,oBAAoB,KACxC,QAAO,IAAI,yBAAyB,OAAO;AAE7C,KAAI,OAAO,WAAW,oBAAoB,WACxC,QAAO,IAAI,8BAA8B,OAAO;AAElD,KAAI,CAAC,0BACH,OAAM,IAAI,MACR,4EACD;AAEH,QAAO,IAAI,wCACT,2BACA,OACD;;;;ACnPH,IAAa,eAAb,MAA+C;CAC7C,OAAO;CACP,OAAO;CACP,YAAiC,EAC/B,OAAO,EACL,aAAa,KAAK,MACnB,EACF;CACD,WAAyB,GAAG;;;;;CAK5B;CACA;CACA;CACA;CACA;CACA;CAEA,YAAY,MAAoB;AAC9B,OAAK,gBAAgB,KAAK;AAC1B,OAAK,iBAAiB,KAAK;AAC3B,OAAK,eAAe,KAAK;AACzB,OAAK,cAAc,KAAK;AACxB,OAAK,4BAA4B,KAAK;AACtC,OAAK,uBAAuB,KAAK;AACjC,OAAK,OAAO,KAAK,QAAQ;;CAG3B,MAAM,UAAU;CAQhB,iBAA2C;AACzC,SAAO,OAAO,eAA0C;AACtD,OAAI;AAKF,YAJe,MAAM,KAAK,cAAc,yBACtC,YACA,QACD,EACa,QAAQ,KAAK,QAAQ,IAAI,OAAO,GAAG;WAC3C;AACN,WAAO,EAAE;;;;CAKf,MAAgB,gBACd,YACA,KACkB;AAClB,SAAO,KAAK,qBAAqB,QAC/B,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB;;CAGH,MAAgB,cACd,YACA,KACe;AAMf,MAAI,CALY,MAAM,KAAK,qBAAqB,QAC9C,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB,CAEC,OAAM,IAAI,aACR,4DACD;;CAIL,MAAgB,eACd,YACA,KACe;AAMf,MAAI,CALa,MAAM,KAAK,qBAAqB,SAC/C,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB,CAEC,OAAM,IAAI,aACR,gEACD;;CAIL,MAAgB,0BACd,YACA,eACA,KACe;AAOf,MAAI,CANc,MAAM,KAAK,qBAAqB,UAChD,YACA,eACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB,CAEC,OAAM,IAAI,aACR,6DAA6D,cAAc,oBAC5E;;CAIL,gBAA0B,KAAoB;EAC5C,MAAM,SAAS,KAAK,qBAAqB,OAAO;AAChD,MAAI,WAAW,oBAAoB,KAAM;AACzC,MAAI,KAAK,qBAAqB,eAAe,IAAI,MAAM,QAAQ,CAAE;AACjE,MAAI,WAAW,oBAAoB,WACjC,OAAM,IAAI,aACR,0DACD;AAEH,MAAI,CAAC,IAAI,MAAM,QACb,OAAM,IAAI,aACR,yDACD;;;;;;;;AC/IP,eAAe,sBACb,aACA,SACmB;CACnB,MAAM,iBAAiB;EACrB,GAAG,YAAY,aAAa,QAAQ;EACpC,GAAG,YAAY,aAAa,QAAQ;EACpC,GAAG,YAAY,QAAQ,QAAQ;EAC/B,GAAG,YAAY,QAAQ,QAAQ;EAChC;AAED,MAAK,MAAM,iBAAiB,eAC1B,KAAI;AACF,SAAQ,MAAM;;GAA0B;;SAClC;AAKV,QAAO;;;;;AAMT,eAAe,qBACb,aACA,SACmB;AACnB,KAAI;EACF,MAAM,cAAc,OAAO,KAAK,UAAU,GAAG,YAAY,eAAe;AACxE,MAAI,CAAC,YAAa,QAAO;EAEzB,MAAM,cAAc,KAAK,QAAQ,IAAI,IAAI,YAAY,CAAC,SAAS;EAC/D,MAAM,aAAa;GACjB,KAAK,KAAK,aAAa,QAAQ,QAAQ,SAAS,YAAY;GAC5D,KAAK,KAAK,aAAa,QAAQ,QAAQ,GAAG,QAAQ,MAAM;GACxD,KAAK,KAAK,aAAa,QAAQ,SAAS,WAAW;GACnD,KAAK,KAAK,aAAa,QAAQ,GAAG,QAAQ,KAAK;GAC/C,KAAK,KAAK,aAAa,SAAS,WAAW;GAC3C,KAAK,KAAK,aAAa,GAAG,QAAQ,KAAK;GACxC;AAED,OAAK,MAAM,eAAe,WACxB,KAAI;AACF,UAAQ,MAAM;;IAA0B;;UAClC;SAIJ;AAIR,QAAO;;;;;AAMT,eAAe,sBACb,aACA,SACmB;CACnB,MAAM,kBAAkB,YAAY,SAAS,IAAI,GAC7C,YAAY,MAAM,IAAI,CAAC,KAAK,GAC5B;CACJ,MAAM,sBAAsB,CAC1B,KAAK,KAAK,QAAQ,KAAK,EAAE,gBAAgB,YAAY,EACrD,KAAK,KAAK,QAAQ,KAAK,EAAE,gBAAgB,mBAAmB,YAAY,CACzE;CAED,MAAM,oBAA8B,EAAE;AAEtC,MAAK,MAAM,mBAAmB,oBAC5B,KAAI;EACF,MAAM,KAAK,MAAM,OAAO;AACxB,MAAI,GAAG,WAAW,gBAAgB,EAAE;GAClC,MAAM,WAAW,GAAG,aAAa,gBAAgB;AAEjD,qBAAkB,KAChB,KAAK,KAAK,UAAU,QAAQ,QAAQ,SAAS,YAAY,EACzD,KAAK,KAAK,UAAU,QAAQ,QAAQ,GAAG,QAAQ,MAAM,EACrD,KAAK,KAAK,UAAU,QAAQ,SAAS,WAAW,EAChD,KAAK,KAAK,UAAU,QAAQ,GAAG,QAAQ,KAAK,EAC5C,KAAK,KAAK,UAAU,SAAS,WAAW,EACxC,KAAK,KAAK,UAAU,GAAG,QAAQ,KAAK,CACrC;;SAEG;AAKV,QAAO;;;;;AAMT,SAAS,wBACP,aACA,SACU;CACV,MAAM,kBAAkB,YAAY,SAAS,IAAI,GAC7C,YAAY,MAAM,IAAI,CAAC,KAAK,GAC5B;CACJ,MAAM,cAAc,CAAC,QAAQ,KAAK,EAAE,KAAK,QAAQ,QAAQ,KAAK,CAAC,CAAC;CAEhE,MAAM,oBAA8B,EAAE;AACtC,MAAK,MAAM,QAAQ,YACjB,mBAAkB,KAChB,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,QACA,SACA,YACD,EACD,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,QACA,GAAG,QAAQ,MACZ,EACD,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,SACA,WACD,EACD,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,GAAG,QAAQ,KACZ,CACF;AAGH,QAAO;;;;;AAMT,eAAe,qBAAwB,UAAuC;AAC5E,MAAK,MAAM,iBAAiB,SAC1B,KAAI;AACF,SAAQ,MAAM;;GAA0B;;SAClC;AAKV,QAAO;;;;;AAMT,eAAsB,qBACpB,aACA,SACmB;CAEnB,IAAI,SAAS,MAAM,sBAAyB,aAAa,QAAQ;AACjE,KAAI,OAAQ,QAAO;AAGnB,UAAS,MAAM,qBAAwB,aAAa,QAAQ;AAC5D,KAAI,OAAQ,QAAO;AAInB,UAAS,MAAM,qBADM,MAAM,sBAAsB,aAAa,QAAQ,CAClB;AACpD,KAAI,OAAQ,QAAO;AAInB,UAAS,MAAM,qBADK,wBAAwB,aAAa,QAAQ,CACd;AACnD,KAAI,OAAQ,QAAO;AAEnB,QAAO;;;;ACjLO,YAAY,CAAC,eAAe,gBAAgB,CAAC;;;;AAiB7D,eAAsB,mBACpB,aACsC;AACtC,QAAO,eAAe,aAAa,kBAAkB;;;;;AAMvD,eAAsB,cACpB,aACiC;AACjC,QAAO,eAAe,aAAa,YAAY;;;;;AAMjD,eAAsB,eACpB,aACkC;AAClC,QAAO,eAAe,aAAa,aAAa;;;;;;AAOlD,eAAe,eACb,aACA,SACY;CACZ,MAAM,WAAW,GAAG,YAAY,GAAG;AAGnC,KAAI;AAKF,SADgB,MAAM;;GAA0B;;UAEzC,GAAG;AAEV,MACE,aAAa,SACb,UAAU,MACT,EAAE,SAAS,0BACV,EAAE,SAAS,+BACb;GACA,MAAM,SAAS,MAAM,qBAAwB,aAAa,QAAQ;AAClE,OAAI,OAAQ,QAAO;;AAErB,QAAM;;;AAIV,SAAgB,SACd,MACA,QAAQ,KACR;CACA,IAAI;AACJ,SAAQ,YAAY,OAAO,GAAG,SAAY;AACxC,MAAI,MACF,cAAa,MAAM;AAErB,SAAO,IAAI,SAAY,SAAS,WAAW;AACzC,OAAI,UACF,MAAK,GAAG,KAAK,CACV,KAAK,QAAQ,CACb,MAAM,OAAO;OAEhB,SAAQ,iBAAiB;AACvB,SAAK,GAAG,KAAK,CACV,KAAK,QAAQ,CACb,MAAM,OAAO;MACf,MAAM;IAEX;;;AAIN,SAAgB,UAAU,QAAgB,KAAa;CACrD,MAAM,WAAW,KAAK,SAAS,QAAQ,IAAI;AAC3C,QAAO,YAAY,CAAC,SAAS,WAAW,KAAK,IAAI,CAAC,KAAK,WAAW,SAAS;;;;ACzG7E,SAAgB,gBACd,WAC4B;AAC5B,KAAI,OAAO,cAAc,WAAY,QAAO;CAE5C,IAAI,QAAiB,OAAO,eAAe,UAAU;AACrD,QAAO,OAAO;AACZ,MAAI,OAAO,UAAU,cAAc,KAAK,OAAO,aAAa,CAAE,QAAO;AAErE,UAAQ,OAAO,eAAe,MAAM;;AAGtC,QAAO;;AAGT,SAAgB,uBACd,YACA,MACA,OACgB;AAChB,QAAO,WAAW,MAAM,MAAM,OAAO,MAAM,CAAC,IAAI,sBAAsB;;AAGxE,SAAgB,sBAAsB,WAAoC;CACxE,MAAM,SAAS,UAAU,OAAO,SAAS;AACzC,QAAO;EACL,IAAI,UAAU,MAAM;EACpB,MAAM,UAAU,OAAO;EACvB,OAAO,UAAU;EACjB,gBAAgB,UAAU;EAC1B,MAAM,UAAU;EAChB,MAAM,UAAU;EAChB,WACE,OAAO,UAAU,OAAO,UAAU,WAC9B,UAAU,OAAO,QACjB,KAAK,UAAU,UAAU,OAAO,MAAM;EAC5C,OAAO,UAAU;EACjB,SAAS,EACP,QAAQ,SACJ;GACE,MAAM,OAAO;GACb,KAAK,OAAO;GACZ,YAAY,OAAO,WAAW,KAAK,QACjC,MAAM,QAAQ,IAAI,GAAG,IAAI,KAAK,KAAK,GAAG,IACvC;GACF,GACD,KAAA,GACL;EACF;;AAGH,SAAgB,qBAAqB,KAA8B;CAGjE,MAAM,QAAQ,IAAI;CAClB,MAAM,eAAe,IAAI;CAEzB,MAAM,cAAc,YAAY,IAAI,QAAQ,IAAI,MAAM,SAAS,EAAE;AACjE,QAAO;EACL,IAAI,IAAI,OAAO;EACf,MAAM,IAAI,OAAO;EACjB,cAAc,IAAI,OAAO;EACzB,UAAU,IAAI,OAAO,SAAS,UAAU;EACxC,iBAAiB,IAAI,OAAO;EAC5B,sBAAsB,IAAI,OAAO;EACjC,YAAY,EAAE;EACd,WAAW;EACX;EACA;EACD;;AAGH,SAAgB,0BACd,KACkB;AAElB,QAAO;EACL,GAFa,qBAAqB,IAAI;EAGtC,MAAM,EACJ,iBAAiB,IAAI,OAAO,MAAM,iBACnC;EACD,MAAM,IAAI,OAAO;EACjB,OAAO,IAAI,MAAM;EACjB,cAAc,IAAI,MAAM;EACzB","debug_id":"143f3840-f36d-5b22-91f1-5b5328f2e537"}
|