npm - @prabhask5/stellar-engine - Versions diffs - 1.0.11 → 1.0.13 - Mend

@prabhask5/stellar-engine 1.0.11 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/README.md +31 -28
package/dist/auth/deviceVerification.d.ts +57 -0
package/dist/auth/deviceVerification.d.ts.map +1 -0
package/dist/auth/deviceVerification.js +258 -0
package/dist/auth/deviceVerification.js.map +1 -0
package/dist/auth/resolveAuthState.d.ts.map +1 -1
package/dist/auth/resolveAuthState.js +25 -83
package/dist/auth/resolveAuthState.js.map +1 -1
package/dist/auth/singleUser.d.ts +58 -8
package/dist/auth/singleUser.d.ts.map +1 -1
package/dist/auth/singleUser.js +345 -179
package/dist/auth/singleUser.js.map +1 -1
package/dist/config.d.ts +9 -0
package/dist/config.d.ts.map +1 -1
package/dist/config.js.map +1 -1
package/dist/entries/auth.d.ts +2 -2
package/dist/entries/auth.d.ts.map +1 -1
package/dist/entries/auth.js +2 -2
package/dist/entries/auth.js.map +1 -1
package/dist/index.d.ts +4 -3
package/dist/index.d.ts.map +1 -1
package/dist/index.js +4 -2
package/dist/index.js.map +1 -1
package/dist/supabase/auth.d.ts +19 -1
package/dist/supabase/auth.d.ts.map +1 -1
package/dist/supabase/auth.js +66 -3
package/dist/supabase/auth.js.map +1 -1
package/dist/supabase/validate.d.ts +1 -1
package/dist/supabase/validate.js +4 -4
package/dist/supabase/validate.js.map +1 -1
package/dist/types.d.ts +10 -1
package/dist/types.d.ts.map +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -13,7 +13,7 @@ A local-first, offline-capable sync engine for **SvelteKit + Supabase + Dexie**
 - **Intent-based sync operations** -- operations preserve intent (`increment`, `set`, `create`, `delete`) instead of just final state, enabling smarter coalescing and conflict handling.
 - **Three-tier conflict resolution** -- field-level diffing, numeric merge fields, and configurable exclusion lists let you resolve conflicts precisely rather than with blanket last-write-wins.
 - **Offline authentication** -- credential caching and offline session tokens let users sign in and work without connectivity; sessions reconcile automatically on reconnect.
-- **Single-user auth mode** -- for personal apps, replace email/password with a local PIN code or password gate backed by Supabase anonymous auth. Setup, unlock, lock, and gate change are all handled by the engine with full offline support.
+- **Single-user auth mode** -- for personal apps, use a simplified PIN code or password gate backed by real Supabase email/password auth. The user provides an email during setup; the PIN is padded to meet Supabase's minimum password length and verified server-side. Setup, unlock, lock, and gate change are all handled by the engine with full offline support.
 - **Realtime subscriptions** -- Supabase Realtime channels push remote changes into local state instantly, with duplicate-delivery guards to prevent re-processing.
 - **Operation coalescing** -- batches of rapid local writes (e.g., 50 individual increments) are compressed into a single outbound operation, reducing sync traffic dramatically.
 - **Tombstone management** -- soft deletes are propagated cleanly, and stale tombstones are garbage-collected after a configurable retention period.
@@ -68,7 +68,7 @@ if (auth.authMode !== 'none') await startSyncEngine();
 ### Single-user mode
-For personal apps with a PIN code gate instead of email/password:
+For personal apps with a PIN code gate backed by real Supabase email/password auth:
 ```ts
 import { initEngine, startSyncEngine, supabase } from '@prabhask5/stellar-engine';
@@ -84,6 +84,8 @@ initEngine({
     mode: 'single-user',
     singleUser: { gateType: 'code', codeLength: 4 },
     enableOfflineAuth: true,
+    // emailConfirmation: { enabled: true },       // require email confirmation on setup
+    // deviceVerification: { enabled: true },       // require OTP verification on new devices
   },
 });
@@ -91,9 +93,13 @@ await initConfig();
 const auth = await resolveAuthState();
 if (!auth.singleUserSetUp) {
-  // Show setup screen → call setupSingleUser(code, profile)
+  // Show setup screen → call setupSingleUser(code, profile, email)
+  // Returns { error, confirmationRequired }
+  // If confirmationRequired, prompt user to check email then call completeSingleUserSetup()
 } else if (auth.authMode === 'none') {
   // Show unlock screen → call unlockSingleUser(code)
+  // Returns { error, deviceVerificationRequired?, maskedEmail? }
+  // If deviceVerificationRequired, prompt for OTP then call completeDeviceVerification(tokenHash?)
 } else {
   await startSyncEngine();
 }
@@ -107,7 +113,7 @@ Import only what you need via subpath exports:
 |---|---|
 | `@prabhask5/stellar-engine` | `initEngine`, `startSyncEngine`, `runFullSync`, `supabase`, `getDb`, `validateSupabaseCredentials`, `validateSchema` |
 | `@prabhask5/stellar-engine/data` | All engine CRUD + query operations (`engineCreate`, `engineUpdate`, etc.) |
-| `@prabhask5/stellar-engine/auth` | All auth functions (`signIn`, `signUp`, `resolveAuthState`, `isAdmin`, single-user: `setupSingleUser`, `unlockSingleUser`, `lockSingleUser`, etc.) |
+| `@prabhask5/stellar-engine/auth` | All auth functions (`signIn`, `signUp`, `resolveAuthState`, `isAdmin`, single-user: `setupSingleUser`, `unlockSingleUser`, `lockSingleUser`, `completeSingleUserSetup`, `completeDeviceVerification`, `padPin`, etc.) |
 | `@prabhask5/stellar-engine/stores` | Reactive stores + event subscriptions (`syncStatusStore`, `authState`, `onSyncComplete`, etc.) |
 | `@prabhask5/stellar-engine/types` | All type exports (`Session`, `SyncEngineConfig`, `BatchOperation`, `SingleUserConfig`, etc.) |
 | `@prabhask5/stellar-engine/utils` | Utility functions (`generateId`, `now`, `calculateNewOrder`, `snakeToCamel`, `debug`, etc.) |
@@ -130,34 +136,28 @@ Row-Level Security policies should scope reads and writes to the authenticated u
 **Single-user mode additional requirements:**
-Single-user mode requires a `single_user_config` table in Supabase for multi-device config sync:
+Single-user mode uses real Supabase email/password auth where the PIN is padded to meet Supabase's minimum password length. The user provides an email during setup, and the PIN is verified server-side.
+If `deviceVerification` is enabled in the auth config, you need a `trusted_devices` table:
 ```sql
-CREATE TABLE single_user_config (
+CREATE TABLE trusted_devices (
   id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
-  gate_type text NOT NULL DEFAULT 'code',
-  code_length integer,
-  gate_hash text NOT NULL,
-  profile jsonb NOT NULL DEFAULT '{}',
-  setup_at timestamptz NOT NULL DEFAULT now(),
-  updated_at timestamptz NOT NULL DEFAULT now(),
-  is_deleted boolean NOT NULL DEFAULT false,
-  user_id uuid REFERENCES auth.users(id) ON DELETE CASCADE
+  user_id uuid REFERENCES auth.users(id) ON DELETE CASCADE NOT NULL,
+  device_id text NOT NULL,
+  device_label text,
+  trusted_at timestamptz DEFAULT now() NOT NULL,
+  last_used_at timestamptz DEFAULT now() NOT NULL,
+  UNIQUE(user_id, device_id)
 );
--- Enable RLS
-ALTER TABLE single_user_config ENABLE ROW LEVEL SECURITY;
--- RLS policy: authenticated users (anonymous sessions) can manage their own row
-CREATE POLICY "Users can manage their own config"
-  ON single_user_config FOR ALL
-  USING (auth.uid() = user_id)
-  WITH CHECK (auth.uid() = user_id);
+ALTER TABLE trusted_devices ENABLE ROW LEVEL SECURITY;
+CREATE POLICY "Users manage own devices" ON trusted_devices FOR ALL
+  USING (auth.uid() = user_id) WITH CHECK (auth.uid() = user_id);
 ```
-You must also enable **"Allow anonymous sign-ins"** in your Supabase project under Authentication > Settings.
+If `emailConfirmation` is enabled, Supabase email templates must be configured.
-**Schema validation:** The engine automatically validates that all configured tables (and `single_user_config` in single-user mode) exist in Supabase on the first sync. Missing tables are reported via `syncStatusStore` and the debug console.
+**Schema validation:** The engine automatically validates that all configured tables (and `trusted_devices` when `deviceVerification.enabled`) exist in Supabase on the first sync. Missing tables are reported via `syncStatusStore` and the debug console.
 **Dexie (IndexedDB)**
@@ -260,18 +260,21 @@ Alternatively, you can provide a pre-created Dexie instance via the `db` config
 ### Single-user auth
-For personal apps that don't need email/password accounts. Uses a local PIN code or password gate with Supabase anonymous auth behind the scenes. Enable by setting `auth.mode: 'single-user'` in the engine config. Requires "Allow anonymous sign-ins" enabled in Supabase Authentication settings.
+For personal apps that use a simplified PIN or password gate. Uses real Supabase email/password auth where the PIN is padded to meet minimum password length. Enable by setting `auth.mode: 'single-user'` in the engine config.
 | Export | Description |
 |---|---|
 | `isSingleUserSetUp()` | Check if initial setup is complete. |
 | `getSingleUserInfo()` | Get display info (profile, gate type) for the unlock screen. |
-| `setupSingleUser(gate, profile)` | First-time setup: create gate, anonymous Supabase user, and store config. |
-| `unlockSingleUser(gate)` | Verify gate and restore session (online or offline). |
+| `setupSingleUser(gate, profile, email)` | First-time setup: create gate, Supabase email/password user, and store config. Returns `{ error, confirmationRequired }`. |
+| `unlockSingleUser(gate)` | Verify gate and restore session (online or offline). Returns `{ error, deviceVerificationRequired?, maskedEmail? }`. |
+| `completeSingleUserSetup()` | Called after the user confirms their email (when `emailConfirmation` is enabled). |
+| `completeDeviceVerification(tokenHash?)` | Called after the user completes device OTP verification (when `deviceVerification` is enabled). |
 | `lockSingleUser()` | Stop sync and reset auth state without destroying data. |
 | `changeSingleUserGate(oldGate, newGate)` | Change the PIN code or password. |
 | `updateSingleUserProfile(profile)` | Update profile in IndexedDB and Supabase metadata. |
 | `resetSingleUser()` | Full reset: clear config, sign out, wipe local data. |
+| `padPin(pin)` | Pad a PIN to meet Supabase's minimum password length requirement. |
 ### Queue

package/dist/auth/deviceVerification.d.ts ADDED Viewed

@@ -0,0 +1,57 @@
+/**
+ * Device Verification Module
+ *
+ * Manages trusted devices for single-user and multi-user modes.
+ * Uses Supabase `trusted_devices` table and `signInWithOtp()` for email-based
+ * device verification on untrusted devices.
+ */
+import type { TrustedDevice } from '../types';
+/**
+ * Generate a human-readable device label (e.g. "Chrome on macOS").
+ */
+export declare function getDeviceLabel(): string;
+/**
+ * Mask an email address for display (e.g. "pr••••@gmail.com").
+ */
+export declare function maskEmail(email: string): string;
+/**
+ * Check if the current device is trusted for a given user.
+ * A device is trusted if it has a `trusted_devices` row with `last_used_at`
+ * within the configured trust duration.
+ */
+export declare function isDeviceTrusted(userId: string): Promise<boolean>;
+/**
+ * Trust the current device for a user.
+ * Uses upsert on (user_id, device_id) unique constraint.
+ */
+export declare function trustCurrentDevice(userId: string): Promise<void>;
+/**
+ * Update `last_used_at` for the current device (called on each successful login).
+ */
+export declare function touchTrustedDevice(userId: string): Promise<void>;
+/**
+ * Get all trusted devices for a user.
+ */
+export declare function getTrustedDevices(userId: string): Promise<TrustedDevice[]>;
+/**
+ * Remove a trusted device by ID.
+ */
+export declare function removeTrustedDevice(id: string): Promise<void>;
+/**
+ * Send a device verification OTP email.
+ * Signs out first (untrusted device flow), then sends OTP.
+ */
+export declare function sendDeviceVerification(email: string): Promise<{
+    error: string | null;
+}>;
+/**
+ * Verify a device verification OTP token hash (from email link).
+ */
+export declare function verifyDeviceCode(tokenHash: string): Promise<{
+    error: string | null;
+}>;
+/**
+ * Get the current device ID (exposed for consumers).
+ */
+export declare function getCurrentDeviceId(): string;
+//# sourceMappingURL=deviceVerification.d.ts.map

package/dist/auth/deviceVerification.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"deviceVerification.d.ts","sourceRoot":"","sources":["../../src/auth/deviceVerification.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAqC9C;;GAEG;AACH,wBAAgB,cAAc,IAAI,MAAM,CAqBvC;AAMD;;GAEG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAO/C;AAMD;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAyBtE;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAwBtE;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAgBtE;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAkBhF;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAenE;AAMD;;;GAGG;AACH,wBAAsB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,CAAC,CAqB7F;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,CAAC,CAkB3F;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C"}

package/dist/auth/deviceVerification.js ADDED Viewed

@@ -0,0 +1,258 @@
+/**
+ * Device Verification Module
+ *
+ * Manages trusted devices for single-user and multi-user modes.
+ * Uses Supabase `trusted_devices` table and `signInWithOtp()` for email-based
+ * device verification on untrusted devices.
+ */
+import { getEngineConfig } from '../config';
+import { supabase } from '../supabase/client';
+import { getDeviceId } from '../deviceId';
+import { debugLog, debugWarn, debugError } from '../debug';
+const DEFAULT_TRUST_DURATION_DAYS = 90;
+// ============================================================
+// HELPERS
+// ============================================================
+function getDb() {
+    const db = getEngineConfig().db;
+    if (!db)
+        throw new Error('Database not initialized.');
+    return db;
+}
+function getTrustDurationDays() {
+    return getEngineConfig().auth?.deviceVerification?.trustDurationDays ?? DEFAULT_TRUST_DURATION_DAYS;
+}
+function snakeToCamelDevice(row) {
+    return {
+        id: row.id,
+        userId: row.user_id,
+        deviceId: row.device_id,
+        deviceLabel: row.device_label,
+        trustedAt: row.trusted_at,
+        lastUsedAt: row.last_used_at,
+    };
+}
+// ============================================================
+// DEVICE LABEL
+// ============================================================
+/**
+ * Generate a human-readable device label (e.g. "Chrome on macOS").
+ */
+export function getDeviceLabel() {
+    if (typeof navigator === 'undefined')
+        return 'Unknown device';
+    const ua = navigator.userAgent;
+    let browser = 'Browser';
+    let os = '';
+    // Detect browser
+    if (ua.includes('Firefox'))
+        browser = 'Firefox';
+    else if (ua.includes('Edg/'))
+        browser = 'Edge';
+    else if (ua.includes('Chrome') && !ua.includes('Edg/'))
+        browser = 'Chrome';
+    else if (ua.includes('Safari') && !ua.includes('Chrome'))
+        browser = 'Safari';
+    // Detect OS
+    if (ua.includes('Mac OS X'))
+        os = 'macOS';
+    else if (ua.includes('Windows'))
+        os = 'Windows';
+    else if (ua.includes('Linux'))
+        os = 'Linux';
+    else if (ua.includes('Android'))
+        os = 'Android';
+    else if (ua.includes('iPhone') || ua.includes('iPad'))
+        os = 'iOS';
+    return os ? `${browser} on ${os}` : browser;
+}
+// ============================================================
+// EMAIL MASKING
+// ============================================================
+/**
+ * Mask an email address for display (e.g. "pr••••@gmail.com").
+ */
+export function maskEmail(email) {
+    const [local, domain] = email.split('@');
+    if (!domain)
+        return email;
+    const visible = Math.min(2, local.length);
+    const masked = local.slice(0, visible) + '\u2022'.repeat(Math.max(1, local.length - visible));
+    return `${masked}@${domain}`;
+}
+// ============================================================
+// DEVICE TRUST QUERIES
+// ============================================================
+/**
+ * Check if the current device is trusted for a given user.
+ * A device is trusted if it has a `trusted_devices` row with `last_used_at`
+ * within the configured trust duration.
+ */
+export async function isDeviceTrusted(userId) {
+    try {
+        const deviceId = getDeviceId();
+        const trustDays = getTrustDurationDays();
+        const cutoff = new Date();
+        cutoff.setDate(cutoff.getDate() - trustDays);
+        const { data, error } = await supabase
+            .from('trusted_devices')
+            .select('id, last_used_at')
+            .eq('user_id', userId)
+            .eq('device_id', deviceId)
+            .gte('last_used_at', cutoff.toISOString())
+            .limit(1);
+        if (error) {
+            debugWarn('[DeviceVerification] Trust check failed:', error.message);
+            return false;
+        }
+        return (data?.length ?? 0) > 0;
+    }
+    catch (e) {
+        debugError('[DeviceVerification] Trust check error:', e);
+        return false;
+    }
+}
+/**
+ * Trust the current device for a user.
+ * Uses upsert on (user_id, device_id) unique constraint.
+ */
+export async function trustCurrentDevice(userId) {
+    try {
+        const deviceId = getDeviceId();
+        const label = getDeviceLabel();
+        const now = new Date().toISOString();
+        const { error } = await supabase
+            .from('trusted_devices')
+            .upsert({
+            user_id: userId,
+            device_id: deviceId,
+            device_label: label,
+            trusted_at: now,
+            last_used_at: now,
+        }, { onConflict: 'user_id,device_id' });
+        if (error) {
+            debugError('[DeviceVerification] Trust device failed:', error.message);
+        }
+        else {
+            debugLog('[DeviceVerification] Device trusted:', label);
+        }
+    }
+    catch (e) {
+        debugError('[DeviceVerification] Trust device error:', e);
+    }
+}
+/**
+ * Update `last_used_at` for the current device (called on each successful login).
+ */
+export async function touchTrustedDevice(userId) {
+    try {
+        const deviceId = getDeviceId();
+        const { error } = await supabase
+            .from('trusted_devices')
+            .update({ last_used_at: new Date().toISOString() })
+            .eq('user_id', userId)
+            .eq('device_id', deviceId);
+        if (error) {
+            debugWarn('[DeviceVerification] Touch device failed:', error.message);
+        }
+    }
+    catch (e) {
+        debugWarn('[DeviceVerification] Touch device error:', e);
+    }
+}
+/**
+ * Get all trusted devices for a user.
+ */
+export async function getTrustedDevices(userId) {
+    try {
+        const { data, error } = await supabase
+            .from('trusted_devices')
+            .select('id, user_id, device_id, device_label, trusted_at, last_used_at')
+            .eq('user_id', userId)
+            .order('last_used_at', { ascending: false });
+        if (error) {
+            debugError('[DeviceVerification] Get devices failed:', error.message);
+            return [];
+        }
+        return (data || []).map(snakeToCamelDevice);
+    }
+    catch (e) {
+        debugError('[DeviceVerification] Get devices error:', e);
+        return [];
+    }
+}
+/**
+ * Remove a trusted device by ID.
+ */
+export async function removeTrustedDevice(id) {
+    try {
+        const { error } = await supabase
+            .from('trusted_devices')
+            .delete()
+            .eq('id', id);
+        if (error) {
+            debugError('[DeviceVerification] Remove device failed:', error.message);
+        }
+        else {
+            debugLog('[DeviceVerification] Device removed:', id);
+        }
+    }
+    catch (e) {
+        debugError('[DeviceVerification] Remove device error:', e);
+    }
+}
+// ============================================================
+// OTP VERIFICATION FLOW
+// ============================================================
+/**
+ * Send a device verification OTP email.
+ * Signs out first (untrusted device flow), then sends OTP.
+ */
+export async function sendDeviceVerification(email) {
+    try {
+        // Sign out first — untrusted device should not retain a session
+        await supabase.auth.signOut();
+        const { error } = await supabase.auth.signInWithOtp({
+            email,
+            options: { shouldCreateUser: false },
+        });
+        if (error) {
+            debugError('[DeviceVerification] Send OTP failed:', error.message);
+            return { error: error.message };
+        }
+        debugLog('[DeviceVerification] OTP sent to:', maskEmail(email));
+        return { error: null };
+    }
+    catch (e) {
+        debugError('[DeviceVerification] Send OTP error:', e);
+        return { error: e instanceof Error ? e.message : 'Failed to send verification email' };
+    }
+}
+/**
+ * Verify a device verification OTP token hash (from email link).
+ */
+export async function verifyDeviceCode(tokenHash) {
+    try {
+        const { error } = await supabase.auth.verifyOtp({
+            token_hash: tokenHash,
+            type: 'email',
+        });
+        if (error) {
+            debugError('[DeviceVerification] Verify OTP failed:', error.message);
+            return { error: error.message };
+        }
+        debugLog('[DeviceVerification] OTP verified successfully');
+        return { error: null };
+    }
+    catch (e) {
+        debugError('[DeviceVerification] Verify OTP error:', e);
+        return { error: e instanceof Error ? e.message : 'Verification failed' };
+    }
+}
+/**
+ * Get the current device ID (exposed for consumers).
+ */
+export function getCurrentDeviceId() {
+    return getDeviceId();
+}
+//# sourceMappingURL=deviceVerification.js.map

package/dist/auth/deviceVerification.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"deviceVerification.js","sourceRoot":"","sources":["../../src/auth/deviceVerification.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAE3D,MAAM,2BAA2B,GAAG,EAAE,CAAC;AAEvC,+DAA+D;AAC/D,UAAU;AACV,+DAA+D;AAE/D,SAAS,KAAK;IACZ,MAAM,EAAE,GAAG,eAAe,EAAE,CAAC,EAAE,CAAC;IAChC,IAAI,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IACtD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,oBAAoB;IAC3B,OAAO,eAAe,EAAE,CAAC,IAAI,EAAE,kBAAkB,EAAE,iBAAiB,IAAI,2BAA2B,CAAC;AACtG,CAAC;AAED,SAAS,kBAAkB,CAAC,GAA4B;IACtD,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAY;QACpB,MAAM,EAAE,GAAG,CAAC,OAAiB;QAC7B,QAAQ,EAAE,GAAG,CAAC,SAAmB;QACjC,WAAW,EAAE,GAAG,CAAC,YAAkC;QACnD,SAAS,EAAE,GAAG,CAAC,UAAoB;QACnC,UAAU,EAAE,GAAG,CAAC,YAAsB;KACvC,CAAC;AACJ,CAAC;AAED,+DAA+D;AAC/D,eAAe;AACf,+DAA+D;AAE/D;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,IAAI,OAAO,SAAS,KAAK,WAAW;QAAE,OAAO,gBAAgB,CAAC;IAE9D,MAAM,EAAE,GAAG,SAAS,CAAC,SAAS,CAAC;IAC/B,IAAI,OAAO,GAAG,SAAS,CAAC;IACxB,IAAI,EAAE,GAAG,EAAE,CAAC;IAEZ,iBAAiB;IACjB,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,GAAG,SAAS,CAAC;SAC3C,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,GAAG,MAAM,CAAC;SAC1C,IAAI,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,GAAG,QAAQ,CAAC;SACtE,IAAI,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,GAAG,QAAQ,CAAC;IAE7E,YAAY;IACZ,IAAI,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,EAAE,GAAG,OAAO,CAAC;SACrC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,EAAE,GAAG,SAAS,CAAC;SAC3C,IAAI,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,EAAE,GAAG,OAAO,CAAC;SACvC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,EAAE,GAAG,SAAS,CAAC;SAC3C,IAAI,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,EAAE,GAAG,KAAK,CAAC;IAElE,OAAO,EAAE,CAAC,CAAC,CAAC,GAAG,OAAO,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;AAC9C,CAAC;AAED,+DAA+D;AAC/D,gBAAgB;AAChB,+DAA+D;AAE/D;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAE1B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAC9F,OAAO,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC;AAC/B,CAAC;AAED,+DAA+D;AAC/D,uBAAuB;AACvB,+DAA+D;AAE/D;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,MAAc;IAClD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;QAC/B,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QAC1B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,CAAC;QAE7C,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ;aACnC,IAAI,CAAC,iBAAiB,CAAC;aACvB,MAAM,CAAC,kBAAkB,CAAC;aAC1B,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;aACrB,EAAE,CAAC,WAAW,EAAE,QAAQ,CAAC;aACzB,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC;aACzC,KAAK,CAAC,CAAC,CAAC,CAAC;QAEZ,IAAI,KAAK,EAAE,CAAC;YACV,SAAS,CAAC,0CAA0C,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YACrE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,CAAC,IAAI,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,UAAU,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC;QACzD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAc;IACrD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAErC,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ;aAC7B,IAAI,CAAC,iBAAiB,CAAC;aACvB,MAAM,CAAC;YACN,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,KAAK;YACnB,UAAU,EAAE,GAAG;YACf,YAAY,EAAE,GAAG;SAClB,EAAE,EAAE,UAAU,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAE1C,IAAI,KAAK,EAAE,CAAC;YACV,UAAU,CAAC,2CAA2C,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,UAAU,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAc;IACrD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;QAE/B,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ;aAC7B,IAAI,CAAC,iBAAiB,CAAC;aACvB,MAAM,CAAC,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;aAClD,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;aACrB,EAAE,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QAE7B,IAAI,KAAK,EAAE,CAAC;YACV,SAAS,CAAC,2CAA2C,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,SAAS,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAAc;IACpD,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ;aACnC,IAAI,CAAC,iBAAiB,CAAC;aACvB,MAAM,CAAC,gEAAgE,CAAC;aACxE,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;aACrB,KAAK,CAAC,cAAc,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QAE/C,IAAI,KAAK,EAAE,CAAC;YACV,UAAU,CAAC,0CAA0C,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YACtE,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,UAAU,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC;QACzD,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EAAU;IAClD,IAAI,CAAC;QACH,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ;aAC7B,IAAI,CAAC,iBAAiB,CAAC;aACvB,MAAM,EAAE;aACR,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAEhB,IAAI,KAAK,EAAE,CAAC;YACV,UAAU,CAAC,4CAA4C,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,UAAU,CAAC,2CAA2C,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC;AAED,+DAA+D;AAC/D,wBAAwB;AACxB,+DAA+D;AAE/D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,KAAa;IACxD,IAAI,CAAC;QACH,gEAAgE;QAChE,MAAM,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAE9B,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;YAClD,KAAK;YACL,OAAO,EAAE,EAAE,gBAAgB,EAAE,KAAK,EAAE;SACrC,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,CAAC;YACV,UAAU,CAAC,uCAAuC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YACnE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC;QAClC,CAAC;QAED,QAAQ,CAAC,mCAAmC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QAChE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,UAAU,CAAC,sCAAsC,EAAE,CAAC,CAAC,CAAC;QACtD,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mCAAmC,EAAE,CAAC;IACzF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,SAAiB;IACtD,IAAI,CAAC;QACH,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;YAC9C,UAAU,EAAE,SAAS;YACrB,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,CAAC;YACV,UAAU,CAAC,yCAAyC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YACrE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC;QAClC,CAAC;QAED,QAAQ,CAAC,gDAAgD,CAAC,CAAC;QAC3D,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,UAAU,CAAC,wCAAwC,EAAE,CAAC,CAAC,CAAC;QACxD,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB,EAAE,CAAC;IAC3E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,WAAW,EAAE,CAAC;AACvB,CAAC"}

package/dist/auth/resolveAuthState.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"resolveAuthState.d.ts","sourceRoot":"","sources":["../../src/auth/resolveAuthState.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAE,kBAAkB,EAAoB,MAAM,UAAU,CAAC;~~AAQrE~~,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;IACxB,QAAQ,EAAE,UAAU,GAAG,SAAS,GAAG,MAAM,CAAC;IAC1C,cAAc,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAC1C,0FAA0F;IAC1F,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;;;;;GAOG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,eAAe,CAAC,CA8DjE"}
1	+ {"version":3,"file":"resolveAuthState.d.ts","sourceRoot":"","sources":["../../src/auth/resolveAuthState.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAE,kBAAkB,EAAoB,MAAM,UAAU,CAAC;AAUrE,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;IACxB,QAAQ,EAAE,UAAU,GAAG,SAAS,GAAG,MAAM,CAAC;IAC1C,cAAc,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAC1C,0FAA0F;IAC1F,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;;;;;GAOG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,eAAe,CAAC,CA8DjE"}

package/dist/auth/resolveAuthState.js CHANGED Viewed

@@ -91,21 +91,34 @@ async function resolveSingleUserAuthState() {
         if (!db) {
             return { session: null, authMode: 'none', offlineProfile: null, singleUserSetUp: false };
         }
-        let config = await db.table('singleUserConfig').get('config');
-        const isOffline = typeof navigator !== 'undefined' && !navigator.onLine;
-        // Multi-device: if no local config but online, check Supabase
-        if (!config && !isOffline) {
-            config = await fetchAndCacheRemoteConfig(db);
-        }
+        const config = await db.table('singleUserConfig').get('config');
         if (!config) {
+            // No local config — user hasn't set up on this device.
+            // With real email/password auth, new devices go through the login flow
+            // (email + PIN) which creates the local config after signInWithPassword.
+            return { session: null, authMode: 'none', offlineProfile: null, singleUserSetUp: false };
+        }
+        if (!config.email) {
+            // Legacy config from anonymous auth era — no email means user needs to
+            // go through the new setup flow (email + PIN). Old anonymous data won't
+            // be accessible under ownership-based RLS anyway.
+            // Nuke all legacy auth artifacts so the user gets a clean slate.
+            debugLog('[Auth] Legacy config without email detected, clearing old auth state');
+            try {
+                await db.table('singleUserConfig').delete('config');
+                await db.table('offlineCredentials').delete('current_user');
+                await db.table('offlineSession').delete('current_session');
+            }
+            catch (e) {
+                debugWarn('[Auth] Failed to clear legacy auth state:', e);
+            }
             return { session: null, authMode: 'none', offlineProfile: null, singleUserSetUp: false };
         }
         // Config exists — check session
         let session = await getSession();
         // If session exists but access token is expired, try refreshing before giving up.
-        // Anonymous sessions have refresh tokens that outlive the access token.
-        // Without this, users are forced to re-enter the PIN on every page load once
-        // the access token expires (default: 1 hour).
+        // Refresh tokens outlive the access token — without this, users are forced to
+        // re-enter the PIN on every page load once the access token expires (default: 1 hour).
         if (session && isSessionExpired(session)) {
             debugLog('[Auth] Single-user session expired, attempting refresh...');
             try {
@@ -125,12 +138,10 @@ async function resolveSingleUserAuthState() {
         }
         const hasValidSession = session && !isSessionExpired(session);
         if (hasValidSession) {
-            // Ensure Supabase single_user_config is populated (for existing users who
-            // set up before the Supabase write was added, and for extension access)
-            ensureRemoteConfig(config).catch(() => { });
             return { session, authMode: 'supabase', offlineProfile: null, singleUserSetUp: true };
         }
         // Check for offline session
+        const isOffline = typeof navigator !== 'undefined' && !navigator.onLine;
         if (isOffline) {
             // Even expired cached Supabase session is usable offline
             if (session) {
@@ -141,8 +152,8 @@ async function resolveSingleUserAuthState() {
                 const offlineProfile = {
                     id: 'current_user',
                     userId: offlineSession.userId,
-                    email: '',
-                    password: config.gateHash,
+                    email: config.email || '',
+                    password: config.gateHash || '',
                     profile: config.profile,
                     cachedAt: new Date().toISOString()
                 };
@@ -157,73 +168,4 @@ async function resolveSingleUserAuthState() {
         return { session: null, authMode: 'none', offlineProfile: null, singleUserSetUp: false };
     }
 }
-/**
- * Multi-device support: fetch config from Supabase and cache locally.
- * Called when a new device has no local config but is online.
- */
-async function fetchAndCacheRemoteConfig(db) {
-    try {
-        // Need a session to query — sign in anonymously
-        const { data: sessionData } = await supabase.auth.getSession();
-        if (!sessionData?.session) {
-            const { error } = await supabase.auth.signInAnonymously();
-            if (error) {
-                debugWarn('[Auth] Anonymous sign-in failed during remote config fetch:', error.message);
-                return null;
-            }
-        }
-        const { data, error } = await supabase
-            .from('single_user_config')
-            .select('gate_type, code_length, gate_hash, profile')
-            .eq('id', 'config')
-            .single();
-        if (error || !data)
-            return null;
-        const engineConfig = getEngineConfig();
-        const singleUserOpts = engineConfig.auth?.singleUser;
-        const config = {
-            id: 'config',
-            gateType: data.gate_type,
-            codeLength: data.code_length ?? singleUserOpts?.codeLength,
-            gateHash: data.gate_hash,
-            profile: data.profile || {},
-            setupAt: new Date().toISOString(),
-            updatedAt: new Date().toISOString()
-        };
-        await db.table('singleUserConfig').put(config);
-        debugLog('[Auth] Fetched remote config and cached locally (multi-device)');
-        return config;
-    }
-    catch (e) {
-        debugWarn('[Auth] Failed to fetch remote config:', e);
-        return null;
-    }
-}
-/**
- * Ensure Supabase single_user_config is populated.
- * Syncs from local IndexedDB if the Supabase row is missing.
- */
-async function ensureRemoteConfig(config) {
-    try {
-        const { data } = await supabase
-            .from('single_user_config')
-            .select('id')
-            .eq('id', 'config')
-            .single();
-        if (data)
-            return; // Already exists
-        // Missing — sync from local
-        await supabase.from('single_user_config').upsert({
-            id: 'config',
-            gate_type: config.gateType,
-            code_length: config.codeLength,
-            gate_hash: config.gateHash,
-            profile: config.profile,
-        });
-        debugLog('[Auth] Synced local config to Supabase (ensureRemoteConfig)');
-    }
-    catch (e) {
-        debugWarn('[Auth] Failed to ensure remote config:', e);
-    }
-}
 //# sourceMappingURL=resolveAuthState.js.map

package/dist/auth/resolveAuthState.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"resolveAuthState.js","sourceRoot":"","sources":["../../src/auth/resolveAuthState.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;~~AAU3D~~;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,IAAI,CAAC;QACH,mDAAmD;QACnD,MAAM,SAAS,EAAE,CAAC;QAElB,iEAAiE;QACjE,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,IAAI,YAAY,CAAC,IAAI,EAAE,IAAI,KAAK,aAAa,EAAE,CAAC;YAC9C,OAAO,0BAA0B,EAAE,CAAC;QACtC,CAAC;QAED,iEAAiE;QACjE,MAAM,SAAS,GAAG,OAAO,SAAS,KAAK,WAAW,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;QAExE,mDAAmD;QACnD,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;QACnC,MAAM,eAAe,GAAG,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAE9D,6CAA6C;QAC7C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,IAAI,eAAe,EAAE,CAAC;gBACpB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;YACjE,CAAC;YACD,+DAA+D;YAC/D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;QACnE,CAAC;QAED,8EAA8E;QAC9E,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;QACjE,CAAC;QAED,wDAAwD;QACxD,MAAM,cAAc,GAAG,MAAM,sBAAsB,EAAE,CAAC;QAEtD,IAAI,cAAc,EAAE,CAAC;YACnB,8DAA8D;YAC9D,MAAM,OAAO,GAAG,MAAM,qBAAqB,EAAE,CAAC;YAC9C,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM,EAAE,CAAC;gBACxD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC;YACzE,CAAC;YACD,sDAAsD;YACtD,SAAS,CAAC,6EAA6E,CAAC,CAAC;YACzF,MAAM,mBAAmB,EAAE,CAAC;QAC9B,CAAC;QAED,iCAAiC;QACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;IACnE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,gEAAgE;QAChE,qDAAqD;QACrD,UAAU,CAAC,6DAA6D,EAAE,CAAC,CAAC,CAAC;QAC7E,IAAI,CAAC;YACH,IAAI,OAAO,YAAY,KAAK,WAAW,EAAE,CAAC;gBACxC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC1E,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;IACnE,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,0BAA0B;IACvC,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,eAAe,EAAE,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;QAC3F,CAAC;QAED,~~IAAI~~,MAAM,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,QAAQ,CAA4B,CAAC;~~QACzF~~,MAAM,~~SAAS~~,~~GAAG~~,OAAO,~~SAAS~~,~~KAAK~~,~~WAAW~~,IAAI,~~CAAC~~,~~SAAS~~,~~CAAC~~,MAAM,CAAC;~~QAExE~~,~~8DAA8D~~;~~QAC9D~~,IAAI,CAAC,MAAM,IAAI,CAAC,~~SAAS~~,EAAE,CAAC;~~YAC1B~~,MAAM,~~GAAG~~,MAAM,~~yBAAyB~~,CAAC,EAAE,CAAC,CAAC;~~QAC/C~~,CAAC;~~QAED~~,~~IAAI~~,CAAC,~~MAAM~~,EAAE,CAAC;~~YACZ~~,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;QAC3F,CAAC;QAED,gCAAgC;QAChC,IAAI,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;QAEjC,kFAAkF;QAClF,~~wEAAwE~~;~~QACxE~~,~~6EAA6E~~;~~QAC7E~~,~~8CAA8C;QAC9C,~~IAAI,OAAO,IAAI,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;YACzC,QAAQ,CAAC,2DAA2D,CAAC,CAAC;YACtE,IAAI,CAAC;gBACH,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC7D,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBAC3B,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;oBACvB,QAAQ,CAAC,mDAAmD,CAAC,CAAC;gBAChE,CAAC;qBAAM,CAAC;oBACN,SAAS,CAAC,4CAA4C,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;oBACxE,OAAO,GAAG,IAAI,CAAC;gBACjB,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;QAED,MAAM,eAAe,GAAG,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAE9D,IAAI,eAAe,EAAE,CAAC;YACpB,~~0EAA0E;YAC1E,wEAAwE;YACxE,kBAAkB,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAC3C,~~OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;QACxF,CAAC;QAED,4BAA4B;QAC5B,IAAI,SAAS,EAAE,CAAC;YACd,yDAAyD;YACzD,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;YACxF,CAAC;YAED,MAAM,cAAc,GAAG,MAAM,sBAAsB,EAAE,CAAC;YACtD,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,cAAc,GAAuB;oBACzC,EAAE,EAAE,cAAc;oBAClB,MAAM,EAAE,cAAc,CAAC,MAAM;oBAC7B,KAAK,EAAE,EAAE;~~oBACT~~,QAAQ,EAAE,MAAM,CAAC,QAAQ;~~oBACzB~~,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACnC,CAAC;gBACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,cAAc,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;YACvF,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;IAC1F,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,UAAU,CAAC,kDAAkD,EAAE,CAAC,CAAC,CAAC;QAClE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;IAC3F,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,yBAAyB,CAAC,EAA2B;IAClE,IAAI,CAAC;QACH,gDAAgD;QAChD,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;QAC/D,IAAI,CAAC,WAAW,EAAE,OAAO,EAAE,CAAC;YAC1B,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC1D,IAAI,KAAK,EAAE,CAAC;gBACV,SAAS,CAAC,6DAA6D,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;gBACxF,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ;aACnC,IAAI,CAAC,oBAAoB,CAAC;aAC1B,MAAM,CAAC,4CAA4C,CAAC;aACpD,EAAE,CAAC,IAAI,EAAE,QAAQ,CAAC;aAClB,MAAM,EAAE,CAAC;QAEZ,IAAI,KAAK,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEhC,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,MAAM,cAAc,GAAG,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC;QAErD,MAAM,MAAM,GAAqB;YAC/B,EAAE,EAAE,QAAQ;YACZ,QAAQ,EAAE,IAAI,CAAC,SAAyC;YACxD,UAAU,EAAG,IAAI,CAAC,WAAqB,IAAI,cAAc,EAAE,UAAU;YACrE,QAAQ,EAAE,IAAI,CAAC,SAAmB;YAClC,OAAO,EAAG,IAAI,CAAC,OAAmC,IAAI,EAAE;YACxD,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACjC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,MAAM,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC/C,QAAQ,CAAC,gEAAgE,CAAC,CAAC;QAC3E,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,SAAS,CAAC,uCAAuC,EAAE,CAAC,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,kBAAkB,CAAC,MAAwB;IACxD,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,QAAQ;aAC5B,IAAI,CAAC,oBAAoB,CAAC;aAC1B,MAAM,CAAC,IAAI,CAAC;aACZ,EAAE,CAAC,IAAI,EAAE,QAAQ,CAAC;aAClB,MAAM,EAAE,CAAC;QAEZ,IAAI,IAAI;YAAE,OAAO,CAAC,iBAAiB;QAEnC,4BAA4B;QAC5B,MAAM,QAAQ,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAAC;YAC/C,EAAE,EAAE,QAAQ;YACZ,SAAS,EAAE,MAAM,CAAC,QAAQ;YAC1B,WAAW,EAAE,MAAM,CAAC,UAAU;YAC9B,SAAS,EAAE,MAAM,CAAC,QAAQ;YAC1B,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CAAC,CAAC;QACH,QAAQ,CAAC,6DAA6D,CAAC,CAAC;IAC1E,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,SAAS,CAAC,wCAAwC,EAAE,CAAC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC"}
1	+ {"version":3,"file":"resolveAuthState.js","sourceRoot":"","sources":["../../src/auth/resolveAuthState.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAY3D;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,IAAI,CAAC;QACH,mDAAmD;QACnD,MAAM,SAAS,EAAE,CAAC;QAElB,iEAAiE;QACjE,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,IAAI,YAAY,CAAC,IAAI,EAAE,IAAI,KAAK,aAAa,EAAE,CAAC;YAC9C,OAAO,0BAA0B,EAAE,CAAC;QACtC,CAAC;QAED,iEAAiE;QACjE,MAAM,SAAS,GAAG,OAAO,SAAS,KAAK,WAAW,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;QAExE,mDAAmD;QACnD,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;QACnC,MAAM,eAAe,GAAG,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAE9D,6CAA6C;QAC7C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,IAAI,eAAe,EAAE,CAAC;gBACpB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;YACjE,CAAC;YACD,+DAA+D;YAC/D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;QACnE,CAAC;QAED,8EAA8E;QAC9E,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;QACjE,CAAC;QAED,wDAAwD;QACxD,MAAM,cAAc,GAAG,MAAM,sBAAsB,EAAE,CAAC;QAEtD,IAAI,cAAc,EAAE,CAAC;YACnB,8DAA8D;YAC9D,MAAM,OAAO,GAAG,MAAM,qBAAqB,EAAE,CAAC;YAC9C,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM,EAAE,CAAC;gBACxD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC;YACzE,CAAC;YACD,sDAAsD;YACtD,SAAS,CAAC,6EAA6E,CAAC,CAAC;YACzF,MAAM,mBAAmB,EAAE,CAAC;QAC9B,CAAC;QAED,iCAAiC;QACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;IACnE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,gEAAgE;QAChE,qDAAqD;QACrD,UAAU,CAAC,6DAA6D,EAAE,CAAC,CAAC,CAAC;QAC7E,IAAI,CAAC;YACH,IAAI,OAAO,YAAY,KAAK,WAAW,EAAE,CAAC;gBACxC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC1E,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;IACnE,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,0BAA0B;IACvC,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,eAAe,EAAE,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;QAC3F,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,QAAQ,CAA4B,CAAC;QAE3F,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,uDAAuD;YACvD,uEAAuE;YACvE,yEAAyE;YACzE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;QAC3F,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,uEAAuE;YACvE,wEAAwE;YACxE,kDAAkD;YAClD,iEAAiE;YACjE,QAAQ,CAAC,sEAAsE,CAAC,CAAC;YACjF,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACpD,MAAM,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;gBAC5D,MAAM,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAC7D,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,SAAS,CAAC,2CAA2C,EAAE,CAAC,CAAC,CAAC;YAC5D,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;QAC3F,CAAC;QAED,gCAAgC;QAChC,IAAI,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;QAEjC,kFAAkF;QAClF,8EAA8E;QAC9E,uFAAuF;QACvF,IAAI,OAAO,IAAI,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;YACzC,QAAQ,CAAC,2DAA2D,CAAC,CAAC;YACtE,IAAI,CAAC;gBACH,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC7D,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBAC3B,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;oBACvB,QAAQ,CAAC,mDAAmD,CAAC,CAAC;gBAChE,CAAC;qBAAM,CAAC;oBACN,SAAS,CAAC,4CAA4C,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;oBACxE,OAAO,GAAG,IAAI,CAAC;gBACjB,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;QAED,MAAM,eAAe,GAAG,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAE9D,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;QACxF,CAAC;QAED,4BAA4B;QAC5B,MAAM,SAAS,GAAG,OAAO,SAAS,KAAK,WAAW,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;QACxE,IAAI,SAAS,EAAE,CAAC;YACd,yDAAyD;YACzD,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;YACxF,CAAC;YAED,MAAM,cAAc,GAAG,MAAM,sBAAsB,EAAE,CAAC;YACtD,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,cAAc,GAAuB;oBACzC,EAAE,EAAE,cAAc;oBAClB,MAAM,EAAE,cAAc,CAAC,MAAM;oBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;oBACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;oBAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACnC,CAAC;gBACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,cAAc,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;YACvF,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;IAC1F,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,UAAU,CAAC,kDAAkD,EAAE,CAAC,CAAC,CAAC;QAClE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;IAC3F,CAAC;AACH,CAAC"}