@rc-tool/unified-auth-hosted-service 0.2.10 → 0.3.0

package/README.md

@@ -1,23 +1,39 @@
 # @rc-tool/unified-auth-hosted-service
 
-Hosted Auth runtime for Unified Auth.
+Hosted Login runtime for Unified Auth. This package is Better Auth-only: it renders the SDK login page, starts provider sign-in through Better Auth, exposes SDK context/session/user endpoints, and passes the rest of `/api/auth/*` directly to `auth.handler`.
 
-Use this package to mount SDK-provided login pages, OAuth routes, session APIs, file/memory stores, and the `unified-auth` CLI.
+It does not ship a file store, memory store, custom OAuth callback implementation, custom session cookie, or standalone auth database adapter.
 
 ## Install
 
 ```bash
-pnpm add @rc-tool/unified-auth-sdk @rc-tool/unified-auth-hosted-service
+pnpm add @rc-tool/unified-auth-sdk @rc-tool/unified-auth-hosted-service better-auth drizzle-orm
 ```
 
 ## Next.js Embedded Routes
 
 ```ts
 import {
-  createFileAuthStore,
+  createHostedAuthRouteHandlers,
+} from "@rc-tool/unified-auth-hosted-service";
+import { auth } from "@/lib/auth/server";
+import config from "@/unified-auth.config";
+
+export const hostedAuth = createHostedAuthRouteHandlers({
+  auth,
+  config,
+});
+```
+
+Customize the hosted login page only when the default page is not enough:
+
+```ts
+import {
   createHostedAuthLoginPageComponent,
   createHostedAuthRouteHandlers,
 } from "@rc-tool/unified-auth-hosted-service";
+import { auth } from "@/lib/auth/server";
+import config from "@/unified-auth.config";
 
 const LoginPage = createHostedAuthLoginPageComponent({
   backgroundImageUrl: "https://cdn.example.com/auth/login-bg.jpg",
@@ -29,17 +45,9 @@ const LoginPage = createHostedAuthLoginPageComponent({
 });
 
 export const hostedAuth = createHostedAuthRouteHandlers({
-  allowDevLogin: process.env.AUTH_ALLOW_DEV_LOGIN !== "false",
-  allowedRedirectURIs: [process.env.AUTH_ALLOWED_REDIRECT_URI ?? "http://localhost:3004/"],
-  appName: process.env.AUTH_CLIENT_NAME ?? "AI PM",
-  authBaseURL: process.env.AUTH_SERVICE_URL ?? "http://localhost:3004",
-  clientId: process.env.AUTH_CLIENT_ID ?? "ai-pm",
+  auth,
+  config,
   loginPageComponent: LoginPage,
-  redirectURI: process.env.AUTH_ALLOWED_REDIRECT_URI ?? "http://localhost:3004/",
-  sessionSecret: process.env.AUTH_SESSION_SECRET!,
-  store: createFileAuthStore({
-    filePath: process.env.AUTH_STORE_FILE ?? ".auth/unified-auth-store.json",
-  }),
 });
 ```
 
@@ -48,101 +56,63 @@ export const hostedAuth = createHostedAuthRouteHandlers({
 export { GET } from "@/lib/hosted-auth";
 ```
 
+```ts
+// app/logout/route.ts
+export { GET } from "@/lib/hosted-auth";
+```
+
 ```ts
 // app/api/auth/[...auth]/route.ts
 export { GET, POST } from "@/lib/hosted-auth";
 ```
 
-## CLI
+## Better Auth Server
 
-```bash
-pnpm dlx @rc-tool/unified-auth-hosted-service init --app ai-pm --redirect http://localhost:3004/
-pnpm dlx @rc-tool/unified-auth-hosted-service doctor
+```ts
+import { createAuthServer } from "@rc-tool/unified-auth-sdk/server";
+import { db } from "@/db";
+import config from "@/unified-auth.config";
+
+export const auth = createAuthServer({
+  config,
+  database: db,
+});
 ```
 
-The default store is file-based. Install `@rc-tool/unified-auth-prisma-store` only when `AUTH_STORE_PROVIDER=prisma`.
+`createHostedAuthRouteHandlers` reads app id, display name, origin, redirect URI, provider visibility, and realm from `unified-auth.config.ts`. OAuth state, callback verification, account binding, session persistence, cookie refresh, and sign-out are all delegated to Better Auth.
 
-## 配置信息
+## Provider Routing
 
-`@rc-tool/unified-auth-hosted-service` 负责在业务项目里挂载登录页和 `/api/auth/*` 路由。业务项目需要把下面这些配置放进自己的 `.env.local` / `.env.example`，也可以通过 CLI 自动追加缺失项：
+Login page provider links point at SDK start routes:
 
-```bash
-pnpm dlx @rc-tool/unified-auth-hosted-service init --app ai-pm --redirect http://localhost:3004/
-```
+- `/api/auth/feishu/start`
+- `/api/auth/google/start`
+- `/api/auth/github/start`
 
-### 登录页组件
+Those routes call Better Auth with `disableRedirect: true`, then forward the returned provider URL to the browser.
 
-Hosted Auth 登录页是 SDK 内部组件化渲染的黑盒页面。业务方不需要自己拼 OAuth 链接、state、callback 或 session，只需要把 SDK 提供的登录页组件传给 `loginPageComponent`。如果不传组件，SDK 会使用内置默认组件和预设样式。
+Remaining Better Auth routes are passed through unchanged, so provider consoles should use Better Auth standard callback paths:
 
-推荐写法：
+- Feishu generic OAuth: `/api/auth/oauth2/callback/feishu`
+- Google: `/api/auth/callback/google`
+- GitHub: `/api/auth/callback/github`
 
-```ts
-import {
-  createFileAuthStore,
-  createHostedAuthLoginPageComponent,
-  createHostedAuthRouteHandlers,
-} from "@rc-tool/unified-auth-hosted-service";
+If your Better Auth provider id differs from the visible login provider id, map it explicitly:
 
-const LoginPage = createHostedAuthLoginPageComponent({
-  backgroundImageUrl: "https://cdn.example.com/auth/login-bg.jpg",
-  brandLabel: "企业协作入口",
-  brandName: "AI 项目管理平台",
-  devLoginLabel: "使用开发身份进入",
-  footerText: "Powered by Unified Auth",
-  heroDescription: "统一身份校验后进入项目驾驶舱。",
-  heroTitle: "欢迎回到项目驾驶舱",
-  logoUrl: "https://cdn.example.com/auth/logo.png",
-  panelDescription: "使用企业授权账号完成登录。",
-  panelTitle: "用飞书账号登录",
-  primaryProvider: "feishu",
-  providers: ["feishu", "google", "github"],
-  statusText: "企业 SSO",
-});
-
-export const hostedAuth = createHostedAuthRouteHandlers({
-  allowedRedirectURIs: [process.env.AUTH_ALLOWED_REDIRECT_URI ?? "http://localhost:3004/"],
-  appName: process.env.AUTH_CLIENT_NAME ?? "AI PM",
-  authBaseURL: process.env.AUTH_SERVICE_URL ?? "http://localhost:3004",
-  clientId: process.env.AUTH_CLIENT_ID ?? "ai-pm",
-  loginPageComponent: LoginPage,
-  redirectURI: process.env.AUTH_ALLOWED_REDIRECT_URI ?? "http://localhost:3004/",
-  sessionSecret: process.env.AUTH_SESSION_SECRET!,
-  store: createFileAuthStore({
-    filePath: process.env.AUTH_STORE_FILE ?? ".auth/unified-auth-store.json",
-  }),
+```ts
+createHostedAuthRouteHandlers({
+  auth,
+  config,
+  authProviders: {
+    feishu: { providerId: "feishu-primary" },
+    github: { scopes: ["read:user", "user:email"] },
+  },
 });
 ```
 
-组件配置项：
+## Login Page Component
 
-| 字段 | 作用 |
-| --- | --- |
-| `backgroundImageUrl` | 登录页背景图地址。可以是 CDN、业务项目 public 图片的绝对 URL，或任何浏览器可访问的图片。 |
-| `logoUrl` | 左侧品牌图标。未配置时使用 SDK 默认闪电标识。 |
-| `brandName` | 左侧品牌名称，默认取应用 `name`。 |
-| `brandLabel` / `heroKicker` | 左侧标题上方的小标签。 |
-| `heroTitle` | 左侧主标题。 |
-| `heroDescription` | 左侧说明文案。 |
-| `panelTitle` | 右侧登录面板标题。 |
-| `panelDescription` | 右侧登录面板说明。 |
-| `primaryProvider` | 主按钮登录方式，可选 `feishu`、`google`、`github`。 |
-| `providers` | 登录方式展示顺序和范围，例如只展示 `["feishu"]`。未配置时展示全部已启用 provider。 |
-| `statusText` | 右上角状态标签，传空字符串可以隐藏。 |
-| `devLoginLabel` | 开发登录入口文案。 |
-| `footerText` | 底部说明文案，传空字符串可以隐藏。 |
-
-业务侧不需要配置多应用数组。内嵌 Hosted Auth 的定位是“当前业务项目自己挂登录页和 `/api/auth/*`”，因此一个项目只需要在 `createHostedAuthRouteHandlers` 上传当前项目的 `clientId`、`appName`、`redirectURI`、`allowedRedirectURIs` 和 `loginPageComponent`。
-
-登录页组件的配置优先级是：
-
-1. `createHostedAuthRouteHandlers({ loginPageComponent })`
-2. SDK 默认登录页组件
-
-旧的 `loginPage` 和 `appearance.backgroundImageUrl` 仍然兼容，但新项目推荐用 `loginPageComponent`。
-
-独立 Auth Service 启动器不读取 `AUTH_LOGIN_*` 这类全局样式环境变量；后续如果要做共享域名的独立服务，样式会走服务侧自己的应用配置入口，不要求业务项目在 SDK 接入代码里维护应用数组。
-
-也可以完全自定义组件，但组件只拿 SDK 生成好的 `model`，不需要接触 secret、state 签名、callback 或 session：
+Hosted Login is a server-rendered component. Custom components receive only the SDK-generated model; they do not need OAuth secrets, state, sessions, or database access.
 
 ```ts
 const LoginPage = ({ model }) => {
@@ -156,37 +126,62 @@ const LoginPage = ({ model }) => {
 };
 ```
 
-### 业务应用配置
+Default component config:
 
-| 环境变量 | 作用 |
+| Field | Purpose |
 | --- | --- |
-| `AUTH_SERVICE_URL` | Auth Service 地址。内嵌模式通常就是业务项目自己的 origin。 |
-| `AUTH_CLIENT_ID` | 当前业务应用 id，例如 `ai-pm`。 |
-| `AUTH_CLIENT_NAME` | 登录页展示名称，例如 `AI PM`。 |
-| `AUTH_ALLOWED_REDIRECT_URI` | 登录成功后允许回跳的地址。 |
+| `backgroundImageUrl` | Login page background image URL. |
+| `logoUrl` | Brand logo URL. |
+| `brandName` | Brand/application name. |
+| `brandLabel` / `heroKicker` | Small hero label. |
+| `heroTitle` / `heroDescription` | Hero title and copy. |
+| `panelTitle` / `panelDescription` | Login panel title and copy. |
+| `primaryProvider` | Primary provider: `feishu`, `google`, or `github`. |
+| `providers` | Visible provider order and subset. |
+| `statusText` | Top-right status label; pass `""` to hide. |
+| `footerText` | Footer copy; pass `""` to hide. |
 
-### Session 和 Store 配置
+## CLI
 
-| 环境变量 | 作用 |
-| --- | --- |
-| `AUTH_SESSION_SECRET` | session cookie 签名密钥，CLI 会自动生成。 |
-| `AUTH_ALLOW_DEV_LOGIN` | 是否允许开发账号登录，生产环境建议设置为 `false`。 |
-| `AUTH_STORE_PROVIDER` | 认证数据存储方式，默认 `file`，可选 `prisma`。 |
-| `AUTH_STORE_FILE` | file store 的 JSON 文件路径，默认 `.auth/unified-auth-store.json`。 |
-| `AUTH_DATABASE_URL` | Prisma store 的认证库 PostgreSQL 连接串。 |
+Create `unified-auth.config.ts` in the business project:
 
-### OAuth Provider 配置
+```ts
+import { defineUnifiedAuthConfig } from "@rc-tool/unified-auth-hosted-service/config";
+
+export default defineUnifiedAuthConfig({
+  app: {
+    id: "ai-pm",
+    name: "AI PM",
+    origin: "http://localhost:3004",
+    redirectURI: "http://localhost:3004/",
+  },
+  auth: {
+    origin: "http://localhost:3004",
+    secret: () => process.env.BETTER_AUTH_SECRET,
+  },
+  database: {
+    url: () => process.env.DATABASE_URL,
+  },
+  providers: ["feishu", "google", "github"],
+  realm: "ai-pm",
+});
+```
 
-| Provider | 环境变量 |
-| --- | --- |
-| 飞书 | `FEISHU_APP_ID`、`FEISHU_APP_SECRET`、`FEISHU_REDIRECT_URI` |
-| Google | `GOOGLE_CLIENT_ID`、`GOOGLE_CLIENT_SECRET`、`GOOGLE_REDIRECT_URI` |
-| GitHub | `GITHUB_CLIENT_ID`、`GITHUB_CLIENT_SECRET`、`GITHUB_REDIRECT_URI` |
+First-time setup creates the config file if it is missing. The CLI reads `unified-auth.config.ts` and does not generate env files:
+
+```bash
+pnpm dlx @rc-tool/unified-auth-hosted-service init
+```
 
-内嵌模式下 callback 一般挂在业务项目自己的 `/api/auth/*` 路由：
+Prepare the auth database and verify the project:
 
-```env
-FEISHU_REDIRECT_URI=http://localhost:3004/api/auth/feishu/callback
-GOOGLE_REDIRECT_URI=http://localhost:3004/api/auth/google/callback
-GITHUB_REDIRECT_URI=http://localhost:3004/api/auth/github/callback
+```bash
+pnpm dlx @rc-tool/unified-auth-hosted-service db migrate
+pnpm dlx @rc-tool/unified-auth-hosted-service doctor
 ```
+
+`db migrate` is safe to run repeatedly in CI/CD. It does not require migration records: it compares the real PostgreSQL schema, tables, columns, indexes, and constraints for the configured `realm`, creates compatible missing pieces, and fails on incompatible existing structure.
+
+`doctor` checks the config, database connectivity, selected auth schema, required Better Auth tables, indexes, and constraints.
+
+`realm` selects the auth table namespace. For example, `a` maps to PostgreSQL schema `auth_a`; multiple business projects can share that realm, while another project can use `b` and stay isolated in `auth_b`.

package/dist/cli/config-file.d.ts

@@ -0,0 +1,7 @@
+import type { UnifiedAuthConfig } from "../config.js";
+export interface LoadedUnifiedAuthConfig {
+    config?: UnifiedAuthConfig;
+    path?: string;
+}
+export declare function loadUnifiedAuthConfig(cwd: string, configPath?: string): Promise<LoadedUnifiedAuthConfig>;
+//# sourceMappingURL=config-file.d.ts.map

package/dist/cli/config-file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-file.d.ts","sourceRoot":"","sources":["../../src/cli/config-file.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEtD,MAAM,WAAW,uBAAuB;IACtC,MAAM,CAAC,EAAE,iBAAiB,CAAC;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAUD,wBAAsB,qBAAqB,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAW9G"}

package/dist/cli/config-file.js

@@ -0,0 +1,77 @@
+import { randomBytes } from "node:crypto";
+import { existsSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
+import { basename, dirname, extname, resolve } from "node:path";
+import { pathToFileURL } from "node:url";
+import { createRequire } from "node:module";
+const configFileNames = [
+    "unified-auth.config.ts",
+    "unified-auth.config.mts",
+    "unified-auth.config.js",
+    "unified-auth.config.mjs",
+    "unified-auth.config.cjs",
+];
+export async function loadUnifiedAuthConfig(cwd, configPath) {
+    const path = resolveConfigPath(cwd, configPath);
+    if (!path) {
+        return {};
+    }
+    const mod = await loadConfigModule(path);
+    const config = readConfigExport(mod);
+    return { config, path };
+}
+function resolveConfigPath(cwd, configPath) {
+    if (configPath) {
+        const path = resolve(cwd, configPath);
+        if (!existsSync(path)) {
+            throw new Error(`Unified Auth config file not found: ${path}`);
+        }
+        return path;
+    }
+    return configFileNames.map((name) => resolve(cwd, name)).find((path) => existsSync(path));
+}
+async function loadConfigModule(path) {
+    const extension = extname(path);
+    if (extension === ".cjs" || extension === ".cts") {
+        return loadCommonJSConfig(path);
+    }
+    if (extension === ".ts" || extension === ".mts") {
+        return loadTypeScriptConfig(path);
+    }
+    return import(`${pathToFileURL(path).href}?t=${Date.now()}`);
+}
+function loadCommonJSConfig(path) {
+    const require = createRequire(import.meta.url);
+    return require(path);
+}
+async function loadTypeScriptConfig(path) {
+    const ts = await import("typescript");
+    const source = readFileSync(path, "utf8");
+    const output = rewriteConfigImports(ts.transpileModule(source, {
+        compilerOptions: {
+            module: ts.ModuleKind.ESNext,
+            moduleResolution: ts.ModuleResolutionKind.Bundler,
+            target: ts.ScriptTarget.ES2022,
+        },
+        fileName: basename(path),
+    }).outputText);
+    const tempPath = resolve(dirname(path), `.unified-auth.config.${process.pid}.${Date.now()}.${randomBytes(4).toString("hex")}.mjs`);
+    writeFileSync(tempPath, output);
+    try {
+        return await import(`${pathToFileURL(tempPath).href}?t=${Date.now()}`);
+    }
+    finally {
+        unlinkSync(tempPath);
+    }
+}
+function rewriteConfigImports(output) {
+    const configModuleURL = new URL("../config.js", import.meta.url).href;
+    return output.replace(/from\s+["']@rc-tool\/unified-auth-hosted-service\/config["']/g, `from ${JSON.stringify(configModuleURL)}`);
+}
+function readConfigExport(mod) {
+    const value = mod.default ?? mod.config ?? mod.unifiedAuth;
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        throw new Error("Unified Auth config must export a config object as default.");
+    }
+    return value;
+}
+//# sourceMappingURL=config-file.js.map

package/dist/cli/config-file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-file.js","sourceRoot":"","sources":["../../src/cli/config-file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAQ5C,MAAM,eAAe,GAAG;IACtB,wBAAwB;IACxB,yBAAyB;IACzB,wBAAwB;IACxB,yBAAyB;IACzB,yBAAyB;CAC1B,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAW,EAAE,UAAmB;IAC1E,MAAM,IAAI,GAAG,iBAAiB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAEhD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAErC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW,EAAE,UAA8B;IACpE,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QAEtC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,uCAAuC,IAAI,EAAE,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AAC5F,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,IAAY;IAC1C,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhC,IAAI,SAAS,KAAK,MAAM,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;QACjD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IACD,IAAI,SAAS,KAAK,KAAK,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;QAChD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,MAAM,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,MAAM,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAE/C,OAAO,OAAO,CAAC,IAAI,CAA4B,CAAC;AAClD,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,IAAY;IAC9C,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,oBAAoB,CAAC,EAAE,CAAC,eAAe,CAAC,MAAM,EAAE;QAC7D,eAAe,EAAE;YACf,MAAM,EAAE,EAAE,CAAC,UAAU,CAAC,MAAM;YAC5B,gBAAgB,EAAE,EAAE,CAAC,oBAAoB,CAAC,OAAO;YACjD,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM;SAC/B;QACD,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC;KACzB,CAAC,CAAC,UAAU,CAAC,CAAC;IACf,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,wBAAwB,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnI,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC;QACH,OAAO,MAAM,MAAM,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC,IAAI,MAAM,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACzE,CAAC;YAAS,CAAC;QACT,UAAU,CAAC,QAAQ,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc;IAC1C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;IAEtE,OAAO,MAAM,CAAC,OAAO,CACnB,+DAA+D,EAC/D,QAAQ,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,EAAE,CAC1C,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA4B;IACpD,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,WAAW,CAAC;IAE3D,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;IACjF,CAAC;IAED,OAAO,KAA0B,CAAC;AACpC,CAAC"}

package/dist/cli/config.d.ts

@@ -0,0 +1,21 @@
+import type { UnifiedAuthConfig } from "../config.js";
+export type CheckStatus = "fail" | "pass" | "warn";
+export interface InitUnifiedAuthConfigOptions {
+    configPath?: string;
+    cwd?: string;
+}
+export interface InitUnifiedAuthConfigResult {
+    created: boolean;
+    path: string;
+}
+export interface DoctorCheck {
+    message: string;
+    status: CheckStatus;
+}
+export interface DoctorUnifiedAuthConfigResult {
+    checks: DoctorCheck[];
+    ok: boolean;
+}
+export declare function initUnifiedAuthConfig(options?: InitUnifiedAuthConfigOptions): InitUnifiedAuthConfigResult;
+export declare function doctorUnifiedAuthConfig(config: UnifiedAuthConfig | undefined, path: string | undefined): DoctorUnifiedAuthConfigResult;
+//# sourceMappingURL=config.d.ts.map

package/dist/cli/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/cli/config.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAgB,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEpE,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAEnD,MAAM,WAAW,4BAA4B;IAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,WAAW,CAAC;CACrB;AAED,MAAM,WAAW,6BAA6B;IAC5C,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,EAAE,EAAE,OAAO,CAAC;CACb;AAKD,wBAAgB,qBAAqB,CAAC,OAAO,GAAE,4BAAiC,GAAG,2BAA2B,CAY7G;AAED,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,iBAAiB,GAAG,SAAS,EACrC,IAAI,EAAE,MAAM,GAAG,SAAS,GACvB,6BAA6B,CAsB/B"}

package/dist/cli/config.js

@@ -0,0 +1,174 @@
+import { existsSync, mkdirSync, writeFileSync } from "node:fs";
+import { basename, dirname, resolve } from "node:path";
+import { resolveUnifiedAuthConfigValue } from "../config.js";
+const defaultConfigFileName = "unified-auth.config.ts";
+const allowedProviders = new Set(["feishu", "github", "google"]);
+export function initUnifiedAuthConfig(options = {}) {
+    const cwd = resolve(options.cwd ?? process.cwd());
+    const path = resolve(cwd, options.configPath ?? defaultConfigFileName);
+    if (existsSync(path)) {
+        return { created: false, path };
+    }
+    mkdirSync(dirname(path), { recursive: true });
+    writeFileSync(path, createDefaultConfigSource(cwd));
+    return { created: true, path };
+}
+export function doctorUnifiedAuthConfig(config, path) {
+    const checks = [];
+    if (path) {
+        checks.push(pass(`${basename(path)} exists`));
+    }
+    else {
+        checks.push(fail(`${defaultConfigFileName} is missing; run unified-auth init`));
+    }
+    if (!config) {
+        return { checks, ok: false };
+    }
+    checkApp(checks, config);
+    checkAuth(checks, config);
+    checkDatabase(checks, config);
+    checkRealm(checks, config);
+    checkProviders(checks, config.providers);
+    return {
+        checks,
+        ok: !checks.some((check) => check.status === "fail"),
+    };
+}
+function createDefaultConfigSource(cwd) {
+    const appId = inferClientId(cwd);
+    const appName = titleFromClientId(appId);
+    return `import { defineUnifiedAuthConfig } from "@rc-tool/unified-auth-hosted-service/config";
+
+export default defineUnifiedAuthConfig({
+  app: {
+    id: "${appId}",
+    name: "${appName}",
+    origin: "http://localhost:3004",
+    redirectURI: "http://localhost:3004/",
+  },
+  auth: {
+    origin: "http://localhost:3004",
+    secret: () => process.env.BETTER_AUTH_SECRET,
+  },
+  database: {
+    url: () => process.env.DATABASE_URL,
+  },
+  providers: ["feishu", "google", "github"],
+  realm: "${normalizeRealmId(appId)}",
+});
+`;
+}
+function checkApp(checks, config) {
+    if (config.app?.id) {
+        checks.push(pass("app.id is set"));
+    }
+    else {
+        checks.push(fail("app.id is missing"));
+    }
+    if (config.app?.name) {
+        checks.push(pass("app.name is set"));
+    }
+    else {
+        checks.push(warn("app.name is missing; app.id will be used as display name"));
+    }
+    const origin = config.app?.origin ?? getURLOrigin(config.app?.url);
+    const redirectURI = config.app?.redirectURI ?? config.app?.url;
+    checkURL(checks, origin, "app.origin");
+    checkURL(checks, redirectURI, "app.redirectURI");
+}
+function checkAuth(checks, config) {
+    const authOrigin = config.auth?.origin ?? config.auth?.url ?? config.app?.origin ?? getURLOrigin(config.app?.url);
+    checkURL(checks, authOrigin, "auth.origin");
+    if (resolveUnifiedAuthConfigValue(config.auth?.secret)) {
+        checks.push(pass("auth.secret is provided by config"));
+    }
+    else {
+        checks.push(warn("auth.secret is not set in config; runtime must provide a Better Auth secret"));
+    }
+}
+function checkDatabase(checks, config) {
+    if (resolveUnifiedAuthConfigValue(config.database?.url)) {
+        checks.push(pass("database.url is provided by config"));
+    }
+    else {
+        checks.push(fail("database.url is missing; db migrate and doctor database checks need a PostgreSQL URL"));
+    }
+}
+function checkRealm(checks, config) {
+    const realm = config.realm ?? config.app?.id;
+    if (!realm) {
+        checks.push(fail("realm is missing and app.id cannot be used as fallback"));
+        return;
+    }
+    checks.push(pass(`realm maps to PostgreSQL schema auth_${normalizeRealmId(realm).replace(/^auth_/, "")}`));
+}
+function checkProviders(checks, providers) {
+    if (!providers?.length) {
+        checks.push(warn("providers is empty; login page will show all built-in providers unless overridden"));
+        return;
+    }
+    for (const provider of providers) {
+        if (allowedProviders.has(provider)) {
+            checks.push(pass(`${provider} provider is configured`));
+        }
+        else {
+            checks.push(fail(`unsupported provider: ${provider}`));
+        }
+    }
+}
+function checkURL(checks, value, label) {
+    if (!value) {
+        checks.push(fail(`${label} is missing`));
+        return;
+    }
+    try {
+        new URL(value);
+        checks.push(pass(`${label} is a valid URL`));
+    }
+    catch {
+        checks.push(fail(`${label} is not a valid URL`));
+    }
+}
+function pass(message) {
+    return { message, status: "pass" };
+}
+function warn(message) {
+    return { message, status: "warn" };
+}
+function fail(message) {
+    return { message, status: "fail" };
+}
+function inferClientId(cwd) {
+    const id = basename(cwd)
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, "-")
+        .replace(/^-+|-+$/g, "");
+    return id || "app";
+}
+function normalizeRealmId(realmId) {
+    return realmId
+        .trim()
+        .toLowerCase()
+        .replace(/[^a-z0-9_]+/g, "_")
+        .replace(/^_+|_+$/g, "")
+        .replace(/_+/g, "_") || "default";
+}
+function titleFromClientId(clientId) {
+    return clientId
+        .split(/[-_]/g)
+        .filter(Boolean)
+        .map((part) => `${part.slice(0, 1).toUpperCase()}${part.slice(1)}`)
+        .join(" ") || "Application";
+}
+function getURLOrigin(value) {
+    if (!value) {
+        return undefined;
+    }
+    try {
+        return new URL(value).origin;
+    }
+    catch {
+        return undefined;
+    }
+}
+//# sourceMappingURL=config.js.map

package/dist/cli/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/cli/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,6BAA6B,EAAE,MAAM,cAAc,CAAC;AAyB7D,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AACvD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;AAE/E,MAAM,UAAU,qBAAqB,CAAC,UAAwC,EAAE;IAC9E,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,UAAU,IAAI,qBAAqB,CAAC,CAAC;IAEvE,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAClC,CAAC;IAED,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,aAAa,CAAC,IAAI,EAAE,yBAAyB,CAAC,GAAG,CAAC,CAAC,CAAC;IAEpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,MAAqC,EACrC,IAAwB;IAExB,MAAM,MAAM,GAAkB,EAAE,CAAC;IAEjC,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,qBAAqB,oCAAoC,CAAC,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAC/B,CAAC;IAED,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzB,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1B,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;IAEzC,OAAO;QACL,MAAM;QACN,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC;KACrD,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAAC,GAAW;IAC5C,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAEzC,OAAO;;;;WAIE,KAAK;aACH,OAAO;;;;;;;;;;;;YAYR,gBAAgB,CAAC,KAAK,CAAC;;CAElC,CAAC;AACF,CAAC;AAED,SAAS,QAAQ,CAAC,MAAqB,EAAE,MAAyB;IAChE,IAAI,MAAM,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC;QACnB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IACvC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC,CAAC;IAChF,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,IAAI,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACnE,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,EAAE,WAAW,IAAI,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC;IAE/D,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IACvC,QAAQ,CAAC,MAAM,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,SAAS,CAAC,MAAqB,EAAE,MAAyB;IACjE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,EAAE,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,GAAG,IAAI,MAAM,CAAC,GAAG,EAAE,MAAM,IAAI,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAElH,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;IAE5C,IAAI,6BAA6B,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,6EAA6E,CAAC,CAAC,CAAC;IACnG,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,MAAqB,EAAE,MAAyB;IACrE,IAAI,6BAA6B,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC,CAAC;IAC1D,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,sFAAsF,CAAC,CAAC,CAAC;IAC5G,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,MAAqB,EAAE,MAAyB;IAClE,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,GAAG,EAAE,EAAE,CAAC;IAE7C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC,CAAC;QAC5E,OAAO;IACT,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,wCAAwC,gBAAgB,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;AAC7G,CAAC;AAED,SAAS,cAAc,CAAC,MAAqB,EAAE,SAAqC;IAClF,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,mFAAmF,CAAC,CAAC,CAAC;QACvG,OAAO;IACT,CAAC;IAED,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,QAAQ,yBAAyB,CAAC,CAAC,CAAC;QAC1D,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,MAAqB,EAAE,KAAyB,EAAE,KAAa;IAC/E,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,aAAa,CAAC,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,iBAAiB,CAAC,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,qBAAqB,CAAC,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED,SAAS,IAAI,CAAC,OAAe;IAC3B,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACrC,CAAC;AAED,SAAS,IAAI,CAAC,OAAe;IAC3B,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACrC,CAAC;AAED,SAAS,IAAI,CAAC,OAAe;IAC3B,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACrC,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC;SACrB,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAE3B,OAAO,EAAE,IAAI,KAAK,CAAC;AACrB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,OAAO,OAAO;SACX,IAAI,EAAE;SACN,WAAW,EAAE;SACb,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC;SAC5B,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;SACvB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,SAAS,CAAC;AACtC,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,OAAO,QAAQ;SACZ,KAAK,CAAC,OAAO,CAAC;SACd,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;SAClE,IAAI,CAAC,GAAG,CAAC,IAAI,aAAa,CAAC;AAChC,CAAC;AAED,SAAS,YAAY,CAAC,KAAyB;IAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC"}

package/dist/cli/database.d.ts

@@ -0,0 +1,33 @@
+import type { UnifiedAuthConfig } from "../config.js";
+import type { DoctorCheck } from "./config.js";
+interface ColumnInfo {
+    dataType: string;
+    isNullable: boolean;
+}
+interface TableInspection {
+    columns: Map<string, ColumnInfo>;
+    constraints: Set<string>;
+    exists: boolean;
+    indexes: Set<string>;
+}
+export interface AuthDatabaseInspection {
+    schemaExists: boolean;
+    tables: Map<string, TableInspection>;
+}
+export interface AuthDatabaseAction {
+    label: string;
+    sql: string;
+}
+export interface AuthDatabasePlan {
+    actions: AuthDatabaseAction[];
+    schemaName: string;
+    warnings: string[];
+}
+export interface AuthDatabaseMigrationResult extends AuthDatabasePlan {
+    changed: boolean;
+}
+export declare function migrateUnifiedAuthDatabase(config: UnifiedAuthConfig): Promise<AuthDatabaseMigrationResult>;
+export declare function doctorUnifiedAuthDatabase(config: UnifiedAuthConfig): Promise<DoctorCheck[]>;
+export declare function buildAuthDatabasePlan(schemaName: string, inspection: AuthDatabaseInspection): AuthDatabasePlan;
+export {};
+//# sourceMappingURL=database.d.ts.map

package/dist/cli/database.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../src/cli/database.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AA2B/C,UAAU,UAAU;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,OAAO,CAAC;CACrB;AAED,UAAU,eAAe;IACvB,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACjC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACzB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CACtB;AAED,MAAM,WAAW,sBAAsB;IACrC,YAAY,EAAE,OAAO,CAAC;IACtB,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,2BAA4B,SAAQ,gBAAgB;IACnE,OAAO,EAAE,OAAO,CAAC;CAClB;AA8FD,wBAAsB,0BAA0B,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,2BAA2B,CAAC,CAwBhH;AAED,wBAAsB,yBAAyB,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAoDjG;AAED,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,sBAAsB,GAAG,gBAAgB,CAgE9G"}