@reyemtech/nimbus 0.1.0

package/dist/cjs/azure/cluster.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Azure AKS cluster implementation.
+ *
+ * Supports system + user node pools, spot instances, and
+ * Azure Container Instances virtual node.
+ *
+ * @module azure/cluster
+ */
+import type * as pulumi from "@pulumi/pulumi";
+import type { ICluster, IClusterConfig } from "../cluster";
+import type { INetwork } from "../network";
+/** Azure-specific AKS options beyond the base config. */
+export interface IAksOptions {
+    /** Resource group name. Required for Azure. */
+    readonly resourceGroupName: pulumi.Input<string>;
+    /** Enable Azure CNI networking (vs kubenet). Default: true. */
+    readonly azureCni?: boolean;
+    /** Enable virtual node (ACI). Default: false. */
+    readonly virtualNodes?: boolean;
+    /** Azure AD tenant ID for RBAC integration. */
+    readonly aadTenantId?: string;
+    /** DNS prefix for the cluster FQDN. Default: cluster name. */
+    readonly dnsPrefix?: string;
+}
+/**
+ * Create an AKS cluster with system + user node pools.
+ *
+ * @example
+ * ```typescript
+ * const cluster = createAksCluster("prod", {
+ *   cloud: "azure",
+ *   version: "1.32",
+ *   nodePools: [
+ *     { name: "system", instanceType: "Standard_D2pds_v6", minNodes: 2, maxNodes: 5, mode: "system" },
+ *     { name: "workers", instanceType: "Standard_D2pds_v6", minNodes: 2, maxNodes: 8, spot: true },
+ *   ],
+ * }, network, {
+ *   resourceGroupName: "my-rg",
+ *   virtualNodes: true,
+ * });
+ * ```
+ */
+export declare function createAksCluster(name: string, config: IClusterConfig, network: INetwork, options: IAksOptions): ICluster;
+//# sourceMappingURL=cluster.d.ts.map

package/dist/cjs/azure/cluster.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cluster.d.ts","sourceRoot":"","sources":["../../../src/azure/cluster.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,KAAK,MAAM,MAAM,gBAAgB,CAAC;AAC9C,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAG3C,yDAAyD;AACzD,MAAM,WAAW,WAAW;IAC1B,+CAA+C;IAC/C,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjD,+DAA+D;IAC/D,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;IAC5B,iDAAiD;IACjD,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;IAChC,+CAA+C;IAC/C,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,8DAA8D;IAC9D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,cAAc,EACtB,OAAO,EAAE,QAAQ,EACjB,OAAO,EAAE,WAAW,GACnB,QAAQ,CAqFV"}

package/dist/cjs/azure/cluster.js

@@ -0,0 +1,143 @@
+"use strict";
+/**
+ * Azure AKS cluster implementation.
+ *
+ * Supports system + user node pools, spot instances, and
+ * Azure Container Instances virtual node.
+ *
+ * @module azure/cluster
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAksCluster = createAksCluster;
+const azure = __importStar(require("@pulumi/azure-native"));
+const k8s = __importStar(require("@pulumi/kubernetes"));
+const types_1 = require("../types");
+/**
+ * Create an AKS cluster with system + user node pools.
+ *
+ * @example
+ * ```typescript
+ * const cluster = createAksCluster("prod", {
+ *   cloud: "azure",
+ *   version: "1.32",
+ *   nodePools: [
+ *     { name: "system", instanceType: "Standard_D2pds_v6", minNodes: 2, maxNodes: 5, mode: "system" },
+ *     { name: "workers", instanceType: "Standard_D2pds_v6", minNodes: 2, maxNodes: 8, spot: true },
+ *   ],
+ * }, network, {
+ *   resourceGroupName: "my-rg",
+ *   virtualNodes: true,
+ * });
+ * ```
+ */
+function createAksCluster(name, config, network, options) {
+    const cloud = Array.isArray(config.cloud) ? (config.cloud[0] ?? "azure") : config.cloud;
+    const target = (0, types_1.resolveCloudTarget)(cloud);
+    const tags = config.tags ?? {};
+    const rgName = options.resourceGroupName;
+    const dnsPrefix = options.dnsPrefix ?? name;
+    const enableVirtualNodes = options.virtualNodes ?? config.virtualNodes ?? false;
+    // Build agent pool profiles from node pool config
+    const agentPoolProfiles = config.nodePools.map((np) => ({
+        name: np.name.substring(0, 12), // AKS pool names max 12 chars
+        vmSize: np.instanceType,
+        count: np.desiredNodes ?? np.minNodes,
+        minCount: np.minNodes,
+        maxCount: np.maxNodes,
+        enableAutoScaling: true,
+        mode: (np.mode ?? "User"),
+        osType: "Linux",
+        osDiskSizeGB: 128,
+        vnetSubnetId: network.privateSubnetIds.apply((ids) => ids[0] ?? ""),
+        scaleSetPriority: np.spot ? "Spot" : "Regular",
+        scaleSetEvictionPolicy: np.spot ? "Delete" : undefined,
+        spotMaxPrice: np.spot ? -1 : undefined,
+        nodeTaints: np.taints?.map((t) => `${t.key}=${t.value}:${t.effect}`) ?? [],
+        nodeLabels: np.labels ?? {},
+        type: "VirtualMachineScaleSets",
+    }));
+    // AKS add-on profiles
+    const addonProfiles = {};
+    if (enableVirtualNodes) {
+        addonProfiles["aciConnectorLinux"] = {
+            enabled: true,
+            config: {
+                SubnetName: "aci-subnet",
+            },
+        };
+    }
+    const cluster = new azure.containerservice.ManagedCluster(`${name}-aks`, {
+        resourceName: name,
+        resourceGroupName: rgName,
+        dnsPrefix,
+        kubernetesVersion: config.version,
+        agentPoolProfiles,
+        identity: { type: "SystemAssigned" },
+        networkProfile: {
+            networkPlugin: options.azureCni !== false ? "azure" : "kubenet",
+            serviceCidr: "10.240.0.0/16",
+            dnsServiceIP: "10.240.0.10",
+        },
+        addonProfiles,
+        tags: { ...tags, Name: name },
+    });
+    // Build kubeconfig from AKS cluster credentials
+    const creds = azure.containerservice.listManagedClusterUserCredentialsOutput({
+        resourceGroupName: rgName,
+        resourceName: cluster.name,
+    });
+    const kubeconfig = creds.kubeconfigs.apply((configs) => {
+        const kc = configs[0];
+        if (!kc?.value) {
+            return "";
+        }
+        return Buffer.from(kc.value, "base64").toString("utf-8");
+    });
+    const provider = new k8s.Provider(`${name}-k8s`, {
+        kubeconfig,
+    });
+    return {
+        name,
+        cloud: target,
+        endpoint: cluster.fqdn.apply((fqdn) => `https://${fqdn ?? ""}`),
+        kubeconfig,
+        version: cluster.kubernetesVersion.apply((v) => v ?? ""),
+        nodePools: config.nodePools,
+        nativeResource: cluster,
+        provider,
+    };
+}
+//# sourceMappingURL=cluster.js.map

package/dist/cjs/azure/cluster.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cluster.js","sourceRoot":"","sources":["../../../src/azure/cluster.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyCH,4CA0FC;AAjID,4DAA8C;AAC9C,wDAA0C;AAI1C,oCAA8C;AAgB9C;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAgB,gBAAgB,CAC9B,IAAY,EACZ,MAAsB,EACtB,OAAiB,EACjB,OAAoB;IAEpB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;IACxF,MAAM,MAAM,GAAG,IAAA,0BAAkB,EAAC,KAAK,CAAC,CAAC;IAEzC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IACzC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC;IAC5C,MAAM,kBAAkB,GAAG,OAAO,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,IAAI,KAAK,CAAC;IAEhF,kDAAkD;IAClD,MAAM,iBAAiB,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACtD,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,8BAA8B;QAC9D,MAAM,EAAE,EAAE,CAAC,YAAY;QACvB,KAAK,EAAE,EAAE,CAAC,YAAY,IAAI,EAAE,CAAC,QAAQ;QACrC,QAAQ,EAAE,EAAE,CAAC,QAAQ;QACrB,QAAQ,EAAE,EAAE,CAAC,QAAQ;QACrB,iBAAiB,EAAE,IAAI;QACvB,IAAI,EAAE,CAAC,EAAE,CAAC,IAAI,IAAI,MAAM,CAAsB;QAC9C,MAAM,EAAE,OAAgB;QACxB,YAAY,EAAE,GAAG;QACjB,YAAY,EAAE,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACnE,gBAAgB,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAE,MAAgB,CAAC,CAAC,CAAE,SAAmB;QACpE,sBAAsB,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAE,QAAkB,CAAC,CAAC,CAAC,SAAS;QACjE,YAAY,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;QACtC,UAAU,EAAE,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE;QAC1E,UAAU,EAAE,EAAE,CAAC,MAAM,IAAI,EAAE;QAC3B,IAAI,EAAE,yBAAkC;KACzC,CAAC,CAAC,CAAC;IAEJ,sBAAsB;IACtB,MAAM,aAAa,GAA0E,EAAE,CAAC;IAEhG,IAAI,kBAAkB,EAAE,CAAC;QACvB,aAAa,CAAC,mBAAmB,CAAC,GAAG;YACnC,OAAO,EAAE,IAAI;YACb,MAAM,EAAE;gBACN,UAAU,EAAE,YAAY;aACzB;SACF,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,KAAK,CAAC,gBAAgB,CAAC,cAAc,CAAC,GAAG,IAAI,MAAM,EAAE;QACvE,YAAY,EAAE,IAAI;QAClB,iBAAiB,EAAE,MAAM;QACzB,SAAS;QACT,iBAAiB,EAAE,MAAM,CAAC,OAAO;QACjC,iBAAiB;QACjB,QAAQ,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE;QACpC,cAAc,EAAE;YACd,aAAa,EAAE,OAAO,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;YAC/D,WAAW,EAAE,eAAe;YAC5B,YAAY,EAAE,aAAa;SAC5B;QACD,aAAa;QACb,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;KAC9B,CAAC,CAAC;IAEH,gDAAgD;IAChD,MAAM,KAAK,GAAG,KAAK,CAAC,gBAAgB,CAAC,uCAAuC,CAAC;QAC3E,iBAAiB,EAAE,MAAM;QACzB,YAAY,EAAE,OAAO,CAAC,IAAI;KAC3B,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,EAAE;QACrD,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,MAAM,EAAE;QAC/C,UAAU;KACX,CAAC,CAAC;IAEH,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,IAAI,IAAI,EAAE,EAAE,CAAC;QAC/D,UAAU;QACV,OAAO,EAAE,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACxD,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,cAAc,EAAE,OAAO;QACvB,QAAQ;KACT,CAAC;AACJ,CAAC"}

package/dist/cjs/azure/dns.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Azure DNS Zone implementation.
+ *
+ * @module azure/dns
+ */
+import type * as pulumi from "@pulumi/pulumi";
+import type { IDns, IDnsConfig } from "../dns";
+/** Azure-specific DNS options. */
+export interface IAzureDnsOptions {
+    /** Resource group name. Required for Azure. */
+    readonly resourceGroupName: pulumi.Input<string>;
+}
+/**
+ * Create an Azure DNS Zone with optional initial records.
+ *
+ * @example
+ * ```typescript
+ * const dns = createAzureDns("prod", {
+ *   cloud: "azure",
+ *   zoneName: "metrixgroup.com",
+ *   records: [
+ *     { name: "app", type: "A", values: ["1.2.3.4"], ttl: 300 },
+ *   ],
+ * }, { resourceGroupName: "my-rg" });
+ * ```
+ */
+export declare function createAzureDns(name: string, config: IDnsConfig, options: IAzureDnsOptions): IDns;
+//# sourceMappingURL=dns.d.ts.map

package/dist/cjs/azure/dns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dns.d.ts","sourceRoot":"","sources":["../../../src/azure/dns.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,KAAK,MAAM,MAAM,gBAAgB,CAAC;AAC9C,OAAO,KAAK,EAAE,IAAI,EAAE,UAAU,EAAc,MAAM,QAAQ,CAAC;AAG3D,kCAAkC;AAClC,MAAM,WAAW,gBAAgB;IAC/B,+CAA+C;IAC/C,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;CAClD;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAgChG"}

package/dist/cjs/azure/dns.js

@@ -0,0 +1,169 @@
+"use strict";
+/**
+ * Azure DNS Zone implementation.
+ *
+ * @module azure/dns
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAzureDns = createAzureDns;
+const azure = __importStar(require("@pulumi/azure-native"));
+const types_1 = require("../types");
+/**
+ * Create an Azure DNS Zone with optional initial records.
+ *
+ * @example
+ * ```typescript
+ * const dns = createAzureDns("prod", {
+ *   cloud: "azure",
+ *   zoneName: "metrixgroup.com",
+ *   records: [
+ *     { name: "app", type: "A", values: ["1.2.3.4"], ttl: 300 },
+ *   ],
+ * }, { resourceGroupName: "my-rg" });
+ * ```
+ */
+function createAzureDns(name, config, options) {
+    const cloud = Array.isArray(config.cloud) ? (config.cloud[0] ?? "azure") : config.cloud;
+    const target = (0, types_1.resolveCloudTarget)(cloud);
+    const tags = config.tags ?? {};
+    const rgName = options.resourceGroupName;
+    const zone = new azure.dns.Zone(`${name}-zone`, {
+        zoneName: config.zoneName,
+        resourceGroupName: rgName,
+        zoneType: azure.dns.ZoneType.Public,
+        location: "global",
+        tags: { ...tags, Name: `${name}-zone` },
+    });
+    if (config.records) {
+        for (const rec of config.records) {
+            createRecord(name, rgName, config.zoneName, rec);
+        }
+    }
+    return {
+        name,
+        cloud: target,
+        zoneId: zone.id,
+        zoneName: config.zoneName,
+        nameServers: zone.nameServers,
+        nativeResource: zone,
+        addRecord(record) {
+            createRecord(name, rgName, config.zoneName, record);
+        },
+    };
+}
+function createRecord(name, rgName, zoneName, record) {
+    const recordName = record.name === "@" ? "@" : record.name;
+    const resourceName = `${name}-${record.name || "root"}-${record.type.toLowerCase()}`;
+    const ttl = record.ttl ?? 300;
+    switch (record.type) {
+        case "A":
+            new azure.dns.RecordSet(resourceName, {
+                relativeRecordSetName: recordName,
+                resourceGroupName: rgName,
+                zoneName,
+                recordType: "A",
+                ttl,
+                aRecords: record.values.map((v) => ({ ipv4Address: v })),
+            });
+            break;
+        case "AAAA":
+            new azure.dns.RecordSet(resourceName, {
+                relativeRecordSetName: recordName,
+                resourceGroupName: rgName,
+                zoneName,
+                recordType: "AAAA",
+                ttl,
+                aaaaRecords: record.values.map((v) => ({ ipv6Address: v })),
+            });
+            break;
+        case "CNAME":
+            new azure.dns.RecordSet(resourceName, {
+                relativeRecordSetName: recordName,
+                resourceGroupName: rgName,
+                zoneName,
+                recordType: "CNAME",
+                ttl,
+                cnameRecord: { cname: record.values[0] ?? "" },
+            });
+            break;
+        case "TXT":
+            new azure.dns.RecordSet(resourceName, {
+                relativeRecordSetName: recordName,
+                resourceGroupName: rgName,
+                zoneName,
+                recordType: "TXT",
+                ttl,
+                txtRecords: record.values.map((v) => ({ value: [v] })),
+            });
+            break;
+        case "MX":
+            new azure.dns.RecordSet(resourceName, {
+                relativeRecordSetName: recordName,
+                resourceGroupName: rgName,
+                zoneName,
+                recordType: "MX",
+                ttl,
+                mxRecords: record.values.map((v) => {
+                    const parts = v.split(" ");
+                    return {
+                        preference: parseInt(parts[0] ?? "10", 10),
+                        exchange: parts[1] ?? v,
+                    };
+                }),
+            });
+            break;
+        case "NS":
+            new azure.dns.RecordSet(resourceName, {
+                relativeRecordSetName: recordName,
+                resourceGroupName: rgName,
+                zoneName,
+                recordType: "NS",
+                ttl,
+                nsRecords: record.values.map((v) => ({ nsdname: v })),
+            });
+            break;
+        default:
+            // SRV, CAA — create record set without type-specific fields
+            new azure.dns.RecordSet(resourceName, {
+                relativeRecordSetName: recordName,
+                resourceGroupName: rgName,
+                zoneName,
+                recordType: record.type,
+                ttl,
+            });
+    }
+}
+//# sourceMappingURL=dns.js.map

package/dist/cjs/azure/dns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dns.js","sourceRoot":"","sources":["../../../src/azure/dns.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BH,wCAgCC;AAzDD,4DAA8C;AAG9C,oCAA8C;AAQ9C;;;;;;;;;;;;;GAaG;AACH,SAAgB,cAAc,CAAC,IAAY,EAAE,MAAkB,EAAE,OAAyB;IACxF,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;IACxF,MAAM,MAAM,GAAG,IAAA,0BAAkB,EAAC,KAAK,CAAC,CAAC;IAEzC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAEzC,MAAM,IAAI,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,EAAE;QAC9C,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,iBAAiB,EAAE,MAAM;QACzB,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM;QACnC,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,OAAO,EAAE;KACxC,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACjC,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,MAAM;QACb,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,WAAW,EAAE,IAAI,CAAC,WAAmD;QACrE,cAAc,EAAE,IAAI;QACpB,SAAS,CAAC,MAAkB;YAC1B,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACtD,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CACnB,IAAY,EACZ,MAA4B,EAC5B,QAAgB,EAChB,MAAkB;IAElB,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC;IAC3D,MAAM,YAAY,GAAG,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;IACrF,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC;IAE9B,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,GAAG;YACN,IAAI,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBACpC,qBAAqB,EAAE,UAAU;gBACjC,iBAAiB,EAAE,MAAM;gBACzB,QAAQ;gBACR,UAAU,EAAE,GAAG;gBACf,GAAG;gBACH,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;aACzD,CAAC,CAAC;YACH,MAAM;QACR,KAAK,MAAM;YACT,IAAI,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBACpC,qBAAqB,EAAE,UAAU;gBACjC,iBAAiB,EAAE,MAAM;gBACzB,QAAQ;gBACR,UAAU,EAAE,MAAM;gBAClB,GAAG;gBACH,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;aAC5D,CAAC,CAAC;YACH,MAAM;QACR,KAAK,OAAO;YACV,IAAI,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBACpC,qBAAqB,EAAE,UAAU;gBACjC,iBAAiB,EAAE,MAAM;gBACzB,QAAQ;gBACR,UAAU,EAAE,OAAO;gBACnB,GAAG;gBACH,WAAW,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE;aAC/C,CAAC,CAAC;YACH,MAAM;QACR,KAAK,KAAK;YACR,IAAI,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBACpC,qBAAqB,EAAE,UAAU;gBACjC,iBAAiB,EAAE,MAAM;gBACzB,QAAQ;gBACR,UAAU,EAAE,KAAK;gBACjB,GAAG;gBACH,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;aACvD,CAAC,CAAC;YACH,MAAM;QACR,KAAK,IAAI;YACP,IAAI,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBACpC,qBAAqB,EAAE,UAAU;gBACjC,iBAAiB,EAAE,MAAM;gBACzB,QAAQ;gBACR,UAAU,EAAE,IAAI;gBAChB,GAAG;gBACH,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;oBACjC,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC3B,OAAO;wBACL,UAAU,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;wBAC1C,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;qBACxB,CAAC;gBACJ,CAAC,CAAC;aACH,CAAC,CAAC;YACH,MAAM;QACR,KAAK,IAAI;YACP,IAAI,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBACpC,qBAAqB,EAAE,UAAU;gBACjC,iBAAiB,EAAE,MAAM;gBACzB,QAAQ;gBACR,UAAU,EAAE,IAAI;gBAChB,GAAG;gBACH,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;aACtD,CAAC,CAAC;YACH,MAAM;QACR;YACE,4DAA4D;YAC5D,IAAI,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBACpC,qBAAqB,EAAE,UAAU;gBACjC,iBAAiB,EAAE,MAAM;gBACzB,QAAQ;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,GAAG;aACJ,CAAC,CAAC;IACP,CAAC;AACH,CAAC"}

package/dist/cjs/azure/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Azure provider implementations for @reyemtech/nimbus.
+ *
+ * @module azure
+ */
+export { createAzureNetwork, type IAzureNetworkOptions } from "./network";
+export { createAksCluster, type IAksOptions } from "./cluster";
+export { createAzureDns, type IAzureDnsOptions } from "./dns";
+export { createAzureSecrets, type IAzureSecretsOptions } from "./secrets";
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/azure/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/azure/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,KAAK,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,KAAK,WAAW,EAAE,MAAM,WAAW,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,KAAK,oBAAoB,EAAE,MAAM,WAAW,CAAC"}

package/dist/cjs/azure/index.js

@@ -0,0 +1,17 @@
+"use strict";
+/**
+ * Azure provider implementations for @reyemtech/nimbus.
+ *
+ * @module azure
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAzureSecrets = exports.createAzureDns = exports.createAksCluster = exports.createAzureNetwork = void 0;
+var network_1 = require("./network");
+Object.defineProperty(exports, "createAzureNetwork", { enumerable: true, get: function () { return network_1.createAzureNetwork; } });
+var cluster_1 = require("./cluster");
+Object.defineProperty(exports, "createAksCluster", { enumerable: true, get: function () { return cluster_1.createAksCluster; } });
+var dns_1 = require("./dns");
+Object.defineProperty(exports, "createAzureDns", { enumerable: true, get: function () { return dns_1.createAzureDns; } });
+var secrets_1 = require("./secrets");
+Object.defineProperty(exports, "createAzureSecrets", { enumerable: true, get: function () { return secrets_1.createAzureSecrets; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/azure/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/azure/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,qCAA0E;AAAjE,6GAAA,kBAAkB,OAAA;AAC3B,qCAA+D;AAAtD,2GAAA,gBAAgB,OAAA;AACzB,6BAA8D;AAArD,qGAAA,cAAc,OAAA;AACvB,qCAA0E;AAAjE,6GAAA,kBAAkB,OAAA"}

package/dist/cjs/azure/network.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Azure VNet network implementation.
+ *
+ * @module azure/network
+ */
+import * as pulumi from "@pulumi/pulumi";
+import type { INetwork, INetworkConfig } from "../network";
+/** Azure-specific network options beyond the base config. */
+export interface IAzureNetworkOptions {
+    /** Resource group name. Required for Azure. */
+    readonly resourceGroupName: pulumi.Input<string>;
+    /** Number of subnets per type (public/private). Default: 2. */
+    readonly subnetCount?: number;
+}
+/**
+ * Create an Azure VNet with subnets and optional NAT Gateway.
+ *
+ * @example
+ * ```typescript
+ * const network = createAzureNetwork("prod", {
+ *   cloud: "azure",
+ *   cidr: "10.1.0.0/16",
+ *   natStrategy: "managed",
+ * }, { resourceGroupName: "my-rg" });
+ * ```
+ */
+export declare function createAzureNetwork(name: string, config: INetworkConfig, options: IAzureNetworkOptions): INetwork;
+//# sourceMappingURL=network.d.ts.map

package/dist/cjs/azure/network.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../../src/azure/network.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AACzC,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAe,MAAM,YAAY,CAAC;AAGxE,6DAA6D;AAC7D,MAAM,WAAW,oBAAoB;IACnC,+CAA+C;IAC/C,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjD,+DAA+D;IAC/D,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,cAAc,EACtB,OAAO,EAAE,oBAAoB,GAC5B,QAAQ,CAoIV"}

package/dist/cjs/azure/network.js

@@ -0,0 +1,176 @@
+"use strict";
+/**
+ * Azure VNet network implementation.
+ *
+ * @module azure/network
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAzureNetwork = createAzureNetwork;
+const azure = __importStar(require("@pulumi/azure-native"));
+const pulumi = __importStar(require("@pulumi/pulumi"));
+const types_1 = require("../types");
+/**
+ * Create an Azure VNet with subnets and optional NAT Gateway.
+ *
+ * @example
+ * ```typescript
+ * const network = createAzureNetwork("prod", {
+ *   cloud: "azure",
+ *   cidr: "10.1.0.0/16",
+ *   natStrategy: "managed",
+ * }, { resourceGroupName: "my-rg" });
+ * ```
+ */
+function createAzureNetwork(name, config, options) {
+    const cloud = Array.isArray(config.cloud) ? (config.cloud[0] ?? "azure") : config.cloud;
+    const target = (0, types_1.resolveCloudTarget)(cloud);
+    const cidr = config.cidr ?? "10.1.0.0/16";
+    const subnetCount = options.subnetCount ?? 2;
+    const natStrategy = config.natStrategy ?? "managed";
+    const tags = config.tags ?? {};
+    const rgName = options.resourceGroupName;
+    const vnet = new azure.network.VirtualNetwork(`${name}-vnet`, {
+        virtualNetworkName: `${name}-vnet`,
+        resourceGroupName: rgName,
+        addressSpace: { addressPrefixes: [cidr] },
+        tags: { ...tags, Name: `${name}-vnet` },
+    });
+    // Public subnets
+    const publicSubnets = [];
+    for (let i = 0; i < subnetCount; i++) {
+        publicSubnets.push(new azure.network.Subnet(`${name}-public-${i}`, {
+            subnetName: `${name}-public-${i}`,
+            resourceGroupName: rgName,
+            virtualNetworkName: vnet.name,
+            addressPrefix: `${cidr.split(".").slice(0, 2).join(".")}.${i + 1}.0/24`,
+        }));
+    }
+    // Private subnets
+    const privateSubnets = [];
+    for (let i = 0; i < subnetCount; i++) {
+        const subnet = new azure.network.Subnet(`${name}-private-${i}`, {
+            subnetName: `${name}-private-${i}`,
+            resourceGroupName: rgName,
+            virtualNetworkName: vnet.name,
+            addressPrefix: `${cidr.split(".").slice(0, 2).join(".")}.${i + 10}.0/24`,
+        });
+        privateSubnets.push(subnet);
+    }
+    // NSG for private subnets
+    const nsg = new azure.network.NetworkSecurityGroup(`${name}-private-nsg`, {
+        networkSecurityGroupName: `${name}-private-nsg`,
+        resourceGroupName: rgName,
+        securityRules: [
+            {
+                name: "AllowVNetInbound",
+                priority: 100,
+                direction: "Inbound",
+                access: "Allow",
+                protocol: "*",
+                sourceAddressPrefix: "VirtualNetwork",
+                sourcePortRange: "*",
+                destinationAddressPrefix: "VirtualNetwork",
+                destinationPortRange: "*",
+            },
+            {
+                name: "AllowAzureLoadBalancerInbound",
+                priority: 200,
+                direction: "Inbound",
+                access: "Allow",
+                protocol: "*",
+                sourceAddressPrefix: "AzureLoadBalancer",
+                sourcePortRange: "*",
+                destinationAddressPrefix: "*",
+                destinationPortRange: "*",
+            },
+            {
+                name: "DenyAllInbound",
+                priority: 4096,
+                direction: "Inbound",
+                access: "Deny",
+                protocol: "*",
+                sourceAddressPrefix: "*",
+                sourcePortRange: "*",
+                destinationAddressPrefix: "*",
+                destinationPortRange: "*",
+            },
+        ],
+        tags: { ...tags, Name: `${name}-private-nsg` },
+    });
+    // NAT Gateway for private subnet internet access
+    let natGatewayId;
+    if (natStrategy === "managed") {
+        const natPip = new azure.network.PublicIPAddress(`${name}-nat-pip`, {
+            publicIpAddressName: `${name}-nat-pip`,
+            resourceGroupName: rgName,
+            sku: { name: "Standard" },
+            publicIPAllocationMethod: "Static",
+            tags: { ...tags, Name: `${name}-nat-pip` },
+        });
+        const natGw = new azure.network.NatGateway(`${name}-nat`, {
+            natGatewayName: `${name}-nat`,
+            resourceGroupName: rgName,
+            sku: { name: "Standard" },
+            publicIpAddresses: [{ id: natPip.id }],
+            tags: { ...tags, Name: `${name}-nat` },
+        });
+        natGatewayId = natGw.id;
+        // Associate NAT gateway with private subnets via subnet updates
+        for (let i = 0; i < privateSubnets.length; i++) {
+            new azure.network.Subnet(`${name}-private-${i}-nat`, {
+                subnetName: `${name}-private-${i}`,
+                resourceGroupName: rgName,
+                virtualNetworkName: `${name}-vnet`,
+                addressPrefix: `${cidr.split(".").slice(0, 2).join(".")}.${i + 10}.0/24`,
+                natGateway: { id: natGw.id },
+                networkSecurityGroup: { id: nsg.id },
+            });
+        }
+    }
+    const publicSubnetIds = pulumi.all(publicSubnets.map((s) => s.id));
+    const privateSubnetIds = pulumi.all(privateSubnets.map((s) => s.id));
+    return {
+        name,
+        cloud: target,
+        vpcId: vnet.id,
+        cidr,
+        publicSubnetIds: publicSubnetIds,
+        privateSubnetIds: privateSubnetIds,
+        natGatewayId,
+        nativeResource: vnet,
+    };
+}
+//# sourceMappingURL=network.js.map

package/dist/cjs/azure/network.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"network.js","sourceRoot":"","sources":["../../../src/azure/network.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BH,gDAwIC;AAjKD,4DAA8C;AAC9C,uDAAyC;AAEzC,oCAA8C;AAU9C;;;;;;;;;;;GAWG;AACH,SAAgB,kBAAkB,CAChC,IAAY,EACZ,MAAsB,EACtB,OAA6B;IAE7B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;IACxF,MAAM,MAAM,GAAG,IAAA,0BAAkB,EAAC,KAAK,CAAC,CAAC;IAEzC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,aAAa,CAAC;IAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC;IAC7C,MAAM,WAAW,GAAgB,MAAM,CAAC,WAAW,IAAI,SAAS,CAAC;IACjE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAEzC,MAAM,IAAI,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,GAAG,IAAI,OAAO,EAAE;QAC5D,kBAAkB,EAAE,GAAG,IAAI,OAAO;QAClC,iBAAiB,EAAE,MAAM;QACzB,YAAY,EAAE,EAAE,eAAe,EAAE,CAAC,IAAI,CAAC,EAAE;QACzC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,OAAO,EAAE;KACxC,CAAC,CAAC;IAEH,iBAAiB;IACjB,MAAM,aAAa,GAA2B,EAAE,CAAC;IACjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,aAAa,CAAC,IAAI,CAChB,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,WAAW,CAAC,EAAE,EAAE;YAC9C,UAAU,EAAE,GAAG,IAAI,WAAW,CAAC,EAAE;YACjC,iBAAiB,EAAE,MAAM;YACzB,kBAAkB,EAAE,IAAI,CAAC,IAAI;YAC7B,aAAa,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO;SACxE,CAAC,CACH,CAAC;IACJ,CAAC;IAED,kBAAkB;IAClB,MAAM,cAAc,GAA2B,EAAE,CAAC;IAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,EAAE,EAAE;YAC9D,UAAU,EAAE,GAAG,IAAI,YAAY,CAAC,EAAE;YAClC,iBAAiB,EAAE,MAAM;YACzB,kBAAkB,EAAE,IAAI,CAAC,IAAI;YAC7B,aAAa,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO;SACzE,CAAC,CAAC;QACH,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IAED,0BAA0B;IAC1B,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,GAAG,IAAI,cAAc,EAAE;QACxE,wBAAwB,EAAE,GAAG,IAAI,cAAc;QAC/C,iBAAiB,EAAE,MAAM;QACzB,aAAa,EAAE;YACb;gBACE,IAAI,EAAE,kBAAkB;gBACxB,QAAQ,EAAE,GAAG;gBACb,SAAS,EAAE,SAAS;gBACpB,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,GAAG;gBACb,mBAAmB,EAAE,gBAAgB;gBACrC,eAAe,EAAE,GAAG;gBACpB,wBAAwB,EAAE,gBAAgB;gBAC1C,oBAAoB,EAAE,GAAG;aAC1B;YACD;gBACE,IAAI,EAAE,+BAA+B;gBACrC,QAAQ,EAAE,GAAG;gBACb,SAAS,EAAE,SAAS;gBACpB,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,GAAG;gBACb,mBAAmB,EAAE,mBAAmB;gBACxC,eAAe,EAAE,GAAG;gBACpB,wBAAwB,EAAE,GAAG;gBAC7B,oBAAoB,EAAE,GAAG;aAC1B;YACD;gBACE,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,IAAI;gBACd,SAAS,EAAE,SAAS;gBACpB,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,GAAG;gBACb,mBAAmB,EAAE,GAAG;gBACxB,eAAe,EAAE,GAAG;gBACpB,wBAAwB,EAAE,GAAG;gBAC7B,oBAAoB,EAAE,GAAG;aAC1B;SACF;QACD,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,cAAc,EAAE;KAC/C,CAAC,CAAC;IAEH,iDAAiD;IACjD,IAAI,YAA+C,CAAC;IAEpD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,IAAI,UAAU,EAAE;YAClE,mBAAmB,EAAE,GAAG,IAAI,UAAU;YACtC,iBAAiB,EAAE,MAAM;YACzB,GAAG,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE;YACzB,wBAAwB,EAAE,QAAQ;YAClC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,UAAU,EAAE;SAC3C,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,IAAI,MAAM,EAAE;YACxD,cAAc,EAAE,GAAG,IAAI,MAAM;YAC7B,iBAAiB,EAAE,MAAM;YACzB,GAAG,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE;YACzB,iBAAiB,EAAE,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;YACtC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,MAAM,EAAE;SACvC,CAAC,CAAC;QAEH,YAAY,GAAG,KAAK,CAAC,EAAE,CAAC;QAExB,gEAAgE;QAChE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE;gBACnD,UAAU,EAAE,GAAG,IAAI,YAAY,CAAC,EAAE;gBAClC,iBAAiB,EAAE,MAAM;gBACzB,kBAAkB,EAAE,GAAG,IAAI,OAAO;gBAClC,aAAa,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO;gBACxE,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE;gBAC5B,oBAAoB,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE;aACrC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnE,MAAM,gBAAgB,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAErE,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,MAAM;QACb,KAAK,EAAE,IAAI,CAAC,EAAE;QACd,IAAI;QACJ,eAAe,EAAE,eAAuD;QACxE,gBAAgB,EAAE,gBAAwD;QAC1E,YAAY;QACZ,cAAc,EAAE,IAAI;KACrB,CAAC;AACJ,CAAC"}