@run402/functions 3.0.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -17,7 +17,9 @@
17
17
  * auth.csrfToken() → string
18
18
  * auth.csrfField() → "<input type=hidden ...>"
19
19
  * auth.sessions.createResponseFromIdentity({ ... }) → Response
20
+ * auth.sessions.createResponseFromTenantAssertion({ tenant, user, method }) → Response
20
21
  * auth.sessions.endResponse() → Response
22
+ * auth.invalidCredentials() → InvalidCredentialsError (throw it)
21
23
  *
22
24
  * Behaviour notes baked into the helpers:
23
25
  * - Calling any helper taints the cache (the response now depends on
@@ -40,7 +42,7 @@
40
42
  import { getCurrentContext, requireActiveContext, taintCacheBypass, } from "../runtime-context.js";
41
43
  import { config } from "../config.js";
42
44
  import jwt from "../lib/jwt.js";
43
- import { AuthRequiredError, FetchAbsoluteUrlError, FreshnessRequiredError, InsufficientMembershipError, InsufficientRoleError, UnknownExportError, } from "./errors.js";
45
+ import { AuthRequiredError, FetchAbsoluteUrlError, FreshnessRequiredError, InsufficientMembershipError, InsufficientRoleError, InvalidCredentialsError, RenamedExportError, TenantSubjectInvalidError, UnknownExportError, } from "./errors.js";
44
46
  import { validateAuthFetchInput } from "./url-validation.js";
45
47
  import crypto from "node:crypto";
46
48
  // ---------------------------------------------------------------------------
@@ -65,6 +67,15 @@ async function user() {
65
67
  if (ctx.actor) {
66
68
  return actorContextToPublicActor(ctx.actor, ctx.projectId);
67
69
  }
70
+ // auth-hosted-surface-parity: for browser SSR (routed_http) the cookie
71
+ // envelope is the ONLY actor input. We do NOT fall back to decoding an
72
+ // `Authorization: Bearer` header here — otherwise a Bearer on a GET to
73
+ // a tenant SSR page would resolve an actor, contradicting the
74
+ // "cookie is the only browser actor input" invariant (Kychon finding).
75
+ // The fallback is preserved only for direct/machine invocations below.
76
+ if (ctx.invocationKind === "routed_http") {
77
+ return null;
78
+ }
68
79
  // Direct function invocation path (Bearer JWT, no cookie envelope):
69
80
  // fall back to decoding the Authorization header. This is the legacy
70
81
  // getUser(req) contract — mobile / server-to-server callers send a
@@ -301,6 +312,96 @@ async function createResponseFromIdentity(opts) {
301
312
  });
302
313
  return res;
303
314
  }
315
+ /** Header on the function's RETURNED Response that the gateway's routed-invoke
316
+ * post-processor materializes into a host-bound `Set-Cookie` — AFTER it
317
+ * checks the INVOKED function's declared `auth.sessionMint` capability
318
+ * (server-side; service-key presence is NOT sufficient). The gateway always
319
+ * strips this header before the client sees it. Kept in sync with the
320
+ * gateway constant of the same name. */
321
+ export const MINT_DIRECTIVE_HEADER = "x-run402-mint-directive";
322
+ /**
323
+ * Tenant-assertion session mint (D6) — for the tenant-owned-credential case
324
+ * where the calling function already verified the credential against its OWN
325
+ * store (bcrypt, custom DB, external IdP). This is NOT a proof-based mint;
326
+ * the tenant is *vouching*, so it is capability-gated (`auth.sessionMint` in
327
+ * the function's deploy spec), audited, and host-gated — all enforced by the
328
+ * gateway when it materializes the directive below.
329
+ *
330
+ * The shape is agent-proof: the platform derives `issuer: "tenant:<tenant>"`
331
+ * and `amr` from `method` (`password` → `tenant_password`, `sso` →
332
+ * `tenant_sso`). Arbitrary amr is available only via `advanced.amr`.
333
+ *
334
+ * Mechanism (pattern B): the SDK never holds the session secret, so it returns
335
+ * a Response carrying a `x-run402-mint-directive` header. The gateway reads it,
336
+ * verifies the invoked function declared `auth.sessionMint` (else
337
+ * `R402_AUTH_UNTRUSTED_CONTEXT`), validates the subject, mints the host-bound
338
+ * cookie, writes an audit row, strips the directive, and rewrites the body to
339
+ * `{ ok, user }`. Return it directly from your handler: `return
340
+ * auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })`.
341
+ */
342
+ async function createResponseFromTenantAssertion(opts) {
343
+ // Must run inside a real routed invocation (not module scope / prerender).
344
+ requireActiveContext("auth.sessions.createResponseFromTenantAssertion");
345
+ // Fast SDK-side validation with the teaching fix. The gateway re-validates
346
+ // and additionally enforces `(project_id, issuer, user.id)` uniqueness.
347
+ const tenant = typeof opts?.tenant === "string" ? opts.tenant.trim() : "";
348
+ if (!tenant) {
349
+ throw new TenantSubjectInvalidError({ reason: "missing `tenant`" });
350
+ }
351
+ const user = opts?.user;
352
+ if (!user || typeof user !== "object") {
353
+ throw new TenantSubjectInvalidError({ reason: "missing `user`" });
354
+ }
355
+ const id = typeof user.id === "string" ? user.id.trim() : "";
356
+ if (!id) {
357
+ throw new TenantSubjectInvalidError({
358
+ reason: "`user.id` is required (a stable primary key, not a bare email)",
359
+ });
360
+ }
361
+ const email = typeof user.email === "string" ? user.email.trim() : "";
362
+ // The classic mistake: passing the email AS the id. A stable id is required.
363
+ if (id.includes("@") && id === email) {
364
+ throw new TenantSubjectInvalidError({
365
+ reason: "`user.id` must be a stable primary key, not the email",
366
+ });
367
+ }
368
+ if (opts.method !== "password" && opts.method !== "sso") {
369
+ throw new TenantSubjectInvalidError({
370
+ reason: '`method` must be "password" or "sso"',
371
+ });
372
+ }
373
+ const directive = {
374
+ v: 1,
375
+ tenant,
376
+ user: {
377
+ id,
378
+ email,
379
+ emailVerified: user.emailVerified === true,
380
+ ...(user.displayName ? { displayName: String(user.displayName) } : {}),
381
+ ...(user.avatarUrl ? { avatarUrl: String(user.avatarUrl) } : {}),
382
+ },
383
+ method: opts.method,
384
+ ...(opts.advanced?.amr ? { advanced: { amr: opts.advanced.amr } } : {}),
385
+ };
386
+ const encoded = Buffer.from(JSON.stringify(directive), "utf8").toString("base64url");
387
+ // The response now depends on per-request actor state — taint the SSR cache.
388
+ taintCacheBypass();
389
+ return new Response(JSON.stringify({ ok: true }), {
390
+ status: 200,
391
+ headers: {
392
+ "content-type": "application/json",
393
+ [MINT_DIRECTIVE_HEADER]: encoded,
394
+ },
395
+ });
396
+ }
397
+ /** Returns the canonical invalid-credentials error for the tenant-owned
398
+ * credential case. A FUNCTION, not a constructor (D9): write
399
+ * `throw auth.invalidCredentials()` — never `new auth.InvalidCredentialsError()`.
400
+ * Renders the canonical `R402_AUTH_INVALID_CREDENTIALS` envelope (distinct
401
+ * from `R402_AUTH_MAGIC_LINK_INVALID`); no session is minted. */
402
+ function invalidCredentials() {
403
+ return new InvalidCredentialsError();
404
+ }
304
405
  async function endResponse() {
305
406
  const ctx = requireActiveContext("auth.sessions.endResponse");
306
407
  const origin = `https://${ctx.host}`;
@@ -314,31 +415,272 @@ async function endResponse() {
314
415
  // ---------------------------------------------------------------------------
315
416
  // Identity linking.
316
417
  // ---------------------------------------------------------------------------
317
- async function linkIdentity(opts) {
318
- const ctx = requireActiveContext("auth.identities.link");
319
- await requireUser();
320
- const origin = `https://${ctx.host}`;
321
- const res = await fetch(`${origin}/auth/v1/identities/link`, {
322
- method: "POST",
323
- headers: { "content-type": "application/json" },
324
- body: JSON.stringify(opts),
325
- redirect: "manual",
418
+ /** §4.5: the shipped top-level `auth.identities.link` is renamed/moved to
419
+ * `auth.account.identities.startLink` (the redirect+proof ceremony that links
420
+ * an OAuth identity to the already-signed-in account). Throws
421
+ * `R402_AUTH_RENAMED_EXPORT` teaching the move. (It also fetched a gateway
422
+ * route that never existed — see #429 — so it was non-functional regardless.) */
423
+ async function linkIdentity(_opts) {
424
+ throw new RenamedExportError({
425
+ oldName: "auth.identities.link",
426
+ newName: "auth.account.identities.startLink",
326
427
  });
327
- if (res.status === 409) {
328
- // The platform route maps unique_violation on
329
- // internal.identities (project_id, provider, subject) to 409.
330
- throw new (await import("./errors.js")).IdentityLinkConflictError({
331
- provider: opts.provider,
332
- subject: opts.subject,
428
+ }
429
+ // ---------------------------------------------------------------------------
430
+ // Account security (§4). `getSecurity()` is the everyday rich read; the
431
+ // advanced mutation tier (setPassword / passkeys / sessions / identities) is
432
+ // demoted and lands in a follow-up increment.
433
+ // ---------------------------------------------------------------------------
434
+ /**
435
+ * The rich settings/security read for the current actor (§4.3). Distinct from
436
+ * the cheap per-request `auth.user()` — returns the ownership-qualified
437
+ * `AccountSecurity` projection (has_run402_password, run402_passkey_count,
438
+ * run402_identities, tenant_assertions, …) or `null` when anonymous.
439
+ *
440
+ * Resolves the actor exactly like `auth.user()` (cookie envelope on browser
441
+ * SSR; Bearer on direct/machine — §4.7/D15), mints a short-lived actor JWT
442
+ * (the same channel `db()` uses), and fetches the gateway projection route.
443
+ */
444
+ async function getSecurity() {
445
+ const ctx = getCurrentContext();
446
+ if (!ctx)
447
+ return null;
448
+ const actor = await user();
449
+ if (!actor)
450
+ return null;
451
+ if (!config.JWT_SECRET)
452
+ return null;
453
+ const nowSec = Math.floor(Date.now() / 1000);
454
+ let token;
455
+ try {
456
+ token = jwt.sign({
457
+ sub: actor.id,
458
+ role: "authenticated",
459
+ email: actor.email,
460
+ project_id: actor.projectId,
461
+ iss: "agentdb",
462
+ iat: nowSec,
463
+ exp: nowSec + 60,
464
+ }, config.JWT_SECRET);
465
+ }
466
+ catch {
467
+ return null;
468
+ }
469
+ // Fetch the gateway (config.API_BASE = RUN402_API_BASE) directly — NOT the
470
+ // public tenant subdomain (ctx.host). The /auth/v1/account/* routes live on
471
+ // the gateway; a Lambda-to-subdomain round-trip via CloudFront does not reach
472
+ // them. `app_origin` still carries the tenant host for rpId validation.
473
+ const appOrigin = `https://${ctx.host}`;
474
+ let res;
475
+ try {
476
+ res = await fetch(`${config.API_BASE}/auth/v1/account/security?app_origin=${encodeURIComponent(appOrigin)}`, {
477
+ headers: {
478
+ apikey: config.ANON_KEY ?? "",
479
+ authorization: `Bearer ${token}`,
480
+ accept: "application/json",
481
+ },
482
+ redirect: "manual",
333
483
  });
334
484
  }
485
+ catch {
486
+ return null;
487
+ }
488
+ if (!res.ok)
489
+ return null;
490
+ const data = (await res.json().catch(() => null));
491
+ if (!data)
492
+ return null;
493
+ // The route returns a `user` projection; the SDK overlays the richer Actor.
494
+ return { ...data, user: actor };
495
+ }
496
+ /** Throwing variant of `getSecurity()` (§4.3). */
497
+ async function requireSecurity() {
498
+ const security = await getSecurity();
499
+ if (!security)
500
+ throw new AuthRequiredError();
501
+ return security;
502
+ }
503
+ // ---------------------------------------------------------------------------
504
+ // §4.4 advanced account-security mutation tier. Server-side, context-actor
505
+ // only. Each method mints a short-lived actor JWT (same channel as
506
+ // getSecurity) — including `auth_time` so the gateway can enforce freshness
507
+ // callee-side — and calls the Bearer-authed /auth/v1/account/* routes. NOT in
508
+ // the everyday docs; the everyday path is the <AccountSecurity> component.
509
+ // ---------------------------------------------------------------------------
510
+ /** Mint a short-lived actor JWT for an advanced-tier account call. Includes
511
+ * `auth_time` (the actor's last-auth from the verified browser-session
512
+ * envelope) so the gateway's sensitive-mutation freshness gate can read it. */
513
+ function mintAdvancedActorToken(actor) {
514
+ if (!config.JWT_SECRET)
515
+ return null;
516
+ const nowSec = Math.floor(Date.now() / 1000);
517
+ try {
518
+ return jwt.sign({
519
+ sub: actor.id,
520
+ role: "authenticated",
521
+ email: actor.email,
522
+ project_id: actor.projectId,
523
+ iss: "agentdb",
524
+ iat: nowSec,
525
+ exp: nowSec + 60,
526
+ auth_time: actor.authTime,
527
+ }, config.JWT_SECRET);
528
+ }
529
+ catch {
530
+ return null;
531
+ }
532
+ }
533
+ /** Call a Bearer-authed /auth/v1/account/* route with the context actor's
534
+ * minted JWT. Throws AuthRequiredError when anonymous / outside a request,
535
+ * FreshnessRequiredError on a freshness 401, and a generic error otherwise. */
536
+ async function accountAdvancedFetch(path, init) {
537
+ const ctx = getCurrentContext();
538
+ const actor = ctx ? await user() : null;
539
+ if (!ctx || !actor)
540
+ throw new AuthRequiredError();
541
+ const token = mintAdvancedActorToken(actor);
542
+ if (!token)
543
+ throw new AuthRequiredError();
544
+ // Gateway directly (config.API_BASE), NOT the tenant subdomain (ctx.host) —
545
+ // the /auth/v1/account/* routes live on the gateway and a Lambda-to-subdomain
546
+ // round-trip via CloudFront does not reach them (see getSecurity).
547
+ const res = await fetch(`${config.API_BASE}${path}`, {
548
+ method: init.method,
549
+ headers: {
550
+ apikey: config.ANON_KEY ?? "",
551
+ authorization: `Bearer ${token}`,
552
+ accept: "application/json",
553
+ ...(init.body !== undefined ? { "content-type": "application/json" } : {}),
554
+ },
555
+ body: init.body !== undefined ? JSON.stringify(init.body) : undefined,
556
+ redirect: "manual",
557
+ });
558
+ if (res.status === 401) {
559
+ const data = (await res.json().catch(() => null));
560
+ if (data?.code === "R402_AUTH_FRESHNESS_REQUIRED") {
561
+ throw new FreshnessRequiredError({ maxAge: "5m", amr: [] });
562
+ }
563
+ throw new AuthRequiredError();
564
+ }
335
565
  if (!res.ok) {
336
- const body = await res.json().catch(() => ({}));
337
- throw new (await import("./errors.js")).SessionBridgeUnverifiedError({
338
- reason: body.code ?? `link failed: ${res.status}`,
339
- });
566
+ throw new Error(`auth.account.* request to ${path} failed: ${res.status}`);
340
567
  }
568
+ return (await res.json().catch(() => ({})));
341
569
  }
570
+ /** §4.4 — set or change the signed-in user's Run402 password. Callee-enforced
571
+ * freshness (re-auth within 5 min) — throws FreshnessRequiredError otherwise.
572
+ * On success the gateway rotates (revokes) the user's other sessions. */
573
+ async function setPassword(newPassword, _opts) {
574
+ await accountAdvancedFetch("/auth/v1/account/password", {
575
+ method: "POST",
576
+ body: { new_password: newPassword },
577
+ });
578
+ }
579
+ /** §4.4 — sign out of every browser session for the context actor. */
580
+ async function signOutEverywhere() {
581
+ const out = (await accountAdvancedFetch("/auth/v1/account/sign-out-everywhere", {
582
+ method: "POST",
583
+ body: {},
584
+ }));
585
+ return { revoked_count: typeof out.revoked_count === "number" ? out.revoked_count : 0 };
586
+ }
587
+ const accountPasskeys = {
588
+ list: async () => {
589
+ const out = (await accountAdvancedFetch("/auth/v1/account/passkeys", { method: "GET" }));
590
+ return out.passkeys ?? [];
591
+ },
592
+ remove: async (passkeyId) => {
593
+ await accountAdvancedFetch("/auth/v1/account/passkeys/remove", {
594
+ method: "POST",
595
+ body: { passkey_id: passkeyId },
596
+ });
597
+ },
598
+ /** Passkey registration is a browser WebAuthn ceremony — it cannot run
599
+ * server-side. Use `<AccountSecurity sections={["passkeys"]}/>` or the
600
+ * hosted `/auth/passkeys/register` flow. */
601
+ add: () => {
602
+ throw new Error("auth.account.passkeys.add() can't run server-side: passkey registration is a browser WebAuthn ceremony. Use <AccountSecurity sections={[\"passkeys\"]}/> or the hosted /auth/passkeys/register flow.");
603
+ },
604
+ };
605
+ const accountIdentities = {
606
+ list: async () => {
607
+ const out = (await accountAdvancedFetch("/auth/v1/account/identities", { method: "GET" }));
608
+ return out.identities ?? [];
609
+ },
610
+ /** §4.5 — begin the OAuth link-to-existing-account ceremony. Mints the
611
+ * context actor's JWT and calls the gateway `intent:"link"` start route,
612
+ * returning the provider authorization URL for the caller to redirect to.
613
+ * The resulting identity is written against the signed-in account (NOT a
614
+ * new sign-in). `redirectUrl` must be a project-allowed origin. */
615
+ startLink: async (opts) => {
616
+ if (!opts?.provider)
617
+ throw new Error("auth.account.identities.startLink: provider is required");
618
+ if (!opts?.redirectUrl)
619
+ throw new Error("auth.account.identities.startLink: redirectUrl is required");
620
+ const out = (await accountAdvancedFetch(`/auth/v1/oauth/${opts.provider}/start`, {
621
+ method: "POST",
622
+ body: { intent: "link", redirect_url: opts.redirectUrl, mode: opts.mode ?? "redirect" },
623
+ }));
624
+ if (!out.authorization_url) {
625
+ throw new Error("auth.account.identities.startLink: gateway returned no authorization_url");
626
+ }
627
+ return {
628
+ authorizationUrl: out.authorization_url,
629
+ expiresIn: typeof out.expires_in === "number" ? out.expires_in : 600,
630
+ };
631
+ },
632
+ unlink: async (opts) => {
633
+ await accountAdvancedFetch("/auth/v1/account/identities/unlink", {
634
+ method: "POST",
635
+ body: { provider: opts.provider, subject: opts.subject },
636
+ });
637
+ },
638
+ };
639
+ const accountSessions = {
640
+ list: async () => {
641
+ const out = (await accountAdvancedFetch("/auth/v1/account/sessions", { method: "GET" }));
642
+ return out.sessions ?? [];
643
+ },
644
+ revoke: async (sessionId) => {
645
+ await accountAdvancedFetch("/auth/v1/account/sessions/revoke", {
646
+ method: "POST",
647
+ body: { session_id: sessionId },
648
+ });
649
+ },
650
+ };
651
+ /** `auth.account.*` proxy — `getSecurity`/`requireSecurity` (everyday read) +
652
+ * the §4.4 advanced mutation members (`setPassword`, `passkeys`, `identities`,
653
+ * `sessions`, `signOutEverywhere`) are the real members; the shipped throwing
654
+ * names (`get`, `signIn`, `login`, `currentUser`) and typos throw the
655
+ * structured unknown-export error (§4.6). */
656
+ const ACCOUNT_HALLUCINATED_NAMES = {
657
+ get: "auth.account.getSecurity() / auth.account.requireSecurity()",
658
+ signIn: "auth.sessions.createResponseFromTenantAssertion({...}) / createResponseFromIdentity({...})",
659
+ login: "auth.sessions.createResponseFromTenantAssertion({...})",
660
+ currentUser: "auth.user()",
661
+ user: "auth.user()",
662
+ };
663
+ const baseAccount = {
664
+ getSecurity,
665
+ requireSecurity,
666
+ setPassword,
667
+ signOutEverywhere,
668
+ passkeys: accountPasskeys,
669
+ identities: accountIdentities,
670
+ sessions: accountSessions,
671
+ };
672
+ const account = new Proxy(baseAccount, {
673
+ get(target, prop, receiver) {
674
+ if (typeof prop === "string" && !(prop in target)) {
675
+ throw new UnknownExportError({
676
+ attemptedName: `auth.account.${prop}`,
677
+ canonicalName: ACCOUNT_HALLUCINATED_NAMES[prop] ??
678
+ "auth.account.getSecurity() / auth.account.requireSecurity()",
679
+ });
680
+ }
681
+ return Reflect.get(target, prop, receiver);
682
+ },
683
+ });
342
684
  // ---------------------------------------------------------------------------
343
685
  // SDK proxy intercepting hallucinated names.
344
686
  // ---------------------------------------------------------------------------
@@ -358,7 +700,40 @@ const HALLUCINATED_NAMES = {
358
700
  getUser: "auth.user()",
359
701
  getToken: "auth.requireUser() then user.sessionId (tokens are not exposed)",
360
702
  protect: "auth.requireUser() / auth.requireRole(...)",
703
+ // Section 5 — forbidden legacy mint names + common top-level typos.
704
+ signInResponse: "throw auth.invalidCredentials() on failure, then auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
705
+ InvalidCredentialsError: "auth.invalidCredentials()",
706
+ createResponseFromTenantSubject: "auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
707
+ createResponseFromTenantAssertion: "auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
708
+ createResponseFromIdentity: "auth.sessions.createResponseFromIdentity({ provider, subject, proof, amr })",
709
+ };
710
+ /** `auth.sessions.*` proxy — mirrors the top-level `auth` proxy so forbidden
711
+ * legacy names (`createResponseFromTenantSubject`, `signInResponse`) and
712
+ * typos throw the structured unknown-export error pointing at the canonical
713
+ * primitive, instead of silently returning `undefined`. */
714
+ const SESSIONS_HALLUCINATED_NAMES = {
715
+ createResponseFromTenantSubject: "auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
716
+ signInResponse: "auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
717
+ fromIdentity: "auth.sessions.createResponseFromIdentity({ ... })",
718
+ fromTenantAssertion: "auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
361
719
  };
720
+ const baseSessions = {
721
+ createResponseFromIdentity,
722
+ createResponseFromTenantAssertion,
723
+ endResponse,
724
+ };
725
+ const sessions = new Proxy(baseSessions, {
726
+ get(target, prop, receiver) {
727
+ if (typeof prop === "string" && !(prop in target)) {
728
+ throw new UnknownExportError({
729
+ attemptedName: `auth.sessions.${prop}`,
730
+ canonicalName: SESSIONS_HALLUCINATED_NAMES[prop] ??
731
+ "auth.sessions.createResponseFromIdentity / createResponseFromTenantAssertion / endResponse",
732
+ });
733
+ }
734
+ return Reflect.get(target, prop, receiver);
735
+ },
736
+ });
362
737
  const baseAuth = {
363
738
  user,
364
739
  requireUser,
@@ -368,13 +743,12 @@ const baseAuth = {
368
743
  fetch: authFetch,
369
744
  csrfToken,
370
745
  csrfField,
746
+ invalidCredentials,
747
+ account,
371
748
  identities: {
372
749
  link: linkIdentity,
373
750
  },
374
- sessions: {
375
- createResponseFromIdentity,
376
- endResponse,
377
- },
751
+ sessions,
378
752
  };
379
753
  /** Hallucinated-name proxy. Property access for a name not in
380
754
  * `baseAuth` throws `R402_AUTH_UNKNOWN_EXPORT` with the canonical
@@ -449,5 +823,5 @@ function currentReturnTo() {
449
823
  return undefined;
450
824
  return ctx.request.url;
451
825
  }
452
- export { AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, Run402AuthError, } from "./errors.js";
826
+ export { AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, InvalidCredentialsError, TenantSubjectInvalidError, RenamedExportError, Run402AuthError, } from "./errors.js";
453
827
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,GAEjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,GAAG,MAAM,eAAe,CAAC;AAChC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,EACtB,2BAA2B,EAC3B,qBAAqB,EAErB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AAMrB,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,8EAA8E;AAC9E,mCAAmC;AACnC,8EAA8E;AAE9E,KAAK,UAAU,IAAI;IACjB,oEAAoE;IACpE,8DAA8D;IAC9D,gBAAgB,EAAE,CAAC;IACnB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,mEAAmE;QACnE,gEAAgE;QAChE,mEAAmE;QACnE,gEAAgE;QAChE,+DAA+D;QAC/D,qEAAqE;QACrE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,+DAA+D;IAC/D,mDAAmD;IACnD,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,OAAO,yBAAyB,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;IAC7D,CAAC;IACD,oEAAoE;IACpE,qEAAqE;IACrE,mEAAmE;IACnE,iEAAiE;IACjE,kEAAkE;IAClE,+DAA+D;IAC/D,2DAA2D;IAC3D,OAAO,4BAA4B,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;;;;iBAUiB;AACjB,SAAS,4BAA4B,CACnC,GAAsD;IAEtD,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC;IACpC,kEAAkE;IAClE,qEAAqE;IACrE,8BAA8B;IAC9B,IAAI,UAA8B,CAAC;IACnC,8DAA8D;IAC9D,MAAM,CAAC,GAAG,OAAc,CAAC;IACzB,IAAI,OAAO,CAAC,EAAE,GAAG,KAAK,UAAU,EAAE,CAAC;QACjC,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,SAAS,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC;QACzD,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACjD,CAAC;IACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CASvB,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,OAAO,CAAC,UAAU,KAAK,GAAG,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QACtD,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,GAAG;YACf,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,SAAS,EAAE,OAAO,CAAC,UAAU,IAAI,UAAU,OAAO,CAAC,GAAG,EAAE;YACxD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,aAAa,EAAE,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAC5D,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;YACvD,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,KAAK,GAAG,MAAM,IAAI,EAAE,CAAC;IAC3B,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,MAAM,IAAI,iBAAiB,CAAC,EAAE,QAAQ,EAAE,eAAe,EAAE,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,IAAO;IAEP,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,uEAAuE;IACvE,gEAAgE;IAChE,mEAAmE;IACnE,kCAAkC;IAClC,MAAM,GAAG,GAAG,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;IACzE,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC/B,CAAC;IACD,MAAM,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,UAAU,CACjB,OAAsD,EACtD,IAAY;IAEZ,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACtF,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,UAAa;IAEb,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,wEAAwE;IACxE,wEAAwE;IACxE,oEAAoE;IACpE,MAAM,GAAG,GAAG,oBAAoB,CAAC,wBAAwB,CAAC,CAAC;IAC3D,MAAM,gBAAgB,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,0BAA0B,CAAC,CAAC;IACrF,IAAI,gBAAgB,KAAK,UAAU,EAAE,CAAC;QACpC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrC,CAAC;IACD,MAAM,IAAI,2BAA2B,CAAC,UAAU,CAAC,CAAC;AACpD,CAAC;AAaD,KAAK,UAAU,YAAY,CAAC,IAAyB;IACnD,gBAAgB,EAAE,CAAC;IACnB,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YAClC,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClC,OAAO,OAAO,EAAE,KAAK,QAAQ,IAAI,MAAM,GAAG,EAAE,IAAI,SAAS,CAAC;QAC5D,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,IAAI,sBAAsB,CAAC;gBAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,QAAQ,EAAE,eAAe,EAAE;aAC5B,CAAC,CAAC;QACL,CAAC;QACD,OAAO;IACT,CAAC;IACD,IAAI,MAAM,GAAG,KAAK,CAAC,QAAQ,IAAI,SAAS;QAAE,OAAO;IACjD,MAAM,IAAI,sBAAsB,CAAC;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,EAAE,EAAE;QACP,QAAQ,EAAE,eAAe,EAAE;KAC5B,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,EAAE,GAAG,oBAAoB,CAAC;IAChC,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,QAAQ,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5B,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,CAAC;gBACX,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC;gBAClB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC;gBACnB,MAAM;QACV,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAE9E,KAAK,UAAU,SAAS,CACtB,KAAwB,EACxB,IAAkB;IAElB,MAAM,GAAG,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAC;IACxE,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,qBAAqB,CAAC;YAC9B,SAAS,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;YACpG,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,kEAAkE;IAClE,mEAAmE;IACnE,mEAAmE;IACnE,kEAAkE;IAClE,6DAA6D;IAC7D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,kEAAkE;IAClE,sEAAsE;IACtE,mEAAmE;IACnE,kEAAkE;IAClE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEzB,MAAM,WAAW,GAAgB;QAC/B,GAAG,IAAI;QACP,OAAO;QACP,QAAQ,EAAE,IAAI,EAAE,QAAQ,IAAI,QAAQ;KACrC,CAAC;IACF,OAAO,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,wEAAwE;AACxE,8EAA8E;AAE9E,SAAS,SAAS;IAChB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACvB,kEAAkE;QAClE,kEAAkE;QAClE,8DAA8D;QAC9D,yBAAyB;QACzB,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAChC,CAAC;IACD,oEAAoE;IACpE,mEAAmE;IACnE,mEAAmE;IACnE,gEAAgE;IAChE,kEAAkE;IAClE,mEAAmE;IACnE,qDAAqD;IACrD,MAAM,KAAK,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,OAAO,CAAC;IAClE,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACtF,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,4CAA4C,UAAU,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC;AACjF,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,8EAA8E;AAC9E,6DAA6D;AAC7D,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,4CAA4C;AAC5C,8EAA8E;AAE9E,KAAK,UAAU,0BAA0B,CACvC,IAAuC;IAEvC,MAAM,GAAG,GAAG,oBAAoB,CAAC,0CAA0C,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,+DAA+D;IAC/D,qEAAqE;IACrE,kEAAkE;IAClE,gEAAgE;IAChE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,iCAAiC,EAAE;QAClE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;QAC1B,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,GAAG,GAAG,oBAAoB,CAAC,2BAA2B,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,uBAAuB,EAAE;QACxD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,KAAK,UAAU,YAAY,CAAC,IAAyB;IACnD,MAAM,GAAG,GAAG,oBAAoB,CAAC,sBAAsB,CAAC,CAAC;IACzD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,0BAA0B,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;QAC1B,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvB,8CAA8C;QAC9C,8DAA8D;QAC9D,MAAM,IAAI,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,yBAAyB,CAAC;YAChE,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B,CAAC;YACnE,MAAM,EAAG,IAA0B,CAAC,IAAI,IAAI,gBAAgB,GAAG,CAAC,MAAM,EAAE;SACzE,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,6CAA6C;AAC7C,8EAA8E;AAE9E,MAAM,kBAAkB,GAA2B;IACjD,OAAO,EAAE,gDAAgD;IACzD,UAAU,EAAE,aAAa;IACzB,WAAW,EAAE,aAAa;IAC1B,cAAc,EAAE,aAAa;IAC7B,WAAW,EAAE,oBAAoB;IACjC,UAAU,EAAE,6CAA6C;IACzD,MAAM,EAAE,sFAAsF;IAC9F,OAAO,EAAE,6BAA6B;IACtC,OAAO,EAAE,6BAA6B;IACtC,MAAM,EAAE,6BAA6B;IACrC,KAAK,EAAE,iDAAiD;IACxD,gBAAgB,EAAE,yCAAyC;IAC3D,OAAO,EAAE,aAAa;IACtB,QAAQ,EAAE,iEAAiE;IAC3E,OAAO,EAAE,4CAA4C;CACtD,CAAC;AA2BF,MAAM,QAAQ,GAAkB;IAC9B,IAAI;IACJ,WAAW;IACX,WAAW;IACX,iBAAiB;IACjB,YAAY;IACZ,KAAK,EAAE,SAAS;IAChB,SAAS;IACT,SAAS;IACT,UAAU,EAAE;QACV,IAAI,EAAE,YAAY;KACnB;IACD,QAAQ,EAAE;QACR,0BAA0B;QAC1B,WAAW;KACZ;CACF,CAAC;AAEF;;;gEAGgE;AAChE,MAAM,CAAC,MAAM,IAAI,GAAkB,IAAI,KAAK,CAAC,QAAQ,EAAE;IACrD,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,kBAAkB,CAAC;oBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;oBAC7B,aAAa,EAAE,WAAW;iBAC3B,CAAC,CAAC;YACL,CAAC;YACD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;gBAC7B,aAAa,EAAE,0EAA0E;aAC1F,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH;;;;;;;;GAQG;AAEH,6DAA6D;AAC7D,MAAM,UAAU,UAAU;IACxB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,WAAW;IACzB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC/F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,cAAc;IAC5B,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAClG,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,gBAAgB;IAC9B,MAAM,IAAI,kBAAkB,CAAC;QAC3B,aAAa,EAAE,kBAAkB;QACjC,aAAa,EAAE,aAAa;KAC7B,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,yBAAyB,CAChC,QAA6B,EAC7B,SAAiB;IAEjB,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO;QACL,EAAE,EAAE,QAAQ,CAAC,EAAE;QACf,SAAS;QACT,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,aAAa,EAAE,QAAQ,CAAC,aAAa;QACrC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,GAAG,EAAE,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC;QACtB,QAAQ,EAAE,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzB,CAAC;AAID,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,4BAA4B,EAC5B,yBAAyB,EACzB,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,GAEjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,GAAG,MAAM,eAAe,CAAC;AAChC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,EACtB,2BAA2B,EAC3B,qBAAqB,EACrB,uBAAuB,EAEvB,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AAQrB,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,8EAA8E;AAC9E,mCAAmC;AACnC,8EAA8E;AAE9E,KAAK,UAAU,IAAI;IACjB,oEAAoE;IACpE,8DAA8D;IAC9D,gBAAgB,EAAE,CAAC;IACnB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,mEAAmE;QACnE,gEAAgE;QAChE,mEAAmE;QACnE,gEAAgE;QAChE,+DAA+D;QAC/D,qEAAqE;QACrE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,+DAA+D;IAC/D,mDAAmD;IACnD,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,OAAO,yBAAyB,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;IAC7D,CAAC;IACD,uEAAuE;IACvE,uEAAuE;IACvE,uEAAuE;IACvE,8DAA8D;IAC9D,uEAAuE;IACvE,uEAAuE;IACvE,IAAI,GAAG,CAAC,cAAc,KAAK,aAAa,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,oEAAoE;IACpE,qEAAqE;IACrE,mEAAmE;IACnE,iEAAiE;IACjE,kEAAkE;IAClE,+DAA+D;IAC/D,2DAA2D;IAC3D,OAAO,4BAA4B,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;;;;iBAUiB;AACjB,SAAS,4BAA4B,CACnC,GAAsD;IAEtD,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC;IACpC,kEAAkE;IAClE,qEAAqE;IACrE,8BAA8B;IAC9B,IAAI,UAA8B,CAAC;IACnC,8DAA8D;IAC9D,MAAM,CAAC,GAAG,OAAc,CAAC;IACzB,IAAI,OAAO,CAAC,EAAE,GAAG,KAAK,UAAU,EAAE,CAAC;QACjC,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,SAAS,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC;QACzD,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACjD,CAAC;IACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CASvB,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,OAAO,CAAC,UAAU,KAAK,GAAG,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QACtD,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,GAAG;YACf,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,SAAS,EAAE,OAAO,CAAC,UAAU,IAAI,UAAU,OAAO,CAAC,GAAG,EAAE;YACxD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,aAAa,EAAE,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAC5D,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;YACvD,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,KAAK,GAAG,MAAM,IAAI,EAAE,CAAC;IAC3B,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,MAAM,IAAI,iBAAiB,CAAC,EAAE,QAAQ,EAAE,eAAe,EAAE,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,IAAO;IAEP,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,uEAAuE;IACvE,gEAAgE;IAChE,mEAAmE;IACnE,kCAAkC;IAClC,MAAM,GAAG,GAAG,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;IACzE,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC/B,CAAC;IACD,MAAM,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,UAAU,CACjB,OAAsD,EACtD,IAAY;IAEZ,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACtF,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,UAAa;IAEb,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,wEAAwE;IACxE,wEAAwE;IACxE,oEAAoE;IACpE,MAAM,GAAG,GAAG,oBAAoB,CAAC,wBAAwB,CAAC,CAAC;IAC3D,MAAM,gBAAgB,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,0BAA0B,CAAC,CAAC;IACrF,IAAI,gBAAgB,KAAK,UAAU,EAAE,CAAC;QACpC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrC,CAAC;IACD,MAAM,IAAI,2BAA2B,CAAC,UAAU,CAAC,CAAC;AACpD,CAAC;AAaD,KAAK,UAAU,YAAY,CAAC,IAAyB;IACnD,gBAAgB,EAAE,CAAC;IACnB,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YAClC,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClC,OAAO,OAAO,EAAE,KAAK,QAAQ,IAAI,MAAM,GAAG,EAAE,IAAI,SAAS,CAAC;QAC5D,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,IAAI,sBAAsB,CAAC;gBAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,QAAQ,EAAE,eAAe,EAAE;aAC5B,CAAC,CAAC;QACL,CAAC;QACD,OAAO;IACT,CAAC;IACD,IAAI,MAAM,GAAG,KAAK,CAAC,QAAQ,IAAI,SAAS;QAAE,OAAO;IACjD,MAAM,IAAI,sBAAsB,CAAC;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,EAAE,EAAE;QACP,QAAQ,EAAE,eAAe,EAAE;KAC5B,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,EAAE,GAAG,oBAAoB,CAAC;IAChC,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,QAAQ,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5B,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,CAAC;gBACX,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC;gBAClB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC;gBACnB,MAAM;QACV,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAE9E,KAAK,UAAU,SAAS,CACtB,KAAwB,EACxB,IAAkB;IAElB,MAAM,GAAG,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAC;IACxE,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,qBAAqB,CAAC;YAC9B,SAAS,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;YACpG,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,kEAAkE;IAClE,mEAAmE;IACnE,mEAAmE;IACnE,kEAAkE;IAClE,6DAA6D;IAC7D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,kEAAkE;IAClE,sEAAsE;IACtE,mEAAmE;IACnE,kEAAkE;IAClE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEzB,MAAM,WAAW,GAAgB;QAC/B,GAAG,IAAI;QACP,OAAO;QACP,QAAQ,EAAE,IAAI,EAAE,QAAQ,IAAI,QAAQ;KACrC,CAAC;IACF,OAAO,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,wEAAwE;AACxE,8EAA8E;AAE9E,SAAS,SAAS;IAChB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACvB,kEAAkE;QAClE,kEAAkE;QAClE,8DAA8D;QAC9D,yBAAyB;QACzB,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAChC,CAAC;IACD,oEAAoE;IACpE,mEAAmE;IACnE,mEAAmE;IACnE,gEAAgE;IAChE,kEAAkE;IAClE,mEAAmE;IACnE,qDAAqD;IACrD,MAAM,KAAK,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,OAAO,CAAC;IAClE,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACtF,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,4CAA4C,UAAU,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC;AACjF,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,8EAA8E;AAC9E,6DAA6D;AAC7D,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,4CAA4C;AAC5C,8EAA8E;AAE9E,KAAK,UAAU,0BAA0B,CACvC,IAAuC;IAEvC,MAAM,GAAG,GAAG,oBAAoB,CAAC,0CAA0C,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,+DAA+D;IAC/D,qEAAqE;IACrE,kEAAkE;IAClE,gEAAgE;IAChE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,iCAAiC,EAAE;QAClE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;QAC1B,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;yCAKyC;AACzC,MAAM,CAAC,MAAM,qBAAqB,GAAG,yBAAyB,CAAC;AAE/D;;;;;;;;;;;;;;;;;;;GAmBG;AACH,KAAK,UAAU,iCAAiC,CAC9C,IAA8C;IAE9C,2EAA2E;IAC3E,oBAAoB,CAAC,iDAAiD,CAAC,CAAC;IAExE,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,IAAI,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,yBAAyB,CAAC,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,CAAC;IACxB,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,yBAAyB,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,EAAE,GAAG,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7D,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,gEAAgE;SACzE,CAAC,CAAC;IACL,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACtE,6EAA6E;IAC7E,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,KAAK,EAAE,CAAC;QACrC,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,uDAAuD;SAChE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QACxD,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,sCAAsC;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,MAAM,SAAS,GAAG;QAChB,CAAC,EAAE,CAAU;QACb,MAAM;QACN,IAAI,EAAE;YACJ,EAAE;YACF,KAAK;YACL,aAAa,EAAE,IAAI,CAAC,aAAa,KAAK,IAAI;YAC1C,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjE;QACD,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxE,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CACrE,WAAW,CACZ,CAAC;IACF,6EAA6E;IAC7E,gBAAgB,EAAE,CAAC;IACnB,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;QAChD,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,CAAC,qBAAqB,CAAC,EAAE,OAAO;SACjC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;kEAIkE;AAClE,SAAS,kBAAkB;IACzB,OAAO,IAAI,uBAAuB,EAAE,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,GAAG,GAAG,oBAAoB,CAAC,2BAA2B,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,uBAAuB,EAAE;QACxD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;;kFAIkF;AAClF,KAAK,UAAU,YAAY,CAAC,KAA0B;IACpD,MAAM,IAAI,kBAAkB,CAAC;QAC3B,OAAO,EAAE,sBAAsB;QAC/B,OAAO,EAAE,mCAAmC;KAC7C,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,wEAAwE;AACxE,6EAA6E;AAC7E,8CAA8C;AAC9C,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,KAAK,UAAU,WAAW;IACxB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,MAAM,KAAK,GAAG,MAAM,IAAI,EAAE,CAAC;IAC3B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,KAAa,CAAC;IAClB,IAAI,CAAC;QACH,KAAK,GAAG,GAAG,CAAC,IAAI,CACd;YACE,GAAG,EAAE,KAAK,CAAC,EAAE;YACb,IAAI,EAAE,eAAwB;YAC9B,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,SAAS;YAC3B,GAAG,EAAE,SAAkB;YACvB,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,MAAM,GAAG,EAAE;SACjB,EACD,MAAM,CAAC,UAAU,CAClB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,2EAA2E;IAC3E,4EAA4E;IAC5E,8EAA8E;IAC9E,wEAAwE;IACxE,MAAM,SAAS,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACxC,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,KAAK,CACf,GAAG,MAAM,CAAC,QAAQ,wCAAwC,kBAAkB,CAAC,SAAS,CAAC,EAAE,EACzF;YACE,OAAO,EAAE;gBACP,MAAM,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;gBAC7B,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,MAAM,EAAE,kBAAkB;aAC3B;YACD,QAAQ,EAAE,QAAQ;SACnB,CACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAExC,CAAC;IACT,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,4EAA4E;IAC5E,OAAO,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAClC,CAAC;AAED,kDAAkD;AAClD,KAAK,UAAU,eAAe;IAC5B,MAAM,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC;IACrC,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAC7C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,8EAA8E;AAC9E,2EAA2E;AAC3E,mEAAmE;AACnE,4EAA4E;AAC5E,8EAA8E;AAC9E,2EAA2E;AAC3E,8EAA8E;AAE9E;;gFAEgF;AAChF,SAAS,sBAAsB,CAAC,KAAY;IAC1C,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,IAAI,CACb;YACE,GAAG,EAAE,KAAK,CAAC,EAAE;YACb,IAAI,EAAE,eAAwB;YAC9B,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,SAAS;YAC3B,GAAG,EAAE,SAAkB;YACvB,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,MAAM,GAAG,EAAE;YAChB,SAAS,EAAE,KAAK,CAAC,QAAQ;SAC1B,EACD,MAAM,CAAC,UAAU,CAClB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;gFAEgF;AAChF,KAAK,UAAU,oBAAoB,CACjC,IAAY,EACZ,IAAgE;IAEhE,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACxC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAClD,MAAM,KAAK,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAC1C,4EAA4E;IAC5E,8EAA8E;IAC9E,mEAAmE;IACnE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,QAAQ,GAAG,IAAI,EAAE,EAAE;QACnD,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,OAAO,EAAE;YACP,MAAM,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC7B,aAAa,EAAE,UAAU,KAAK,EAAE;YAChC,MAAM,EAAE,kBAAkB;YAC1B,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3E;QACD,IAAI,EAAE,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACrE,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAA6B,CAAC;QAC9E,IAAI,IAAI,EAAE,IAAI,KAAK,8BAA8B,EAAE,CAAC;YAClD,MAAM,IAAI,sBAAsB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QAC9D,CAAC;QACD,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAChC,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,YAAY,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAY,CAAC;AACzD,CAAC;AAED;;0EAE0E;AAC1E,KAAK,UAAU,WAAW,CAAC,WAAmB,EAAE,KAA2B;IACzE,MAAM,oBAAoB,CAAC,2BAA2B,EAAE;QACtD,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC;AAED,sEAAsE;AACtE,KAAK,UAAU,iBAAiB;IAC9B,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,sCAAsC,EAAE;QAC9E,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,EAAE;KACT,CAAC,CAA+B,CAAC;IAClC,OAAO,EAAE,aAAa,EAAE,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAC1F,CAAC;AAED,MAAM,eAAe,GAAG;IACtB,IAAI,EAAE,KAAK,IAAwB,EAAE;QACnC,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,2BAA2B,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAEtF,CAAC;QACF,OAAO,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC5B,CAAC;IACD,MAAM,EAAE,KAAK,EAAE,SAAiB,EAAiB,EAAE;QACjD,MAAM,oBAAoB,CAAC,kCAAkC,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IACD;;iDAE6C;IAC7C,GAAG,EAAE,GAAU,EAAE;QACf,MAAM,IAAI,KAAK,CACb,sMAAsM,CACvM,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACxB,IAAI,EAAE,KAAK,IAAwB,EAAE;QACnC,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,6BAA6B,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAExF,CAAC;QACF,OAAO,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;IAC9B,CAAC;IACD;;;;wEAIoE;IACpE,SAAS,EAAE,KAAK,EAAE,IAIjB,EAA4D,EAAE;QAC7D,IAAI,CAAC,IAAI,EAAE,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAChG,IAAI,CAAC,IAAI,EAAE,WAAW;YACpB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,kBAAkB,IAAI,CAAC,QAAQ,QAAQ,EAAE;YAC/E,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,UAAU,EAAE;SACxF,CAAC,CAAwD,CAAC;QAC3D,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;QAC9F,CAAC;QACD,OAAO;YACL,gBAAgB,EAAE,GAAG,CAAC,iBAAiB;YACvC,SAAS,EAAE,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG;SACrE,CAAC;IACJ,CAAC;IACD,MAAM,EAAE,KAAK,EAAE,IAA2C,EAAiB,EAAE;QAC3E,MAAM,oBAAoB,CAAC,oCAAoC,EAAE;YAC/D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACzD,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,eAAe,GAAG;IACtB,IAAI,EAAE,KAAK,IAAwB,EAAE;QACnC,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,2BAA2B,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAEtF,CAAC;QACF,OAAO,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC5B,CAAC;IACD,MAAM,EAAE,KAAK,EAAE,SAAiB,EAAiB,EAAE;QACjD,MAAM,oBAAoB,CAAC,kCAAkC,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF;;;;8CAI8C;AAC9C,MAAM,0BAA0B,GAA2B;IACzD,GAAG,EAAE,6DAA6D;IAClE,MAAM,EACJ,4FAA4F;IAC9F,KAAK,EAAE,wDAAwD;IAC/D,WAAW,EAAE,aAAa;IAC1B,IAAI,EAAE,aAAa;CACpB,CAAC;AAEF,MAAM,WAAW,GAAG;IAClB,WAAW;IACX,eAAe;IACf,WAAW;IACX,iBAAiB;IACjB,QAAQ,EAAE,eAAe;IACzB,UAAU,EAAE,iBAAiB;IAC7B,QAAQ,EAAE,eAAe;CAC1B,CAAC;AAEF,MAAM,OAAO,GAA6B,IAAI,KAAK,CAAC,WAAW,EAAE;IAC/D,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,gBAAgB,IAAI,EAAE;gBACrC,aAAa,EACX,0BAA0B,CAAC,IAAI,CAAC;oBAChC,6DAA6D;aAChE,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH,8EAA8E;AAC9E,6CAA6C;AAC7C,8EAA8E;AAE9E,MAAM,kBAAkB,GAA2B;IACjD,OAAO,EAAE,gDAAgD;IACzD,UAAU,EAAE,aAAa;IACzB,WAAW,EAAE,aAAa;IAC1B,cAAc,EAAE,aAAa;IAC7B,WAAW,EAAE,oBAAoB;IACjC,UAAU,EAAE,6CAA6C;IACzD,MAAM,EAAE,sFAAsF;IAC9F,OAAO,EAAE,6BAA6B;IACtC,OAAO,EAAE,6BAA6B;IACtC,MAAM,EAAE,6BAA6B;IACrC,KAAK,EAAE,iDAAiD;IACxD,gBAAgB,EAAE,yCAAyC;IAC3D,OAAO,EAAE,aAAa;IACtB,QAAQ,EAAE,iEAAiE;IAC3E,OAAO,EAAE,4CAA4C;IACrD,oEAAoE;IACpE,cAAc,EACZ,4HAA4H;IAC9H,uBAAuB,EAAE,2BAA2B;IACpD,+BAA+B,EAC7B,2EAA2E;IAC7E,iCAAiC,EAC/B,2EAA2E;IAC7E,0BAA0B,EACxB,6EAA6E;CAChF,CAAC;AAmEF;;;4DAG4D;AAC5D,MAAM,2BAA2B,GAA2B;IAC1D,+BAA+B,EAC7B,2EAA2E;IAC7E,cAAc,EACZ,2EAA2E;IAC7E,YAAY,EAAE,mDAAmD;IACjE,mBAAmB,EACjB,2EAA2E;CAC9E,CAAC;AAEF,MAAM,YAAY,GAAG;IACnB,0BAA0B;IAC1B,iCAAiC;IACjC,WAAW;CACZ,CAAC;AAEF,MAAM,QAAQ,GAA8B,IAAI,KAAK,CAAC,YAAY,EAAE;IAClE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,iBAAiB,IAAI,EAAE;gBACtC,aAAa,EACX,2BAA2B,CAAC,IAAI,CAAC;oBACjC,4FAA4F;aAC/F,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH,MAAM,QAAQ,GAAkB;IAC9B,IAAI;IACJ,WAAW;IACX,WAAW;IACX,iBAAiB;IACjB,YAAY;IACZ,KAAK,EAAE,SAAS;IAChB,SAAS;IACT,SAAS;IACT,kBAAkB;IAClB,OAAO;IACP,UAAU,EAAE;QACV,IAAI,EAAE,YAAY;KACnB;IACD,QAAQ;CACT,CAAC;AAEF;;;gEAGgE;AAChE,MAAM,CAAC,MAAM,IAAI,GAAkB,IAAI,KAAK,CAAC,QAAQ,EAAE;IACrD,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,kBAAkB,CAAC;oBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;oBAC7B,aAAa,EAAE,WAAW;iBAC3B,CAAC,CAAC;YACL,CAAC;YACD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;gBAC7B,aAAa,EAAE,0EAA0E;aAC1F,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH;;;;;;;;GAQG;AAEH,6DAA6D;AAC7D,MAAM,UAAU,UAAU;IACxB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,WAAW;IACzB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC/F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,cAAc;IAC5B,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAClG,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,gBAAgB;IAC9B,MAAM,IAAI,kBAAkB,CAAC;QAC3B,aAAa,EAAE,kBAAkB;QACjC,aAAa,EAAE,aAAa;KAC7B,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,yBAAyB,CAChC,QAA6B,EAC7B,SAAiB;IAEjB,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO;QACL,EAAE,EAAE,QAAQ,CAAC,EAAE;QACf,SAAS;QACT,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,aAAa,EAAE,QAAQ,CAAC,aAAa;QACrC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,GAAG,EAAE,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC;QACtB,QAAQ,EAAE,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzB,CAAC;AAYD,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,4BAA4B,EAC5B,yBAAyB,EACzB,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,eAAe,GAChB,MAAM,aAAa,CAAC"}
@@ -55,4 +55,71 @@ export interface IdentityLinkOptions {
55
55
  subject: string;
56
56
  proof: IdentityProof;
57
57
  }
58
+ /** The tenant's view of a user it has already authenticated against its OWN
59
+ * store (bcrypt, custom DB, external IdP). `id` MUST be a stable primary key
60
+ * — NOT a bare email. Platform identity uniqueness is `(project_id, issuer,
61
+ * id)`; linking is by `(issuer, id)` only, never implicitly by email. */
62
+ export interface TenantUser {
63
+ id: string;
64
+ email: string;
65
+ emailVerified: boolean;
66
+ displayName?: string;
67
+ avatarUrl?: string;
68
+ }
69
+ /** A Run402-verified federated identity link (OAuth / cryptographic proof). */
70
+ export interface Run402Identity {
71
+ provider: string;
72
+ provider_sub: string;
73
+ provider_email: string | null;
74
+ created_at: string;
75
+ }
76
+ /** A tenant-vouched assertion link (from `createResponseFromTenantAssertion`).
77
+ * `last_amr` reflects the tenant provenance (e.g. `["tenant_password"]`),
78
+ * intentionally distinct from Run402-verified amr values. */
79
+ export interface TenantAssertionRef {
80
+ issuer: string;
81
+ last_amr: string[];
82
+ }
83
+ /** The rich account/security read returned by `auth.account.getSecurity()` —
84
+ * distinct from the cheap per-request `auth.user()` Actor. Credentials are
85
+ * qualified to Run402 ownership (`has_run402_password`, `run402_passkey_count`,
86
+ * `run402_identities`) so a tenant-vouched user (no Run402 password) reads
87
+ * `has_run402_password: false`.
88
+ *
89
+ * §4.8 — branch parity with the shipped `GET /auth/v1/user`. Every UI branch
90
+ * the old fields drove is preserved by the ownership-qualified mapping:
91
+ * - `has_password` → `has_run402_password` (set-vs-change password)
92
+ * - `has_passkeys`/`passkey_count` → `run402_passkey_count` (offer "Add passkey")
93
+ * - `has_passkey_for_current_rp` → `has_run402_passkey_for_current_rp`
94
+ * - `identities` → `run402_identities` (connected accounts)
95
+ * - `current_rp_id` → `current_rp_id` (unchanged)
96
+ * Plus the new `passkey_rp_scope` and `tenant_assertions` (tenant provenance,
97
+ * which the old endpoint conflated into `has_password`/`identities`). */
98
+ export interface AccountSecurity {
99
+ user: Actor;
100
+ has_run402_password: boolean;
101
+ run402_passkey_count: number;
102
+ has_run402_passkey_for_current_rp: boolean | null;
103
+ run402_identities: Run402Identity[];
104
+ current_rp_id: string | null;
105
+ passkey_rp_scope: "host" | "realm";
106
+ tenant_assertions: TenantAssertionRef[];
107
+ }
108
+ /** Options for `auth.sessions.createResponseFromTenantAssertion`. Agent-proof
109
+ * by design: the platform derives `issuer: "tenant:<tenant>"` from `tenant`
110
+ * and `amr` from `method` (`"password"` → `tenant_password`, `"sso"` →
111
+ * `tenant_sso`). The agent never hand-builds `issuer`/`amr`; arbitrary amr is
112
+ * available only via the `advanced` escape hatch. */
113
+ export interface CreateResponseFromTenantAssertionOptions {
114
+ /** Short tenant identifier; becomes `issuer: "tenant:<tenant>"`. */
115
+ tenant: string;
116
+ /** The tenant-verified user. Requires a stable `user.id`. */
117
+ user: TenantUser;
118
+ /** The credential class the tenant verified. */
119
+ method: "password" | "sso";
120
+ /** Escape hatch for arbitrary amr values — agents should not need this. */
121
+ advanced?: {
122
+ amr: string[];
123
+ };
124
+ }
58
125
  //# sourceMappingURL=types.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,KAAK;IACpB,kEAAkE;IAClE,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;;uCAGuC;AACvC,MAAM,MAAM,aAAa,GACrB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACpE;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACnD;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzD,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;IACrB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd;;uEAEmE;IACnE,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;CACtB"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,KAAK;IACpB,kEAAkE;IAClE,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;;uCAGuC;AACvC,MAAM,MAAM,aAAa,GACrB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACpE;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACnD;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzD,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;IACrB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd;;uEAEmE;IACnE,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;CACtB;AAED;;;0EAG0E;AAC1E,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,+EAA+E;AAC/E,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;8DAE8D;AAC9D,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;;;;;;;;;;;;0EAc0E;AAC1E,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,KAAK,CAAC;IACZ,mBAAmB,EAAE,OAAO,CAAC;IAC7B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,iCAAiC,EAAE,OAAO,GAAG,IAAI,CAAC;IAClD,iBAAiB,EAAE,cAAc,EAAE,CAAC;IACpC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC;IACnC,iBAAiB,EAAE,kBAAkB,EAAE,CAAC;CACzC;AAED;;;;sDAIsD;AACtD,MAAM,WAAW,wCAAwC;IACvD,oEAAoE;IACpE,MAAM,EAAE,MAAM,CAAC;IACf,6DAA6D;IAC7D,IAAI,EAAE,UAAU,CAAC;IACjB,gDAAgD;IAChD,MAAM,EAAE,UAAU,GAAG,KAAK,CAAC;IAC3B,2EAA2E;IAC3E,QAAQ,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAC9B"}