@sakeetech/vendure-payment-viva 0.2.1

package/dist/api/admin-onboarding.controller.js

@@ -0,0 +1,496 @@
+/**
+ * api/admin-onboarding.controller.ts — Connected Accounts onboarding admin REST endpoints.
+ *
+ * Routes (all under /viva/admin/connected-accounts):
+ *
+ *   POST   /viva/admin/connected-accounts
+ *     Initiate onboarding for a channel. Calls IsvAccounts.createConnectedAccount,
+ *     writes vivaAccountId to the channel, returns {accountId, onboardingUrl}.
+ *
+ *   GET    /viva/admin/connected-accounts/:channelId
+ *     Return onboarding status: {accountId, merchantId, payoutsEnabled,
+ *     verificationStatus, applePayDomainVerified}.
+ *     Optionally hits IsvAccounts.retrieveConnectedAccount (cached 30s) for a
+ *     richer verificationStatus when the channel has an accountId.
+ *
+ *   POST   /viva/admin/connected-accounts/:channelId/reconcile
+ *     Manual recovery if webhook 8194 was missed. Calls
+ *     IsvAccounts.retrieveConnectedAccount and, if verified, writes vivaMerchantId
+ *     then flips vivaPayoutsEnabled=true via ConnectedAccountsService (preserving
+ *     the mandatory field-write order).
+ *
+ * Auth: @Allow(Permission.SuperAdmin) on every handler.
+ *
+ * Error envelope: every error response is VivaPluginError.toJSON() shape.
+ *
+ * @see docs/plans/vendure-plugin-v0.md §"API Surface — REST endpoints"
+ * @see docs/plans/vendure-plugin-v0.md §"Onboarding Flow (§10)"
+ * @see docs/plans/vendure-plugin-v0.md §"Build Plan — V9"
+ * @see docs/VENDURE-CONTRACT.MD §10
+ */
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { Controller, Post, Get, Param, Body, Res, Inject, UseGuards, } from '@nestjs/common';
+import { Allow, Permission, TransactionalConnection, RequestContextService, Logger, } from '@vendure/core';
+import { AuthGuard } from '@vendure/core';
+import { IsvAccounts, IsvHttpClient } from '@sakeetech/viva-payments-core/isv';
+import { VivaApiError, VivaAuthError, VivaModeMismatchError, } from '@sakeetech/viva-payments-core/errors';
+import { ConnectedAccountsService } from '../services/connected-accounts.service.js';
+import { VivaPluginError } from '../util/error-envelope.js';
+import { VIVA_PLUGIN_OPTIONS, VIVA_OAUTH2_STRATEGY_TOKEN, VIVA_LOG_CONTEXT, } from '../constants.js';
+const STATUS_CACHE_TTL_MS = 30_000;
+const retrieveStatusCache = new Map();
+function getCachedStatus(accountId) {
+    const entry = retrieveStatusCache.get(accountId);
+    if (!entry)
+        return undefined;
+    if (Date.now() > entry.expiresAt) {
+        retrieveStatusCache.delete(accountId);
+        return undefined;
+    }
+    return entry.verificationStatus;
+}
+function setCachedStatus(accountId, status) {
+    retrieveStatusCache.set(accountId, {
+        verificationStatus: status,
+        expiresAt: Date.now() + STATUS_CACHE_TTL_MS,
+    });
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/**
+ * Derive the local verificationStatus from channel custom fields.
+ *
+ * Priority: channel custom fields are the authoritative local state.
+ * IsvAccounts.retrieve may supply a richer status, but the local state
+ * determines the effective gate (payoutsEnabled). When both disagree,
+ * channel custom fields win — they were written by the webhook handler
+ * which already called retrieve and validated the response.
+ */
+function deriveVerificationStatus(cf) {
+    if (!cf['vivaAccountId'])
+        return 'not_started';
+    if (cf['vivaPayoutsEnabled'] === true)
+        return 'verified';
+    return 'awaiting_kyc';
+}
+/** Extract typed custom fields from a Channel, defensively. */
+function getCustomFields(channel) {
+    return channel.customFields ?? {};
+}
+// ---------------------------------------------------------------------------
+// Controller
+// ---------------------------------------------------------------------------
+let AdminOnboardingController = class AdminOnboardingController {
+    options;
+    oauth2;
+    connection;
+    requestContextService;
+    connectedAccountsService;
+    constructor(options, oauth2, connection, requestContextService, connectedAccountsService) {
+        this.options = options;
+        this.oauth2 = oauth2;
+        this.connection = connection;
+        this.requestContextService = requestContextService;
+        this.connectedAccountsService = connectedAccountsService;
+    }
+    // -------------------------------------------------------------------------
+    // Private helpers
+    // -------------------------------------------------------------------------
+    /**
+     * Narrow options to ISV mode or throw `VIVA_MODE_MISMATCH`.
+     * Onboarding is inherently an ISV-only flow (POST /isv/v1/accounts) — the
+     * merchant-mode equivalent is direct Self Care signup with no API surface.
+     * Slice C will gate the controller registration itself; slice A throws at
+     * runtime entry points.
+     */
+    isvOptions() {
+        if (this.options.mode !== 'isv') {
+            throw new VivaModeMismatchError({
+                message: 'Connected-Accounts onboarding is ISV-only — POST /isv/v1/accounts ' +
+                    'is not available under merchant mode.',
+            });
+        }
+        return this.options;
+    }
+    buildIsvAccounts() {
+        const client = new IsvHttpClient({
+            environment: this.options.environment,
+            authStrategy: this.oauth2,
+        });
+        return new IsvAccounts(client);
+    }
+    /**
+     * Load a channel by id from the raw TypeORM connection.
+     * Returns null if not found.
+     */
+    async loadChannel(channelId) {
+        const repo = this.connection.rawConnection.getRepository('Channel');
+        const ch = await repo.findOne({ where: { id: channelId } }).catch(() => null);
+        return ch ?? null;
+    }
+    /**
+     * Map a core SDK error to an HTTP status + VivaPluginError JSON body and
+     * write it to the response.
+     */
+    sendVivaError(res, err) {
+        if (err instanceof VivaAuthError || (err instanceof VivaApiError && err.httpStatus >= 500)) {
+            const pluginErr = VivaPluginError.authDown(err instanceof Error ? err.message : 'Viva service unavailable', err);
+            res.writeHead(503, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(pluginErr.toJSON()));
+            return;
+        }
+        if (err instanceof VivaApiError) {
+            const apiErr = err;
+            const rawVivaCode = apiErr.vivaCode !== undefined ? Number(apiErr.vivaCode) : undefined;
+            // TODO(impl): VivaApiError.vivaCode is string; confirm wire numeric type from live API.
+            const pluginErrOpts = {
+                message: apiErr.message,
+                vivaErrorMessage: apiErr.message,
+                cause: err,
+            };
+            if (rawVivaCode !== undefined && !isNaN(rawVivaCode)) {
+                pluginErrOpts.vivaErrorCode = rawVivaCode;
+            }
+            const pluginErr = VivaPluginError.apiError(pluginErrOpts);
+            const httpStatus = apiErr.httpStatus ?? 422;
+            res.writeHead(httpStatus >= 400 && httpStatus < 600 ? httpStatus : 422, {
+                'Content-Type': 'application/json',
+            });
+            res.end(JSON.stringify(pluginErr.toJSON()));
+            return;
+        }
+        // Unexpected internal error
+        const pluginErr = VivaPluginError.internalError(err instanceof Error ? err.message : 'Unexpected error', err);
+        res.writeHead(500, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(pluginErr.toJSON()));
+    }
+    // -------------------------------------------------------------------------
+    // POST /viva/admin/connected-accounts — Initiate onboarding
+    // -------------------------------------------------------------------------
+    async initiateOnboarding(body, res) {
+        const { channelId, overrides } = body ?? {};
+        if (!channelId) {
+            const err = VivaPluginError.channelMisconfigured('channelId is required');
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(err.toJSON()));
+            return;
+        }
+        // 1. Load Channel
+        const channel = await this.loadChannel(String(channelId));
+        if (!channel) {
+            const err = VivaPluginError.channelMisconfigured(`Channel ${channelId} not found`);
+            res.writeHead(404, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(err.toJSON()));
+            return;
+        }
+        const cf = getCustomFields(channel);
+        // 2. Check Seller exists
+        // Vendure Channel has a `seller` relation; surface it from raw TypeORM.
+        const channelRepo = this.connection.rawConnection.getRepository('Channel');
+        const channelWithSeller = await channelRepo
+            .findOne({ where: { id: channel.id }, relations: ['seller'] })
+            .catch(() => null);
+        const seller = channelWithSeller?.seller;
+        if (!seller) {
+            const err = VivaPluginError.channelMisconfigured('Channel must have a Seller before onboarding');
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(err.toJSON()));
+            return;
+        }
+        // 3. Already onboarded?
+        const existingAccountId = cf['vivaAccountId'];
+        if (existingAccountId) {
+            const err = VivaPluginError.alreadyOnboarded(existingAccountId);
+            res.writeHead(409, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(err.toJSON()));
+            return;
+        }
+        // 4. Build payload from Seller fields + plugin config + overrides
+        // POST /isv/v1/accounts accepts: email (required), returnUrl (required),
+        // branding (optional: partnerName + logoUrl required, primaryColor optional).
+        // The ISV API collects countryCode, firstName, lastName, currency, etc. from
+        // the merchant during Viva-hosted KYC; the plugin does not forward them.
+        const sellerCf = seller['customFields'] ?? {};
+        const email = overrides?.email ??
+            sellerCf['contactEmail'] ??
+            sellerCf['email'] ??
+            seller['email'];
+        const ctxForResolvers = {
+            channelId: channel.id,
+            channel: {
+                id: channel.id,
+                code: channel.code,
+                customFields: cf,
+            },
+            apiType: 'admin',
+        };
+        const isvOpts = this.isvOptions();
+        const returnUrl = overrides?.returnUrl ??
+            (typeof isvOpts.onboardingReturnUrl === 'function'
+                ? isvOpts.onboardingReturnUrl(ctxForResolvers)
+                : isvOpts.onboardingReturnUrl);
+        if (!email) {
+            const err = VivaPluginError.channelMisconfigured('Seller must have an email (customFields.contactEmail, customFields.email, or seller.email) — or pass `overrides.email`.');
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(err.toJSON()));
+            return;
+        }
+        if (!returnUrl) {
+            const err = VivaPluginError.channelMisconfigured('`onboardingReturnUrl` is required in plugin options (or pass `overrides.returnUrl`).');
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(err.toJSON()));
+            return;
+        }
+        const basePayload = {
+            email,
+            returnUrl,
+            ...(overrides?.branding
+                ? { branding: overrides.branding }
+                : isvOpts.onboardingBranding
+                    ? { branding: isvOpts.onboardingBranding }
+                    : {}),
+        };
+        Logger.info(`[AdminOnboarding] Initiating onboarding for channel ${String(channel.id)}.`, VIVA_LOG_CONTEXT);
+        // 5. Call IsvAccounts.createConnectedAccount
+        let accountId;
+        let onboardingUrl;
+        try {
+            const isvAccounts = this.buildIsvAccounts();
+            const result = await isvAccounts.createConnectedAccount(basePayload);
+            accountId = result.accountId;
+            onboardingUrl = result.invitation.redirectUrl;
+        }
+        catch (err) {
+            Logger.error(`[AdminOnboarding] IsvAccounts.createConnectedAccount failed for channel ${String(channel.id)}: ${String(err)}`, VIVA_LOG_CONTEXT);
+            this.sendVivaError(res, err);
+            return;
+        }
+        // 6. Write accountId to channel via ConnectedAccountsService
+        try {
+            const ctx = await this.requestContextService.create({
+                apiType: 'admin',
+                channelOrToken: channel,
+            });
+            await this.connectedAccountsService.writeAccountId(ctx, channel, accountId);
+        }
+        catch (err) {
+            Logger.error(`[AdminOnboarding] Failed to write vivaAccountId to channel ${String(channel.id)}: ${String(err)}`, VIVA_LOG_CONTEXT);
+            // accountId was created at Viva — still return it so the admin can record it
+            Logger.warn(`[AdminOnboarding] accountId=${accountId} was created at Viva but could not be persisted locally. Manual recovery required.`, VIVA_LOG_CONTEXT);
+        }
+        // 7. Return response
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+            accountId,
+            onboardingUrl,
+            channelId: channel.id,
+            instructions: 'Send onboardingUrl to the shop principal to complete KYC.',
+        }));
+    }
+    // -------------------------------------------------------------------------
+    // GET /viva/admin/connected-accounts/:channelId — Onboarding status
+    // -------------------------------------------------------------------------
+    async getStatus(channelId, res) {
+        const channel = await this.loadChannel(channelId);
+        if (!channel) {
+            const err = VivaPluginError.channelMisconfigured(`Channel ${channelId} not found`);
+            res.writeHead(404, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(err.toJSON()));
+            return;
+        }
+        const cf = getCustomFields(channel);
+        const accountId = cf['vivaAccountId'] ?? null;
+        const merchantId = cf['vivaMerchantId'] ?? null;
+        const payoutsEnabled = cf['vivaPayoutsEnabled'] ?? false;
+        const applePayDomainVerified = cf['vivaApplePayDomainVerified'] ?? false;
+        // Derive local status from channel fields
+        const localStatus = deriveVerificationStatus(cf);
+        // Optionally enrich with Viva's status (cached 30s) when accountId is known
+        let verificationStatus = localStatus;
+        if (accountId) {
+            const cached = getCachedStatus(accountId);
+            if (cached !== undefined) {
+                // Use cached Viva status only for informational display;
+                // local field state (payoutsEnabled) governs the actual gate.
+                // If Viva says 'verified' but local hasn't flipped yet, local wins.
+                // This avoids race conditions during the webhook-write window.
+                // Strategy: show the more favorable (local if verified, viva if richer).
+                if (payoutsEnabled) {
+                    verificationStatus = 'verified';
+                }
+                else if (cached === 'verified') {
+                    // Viva says verified but local webhook hasn't landed yet — show awaiting_kyc
+                    // to avoid premature gate flip via a status endpoint poll.
+                    // TODO(impl): expose vivaRawStatus as a separate field if SaaS needs it.
+                    verificationStatus = 'awaiting_kyc';
+                }
+            }
+            else {
+                // Attempt a fresh retrieve — best effort, don't fail the request
+                try {
+                    const isvAccounts = this.buildIsvAccounts();
+                    const retrieved = await isvAccounts.retrieveConnectedAccount(accountId);
+                    const rawStatus = retrieved.verified ? 'verified' : 'pending';
+                    setCachedStatus(accountId, rawStatus);
+                    // Same local-wins rule as above
+                    if (payoutsEnabled) {
+                        verificationStatus = 'verified';
+                    }
+                    // rawStatus from Viva does not override local payoutsEnabled flag
+                }
+                catch (err) {
+                    // Best effort — log and proceed with local state
+                    Logger.warn(`[AdminOnboarding] IsvAccounts.retrieveConnectedAccount failed for accountId=${accountId}: ${String(err)}`, VIVA_LOG_CONTEXT);
+                }
+            }
+        }
+        const payload = {
+            channelId: channel.id,
+            accountId,
+            merchantId,
+            payoutsEnabled,
+            verificationStatus,
+            applePayDomainVerified,
+        };
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(payload));
+    }
+    // -------------------------------------------------------------------------
+    // POST /viva/admin/connected-accounts/:channelId/reconcile — Manual recovery
+    // -------------------------------------------------------------------------
+    async reconcile(channelId, res) {
+        const channel = await this.loadChannel(channelId);
+        if (!channel) {
+            const err = VivaPluginError.channelMisconfigured(`Channel ${channelId} not found`);
+            res.writeHead(404, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(err.toJSON()));
+            return;
+        }
+        const cf = getCustomFields(channel);
+        const accountId = cf['vivaAccountId'];
+        if (!accountId) {
+            const err = VivaPluginError.channelMisconfigured('Channel does not have a vivaAccountId. Initiate onboarding first.');
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(err.toJSON()));
+            return;
+        }
+        // Already verified — idempotent no-op
+        if (cf['vivaPayoutsEnabled'] === true && cf['vivaMerchantId']) {
+            const payload = {
+                channelId: channel.id,
+                accountId,
+                merchantId: cf['vivaMerchantId'],
+                payoutsEnabled: true,
+                verificationStatus: 'verified',
+                applePayDomainVerified: cf['vivaApplePayDomainVerified'] ?? false,
+            };
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(payload));
+            return;
+        }
+        // Call IsvAccounts.retrieveConnectedAccount
+        let retrieved;
+        try {
+            const isvAccounts = this.buildIsvAccounts();
+            retrieved = await isvAccounts.retrieveConnectedAccount(accountId);
+        }
+        catch (err) {
+            Logger.error(`[AdminOnboarding] reconcile: IsvAccounts.retrieveConnectedAccount failed for channel ${channelId}: ${String(err)}`, VIVA_LOG_CONTEXT);
+            this.sendVivaError(res, err);
+            return;
+        }
+        const isVerified = retrieved.verified === true;
+        const merchantId = retrieved.merchantId;
+        if (isVerified && merchantId) {
+            // Write in the mandatory order: vivaMerchantId FIRST, vivaPayoutsEnabled LAST
+            try {
+                const ctx = await this.requestContextService.create({
+                    apiType: 'admin',
+                    channelOrToken: channel,
+                });
+                await this.connectedAccountsService.writeMerchantId(ctx, channel, merchantId);
+                await this.connectedAccountsService.flipPayoutsEnabled(ctx, channel, true);
+                Logger.info(`[AdminOnboarding] reconcile: wrote merchantId=${merchantId} and flipped payoutsEnabled for channel ${channelId}.`, VIVA_LOG_CONTEXT);
+            }
+            catch (err) {
+                Logger.error(`[AdminOnboarding] reconcile: failed to write channel fields for channel ${channelId}: ${String(err)}`, VIVA_LOG_CONTEXT);
+                const pluginErr = VivaPluginError.internalError('Failed to persist reconciliation data', err);
+                res.writeHead(500, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify(pluginErr.toJSON()));
+                return;
+            }
+            const payload = {
+                channelId: channel.id,
+                accountId,
+                merchantId,
+                payoutsEnabled: true,
+                verificationStatus: 'verified',
+                applePayDomainVerified: cf['vivaApplePayDomainVerified'] ?? false,
+            };
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(payload));
+            return;
+        }
+        // Viva says still pending — no writes; return current state
+        const payload = {
+            channelId: channel.id,
+            accountId,
+            merchantId: cf['vivaMerchantId'] ?? null,
+            payoutsEnabled: false,
+            verificationStatus: 'awaiting_kyc',
+            applePayDomainVerified: cf['vivaApplePayDomainVerified'] ?? false,
+        };
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(payload));
+    }
+};
+__decorate([
+    Post(),
+    Allow(Permission.SuperAdmin),
+    __param(0, Body()),
+    __param(1, Res()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Function]),
+    __metadata("design:returntype", Promise)
+], AdminOnboardingController.prototype, "initiateOnboarding", null);
+__decorate([
+    Get(':channelId'),
+    Allow(Permission.SuperAdmin),
+    __param(0, Param('channelId')),
+    __param(1, Res()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Function]),
+    __metadata("design:returntype", Promise)
+], AdminOnboardingController.prototype, "getStatus", null);
+__decorate([
+    Post(':channelId/reconcile'),
+    Allow(Permission.SuperAdmin),
+    __param(0, Param('channelId')),
+    __param(1, Res()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Function]),
+    __metadata("design:returntype", Promise)
+], AdminOnboardingController.prototype, "reconcile", null);
+AdminOnboardingController = __decorate([
+    Controller('viva/admin/connected-accounts'),
+    UseGuards(AuthGuard),
+    __param(0, Inject(VIVA_PLUGIN_OPTIONS)),
+    __param(1, Inject(VIVA_OAUTH2_STRATEGY_TOKEN)),
+    __metadata("design:paramtypes", [Object, Object, TransactionalConnection,
+        RequestContextService,
+        ConnectedAccountsService])
+], AdminOnboardingController);
+export { AdminOnboardingController };
+//# sourceMappingURL=admin-onboarding.controller.js.map

package/dist/api/admin-onboarding.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-onboarding.controller.js","sourceRoot":"","sources":["../../src/api/admin-onboarding.controller.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;;;;;;;;;;;;;AAEH,OAAO,EACL,UAAU,EACV,IAAI,EACJ,GAAG,EACH,KAAK,EACL,IAAI,EACJ,GAAG,EACH,MAAM,EACN,SAAS,GACV,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,KAAK,EACL,UAAU,EACV,uBAAuB,EACvB,qBAAqB,EACrB,MAAM,GACP,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,mCAAmC,CAAC;AAC/E,OAAO,EACL,YAAY,EACZ,aAAa,EACb,qBAAqB,GACtB,MAAM,sCAAsC,CAAC;AAI9C,OAAO,EAAE,wBAAwB,EAAE,MAAM,2CAA2C,CAAC;AACrF,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EACL,mBAAmB,EACnB,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AA6BzB,MAAM,mBAAmB,GAAG,MAAM,CAAC;AACnC,MAAM,mBAAmB,GAAG,IAAI,GAAG,EAAwB,CAAC;AAE5D,SAAS,eAAe,CAAC,SAAiB;IACxC,MAAM,KAAK,GAAG,mBAAmB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;QACjC,mBAAmB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,KAAK,CAAC,kBAAkB,CAAC;AAClC,CAAC;AAED,SAAS,eAAe,CAAC,SAAiB,EAAE,MAAc;IACxD,mBAAmB,CAAC,GAAG,CAAC,SAAS,EAAE;QACjC,kBAAkB,EAAE,MAAM;QAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,mBAAmB;KAC5C,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;;;;;;GAQG;AACH,SAAS,wBAAwB,CAAC,EAA2B;IAC3D,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC;QAAE,OAAO,aAAa,CAAC;IAC/C,IAAI,EAAE,CAAC,oBAAoB,CAAC,KAAK,IAAI;QAAE,OAAO,UAAU,CAAC;IACzD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,+DAA+D;AAC/D,SAAS,eAAe,CAAC,OAAgB;IACvC,OAAQ,OAAiE,CAAC,YAAY,IAAI,EAAE,CAAC;AAC/F,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAIvE,IAAM,yBAAyB,GAA/B,MAAM,yBAAyB;IAGjB;IAEA;IACA;IACA;IACA;IAPnB,YAEmB,OAAiC,EAEjC,MAA0B,EAC1B,UAAmC,EACnC,qBAA4C,EAC5C,wBAAkD;QALlD,YAAO,GAAP,OAAO,CAA0B;QAEjC,WAAM,GAAN,MAAM,CAAoB;QAC1B,eAAU,GAAV,UAAU,CAAyB;QACnC,0BAAqB,GAArB,qBAAqB,CAAuB;QAC5C,6BAAwB,GAAxB,wBAAwB,CAA0B;IAClE,CAAC;IAEJ,4EAA4E;IAC5E,kBAAkB;IAClB,4EAA4E;IAE5E;;;;;;OAMG;IACK,UAAU;QAChB,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YAChC,MAAM,IAAI,qBAAqB,CAAC;gBAC9B,OAAO,EACL,oEAAoE;oBACpE,uCAAuC;aAC1C,CAAC,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAEO,gBAAgB;QACtB,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC;YAC/B,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;YACrC,YAAY,EAAE,IAAI,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,OAAO,IAAI,WAAW,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,WAAW,CAAC,SAAiB;QACzC,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,aAAa,CAAC,SAAgB,CAAC,CAAC;QAC3E,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;QAC9E,OAAQ,EAAqB,IAAI,IAAI,CAAC;IACxC,CAAC;IAED;;;OAGG;IACK,aAAa,CAAC,GAAmB,EAAE,GAAY;QACrD,IAAI,GAAG,YAAY,aAAa,IAAI,CAAC,GAAG,YAAY,YAAY,IAAK,GAAW,CAAC,UAAU,IAAI,GAAG,CAAC,EAAE,CAAC;YACpG,MAAM,SAAS,GAAG,eAAe,CAAC,QAAQ,CACxC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,0BAA0B,EAC/D,GAAG,CACJ,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAC5C,OAAO;QACT,CAAC;QAED,IAAI,GAAG,YAAY,YAAY,EAAE,CAAC;YAChC,MAAM,MAAM,GAAG,GAAmB,CAAC;YACnC,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,wFAAwF;YACxF,MAAM,aAAa,GAAmD;gBACpE,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,gBAAgB,EAAE,MAAM,CAAC,OAAO;gBAChC,KAAK,EAAE,GAAG;aACX,CAAC;YACF,IAAI,WAAW,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;gBACrD,aAAa,CAAC,aAAa,GAAG,WAAW,CAAC;YAC5C,CAAC;YACD,MAAM,SAAS,GAAG,eAAe,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YAC1D,MAAM,UAAU,GAAI,MAAc,CAAC,UAAU,IAAI,GAAG,CAAC;YACrD,GAAG,CAAC,SAAS,CAAC,UAAU,IAAI,GAAG,IAAI,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE;gBACtE,cAAc,EAAE,kBAAkB;aACnC,CAAC,CAAC;YACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAC5C,OAAO;QACT,CAAC;QAED,4BAA4B;QAC5B,MAAM,SAAS,GAAG,eAAe,CAAC,aAAa,CAC7C,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB,EACvD,GAAG,CACJ,CAAC;QACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,4EAA4E;IAC5E,4DAA4D;IAC5D,4EAA4E;IAItE,AAAN,KAAK,CAAC,kBAAkB,CACd,IAA4B,EAC7B,GAAmB;QAE1B,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC;QAE5C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,eAAe,CAAC,oBAAoB,CAAC,uBAAuB,CAAC,CAAC;YAC1E,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,kBAAkB;QAClB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAC1D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,eAAe,CAAC,oBAAoB,CAAC,WAAW,SAAS,YAAY,CAAC,CAAC;YACnF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,MAAM,EAAE,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAEpC,yBAAyB;QACzB,wEAAwE;QACxE,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,aAAa,CAAC,SAAgB,CAAC,CAAC;QAClF,MAAM,iBAAiB,GAAG,MAAM,WAAW;aACxC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC;aAC7D,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAmE,CAAC;QAEvF,MAAM,MAAM,GAAG,iBAAiB,EAAE,MAAM,CAAC;QACzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,GAAG,eAAe,CAAC,oBAAoB,CAC9C,8CAA8C,CAC/C,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,iBAAiB,GAAG,EAAE,CAAC,eAAe,CAAuB,CAAC;QACpE,IAAI,iBAAiB,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,eAAe,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,CAAC;YAChE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,kEAAkE;QAClE,yEAAyE;QACzE,8EAA8E;QAC9E,6EAA6E;QAC7E,yEAAyE;QACzE,MAAM,QAAQ,GAAI,MAAkC,CAAC,cAAc,CAAwC,IAAI,EAAE,CAAC;QAClH,MAAM,KAAK,GACT,SAAS,EAAE,KAAK;YACf,QAAQ,CAAC,cAAc,CAAwB;YAC/C,QAAQ,CAAC,OAAO,CAAwB;YACxC,MAAkC,CAAC,OAAO,CAAuB,CAAC;QAErE,MAAM,eAAe,GAA0B;YAC7C,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,OAAO,EAAE;gBACP,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,YAAY,EAAE,EAAE;aACjB;YACD,OAAO,EAAE,OAAO;SACjB,CAAC;QACF,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QAClC,MAAM,SAAS,GACb,SAAS,EAAE,SAAS;YACpB,CAAC,OAAO,OAAO,CAAC,mBAAmB,KAAK,UAAU;gBAChD,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,eAAe,CAAC;gBAC9C,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAEnC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,eAAe,CAAC,oBAAoB,CAC9C,yHAAyH,CAC1H,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QACD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,eAAe,CAAC,oBAAoB,CAC9C,sFAAsF,CACvF,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAkC;YACjD,KAAK;YACL,SAAS;YACT,GAAG,CAAC,SAAS,EAAE,QAAQ;gBACrB,CAAC,CAAC,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE;gBAClC,CAAC,CAAC,OAAO,CAAC,kBAAkB;oBAC1B,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,kBAAkB,EAAE;oBAC1C,CAAC,CAAC,EAAE,CAAC;SACV,CAAC;QAEF,MAAM,CAAC,IAAI,CACT,uDAAuD,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,EAC5E,gBAAgB,CACjB,CAAC;QAEF,6CAA6C;QAC7C,IAAI,SAAiB,CAAC;QACtB,IAAI,aAAqB,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;YACrE,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;YAC7B,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC;QAChD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CACV,2EAA2E,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,EAC/G,gBAAgB,CACjB,CAAC;YACF,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC7B,OAAO;QACT,CAAC;QAED,6DAA6D;QAC7D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC;gBAClD,OAAO,EAAE,OAAO;gBAChB,cAAc,EAAE,OAAO;aACxB,CAAC,CAAC;YACH,MAAM,IAAI,CAAC,wBAAwB,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QAC9E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CACV,8DAA8D,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,EAClG,gBAAgB,CACjB,CAAC;YACF,6EAA6E;YAC7E,MAAM,CAAC,IAAI,CACT,+BAA+B,SAAS,oFAAoF,EAC5H,gBAAgB,CACjB,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,SAAS;YACT,aAAa;YACb,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,YAAY,EAAE,2DAA2D;SAC1E,CAAC,CACH,CAAC;IACJ,CAAC;IAED,4EAA4E;IAC5E,oEAAoE;IACpE,4EAA4E;IAItE,AAAN,KAAK,CAAC,SAAS,CACO,SAAiB,EAC9B,GAAmB;QAE1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,eAAe,CAAC,oBAAoB,CAAC,WAAW,SAAS,YAAY,CAAC,CAAC;YACnF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,MAAM,EAAE,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,SAAS,GAAI,EAAE,CAAC,eAAe,CAAwB,IAAI,IAAI,CAAC;QACtE,MAAM,UAAU,GAAI,EAAE,CAAC,gBAAgB,CAAwB,IAAI,IAAI,CAAC;QACxE,MAAM,cAAc,GAAI,EAAE,CAAC,oBAAoB,CAAyB,IAAI,KAAK,CAAC;QAClF,MAAM,sBAAsB,GAAI,EAAE,CAAC,4BAA4B,CAAyB,IAAI,KAAK,CAAC;QAElG,0CAA0C;QAC1C,MAAM,WAAW,GAAG,wBAAwB,CAAC,EAAE,CAAC,CAAC;QAEjD,4EAA4E;QAC5E,IAAI,kBAAkB,GAAkD,WAAW,CAAC;QAEpF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,MAAM,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;YAC1C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,yDAAyD;gBACzD,8DAA8D;gBAC9D,oEAAoE;gBACpE,+DAA+D;gBAC/D,yEAAyE;gBACzE,IAAI,cAAc,EAAE,CAAC;oBACnB,kBAAkB,GAAG,UAAU,CAAC;gBAClC,CAAC;qBAAM,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;oBACjC,6EAA6E;oBAC7E,2DAA2D;oBAC3D,yEAAyE;oBACzE,kBAAkB,GAAG,cAAc,CAAC;gBACtC,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,iEAAiE;gBACjE,IAAI,CAAC;oBACH,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBAC5C,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,wBAAwB,CAAC,SAA+B,CAAC,CAAC;oBAC9F,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;oBAC9D,eAAe,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;oBACtC,gCAAgC;oBAChC,IAAI,cAAc,EAAE,CAAC;wBACnB,kBAAkB,GAAG,UAAU,CAAC;oBAClC,CAAC;oBACD,kEAAkE;gBACpE,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,iDAAiD;oBACjD,MAAM,CAAC,IAAI,CACT,+EAA+E,SAAS,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,EAC1G,gBAAgB,CACjB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAA4B;YACvC,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,SAAS;YACT,UAAU;YACV,cAAc;YACd,kBAAkB;YAClB,sBAAsB;SACvB,CAAC;QAEF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IACnC,CAAC;IAED,4EAA4E;IAC5E,6EAA6E;IAC7E,4EAA4E;IAItE,AAAN,KAAK,CAAC,SAAS,CACO,SAAiB,EAC9B,GAAmB;QAE1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,eAAe,CAAC,oBAAoB,CAAC,WAAW,SAAS,YAAY,CAAC,CAAC;YACnF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,MAAM,EAAE,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,EAAE,CAAC,eAAe,CAAuB,CAAC;QAE5D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,eAAe,CAAC,oBAAoB,CAC9C,mEAAmE,CACpE,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,sCAAsC;QACtC,IAAI,EAAE,CAAC,oBAAoB,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC9D,MAAM,OAAO,GAA4B;gBACvC,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,SAAS;gBACT,UAAU,EAAE,EAAE,CAAC,gBAAgB,CAAW;gBAC1C,cAAc,EAAE,IAAI;gBACpB,kBAAkB,EAAE,UAAU;gBAC9B,sBAAsB,EAAG,EAAE,CAAC,4BAA4B,CAAyB,IAAI,KAAK;aAC3F,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;YACjC,OAAO;QACT,CAAC;QAED,4CAA4C;QAC5C,IAAI,SAAuE,CAAC;QAC5E,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC5C,SAAS,GAAG,MAAM,WAAW,CAAC,wBAAwB,CAAC,SAA+B,CAAC,CAAC;QAC1F,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CACV,wFAAwF,SAAS,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,EACnH,gBAAgB,CACjB,CAAC;YACF,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC7B,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,SAAS,CAAC,QAAQ,KAAK,IAAI,CAAC;QAC/C,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC;QAExC,IAAI,UAAU,IAAI,UAAU,EAAE,CAAC;YAC7B,8EAA8E;YAC9E,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC;oBAClD,OAAO,EAAE,OAAO;oBAChB,cAAc,EAAE,OAAO;iBACxB,CAAC,CAAC;gBACH,MAAM,IAAI,CAAC,wBAAwB,CAAC,eAAe,CAAC,GAAG,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;gBAC9E,MAAM,IAAI,CAAC,wBAAwB,CAAC,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;gBAC3E,MAAM,CAAC,IAAI,CACT,iDAAiD,UAAU,2CAA2C,SAAS,GAAG,EAClH,gBAAgB,CACjB,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,KAAK,CACV,2EAA2E,SAAS,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,EACtG,gBAAgB,CACjB,CAAC;gBACF,MAAM,SAAS,GAAG,eAAe,CAAC,aAAa,CAC7C,uCAAuC,EACvC,GAAG,CACJ,CAAC;gBACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;gBAC5C,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAA4B;gBACvC,SAAS,EAAE,OAAO,CAAC,EAAE;gBACrB,SAAS;gBACT,UAAU;gBACV,cAAc,EAAE,IAAI;gBACpB,kBAAkB,EAAE,UAAU;gBAC9B,sBAAsB,EAAG,EAAE,CAAC,4BAA4B,CAAyB,IAAI,KAAK;aAC3F,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;YACjC,OAAO;QACT,CAAC;QAED,4DAA4D;QAC5D,MAAM,OAAO,GAA4B;YACvC,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,SAAS;YACT,UAAU,EAAG,EAAE,CAAC,gBAAgB,CAAwB,IAAI,IAAI;YAChE,cAAc,EAAE,KAAK;YACrB,kBAAkB,EAAE,cAAc;YAClC,sBAAsB,EAAG,EAAE,CAAC,4BAA4B,CAAyB,IAAI,KAAK;SAC3F,CAAC;QACF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IACnC,CAAC;CACF,CAAA;AAjWO;IAFL,IAAI,EAAE;IACN,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC;IAE1B,WAAA,IAAI,EAAE,CAAA;IACN,WAAA,GAAG,EAAE,CAAA;;;;mEA0JP;AAQK;IAFL,GAAG,CAAC,YAAY,CAAC;IACjB,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC;IAE1B,WAAA,KAAK,CAAC,WAAW,CAAC,CAAA;IAClB,WAAA,GAAG,EAAE,CAAA;;;;0DAuEP;AAQK;IAFL,IAAI,CAAC,sBAAsB,CAAC;IAC5B,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC;IAE1B,WAAA,KAAK,CAAC,WAAW,CAAC,CAAA;IAClB,WAAA,GAAG,EAAE,CAAA;;;;0DAyGP;AAtcU,yBAAyB;IAFrC,UAAU,CAAC,+BAA+B,CAAC;IAC3C,SAAS,CAAC,SAAS,CAAC;IAGhB,WAAA,MAAM,CAAC,mBAAmB,CAAC,CAAA;IAE3B,WAAA,MAAM,CAAC,0BAA0B,CAAC,CAAA;qDAEN,uBAAuB;QACZ,qBAAqB;QAClB,wBAAwB;GAR1D,yBAAyB,CAucrC"}

package/dist/api/admin-sources.controller.d.ts

@@ -0,0 +1,50 @@
+/**
+ * api/admin-sources.controller.ts — ISV-only admin REST for /api/sources wrapping.
+ *
+ * Single route:
+ *
+ *   POST /viva/admin/connected-accounts/:id/sources
+ *     Creates a payment source (ecommerce or physical) on a connected
+ *     merchant's Viva account via POST /api/sources on the legacy host,
+ *     authenticated with Reseller Basic auth (per AUTH.md §1.2).
+ *
+ * Flow:
+ *   1. Mode gate: 404 in merchant mode (mirrors Medusa _mode-gate.ts).
+ *   2. Reseller gate: 412 VIVA_RESELLER_CREDENTIALS_MISSING when
+ *      options.reseller is absent.
+ *   3. Body parse: 400 on missing/invalid fields or unknown kind.
+ *   4. Account lookup: IsvAccounts.retrieveConnectedAccount(:id).
+ *      → 409 VIVA_ACCOUNT_NOT_VERIFIED when verified !== true or
+ *        merchantId is null.
+ *   5. BasicAuthClient {authVariant:'reseller'} built with the connected
+ *      merchant's UUID (account.merchantId — NOT config.reseller.merchantId).
+ *   6. IsvSources.createEcommerceSource / createPhysicalSource.
+ *   7. 201 with {sourceCode, name, kind}.
+ *
+ * Viva 4xx on /api/sources → 422 VIVA_SOURCE_CREATION_FAILED.
+ * Viva 5xx / auth errors → 503 VIVA_AUTH_DOWN (existing envelope rule).
+ *
+ * @see docs/plans/multi-mode-v0.md §6 (admin REST table)
+ * @see docs/AUTH.md §1.2 (Reseller Basic)
+ * @see docs/ENDPOINTS.md §5.1
+ * @see packages/medusa-payment-viva/src/api/viva/admin/connected-accounts/[id]/sources/route.ts
+ */
+import type { ServerResponse } from 'node:http';
+import type { VivaPaymentPluginOptions } from '../types.js';
+import type { VivaOAuth2Strategy } from '../providers/viva-oauth2-strategy.provider.js';
+export declare class AdminSourcesController {
+    private readonly options;
+    private readonly oauth2;
+    constructor(options: VivaPaymentPluginOptions, oauth2: VivaOAuth2Strategy);
+    /**
+     * Narrow options to ISV mode + reseller block.
+     * Returns:
+     *   - { ok: true, isv } on success.
+     *   - { ok: false, status, err } on mode mismatch (404) or missing reseller (412).
+     */
+    private requireIsvWithReseller;
+    /** Build the OAuth2-backed IsvAccounts client (platform creds). */
+    private buildIsvAccounts;
+    createSource(id: string, body: unknown, res: ServerResponse): Promise<void>;
+}
+//# sourceMappingURL=admin-sources.controller.d.ts.map

package/dist/api/admin-sources.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-sources.controller.d.ts","sourceRoot":"","sources":["../../src/api/admin-sources.controller.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAWH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAchD,OAAO,KAAK,EACV,wBAAwB,EAEzB,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,+CAA+C,CAAC;AA+GxF,qBAEa,sBAAsB;IAG/B,OAAO,CAAC,QAAQ,CAAC,OAAO;IAExB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAFN,OAAO,EAAE,wBAAwB,EAEjC,MAAM,EAAE,kBAAkB;IAG7C;;;;;OAKG;IACH,OAAO,CAAC,sBAAsB;IA2B9B,mEAAmE;IACnE,OAAO,CAAC,gBAAgB;IAclB,YAAY,CACH,EAAE,EAAE,MAAM,EACf,IAAI,EAAE,OAAO,EACd,GAAG,EAAE,cAAc,GACzB,OAAO,CAAC,IAAI,CAAC;CAgJjB"}