@sanskari27/aws-rate-limiter 1.0.0

package/dist/config/loader.js

@@ -0,0 +1,280 @@
+"use strict";
+/**
+ * @fileoverview YAML + environment variable config loader for the AWS Rate Limiter.
+ *
+ * Provides three loading strategies:
+ *  1. {@link loadConfigFromFile} — parse a YAML file with ${ENV_VAR} substitution.
+ *  2. {@link loadConfigFromEnv}  — build a minimal config from RATE_LIMITER_* env vars.
+ *  3. {@link loadConfig}         — try file first (or RATE_LIMITER_CONFIG), fall back to env.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateConfig = validateConfig;
+exports.loadConfigFromFile = loadConfigFromFile;
+exports.loadConfigFromEnv = loadConfigFromEnv;
+exports.loadConfig = loadConfig;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const yaml = __importStar(require("js-yaml"));
+const types_1 = require("../core/types");
+// ---------------------------------------------------------------------------
+// Env-var substitution
+// ---------------------------------------------------------------------------
+/**
+ * Replace all `${VAR_NAME}` placeholders in `content` with the corresponding
+ * `process.env` value.  Missing variables are replaced with an empty string.
+ *
+ * @param content Raw YAML string potentially containing `${...}` placeholders.
+ * @returns String with all placeholders resolved.
+ */
+function substituteEnvVars(content) {
+    return content.replace(/\$\{([^}]+)\}/g, (_, key) => process.env[key] ?? '');
+}
+// ---------------------------------------------------------------------------
+// Validation
+// ---------------------------------------------------------------------------
+/**
+ * Validate a config object. Throws {@link ConfigurationError} with a helpful
+ * message if any required field is absent or malformed.
+ *
+ * This is an *asserting* type-guard: after a successful call, TypeScript knows
+ * the value satisfies `RateLimiterConfig`.
+ *
+ * @param config  The unknown value to validate.
+ * @throws {ConfigurationError} If the config is missing required fields.
+ */
+function validateConfig(config) {
+    if (config === null || typeof config !== 'object') {
+        throw new types_1.ConfigurationError('Config must be an object');
+    }
+    const obj = config;
+    // -- redis ------------------------------------------------------------------
+    if (!('redis' in obj) || obj['redis'] === null || typeof obj['redis'] !== 'object') {
+        throw new types_1.ConfigurationError('Config must contain a "redis" object with connection details (e.g. { url: "redis://..." })');
+    }
+    // -- rules ------------------------------------------------------------------
+    if (!('rules' in obj)) {
+        throw new types_1.ConfigurationError('Config must contain a "rules" array. Provide an empty array [] if no rules are needed.');
+    }
+    if (!Array.isArray(obj['rules'])) {
+        throw new types_1.ConfigurationError('"rules" must be an array');
+    }
+    const rules = obj['rules'];
+    for (let i = 0; i < rules.length; i++) {
+        const rule = rules[i];
+        if (rule === null || typeof rule !== 'object') {
+            throw new types_1.ConfigurationError(`rules[${i}] must be an object`);
+        }
+        const r = rule;
+        if (typeof r['name'] !== 'string' || r['name'].trim() === '') {
+            throw new types_1.ConfigurationError(`rules[${i}] must have a non-empty "name" string`);
+        }
+        if (!('limits' in r) || r['limits'] === null || typeof r['limits'] !== 'object') {
+            throw new types_1.ConfigurationError(`rules[${i}] ("${r['name']}") must have a "limits" object`);
+        }
+    }
+    // Validate redis has at least url or cluster
+    const redis = obj['redis'];
+    if (!redis['url'] && !redis['cluster']) {
+        throw new types_1.ConfigurationError('Config "redis" must contain at least "url" or "cluster" connection details');
+    }
+    // Validate each rule's limit specs have valid values
+    for (let i = 0; i < rules.length; i++) {
+        const r = rules[i];
+        const limits = r['limits'];
+        for (const dim of ['ip', 'route', 'user', 'userRoute']) {
+            const spec = limits[dim];
+            if (spec !== undefined && spec !== null) {
+                const s = spec;
+                if (typeof s['limit'] !== 'number' || s['limit'] <= 0) {
+                    throw new types_1.ConfigurationError(`rules[${i}].limits.${dim}.limit must be a positive number`);
+                }
+                if (typeof s['window'] !== 'number' || s['window'] <= 0) {
+                    throw new types_1.ConfigurationError(`rules[${i}].limits.${dim}.window must be a positive number`);
+                }
+            }
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// loadConfigFromFile
+// ---------------------------------------------------------------------------
+/**
+ * Load rate limiter configuration from a YAML file.
+ *
+ * Performs `${ENV_VAR}` substitution before parsing so that secrets can be
+ * injected via environment variables without being stored in the YAML file.
+ *
+ * @param filePath Absolute or relative path to the YAML configuration file.
+ * @returns Parsed and validated {@link RateLimiterConfig}.
+ * @throws {ConfigurationError} If the file does not exist, cannot be read, or
+ *   contains invalid YAML / missing required fields.
+ */
+function loadConfigFromFile(filePath) {
+    const resolved = path.resolve(filePath);
+    let raw;
+    try {
+        raw = fs.readFileSync(resolved, 'utf-8');
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        throw new types_1.ConfigurationError(`Cannot read config file "${resolved}": ${msg}`);
+    }
+    const substituted = substituteEnvVars(raw);
+    let parsed;
+    try {
+        parsed = yaml.load(substituted);
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        throw new types_1.ConfigurationError(`Invalid YAML in config file "${resolved}": ${msg}`);
+    }
+    validateConfig(parsed);
+    return parsed;
+}
+// ---------------------------------------------------------------------------
+// loadConfigFromEnv
+// ---------------------------------------------------------------------------
+/**
+ * Build a {@link RateLimiterConfig} entirely from `RATE_LIMITER_*` environment
+ * variables.  Sensible defaults are applied when variables are absent.
+ *
+ * | Environment variable               | Config path                         | Default   |
+ * |------------------------------------|-------------------------------------|-----------|
+ * | `RATE_LIMITER_REDIS_URL`           | `redis.url`                         | (none)    |
+ * | `RATE_LIMITER_REDIS_AUTH`          | `redis.password`                    | (none)    |
+ * | `RATE_LIMITER_DEFAULT_LIMIT`       | default rule ip.limit               | `60`      |
+ * | `RATE_LIMITER_DEFAULT_WINDOW`      | default rule ip.window (seconds)    | `60`      |
+ * | `RATE_LIMITER_FAILURE_POLICY`      | `failure.default`                   | `open`    |
+ * | `RATE_LIMITER_RESERVOIR_BATCH_SIZE`| `reservoir.batchSize`               | `10`      |
+ * | `RATE_LIMITER_RESERVOIR_SYNC_INTERVAL`| `reservoir.syncInterval` (ms)   | `1000`    |
+ * | `RATE_LIMITER_CIRCUIT_BREAKER_ENABLED`| circuit breaker enabled          | `false`   |
+ * | `RATE_LIMITER_RESERVOIR_ENABLED`   | `reservoir.enabled`                 | `false`   |
+ * | `RATE_LIMITER_LOG_LEVEL`           | `observability.logLevel`            | `info`    |
+ * | `RATE_LIMITER_LOG_SAMPLE_RATE`     | `observability.logSampleRate`       | `1`       |
+ * | `RATE_LIMITER_METRICS_BACKEND`     | `observability.metrics`             | `none`    |
+ * | `RATE_LIMITER_METRICS_NAMESPACE`   | `observability.namespace`           | (none)    |
+ *
+ * @returns A valid {@link RateLimiterConfig} derived from the current environment.
+ */
+function loadConfigFromEnv() {
+    const env = process.env;
+    const defaultLimit = parseInt(env['RATE_LIMITER_DEFAULT_LIMIT'] ?? '60', 10);
+    const defaultWindow = parseInt(env['RATE_LIMITER_DEFAULT_WINDOW'] ?? '60', 10);
+    const failurePolicyRaw = env['RATE_LIMITER_FAILURE_POLICY'];
+    const failurePolicy = failurePolicyRaw === 'closed' || failurePolicyRaw === 'local'
+        ? failurePolicyRaw
+        : 'open';
+    const reservoirEnabled = env['RATE_LIMITER_RESERVOIR_ENABLED'] === 'true';
+    const batchSize = parseInt(env['RATE_LIMITER_RESERVOIR_BATCH_SIZE'] ?? '10', 10);
+    const syncInterval = parseInt(env['RATE_LIMITER_RESERVOIR_SYNC_INTERVAL'] ?? '1000', 10);
+    const circuitBreakerEnabled = env['RATE_LIMITER_CIRCUIT_BREAKER_ENABLED'] === 'true';
+    const logLevelRaw = env['RATE_LIMITER_LOG_LEVEL'];
+    const logLevel = logLevelRaw === 'debug' || logLevelRaw === 'warn' || logLevelRaw === 'error'
+        ? logLevelRaw
+        : 'info';
+    const logSampleRate = parseFloat(env['RATE_LIMITER_LOG_SAMPLE_RATE'] ?? '1');
+    const metricsBackendRaw = env['RATE_LIMITER_METRICS_BACKEND'];
+    const metricsBackend = metricsBackendRaw === 'cloudwatch' ||
+        metricsBackendRaw === 'prometheus' ||
+        metricsBackendRaw === 'statsd'
+        ? metricsBackendRaw
+        : 'none';
+    const defaultRule = {
+        name: 'default',
+        limits: {
+            ip: { limit: defaultLimit, window: defaultWindow },
+        },
+    };
+    const redisUrl = env['RATE_LIMITER_REDIS_URL'];
+    const config = {
+        redis: {
+            ...(redisUrl !== undefined ? { url: redisUrl } : { url: 'redis://localhost:6379' }),
+            ...(env['RATE_LIMITER_REDIS_AUTH'] !== undefined
+                ? { password: env['RATE_LIMITER_REDIS_AUTH'] }
+                : {}),
+        },
+        rules: [defaultRule],
+        reservoir: {
+            enabled: reservoirEnabled,
+            batchSize,
+            syncInterval,
+        },
+        failure: {
+            default: failurePolicy,
+            ...(circuitBreakerEnabled
+                ? {
+                    circuitBreaker: {
+                        enabled: true,
+                        threshold: 5,
+                        recoveryTimeout: 30000,
+                    },
+                }
+                : {}),
+        },
+        observability: {
+            logLevel,
+            logSampleRate: isNaN(logSampleRate) ? 1 : logSampleRate,
+            metrics: metricsBackend,
+            ...(env['RATE_LIMITER_METRICS_NAMESPACE'] !== undefined
+                ? { namespace: env['RATE_LIMITER_METRICS_NAMESPACE'] }
+                : {}),
+        },
+    };
+    validateConfig(config);
+    return config;
+}
+// ---------------------------------------------------------------------------
+// loadConfig
+// ---------------------------------------------------------------------------
+/**
+ * Load configuration using the following resolution order:
+ *  1. `filePath` argument (if provided).
+ *  2. `RATE_LIMITER_CONFIG` environment variable (path to YAML file).
+ *  3. Fall back to {@link loadConfigFromEnv}.
+ *
+ * @param filePath Optional explicit path to a YAML configuration file.
+ * @returns Parsed and validated {@link RateLimiterConfig}.
+ * @throws {ConfigurationError} If a file path is resolved but the file is
+ *   missing or invalid.
+ */
+function loadConfig(filePath) {
+    const resolvedPath = filePath ?? process.env['RATE_LIMITER_CONFIG'];
+    if (resolvedPath !== undefined && resolvedPath !== '') {
+        return loadConfigFromFile(resolvedPath);
+    }
+    return loadConfigFromEnv();
+}
+//# sourceMappingURL=loader.js.map

package/dist/config/loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwCH,wCAuEC;AAiBD,gDAuBC;AA4BD,8CA+EC;AAiBD,gCAMC;AAvRD,uCAAyB;AACzB,2CAA6B;AAC7B,8CAAgC;AAChC,yCAIuB;AAEvB,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E;;;;;;GAMG;AACH,SAAS,iBAAiB,CAAC,OAAe;IACxC,OAAO,OAAO,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAAE,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AACvF,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,SAAgB,cAAc,CAAC,MAAe;IAC5C,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAClD,MAAM,IAAI,0BAAkB,CAAC,0BAA0B,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,GAAG,GAAG,MAAiC,CAAC;IAE9C,8EAA8E;IAC9E,IAAI,CAAC,CAAC,OAAO,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnF,MAAM,IAAI,0BAAkB,CAC1B,4FAA4F,CAC7F,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,IAAI,CAAC,CAAC,OAAO,IAAI,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,0BAAkB,CAC1B,wFAAwF,CACzF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,0BAAkB,CAAC,0BAA0B,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAc,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9C,MAAM,IAAI,0BAAkB,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;QAChE,CAAC;QACD,MAAM,CAAC,GAAG,IAA+B,CAAC;QAC1C,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC7D,MAAM,IAAI,0BAAkB,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChF,MAAM,IAAI,0BAAkB,CAC1B,SAAS,CAAC,OAAO,CAAC,CAAC,MAAM,CAAW,gCAAgC,CACrE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAA4B,CAAC;IACtD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,0BAAkB,CAC1B,4EAA4E,CAC7E,CAAC;IACJ,CAAC;IAED,qDAAqD;IACrD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAA4B,CAAC;QAC9C,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,CAA4B,CAAC;QACtD,KAAK,MAAM,GAAG,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAU,EAAE,CAAC;YAChE,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;YACzB,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,IAA+B,CAAC;gBAC1C,IAAI,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;oBACtD,MAAM,IAAI,0BAAkB,CAC1B,SAAS,CAAC,YAAY,GAAG,kCAAkC,CAC5D,CAAC;gBACJ,CAAC;gBACD,IAAI,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,MAAM,IAAI,0BAAkB,CAC1B,SAAS,CAAC,YAAY,GAAG,mCAAmC,CAC7D,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACH,SAAgB,kBAAkB,CAAC,QAAgB;IACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAExC,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,IAAI,0BAAkB,CAAC,4BAA4B,QAAQ,MAAM,GAAG,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,MAAM,WAAW,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE3C,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,IAAI,0BAAkB,CAAC,gCAAgC,QAAQ,MAAM,GAAG,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,cAAc,CAAC,MAAM,CAAC,CAAC;IACvB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,SAAgB,iBAAiB;IAC/B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAExB,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,4BAA4B,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7E,MAAM,aAAa,GAAG,QAAQ,CAAC,GAAG,CAAC,6BAA6B,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;IAE/E,MAAM,gBAAgB,GAAG,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAC5D,MAAM,aAAa,GACjB,gBAAgB,KAAK,QAAQ,IAAI,gBAAgB,KAAK,OAAO;QAC3D,CAAC,CAAC,gBAAgB;QAClB,CAAC,CAAC,MAAM,CAAC;IAEb,MAAM,gBAAgB,GAAG,GAAG,CAAC,gCAAgC,CAAC,KAAK,MAAM,CAAC;IAC1E,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,mCAAmC,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;IACjF,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,sCAAsC,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IAEzF,MAAM,qBAAqB,GAAG,GAAG,CAAC,sCAAsC,CAAC,KAAK,MAAM,CAAC;IAErF,MAAM,WAAW,GAAG,GAAG,CAAC,wBAAwB,CAAC,CAAC;IAClD,MAAM,QAAQ,GACZ,WAAW,KAAK,OAAO,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK,OAAO;QAC1E,CAAC,CAAC,WAAW;QACb,CAAC,CAAC,MAAM,CAAC;IAEb,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,CAAC,8BAA8B,CAAC,IAAI,GAAG,CAAC,CAAC;IAC7E,MAAM,iBAAiB,GAAG,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAC9D,MAAM,cAAc,GAClB,iBAAiB,KAAK,YAAY;QAClC,iBAAiB,KAAK,YAAY;QAClC,iBAAiB,KAAK,QAAQ;QAC5B,CAAC,CAAC,iBAAiB;QACnB,CAAC,CAAC,MAAM,CAAC;IAEb,MAAM,WAAW,GAAe;QAC9B,IAAI,EAAE,SAAS;QACf,MAAM,EAAE;YACN,EAAE,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE;SACnD;KACF,CAAC;IAEF,MAAM,QAAQ,GAAG,GAAG,CAAC,wBAAwB,CAAC,CAAC;IAE/C,MAAM,MAAM,GAAsB;QAChC,KAAK,EAAE;YACL,GAAG,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,wBAAwB,EAAE,CAAC;YACnF,GAAG,CAAC,GAAG,CAAC,yBAAyB,CAAC,KAAK,SAAS;gBAC9C,CAAC,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,yBAAyB,CAAC,EAAE;gBAC9C,CAAC,CAAC,EAAE,CAAC;SACR;QACD,KAAK,EAAE,CAAC,WAAW,CAAC;QACpB,SAAS,EAAE;YACT,OAAO,EAAE,gBAAgB;YACzB,SAAS;YACT,YAAY;SACb;QACD,OAAO,EAAE;YACP,OAAO,EAAE,aAAa;YACtB,GAAG,CAAC,qBAAqB;gBACvB,CAAC,CAAC;oBACE,cAAc,EAAE;wBACd,OAAO,EAAE,IAAI;wBACb,SAAS,EAAE,CAAC;wBACZ,eAAe,EAAE,KAAK;qBACvB;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR;QACD,aAAa,EAAE;YACb,QAAQ;YACR,aAAa,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa;YACvD,OAAO,EAAE,cAAc;YACvB,GAAG,CAAC,GAAG,CAAC,gCAAgC,CAAC,KAAK,SAAS;gBACrD,CAAC,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,gCAAgC,CAAC,EAAE;gBACtD,CAAC,CAAC,EAAE,CAAC;SACR;KACF,CAAC;IAEF,cAAc,CAAC,MAAM,CAAC,CAAC;IACvB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACH,SAAgB,UAAU,CAAC,QAAiB;IAC1C,MAAM,YAAY,GAAG,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACpE,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,EAAE,EAAE,CAAC;QACtD,OAAO,kBAAkB,CAAC,YAAY,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,iBAAiB,EAAE,CAAC;AAC7B,CAAC"}

package/dist/config/ssm-watcher.d.ts

@@ -0,0 +1,103 @@
+/**
+ * @fileoverview SSM Parameter Store hot-reload watcher.
+ *
+ * Polls AWS SSM Parameter Store at a configurable interval and calls
+ * `onUpdate` whenever parameter values change.  This allows rate limit
+ * configuration to be updated at runtime without restarting the process.
+ *
+ * Uses dynamic import of `@aws-sdk/client-ssm` so that the module can be
+ * loaded without the AWS SDK being available (e.g. in unit tests).
+ */
+import { RateLimiterConfig } from '../core/types';
+/**
+ * Configuration for the {@link SSMWatcher}.
+ */
+export interface SSMWatcherConfig {
+    /**
+     * SSM parameter path prefix to poll, e.g. `/rate-limiter/prod/limits`.
+     * All parameters under this path hierarchy will be fetched.
+     */
+    parameterPath: string;
+    /** AWS region where the SSM parameters live. */
+    region: string;
+    /** Polling interval in milliseconds.  Defaults to 60 000 ms (1 minute). */
+    refreshInterval?: number;
+    /**
+     * Callback invoked whenever one or more parameter values change.
+     * Receives a partial config built from the changed parameters.
+     */
+    onUpdate?: (newConfig: Partial<RateLimiterConfig>) => void;
+}
+/**
+ * Polls AWS SSM Parameter Store for configuration changes and notifies the
+ * application via the `onUpdate` callback.
+ *
+ * @example
+ * ```typescript
+ * const watcher = new SSMWatcher({
+ *   parameterPath: '/rate-limiter/prod',
+ *   region: 'us-east-1',
+ *   refreshInterval: 30_000,
+ *   onUpdate: (cfg) => limiter.applyConfig(cfg),
+ * })
+ * watcher.start()
+ * // … later …
+ * watcher.stop()
+ * ```
+ */
+export declare class SSMWatcher {
+    private intervalId;
+    private readonly config;
+    private lastParams;
+    /**
+     * @param config Watcher configuration.
+     * @throws {ConfigurationError} If `parameterPath` or `region` are empty.
+     */
+    constructor(config: SSMWatcherConfig);
+    /**
+     * Start polling SSM for parameter changes at the configured interval.
+     * If the watcher is already running this is a no-op.
+     */
+    start(): void;
+    /**
+     * Stop polling.  The in-flight poll (if any) may still complete.
+     */
+    stop(): void;
+    /**
+     * Returns `true` when the watcher is actively polling.
+     */
+    isRunning(): boolean;
+    /**
+     * Fetch all SSM parameters under the configured path once.
+     * Exposed for testing and manual refresh.
+     *
+     * @returns Map from parameter name to its string value.
+     * @throws {ConfigurationError} If the AWS SDK cannot be loaded.
+     */
+    fetchParams(): Promise<Map<string, string>>;
+    /**
+     * Internal poll: fetch params, diff against last snapshot, call onUpdate if changed.
+     */
+    private poll;
+    /**
+     * Compute which parameters changed between `prev` and `next`.
+     *
+     * @param prev Previous snapshot.
+     * @param next Current snapshot.
+     * @returns Map containing only the changed entries from `next`.
+     */
+    private diff;
+    /**
+     * Build a partial {@link RateLimiterConfig} from the changed SSM parameters.
+     *
+     * Parameter name conventions (relative to `parameterPath`):
+     * - `/ip/limit`   → first rule ip.limit
+     * - `/ip/window`  → first rule ip.window
+     * - `/log/level`  → observability.logLevel
+     *
+     * @param changed Map of changed parameter names → new values.
+     * @returns Partial config derived from the changed parameters.
+     */
+    private buildPartialConfig;
+}
+//# sourceMappingURL=ssm-watcher.d.ts.map

package/dist/config/ssm-watcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssm-watcher.d.ts","sourceRoot":"","sources":["../../src/config/ssm-watcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,iBAAiB,EAAsB,MAAM,eAAe,CAAC;AAMtE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB,gDAAgD;IAChD,MAAM,EAAE,MAAM,CAAC;IACf,2EAA2E;IAC3E,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;OAGG;IACH,QAAQ,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,iBAAiB,CAAC,KAAK,IAAI,CAAC;CAC5D;AAiCD;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,UAAU,CAA+C;IACjE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA6B;IACpD,OAAO,CAAC,UAAU,CAAkC;IAEpD;;;OAGG;gBACS,MAAM,EAAE,gBAAgB;IAoBpC;;;OAGG;IACH,KAAK,IAAI,IAAI;IAgBb;;OAEG;IACH,IAAI,IAAI,IAAI;IAOZ;;OAEG;IACH,SAAS,IAAI,OAAO;IAIpB;;;;;;OAMG;IACG,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IA4CjD;;OAEG;YACW,IAAI;IAgBlB;;;;;;OAMG;IACH,OAAO,CAAC,IAAI;IAmBZ;;;;;;;;;;OAUG;IACH,OAAO,CAAC,kBAAkB;CA+B3B"}

package/dist/config/ssm-watcher.js

@@ -0,0 +1,264 @@
+"use strict";
+/**
+ * @fileoverview SSM Parameter Store hot-reload watcher.
+ *
+ * Polls AWS SSM Parameter Store at a configurable interval and calls
+ * `onUpdate` whenever parameter values change.  This allows rate limit
+ * configuration to be updated at runtime without restarting the process.
+ *
+ * Uses dynamic import of `@aws-sdk/client-ssm` so that the module can be
+ * loaded without the AWS SDK being available (e.g. in unit tests).
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SSMWatcher = void 0;
+const types_1 = require("../core/types");
+// ---------------------------------------------------------------------------
+// SSM client factory (lazy dynamic import avoids hard dep at load time)
+// ---------------------------------------------------------------------------
+/**
+ * Lazily create an SSM client using dynamic import.
+ *
+ * @param region AWS region.
+ * @returns Configured SSM client.
+ */
+async function getSSMClient(region) {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any -- dynamic SDK import
+    const mod = await Promise.resolve().then(() => __importStar(require('@aws-sdk/client-ssm')));
+    const SSM = mod.SSM ?? mod.default?.SSM;
+    if (typeof SSM !== 'function') {
+        throw new types_1.ConfigurationError('Cannot load @aws-sdk/client-ssm');
+    }
+    return new SSM({ region });
+}
+// ---------------------------------------------------------------------------
+// SSMWatcher
+// ---------------------------------------------------------------------------
+/**
+ * Polls AWS SSM Parameter Store for configuration changes and notifies the
+ * application via the `onUpdate` callback.
+ *
+ * @example
+ * ```typescript
+ * const watcher = new SSMWatcher({
+ *   parameterPath: '/rate-limiter/prod',
+ *   region: 'us-east-1',
+ *   refreshInterval: 30_000,
+ *   onUpdate: (cfg) => limiter.applyConfig(cfg),
+ * })
+ * watcher.start()
+ * // … later …
+ * watcher.stop()
+ * ```
+ */
+class SSMWatcher {
+    intervalId = null;
+    config;
+    lastParams = new Map();
+    /**
+     * @param config Watcher configuration.
+     * @throws {ConfigurationError} If `parameterPath` or `region` are empty.
+     */
+    constructor(config) {
+        if (!config.parameterPath || config.parameterPath.trim() === '') {
+            throw new types_1.ConfigurationError('SSMWatcher requires a non-empty parameterPath');
+        }
+        if (!config.region || config.region.trim() === '') {
+            throw new types_1.ConfigurationError('SSMWatcher requires a non-empty region');
+        }
+        this.config = {
+            parameterPath: config.parameterPath,
+            region: config.region,
+            refreshInterval: config.refreshInterval ?? 60_000,
+            onUpdate: config.onUpdate ?? (() => undefined),
+        };
+    }
+    // -------------------------------------------------------------------------
+    // Public API
+    // -------------------------------------------------------------------------
+    /**
+     * Start polling SSM for parameter changes at the configured interval.
+     * If the watcher is already running this is a no-op.
+     */
+    start() {
+        if (this.intervalId !== null)
+            return;
+        // Fire immediately on first start, then on each interval tick.
+        void this.poll();
+        this.intervalId = setInterval(() => {
+            void this.poll();
+        }, this.config.refreshInterval);
+        // Prevent the interval from keeping the Node process alive.
+        if (this.intervalId.unref) {
+            this.intervalId.unref();
+        }
+    }
+    /**
+     * Stop polling.  The in-flight poll (if any) may still complete.
+     */
+    stop() {
+        if (this.intervalId !== null) {
+            clearInterval(this.intervalId);
+            this.intervalId = null;
+        }
+    }
+    /**
+     * Returns `true` when the watcher is actively polling.
+     */
+    isRunning() {
+        return this.intervalId !== null;
+    }
+    /**
+     * Fetch all SSM parameters under the configured path once.
+     * Exposed for testing and manual refresh.
+     *
+     * @returns Map from parameter name to its string value.
+     * @throws {ConfigurationError} If the AWS SDK cannot be loaded.
+     */
+    async fetchParams() {
+        const client = await getSSMClient(this.config.region);
+        const result = new Map();
+        let nextToken;
+        do {
+            const params = {
+                Path: this.config.parameterPath,
+                Recursive: true,
+                WithDecryption: true,
+                ...(nextToken !== undefined ? { NextToken: nextToken } : {}),
+            };
+            // Support both SDK v2 (.promise()) and SDK v3 (direct promise)
+            const response = await (async () => {
+                const call = client.getParametersByPath(params);
+                if (call && typeof call.promise === 'function') {
+                    return call.promise();
+                }
+                return call;
+            })();
+            const resp = response;
+            for (const p of resp.Parameters ?? []) {
+                if (p.Name !== undefined && p.Value !== undefined) {
+                    result.set(p.Name, p.Value);
+                }
+            }
+            nextToken = resp.NextToken;
+        } while (nextToken !== undefined);
+        return result;
+    }
+    // -------------------------------------------------------------------------
+    // Private helpers
+    // -------------------------------------------------------------------------
+    /**
+     * Internal poll: fetch params, diff against last snapshot, call onUpdate if changed.
+     */
+    async poll() {
+        try {
+            const current = await this.fetchParams();
+            const changed = this.diff(this.lastParams, current);
+            if (changed.size > 0) {
+                this.lastParams = current;
+                const partial = this.buildPartialConfig(changed);
+                this.config.onUpdate(partial);
+            }
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            process.stderr.write(`[SSMWatcher] poll error: ${message}\n`);
+        }
+    }
+    /**
+     * Compute which parameters changed between `prev` and `next`.
+     *
+     * @param prev Previous snapshot.
+     * @param next Current snapshot.
+     * @returns Map containing only the changed entries from `next`.
+     */
+    diff(prev, next) {
+        const changed = new Map();
+        for (const [key, value] of next) {
+            if (prev.get(key) !== value) {
+                changed.set(key, value);
+            }
+        }
+        // Also detect deleted params (value disappears).
+        for (const key of prev.keys()) {
+            if (!next.has(key)) {
+                changed.set(key, '');
+            }
+        }
+        return changed;
+    }
+    /**
+     * Build a partial {@link RateLimiterConfig} from the changed SSM parameters.
+     *
+     * Parameter name conventions (relative to `parameterPath`):
+     * - `/ip/limit`   → first rule ip.limit
+     * - `/ip/window`  → first rule ip.window
+     * - `/log/level`  → observability.logLevel
+     *
+     * @param changed Map of changed parameter names → new values.
+     * @returns Partial config derived from the changed parameters.
+     */
+    buildPartialConfig(changed) {
+        const partial = {};
+        for (const [name, value] of changed) {
+            const suffix = name.replace(this.config.parameterPath, '');
+            if (suffix === '/ip/limit' || suffix === '/ip/window') {
+                const parsed = parseInt(value, 10);
+                if (!isNaN(parsed)) {
+                    if (!partial.rules) {
+                        partial.rules = [{ name: 'default', limits: {} }];
+                    }
+                    const rule = partial.rules[0];
+                    if (!rule.limits.ip) {
+                        rule.limits.ip = { limit: 60, window: 60 };
+                    }
+                    if (suffix === '/ip/limit')
+                        rule.limits.ip.limit = parsed;
+                    else
+                        rule.limits.ip.window = parsed;
+                }
+            }
+            else if (suffix === '/log/level') {
+                const level = value;
+                if (['debug', 'info', 'warn', 'error'].includes(level)) {
+                    partial.observability = { ...partial.observability, logLevel: level };
+                }
+            }
+        }
+        return partial;
+    }
+}
+exports.SSMWatcher = SSMWatcher;
+//# sourceMappingURL=ssm-watcher.js.map

package/dist/config/ssm-watcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssm-watcher.js","sourceRoot":"","sources":["../../src/config/ssm-watcher.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,yCAAsE;AA0BtE,8EAA8E;AAC9E,wEAAwE;AACxE,8EAA8E;AAE9E;;;;;GAKG;AACH,KAAK,UAAU,YAAY,CACzB,MAAc;IAEd,oFAAoF;IACpF,MAAM,GAAG,GAAG,wDAAa,qBAAqB,GAAQ,CAAC;IACvD,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC;IACxC,IAAI,OAAO,GAAG,KAAK,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,0BAAkB,CAAC,iCAAiC,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,IAAI,GAAG,CAAC,EAAE,MAAM,EAAE,CAKxB,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;;;;;;;;;;;GAgBG;AACH,MAAa,UAAU;IACb,UAAU,GAA0C,IAAI,CAAC;IAChD,MAAM,CAA6B;IAC5C,UAAU,GAAwB,IAAI,GAAG,EAAE,CAAC;IAEpD;;;OAGG;IACH,YAAY,MAAwB;QAClC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAChE,MAAM,IAAI,0BAAkB,CAAC,+CAA+C,CAAC,CAAC;QAChF,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAClD,MAAM,IAAI,0BAAkB,CAAC,wCAAwC,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,MAAM;YACjD,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC;SAC/C,CAAC;IACJ,CAAC;IAED,4EAA4E;IAC5E,aAAa;IACb,4EAA4E;IAE5E;;;OAGG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,UAAU,KAAK,IAAI;YAAE,OAAO;QAErC,+DAA+D;QAC/D,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;QAEjB,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE;YACjC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;QACnB,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAEhC,4DAA4D;QAC5D,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YAC1B,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI;QACF,IAAI,IAAI,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC;YAC7B,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC/B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,UAAU,KAAK,IAAI,CAAC;IAClC,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,WAAW;QACf,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;QAEzC,IAAI,SAA6B,CAAC;QAElC,GAAG,CAAC;YACF,MAAM,MAAM,GAA4B;gBACtC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa;gBAC/B,SAAS,EAAE,IAAI;gBACf,cAAc,EAAE,IAAI;gBACpB,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC7D,CAAC;YAEF,+DAA+D;YAC/D,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE;gBACjC,MAAM,IAAI,GAAG,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;gBAChD,IAAI,IAAI,IAAI,OAAQ,IAA6C,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;oBACzF,OAAQ,IAA4C,CAAC,OAAO,EAAE,CAAC;gBACjE,CAAC;gBACD,OAAO,IAAwB,CAAC;YAClC,CAAC,CAAC,EAAE,CAAC;YAEL,MAAM,IAAI,GAAG,QAGZ,CAAC;YAEF,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;gBACtC,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;oBAClD,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC;YAED,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAC7B,CAAC,QAAQ,SAAS,KAAK,SAAS,EAAE;QAElC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,4EAA4E;IAC5E,kBAAkB;IAClB,4EAA4E;IAE5E;;OAEG;IACK,KAAK,CAAC,IAAI;QAChB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;YACzC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAEpD,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBACrB,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC;gBAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;gBACjD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,OAAO,IAAI,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,IAAI,CACV,IAAyB,EACzB,IAAyB;QAEzB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC;YAChC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QACD,iDAAiD;QACjD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;;;OAUG;IACK,kBAAkB,CACxB,OAA4B;QAE5B,MAAM,OAAO,GAA+B,EAAE,CAAC;QAE/C,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAE3D,IAAI,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;gBACtD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBACnC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;oBACnB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;wBACnB,OAAO,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;oBACpD,CAAC;oBACD,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC9B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;wBACpB,IAAI,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;oBAC7C,CAAC;oBACD,IAAI,MAAM,KAAK,WAAW;wBAAE,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,GAAG,MAAM,CAAC;;wBACrD,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC;gBACtC,CAAC;YACH,CAAC;iBAAM,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;gBACnC,MAAM,KAAK,GAAG,KAA4C,CAAC;gBAC3D,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACvD,OAAO,CAAC,aAAa,GAAG,EAAE,GAAG,OAAO,CAAC,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AA5MD,gCA4MC"}