@scupit/mcp-ecosystem 0.1.0

package/dist/types/client-config.d.ts

@@ -0,0 +1,96 @@
+import { z } from "zod";
+export declare const ClientConfigSchema: z.ZodObject<{
+    client_key: z.ZodString;
+    display_name: z.ZodString;
+    descriptor: z.ZodOptional<z.ZodString>;
+    profile: z.ZodEnum<["native_interactive", "spa_interactive", "regular_web_interactive", "service_m2m"]>;
+    auth0: z.ZodObject<{
+        create_if_missing: z.ZodDefault<z.ZodBoolean>;
+        existing_client_id: z.ZodDefault<z.ZodNullable<z.ZodString>>;
+    }, "strip", z.ZodTypeAny, {
+        create_if_missing: boolean;
+        existing_client_id: string | null;
+    }, {
+        create_if_missing?: boolean | undefined;
+        existing_client_id?: string | null | undefined;
+    }>;
+    application_settings: z.ZodOptional<z.ZodObject<{
+        callback_urls: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        logout_urls: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        web_origins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        token_endpoint_auth_method: z.ZodOptional<z.ZodEnum<["none", "client_secret_post", "client_secret_basic", "private_key_jwt"]>>;
+    }, "strip", z.ZodTypeAny, {
+        token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+        callback_urls?: string[] | undefined;
+        logout_urls?: string[] | undefined;
+        web_origins?: string[] | undefined;
+    }, {
+        token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+        callback_urls?: string[] | undefined;
+        logout_urls?: string[] | undefined;
+        web_origins?: string[] | undefined;
+    }>>;
+    credentials: z.ZodOptional<z.ZodObject<{
+        client_secret_env: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        client_secret_env?: string | undefined;
+    }, {
+        client_secret_env?: string | undefined;
+    }>>;
+    token_settings: z.ZodOptional<z.ZodObject<{
+        use_refresh_tokens: z.ZodOptional<z.ZodBoolean>;
+        refresh_token_rotation: z.ZodOptional<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        use_refresh_tokens?: boolean | undefined;
+        refresh_token_rotation?: boolean | undefined;
+    }, {
+        use_refresh_tokens?: boolean | undefined;
+        refresh_token_rotation?: boolean | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    auth0: {
+        create_if_missing: boolean;
+        existing_client_id: string | null;
+    };
+    display_name: string;
+    profile: "native_interactive" | "spa_interactive" | "regular_web_interactive" | "service_m2m";
+    client_key: string;
+    descriptor?: string | undefined;
+    application_settings?: {
+        token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+        callback_urls?: string[] | undefined;
+        logout_urls?: string[] | undefined;
+        web_origins?: string[] | undefined;
+    } | undefined;
+    credentials?: {
+        client_secret_env?: string | undefined;
+    } | undefined;
+    token_settings?: {
+        use_refresh_tokens?: boolean | undefined;
+        refresh_token_rotation?: boolean | undefined;
+    } | undefined;
+}, {
+    auth0: {
+        create_if_missing?: boolean | undefined;
+        existing_client_id?: string | null | undefined;
+    };
+    display_name: string;
+    profile: "native_interactive" | "spa_interactive" | "regular_web_interactive" | "service_m2m";
+    client_key: string;
+    descriptor?: string | undefined;
+    application_settings?: {
+        token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+        callback_urls?: string[] | undefined;
+        logout_urls?: string[] | undefined;
+        web_origins?: string[] | undefined;
+    } | undefined;
+    credentials?: {
+        client_secret_env?: string | undefined;
+    } | undefined;
+    token_settings?: {
+        use_refresh_tokens?: boolean | undefined;
+        refresh_token_rotation?: boolean | undefined;
+    } | undefined;
+}>;
+export type ClientConfig = z.infer<typeof ClientConfigSchema>;
+//# sourceMappingURL=client-config.d.ts.map

package/dist/types/client-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-config.d.ts","sourceRoot":"","sources":["../../src/types/client-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4B7B,CAAC;AAEH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC"}

package/dist/types/client-config.js

@@ -0,0 +1,32 @@
+import { z } from "zod";
+import { ClientProfileSchema, TokenEndpointAuthMethodSchema, } from "./ecosystem-config.js";
+export const ClientConfigSchema = z.object({
+    client_key: z.string().min(1),
+    display_name: z.string().min(1),
+    descriptor: z.string().optional(),
+    profile: ClientProfileSchema,
+    auth0: z.object({
+        create_if_missing: z.boolean().default(true),
+        existing_client_id: z.string().nullable().default(null),
+    }),
+    application_settings: z
+        .object({
+        callback_urls: z.array(z.string()).optional(),
+        logout_urls: z.array(z.string()).optional(),
+        web_origins: z.array(z.string()).optional(),
+        token_endpoint_auth_method: TokenEndpointAuthMethodSchema.optional(),
+    })
+        .optional(),
+    credentials: z
+        .object({
+        client_secret_env: z.string().optional(),
+    })
+        .optional(),
+    token_settings: z
+        .object({
+        use_refresh_tokens: z.boolean().optional(),
+        refresh_token_rotation: z.boolean().optional(),
+    })
+        .optional(),
+});
+//# sourceMappingURL=client-config.js.map

package/dist/types/client-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-config.js","sourceRoot":"","sources":["../../src/types/client-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACL,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,uBAAuB,CAAC;AAE/B,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,OAAO,EAAE,mBAAmB;IAC5B,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;QACd,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QAC5C,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;KACxD,CAAC;IACF,oBAAoB,EAAE,CAAC;SACpB,MAAM,CAAC;QACN,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC7C,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC3C,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC3C,0BAA0B,EAAE,6BAA6B,CAAC,QAAQ,EAAE;KACrE,CAAC;SACD,QAAQ,EAAE;IACb,WAAW,EAAE,CAAC;SACX,MAAM,CAAC;QACN,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACzC,CAAC;SACD,QAAQ,EAAE;IACb,cAAc,EAAE,CAAC;SACd,MAAM,CAAC;QACN,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QAC1C,sBAAsB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KAC/C,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC"}

package/dist/types/client-descriptor.d.ts

@@ -0,0 +1,45 @@
+import { z } from "zod";
+export declare const ReusePolicySchema: z.ZodEnum<["share_if_exact_match", "patch_if_safe", "never_share"]>;
+export type ReusePolicy = z.infer<typeof ReusePolicySchema>;
+export declare const ClientDescriptorSchema: z.ZodObject<{
+    descriptor_key: z.ZodString;
+    display_name: z.ZodString;
+    profile: z.ZodEnum<["native_interactive", "spa_interactive", "regular_web_interactive", "service_m2m"]>;
+    access_mode: z.ZodEnum<["user", "machine"]>;
+    supports_pkce: z.ZodOptional<z.ZodBoolean>;
+    supports_device_flow: z.ZodOptional<z.ZodBoolean>;
+    requires_refresh_tokens: z.ZodOptional<z.ZodBoolean>;
+    requires_refresh_token_rotation: z.ZodOptional<z.ZodBoolean>;
+    callback_urls: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    logout_urls: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    web_origins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    reuse_policy: z.ZodDefault<z.ZodEnum<["share_if_exact_match", "patch_if_safe", "never_share"]>>;
+}, "strip", z.ZodTypeAny, {
+    access_mode: "user" | "machine";
+    descriptor_key: string;
+    display_name: string;
+    profile: "native_interactive" | "spa_interactive" | "regular_web_interactive" | "service_m2m";
+    reuse_policy: "share_if_exact_match" | "patch_if_safe" | "never_share";
+    supports_pkce?: boolean | undefined;
+    supports_device_flow?: boolean | undefined;
+    requires_refresh_tokens?: boolean | undefined;
+    requires_refresh_token_rotation?: boolean | undefined;
+    callback_urls?: string[] | undefined;
+    logout_urls?: string[] | undefined;
+    web_origins?: string[] | undefined;
+}, {
+    access_mode: "user" | "machine";
+    descriptor_key: string;
+    display_name: string;
+    profile: "native_interactive" | "spa_interactive" | "regular_web_interactive" | "service_m2m";
+    supports_pkce?: boolean | undefined;
+    supports_device_flow?: boolean | undefined;
+    requires_refresh_tokens?: boolean | undefined;
+    requires_refresh_token_rotation?: boolean | undefined;
+    callback_urls?: string[] | undefined;
+    logout_urls?: string[] | undefined;
+    web_origins?: string[] | undefined;
+    reuse_policy?: "share_if_exact_match" | "patch_if_safe" | "never_share" | undefined;
+}>;
+export type ClientDescriptor = z.infer<typeof ClientDescriptorSchema>;
+//# sourceMappingURL=client-descriptor.d.ts.map

package/dist/types/client-descriptor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-descriptor.d.ts","sourceRoot":"","sources":["../../src/types/client-descriptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,eAAO,MAAM,iBAAiB,qEAI5B,CAAC;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAajC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC"}

package/dist/types/client-descriptor.js

@@ -0,0 +1,22 @@
+import { z } from "zod";
+import { AccessModeSchema, ClientProfileSchema } from "./ecosystem-config.js";
+export const ReusePolicySchema = z.enum([
+    "share_if_exact_match",
+    "patch_if_safe",
+    "never_share",
+]);
+export const ClientDescriptorSchema = z.object({
+    descriptor_key: z.string().min(1),
+    display_name: z.string().min(1),
+    profile: ClientProfileSchema,
+    access_mode: AccessModeSchema,
+    supports_pkce: z.boolean().optional(),
+    supports_device_flow: z.boolean().optional(),
+    requires_refresh_tokens: z.boolean().optional(),
+    requires_refresh_token_rotation: z.boolean().optional(),
+    callback_urls: z.array(z.string()).optional(),
+    logout_urls: z.array(z.string()).optional(),
+    web_origins: z.array(z.string()).optional(),
+    reuse_policy: ReusePolicySchema.default("share_if_exact_match"),
+});
+//# sourceMappingURL=client-descriptor.js.map

package/dist/types/client-descriptor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-descriptor.js","sourceRoot":"","sources":["../../src/types/client-descriptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE9E,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,IAAI,CAAC;IACtC,sBAAsB;IACtB,eAAe;IACf,aAAa;CACd,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACjC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/B,OAAO,EAAE,mBAAmB;IAC5B,WAAW,EAAE,gBAAgB;IAC7B,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACrC,oBAAoB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC5C,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/C,+BAA+B,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvD,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3C,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3C,YAAY,EAAE,iBAAiB,CAAC,OAAO,CAAC,sBAAsB,CAAC;CAChE,CAAC,CAAC"}

package/dist/types/ecosystem-config.d.ts

@@ -0,0 +1,210 @@
+import { z } from "zod";
+export declare const ClientProfileSchema: z.ZodEnum<["native_interactive", "spa_interactive", "regular_web_interactive", "service_m2m"]>;
+export type ClientProfile = z.infer<typeof ClientProfileSchema>;
+export declare const AccessModeSchema: z.ZodEnum<["user", "machine"]>;
+export type AccessMode = z.infer<typeof AccessModeSchema>;
+export declare const GrantStrategySchema: z.ZodEnum<["authorization_code_pkce", "authorization_code", "client_credentials"]>;
+export type GrantStrategy = z.infer<typeof GrantStrategySchema>;
+export declare const TokenEndpointAuthMethodSchema: z.ZodEnum<["none", "client_secret_post", "client_secret_basic", "private_key_jwt"]>;
+export type TokenEndpointAuthMethod = z.infer<typeof TokenEndpointAuthMethodSchema>;
+export declare const UserAccessPolicySchema: z.ZodEnum<["require_client_grant", "allow_all"]>;
+export type UserAccessPolicy = z.infer<typeof UserAccessPolicySchema>;
+export declare const ClientAccessPolicySchema: z.ZodEnum<["deny_all", "require_client_grant"]>;
+export type ClientAccessPolicy = z.infer<typeof ClientAccessPolicySchema>;
+declare const ClientProfileDefinitionSchema: z.ZodObject<{
+    application_type: z.ZodEnum<["native", "spa", "regular_web", "m2m"]>;
+    access_mode: z.ZodEnum<["user", "machine"]>;
+    grant_strategy: z.ZodEnum<["authorization_code_pkce", "authorization_code", "client_credentials"]>;
+    token_endpoint_auth_method: z.ZodOptional<z.ZodEnum<["none", "client_secret_post", "client_secret_basic", "private_key_jwt"]>>;
+    use_refresh_tokens: z.ZodOptional<z.ZodBoolean>;
+    refresh_token_rotation: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    application_type: "native" | "spa" | "regular_web" | "m2m";
+    access_mode: "user" | "machine";
+    grant_strategy: "authorization_code_pkce" | "authorization_code" | "client_credentials";
+    token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+    use_refresh_tokens?: boolean | undefined;
+    refresh_token_rotation?: boolean | undefined;
+}, {
+    application_type: "native" | "spa" | "regular_web" | "m2m";
+    access_mode: "user" | "machine";
+    grant_strategy: "authorization_code_pkce" | "authorization_code" | "client_credentials";
+    token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+    use_refresh_tokens?: boolean | undefined;
+    refresh_token_rotation?: boolean | undefined;
+}>;
+export type ClientProfileDefinition = z.infer<typeof ClientProfileDefinitionSchema>;
+export declare const EcosystemConfigSchema: z.ZodObject<{
+    schema_version: z.ZodLiteral<1>;
+    ecosystem_name: z.ZodString;
+    domain: z.ZodObject<{
+        base_domain: z.ZodString;
+        server_host_pattern: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        base_domain: string;
+        server_host_pattern: string;
+    }, {
+        base_domain: string;
+        server_host_pattern: string;
+    }>;
+    auth0: z.ZodObject<{
+        tenant_domain: z.ZodString;
+        management_audience: z.ZodString;
+        management_client_id_env: z.ZodString;
+        management_client_secret_env: z.ZodString;
+        verify_tenant_prerequisites: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        tenant_domain: string;
+        management_audience: string;
+        management_client_id_env: string;
+        management_client_secret_env: string;
+        verify_tenant_prerequisites: boolean;
+    }, {
+        tenant_domain: string;
+        management_audience: string;
+        management_client_id_env: string;
+        management_client_secret_env: string;
+        verify_tenant_prerequisites?: boolean | undefined;
+    }>;
+    defaults: z.ZodObject<{
+        api: z.ZodObject<{
+            signing_alg: z.ZodDefault<z.ZodString>;
+            token_dialect: z.ZodDefault<z.ZodString>;
+            user_access_policy: z.ZodDefault<z.ZodEnum<["require_client_grant", "allow_all"]>>;
+            client_access_policy: z.ZodDefault<z.ZodEnum<["deny_all", "require_client_grant"]>>;
+        }, "strip", z.ZodTypeAny, {
+            signing_alg: string;
+            token_dialect: string;
+            user_access_policy: "require_client_grant" | "allow_all";
+            client_access_policy: "require_client_grant" | "deny_all";
+        }, {
+            signing_alg?: string | undefined;
+            token_dialect?: string | undefined;
+            user_access_policy?: "require_client_grant" | "allow_all" | undefined;
+            client_access_policy?: "require_client_grant" | "deny_all" | undefined;
+        }>;
+        scope_profiles: z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>;
+        client_profiles: z.ZodOptional<z.ZodRecord<z.ZodEnum<["native_interactive", "spa_interactive", "regular_web_interactive", "service_m2m"]>, z.ZodObject<{
+            application_type: z.ZodEnum<["native", "spa", "regular_web", "m2m"]>;
+            access_mode: z.ZodEnum<["user", "machine"]>;
+            grant_strategy: z.ZodEnum<["authorization_code_pkce", "authorization_code", "client_credentials"]>;
+            token_endpoint_auth_method: z.ZodOptional<z.ZodEnum<["none", "client_secret_post", "client_secret_basic", "private_key_jwt"]>>;
+            use_refresh_tokens: z.ZodOptional<z.ZodBoolean>;
+            refresh_token_rotation: z.ZodOptional<z.ZodBoolean>;
+        }, "strip", z.ZodTypeAny, {
+            application_type: "native" | "spa" | "regular_web" | "m2m";
+            access_mode: "user" | "machine";
+            grant_strategy: "authorization_code_pkce" | "authorization_code" | "client_credentials";
+            token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+            use_refresh_tokens?: boolean | undefined;
+            refresh_token_rotation?: boolean | undefined;
+        }, {
+            application_type: "native" | "spa" | "regular_web" | "m2m";
+            access_mode: "user" | "machine";
+            grant_strategy: "authorization_code_pkce" | "authorization_code" | "client_credentials";
+            token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+            use_refresh_tokens?: boolean | undefined;
+            refresh_token_rotation?: boolean | undefined;
+        }>>>;
+    }, "strip", z.ZodTypeAny, {
+        api: {
+            signing_alg: string;
+            token_dialect: string;
+            user_access_policy: "require_client_grant" | "allow_all";
+            client_access_policy: "require_client_grant" | "deny_all";
+        };
+        scope_profiles: Record<string, string[]>;
+        client_profiles?: Partial<Record<"native_interactive" | "spa_interactive" | "regular_web_interactive" | "service_m2m", {
+            application_type: "native" | "spa" | "regular_web" | "m2m";
+            access_mode: "user" | "machine";
+            grant_strategy: "authorization_code_pkce" | "authorization_code" | "client_credentials";
+            token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+            use_refresh_tokens?: boolean | undefined;
+            refresh_token_rotation?: boolean | undefined;
+        }>> | undefined;
+    }, {
+        api: {
+            signing_alg?: string | undefined;
+            token_dialect?: string | undefined;
+            user_access_policy?: "require_client_grant" | "allow_all" | undefined;
+            client_access_policy?: "require_client_grant" | "deny_all" | undefined;
+        };
+        scope_profiles: Record<string, string[]>;
+        client_profiles?: Partial<Record<"native_interactive" | "spa_interactive" | "regular_web_interactive" | "service_m2m", {
+            application_type: "native" | "spa" | "regular_web" | "m2m";
+            access_mode: "user" | "machine";
+            grant_strategy: "authorization_code_pkce" | "authorization_code" | "client_credentials";
+            token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+            use_refresh_tokens?: boolean | undefined;
+            refresh_token_rotation?: boolean | undefined;
+        }>> | undefined;
+    }>;
+    client_groups: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
+}, "strip", z.ZodTypeAny, {
+    schema_version: 1;
+    ecosystem_name: string;
+    domain: {
+        base_domain: string;
+        server_host_pattern: string;
+    };
+    auth0: {
+        tenant_domain: string;
+        management_audience: string;
+        management_client_id_env: string;
+        management_client_secret_env: string;
+        verify_tenant_prerequisites: boolean;
+    };
+    defaults: {
+        api: {
+            signing_alg: string;
+            token_dialect: string;
+            user_access_policy: "require_client_grant" | "allow_all";
+            client_access_policy: "require_client_grant" | "deny_all";
+        };
+        scope_profiles: Record<string, string[]>;
+        client_profiles?: Partial<Record<"native_interactive" | "spa_interactive" | "regular_web_interactive" | "service_m2m", {
+            application_type: "native" | "spa" | "regular_web" | "m2m";
+            access_mode: "user" | "machine";
+            grant_strategy: "authorization_code_pkce" | "authorization_code" | "client_credentials";
+            token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+            use_refresh_tokens?: boolean | undefined;
+            refresh_token_rotation?: boolean | undefined;
+        }>> | undefined;
+    };
+    client_groups?: Record<string, string[]> | undefined;
+}, {
+    schema_version: 1;
+    ecosystem_name: string;
+    domain: {
+        base_domain: string;
+        server_host_pattern: string;
+    };
+    auth0: {
+        tenant_domain: string;
+        management_audience: string;
+        management_client_id_env: string;
+        management_client_secret_env: string;
+        verify_tenant_prerequisites?: boolean | undefined;
+    };
+    defaults: {
+        api: {
+            signing_alg?: string | undefined;
+            token_dialect?: string | undefined;
+            user_access_policy?: "require_client_grant" | "allow_all" | undefined;
+            client_access_policy?: "require_client_grant" | "deny_all" | undefined;
+        };
+        scope_profiles: Record<string, string[]>;
+        client_profiles?: Partial<Record<"native_interactive" | "spa_interactive" | "regular_web_interactive" | "service_m2m", {
+            application_type: "native" | "spa" | "regular_web" | "m2m";
+            access_mode: "user" | "machine";
+            grant_strategy: "authorization_code_pkce" | "authorization_code" | "client_credentials";
+            token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "private_key_jwt" | undefined;
+            use_refresh_tokens?: boolean | undefined;
+            refresh_token_rotation?: boolean | undefined;
+        }>> | undefined;
+    };
+    client_groups?: Record<string, string[]> | undefined;
+}>;
+export type EcosystemConfig = z.infer<typeof EcosystemConfigSchema>;
+export {};
+//# sourceMappingURL=ecosystem-config.d.ts.map

package/dist/types/ecosystem-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecosystem-config.d.ts","sourceRoot":"","sources":["../../src/types/ecosystem-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,mBAAmB,gGAK9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,eAAO,MAAM,gBAAgB,gCAA8B,CAAC;AAC5D,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE1D,eAAO,MAAM,mBAAmB,oFAI9B,CAAC;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,eAAO,MAAM,6BAA6B,qFAKxC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAC3C,OAAO,6BAA6B,CACrC,CAAC;AAEF,eAAO,MAAM,sBAAsB,kDAGjC,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE,eAAO,MAAM,wBAAwB,iDAGnC,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE1E,QAAA,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;EAOjC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAC3C,OAAO,6BAA6B,CACrC,CAAC;AAEF,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6BhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC"}

package/dist/types/ecosystem-config.js

@@ -0,0 +1,64 @@
+import { z } from "zod";
+export const ClientProfileSchema = z.enum([
+    "native_interactive",
+    "spa_interactive",
+    "regular_web_interactive",
+    "service_m2m",
+]);
+export const AccessModeSchema = z.enum(["user", "machine"]);
+export const GrantStrategySchema = z.enum([
+    "authorization_code_pkce",
+    "authorization_code",
+    "client_credentials",
+]);
+export const TokenEndpointAuthMethodSchema = z.enum([
+    "none",
+    "client_secret_post",
+    "client_secret_basic",
+    "private_key_jwt",
+]);
+export const UserAccessPolicySchema = z.enum([
+    "require_client_grant",
+    "allow_all",
+]);
+export const ClientAccessPolicySchema = z.enum([
+    "deny_all",
+    "require_client_grant",
+]);
+const ClientProfileDefinitionSchema = z.object({
+    application_type: z.enum(["native", "spa", "regular_web", "m2m"]),
+    access_mode: AccessModeSchema,
+    grant_strategy: GrantStrategySchema,
+    token_endpoint_auth_method: TokenEndpointAuthMethodSchema.optional(),
+    use_refresh_tokens: z.boolean().optional(),
+    refresh_token_rotation: z.boolean().optional(),
+});
+export const EcosystemConfigSchema = z.object({
+    schema_version: z.literal(1),
+    ecosystem_name: z.string().min(1),
+    domain: z.object({
+        base_domain: z.string().min(1),
+        server_host_pattern: z.string().min(1),
+    }),
+    auth0: z.object({
+        tenant_domain: z.string().min(1),
+        management_audience: z.string().url(),
+        management_client_id_env: z.string().min(1),
+        management_client_secret_env: z.string().min(1),
+        verify_tenant_prerequisites: z.boolean().default(true),
+    }),
+    defaults: z.object({
+        api: z.object({
+            signing_alg: z.string().default("RS256"),
+            token_dialect: z.string().default("rfc9068_profile_authz"),
+            user_access_policy: UserAccessPolicySchema.default("require_client_grant"),
+            client_access_policy: ClientAccessPolicySchema.default("deny_all"),
+        }),
+        scope_profiles: z.record(z.string(), z.array(z.string())),
+        client_profiles: z
+            .record(ClientProfileSchema, ClientProfileDefinitionSchema)
+            .optional(),
+    }),
+    client_groups: z.record(z.string(), z.array(z.string())).optional(),
+});
+//# sourceMappingURL=ecosystem-config.js.map

package/dist/types/ecosystem-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecosystem-config.js","sourceRoot":"","sources":["../../src/types/ecosystem-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,IAAI,CAAC;IACxC,oBAAoB;IACpB,iBAAiB;IACjB,yBAAyB;IACzB,aAAa;CACd,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;AAG5D,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,IAAI,CAAC;IACxC,yBAAyB;IACzB,oBAAoB;IACpB,oBAAoB;CACrB,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,CAAC,IAAI,CAAC;IAClD,MAAM;IACN,oBAAoB;IACpB,qBAAqB;IACrB,iBAAiB;CAClB,CAAC,CAAC;AAKH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC3C,sBAAsB;IACtB,WAAW;CACZ,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC7C,UAAU;IACV,sBAAsB;CACvB,CAAC,CAAC;AAGH,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,gBAAgB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,CAAC,CAAC;IACjE,WAAW,EAAE,gBAAgB;IAC7B,cAAc,EAAE,mBAAmB;IACnC,0BAA0B,EAAE,6BAA6B,CAAC,QAAQ,EAAE;IACpE,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC1C,sBAAsB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/C,CAAC,CAAC;AAMH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,cAAc,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5B,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACjC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;KACvC,CAAC;IACF,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;QACd,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAChC,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;QACrC,wBAAwB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC3C,4BAA4B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/C,2BAA2B,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;KACvD,CAAC;IACF,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC;YACZ,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;YACxC,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,uBAAuB,CAAC;YAC1D,kBAAkB,EAAE,sBAAsB,CAAC,OAAO,CAChD,sBAAsB,CACvB;YACD,oBAAoB,EAAE,wBAAwB,CAAC,OAAO,CAAC,UAAU,CAAC;SACnE,CAAC;QACF,cAAc,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QACzD,eAAe,EAAE,CAAC;aACf,MAAM,CAAC,mBAAmB,EAAE,6BAA6B,CAAC;aAC1D,QAAQ,EAAE;KACd,CAAC;IACF,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;CACpE,CAAC,CAAC"}

package/dist/types/index.d.ts

@@ -0,0 +1,10 @@
+export { EcosystemConfigSchema, ClientProfileSchema, AccessModeSchema, GrantStrategySchema, TokenEndpointAuthMethodSchema, UserAccessPolicySchema, ClientAccessPolicySchema, } from "./ecosystem-config.js";
+export type { EcosystemConfig, ClientProfile, AccessMode, GrantStrategy, TokenEndpointAuthMethod, UserAccessPolicy, ClientAccessPolicy, ClientProfileDefinition, } from "./ecosystem-config.js";
+export { ClientDescriptorSchema, ReusePolicySchema } from "./client-descriptor.js";
+export type { ClientDescriptor, ReusePolicy } from "./client-descriptor.js";
+export { ClientConfigSchema } from "./client-config.js";
+export type { ClientConfig } from "./client-config.js";
+export { ServerConfigSchema } from "./server-config.js";
+export type { ServerConfig } from "./server-config.js";
+export type { Auth0Application, Auth0Api, Auth0ApiScope, Auth0ClientGrant, Auth0TenantSettings, } from "./auth0-responses.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EACV,eAAe,EACf,aAAa,EACb,UAAU,EACV,aAAa,EACb,uBAAuB,EACvB,gBAAgB,EAChB,kBAAkB,EAClB,uBAAuB,GACxB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AACnF,YAAY,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAE5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,YAAY,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,YAAY,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEvD,YAAY,EACV,gBAAgB,EAChB,QAAQ,EACR,aAAa,EACb,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC"}

package/dist/types/index.js

@@ -0,0 +1,5 @@
+export { EcosystemConfigSchema, ClientProfileSchema, AccessModeSchema, GrantStrategySchema, TokenEndpointAuthMethodSchema, UserAccessPolicySchema, ClientAccessPolicySchema, } from "./ecosystem-config.js";
+export { ClientDescriptorSchema, ReusePolicySchema } from "./client-descriptor.js";
+export { ClientConfigSchema } from "./client-config.js";
+export { ServerConfigSchema } from "./server-config.js";
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,6BAA6B,EAC7B,sBAAsB,EACtB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAY/B,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAGnF,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAGxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/types/server-config.d.ts

@@ -0,0 +1,73 @@
+import { z } from "zod";
+export declare const ServerConfigSchema: z.ZodObject<{
+    name: z.ZodString;
+    slug: z.ZodString;
+    scope_profile: z.ZodOptional<z.ZodString>;
+    extra_scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    auth0: z.ZodOptional<z.ZodObject<{
+        create_api_if_missing: z.ZodDefault<z.ZodBoolean>;
+        existing_api_id: z.ZodDefault<z.ZodNullable<z.ZodString>>;
+    }, "strip", z.ZodTypeAny, {
+        create_api_if_missing: boolean;
+        existing_api_id: string | null;
+    }, {
+        create_api_if_missing?: boolean | undefined;
+        existing_api_id?: string | null | undefined;
+    }>>;
+    grants: z.ZodOptional<z.ZodObject<{
+        client_groups: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        client_overrides: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
+    }, "strip", z.ZodTypeAny, {
+        client_groups?: string[] | undefined;
+        client_overrides?: Record<string, string[]> | undefined;
+    }, {
+        client_groups?: string[] | undefined;
+        client_overrides?: Record<string, string[]> | undefined;
+    }>>;
+    access_policy: z.ZodOptional<z.ZodObject<{
+        user: z.ZodOptional<z.ZodEnum<["require_client_grant", "allow_all"]>>;
+        client: z.ZodOptional<z.ZodEnum<["deny_all", "require_client_grant"]>>;
+    }, "strip", z.ZodTypeAny, {
+        user?: "require_client_grant" | "allow_all" | undefined;
+        client?: "require_client_grant" | "deny_all" | undefined;
+    }, {
+        user?: "require_client_grant" | "allow_all" | undefined;
+        client?: "require_client_grant" | "deny_all" | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    slug: string;
+    auth0?: {
+        create_api_if_missing: boolean;
+        existing_api_id: string | null;
+    } | undefined;
+    scope_profile?: string | undefined;
+    extra_scopes?: string[] | undefined;
+    grants?: {
+        client_groups?: string[] | undefined;
+        client_overrides?: Record<string, string[]> | undefined;
+    } | undefined;
+    access_policy?: {
+        user?: "require_client_grant" | "allow_all" | undefined;
+        client?: "require_client_grant" | "deny_all" | undefined;
+    } | undefined;
+}, {
+    name: string;
+    slug: string;
+    auth0?: {
+        create_api_if_missing?: boolean | undefined;
+        existing_api_id?: string | null | undefined;
+    } | undefined;
+    scope_profile?: string | undefined;
+    extra_scopes?: string[] | undefined;
+    grants?: {
+        client_groups?: string[] | undefined;
+        client_overrides?: Record<string, string[]> | undefined;
+    } | undefined;
+    access_policy?: {
+        user?: "require_client_grant" | "allow_all" | undefined;
+        client?: "require_client_grant" | "deny_all" | undefined;
+    } | undefined;
+}>;
+export type ServerConfig = z.infer<typeof ServerConfigSchema>;
+//# sourceMappingURL=server-config.d.ts.map

package/dist/types/server-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-config.d.ts","sourceRoot":"","sources":["../../src/types/server-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAQxB,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA0B7B,CAAC;AAEH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC"}

package/dist/types/server-config.js

@@ -0,0 +1,30 @@
+import { z } from "zod";
+import { ClientAccessPolicySchema, UserAccessPolicySchema, } from "./ecosystem-config.js";
+const DNS_SAFE_SLUG = /^[a-z][a-z0-9-]*[a-z0-9]$/;
+export const ServerConfigSchema = z.object({
+    name: z.string().min(1),
+    slug: z.string().min(1).regex(DNS_SAFE_SLUG, {
+        message: "Slug must be DNS-safe: lowercase, start with letter, may contain hyphens, end with alphanumeric",
+    }),
+    scope_profile: z.string().optional(),
+    extra_scopes: z.array(z.string()).optional(),
+    auth0: z
+        .object({
+        create_api_if_missing: z.boolean().default(true),
+        existing_api_id: z.string().nullable().default(null),
+    })
+        .optional(),
+    grants: z
+        .object({
+        client_groups: z.array(z.string()).optional(),
+        client_overrides: z.record(z.string(), z.array(z.string())).optional(),
+    })
+        .optional(),
+    access_policy: z
+        .object({
+        user: UserAccessPolicySchema.optional(),
+        client: ClientAccessPolicySchema.optional(),
+    })
+        .optional(),
+});
+//# sourceMappingURL=server-config.js.map

package/dist/types/server-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-config.js","sourceRoot":"","sources":["../../src/types/server-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACL,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAE/B,MAAM,aAAa,GAAG,2BAA2B,CAAC;AAElD,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,EAAE;QAC3C,OAAO,EACL,iGAAiG;KACpG,CAAC;IACF,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5C,KAAK,EAAE,CAAC;SACL,MAAM,CAAC;QACN,qBAAqB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QAChD,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;KACrD,CAAC;SACD,QAAQ,EAAE;IACb,MAAM,EAAE,CAAC;SACN,MAAM,CAAC;QACN,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC7C,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;KACvE,CAAC;SACD,QAAQ,EAAE;IACb,aAAa,EAAE,CAAC;SACb,MAAM,CAAC;QACN,IAAI,EAAE,sBAAsB,CAAC,QAAQ,EAAE;QACvC,MAAM,EAAE,wBAAwB,CAAC,QAAQ,EAAE;KAC5C,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC"}