@sentropic/auth-ui 0.2.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Fabien Antoine
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,163 @@
+# @sentropic/auth-ui
+
+Reusable Svelte authentication UI (passkeys + email OTP + magic link + device management) for apps that mount `@sentropic/auth-hono` (or compatible) auth routes.
+
+The package is **host-adapter driven**. It owns the user-facing flow, the WebAuthn ceremony, the labels, and the visual layout — but it never touches the app's session store, navigation, API helpers, or backend implementation. Consumers inject a transport, callbacks, and labels and keep ownership of side-effects.
+
+## Install
+
+```bash
+npm install @sentropic/auth-ui
+# peer deps you already have:
+#   svelte                   ^5.0.0
+#   @simplewebauthn/browser  ^13.2.2
+```
+
+## Quick start
+
+```svelte
+<script lang="ts">
+  import { goto } from '$app/navigation';
+  import AuthLogin from '@sentropic/auth-ui/components/AuthLogin.svelte';
+  import {
+    createDefaultFetchTransport,
+    createFrenchAuthUiLabels,
+    type AuthUiSession,
+  } from '@sentropic/auth-ui';
+
+  const transport = createDefaultFetchTransport({
+    baseUrl: '/auth',
+    onUnauthorized: () => goto('/auth/login'),
+  });
+  const labels = createFrenchAuthUiLabels();
+
+  async function handleLoggedIn(session: AuthUiSession) {
+    // host owns the side-effects (store, cookies, redirect)
+    sessionStorage.setItem('sessionToken', session.sessionToken ?? '');
+    await goto('/dashboard');
+  }
+</script>
+
+<AuthLogin {transport} {labels} onLoggedIn={handleLoggedIn} />
+```
+
+## Public surface
+
+| Export path | Contents |
+| --- | --- |
+| `@sentropic/auth-ui` | `AuthUiTransport`, `AuthUiSession`, `AuthUiError`, `AuthUiLabels`, `createDefaultAuthUiLabels`, `createFrenchAuthUiLabels`, `createDefaultAuthUiBranding`, `assertAuthUiTransport`, `normalizeAuthEmail`, `createAuthUiError`, `createDefaultFetchTransport`, WebAuthn helpers |
+| `@sentropic/auth-ui/components/AuthLogin.svelte` | Passkey login screen (discoverable credentials, lost-device path) |
+| `@sentropic/auth-ui/components/AuthRegister.svelte` | Email-code → passkey registration; optional `skipEmailVerification` for hosts that own pre-auth |
+| `@sentropic/auth-ui/components/AuthMagicLinkVerify.svelte` | Verifies a magic-link token from a host-supplied source |
+| `@sentropic/auth-ui/components/AuthDevices.svelte` | Lists / renames / revokes registered passkeys |
+| `@sentropic/auth-ui/components/AuthDevicePair.svelte` | Approves a device-code pairing (`approveDevicePairing` contract) |
+
+All five components accept a `labels?: Partial<AuthUiLabels>` prop so hosts can override copy without forking. Each takes a `transport: AuthUiTransport` and one or more host callbacks (`onLoggedIn`, `onRegistered`, `onVerified`, `onPaired`, `onUnauthorized`, `onError`). Visual customisation flows through CSS custom properties (`--auth-primary`, `--auth-bg`, `--auth-text`, `--auth-radius`, `--auth-font-family`, …) and slots (`no-account`, `register-new-device`, `back-to-login`, `back-to-devices`, `pair-cta`, `add-device`, `login-link`, `cancel`).
+
+## Transport boundary
+
+`AuthUiTransport` is the only contract between the package and the backend. Implement it yourself, or use `createDefaultFetchTransport({ baseUrl, fetch?, headers?, onUnauthorized?, withCredentials? })` if your backend matches the `@sentropic/auth-hono` route shape:
+
+| Method | Backend route |
+| --- | --- |
+| `requestEmailCode` | `POST {baseUrl}/email/verify-request` |
+| `verifyEmailCode` | `POST {baseUrl}/email/verify-code` |
+| `verifyMagicLink` | `POST {baseUrl}/magic-link/verify` |
+| `createPasskeyRegistrationOptions` | `POST {baseUrl}/register/options` |
+| `verifyPasskeyRegistration` | `POST {baseUrl}/register/verify` |
+| `createPasskeyAuthenticationOptions` | `POST {baseUrl}/login/options` |
+| `verifyPasskeyAuthentication` | `POST {baseUrl}/login/verify` |
+| `refreshSession` | `POST {baseUrl}/session/refresh` |
+| `logout` | `DELETE {baseUrl}/session` |
+| `listCredentials` | `GET {baseUrl}/credentials` |
+| `renameCredential` | `PUT {baseUrl}/credentials/{id}` |
+| `revokeCredential` | `DELETE {baseUrl}/credentials/{id}` |
+| `approveDevicePairing` | `POST {baseUrl}/device/approve` (auto-maps `userCode`/`deviceName` to snake_case body) |
+
+## Mounting recipes
+
+### Sentropic (`/auth/*`)
+
+```ts
+// ui/src/lib/services/auth-transport.ts
+import { createDefaultFetchTransport, createDefaultAuthUiLabels, createFrenchAuthUiLabels, type AuthUiLabels } from '@sentropic/auth-ui';
+import { apiFetch } from '$lib/utils/api';
+
+export const createSentropicAuthTransport = (options: { onUnauthorized?: () => void } = {}) =>
+  createDefaultFetchTransport({
+    baseUrl: '/auth',
+    fetch: (input, init) => apiFetch(input, init),
+    onUnauthorized: options.onUnauthorized,
+  });
+
+export const resolveAuthUiLabels = (locale: string | null | undefined): AuthUiLabels =>
+  (locale ?? 'fr').toLowerCase().startsWith('fr')
+    ? createFrenchAuthUiLabels()
+    : createDefaultAuthUiLabels();
+```
+
+```svelte
+<!-- ui/src/routes/auth/login/+page.svelte -->
+<script lang="ts">
+  import { goto } from '$app/navigation';
+  import { locale } from 'svelte-i18n';
+  import AuthLogin from '@sentropic/auth-ui/components/AuthLogin.svelte';
+  import { setUser } from '$lib/stores/session';
+  import { createSentropicAuthTransport, resolveAuthUiLabels, toSentropicUser } from '$lib/services/auth-transport';
+
+  const transport = createSentropicAuthTransport();
+  $: labels = resolveAuthUiLabels($locale);
+
+  async function handleLoggedIn(session) {
+    setUser(toSentropicUser(session.user));
+    await goto('/neutral');
+  }
+</script>
+
+<AuthLogin {transport} {labels} onLoggedIn={handleLoggedIn} />
+```
+
+### Admin-flavoured host (`/admin/auth/*`)
+
+```ts
+const adminTransport = createDefaultFetchTransport({
+  baseUrl: '/admin/auth',
+  headers: { Authorization: `Bearer ${tenantToken}`, 'x-admin-tenant': tenant },
+  withCredentials: false,
+  onUnauthorized: () => location.assign('/admin/sign-in'),
+});
+
+const adminLabels = createFrenchAuthUiLabels({
+  loginTitle: 'Connexion admin',
+  loginButton: 'Se connecter (admin)',
+  registerTitle: 'Inviter un administrateur',
+});
+```
+
+See `tests/example-admin-fetch-transport.test.ts` for a full walkthrough.
+
+## Brand assets, FR labels, post-login redirects
+
+- **Brand assets**: pass slot content (`no-account`, `register-new-device`, …) for app-specific link shapes (SvelteKit `<a>`, plain anchor, modal trigger). Use CSS variables for primary color, radius, fonts.
+- **French labels**: `createFrenchAuthUiLabels(overrides?)` ships a complete FR baseline; partial overrides keep the unchanged keys.
+- **Post-login redirects**: never built into the components — call `goto(returnUrl)` / `location.assign(...)` from `onLoggedIn` / `onRegistered` / `onVerified` / `onRedirect`. `AuthMagicLinkVerify` exposes `redirectDelayMs` (defaults to 1000 ms) so the success screen has time to render before the host redirect fires.
+
+## Backend coupling (BR-39b)
+
+`@sentropic/auth-hono` provides reusable Hono route factories that match this transport shape 1:1. It is **not required** to adopt this UI package — any backend that exposes the routes listed above will work. BR-39b removes the duplicated backend code from Sentropic, but the UI package was usable before that landed.
+
+## Versioning
+
+Follows semver. Every PR that touches `packages/auth-ui/src/**` must bump `version` in `packages/auth-ui/package.json` (patch for bugfix, minor for feature, major for breaking). The CI `enforce-package-bump` job blocks merge otherwise.
+
+## First publish
+
+A brand-new package requires a one-shot bootstrap:
+
+1. Trigger `workflow_dispatch` on `ci.yml` with `bootstrap_publish_target=auth-ui` (uses the `NPM_TOKEN` secret).
+2. On `https://www.npmjs.com/package/@sentropic/auth-ui/access`, attach the OIDC trusted publisher pointing to `rhanka/sentropic` workflow `ci.yml`.
+3. From then on, steady-state CI publishes via OIDC trusted publishing on every merge to `main` that bumps the version.
+
+## License
+
+MIT — see `LICENSE`.

package/dist/contracts.d.ts

@@ -0,0 +1,7 @@
+export * from './errors.js';
+export * from './labels.js';
+export * from './transport.js';
+export * from './transport-fetch.js';
+export * from './transport-types.js';
+export * from './types.js';
+//# sourceMappingURL=contracts.d.ts.map

package/dist/contracts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contracts.d.ts","sourceRoot":"","sources":["../src/contracts.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,sBAAsB,CAAC;AACrC,cAAc,YAAY,CAAC"}

package/dist/contracts.js

@@ -0,0 +1,7 @@
+export * from './errors.js';
+export * from './labels.js';
+export * from './transport.js';
+export * from './transport-fetch.js';
+export * from './transport-types.js';
+export * from './types.js';
+//# sourceMappingURL=contracts.js.map

package/dist/contracts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contracts.js","sourceRoot":"","sources":["../src/contracts.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,sBAAsB,CAAC;AACrC,cAAc,YAAY,CAAC"}

package/dist/errors.d.ts

@@ -0,0 +1,7 @@
+import type { AuthUiError, AuthUiErrorCode } from './types.js';
+export declare const createAuthUiError: (code: AuthUiErrorCode, message: string, options?: {
+    retryable?: boolean;
+    cause?: unknown;
+}) => AuthUiError;
+export declare const normalizeAuthEmail: (email: string) => string;
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAE/D,eAAO,MAAM,iBAAiB,SACtB,eAAe,WACZ,MAAM,YACN;IAAE,SAAS,CAAC,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,OAAO,CAAA;CAAE,KAChD,WASF,CAAC;AAEF,eAAO,MAAM,kBAAkB,UAAW,MAAM,KAAG,MAAoC,CAAC"}

package/dist/errors.js

@@ -0,0 +1,12 @@
+export const createAuthUiError = (code, message, options = {}) => {
+    const error = new Error(message);
+    Object.defineProperties(error, {
+        name: { value: 'AuthUiError', enumerable: true },
+        code: { value: code, enumerable: true },
+        retryable: { value: options.retryable ?? false, enumerable: true },
+        cause: { value: options.cause, enumerable: false },
+    });
+    return error;
+};
+export const normalizeAuthEmail = (email) => email.trim().toLowerCase();
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,IAAqB,EACrB,OAAe,EACf,UAAoD,EAAE,EACzC,EAAE;IACf,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAgB,CAAC;IAChD,MAAM,CAAC,gBAAgB,CAAC,KAAK,EAAE;QAC7B,IAAI,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,IAAI,EAAE;QAChD,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;QACvC,SAAS,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,SAAS,IAAI,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE;QAClE,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE;KACnD,CAAC,CAAC;IACH,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,KAAa,EAAU,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export * from './contracts.js';
+export * from './webauthn.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,eAAe,CAAC"}

package/dist/index.js

@@ -0,0 +1,3 @@
+export * from './contracts.js';
+export * from './webauthn.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,eAAe,CAAC"}

package/dist/labels.d.ts

@@ -0,0 +1,5 @@
+import type { AuthUiBranding, AuthUiLabels } from './types.js';
+export declare const createDefaultAuthUiLabels: (overrides?: Partial<AuthUiLabels>) => AuthUiLabels;
+export declare const createFrenchAuthUiLabels: (overrides?: Partial<AuthUiLabels>) => AuthUiLabels;
+export declare const createDefaultAuthUiBranding: (overrides?: Partial<AuthUiBranding>) => AuthUiBranding;
+//# sourceMappingURL=labels.d.ts.map

package/dist/labels.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"labels.d.ts","sourceRoot":"","sources":["../src/labels.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/D,eAAO,MAAM,yBAAyB,eAAe,QAAQ,YAAY,CAAC,KAAQ,YAoFhF,CAAC;AAEH,eAAO,MAAM,wBAAwB,eAAe,QAAQ,YAAY,CAAC,KAAQ,YAmF7E,CAAC;AAEL,eAAO,MAAM,2BAA2B,eAAe,QAAQ,cAAc,CAAC,KAAQ,cAYrF,CAAC"}

package/dist/labels.js

@@ -0,0 +1,180 @@
+export const createDefaultAuthUiLabels = (overrides = {}) => ({
+    loading: 'Loading...',
+    save: 'Save',
+    cancel: 'Cancel',
+    emailPlaceholder: 'you@example.com',
+    webauthnRegisterNotice: 'You are about to register a new WebAuthn device. We will send you a confirmation email.',
+    verifyInProgress: 'Verification in progress...',
+    redirectingDashboard: 'Redirecting to your dashboard...',
+    registerDeviceNow: 'You will now register your WebAuthn device.',
+    loginTitle: 'Sign in',
+    loginSupportedHint: 'Use a passkey to continue.',
+    loginUnavailable: 'Passkeys are not available in this browser.',
+    loginUnsupportedBrowser: 'Your browser does not support WebAuthn. Use a modern browser (Chrome, Firefox, Safari, Edge).',
+    loginButton: 'Sign in with passkey',
+    loginButtonLoading: 'Signing in...',
+    loginLostDevice: 'Lost your device?',
+    loginLostDeviceTitle: 'Lost device',
+    loginNoAccount: "Don't have an account? Sign up",
+    loginRegisterNewDevice: 'Register a new device',
+    loginBackToLogin: 'Back to sign in',
+    registerTitle: 'Create an account',
+    registerSubtitle: 'Secure authentication with WebAuthn.',
+    registerUnsupportedBrowserTitle: 'Browser not supported',
+    registerUnsupportedBrowser: 'Your browser does not support WebAuthn. Use a modern browser (Chrome, Firefox, Safari, Edge).',
+    registerEmailLabel: 'Email',
+    registerGetCode: 'Get verification code',
+    registerSendingCode: 'Sending code...',
+    registerAlreadyHaveAccount: 'Already have an account? Sign in',
+    registerCodeLabel: 'Verification code',
+    registerCodeHelp: 'Enter the 6-digit code we just emailed you.',
+    registerVerifyCode: 'Verify code',
+    registerVerifyingCode: 'Verifying...',
+    registerChangeEmail: 'Change email',
+    registerCodeVerifiedTitle: 'Code verified',
+    registerPasskeyButton: 'Register my WebAuthn device',
+    registerRegistering: 'Registering...',
+    registerSuccessTitle: 'Account created',
+    registerSuccessCodeSent: 'Verification code sent by email.',
+    registerSuccessRedirecting: 'Account created. Redirecting...',
+    registerErrorInvalidEmail: 'Please enter a valid email address.',
+    registerErrorSendCode: 'Failed to send the verification code.',
+    magicLinkTitle: 'Verifying magic link',
+    magicLinkVerifying: 'Verifying your link...',
+    magicLinkSuccess: 'You are signed in.',
+    magicLinkSuccessTitle: 'Signed in.',
+    magicLinkErrorTitle: 'Verification failed',
+    magicLinkBackToLogin: 'Back to sign in',
+    magicLinkErrorMissingToken: 'Token missing from the URL.',
+    magicLinkErrorVerifyFailed: 'Failed to verify the magic link.',
+    devicesTitle: 'My devices',
+    devicesSubtitle: 'Manage WebAuthn devices registered for this account.',
+    devicesEmpty: 'No devices registered yet.',
+    devicesRegister: 'Register a device',
+    devicesAddNew: 'Add a new device',
+    devicesRename: 'Rename',
+    devicesRevoke: 'Revoke',
+    devicesUvEnabled: 'UV enabled',
+    devicesAddedOn: 'Added on {date}',
+    devicesLastUsed: 'Last used: {date}',
+    devicesConfirmRevoke: 'Are you sure you want to revoke the device "{deviceName}"? You will no longer be able to sign in with it.',
+    devicesErrorLoad: 'Failed to load devices.',
+    devicesErrorUpdate: 'Update failed.',
+    devicesErrorRevoke: 'Revoke failed.',
+    devicePairTitle: 'Pair a device',
+    devicePairSubtitle: 'Enter the code displayed by the companion app on your workstation.',
+    devicePairCodeLabel: 'Pairing code',
+    devicePairCodePlaceholder: 'PAIR-XXXX',
+    devicePairDeviceNameLabel: 'Device name',
+    devicePairDeviceNamePlaceholder: 'My workstation',
+    devicePairConfirm: 'Pair device',
+    devicePairConfirming: 'Pairing...',
+    devicePairSuccess: 'Device paired. You can return to the companion app.',
+    devicePairBack: 'Back to devices',
+    devicePairErrorCodeRequired: 'The pairing code is required.',
+    devicePairErrorNotFound: 'Invalid or expired code.',
+    devicePairErrorGeneric: 'Failed to pair the device.',
+    passkeyNotSupported: 'WebAuthn is not supported in this browser',
+    passkeyCancelled: 'Passkey operation cancelled by user',
+    passkeyAlreadyRegistered: 'This authenticator is already registered',
+    passkeyNoMatchingAuthenticator: 'No matching authenticator found',
+    passkeyAuthenticatorNotSupported: 'This authenticator is not supported',
+    passkeyRegistrationCancelled: 'You cancelled the registration.',
+    passkeyAuthenticationCancelled: 'You cancelled the authentication.',
+    ...overrides,
+});
+export const createFrenchAuthUiLabels = (overrides = {}) => createDefaultAuthUiLabels({
+    loading: 'Chargement…',
+    save: 'Enregistrer',
+    cancel: 'Annuler',
+    emailPlaceholder: 'vous@example.com',
+    webauthnRegisterNotice: "Vous allez enregistrer un nouvel appareil WebAuthn. Nous vous enverrons un email de confirmation.",
+    verifyInProgress: 'Vérification en cours…',
+    redirectingDashboard: 'Redirection vers le tableau de bord…',
+    registerDeviceNow: 'Vous allez maintenant enregistrer votre appareil WebAuthn',
+    loginTitle: 'Connexion',
+    loginSupportedHint: 'Utilisez votre passkey ou biométrie',
+    loginUnavailable: 'WebAuthn non disponible sur ce navigateur',
+    loginUnsupportedBrowser: 'Votre navigateur ne supporte pas WebAuthn. Utilisez un navigateur moderne (Chrome, Firefox, Safari, Edge).',
+    loginButton: 'Se connecter avec WebAuthn',
+    loginButtonLoading: 'Connexion…',
+    loginLostDevice: "J'ai perdu mon appareil",
+    loginLostDeviceTitle: "Perte d'appareil",
+    loginNoAccount: "Pas encore de compte ? S'inscrire",
+    loginRegisterNewDevice: 'Enregistrer un nouvel appareil (workflow complet)',
+    loginBackToLogin: 'Retour à la connexion normale',
+    registerTitle: 'Créer un compte',
+    registerSubtitle: 'Authentification sécurisée avec WebAuthn',
+    registerUnsupportedBrowserTitle: 'Navigateur non compatible',
+    registerUnsupportedBrowser: 'Votre navigateur ne supporte pas WebAuthn. Utilisez un navigateur moderne (Chrome, Firefox, Safari, Edge).',
+    registerEmailLabel: 'Email',
+    registerGetCode: 'Obtenir un code',
+    registerSendingCode: 'Envoi…',
+    registerAlreadyHaveAccount: 'Déjà un compte ? Se connecter',
+    registerCodeLabel: 'Code à 6 chiffres',
+    registerCodeHelp: 'Saisissez le code reçu par email',
+    registerVerifyCode: 'Vérifier le code',
+    registerVerifyingCode: 'Vérification…',
+    registerChangeEmail: "Modifier l'email",
+    registerCodeVerifiedTitle: 'Code vérifié !',
+    registerPasskeyButton: 'Enregistrer mon appareil WebAuthn',
+    registerRegistering: 'Enregistrement…',
+    registerSuccessTitle: 'Inscription réussie !',
+    registerSuccessCodeSent: 'Code envoyé par email',
+    registerSuccessRedirecting: 'Inscription réussie ! Redirection…',
+    registerErrorInvalidEmail: 'Veuillez saisir une adresse email valide',
+    registerErrorSendCode: "Erreur lors de l'envoi du code",
+    magicLinkTitle: 'Vérification du lien magique',
+    magicLinkVerifying: 'Vérification en cours…',
+    magicLinkSuccess: 'Vous êtes connecté.',
+    magicLinkSuccessTitle: 'Connexion réussie !',
+    magicLinkErrorTitle: 'Erreur de vérification',
+    magicLinkBackToLogin: 'Retour à la connexion',
+    magicLinkErrorMissingToken: 'Token manquant dans l\'URL',
+    magicLinkErrorVerifyFailed: 'Erreur lors de la vérification du lien magique',
+    devicesTitle: 'Mes appareils',
+    devicesSubtitle: "Gérez les appareils enregistrés pour l'authentification WebAuthn",
+    devicesEmpty: 'Aucun appareil enregistré',
+    devicesRegister: 'Enregistrer un appareil',
+    devicesAddNew: 'Ajouter un nouvel appareil',
+    devicesRename: 'Renommer',
+    devicesRevoke: 'Révoquer',
+    devicesUvEnabled: 'UV activée',
+    devicesAddedOn: 'Ajouté le {date}',
+    devicesLastUsed: 'Dernière utilisation : {date}',
+    devicesConfirmRevoke: 'Êtes-vous sûr de vouloir révoquer l\'appareil "{deviceName}" ? Vous ne pourrez plus vous connecter avec cet appareil.',
+    devicesErrorLoad: 'Erreur lors du chargement des appareils',
+    devicesErrorUpdate: 'Erreur lors de la mise à jour',
+    devicesErrorRevoke: 'Erreur lors de la révocation',
+    devicePairTitle: 'Appairer un appareil',
+    devicePairSubtitle: "Saisissez le code affiché par l'application compagnon sur votre poste de travail.",
+    devicePairCodeLabel: "Code d'appairage",
+    devicePairCodePlaceholder: 'PAIR-XXXX',
+    devicePairDeviceNameLabel: "Nom de l'appareil",
+    devicePairDeviceNamePlaceholder: 'Mon poste de travail',
+    devicePairConfirm: "Appairer l'appareil",
+    devicePairConfirming: 'Appairage…',
+    devicePairSuccess: 'Appareil appairé. Vous pouvez retourner à l\'application sur votre poste de travail.',
+    devicePairBack: 'Retour aux appareils',
+    devicePairErrorCodeRequired: "Le code d'appairage est requis.",
+    devicePairErrorNotFound: 'Code invalide ou expiré.',
+    devicePairErrorGeneric: "Échec de l'appairage de l'appareil.",
+    passkeyRegistrationCancelled: "Vous avez annulé l'inscription",
+    passkeyAuthenticationCancelled: "Vous avez annulé l'authentification",
+    passkeyAlreadyRegistered: 'Cet appareil est déjà enregistré',
+    passkeyNoMatchingAuthenticator: 'Aucun appareil reconnu',
+    passkeyAuthenticatorNotSupported: "Cet authentificateur n'est pas supporté",
+    ...overrides,
+});
+export const createDefaultAuthUiBranding = (overrides = {}) => {
+    const branding = {
+        primaryColor: '#4f46e5',
+        accentColor: '#0f766e',
+        ...overrides,
+    };
+    if (branding.productName && !branding.logoAlt) {
+        branding.logoAlt = branding.productName;
+    }
+    return branding;
+};
+//# sourceMappingURL=labels.js.map

package/dist/labels.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"labels.js","sourceRoot":"","sources":["../src/labels.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,YAAmC,EAAE,EAAgB,EAAE,CAAC,CAAC;IACjG,OAAO,EAAE,YAAY;IACrB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,gBAAgB,EAAE,iBAAiB;IACnC,sBAAsB,EAAE,yFAAyF;IACjH,gBAAgB,EAAE,6BAA6B;IAC/C,oBAAoB,EAAE,kCAAkC;IACxD,iBAAiB,EAAE,6CAA6C;IAChE,UAAU,EAAE,SAAS;IACrB,kBAAkB,EAAE,4BAA4B;IAChD,gBAAgB,EAAE,6CAA6C;IAC/D,uBAAuB,EAAE,+FAA+F;IACxH,WAAW,EAAE,sBAAsB;IACnC,kBAAkB,EAAE,eAAe;IACnC,eAAe,EAAE,mBAAmB;IACpC,oBAAoB,EAAE,aAAa;IACnC,cAAc,EAAE,gCAAgC;IAChD,sBAAsB,EAAE,uBAAuB;IAC/C,gBAAgB,EAAE,iBAAiB;IACnC,aAAa,EAAE,mBAAmB;IAClC,gBAAgB,EAAE,sCAAsC;IACxD,+BAA+B,EAAE,uBAAuB;IACxD,0BAA0B,EAAE,+FAA+F;IAC3H,kBAAkB,EAAE,OAAO;IAC3B,eAAe,EAAE,uBAAuB;IACxC,mBAAmB,EAAE,iBAAiB;IACtC,0BAA0B,EAAE,kCAAkC;IAC9D,iBAAiB,EAAE,mBAAmB;IACtC,gBAAgB,EAAE,6CAA6C;IAC/D,kBAAkB,EAAE,aAAa;IACjC,qBAAqB,EAAE,cAAc;IACrC,mBAAmB,EAAE,cAAc;IACnC,yBAAyB,EAAE,eAAe;IAC1C,qBAAqB,EAAE,6BAA6B;IACpD,mBAAmB,EAAE,gBAAgB;IACrC,oBAAoB,EAAE,iBAAiB;IACvC,uBAAuB,EAAE,kCAAkC;IAC3D,0BAA0B,EAAE,iCAAiC;IAC7D,yBAAyB,EAAE,qCAAqC;IAChE,qBAAqB,EAAE,uCAAuC;IAC9D,cAAc,EAAE,sBAAsB;IACtC,kBAAkB,EAAE,wBAAwB;IAC5C,gBAAgB,EAAE,oBAAoB;IACtC,qBAAqB,EAAE,YAAY;IACnC,mBAAmB,EAAE,qBAAqB;IAC1C,oBAAoB,EAAE,iBAAiB;IACvC,0BAA0B,EAAE,6BAA6B;IACzD,0BAA0B,EAAE,kCAAkC;IAC9D,YAAY,EAAE,YAAY;IAC1B,eAAe,EAAE,sDAAsD;IACvE,YAAY,EAAE,4BAA4B;IAC1C,eAAe,EAAE,mBAAmB;IACpC,aAAa,EAAE,kBAAkB;IACjC,aAAa,EAAE,QAAQ;IACvB,aAAa,EAAE,QAAQ;IACvB,gBAAgB,EAAE,YAAY;IAC9B,cAAc,EAAE,iBAAiB;IACjC,eAAe,EAAE,mBAAmB;IACpC,oBAAoB,EAAE,2GAA2G;IACjI,gBAAgB,EAAE,yBAAyB;IAC3C,kBAAkB,EAAE,gBAAgB;IACpC,kBAAkB,EAAE,gBAAgB;IACpC,eAAe,EAAE,eAAe;IAChC,kBAAkB,EAAE,oEAAoE;IACxF,mBAAmB,EAAE,cAAc;IACnC,yBAAyB,EAAE,WAAW;IACtC,yBAAyB,EAAE,aAAa;IACxC,+BAA+B,EAAE,gBAAgB;IACjD,iBAAiB,EAAE,aAAa;IAChC,oBAAoB,EAAE,YAAY;IAClC,iBAAiB,EAAE,qDAAqD;IACxE,cAAc,EAAE,iBAAiB;IACjC,2BAA2B,EAAE,+BAA+B;IAC5D,uBAAuB,EAAE,0BAA0B;IACnD,sBAAsB,EAAE,4BAA4B;IACpD,mBAAmB,EAAE,2CAA2C;IAChE,gBAAgB,EAAE,qCAAqC;IACvD,wBAAwB,EAAE,0CAA0C;IACpE,8BAA8B,EAAE,iCAAiC;IACjE,gCAAgC,EAAE,qCAAqC;IACvE,4BAA4B,EAAE,iCAAiC;IAC/D,8BAA8B,EAAE,mCAAmC;IACnE,GAAG,SAAS;CACb,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,YAAmC,EAAE,EAAgB,EAAE,CAC9F,yBAAyB,CAAC;IACxB,OAAO,EAAE,aAAa;IACtB,IAAI,EAAE,aAAa;IACnB,MAAM,EAAE,SAAS;IACjB,gBAAgB,EAAE,kBAAkB;IACpC,sBAAsB,EAAE,mGAAmG;IAC3H,gBAAgB,EAAE,wBAAwB;IAC1C,oBAAoB,EAAE,sCAAsC;IAC5D,iBAAiB,EAAE,2DAA2D;IAC9E,UAAU,EAAE,WAAW;IACvB,kBAAkB,EAAE,qCAAqC;IACzD,gBAAgB,EAAE,2CAA2C;IAC7D,uBAAuB,EAAE,4GAA4G;IACrI,WAAW,EAAE,4BAA4B;IACzC,kBAAkB,EAAE,YAAY;IAChC,eAAe,EAAE,yBAAyB;IAC1C,oBAAoB,EAAE,kBAAkB;IACxC,cAAc,EAAE,mCAAmC;IACnD,sBAAsB,EAAE,mDAAmD;IAC3E,gBAAgB,EAAE,+BAA+B;IACjD,aAAa,EAAE,iBAAiB;IAChC,gBAAgB,EAAE,0CAA0C;IAC5D,+BAA+B,EAAE,2BAA2B;IAC5D,0BAA0B,EAAE,4GAA4G;IACxI,kBAAkB,EAAE,OAAO;IAC3B,eAAe,EAAE,iBAAiB;IAClC,mBAAmB,EAAE,QAAQ;IAC7B,0BAA0B,EAAE,+BAA+B;IAC3D,iBAAiB,EAAE,mBAAmB;IACtC,gBAAgB,EAAE,kCAAkC;IACpD,kBAAkB,EAAE,kBAAkB;IACtC,qBAAqB,EAAE,eAAe;IACtC,mBAAmB,EAAE,kBAAkB;IACvC,yBAAyB,EAAE,gBAAgB;IAC3C,qBAAqB,EAAE,mCAAmC;IAC1D,mBAAmB,EAAE,iBAAiB;IACtC,oBAAoB,EAAE,uBAAuB;IAC7C,uBAAuB,EAAE,uBAAuB;IAChD,0BAA0B,EAAE,oCAAoC;IAChE,yBAAyB,EAAE,0CAA0C;IACrE,qBAAqB,EAAE,gCAAgC;IACvD,cAAc,EAAE,8BAA8B;IAC9C,kBAAkB,EAAE,wBAAwB;IAC5C,gBAAgB,EAAE,qBAAqB;IACvC,qBAAqB,EAAE,qBAAqB;IAC5C,mBAAmB,EAAE,wBAAwB;IAC7C,oBAAoB,EAAE,uBAAuB;IAC7C,0BAA0B,EAAE,4BAA4B;IACxD,0BAA0B,EAAE,gDAAgD;IAC5E,YAAY,EAAE,eAAe;IAC7B,eAAe,EAAE,kEAAkE;IACnF,YAAY,EAAE,2BAA2B;IACzC,eAAe,EAAE,yBAAyB;IAC1C,aAAa,EAAE,4BAA4B;IAC3C,aAAa,EAAE,UAAU;IACzB,aAAa,EAAE,UAAU;IACzB,gBAAgB,EAAE,YAAY;IAC9B,cAAc,EAAE,kBAAkB;IAClC,eAAe,EAAE,+BAA+B;IAChD,oBAAoB,EAAE,uHAAuH;IAC7I,gBAAgB,EAAE,yCAAyC;IAC3D,kBAAkB,EAAE,+BAA+B;IACnD,kBAAkB,EAAE,8BAA8B;IAClD,eAAe,EAAE,sBAAsB;IACvC,kBAAkB,EAAE,mFAAmF;IACvG,mBAAmB,EAAE,kBAAkB;IACvC,yBAAyB,EAAE,WAAW;IACtC,yBAAyB,EAAE,mBAAmB;IAC9C,+BAA+B,EAAE,sBAAsB;IACvD,iBAAiB,EAAE,qBAAqB;IACxC,oBAAoB,EAAE,YAAY;IAClC,iBAAiB,EAAE,sFAAsF;IACzG,cAAc,EAAE,sBAAsB;IACtC,2BAA2B,EAAE,iCAAiC;IAC9D,uBAAuB,EAAE,0BAA0B;IACnD,sBAAsB,EAAE,qCAAqC;IAC7D,4BAA4B,EAAE,gCAAgC;IAC9D,8BAA8B,EAAE,qCAAqC;IACrE,wBAAwB,EAAE,kCAAkC;IAC5D,8BAA8B,EAAE,wBAAwB;IACxD,gCAAgC,EAAE,yCAAyC;IAC3E,GAAG,SAAS;CACb,CAAC,CAAC;AAEL,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,YAAqC,EAAE,EAAkB,EAAE;IACrG,MAAM,QAAQ,GAAmB;QAC/B,YAAY,EAAE,SAAS;QACvB,WAAW,EAAE,SAAS;QACtB,GAAG,SAAS;KACb,CAAC;IAEF,IAAI,QAAQ,CAAC,WAAW,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QAC9C,QAAQ,CAAC,OAAO,GAAG,QAAQ,CAAC,WAAW,CAAC;IAC1C,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC"}

package/dist/transport-fetch.d.ts

@@ -0,0 +1,25 @@
+import type { AuthUiTransport } from './transport-types.js';
+export type FetchLike = (input: string, init?: RequestInit) => Promise<Response>;
+export interface CreateDefaultFetchTransportOptions {
+    /**
+     * Base URL prefix mounted in front of the auth routes (e.g. "/auth", "/admin/auth").
+     * No trailing slash.
+     */
+    baseUrl: string;
+    fetch?: FetchLike;
+    /**
+     * Static headers merged into every request (e.g. tenant id, bearer token).
+     */
+    headers?: Record<string, string>;
+    /**
+     * Invoked when an authenticated request receives a 401 response, so hosts can
+     * clear their session state and redirect to login.
+     */
+    onUnauthorized?: () => void | Promise<void>;
+    /**
+     * Toggle `credentials: "include"` so the browser sends cookies. Default `true`.
+     */
+    withCredentials?: boolean;
+}
+export declare const createDefaultFetchTransport: (options: CreateDefaultFetchTransportOptions) => AuthUiTransport;
+//# sourceMappingURL=transport-fetch.d.ts.map

package/dist/transport-fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport-fetch.d.ts","sourceRoot":"","sources":["../src/transport-fetch.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAGV,eAAe,EAehB,MAAM,sBAAsB,CAAC;AAG9B,MAAM,MAAM,SAAS,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAEjF,MAAM,WAAW,kCAAkC;IACjD;;;OAGG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AA2BD,eAAO,MAAM,2BAA2B,YAC7B,kCAAkC,KAC1C,eAgGF,CAAC"}

package/dist/transport-fetch.js

@@ -0,0 +1,98 @@
+import { createAuthUiError } from './errors.js';
+const safeJson = async (response) => {
+    const text = await response.text();
+    if (!text) {
+        return null;
+    }
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return text;
+    }
+};
+const extractErrorMessage = (payload, fallback) => {
+    if (payload && typeof payload === 'object') {
+        const record = payload;
+        if (typeof record.message === 'string' && record.message) {
+            return record.message;
+        }
+        if (typeof record.error === 'string' && record.error) {
+            return record.error;
+        }
+    }
+    return fallback;
+};
+export const createDefaultFetchTransport = (options) => {
+    const baseUrl = options.baseUrl.replace(/\/$/, '');
+    const fetchImpl = options.fetch ?? (typeof fetch === 'function' ? fetch.bind(globalThis) : undefined);
+    const withCredentials = options.withCredentials ?? true;
+    if (!fetchImpl) {
+        throw createAuthUiError('invalid_input', 'No global fetch found; pass options.fetch when constructing the auth transport.');
+    }
+    const request = async (path, init) => {
+        const headers = { Accept: 'application/json', ...(options.headers ?? {}) };
+        let body;
+        if (init.body !== undefined) {
+            headers['Content-Type'] = 'application/json';
+            body = JSON.stringify(init.body);
+        }
+        let response;
+        try {
+            response = await fetchImpl(`${baseUrl}${path}`, {
+                method: init.method,
+                headers,
+                body,
+                credentials: withCredentials ? 'include' : 'same-origin',
+            });
+        }
+        catch (cause) {
+            return {
+                ok: false,
+                error: createAuthUiError('transport_error', 'Network request failed', { retryable: true, cause }),
+            };
+        }
+        const payload = await safeJson(response);
+        if (response.status === 401 && init.authenticated) {
+            void options.onUnauthorized?.();
+        }
+        if (!response.ok) {
+            const message = extractErrorMessage(payload, `Request failed with status ${response.status}`);
+            return {
+                ok: false,
+                error: createAuthUiError('transport_error', message, {
+                    retryable: response.status >= 500,
+                    cause: payload,
+                }),
+            };
+        }
+        return { ok: true, value: payload };
+    };
+    return {
+        requestEmailCode: (input) => request('/email/verify-request', { method: 'POST', body: input }),
+        verifyEmailCode: (input) => request('/email/verify-code', { method: 'POST', body: input }),
+        verifyMagicLink: (input) => request('/magic-link/verify', { method: 'POST', body: input }),
+        createPasskeyRegistrationOptions: (input) => request('/register/options', { method: 'POST', body: input }),
+        verifyPasskeyRegistration: (input) => request('/register/verify', { method: 'POST', body: input }),
+        createPasskeyAuthenticationOptions: (input) => request('/login/options', { method: 'POST', body: input }),
+        verifyPasskeyAuthentication: (input) => request('/login/verify', { method: 'POST', body: input }),
+        refreshSession: () => request('/session/refresh', { method: 'POST', authenticated: true }),
+        logout: () => request('/session', { method: 'DELETE', authenticated: true }),
+        listCredentials: () => request('/credentials', { method: 'GET', authenticated: true }),
+        renameCredential: (input) => request(`/credentials/${encodeURIComponent(input.credentialId)}`, {
+            method: 'PUT',
+            body: { deviceName: input.deviceName },
+            authenticated: true,
+        }),
+        revokeCredential: (input) => request(`/credentials/${encodeURIComponent(input.credentialId)}`, {
+            method: 'DELETE',
+            authenticated: true,
+        }),
+        approveDevicePairing: (input) => request('/device/approve', {
+            method: 'POST',
+            body: { user_code: input.userCode, device_name: input.deviceName },
+            authenticated: true,
+        }),
+    };
+};
+//# sourceMappingURL=transport-fetch.js.map

package/dist/transport-fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport-fetch.js","sourceRoot":"","sources":["../src/transport-fetch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AA8ChD,MAAM,QAAQ,GAAG,KAAK,EAAE,QAAkB,EAAoB,EAAE;IAC9D,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,CAAC,OAAgB,EAAE,QAAgB,EAAU,EAAE;IACzE,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,OAAkC,CAAC;QAClD,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACzD,OAAO,MAAM,CAAC,OAAO,CAAC;QACxB,CAAC;QACD,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACrD,OAAO,MAAM,CAAC,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,2BAA2B,GAAG,CACzC,OAA2C,EAC1B,EAAE;IACnB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,CAAC,OAAO,KAAK,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACtG,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,IAAI,CAAC;IAExD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,iBAAiB,CACrB,eAAe,EACf,iFAAiF,CAClF,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,EACnB,IAAY,EACZ,IAA4F,EAClE,EAAE;QAC5B,MAAM,OAAO,GAA2B,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;QACnG,IAAI,IAA0B,CAAC;QAC/B,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;YAC7C,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;QAED,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,OAAO,GAAG,IAAI,EAAE,EAAE;gBAC9C,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,OAAO;gBACP,IAAI;gBACJ,WAAW,EAAE,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa;aACzD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,iBAAiB,CAAC,iBAAiB,EAAE,wBAAwB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;aAClG,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEzC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAClD,KAAK,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;QAClC,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,OAAO,GAAG,mBAAmB,CAAC,OAAO,EAAE,8BAA8B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC9F,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,iBAAiB,CAAC,iBAAiB,EAAE,OAAO,EAAE;oBACnD,SAAS,EAAE,QAAQ,CAAC,MAAM,IAAI,GAAG;oBACjC,KAAK,EAAE,OAAO;iBACf,CAAC;aACH,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAY,EAAE,CAAC;IAC3C,CAAC,CAAC;IAEF,OAAO;QACL,gBAAgB,EAAE,CAAC,KAA4B,EAAE,EAAE,CACjD,OAAO,CAAyB,uBAAuB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QAC3F,eAAe,EAAE,CAAC,KAA2B,EAAE,EAAE,CAC/C,OAAO,CAAwB,oBAAoB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QACvF,eAAe,EAAE,CAAC,KAA2B,EAAE,EAAE,CAC/C,OAAO,CAAgB,oBAAoB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QAC/E,gCAAgC,EAAE,CAAC,KAA4C,EAAE,EAAE,CACjF,OAAO,CAAyC,mBAAmB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QACvG,yBAAyB,EAAE,CAAC,KAAqC,EAAE,EAAE,CACnE,OAAO,CAAgB,kBAAkB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QAC7E,kCAAkC,EAAE,CAAC,KAA8C,EAAE,EAAE,CACrF,OAAO,CAA2C,gBAAgB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QACtG,2BAA2B,EAAE,CAAC,KAAuC,EAAE,EAAE,CACvE,OAAO,CAAgB,eAAe,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QAC1E,cAAc,EAAE,GAAG,EAAE,CACnB,OAAO,CAAgB,kBAAkB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QACrF,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,CAAO,UAAU,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QAClF,eAAe,EAAE,GAAG,EAAE,CACpB,OAAO,CAAwB,cAAc,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QACxF,gBAAgB,EAAE,CAAC,KAA4B,EAAE,EAAE,CACjD,OAAO,CAAmB,gBAAgB,kBAAkB,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,EAAE;YAClF,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE;YACtC,aAAa,EAAE,IAAI;SACpB,CAAC;QACJ,gBAAgB,EAAE,CAAC,KAA4B,EAAE,EAAE,CACjD,OAAO,CAAO,gBAAgB,kBAAkB,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,EAAE;YACtE,MAAM,EAAE,QAAQ;YAChB,aAAa,EAAE,IAAI;SACpB,CAAC;QACJ,oBAAoB,EAAE,CAAC,KAAgC,EAAE,EAAE,CACzD,OAAO,CAA6B,iBAAiB,EAAE;YACrD,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,QAAQ,EAAE,WAAW,EAAE,KAAK,CAAC,UAAU,EAAE;YAClE,aAAa,EAAE,IAAI;SACpB,CAAC;KACL,CAAC;AACJ,CAAC,CAAC"}