@soulcraft/sdk 1.6.2 → 1.7.0

package/dist/modules/auth/products.d.ts

@@ -0,0 +1,208 @@
+/**
+ * @module modules/auth/products
+ * @description Centralized registry of all Soulcraft platform products and their
+ * auth configuration. This is the single source of truth for:
+ *
+ * - Which products exist on the platform
+ * - Their production domains and local dev ports
+ * - Their OIDC client IDs and redirect callback paths
+ * - Whether they require backchannel logout support
+ * - Which env var holds their OIDC client secret
+ *
+ * The auth server (`auth.soulcraft.com`) consumes this registry to derive all
+ * its registration arrays — trusted origins, CORS, OIDC trusted clients, and
+ * backchannel logout recipients — instead of maintaining five parallel hardcoded lists.
+ *
+ * ## Adding a new product
+ *
+ * 1. Add an entry to `SOULCRAFT_PRODUCTS` below (TypeScript enforces completeness).
+ * 2. Add `{PRODUCT}_OIDC_CLIENT_SECRET` (or equivalent) to the auth server's
+ *    `.env.production`. Generate with: `openssl rand -hex 32`
+ * 3. Publish a new version of `@soulcraft/sdk`.
+ * 4. Deploy the auth server — it will pick up the new product automatically.
+ * 5. Set `SOULCRAFT_IDP_URL` in the product's own `.env.production`.
+ *
+ * @see ADR-002-product-registry.md for design rationale.
+ */
+/**
+ * Full auth configuration for a single Soulcraft platform product.
+ *
+ * Consumed by the auth server to derive trusted origins, CORS origins, OIDC
+ * client registrations, and backchannel logout recipients.
+ */
+export interface ProductRegistration {
+    /** Human-readable display name, e.g. `"Soulcraft Workshop"`. */
+    name: string;
+    /**
+     * Production domain without scheme or trailing slash.
+     * e.g. `"workshop.soulcraft.com"`, `"soulcraft.com"`
+     */
+    domain: string;
+    /** Local development port. Used to derive `http://localhost:{devPort}` origins. */
+    devPort: number;
+    /**
+     * OIDC client ID registered on the auth server.
+     * Must be unique across all products. e.g. `"workshop"`.
+     */
+    clientId: string;
+    /**
+     * Name of the environment variable that holds this product's OIDC client secret
+     * (or backchannel secret for cookie-proxy products). e.g. `"WORKSHOP_OIDC_CLIENT_SECRET"`.
+     */
+    secretEnvVar: string;
+    /**
+     * How this product authenticates users:
+     * - `'oidc-redirect'` — full OIDC authorization code flow with redirect callbacks
+     * - `'cookie-proxy'` — validates the shared `.soulcraft.com` session cookie directly
+     *   against `GET /api/auth/get-session`; no OIDC redirect involved
+     */
+    authMode: 'oidc-redirect' | 'cookie-proxy';
+    /**
+     * Paths on this product's origin that the auth server should register as OIDC
+     * redirect URIs. Empty array for cookie-proxy products. Both production and dev
+     * variants are derived automatically via `deriveRedirectUrls`.
+     */
+    callbackPaths: string[];
+    /**
+     * Additional paths to include as OIDC redirect URIs beyond the callback paths.
+     * Typically the homepage (`"/"`) which is used as `post_logout_redirect_uri`.
+     * Defaults to `["/"]` when omitted.
+     */
+    extraRedirectPaths?: string[];
+    /**
+     * When `true`, the auth server includes this product in its OIDC backchannel
+     * logout registry. The product's `{domain}/api/auth/backchannel-logout` endpoint
+     * will be notified on every sign-out so it can terminate local sessions immediately.
+     *
+     * Set to `false` only for products that do not implement a backchannel endpoint
+     * (e.g. read-only dashboards, analytics tools).
+     */
+    backchannelRequired: boolean;
+}
+/**
+ * Central registry of all Soulcraft platform products.
+ *
+ * `as const satisfies Record<string, ProductRegistration>` provides two guarantees:
+ * - TypeScript enforces that every entry has all required `ProductRegistration` fields
+ * - Literal types are preserved so `keyof typeof SOULCRAFT_PRODUCTS` yields
+ *   `'workshop' | 'venue' | 'portal' | 'academy' | 'pulse'` (not just `string`)
+ *
+ * Adding a product here automatically:
+ * - Extends the `SoulcraftProduct` union type
+ * - Includes the product in all auth server derivations (origins, CORS, OIDC clients)
+ */
+export declare const SOULCRAFT_PRODUCTS: {
+    readonly workshop: {
+        readonly name: "Soulcraft Workshop";
+        readonly domain: "workshop.soulcraft.com";
+        readonly devPort: 5001;
+        readonly clientId: "workshop";
+        readonly secretEnvVar: "WORKSHOP_OIDC_CLIENT_SECRET";
+        readonly authMode: "oidc-redirect";
+        readonly callbackPaths: ["/api/auth/oauth2/callback/soulcraft-idp", "/api/auth/callback/soulcraft-idp"];
+        readonly extraRedirectPaths: ["/"];
+        readonly backchannelRequired: true;
+    };
+    readonly venue: {
+        readonly name: "Soulcraft Venue";
+        readonly domain: "venue.soulcraft.com";
+        readonly devPort: 5174;
+        readonly clientId: "venue";
+        readonly secretEnvVar: "VENUE_OIDC_CLIENT_SECRET";
+        readonly authMode: "oidc-redirect";
+        readonly callbackPaths: ["/api/auth/callback/soulcraft-idp"];
+        readonly extraRedirectPaths: ["/"];
+        readonly backchannelRequired: true;
+    };
+    readonly portal: {
+        readonly name: "Soulcraft Portal";
+        readonly domain: "soulcraft.com";
+        readonly devPort: 8080;
+        readonly clientId: "portal";
+        readonly secretEnvVar: "PORTAL_OIDC_CLIENT_SECRET";
+        readonly authMode: "oidc-redirect";
+        readonly callbackPaths: ["/api/auth/callback/soulcraft-idp", "/auth/callback"];
+        readonly extraRedirectPaths: ["/"];
+        readonly backchannelRequired: true;
+    };
+    readonly academy: {
+        readonly name: "Soulcraft Academy";
+        readonly domain: "academy.soulcraft.com";
+        readonly devPort: 5002;
+        readonly clientId: "academy";
+        readonly secretEnvVar: "ACADEMY_OIDC_CLIENT_SECRET";
+        readonly authMode: "oidc-redirect";
+        readonly callbackPaths: ["/api/auth/callback/soulcraft-idp"];
+        readonly extraRedirectPaths: ["/"];
+        readonly backchannelRequired: true;
+    };
+    readonly pulse: {
+        readonly name: "Soulcraft Pulse";
+        readonly domain: "pulse.soulcraft.com";
+        readonly devPort: 5004;
+        readonly clientId: "pulse";
+        readonly secretEnvVar: "PULSE_BACKCHANNEL_SECRET";
+        readonly authMode: "cookie-proxy";
+        readonly callbackPaths: [];
+        readonly extraRedirectPaths: ["/"];
+        readonly backchannelRequired: false;
+    };
+};
+/**
+ * Union of all registered Soulcraft product keys.
+ *
+ * Automatically derived from `SOULCRAFT_PRODUCTS` — adding a product to the
+ * registry extends this type without any manual update.
+ *
+ * @example
+ * function validateProduct(p: string): p is SoulcraftProduct {
+ *   return p in SOULCRAFT_PRODUCTS
+ * }
+ */
+export type SoulcraftProduct = keyof typeof SOULCRAFT_PRODUCTS;
+/**
+ * Derive the full list of trusted origins for all registered products.
+ *
+ * Returns both the production HTTPS origin and the `http://localhost:{devPort}`
+ * development origin for every product in `SOULCRAFT_PRODUCTS`.
+ *
+ * Used by the auth server for:
+ * - `betterAuth({ trustedOrigins: deriveOrigins() })` — callback URL validation
+ * - `cors({ origin: deriveOrigins() })` — CORS preflight on the Hono layer
+ *
+ * @returns Deduplicated list of origin strings (scheme + host, no trailing slash).
+ *
+ * @example
+ * deriveOrigins()
+ * // → [
+ * //   'https://workshop.soulcraft.com', 'http://localhost:5001',
+ * //   'https://venue.soulcraft.com',    'http://localhost:5174',
+ * //   'https://soulcraft.com',          'http://localhost:8080',
+ * //   'https://academy.soulcraft.com',  'http://localhost:5002',
+ * //   'https://pulse.soulcraft.com',    'http://localhost:5004',
+ * // ]
+ */
+export declare function deriveOrigins(): string[];
+/**
+ * Derive all OIDC redirect URIs for a single product registration.
+ *
+ * Combines callback paths and extra redirect paths, generating both production
+ * and local development variants for each. Results are ordered: production paths
+ * first (all), then dev paths (all), matching the ordering in the auth server.
+ *
+ * @param p - A `ProductRegistration` from `SOULCRAFT_PRODUCTS`.
+ * @returns List of fully-qualified redirect URI strings.
+ *
+ * @example
+ * deriveRedirectUrls(SOULCRAFT_PRODUCTS.workshop)
+ * // → [
+ * //   'https://workshop.soulcraft.com/api/auth/oauth2/callback/soulcraft-idp',
+ * //   'https://workshop.soulcraft.com/api/auth/callback/soulcraft-idp',
+ * //   'https://workshop.soulcraft.com/',
+ * //   'http://localhost:5001/api/auth/oauth2/callback/soulcraft-idp',
+ * //   'http://localhost:5001/api/auth/callback/soulcraft-idp',
+ * //   'http://localhost:5001/',
+ * // ]
+ */
+export declare function deriveRedirectUrls(p: ProductRegistration): string[];
+//# sourceMappingURL=products.d.ts.map

package/dist/modules/auth/products.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"products.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/products.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAMH;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,gEAAgE;IAChE,IAAI,EAAE,MAAM,CAAA;IACZ;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAA;IACd,mFAAmF;IACnF,OAAO,EAAE,MAAM,CAAA;IACf;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;;OAGG;IACH,YAAY,EAAE,MAAM,CAAA;IACpB;;;;;OAKG;IACH,QAAQ,EAAE,eAAe,GAAG,cAAc,CAAA;IAC1C;;;;OAIG;IACH,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC7B;;;;;;;OAOG;IACH,mBAAmB,EAAE,OAAO,CAAA;CAC7B;AAMD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+DyB,CAAA;AAExD;;;;;;;;;;GAUG;AACH,MAAM,MAAM,gBAAgB,GAAG,MAAM,OAAO,kBAAkB,CAAA;AAM9D;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,aAAa,IAAI,MAAM,EAAE,CAKxC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,EAAE,mBAAmB,GAAG,MAAM,EAAE,CAQnE"}

package/dist/modules/auth/products.js

@@ -0,0 +1,165 @@
+/**
+ * @module modules/auth/products
+ * @description Centralized registry of all Soulcraft platform products and their
+ * auth configuration. This is the single source of truth for:
+ *
+ * - Which products exist on the platform
+ * - Their production domains and local dev ports
+ * - Their OIDC client IDs and redirect callback paths
+ * - Whether they require backchannel logout support
+ * - Which env var holds their OIDC client secret
+ *
+ * The auth server (`auth.soulcraft.com`) consumes this registry to derive all
+ * its registration arrays — trusted origins, CORS, OIDC trusted clients, and
+ * backchannel logout recipients — instead of maintaining five parallel hardcoded lists.
+ *
+ * ## Adding a new product
+ *
+ * 1. Add an entry to `SOULCRAFT_PRODUCTS` below (TypeScript enforces completeness).
+ * 2. Add `{PRODUCT}_OIDC_CLIENT_SECRET` (or equivalent) to the auth server's
+ *    `.env.production`. Generate with: `openssl rand -hex 32`
+ * 3. Publish a new version of `@soulcraft/sdk`.
+ * 4. Deploy the auth server — it will pick up the new product automatically.
+ * 5. Set `SOULCRAFT_IDP_URL` in the product's own `.env.production`.
+ *
+ * @see ADR-002-product-registry.md for design rationale.
+ */
+// ─────────────────────────────────────────────────────────────────────────────
+// Registry
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Central registry of all Soulcraft platform products.
+ *
+ * `as const satisfies Record<string, ProductRegistration>` provides two guarantees:
+ * - TypeScript enforces that every entry has all required `ProductRegistration` fields
+ * - Literal types are preserved so `keyof typeof SOULCRAFT_PRODUCTS` yields
+ *   `'workshop' | 'venue' | 'portal' | 'academy' | 'pulse'` (not just `string`)
+ *
+ * Adding a product here automatically:
+ * - Extends the `SoulcraftProduct` union type
+ * - Includes the product in all auth server derivations (origins, CORS, OIDC clients)
+ */
+export const SOULCRAFT_PRODUCTS = {
+    workshop: {
+        name: 'Soulcraft Workshop',
+        domain: 'workshop.soulcraft.com',
+        devPort: 5001,
+        clientId: 'workshop',
+        secretEnvVar: 'WORKSHOP_OIDC_CLIENT_SECRET',
+        authMode: 'oidc-redirect',
+        callbackPaths: [
+            '/api/auth/oauth2/callback/soulcraft-idp',
+            // Legacy path kept for in-flight sessions during transitions
+            '/api/auth/callback/soulcraft-idp',
+        ],
+        extraRedirectPaths: ['/'],
+        backchannelRequired: true,
+    },
+    venue: {
+        name: 'Soulcraft Venue',
+        domain: 'venue.soulcraft.com',
+        devPort: 5174,
+        clientId: 'venue',
+        secretEnvVar: 'VENUE_OIDC_CLIENT_SECRET',
+        authMode: 'oidc-redirect',
+        callbackPaths: ['/api/auth/callback/soulcraft-idp'],
+        extraRedirectPaths: ['/'],
+        backchannelRequired: true,
+    },
+    portal: {
+        name: 'Soulcraft Portal',
+        domain: 'soulcraft.com',
+        devPort: 8080,
+        clientId: 'portal',
+        secretEnvVar: 'PORTAL_OIDC_CLIENT_SECRET',
+        authMode: 'oidc-redirect',
+        callbackPaths: ['/api/auth/callback/soulcraft-idp', '/auth/callback'],
+        extraRedirectPaths: ['/'],
+        backchannelRequired: true,
+    },
+    academy: {
+        name: 'Soulcraft Academy',
+        domain: 'academy.soulcraft.com',
+        devPort: 5002,
+        clientId: 'academy',
+        secretEnvVar: 'ACADEMY_OIDC_CLIENT_SECRET',
+        authMode: 'oidc-redirect',
+        callbackPaths: ['/api/auth/callback/soulcraft-idp'],
+        extraRedirectPaths: ['/'],
+        backchannelRequired: true,
+    },
+    pulse: {
+        name: 'Soulcraft Pulse',
+        domain: 'pulse.soulcraft.com',
+        devPort: 5004,
+        clientId: 'pulse',
+        // Pulse uses cookie-proxy; PULSE_BACKCHANNEL_SECRET doubles as the OIDC client
+        // secret for the minimal OIDC client entry that registers the homepage as a valid
+        // post_logout_redirect_uri. Backchannel is best-effort; no startup failure if absent.
+        secretEnvVar: 'PULSE_BACKCHANNEL_SECRET',
+        authMode: 'cookie-proxy',
+        callbackPaths: [],
+        extraRedirectPaths: ['/'],
+        backchannelRequired: false,
+    },
+};
+// ─────────────────────────────────────────────────────────────────────────────
+// Derivation helpers
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Derive the full list of trusted origins for all registered products.
+ *
+ * Returns both the production HTTPS origin and the `http://localhost:{devPort}`
+ * development origin for every product in `SOULCRAFT_PRODUCTS`.
+ *
+ * Used by the auth server for:
+ * - `betterAuth({ trustedOrigins: deriveOrigins() })` — callback URL validation
+ * - `cors({ origin: deriveOrigins() })` — CORS preflight on the Hono layer
+ *
+ * @returns Deduplicated list of origin strings (scheme + host, no trailing slash).
+ *
+ * @example
+ * deriveOrigins()
+ * // → [
+ * //   'https://workshop.soulcraft.com', 'http://localhost:5001',
+ * //   'https://venue.soulcraft.com',    'http://localhost:5174',
+ * //   'https://soulcraft.com',          'http://localhost:8080',
+ * //   'https://academy.soulcraft.com',  'http://localhost:5002',
+ * //   'https://pulse.soulcraft.com',    'http://localhost:5004',
+ * // ]
+ */
+export function deriveOrigins() {
+    return Object.values(SOULCRAFT_PRODUCTS).flatMap((p) => [
+        `https://${p.domain}`,
+        `http://localhost:${p.devPort}`,
+    ]);
+}
+/**
+ * Derive all OIDC redirect URIs for a single product registration.
+ *
+ * Combines callback paths and extra redirect paths, generating both production
+ * and local development variants for each. Results are ordered: production paths
+ * first (all), then dev paths (all), matching the ordering in the auth server.
+ *
+ * @param p - A `ProductRegistration` from `SOULCRAFT_PRODUCTS`.
+ * @returns List of fully-qualified redirect URI strings.
+ *
+ * @example
+ * deriveRedirectUrls(SOULCRAFT_PRODUCTS.workshop)
+ * // → [
+ * //   'https://workshop.soulcraft.com/api/auth/oauth2/callback/soulcraft-idp',
+ * //   'https://workshop.soulcraft.com/api/auth/callback/soulcraft-idp',
+ * //   'https://workshop.soulcraft.com/',
+ * //   'http://localhost:5001/api/auth/oauth2/callback/soulcraft-idp',
+ * //   'http://localhost:5001/api/auth/callback/soulcraft-idp',
+ * //   'http://localhost:5001/',
+ * // ]
+ */
+export function deriveRedirectUrls(p) {
+    const extraPaths = p.extraRedirectPaths ?? ['/'];
+    const allPaths = [...p.callbackPaths, ...extraPaths];
+    const prod = allPaths.map((path) => `https://${p.domain}${path}`);
+    const dev = allPaths.map((path) => `http://localhost:${p.devPort}${path}`);
+    return [...prod, ...dev];
+}
+//# sourceMappingURL=products.js.map

package/dist/modules/auth/products.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"products.js","sourceRoot":"","sources":["../../../src/modules/auth/products.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AA8DH,gFAAgF;AAChF,WAAW;AACX,gFAAgF;AAEhF;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,QAAQ,EAAE;QACR,IAAI,EAAE,oBAAoB;QAC1B,MAAM,EAAE,wBAAwB;QAChC,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,UAAU;QACpB,YAAY,EAAE,6BAA6B;QAC3C,QAAQ,EAAE,eAAe;QACzB,aAAa,EAAE;YACb,yCAAyC;YACzC,6DAA6D;YAC7D,kCAAkC;SACnC;QACD,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,mBAAmB,EAAE,IAAI;KAC1B;IACD,KAAK,EAAE;QACL,IAAI,EAAE,iBAAiB;QACvB,MAAM,EAAE,qBAAqB;QAC7B,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,OAAO;QACjB,YAAY,EAAE,0BAA0B;QACxC,QAAQ,EAAE,eAAe;QACzB,aAAa,EAAE,CAAC,kCAAkC,CAAC;QACnD,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,mBAAmB,EAAE,IAAI;KAC1B;IACD,MAAM,EAAE;QACN,IAAI,EAAE,kBAAkB;QACxB,MAAM,EAAE,eAAe;QACvB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,2BAA2B;QACzC,QAAQ,EAAE,eAAe;QACzB,aAAa,EAAE,CAAC,kCAAkC,EAAE,gBAAgB,CAAC;QACrE,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,mBAAmB,EAAE,IAAI;KAC1B;IACD,OAAO,EAAE;QACP,IAAI,EAAE,mBAAmB;QACzB,MAAM,EAAE,uBAAuB;QAC/B,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,4BAA4B;QAC1C,QAAQ,EAAE,eAAe;QACzB,aAAa,EAAE,CAAC,kCAAkC,CAAC;QACnD,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,mBAAmB,EAAE,IAAI;KAC1B;IACD,KAAK,EAAE;QACL,IAAI,EAAE,iBAAiB;QACvB,MAAM,EAAE,qBAAqB;QAC7B,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,OAAO;QACjB,+EAA+E;QAC/E,kFAAkF;QAClF,sFAAsF;QACtF,YAAY,EAAE,0BAA0B;QACxC,QAAQ,EAAE,cAAc;QACxB,aAAa,EAAE,EAAE;QACjB,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,mBAAmB,EAAE,KAAK;KAC3B;CACqD,CAAA;AAexD,gFAAgF;AAChF,qBAAqB;AACrB,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACtD,WAAW,CAAC,CAAC,MAAM,EAAE;QACrB,oBAAoB,CAAC,CAAC,OAAO,EAAE;KAChC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,kBAAkB,CAAC,CAAsB;IACvD,MAAM,UAAU,GAAG,CAAC,CAAC,kBAAkB,IAAI,CAAC,GAAG,CAAC,CAAA;IAChD,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,GAAG,UAAU,CAAC,CAAA;IAEpD,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC,CAAA;IACjE,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC,CAAA;IAE1E,OAAO,CAAC,GAAG,IAAI,EAAE,GAAG,GAAG,CAAC,CAAA;AAC1B,CAAC"}

package/dist/server/index.d.ts

@@ -47,6 +47,8 @@ export { createBackchannelLogoutHandler } from '../modules/auth/backchannel.js';
 export type { BackchannelLogoutConfig, BackchannelAuthLike, } from '../modules/auth/backchannel.js';
 export { verifyServiceToken, extractBearerToken, } from '../modules/auth/service-token.js';
 export { SOULCRAFT_USER_FIELDS, SOULCRAFT_SESSION_CONFIG, getAuthMode, getOIDCClientConfig, } from '../modules/auth/config.js';
+export { SOULCRAFT_PRODUCTS, deriveOrigins, deriveRedirectUrls, } from '../modules/auth/products.js';
+export type { ProductRegistration, SoulcraftProduct, } from '../modules/auth/products.js';
 export { createSDK } from './create-sdk.js';
 export type { CreateSDKOptions } from './create-sdk.js';
 export { createServerSDK } from './from-license.js';

package/dist/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAGH,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,oBAAoB,CAAA;AAG3B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,eAAe,CAAA;AACtB,YAAY,EACV,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,SAAS,GACV,MAAM,eAAe,CAAA;AAGtB,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAG/D,OAAO,EAAE,8BAA8B,EAAE,MAAM,0BAA0B,CAAA;AACzE,YAAY,EACV,8BAA8B,EAC9B,wBAAwB,GACzB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,UAAU,GACX,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,qBAAqB,EACrB,UAAU,EACV,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,QAAQ,EACR,cAAc,EACd,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,aAAa,GACd,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AACtC,YAAY,EACV,qBAAqB,EACrB,cAAc,EACd,WAAW,EACX,cAAc,EACd,eAAe,EACf,4BAA4B,EAC5B,yBAAyB,EACzB,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAC/E,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,gCAAgC,CAAA;AAGvC,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAGzC,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAGlC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAGvD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnD,YAAY,EACV,SAAS,EACT,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAG7E,YAAY,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AACnD,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACxF,YAAY,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACpG,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAGH,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,oBAAoB,CAAA;AAG3B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,eAAe,CAAA;AACtB,YAAY,EACV,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,SAAS,GACV,MAAM,eAAe,CAAA;AAGtB,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAG/D,OAAO,EAAE,8BAA8B,EAAE,MAAM,0BAA0B,CAAA;AACzE,YAAY,EACV,8BAA8B,EAC9B,wBAAwB,GACzB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,UAAU,GACX,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,qBAAqB,EACrB,UAAU,EACV,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,QAAQ,EACR,cAAc,EACd,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,aAAa,GACd,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AACtC,YAAY,EACV,qBAAqB,EACrB,cAAc,EACd,WAAW,EACX,cAAc,EACd,eAAe,EACf,4BAA4B,EAC5B,yBAAyB,EACzB,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAC/E,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,gCAAgC,CAAA;AAGvC,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAGzC,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAGlC,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AACpC,YAAY,EACV,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAGvD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnD,YAAY,EACV,SAAS,EACT,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAG7E,YAAY,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AACnD,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACxF,YAAY,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACpG,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA"}

package/dist/server/index.js

@@ -48,6 +48,8 @@ export { createBackchannelLogoutHandler } from '../modules/auth/backchannel.js';
 export { verifyServiceToken, extractBearerToken, } from '../modules/auth/service-token.js';
 // ── Auth config helpers (also on shared entry, duplicated here for convenience) ─
 export { SOULCRAFT_USER_FIELDS, SOULCRAFT_SESSION_CONFIG, getAuthMode, getOIDCClientConfig, } from '../modules/auth/config.js';
+// ── Product registry — single source of truth for all Soulcraft products ─────
+export { SOULCRAFT_PRODUCTS, deriveOrigins, deriveRedirectUrls, } from '../modules/auth/products.js';
 // ── createSDK factory ─────────────────────────────────────────────────────────
 export { createSDK } from './create-sdk.js';
 // ── createServerSDK.fromLicense() — license-driven server SDK ─────────────────

package/dist/server/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAM3B,iFAAiF;AACjF,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,eAAe,CAAA;AAQtB,iFAAiF;AACjF,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAE/D,iFAAiF;AACjF,OAAO,EAAE,8BAA8B,EAAE,MAAM,0BAA0B,CAAA;AAMzE,gFAAgF;AAChF,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,UAAU,GACX,MAAM,oBAAoB,CAAA;AAqB3B,iFAAiF;AACjF,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AAYtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAM/E,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAEzC,mFAAmF;AACnF,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAElC,iFAAiF;AACjF,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAG3C,iFAAiF;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAQnD,qFAAqF;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAI7E,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AAExF,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAM3B,iFAAiF;AACjF,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,eAAe,CAAA;AAQtB,iFAAiF;AACjF,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAE/D,iFAAiF;AACjF,OAAO,EAAE,8BAA8B,EAAE,MAAM,0BAA0B,CAAA;AAMzE,gFAAgF;AAChF,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,UAAU,GACX,MAAM,oBAAoB,CAAA;AAqB3B,iFAAiF;AACjF,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AAYtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAM/E,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAEzC,mFAAmF;AACnF,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAElC,gFAAgF;AAChF,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AAMpC,iFAAiF;AACjF,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAG3C,iFAAiF;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAQnD,qFAAqF;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAI7E,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AAExF,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA"}

package/dist/transports/workshop.d.ts

@@ -0,0 +1,173 @@
+/**
+ * @module transports/workshop
+ * @description PostMessage transport for non-brainy API calls from kit iframes to
+ * the Workshop parent frame.
+ *
+ * While {@link PostMessageTransport} handles Brainy RPC (`brainy:request` /
+ * `brainy:response`), this transport handles generic HTTP-style API calls —
+ * AI chat streaming, Hall room joins, Pulse analytics, file operations, and
+ * notifications — using the `workshop:request` / `workshop:response` /
+ * `workshop:stream` wire protocol.
+ *
+ * The parent frame (PreviewFrame.svelte) receives `workshop:request` messages,
+ * forwards them as real HTTP requests to Workshop's backend, and relays the
+ * response back via `workshop:response` (JSON) or `workshop:stream` (SSE chunks).
+ *
+ * ## Wire protocol
+ *
+ * **Request** (kit iframe → parent):
+ * ```json
+ * { "type": "workshop:request", "id": "<uuid>", "path": "/api/ai/chat",
+ *   "method": "POST", "body": "{...}", "stream": true, "headers": {} }
+ * ```
+ *
+ * **Response** (parent → kit iframe, non-streaming):
+ * ```json
+ * { "type": "workshop:response", "id": "<uuid>", "result": {...} }
+ * { "type": "workshop:response", "id": "<uuid>", "error": { "code": "...", "message": "..." } }
+ * ```
+ *
+ * **Stream chunk** (parent → kit iframe, streaming):
+ * ```json
+ * { "type": "workshop:stream", "id": "<uuid>", "chunk": "..." }
+ * { "type": "workshop:stream", "id": "<uuid>", "done": true }
+ * { "type": "workshop:stream", "id": "<uuid>", "error": "..." }
+ * ```
+ *
+ * ## Usage
+ *
+ * ```typescript
+ * import { WorkshopTransport } from '@soulcraft/sdk/client'
+ *
+ * const transport = new WorkshopTransport('https://workshop.soulcraft.com')
+ *
+ * // JSON call
+ * const result = await transport.call('/api/hall/rooms/my-room/join', 'POST', '{"audio":true}')
+ *
+ * // Streaming call (AI chat)
+ * for await (const chunk of transport.stream('/api/ai/chat', 'POST', body)) {
+ *   process.stdout.write(chunk)
+ * }
+ * ```
+ *
+ * @see {@link PostMessageTransport} for Brainy-specific RPC transport.
+ */
+/** An API request posted from the kit iframe to the Workshop parent frame. */
+export interface WorkshopRequest {
+    type: 'workshop:request';
+    id: string;
+    /** API path, e.g. '/api/ai/chat', '/api/pulse/track'. */
+    path: string;
+    /** HTTP method. */
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE';
+    /** JSON-serialized body for POST/PUT. */
+    body?: string | undefined;
+    /** If true, the parent relays the response as `workshop:stream` chunks. */
+    stream?: boolean | undefined;
+    /** Extra headers (e.g. Content-Type for non-JSON bodies). */
+    headers?: Record<string, string> | undefined;
+}
+/** A JSON response posted from the parent to the kit iframe. */
+export interface WorkshopResponse {
+    type: 'workshop:response';
+    id: string;
+    result?: unknown;
+    error?: {
+        code: string;
+        message: string;
+    };
+}
+/** A streaming chunk posted from the parent to the kit iframe. */
+export interface WorkshopStreamChunk {
+    type: 'workshop:stream';
+    id: string;
+    /** SSE data line content (parsed JSON string from the `data:` line). */
+    chunk?: string;
+    /** True when the stream has ended. */
+    done?: boolean;
+    /** Error message if the stream failed. */
+    error?: string;
+}
+/** Minimal window interface for testability. */
+export interface WorkshopTransportWindow {
+    addEventListener(type: 'message', listener: (event: MessageEvent) => void): void;
+    removeEventListener(type: 'message', listener: (event: MessageEvent) => void): void;
+    postMessage(message: unknown, targetOrigin: string): void;
+    readonly parent: WorkshopTransportWindow;
+}
+/**
+ * PostMessage transport for generic (non-brainy) API calls from kit iframes.
+ *
+ * Each `call()` posts a `workshop:request` message to `window.parent` and awaits
+ * a matching `workshop:response`. For streaming endpoints, `stream()` collects
+ * `workshop:stream` chunks and yields them as an `AsyncIterable<string>`.
+ *
+ * @example
+ * ```typescript
+ * const t = new WorkshopTransport(workshopOrigin)
+ *
+ * // Fire-and-forget analytics
+ * t.call('/api/pulse/track', 'POST', JSON.stringify({ event: 'page_view' }))
+ *
+ * // Stream AI tokens
+ * for await (const token of t.stream('/api/ai/chat', 'POST', body)) {
+ *   output += token
+ * }
+ * ```
+ */
+export declare class WorkshopTransport {
+    private readonly _targetOrigin;
+    private readonly _timeoutMs;
+    private readonly _pendingCalls;
+    private readonly _pendingStreams;
+    private _closed;
+    private readonly _messageListener;
+    private readonly _listenerWindow;
+    private readonly _parentWindow;
+    /**
+     * @param targetOrigin - The Workshop parent frame's origin for postMessage security.
+     *   Must be an explicit origin in production; `'*'` is acceptable only in dev.
+     * @param timeoutMs - Per-call timeout in milliseconds. Default: 60 000 (longer than
+     *   brainy RPC because AI chat streams can take a while to start).
+     * @param listenerWindow - Window for message events. Defaults to `window`.
+     * @param parentWindow - Window to post messages to. Defaults to `window.parent`.
+     */
+    constructor(targetOrigin: string, timeoutMs?: number, listenerWindow?: WorkshopTransportWindow, parentWindow?: WorkshopTransportWindow);
+    private _handleMessage;
+    private _streamTimeout;
+    private _generateId;
+    /**
+     * Send a JSON API call through the PostMessage relay.
+     *
+     * @param path - API endpoint path (e.g. '/api/hall/rooms/my-room/join').
+     * @param method - HTTP method.
+     * @param body - JSON-serialized request body.
+     * @param headers - Extra headers to forward.
+     * @returns The parsed JSON response body.
+     * @throws {Error} If the transport is closed, the request times out, or the
+     *   parent responds with an error.
+     */
+    call(path: string, method?: 'GET' | 'POST' | 'PUT' | 'DELETE', body?: string, headers?: Record<string, string>): Promise<unknown>;
+    /**
+     * Send a streaming API call through the PostMessage relay.
+     *
+     * The parent frame reads the HTTP response as SSE chunks and forwards each as
+     * a `workshop:stream` message. This method yields each chunk as it arrives.
+     *
+     * @param path - API endpoint path (e.g. '/api/ai/chat').
+     * @param method - HTTP method (typically 'POST').
+     * @param body - JSON-serialized request body.
+     * @param headers - Extra headers to forward.
+     * @returns An async iterable of string chunks.
+     */
+    stream(path: string, method?: 'GET' | 'POST' | 'PUT' | 'DELETE', body?: string, headers?: Record<string, string>): AsyncIterable<string>;
+    /**
+     * Returns `true` if the transport is open and usable.
+     */
+    isAlive(): boolean;
+    /**
+     * Close the transport, removing the message listener and rejecting all pending calls.
+     */
+    close(): void;
+}
+//# sourceMappingURL=workshop.d.ts.map

package/dist/transports/workshop.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"workshop.d.ts","sourceRoot":"","sources":["../../src/transports/workshop.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqDG;AAMH,8EAA8E;AAC9E,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,kBAAkB,CAAA;IACxB,EAAE,EAAE,MAAM,CAAA;IACV,yDAAyD;IACzD,IAAI,EAAE,MAAM,CAAA;IACZ,mBAAmB;IACnB,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAA;IACzC,yCAAyC;IACzC,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACzB,2EAA2E;IAC3E,MAAM,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC5B,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,CAAA;CAC7C;AAED,gEAAgE;AAChE,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,mBAAmB,CAAA;IACzB,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAA;CAC1C;AAED,kEAAkE;AAClE,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,iBAAiB,CAAA;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,wEAAwE;IACxE,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,sCAAsC;IACtC,IAAI,CAAC,EAAE,OAAO,CAAA;IACd,0CAA0C;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AA0BD,gDAAgD;AAChD,MAAM,WAAW,uBAAuB;IACtC,gBAAgB,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,GAAG,IAAI,CAAA;IAChF,mBAAmB,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,GAAG,IAAI,CAAA;IACnF,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;IACzD,QAAQ,CAAC,MAAM,EAAE,uBAAuB,CAAA;CACzC;AAMD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAQ;IACtC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAQ;IACnC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAiC;IAC/D,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAmC;IACnE,OAAO,CAAC,OAAO,CAAQ;IACvB,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAA+B;IAChE,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAyB;IACzD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAyB;IAEvD;;;;;;;OAOG;gBAED,YAAY,EAAE,MAAM,EACpB,SAAS,SAAS,EAClB,cAAc,CAAC,EAAE,uBAAuB,EACxC,YAAY,CAAC,EAAE,uBAAuB;IAaxC,OAAO,CAAC,cAAc;IAoEtB,OAAO,CAAC,cAAc;IAatB,OAAO,CAAC,WAAW;IASnB;;;;;;;;;;OAUG;IACG,IAAI,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,GAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAiB,EAClD,IAAI,CAAC,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC/B,OAAO,CAAC,OAAO,CAAC;IAyBnB;;;;;;;;;;;OAWG;IACH,MAAM,CACJ,IAAI,EAAE,MAAM,EACZ,MAAM,GAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAiB,EAClD,IAAI,CAAC,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC/B,aAAa,CAAC,MAAM,CAAC;IAkDxB;;OAEG;IACH,OAAO,IAAI,OAAO;IAIlB;;OAEG;IACH,KAAK,IAAI,IAAI;CAuBd"}