@stratal/framework 0.0.18 → 0.0.20

package/dist/insufficient-permissions.error-CRnOHYvq.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"insufficient-permissions.error-CRnOHYvq.mjs","names":[],"sources":["../src/access-control/errors/insufficient-permissions.error.ts"],"sourcesContent":["import { ApplicationError, ERROR_CODES } from 'stratal/errors'\n\n/**\n * InsufficientPermissionsError\n *\n * Thrown when a user attempts to perform an action without the required permissions.\n * Used by AuthGuard after an authorization check fails.\n *\n * HTTP Status: 403 Forbidden\n */\nexport class InsufficientPermissionsError extends ApplicationError {\n  constructor(requiredPermissions: string | string[], userId?: string) {\n    const summary = Array.isArray(requiredPermissions)\n      ? requiredPermissions.join(', ')\n      : requiredPermissions\n    super('errors.insufficientPermissions', ERROR_CODES.AUTHZ.INSUFFICIENT_PERMISSIONS, {\n      requiredPermissions: summary,\n      userId: userId ?? 'unknown',\n    })\n  }\n}\n"],"mappings":";;;;;;;;;;AAUA,IAAa,+BAAb,cAAkD,iBAAiB;CACjE,YAAY,qBAAwC,QAAiB;EACnE,MAAM,UAAU,MAAM,QAAQ,oBAAoB,GAC9C,oBAAoB,KAAK,KAAK,GAC9B;AACJ,QAAM,kCAAkC,YAAY,MAAM,0BAA0B;GAClF,qBAAqB;GACrB,QAAQ,UAAU;GACnB,CAAC"}

package/dist/types-BLyu9dAd.d.mts

@@ -0,0 +1,11 @@
+import { AccessControl, Role, Statements } from "better-auth/plugins/access";
+
+//#region src/access-control/types.d.ts
+type RolePermissions<TStatements extends Statements> = { [K in keyof TStatements]?: readonly TStatements[K][number][] };
+interface AccessControlOptions<TStatements extends Statements = Statements, TRoles extends Record<string, RolePermissions<TStatements>> = Record<string, RolePermissions<TStatements>>> {
+  ac: AccessControl;
+  roles: { [K in keyof TRoles]: Role };
+}
+//#endregion
+export { RolePermissions as n, AccessControlOptions as t };
+//# sourceMappingURL=types-BLyu9dAd.d.mts.map

package/dist/types-BLyu9dAd.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types-BLyu9dAd.d.mts","names":[],"sources":["../src/access-control/types.ts"],"mappings":";;;KAEY,eAAA,qBAAoC,UAAA,kBAClC,WAAA,aAAwB,WAAA,CAAY,CAAA;AAAA,UAGjC,oBAAA,qBAAyC,UAAA,GAAa,UAAA,iBAA2B,MAAA,SAAe,eAAA,CAAgB,WAAA,KAAgB,MAAA,SAAe,eAAA,CAAgB,WAAA;EAC9K,EAAA,EAAI,aAAA;EACJ,KAAA,gBAAqB,MAAA,GAAS,IAAA;AAAA"}

package/dist/types-BZlcRR2M.d.mts

@@ -0,0 +1,92 @@
+import { RuntimePlugin } from "@zenstackhq/orm";
+import { SchemaDef } from "@zenstackhq/schema";
+
+//#region src/database/types.d.ts
+/**
+ * Augment with per-connection schemas, default connection, and plugin types.
+ *
+ * Each property can be augmented in a separate file — TypeScript merges them.
+ *
+ * @example
+ * ```typescript
+ * // db/schema.ts
+ * declare module '@stratal/framework/database' {
+ *   interface StratalDatabase {
+ *     schemas: {
+ *       main: typeof schema
+ *       tenant: typeof tenantSchema
+ *     }
+ *     defaultConnection: 'main'
+ *   }
+ * }
+ *
+ * // db/plugins.ts
+ * declare module '@stratal/framework/database' {
+ *   interface StratalDatabase {
+ *     plugins: {
+ *       main: [typeof queryResultPlugin, typeof cachePlugin]
+ *     }
+ *   }
+ * }
+ * ```
+ */
+interface StratalDatabase {}
+/** Extract `ExtQueryArgs` from a `RuntimePlugin` */
+type ExtractPluginQueryArgs<P> = P extends RuntimePlugin<infer _S, infer Q, infer _M, infer _R> ? Q : {};
+/** Extract `ExtClientMembers` from a `RuntimePlugin` */
+type ExtractPluginClientMembers<P> = P extends RuntimePlugin<infer _S, infer _Q, infer M, infer _R> ? M : {};
+/** Extract `ExtResult` from a `RuntimePlugin` */
+type ExtractPluginResult<P> = P extends RuntimePlugin<infer _S, infer _Q, infer _M, infer R> ? R : {};
+/** Recursively intersect extension types from a tuple of plugins */
+type MergePlugins<Plugins extends unknown[]> = Plugins extends [infer P, ...infer Rest] ? {
+  extQueryArgs: ExtractPluginQueryArgs<P> & MergePlugins<Rest>['extQueryArgs'];
+  extClientMembers: ExtractPluginClientMembers<P> & MergePlugins<Rest>['extClientMembers'];
+  extResult: ExtractPluginResult<P> & MergePlugins<Rest>['extResult'];
+} : {
+  extQueryArgs: {};
+  extClientMembers: {};
+  extResult: {};
+};
+/** Infer merged plugin extensions for a connection */
+type InferConnectionExtensions<K extends string> = StratalDatabase extends {
+  plugins: infer P;
+} ? K extends keyof P ? P[K] extends unknown[] ? MergePlugins<P[K]> : {
+  extQueryArgs: {};
+  extClientMembers: {};
+  extResult: {};
+} : {
+  extQueryArgs: {};
+  extClientMembers: {};
+  extResult: {};
+} : {
+  extQueryArgs: {};
+  extClientMembers: {};
+  extResult: {};
+};
+/** Infer schema type for a specific connection */
+type InferConnectionSchema<K extends string> = StratalDatabase extends {
+  schemas: infer R;
+} ? K extends keyof R ? R[K] extends SchemaDef ? R[K] : SchemaDef : SchemaDef : SchemaDef;
+/** Union of ALL schemas across connections (for events) */
+type InferAnySchema = StratalDatabase extends {
+  schemas: infer R;
+} ? R[keyof R] extends SchemaDef ? R[keyof R] : SchemaDef : SchemaDef;
+/** Connection name — derived from schemas keys */
+type ConnectionName = StratalDatabase extends {
+  schemas: infer R;
+} ? keyof R extends never ? string : Extract<keyof R, string> : string;
+/** Default connection name */
+type DefaultConnectionName = StratalDatabase extends {
+  defaultConnection: infer N extends string;
+} ? N : string;
+/**
+ * Internal context used by database service for dynamic event emission
+ * @internal
+ */
+interface InternalDatabaseEventContext {
+  data: unknown;
+  result?: unknown;
+}
+//#endregion
+export { InferConnectionSchema as a, InferConnectionExtensions as i, DefaultConnectionName as n, InternalDatabaseEventContext as o, InferAnySchema as r, StratalDatabase as s, ConnectionName as t };
+//# sourceMappingURL=types-BZlcRR2M.d.mts.map

package/dist/types-BZlcRR2M.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types-BZlcRR2M.d.mts","names":[],"sources":["../src/database/types.ts"],"mappings":";;;;;;AA+BA;;;;;AAAmC;;;;;;;;;;;;;;AAIiC;;;;;;;UAJnD,eAAA;;KAGZ,sBAAA,MACH,CAAA,SAAU,aAAA,0CAAuD,CAAA;;KAG9D,0BAAA,MACH,CAAA,SAAU,aAAA,0CAAuD,CAAA;;KAG9D,mBAAA,MACH,CAAA,SAAU,aAAA,0CAAuD,CAAA;;KAG9D,YAAA,8BACH,OAAA;EAEM,YAAA,EAAc,sBAAA,CAAuB,CAAA,IAAK,YAAA,CAAa,IAAA;EACvD,gBAAA,EAAkB,0BAAA,CAA2B,CAAA,IAAK,YAAA,CAAa,IAAA;EAC/D,SAAA,EAAW,mBAAA,CAAoB,CAAA,IAAK,YAAA,CAAa,IAAA;AAAA;EAEjD,YAAA;EAAkB,gBAAA;EAAsB,SAAA;AAAA;;KAGpC,yBAAA,qBACV,eAAA;EAA0B,OAAA;AAAA,IACtB,CAAA,eAAgB,CAAA,GACd,CAAA,CAAE,CAAA,sBACA,YAAA,CAAa,CAAA,CAAE,CAAA;EACb,YAAA;EAAkB,gBAAA;EAAsB,SAAA;AAAA;EAC1C,YAAA;EAAkB,gBAAA;EAAsB,SAAA;AAAA;EAC1C,YAAA;EAAkB,gBAAA;EAAsB,SAAA;AAAA;;KAGpC,qBAAA,qBACV,eAAA;EAA0B,OAAA;AAAA,IACtB,CAAA,eAAgB,CAAA,GAAI,CAAA,CAAE,CAAA,UAAW,SAAA,GAAY,CAAA,CAAE,CAAA,IAAK,SAAA,GAAY,SAAA,GAChE,SAAA;;KAGM,cAAA,GACV,eAAA;EAA0B,OAAA;AAAA,IACtB,CAAA,OAAQ,CAAA,UAAW,SAAA,GAAY,CAAA,OAAQ,CAAA,IAAK,SAAA,GAC5C,SAAA;;KAGM,cAAA,GACV,eAAA;EAA0B,OAAA;AAAA,UAChB,CAAA,0BAA2B,OAAA,OAAc,CAAA;;KAIzC,qBAAA,GACV,eAAA;EAA0B,iBAAA;AAAA,IAA8C,CAAA;;;;;UAMzD,4BAAA;EACf,IAAA;EACA,MAAA;AAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stratal/framework",
-  "version": "0.0.18",
+  "version": "0.0.20",
   "type": "module",
   "license": "MIT",
   "author": "Temitayo Fadojutimi",
@@ -26,6 +26,10 @@
       "types": "./dist/index.d.mts",
       "import": "./dist/index.mjs"
     },
+    "./access-control": {
+      "types": "./dist/access-control/index.d.mts",
+      "import": "./dist/access-control/index.mjs"
+    },
     "./auth": {
       "types": "./dist/auth/index.d.mts",
       "import": "./dist/auth/index.mjs"
@@ -46,10 +50,6 @@
       "types": "./dist/guards/index.d.mts",
       "import": "./dist/guards/index.mjs"
     },
-    "./rbac": {
-      "types": "./dist/rbac/index.d.mts",
-      "import": "./dist/rbac/index.mjs"
-    },
     "./package.json": "./package.json"
   },
   "scripts": {
@@ -67,36 +67,37 @@
     "lint:fix": "npx oxlint --fix ."
   },
   "dependencies": {
-    "@better-auth/core": "^1.5.6",
+    "@better-auth/core": "^1.6.9",
     "@faker-js/faker": "^10.4.0",
-    "@zenstackhq/cli": "^3.5.1",
-    "@zenstackhq/orm": "^3.5.1",
-    "better-auth": "^1.5.6",
-    "casbin": "^5.49.0",
+    "@zenstackhq/cli": "^3.6.4",
+    "@zenstackhq/orm": "^3.6.4",
+    "better-auth": "^1.6.9",
+    "better-call": "1.3.5",
     "postgres-array": "^3.0.4"
   },
   "peerDependencies": {
     "pg": "^8.0.0",
     "reflect-metadata": "^0.2.2",
-    "stratal": "^0.0.18"
+    "stratal": "^0.0.20"
   },
   "devDependencies": {
-    "@cloudflare/vitest-pool-workers": "^0.13.5",
-    "@cloudflare/workers-types": "4.20260317.1",
+    "@cloudflare/vitest-pool-workers": "^0.15.2",
+    "@cloudflare/workers-types": "4.20260502.1",
     "@stratal/testing": "workspace:^",
-    "@types/node": "^25.5.0",
+    "@types/node": "^25.6.0",
     "@types/pg": "^8.20.0",
-    "@vitest/coverage-istanbul": "~4.1.2",
-    "@vitest/runner": "~4.1.2",
-    "@vitest/snapshot": "~4.1.2",
-    "@zenstackhq/better-auth": "^3.5.1",
+    "@vitest/coverage-istanbul": "~4.1.5",
+    "@vitest/runner": "~4.1.5",
+    "@vitest/snapshot": "~4.1.5",
+    "@zenstackhq/better-auth": "^3.6.4",
     "dotenv-cli": "^11.0.0",
+    "kysely": "0.28.16",
     "pg": "^8.20.0",
     "reflect-metadata": "^0.2.2",
     "stratal": "workspace:*",
-    "tsdown": "^0.21.6",
-    "typescript": "^6.0.2",
-    "vitest": "~4.1.2",
-    "wrangler": "^4.78.0"
+    "tsdown": "^0.21.10",
+    "typescript": "^6.0.3",
+    "vitest": "~4.1.5",
+    "wrangler": "^4.87.0"
   }
 }

package/dist/auth-context-BD2ApWg1.d.mts

@@ -1,38 +0,0 @@
-//#region src/context/auth-context.d.ts
-interface AuthInfo {
-  userId?: string;
-}
-declare class AuthContext {
-  protected userId?: string;
-  /**
-   * Set authentication context.
-   * This should be called once per request with user information.
-   */
-  setAuthContext(info: AuthInfo): void;
-  /**
-   * Get user ID if available.
-   * Returns undefined if no user is authenticated.
-   */
-  getUserId(): string | undefined;
-  /**
-   * Get user ID or throw if not authenticated.
-   * Use this when authentication is required.
-   */
-  requireUserId(): string;
-  /**
-   * Get full authentication context or throw if not initialized.
-   */
-  getAuthContext(): AuthInfo;
-  /**
-   * Check if user is authenticated.
-   */
-  isAuthenticated(): boolean;
-  /**
-   * Clear authentication context.
-   * Useful for testing or cleanup.
-   */
-  clearAuthContext(): void;
-}
-//#endregion
-export { AuthInfo as n, AuthContext as t };
-//# sourceMappingURL=auth-context-BD2ApWg1.d.mts.map

package/dist/auth-context-BD2ApWg1.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-context-BD2ApWg1.d.mts","names":[],"sources":["../src/context/auth-context.ts"],"mappings":";UAMiB,QAAA;EACf,MAAA;AAAA;AAAA,cAIW,WAAA;EAAA,UACD,MAAA;EALJ;AAGR;;;EAQE,cAAA,CAAe,IAAA,EAAM,QAAA;EANX;;;;EAcV,SAAA,CAAA;EAQA;;;;EAAA,aAAA,CAAA;EA+BgB;;;EApBhB,cAAA,CAAA,GAAkB,QAAA;;;;EAYlB,eAAA,CAAA;;;;;EAQA,gBAAA,CAAA;AAAA"}

package/dist/auth-context-BfekHvM9.mjs

@@ -1,55 +0,0 @@
-import { n as UserNotAuthenticatedError, r as ContextNotInitializedError } from "./errors-C_KIIU1v.mjs";
-import { t as __decorate } from "./decorate-C12QolJF.mjs";
-import { DI_TOKENS, Transient } from "stratal/di";
-//#region src/context/auth-context.ts
-let AuthContext = class AuthContext {
-	userId;
-	/**
-	* Set authentication context.
-	* This should be called once per request with user information.
-	*/
-	setAuthContext(info) {
-		this.userId = info.userId;
-	}
-	/**
-	* Get user ID if available.
-	* Returns undefined if no user is authenticated.
-	*/
-	getUserId() {
-		return this.userId;
-	}
-	/**
-	* Get user ID or throw if not authenticated.
-	* Use this when authentication is required.
-	*/
-	requireUserId() {
-		const userId = this.getUserId();
-		if (!userId) throw new UserNotAuthenticatedError();
-		return userId;
-	}
-	/**
-	* Get full authentication context or throw if not initialized.
-	*/
-	getAuthContext() {
-		if (!this.userId) throw new ContextNotInitializedError("Authentication");
-		return { userId: this.userId };
-	}
-	/**
-	* Check if user is authenticated.
-	*/
-	isAuthenticated() {
-		return !!this.userId;
-	}
-	/**
-	* Clear authentication context.
-	* Useful for testing or cleanup.
-	*/
-	clearAuthContext() {
-		this.userId = void 0;
-	}
-};
-AuthContext = __decorate([Transient(DI_TOKENS.AuthContext)], AuthContext);
-//#endregion
-export { AuthContext as t };
-
-//# sourceMappingURL=auth-context-BfekHvM9.mjs.map

package/dist/auth-context-BfekHvM9.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-context-BfekHvM9.mjs","names":[],"sources":["../src/context/auth-context.ts"],"sourcesContent":["import { Transient, DI_TOKENS } from 'stratal/di'\nimport {\n  ContextNotInitializedError,\n  UserNotAuthenticatedError\n} from './errors'\n\nexport interface AuthInfo {\n  userId?: string\n}\n\n@Transient(DI_TOKENS.AuthContext)\nexport class AuthContext {\n  protected userId?: string\n\n  /**\n   * Set authentication context.\n   * This should be called once per request with user information.\n   */\n  setAuthContext(info: AuthInfo): void {\n    this.userId = info.userId\n  }\n\n  /**\n   * Get user ID if available.\n   * Returns undefined if no user is authenticated.\n   */\n  getUserId(): string | undefined {\n    return this.userId\n  }\n\n  /**\n   * Get user ID or throw if not authenticated.\n   * Use this when authentication is required.\n   */\n  requireUserId(): string {\n    const userId = this.getUserId()\n    if (!userId) {\n      throw new UserNotAuthenticatedError()\n    }\n    return userId\n  }\n\n  /**\n   * Get full authentication context or throw if not initialized.\n   */\n  getAuthContext(): AuthInfo {\n    if (!this.userId) {\n      throw new ContextNotInitializedError('Authentication')\n    }\n    return {\n      userId: this.userId\n    }\n  }\n\n  /**\n   * Check if user is authenticated.\n   */\n  isAuthenticated(): boolean {\n    return !!this.userId\n  }\n\n  /**\n   * Clear authentication context.\n   * Useful for testing or cleanup.\n   */\n  clearAuthContext(): void {\n    this.userId = undefined\n  }\n}\n"],"mappings":";;;;AAWO,IAAA,cAAA,MAAM,YAAY;CACvB;;;;;CAMA,eAAe,MAAsB;AACnC,OAAK,SAAS,KAAK;;;;;;CAOrB,YAAgC;AAC9B,SAAO,KAAK;;;;;;CAOd,gBAAwB;EACtB,MAAM,SAAS,KAAK,WAAW;AAC/B,MAAI,CAAC,OACH,OAAM,IAAI,2BAA2B;AAEvC,SAAO;;;;;CAMT,iBAA2B;AACzB,MAAI,CAAC,KAAK,OACR,OAAM,IAAI,2BAA2B,iBAAiB;AAExD,SAAO,EACL,QAAQ,KAAK,QACd;;;;;CAMH,kBAA2B;AACzB,SAAO,CAAC,CAAC,KAAK;;;;;;CAOhB,mBAAyB;AACvB,OAAK,SAAS,KAAA;;;0BAxDjB,UAAU,UAAU,YAAY,CAAA,EAAA,YAAA"}

package/dist/decorateParam-WGqsyT5s.mjs

@@ -1,8 +0,0 @@
-//#region \0@oxc-project+runtime@0.122.0/helpers/decorateParam.js
-function __decorateParam(paramIndex, decorator) {
-	return function(target, key) {
-		decorator(target, key, paramIndex);
-	};
-}
-//#endregion
-export { __decorateParam as t };

package/dist/index-B1iGBJcO.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index-B1iGBJcO.d.mts","names":[],"sources":["../src/database/database.module.ts","../src/database/database.service.ts","../src/database/database.tokens.ts","../src/database/decorators/inject-db.decorator.ts","../src/database/errors/database-error.ts","../src/database/errors/database-config.error.ts","../src/database/errors/foreign-key-constraint.error.ts","../src/database/errors/invalid-error-code-range.error.ts","../src/database/errors/record-not-found.error.ts","../src/database/errors/unique-constraint.error.ts","../src/database/errors/from-zenstack-error.ts","../src/database/event-types.ts","../src/database/i18n/en.ts","../src/database/plugins/error-handler.plugin.ts","../src/database/plugins/event-emitter.plugin.ts","../src/database/plugins/schema-switcher.plugin.ts","../src/database/commands/zenstack.command.ts","../src/database/commands/db-generate.command.ts","../src/database/commands/db-pull.command.ts","../src/database/commands/db-push.command.ts","../src/database/commands/migrate-deploy.command.ts","../src/database/commands/migrate-dev.command.ts","../src/database/commands/migrate-reset.command.ts","../src/database/commands/migrate-status.command.ts"],"mappings":";;;;;;;;;;;UAwBiB,wBAAA,gBACA,SAAA,GAAY,SAAA,eACd,cAAA,GAAiB,cAAA;EAE9B,IAAA,EAAM,IAAA;EACN,MAAA,EAAQ,MAAA;EACR,OAAA,QAAe,aAAA,CAAc,SAAA;EAC7B,OAAA,GAAU,SAAA;AAAA;AAAA,UAGK,oBAAA;EACf,OAAA,EAAS,qBAAA;EACT,WAAA,EAAa,wBAAA;AAAA;AAAA,cAcF,cAAA,YAA0B,YAAA,EAAc,UAAA;EAAA,OAC5C,OAAA,CAAQ,MAAA,EAAQ,oBAAA,GAAuB,aAAA;EAAA,OASvC,YAAA,CAAa,OAAA,EAAS,kBAAA,CAAmB,oBAAA,IAAwB,aAAA;EAaxE,YAAA,CAAa,OAAA,EAAS,aAAA;EAmBtB,UAAA,CAAW,OAAA,EAAS,aAAA;AAAA;;;;;;;;;;;;AApEtB;;;;;KCPY,eAAA,WACA,cAAA,GAAiB,qBAAA,IACzB,cAAA,CACF,qBAAA,CAAsB,CAAA,GACtB,aAAA,CAAc,qBAAA,CAAsB,CAAA;;;cCrBzB,eAAA;EAAA,SAGH,OAAA;EAAA,SAAA,QAAA;AAAA;AAAA,iBAIM,gBAAA,CAAiB,IAAA,EAAM,cAAA;;;iBCHvB,QAAA,CAAS,IAAA,EAAM,cAAA,GAAiB,kBAAA;;;;;;;;;;;cCQnC,aAAA,SAAsB,gBAAA;cAE/B,UAAA,GAAY,WAAA,EACZ,IAAA,GAAM,SAAA,EACN,QAAA,GAAW,MAAA;AAAA;;;cCbF,mBAAA,SAA4B,aAAA;cAC3B,OAAA;AAAA;;;;;;;;;;;;cCQD,yBAAA,SAAkC,aAAA;cACjC,KAAA;AAAA;;;;;;;;;;cCJD,0BAAA,SAAmC,gBAAA;cAClC,IAAA,UAAc,aAAA;AAAA;;;;;;;;;;;;;cCGf,mBAAA,SAA4B,aAAA;cAC3B,OAAA;AAAA;;;;;;;;;;;;;cCDD,qBAAA,SAA8B,aAAA;cAC7B,MAAA;AAAA;;;;;;;;;;;;;ATUd;;;;;;;;;iBUEgB,iBAAA,CAAkB,KAAA,YAAiB,aAAA;;;;;;KCavC,UAAA;;;;KAKA,iBAAA,GAAoB,iBAAA;;;;;;KAO3B,kBAAA,MAAwB,CAAA;EAAY,MAAA;AAAA,IAAoB,OAAA,OAAc,CAAA;;;;;KAM/D,SAAA,GAAY,kBAAA,CAAmB,cAAA;;;;KAS/B,iBAAA,MACL,UAAA,IAAc,SAAA,IAAa,iBAAA,QAC3B,UAAA,IAAc,SAAA,QACd,UAAA,IAAc,iBAAA,KACjB,UAAA;;;;KASC,gBAAA,WACO,SAAA,YACA,OAAA,OAAc,CAAA,+BACd,iBAAA,IAEV,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,uBAAwB,aAAA,CAAc,CAAA,EAAG,CAAA,IACzC,CAAA,sBAAuB,YAAA,CAAa,CAAA,EAAG,CAAA,IACvC,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,mBAAoB,SAAA,CAAU,CAAA,EAAG,CAAA,IACjC,CAAA,uBAAwB,aAAA,CAAc,CAAA,EAAG,CAAA,IACzC,CAAA,qBAAsB,WAAA,CAAY,CAAA,EAAG,CAAA;;;;KAMlC,YAAA,gCAA4C,iBAAA,IAC/C,CAAA,SAAU,SAAA,GACR,CAAA,SAAU,OAAA,OAAc,CAAA,sBACxB,gBAAA,CAAiB,CAAA,EAAG,CAAA,EAAG,CAAA;EAAa,IAAA;AAAA,IACpC,CAAA,GACA,gBAAA,CAAiB,CAAA,EAAG,CAAA,EAAG,CAAA;EAAa,KAAA;AAAA,IACpC,CAAA,GACA,gBAAA,CAAiB,CAAA,EAAG,CAAA,EAAG,CAAA;;AXtE3B;;;KW8EY,OAAA,WAAkB,SAAA,YAAqB,iBAAA,IACjD,YAAA,CAAa,cAAA,EAAgB,CAAA,EAAG,CAAA,4BAA6B,YAAA,CAAa,cAAA,EAAgB,CAAA,EAAG,CAAA;;;;KAK1F,cAAA,gCAA8C,iBAAA,IACjD,CAAA,SAAU,SAAA,GACR,CAAA,SAAU,OAAA,OAAc,CAAA,sBACxB,CAAA,mEACA,WAAA,CAAY,CAAA,EAAG,CAAA,MACf,CAAA,4BAEA,WAAA,CAAY,CAAA,EAAG,CAAA;;;;;KAQP,SAAA,WAAoB,SAAA,YAAqB,iBAAA,IACnD,cAAA,CAAe,cAAA,EAAgB,CAAA,EAAG,CAAA,4BAA6B,cAAA,CAAe,cAAA,EAAgB,CAAA,EAAG,CAAA;;;;KASvF,UAAA,qBACV,CAAA,gCAAiC,UAAA,wBAAkC,SAAA,qBAA8B,iBAAA;EAC7F,KAAA,EAAO,KAAA;EAAO,KAAA,EAAO,KAAA;EAAO,SAAA,EAAW,EAAA;EAAI,IAAA;AAAA,IAC7C,CAAA,gCAAiC,UAAA,qBACjC,MAAA,SAAe,SAAA;EACb,KAAA,EAAO,KAAA;EAAO,KAAA,EAAO,MAAA;EAAQ,IAAA;AAAA,IAC/B,MAAA,SAAe,iBAAA;EACb,KAAA,EAAO,KAAA;EAAO,SAAA,EAAW,MAAA;EAAQ,IAAA;AAAA,YAEnC,CAAA,SAAU,UAAA;EACR,KAAA,EAAO,CAAA;EAAG,IAAA;AAAA;;UAQN,gBAAA;AVrJV;AAAA,UUyJU,yBAAA,WACE,SAAA,YACA,iBAAA,gBACI,UAAA,UACN,gBAAA;EACR,IAAA,EAAM,KAAA,oBAAyB,OAAA,CAAQ,CAAA,EAAG,CAAA,IAAK,QAAA,CAAS,OAAA,CAAQ,CAAA,EAAG,CAAA;EACnE,MAAA,EAAQ,KAAA,mBAAwB,SAAA,CAAU,CAAA,EAAG,CAAA;AAAA;;UAIrC,yBAAA,eACM,UAAA,UACN,gBAAA;EACR,SAAA,EAAW,iBAAA;EACX,IAAA,EAAM,KAAA,8BAAmC,QAAA;EACzC,MAAA,EAAQ,KAAA;AAAA;;UAIA,6BAAA,eACM,UAAA,UACN,gBAAA;EACR,KAAA,EAAO,SAAA;EACP,IAAA,EAAM,KAAA,8BAAmC,QAAA;EACzC,MAAA,EAAQ,KAAA;AAAA;;UAIA,yBAAA,eACM,UAAA,UACN,gBAAA;EACR,KAAA,EAAO,SAAA;EACP,SAAA,EAAW,iBAAA;EACX,IAAA,EAAM,KAAA,8BAAmC,QAAA;EACzC,MAAA,EAAQ,KAAA;AAAA;;;;KAUL,oBAAA,qBACH,UAAA,CAAW,CAAA;EACT,KAAA,kBAAuB,UAAA;EACvB,KAAA,kBAAuB,SAAA;EACvB,SAAA,kBAA2B,iBAAA;EAC3B,IAAA;AAAA,IAEA,yBAAA,CAA0B,CAAA,EAAG,CAAA,EAAG,CAAA,IAChC,UAAA,CAAW,CAAA;EACX,KAAA,kBAAuB,UAAA;EACvB,KAAA,mBAAwB,SAAA;EACxB,IAAA;AAAA,IAEA,yBAAA,CAA0B,CAAA,IAC1B,UAAA,CAAW,CAAA;EACX,KAAA,kBAAuB,UAAA;EACvB,SAAA,mBAA4B,iBAAA;EAC5B,IAAA;AAAA,IAEA,6BAAA,CAA8B,CAAA,IAC9B,UAAA,CAAW,CAAA;EAAa,KAAA,kBAAuB,UAAA;EAAY,IAAA;AAAA,IAC3D,yBAAA,CAA0B,CAAA,IAC1B,gBAAA;;;;;;;;;APhOJ;;;;KOkPY,cAAA,WACJ,iBAAA,GAAoB,oBAAA,CAAqB,CAAA;AAAA;EAAA,UAQrC,mBAAA,SAA4B,cAAA;AAAA;;;cCvQ3B,YAAA;EAAA;;;;;;;;;YAWD,WAAA;IACR,QAAA,SAAiB,YAAA;EAAA;AAAA;;;;;;;;;;;;AZYrB;;caTa,kBAAA,YAA8B,aAAA,CAAc,WAAA,EAAW,MAAA,mBAAyB,MAAA;EAAA,SAClF,EAAA;EAET,OAAA;IAAiB,IAAA;IAAA;EAAA;IACf,IAAA,EAAM,MAAA;IACN,OAAA,GAAU,IAAA,EAAM,MAAA,kCAAwC,OAAA;EAAA,MACtD,OAAA;AAAA;;;UCjBW,yBAAA;EACf,aAAA,EAAe,cAAA;AAAA;;;;;;AdmBjB;;;;;;;;;;;;;;ccGa,kBAAA,YAA8B,aAAA,CAAc,WAAA,EAAW,MAAA,mBAAyB,MAAA;EAAA,QAGvE,OAAA;EAAA,SAFX,EAAA;cAEW,OAAA,EAAS,yBAAA;EAE7B,OAAA;IAAiB,KAAA;IAAA,SAAA;IAAA,IAAA;IAAA;EAAA;IACf,KAAA;IACA,SAAA;IACA,IAAA,EAAM,MAAA;IACN,OAAA,GAAU,IAAA,EAAM,MAAA,kCAAwC,OAAA;EAAA,MACtD,OAAA;AAAA;;;UClCW,2BAAA;EACf,UAAA;AAAA;;;;;;;AfoBF;;;;;;;;ceHa,oBAAA,YAAgC,aAAA,CAAc,WAAA,EAAW,MAAA,mBAAyB,MAAA;EAAA,QAGzE,OAAA;EAAA,SAFX,EAAA;cAEW,OAAA,EAAS,2BAAA;EAE7B,OAAA;IAAiB,IAAA;IAAA,OAAA;IAAA;EAAA;IACf,IAAA,EAAM,MAAA;IACN,OAAA,GAAU,IAAA,EAAM,MAAA,kCAAwC,OAAA;IACxD,MAAA;MAAU,iBAAA,GAAoB,GAAA,aAAgB,OAAA;IAAA;EAAA,MAC5C,OAAA;AAAA;;;;;;;uBCxBgB,eAAA,SAAwB,OAAA;EAAA,UAC5B,QAAA,CAAS,IAAA,aAAiB,OAAA;AAAA;;;cCL/B,iBAAA,SAA0B,eAAA;EAAA,OAC9B,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,aAAA,SAAsB,eAAA;EAAA,OAC1B,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,aAAA,SAAsB,eAAA;EAAA,OAC1B,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,oBAAA,SAA6B,eAAA;EAAA,OACjC,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,iBAAA,SAA0B,eAAA;EAAA,OAC9B,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,mBAAA,SAA4B,eAAA;EAAA,OAChC,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,oBAAA,SAA6B,eAAA;EAAA,OACjC,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA"}

package/dist/rbac/index.d.mts

@@ -1,206 +0,0 @@
-import { t as AuthContext } from "../auth-context-BD2ApWg1.mjs";
-import { AsyncModuleOptions, DynamicModule } from "stratal/module";
-import { ApplicationError } from "stratal/errors";
-import { Adapter, Enforcer, Model } from "casbin";
-
-//#region src/rbac/constants.d.ts
-/**
- * RBAC Constants
- */
-declare const RBAC_CONTEXT_KEYS: {
-  /** Key for storing required authorization scopes (permissions) in context */readonly AUTH_SCOPES: symbol;
-};
-//#endregion
-//#region src/rbac/errors/insufficient-permissions.error.d.ts
-/**
- * InsufficientPermissionsError
- *
- * Thrown when a user attempts to perform an action without the required permissions.
- * This error is used by the auth guard after authorization check fails.
- *
- * HTTP Status: 403 Forbidden
- * Error Code: 3102 (AUTHZ.INSUFFICIENT_PERMISSIONS)
- */
-declare class InsufficientPermissionsError extends ApplicationError {
-  constructor(requiredScopes: string[], userId?: string);
-}
-//#endregion
-//#region src/rbac/adapters/custom-zenstack-adapter.d.ts
-/**
- * Minimal interface for the database client used by the adapter.
- * The actual DatabaseService extends ZenStackClient which provides these methods
- * when the schema includes a `casbinRule` model.
- */
-interface CasbinDbClient {
-  casbinRule: {
-    findMany(args?: {
-      where?: Record<string, unknown>;
-    }): Promise<unknown[]>;
-    create(args: {
-      data: CasbinRuleCreateInput;
-    }): Promise<unknown>;
-    createMany(args: {
-      data: CasbinRuleCreateInput[];
-    }): Promise<unknown>;
-    deleteMany(args: {
-      where: CasbinRuleCreateInput;
-    }): Promise<{
-      count: number;
-    }>;
-  };
-  $executeRawUnsafe(query: string, ...values: unknown[]): Promise<unknown>;
-}
-interface CasbinRuleCreateInput {
-  ptype: string;
-  v0?: string | null;
-  v1?: string | null;
-  v2?: string | null;
-  v3?: string | null;
-  v4?: string | null;
-  v5?: string | null;
-}
-/**
- * Custom ZenStack adapter for Casbin that works with Cloudflare Workers.
- *
- * Based on the original casbin-prisma-adapter but modified to:
- * - Work with ZenStack v3 ORM clients
- * - Avoid bundling errors in Cloudflare Workers
- * - Accept pre-connected ZenStack clients (request-scoped)
- */
-declare class CustomZenStackAdapter implements Adapter {
-  #private;
-  filtered: boolean;
-  isFiltered(): boolean;
-  enableFiltered(enabled: boolean): void;
-  constructor(db: CasbinDbClient);
-  loadPolicy(model: Model): Promise<void>;
-  loadFilteredPolicy(model: Model, filter: Record<string, string[][]>): Promise<void>;
-  savePolicy(model: Model): Promise<boolean>;
-  addPolicy(_sec: string, ptype: string, rule: string[]): Promise<void>;
-  addPolicies(_sec: string, ptype: string, rules: string[][]): Promise<void>;
-  removePolicy(_sec: string, ptype: string, rule: string[]): Promise<void>;
-  removePolicies(_sec: string, ptype: string, rules: string[][]): Promise<void>;
-  removeFilteredPolicy(_sec: string, ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise<void>;
-  close(): Promise<void>;
-  static newAdapter(db: CasbinDbClient): CustomZenStackAdapter;
-}
-//#endregion
-//#region src/rbac/types.d.ts
-/**
- * Configuration options for the RBAC module
- */
-interface RbacModuleOptions {
-  /** Casbin PERM model string */
-  model: string;
-  /** Default policies: [role, resource, action][] */
-  defaultPolicies?: readonly (readonly [string, string, string])[];
-  /** Role hierarchy: [childRole, parentRole][] */
-  roleHierarchy?: readonly (readonly [string, string])[];
-}
-//#endregion
-//#region src/rbac/services/casbin-enforcer.service.d.ts
-/**
- * CasbinEnforcerService
- *
- * Manages the Casbin enforcer instance for authorization.
- * Model, default policies, and role hierarchy are provided via DI options.
- */
-declare class CasbinEnforcerService {
-  protected readonly db: CasbinDbClient;
-  protected readonly options: RbacModuleOptions;
-  protected enforcer: Enforcer | null;
-  constructor(db: CasbinDbClient, options: RbacModuleOptions);
-  /**
-   * Get or create the enforcer instance
-   */
-  getEnforcer(): Promise<Enforcer>;
-  /**
-   * Create a new enforcer instance.
-   * Can be overridden by subclasses to customize enforcer creation.
-   */
-  protected createEnforcer(): Promise<Enforcer>;
-  /**
-   * Seed default policies into database
-   */
-  seedPolicies(): Promise<void>;
-  /**
-   * Clear cached enforcer instance
-   */
-  clearCache(): void;
-  /**
-   * Seed role hierarchy into database
-   */
-  seedRoleHierarchy(): Promise<void>;
-}
-//#endregion
-//#region src/rbac/services/casbin.service.d.ts
-/**
- * CasbinService
- *
- * Request-scoped service that provides the full Casbin RBAC API.
- * Uses AuthContext to get the current user.
- */
-declare class CasbinService {
-  protected readonly context: AuthContext;
-  protected readonly enforcerService: CasbinEnforcerService;
-  constructor(context: AuthContext, enforcerService: CasbinEnforcerService);
-  protected getEnforcer(): Promise<Enforcer>;
-  addRoleForUser(userId: string, role: string): Promise<boolean>;
-  deleteRoleForUser(userId: string, role: string): Promise<boolean>;
-  deleteRolesForUser(userId: string): Promise<boolean>;
-  getRolesForUser(userId: string): Promise<string[]>;
-  getImplicitRolesForUser(userId: string): Promise<string[]>;
-  getUsersForRole(role: string): Promise<string[]>;
-  getImplicitUsersForRole(role: string): Promise<string[]>;
-  hasRoleForUser(userId: string, role: string): Promise<boolean>;
-  addRoleInheritance(childRole: string, parentRole: string): Promise<boolean>;
-  deleteRoleInheritance(childRole: string, parentRole: string): Promise<boolean>;
-  deleteUser(userId: string): Promise<boolean>;
-  deleteRole(role: string): Promise<boolean>;
-  getCurrentUserRoles(): Promise<string[]>;
-  currentUserHasRole(role: string): Promise<boolean>;
-  setRolesForUser(userId: string, roles: string[]): Promise<void>;
-  hasPermission(userId: string, scope: string, action: string): Promise<boolean>;
-  currentUserHasPermission(scope: string, action: string): Promise<boolean>;
-  hasAnyPermission(userId: string, scopes: string[], action: string): Promise<boolean>;
-  currentUserHasAnyPermission(scopes: string[], action: string): Promise<boolean>;
-  getPermissionsForUserAsCasbinJs(userId: string): Promise<Record<string, string[]>>;
-  getCurrentUserPermissionsAsCasbinJs(): Promise<Record<string, string[]>>;
-}
-//#endregion
-//#region src/rbac/rbac.module.d.ts
-/**
- * RBAC Module
- *
- * Provides role-based access control using Casbin.
- * Fully configurable — no hardcoded roles, policies, or model.
- *
- * @example
- * ```typescript
- * @Module({
- *   imports: [
- *     RbacModule.forRoot({
- *       model: MY_RBAC_MODEL,
- *       defaultPolicies: [['admin', 'users:*', '.*']],
- *       roleHierarchy: [['super_admin', 'admin']],
- *     })
- *   ]
- * })
- * ```
- */
-declare class RbacModule {
-  static forRoot(options: RbacModuleOptions): DynamicModule;
-  static forRootAsync(options: AsyncModuleOptions<RbacModuleOptions>): DynamicModule;
-}
-//#endregion
-//#region src/rbac/tokens.d.ts
-/**
- * RBAC DI Tokens
- */
-declare const RBAC_TOKENS: {
-  /** Request-scoped Casbin service with auto context resolution */readonly CasbinService: symbol; /** RBAC module options (model, policies, hierarchy) */
-  readonly Options: symbol;
-};
-//#endregion
-export { CasbinEnforcerService, CasbinService, CustomZenStackAdapter, InsufficientPermissionsError, RBAC_CONTEXT_KEYS, RBAC_TOKENS, RbacModule, type RbacModuleOptions };
-//# sourceMappingURL=index.d.mts.map

package/dist/rbac/index.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/rbac/constants.ts","../../src/rbac/errors/insufficient-permissions.error.ts","../../src/rbac/adapters/custom-zenstack-adapter.ts","../../src/rbac/types.ts","../../src/rbac/services/casbin-enforcer.service.ts","../../src/rbac/services/casbin.service.ts","../../src/rbac/rbac.module.ts","../../src/rbac/tokens.ts"],"mappings":";;;;;;;;;cAGa,iBAAA;wFAGH,WAAA;AAAA;;;;;;;;AAHV;;;;cCQa,4BAAA,SAAqC,gBAAA;cACpC,cAAA,YAA0B,MAAA;AAAA;;;;;;;;UCHvB,cAAA;EACf,UAAA;IACE,QAAA,CAAS,IAAA;MAAS,KAAA,GAAQ,MAAA;IAAA,IAA4B,OAAA;IACtD,MAAA,CAAO,IAAA;MAAQ,IAAA,EAAM,qBAAA;IAAA,IAA0B,OAAA;IAC/C,UAAA,CAAW,IAAA;MAAQ,IAAA,EAAM,qBAAA;IAAA,IAA4B,OAAA;IACrD,UAAA,CAAW,IAAA;MAAQ,KAAA,EAAO,qBAAA;IAAA,IAA0B,OAAA;MAAU,KAAA;IAAA;EAAA;EAEhE,iBAAA,CAAkB,KAAA,aAAkB,MAAA,cAAoB,OAAA;AAAA;AAAA,UAGhD,qBAAA;EACR,KAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;AAAA;;;;;;;;;cAsBW,qBAAA,YAAiC,OAAA;EAAA;EAG5C,QAAA;EAEO,UAAA,CAAA;EAIA,cAAA,CAAe,OAAA;cAIV,EAAA,EAAI,cAAA;EAIV,UAAA,CAAW,KAAA,EAAO,KAAA,GAAQ,OAAA;EAQ1B,kBAAA,CACJ,KAAA,EAAO,KAAA,EACP,MAAA,EAAQ,MAAA,uBACP,OAAA;EA0BG,UAAA,CAAW,KAAA,EAAO,KAAA,GAAQ,OAAA;EAyB1B,SAAA,CAAU,IAAA,UAAc,KAAA,UAAe,IAAA,aAAiB,OAAA;EAKxD,WAAA,CACJ,IAAA,UACA,KAAA,UACA,KAAA,eACC,OAAA;EAWG,YAAA,CACJ,IAAA,UACA,KAAA,UACA,IAAA,aACC,OAAA;EAKG,cAAA,CACJ,IAAA,UACA,KAAA,UACA,KAAA,eACC,OAAA;EAWG,oBAAA,CACJ,IAAA,UACA,KAAA,UACA,UAAA,aACG,WAAA,aACF,OAAA;EA0BG,KAAA,CAAA,GAAS,OAAA;EAAA,OAIR,UAAA,CAAW,EAAA,EAAI,cAAA,GAAiB,qBAAA;AAAA;;;;;;UC3MxB,iBAAA;;EAEf,KAAA;EHFW;EGIX,eAAA;;EAEA,aAAA;AAAA;;;;;;AHNF;;;cIWa,qBAAA;EAAA,mBAKU,EAAA,EAAI,cAAA;EAAA,mBAEJ,OAAA,EAAS,iBAAA;EAAA,UANpB,QAAA,EAAU,QAAA;cAIC,EAAA,EAAI,cAAA,EAEJ,OAAA,EAAS,iBAAA;EHVnB;;;EGgBL,WAAA,CAAA,GAAe,OAAA,CAAQ,QAAA;EHhBmB;;;;EAAA,UGyBhC,cAAA,CAAA,GAAkB,OAAA,CAAQ,QAAA;EHxBW;;;EGoC/C,YAAA,CAAA,GAAgB,OAAA;EFvCP;;;EEqDf,UAAA,CAAA;EFnDwD;;;EE0DlD,iBAAA,CAAA,GAAqB,OAAA;AAAA;;;;;;AJlE7B;;;cKWa,aAAA;EAAA,mBAGU,OAAA,EAAS,WAAA;EAAA,mBAET,eAAA,EAAiB,qBAAA;cAFjB,OAAA,EAAS,WAAA,EAET,eAAA,EAAiB,qBAAA;EAAA,UAGtB,WAAA,CAAA,GAAe,OAAA,CAAQ,QAAA;EAMjC,cAAA,CAAe,MAAA,UAAgB,IAAA,WAAe,OAAA;EAO9C,iBAAA,CAAkB,MAAA,UAAgB,IAAA,WAAe,OAAA;EAOjD,kBAAA,CAAmB,MAAA,WAAiB,OAAA;EAOpC,eAAA,CAAgB,MAAA,WAAiB,OAAA;EAKjC,uBAAA,CAAwB,MAAA,WAAiB,OAAA;EAKzC,eAAA,CAAgB,IAAA,WAAe,OAAA;EAK/B,uBAAA,CAAwB,IAAA,WAAe,OAAA;EAKvC,cAAA,CAAe,MAAA,UAAgB,IAAA,WAAe,OAAA;EAO9C,kBAAA,CAAmB,SAAA,UAAmB,UAAA,WAAqB,OAAA;EAO3D,qBAAA,CAAsB,SAAA,UAAmB,UAAA,WAAqB,OAAA;EAS9D,UAAA,CAAW,MAAA,WAAiB,OAAA;EAO5B,UAAA,CAAW,IAAA,WAAe,OAAA;EAS1B,mBAAA,CAAA,GAAuB,OAAA;EAMvB,kBAAA,CAAmB,IAAA,WAAe,OAAA;EAKlC,eAAA,CAAgB,MAAA,UAAgB,KAAA,aAAkB,OAAA;EAWlD,aAAA,CAAc,MAAA,UAAgB,KAAA,UAAe,MAAA,WAAiB,OAAA;EAK9D,wBAAA,CAAyB,KAAA,UAAe,MAAA,WAAiB,OAAA;EAMzD,gBAAA,CAAiB,MAAA,UAAgB,MAAA,YAAkB,MAAA,WAAiB,OAAA;EAOpE,2BAAA,CAA4B,MAAA,YAAkB,MAAA,WAAiB,OAAA;EAQ/D,+BAAA,CAAgC,MAAA,WAAiB,OAAA,CAAQ,MAAA;EAezD,mCAAA,CAAA,GAAuC,OAAA,CAAQ,MAAA;AAAA;;;;;;;ALxKvD;;;;;;;;ACQA;;;;;;;cKqBa,UAAA;EAAA,OACJ,OAAA,CAAQ,OAAA,EAAS,iBAAA,GAAoB,aAAA;EAAA,OASrC,YAAA,CAAa,OAAA,EAAS,kBAAA,CAAmB,iBAAA,IAAqB,aAAA;AAAA;;;;;;cCvC1D,WAAA;4EAKH,aAAA,UPLG;EAAA,SOKH,OAAA;AAAA"}