npm - @tenantscale/sdk - Versions diffs - 0.1.0 → 0.3.0 - Mend

@tenantscale/sdk 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/dist/index.d.ts +2 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +1 -0
package/dist/index.js.map +1 -1
package/dist/middleware/index.d.ts +6 -0
package/dist/middleware/index.d.ts.map +1 -0
package/dist/middleware/index.js +8 -0
package/dist/middleware/index.js.map +1 -0
package/dist/middleware/query-guard.d.ts +31 -0
package/dist/middleware/query-guard.d.ts.map +1 -0
package/dist/middleware/query-guard.js +137 -0
package/dist/middleware/query-guard.js.map +1 -0
package/dist/middleware/user-auth.d.ts +53 -0
package/dist/middleware/user-auth.d.ts.map +1 -0
package/dist/middleware/user-auth.js +154 -0
package/dist/middleware/user-auth.js.map +1 -0
package/dist/react/index.js +1 -1
package/dist/react/index.js.map +1 -1
package/dist/tenant-scale.d.ts +129 -0
package/dist/tenant-scale.d.ts.map +1 -0
package/dist/tenant-scale.js +267 -0
package/dist/tenant-scale.js.map +1 -0
package/dist/tenant.d.ts +2 -0
package/dist/tenant.d.ts.map +1 -1
package/dist/tenant.js +2 -0
package/dist/tenant.js.map +1 -1
package/dist/testing/index.d.ts +111 -0
package/dist/testing/index.d.ts.map +1 -0
package/dist/testing/index.js +198 -0
package/dist/testing/index.js.map +1 -0
package/dist/types.d.ts +29 -1
package/dist/types.d.ts.map +1 -1
package/dist/types.js +0 -3
package/dist/types.js.map +1 -1
package/package.json +72 -63

package/dist/tenant-scale.js ADDED Viewed

@@ -0,0 +1,267 @@
+// ──────────────────────────────────────────────────────
+// TenantScale — Unified SDK Class
+// Combines tenant context, middleware, audit, and admin
+// into the single `TenantScale` import the docs promise.
+//
+// Usage:
+//   import { TenantScale } from '@tenantscale/sdk'
+//   const ts = new TenantScale({ apiKey: '...' })
+//   app.use('*', ts.protect())
+// ──────────────────────────────────────────────────────
+import { TenantClient } from './tenant.js';
+import { PlanLimitError } from './types.js';
+// Internal storage for the API key on the Hono context
+const API_KEY_SYMBOL = Symbol('__tenantscale_apiKey');
+export class TenantScale {
+    client;
+    apiKey;
+    constructor(options) {
+        this.client = new TenantClient(options);
+        this.apiKey = options.apiKey ?? '';
+    }
+    /**
+     * Create a new instance with a different API key.
+     * Useful when you need to switch tenants.
+     */
+    withApiKey(apiKey) {
+        return new TenantScale({ ...this.client.getOptions(), apiKey });
+    }
+    // ── Middleware ──
+    /**
+     * Enforces tenant isolation — extracts the API key from the
+     * Authorization header and attaches tenant context to the request.
+     *
+     * Usage:
+     *   app.use('/api/*', ts.protect())
+     */
+    protect() {
+        return async (c, next) => {
+            const authHeader = c.req.header('Authorization');
+            if (!authHeader?.startsWith('Bearer ')) {
+                return c.json({ error: 'Missing or invalid Authorization header' }, 401);
+            }
+            const apiKey = authHeader.slice(7);
+            try {
+                const tenant = await this.client.resolveTenant(apiKey);
+                c.set('tenant', tenant);
+                c.set('tenantClient', this.client);
+                c[API_KEY_SYMBOL] = apiKey;
+                await next();
+            }
+            catch (err) {
+                if (err instanceof PlanLimitError) {
+                    return c.json({ error: err.message, code: err.code }, err.status);
+                }
+                return c.json({ error: 'Failed to resolve tenant' }, 401);
+            }
+        };
+    }
+    /**
+     * Logs every request to the audit trail.
+     * Place after protect() so tenant context is available.
+     *
+     * Usage:
+     *   app.use('/api/*', ts.audit())
+     */
+    audit() {
+        return async (c, next) => {
+            await next();
+            const tenant = c.get('tenant');
+            if (!tenant)
+                return;
+            const apiKey = c[API_KEY_SYMBOL] || '';
+            const method = c.req.method;
+            const path = c.req.path;
+            const status = c.res.status;
+            this.client.logAudit(apiKey, {
+                action: `${method} ${path}`,
+                resource: path,
+                actor_id: tenant.id,
+                details: { status_code: status },
+            }).catch(() => {
+                // Fire and forget — audit failures shouldn't crash the app
+            });
+        };
+    }
+    /**
+     * Requires an admin API key. Use on admin routes.
+     *
+     * Usage:
+     *   app.use('/admin/*', ts.requireAdmin())
+     */
+    requireAdmin() {
+        return async (c, next) => {
+            const authHeader = c.req.header('Authorization');
+            if (!authHeader?.startsWith('Bearer ')) {
+                return c.json({ error: 'Missing Authorization header' }, 401);
+            }
+            const apiKey = authHeader.slice(7);
+            try {
+                const tenant = await this.client.resolveTenant(apiKey);
+                c.set('tenant', tenant);
+                c.set('tenantClient', this.client);
+                c[API_KEY_SYMBOL] = apiKey;
+                await next();
+            }
+            catch {
+                return c.json({ error: 'Invalid admin key' }, 401);
+            }
+        };
+    }
+    // ── Route Helpers ──
+    /**
+     * Get the current tenant context from a Hono context.
+     * Works after protect() middleware has run.
+     */
+    getTenant(c) {
+        return c.get('tenant');
+    }
+    /**
+     * Get the current user context.
+     * (Placeholder — user resolution depends on your auth setup.)
+     */
+    getUser(c) {
+        const tenant = c.get('tenant');
+        if (!tenant)
+            return undefined;
+        // For now, return the tenant's admin user as the current user
+        return { id: tenant.id, email: undefined, role: 'admin' };
+    }
+    /**
+     * Log a custom audit event from within a route handler.
+     *
+     * Usage:
+     *   app.post('/api/orders', async (c) => {
+     *     await ts.logAudit(c, { action: 'order.created', resource: 'order:123' })
+     *   })
+     */
+    async logAudit(c, event) {
+        const tenant = c.get('tenant');
+        await this.client.logAudit(this.apiKey, {
+            action: event.action,
+            resource: event.resource,
+            actor_id: tenant?.id ?? 'unknown',
+            details: event.details,
+        });
+    }
+    // ── Admin Helpers ──
+    /**
+     * List all tenants (admin only).
+     */
+    async listTenants() {
+        // This would call the admin API endpoint
+        throw new Error('listTenants() requires the hosted API — coming soon');
+    }
+    /**
+     * Get paginated audit log (admin only).
+     */
+    async getAuditLog(c, opts) {
+        throw new Error('getAuditLog() requires the hosted API — coming soon');
+    }
+    // ── Plan Limit Helpers ──
+    /**
+     * Get a specific plan limit value for the current tenant.
+     * Returns null if the limit is not defined.
+     *
+     * Usage:
+     *   const maxUsers = ts.getPlanLimit(c, 'max_users')
+     *   // → 100 (or null if unlimited / not set)
+     */
+    getPlanLimit(c, key) {
+        const tenant = c.get('tenant');
+        if (!tenant)
+            return null;
+        return tenant.features[key] ?? null;
+    }
+    /**
+     * Get all plan limits for the current tenant.
+     * Returns the merged feature map (plan defaults + tenant overrides).
+     *
+     * Usage:
+     *   const limits = ts.getPlanLimits(c)
+     *   // → { max_users: 100, audit_log_retention_days: 30, sso: true, ... }
+     */
+    getPlanLimits(c) {
+        const tenant = c.get('tenant');
+        return (tenant?.features ?? {});
+    }
+    /**
+     * Check if a usage value exceeds the plan limit.
+     * Returns true if the limit is exceeded (or is 0).
+     * Returns false if the limit is null (unlimited).
+     *
+     * Usage:
+     *   if (ts.planLimitExceeded(c, 'max_users', currentUserCount)) {
+     *     return c.json({ error: 'User limit reached' }, 403)
+     *   }
+     */
+    planLimitExceeded(c, key, currentValue) {
+        const limit = this.getPlanLimit(c, key);
+        // null means unlimited
+        if (limit === null)
+            return false;
+        // Boolean limits: true means allowed, false means blocked
+        if (typeof limit === 'boolean')
+            return !limit;
+        // Numeric limits
+        if (typeof limit === 'number')
+            return currentValue >= limit;
+        // String limits — can't compare numerically
+        return false;
+    }
+    /**
+     * Fetch the full plan definition (metadata + limits) from the API.
+     * Use this when you need plan pricing, name, description, etc.
+     *
+     * Usage:
+     *   const plan = await ts.fetchPlan(c)
+     *   // → { id: 'pro', name: 'Pro', price_monthly: 39900, features: {...}, ... }
+     */
+    async fetchPlan(c) {
+        const tenant = c.get('tenant');
+        if (!tenant)
+            return null;
+        const baseUrl = this.client.getOptions().baseUrl ?? 'https://api.tenantscale.com';
+        const apiKey = c[API_KEY_SYMBOL] || this.apiKey;
+        try {
+            const res = await fetch(`${baseUrl}/v1/plans/${tenant.plan}`, {
+                headers: {
+                    Authorization: `Bearer ${apiKey}`,
+                    'Content-Type': 'application/json',
+                },
+            });
+            if (!res.ok)
+                return null;
+            return await res.json();
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Fetch all available plans from the API.
+     *
+     * Usage:
+     *   const plans = await ts.fetchPlans()
+     *   // → [{ id: 'free', name: 'Free', ... }, { id: 'pro', ... }]
+     */
+    async fetchPlans() {
+        const baseUrl = this.client.getOptions().baseUrl ?? 'https://api.tenantscale.com';
+        try {
+            const res = await fetch(`${baseUrl}/v1/plans`, {
+                headers: {
+                    Authorization: `Bearer ${this.apiKey}`,
+                    'Content-Type': 'application/json',
+                },
+            });
+            if (!res.ok)
+                return [];
+            const data = await res.json();
+            return data.plans ?? [];
+        }
+        catch {
+            return [];
+        }
+    }
+}
+//# sourceMappingURL=tenant-scale.js.map

package/dist/tenant-scale.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tenant-scale.js","sourceRoot":"","sources":["../src/tenant-scale.ts"],"names":[],"mappings":"AAAA,yDAAyD;AACzD,kCAAkC;AAClC,wDAAwD;AACxD,yDAAyD;AACzD,EAAE;AACF,SAAS;AACT,mDAAmD;AACnD,kDAAkD;AAClD,+BAA+B;AAC/B,yDAAyD;AAEzD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAyD,cAAc,EAAE,MAAM,YAAY,CAAA;AAWlG,uDAAuD;AACvD,MAAM,cAAc,GAAG,MAAM,CAAC,sBAAsB,CAAC,CAAA;AAErD,MAAM,OAAO,WAAW;IACd,MAAM,CAAc;IACpB,MAAM,CAAQ;IAEtB,YAAY,OAAiD;QAC3D,IAAI,CAAC,MAAM,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,CAAA;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE,CAAA;IACpC,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,MAAc;QACvB,OAAO,IAAI,WAAW,CAAC,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,CAAA;IACjE,CAAC;IAED,mBAAmB;IAEnB;;;;;;OAMG;IACH,OAAO;QACL,OAAO,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,EAAE;YAChC,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;YAChD,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yCAAyC,EAAE,EAAE,GAAG,CAAC,CAAA;YAC1E,CAAC;YACD,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YAElC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAA;gBACtD,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;gBACvB,CAAC,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAEjC;gBAAC,CAAuC,CAAC,cAAc,CAAC,GAAG,MAAM,CAAA;gBAClE,MAAM,IAAI,EAAE,CAAA;YACd,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;oBAClC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,GAAG,CAAC,MAAa,CAAC,CAAA;gBAC1E,CAAC;gBACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,EAAE,GAAG,CAAC,CAAA;YAC3D,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK;QACH,OAAO,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,EAAE;YAChC,MAAM,IAAI,EAAE,CAAA;YACZ,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;YAC9B,IAAI,CAAC,MAAM;gBAAE,OAAM;YAEnB,MAAM,MAAM,GAAI,CAAuC,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;YAC7E,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAA;YAC3B,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAA;YACvB,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAA;YAE3B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE;gBAC3B,MAAM,EAAE,GAAG,MAAM,IAAI,IAAI,EAAE;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,MAAM,CAAC,EAAE;gBACnB,OAAO,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE;aACjC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;gBACZ,2DAA2D;YAC7D,CAAC,CAAC,CAAA;QACJ,CAAC,CAAA;IACH,CAAC;IAED;;;;;OAKG;IACH,YAAY;QACV,OAAO,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,EAAE;YAChC,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;YAChD,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,EAAE,GAAG,CAAC,CAAA;YAC/D,CAAC;YACD,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YAElC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAA;gBACtD,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;gBACvB,CAAC,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAEjC;gBAAC,CAAuC,CAAC,cAAc,CAAC,GAAG,MAAM,CAAA;gBAClE,MAAM,IAAI,EAAE,CAAA;YACd,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE,GAAG,CAAC,CAAA;YACpD,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IAED,sBAAsB;IAEtB;;;OAGG;IACH,SAAS,CAAC,CAAU;QAClB,OAAO,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACxB,CAAC;IAED;;;OAGG;IACH,OAAO,CAAC,CAAU;QAChB,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAC9B,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAA;QAC7B,8DAA8D;QAC9D,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,CAAA;IAC3D,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,CAAU,EAAE,KAA8E;QACvG,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAC9B,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE;YACtC,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,SAAS;YACjC,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC,CAAA;IACJ,CAAC;IAED,sBAAsB;IAEtB;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,yCAAyC;QACzC,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAA;IACxE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,CAAU,EAAE,IAA2C;QACvE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAA;IACxE,CAAC;IAED,2BAA2B;IAE3B;;;;;;;OAOG;IACH,YAAY,CAAC,CAAU,EAAE,GAAW;QAClC,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAC9B,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QACxB,OAAQ,MAAM,CAAC,QAA6D,CAAC,GAAG,CAAC,IAAI,IAAI,CAAA;IAC3F,CAAC;IAED;;;;;;;OAOG;IACH,aAAa,CAAC,CAAU;QACtB,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAC9B,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,EAAE,CAA8C,CAAA;IAC9E,CAAC;IAED;;;;;;;;;OASG;IACH,iBAAiB,CAAC,CAAU,EAAE,GAAW,EAAE,YAAoB;QAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;QACvC,uBAAuB;QACvB,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,KAAK,CAAA;QAChC,0DAA0D;QAC1D,IAAI,OAAO,KAAK,KAAK,SAAS;YAAE,OAAO,CAAC,KAAK,CAAA;QAC7C,iBAAiB;QACjB,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,YAAY,IAAI,KAAK,CAAA;QAC3D,4CAA4C;QAC5C,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,SAAS,CAAC,CAAU;QACxB,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAC9B,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,OAAO,IAAI,6BAA6B,CAAA;QACjF,MAAM,MAAM,GAAI,CAAuC,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC,MAAM,CAAA;QAEtF,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,aAAa,MAAM,CAAC,IAAI,EAAE,EAAE;gBAC5D,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,MAAM,EAAE;oBACjC,cAAc,EAAE,kBAAkB;iBACnC;aACF,CAAC,CAAA;YACF,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAA;YACxB,OAAO,MAAM,GAAG,CAAC,IAAI,EAA6B,CAAA;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,UAAU;QACd,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,OAAO,IAAI,6BAA6B,CAAA;QAEjF,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,WAAW,EAAE;gBAC7C,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;oBACtC,cAAc,EAAE,kBAAkB;iBACnC;aACF,CAAC,CAAA;YACF,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,OAAO,EAAE,CAAA;YACtB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA0C,CAAA;YACrE,OAAO,IAAI,CAAC,KAAK,IAAI,EAAE,CAAA;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAA;QACX,CAAC;IACH,CAAC;CACF"}

package/dist/tenant.d.ts CHANGED Viewed

@@ -4,6 +4,8 @@ export declare class TenantClient {
     private cache;
     private cacheTtlMs;
     constructor(options: TenantScaleOptions);
+    /** Access the current options */
+    getOptions(): TenantScaleOptions;
     /**
      * Fetch a tenant by API key.
      * Results are cached for `cacheTtlMs` to avoid hammering the API on every request.

package/dist/tenant.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"tenant.d.ts","sourceRoot":"","sources":["../src/tenant.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,MAAM,EAAE,KAAK,kBAAkB,EAAoB,MAAM,YAAY,CAAA;AAOnF,qBAAa,YAAY;IAIX,OAAO,CAAC,OAAO;IAH3B,OAAO,CAAC,KAAK,CAAkC;IAC/C,OAAO,CAAC,UAAU,CAAS;gBAEP,OAAO,EAAE,kBAAkB;IAE/C;;;OAGG;IACG,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAsCpD,yDAAyD;IACnD,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAQrE,uCAAuC;IACjC,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;QACtC,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,MAAM,CAAA;QACb,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KACrC,GAAG,OAAO,CAAC,IAAI,CAAC;IAoBjB,yBAAyB;IACnB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;QACpC,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,EAAE,MAAM,CAAA;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QACjC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAClB,GAAG,OAAO,CAAC,IAAI,CAAC;IAajB,wEAAwE;IACxE,eAAe,CAAC,MAAM,EAAE,MAAM;CAG/B"}
1	+ {"version":3,"file":"tenant.d.ts","sourceRoot":"","sources":["../src/tenant.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,MAAM,EAAE,KAAK,kBAAkB,EAAoB,MAAM,YAAY,CAAA;AAOnF,qBAAa,YAAY;IAIX,OAAO,CAAC,OAAO;IAH3B,OAAO,CAAC,KAAK,CAAkC;IAC/C,OAAO,CAAC,UAAU,CAAS;gBAEP,OAAO,EAAE,kBAAkB;IAE/C,iCAAiC;IACjC,UAAU,IAAI,kBAAkB;IAEhC;;;OAGG;IACG,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAsCpD,yDAAyD;IACnD,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAQrE,uCAAuC;IACjC,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;QACtC,MAAM,EAAE,MAAM,CAAA;QACd,KAAK,EAAE,MAAM,CAAA;QACb,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KACrC,GAAG,OAAO,CAAC,IAAI,CAAC;IAoBjB,yBAAyB;IACnB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;QACpC,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,EAAE,MAAM,CAAA;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QACjC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAClB,GAAG,OAAO,CAAC,IAAI,CAAC;IAajB,wEAAwE;IACxE,eAAe,CAAC,MAAM,EAAE,MAAM;CAG/B"}

package/dist/tenant.js CHANGED Viewed

@@ -9,6 +9,8 @@ export class TenantClient {
     constructor(options) {
         this.options = options;
     }
+    /** Access the current options */
+    getOptions() { return this.options; }
     /**
      * Fetch a tenant by API key.
      * Results are cached for `cacheTtlMs` to avoid hammering the API on every request.

package/dist/tenant.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"tenant.js","sourceRoot":"","sources":["../src/tenant.ts"],"names":[],"mappings":"AAAA,yDAAyD;AACzD,sDAAsD;AACtD,yDAAyD;AAEzD,OAAO,EAAwC,gBAAgB,EAAE,MAAM,YAAY,CAAA;AAOnF,MAAM,OAAO,YAAY;IAIH;IAHZ,KAAK,GAAG,IAAI,GAAG,EAAwB,CAAA;IACvC,UAAU,GAAG,MAAM,CAAA,CAAC,WAAW;IAEvC,YAAoB,OAA2B;QAA3B,YAAO,GAAP,OAAO,CAAoB;IAAG,CAAC;IAEnD;;;OAGG;IACH,KAAK,CAAC,aAAa,CAAC,MAAc;QAChC,cAAc;QACd,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5C,OAAO,MAAM,CAAC,IAAI,CAAA;QACpB,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,6BAA6B,CAAA;QAErE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,gBAAgB,EAAE;YAClD,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,MAAM,EAAE;gBACjC,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACvB,MAAM,IAAI,gBAAgB,CAAC,iBAAiB,EAAE,cAAc,EAAE,GAAG,CAAC,CAAA;YACpE,CAAC;YACD,MAAM,IAAI,gBAAgB,CACxB,6BAA6B,GAAG,CAAC,UAAU,EAAE,EAC7C,uBAAuB,EACvB,GAAG,CAAC,MAAM,CACX,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAW,CAAA;QAE3C,WAAW;QACX,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE;YACrB,IAAI,EAAE,MAAM;YACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU;SACxC,CAAC,CAAA;QAEF,OAAO,MAAM,CAAA;IACf,CAAC;IAED,yDAAyD;IACzD,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,OAAe;QAChD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAA;QAC/C,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;QACtC,IAAI,OAAO,KAAK,KAAK,SAAS;YAAE,OAAO,KAAK,CAAA;QAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,KAAK,GAAG,CAAC,CAAA;QAC/C,OAAO,KAAK,CAAA;IACd,CAAC;IAED,uCAAuC;IACvC,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,KAIhC;QACC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,6BAA6B,CAAA;QAErE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,YAAY,EAAE;YAC9C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,MAAM,EAAE;gBACjC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;SAC5B,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,yDAAyD;YACzD,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBACzB,OAAO,CAAC,IAAI,CAAC,sCAAsC,EAAE,GAAG,CAAC,UAAU,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,KAAK,CAAC,QAAQ,CAAC,MAAc,EAAE,KAK9B;QACC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,6BAA6B,CAAA;QAErE,MAAM,KAAK,CAAC,GAAG,OAAO,WAAW,EAAE;YACjC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,MAAM,EAAE;gBACjC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;SAC5B,CAAC,CAAA;IACJ,CAAC;IAED,wEAAwE;IACxE,eAAe,CAAC,MAAc;QAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAC3B,CAAC;CACF"}
1	+ {"version":3,"file":"tenant.js","sourceRoot":"","sources":["../src/tenant.ts"],"names":[],"mappings":"AAAA,yDAAyD;AACzD,sDAAsD;AACtD,yDAAyD;AAEzD,OAAO,EAAwC,gBAAgB,EAAE,MAAM,YAAY,CAAA;AAOnF,MAAM,OAAO,YAAY;IAIH;IAHZ,KAAK,GAAG,IAAI,GAAG,EAAwB,CAAA;IACvC,UAAU,GAAG,MAAM,CAAA,CAAC,WAAW;IAEvC,YAAoB,OAA2B;QAA3B,YAAO,GAAP,OAAO,CAAoB;IAAG,CAAC;IAEnD,iCAAiC;IACjC,UAAU,KAAyB,OAAO,IAAI,CAAC,OAAO,CAAA,CAAC,CAAC;IAExD;;;OAGG;IACH,KAAK,CAAC,aAAa,CAAC,MAAc;QAChC,cAAc;QACd,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACrC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5C,OAAO,MAAM,CAAC,IAAI,CAAA;QACpB,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,6BAA6B,CAAA;QAErE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,gBAAgB,EAAE;YAClD,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,MAAM,EAAE;gBACjC,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACvB,MAAM,IAAI,gBAAgB,CAAC,iBAAiB,EAAE,cAAc,EAAE,GAAG,CAAC,CAAA;YACpE,CAAC;YACD,MAAM,IAAI,gBAAgB,CACxB,6BAA6B,GAAG,CAAC,UAAU,EAAE,EAC7C,uBAAuB,EACvB,GAAG,CAAC,MAAM,CACX,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAW,CAAA;QAE3C,WAAW;QACX,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE;YACrB,IAAI,EAAE,MAAM;YACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU;SACxC,CAAC,CAAA;QAEF,OAAO,MAAM,CAAA;IACf,CAAC;IAED,yDAAyD;IACzD,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,OAAe;QAChD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAA;QAC/C,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;QACtC,IAAI,OAAO,KAAK,KAAK,SAAS;YAAE,OAAO,KAAK,CAAA;QAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,KAAK,GAAG,CAAC,CAAA;QAC/C,OAAO,KAAK,CAAA;IACd,CAAC;IAED,uCAAuC;IACvC,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,KAIhC;QACC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,6BAA6B,CAAA;QAErE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,YAAY,EAAE;YAC9C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,MAAM,EAAE;gBACjC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;SAC5B,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,yDAAyD;YACzD,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBACzB,OAAO,CAAC,IAAI,CAAC,sCAAsC,EAAE,GAAG,CAAC,UAAU,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,KAAK,CAAC,QAAQ,CAAC,MAAc,EAAE,KAK9B;QACC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,6BAA6B,CAAA;QAErE,MAAM,KAAK,CAAC,GAAG,OAAO,WAAW,EAAE;YACjC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,MAAM,EAAE;gBACjC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;SAC5B,CAAC,CAAA;IACJ,CAAC;IAED,wEAAwE;IACxE,eAAe,CAAC,MAAc;QAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAC3B,CAAC;CACF"}

package/dist/testing/index.d.ts ADDED Viewed

@@ -0,0 +1,111 @@
+export interface ApiKeyPair {
+    apiKey: string;
+}
+/** Result of a single API call */
+interface ApiResponse {
+    status: number;
+    data: unknown;
+    headers: Record<string, string>;
+}
+/** A generic API client used internally */
+declare class ApiClient {
+    private baseUrl;
+    private apiKey;
+    constructor(baseUrl: string, apiKey: string);
+    request(method: string, path: string, body?: unknown): Promise<ApiResponse>;
+    get(path: string): Promise<ApiResponse>;
+    post(path: string, body?: unknown): Promise<ApiResponse>;
+    patch(path: string, body?: unknown): Promise<ApiResponse>;
+    del(path: string): Promise<ApiResponse>;
+}
+export interface EndpointPattern {
+    /** HTTP method */
+    method: 'GET' | 'POST' | 'PATCH' | 'DELETE';
+    /**
+     * Path template. If it's a function, it receives the resource ID
+     * from the setup step (for read/update/delete isolation tests).
+     * If it's a string, it's used as-is.
+     */
+    path: string | ((resourceId: string) => string);
+}
+export interface TestScenarios {
+    /**
+     * Test that tenant B cannot READ resources created by tenant A.
+     * For each pattern: setup creates a resource, then tenant B tries to GET it.
+     * Expected: 401/403/404 (not 200 with data from another tenant)
+     */
+    read?: EndpointPattern[];
+    /**
+     * Test that tenant B cannot WRITE (update) resources created by tenant A.
+     * For each pattern: setup creates a resource, then tenant B tries to PATCH it.
+     * Expected: 401/403/404
+     */
+    write?: EndpointPattern[];
+    /**
+     * Test that tenant B cannot DELETE resources created by tenant A.
+     * Expected: 401/403/404
+     */
+    delete?: EndpointPattern[];
+    /**
+     * Test that tenant B cannot CREATE resources in tenant A's context.
+     * For each pattern: tenant B tries to POST to the path.
+     * Expected: 401/403
+     */
+    create?: EndpointPattern[];
+    /**
+     * Custom test functions for more complex scenarios.
+     * Each receives helpers for making requests as both tenants.
+     */
+    custom?: CustomTest[];
+}
+export interface CustomTest {
+    name: string;
+    run: (helpers: {
+        asTenantA: ApiClient;
+        asTenantB: ApiClient;
+    }) => Promise<void>;
+}
+export interface IsolationTestConfig {
+    /** Base URL of the API under test */
+    baseUrl: string;
+    /** API key for tenant A (the "owner" of resources) */
+    tenantA: ApiKeyPair;
+    /** API key for tenant B (the "attacker" — should NOT have access) */
+    tenantB: ApiKeyPair;
+    /** Test scenarios to run */
+    tests: TestScenarios;
+}
+export interface IsolationTestResult {
+    passed: boolean;
+    totalTests: number;
+    passedTests: number;
+    failedTests: number;
+    failures: Array<{
+        name: string;
+        error: string;
+    }>;
+    details: Array<{
+        name: string;
+        status: 'pass' | 'fail' | 'skip';
+        error?: string;
+    }>;
+}
+/**
+ * Run a battery of tenant isolation tests.
+ * Creates resources as tenant A, then verifies tenant B cannot access them.
+ *
+ * @returns Detailed results including pass/fail counts and error messages.
+ */
+export declare function runIsolationTests(config: IsolationTestConfig): Promise<IsolationTestResult>;
+/**
+ * Quick assertion helper — use inside custom test functions.
+ * Throws with a descriptive message if the condition fails.
+ *
+ * @example
+ * ```ts
+ * await expectIsolated(res.status, 'Tenant B should not see this', 404)
+ * ```
+ */
+export declare function expectIsolated(actualStatus: number, description: string, expectedStatus?: number): void;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/testing/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/testing/index.ts"],"names":[],"mappings":"AA4BA,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAA;CACf;AAED,kCAAkC;AAClC,UAAU,WAAW;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,OAAO,CAAA;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAChC;AAED,2CAA2C;AAC3C,cAAM,SAAS;IACb,OAAO,CAAC,OAAO,CAAQ;IACvB,OAAO,CAAC,MAAM,CAAQ;gBAEV,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAKrC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC;IAwBjF,GAAG,CAAC,IAAI,EAAE,MAAM;IAChB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO;IACjC,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO;IAClC,GAAG,CAAC,IAAI,EAAE,MAAM;CACjB;AAID,MAAM,WAAW,eAAe;IAC9B,kBAAkB;IAClB,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAA;IAC3C;;;;OAIG;IACH,IAAI,EAAE,MAAM,GAAG,CAAC,CAAC,UAAU,EAAE,MAAM,KAAK,MAAM,CAAC,CAAA;CAChD;AAED,MAAM,WAAW,aAAa;IAC5B;;;;OAIG;IACH,IAAI,CAAC,EAAE,eAAe,EAAE,CAAA;IACxB;;;;OAIG;IACH,KAAK,CAAC,EAAE,eAAe,EAAE,CAAA;IACzB;;;OAGG;IACH,MAAM,CAAC,EAAE,eAAe,EAAE,CAAA;IAC1B;;;;OAIG;IACH,MAAM,CAAC,EAAE,eAAe,EAAE,CAAA;IAC1B;;;OAGG;IACH,MAAM,CAAC,EAAE,UAAU,EAAE,CAAA;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,EAAE,CAAC,OAAO,EAAE;QACb,SAAS,EAAE,SAAS,CAAA;QACpB,SAAS,EAAE,SAAS,CAAA;KACrB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,qCAAqC;IACrC,OAAO,EAAE,MAAM,CAAA;IACf,sDAAsD;IACtD,OAAO,EAAE,UAAU,CAAA;IACnB,qEAAqE;IACrE,OAAO,EAAE,UAAU,CAAA;IACnB,4BAA4B;IAC5B,KAAK,EAAE,aAAa,CAAA;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,OAAO,CAAA;IACf,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,KAAK,CAAC;QACd,IAAI,EAAE,MAAM,CAAA;QACZ,KAAK,EAAE,MAAM,CAAA;KACd,CAAC,CAAA;IACF,OAAO,EAAE,KAAK,CAAC;QACb,IAAI,EAAE,MAAM,CAAA;QACZ,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAA;QAChC,KAAK,CAAC,EAAE,MAAM,CAAA;KACf,CAAC,CAAA;CACH;AAYD;;;;;GAKG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CA6GjG;AAsBD;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAC5B,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,EACnB,cAAc,CAAC,EAAE,MAAM,GACtB,IAAI,CAaN"}

package/dist/testing/index.js ADDED Viewed

@@ -0,0 +1,198 @@
+// ──────────────────────────────────────────────────────
+// TenantScale Isolation Test Fixture
+// Verifies that one tenant cannot access another tenant's data.
+// Designed to run inside Vitest, Jest, or any test runner.
+// ──────────────────────────────────────────────────────
+//
+// Usage:
+//   import { runIsolationTests, expectIsolated } from '@tenantscale/sdk/testing'
+//
+//   it('enforces tenant isolation', async () => {
+//     const result = await runIsolationTests({
+//       baseUrl: 'http://localhost:3001',
+//       tenantA: { apiKey: 'tk_tenant_a_key' },
+//       tenantB: { apiKey: 'tk_tenant_b_key' },
+//       tests: {
+//         read: [
+//           { method: 'GET', path: (id) => `/v1/tenants/${id}` },
+//         ],
+//       },
+//     })
+//
+//     expect(result.passed).toBe(true)
+//     expect(result.failures).toHaveLength(0)
+//   })
+// ──────────────────────────────────────────────────────
+/** A generic API client used internally */
+class ApiClient {
+    baseUrl;
+    apiKey;
+    constructor(baseUrl, apiKey) {
+        this.baseUrl = baseUrl.replace(/\/+$/, '');
+        this.apiKey = apiKey;
+    }
+    async request(method, path, body) {
+        const url = `${this.baseUrl}${path}`;
+        const headers = {
+            Authorization: `Bearer ${this.apiKey}`,
+            'Content-Type': 'application/json',
+        };
+        const res = await fetch(url, {
+            method,
+            headers,
+            body: body !== undefined ? JSON.stringify(body) : undefined,
+        });
+        const contentType = res.headers.get('content-type') ?? '';
+        const data = contentType.includes('application/json')
+            ? await res.json()
+            : await res.text();
+        const responseHeaders = {};
+        res.headers.forEach((value, key) => { responseHeaders[key] = value; });
+        return { status: res.status, data, headers: responseHeaders };
+    }
+    get(path) { return this.request('GET', path); }
+    post(path, body) { return this.request('POST', path, body); }
+    patch(path, body) { return this.request('PATCH', path, body); }
+    del(path) { return this.request('DELETE', path); }
+}
+// ── Default expectations ──
+const DEFAULT_FORBIDDEN_STATUSES = [401, 403, 404];
+function isForbidden(status) {
+    return DEFAULT_FORBIDDEN_STATUSES.includes(status);
+}
+// ── Main runner ──
+/**
+ * Run a battery of tenant isolation tests.
+ * Creates resources as tenant A, then verifies tenant B cannot access them.
+ *
+ * @returns Detailed results including pass/fail counts and error messages.
+ */
+export async function runIsolationTests(config) {
+    const { baseUrl, tenantA, tenantB, tests } = config;
+    const apiA = new ApiClient(baseUrl, tenantA.apiKey);
+    const apiB = new ApiClient(baseUrl, tenantB.apiKey);
+    const details = [];
+    const failures = [];
+    let total = 0;
+    // ── Helper to run a single test ──
+    async function runTest(name, fn) {
+        total++;
+        try {
+            await fn();
+            details.push({ name, status: 'pass' });
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            failures.push({ name, error: msg });
+            details.push({ name, status: 'fail', error: msg });
+        }
+    }
+    // ── Read isolation tests ──
+    if (tests.read) {
+        for (const pattern of tests.read) {
+            await runTest(`read: ${pattern.method} ${typeof pattern.path === 'string' ? pattern.path : '(dynamic)'}`, async () => {
+                const resourceId = await createTempResource(apiA);
+                const path = typeof pattern.path === 'function' ? pattern.path(resourceId) : pattern.path;
+                const res = await apiB.request(pattern.method, path);
+                if (!isForbidden(res.status)) {
+                    throw new Error(`Expected 401/403/404 when tenant B reads tenant A's resource, got ${res.status}`);
+                }
+            });
+        }
+    }
+    // ── Write isolation tests ──
+    if (tests.write) {
+        for (const pattern of tests.write) {
+            await runTest(`write: ${pattern.method} ${typeof pattern.path === 'string' ? pattern.path : '(dynamic)'}`, async () => {
+                const resourceId = await createTempResource(apiA);
+                const path = typeof pattern.path === 'function' ? pattern.path(resourceId) : pattern.path;
+                const res = await apiB.request(pattern.method, path, { name: 'should-not-work' });
+                if (!isForbidden(res.status)) {
+                    throw new Error(`Expected 401/403/404 when tenant B updates tenant A's resource, got ${res.status}`);
+                }
+            });
+        }
+    }
+    // ── Delete isolation tests ──
+    if (tests.delete) {
+        for (const pattern of tests.delete) {
+            await runTest(`delete: ${pattern.method} ${typeof pattern.path === 'string' ? pattern.path : '(dynamic)'}`, async () => {
+                const resourceId = await createTempResource(apiA);
+                const path = typeof pattern.path === 'function' ? pattern.path(resourceId) : pattern.path;
+                const res = await apiB.request(pattern.method, path);
+                if (!isForbidden(res.status)) {
+                    throw new Error(`Expected 401/403/404 when tenant B deletes tenant A's resource, got ${res.status}`);
+                }
+            });
+        }
+    }
+    // ── Create isolation tests ──
+    if (tests.create) {
+        for (const pattern of tests.create) {
+            await runTest(`create: ${pattern.method} ${typeof pattern.path === 'string' ? pattern.path : '(dynamic)'}`, async () => {
+                const path = typeof pattern.path === 'function' ? pattern.path('') : pattern.path;
+                const res = await apiB.request(pattern.method, path, { name: 'should-be-blocked' });
+                if (!isForbidden(res.status)) {
+                    throw new Error(`Expected 401/403/404 when tenant B creates resources, got ${res.status}`);
+                }
+            });
+        }
+    }
+    // ── Custom tests ──
+    if (tests.custom) {
+        for (const test of tests.custom) {
+            await runTest(`custom: ${test.name}`, () => test.run({
+                asTenantA: apiA,
+                asTenantB: apiB,
+            }));
+        }
+    }
+    const passed = failures.length === 0;
+    return {
+        passed,
+        totalTests: total,
+        passedTests: total - failures.length,
+        failedTests: failures.length,
+        failures,
+        details,
+    };
+}
+// ── Helpers ──
+/**
+ * Create a temporary resource for isolation testing.
+ * This creates a tenant via the public API endpoint.
+ * Override this if your setup flow is different.
+ */
+async function createTempResource(api) {
+    const slug = `test-${Date.now()}-${Math.random().toString(36).slice(2, 6)}`;
+    const res = await api.post('/v1/tenants', {
+        name: `Test Tenant ${slug}`,
+        slug,
+    });
+    if (res.status >= 400) {
+        throw new Error(`Setup: Failed to create resource (${res.status}): ${JSON.stringify(res.data)}`);
+    }
+    const data = res.data;
+    return String(data.id ?? '');
+}
+/**
+ * Quick assertion helper — use inside custom test functions.
+ * Throws with a descriptive message if the condition fails.
+ *
+ * @example
+ * ```ts
+ * await expectIsolated(res.status, 'Tenant B should not see this', 404)
+ * ```
+ */
+export function expectIsolated(actualStatus, description, expectedStatus) {
+    const acceptable = DEFAULT_FORBIDDEN_STATUSES;
+    if (expectedStatus !== undefined) {
+        if (actualStatus !== expectedStatus) {
+            throw new Error(`${description}: expected ${expectedStatus}, got ${actualStatus}`);
+        }
+    }
+    else if (!acceptable.includes(actualStatus)) {
+        throw new Error(`${description}: expected one of [${acceptable.join(', ')}], got ${actualStatus}`);
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/testing/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/testing/index.ts"],"names":[],"mappings":"AAAA,yDAAyD;AACzD,qCAAqC;AACrC,gEAAgE;AAChE,2DAA2D;AAC3D,yDAAyD;AACzD,EAAE;AACF,SAAS;AACT,iFAAiF;AACjF,EAAE;AACF,kDAAkD;AAClD,+CAA+C;AAC/C,0CAA0C;AAC1C,gDAAgD;AAChD,gDAAgD;AAChD,iBAAiB;AACjB,kBAAkB;AAClB,kEAAkE;AAClE,aAAa;AACb,WAAW;AACX,SAAS;AACT,EAAE;AACF,uCAAuC;AACvC,8CAA8C;AAC9C,OAAO;AACP,yDAAyD;AAezD,2CAA2C;AAC3C,MAAM,SAAS;IACL,OAAO,CAAQ;IACf,MAAM,CAAQ;IAEtB,YAAY,OAAe,EAAE,MAAc;QACzC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;QAC1C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAc,EAAE,IAAY,EAAE,IAAc;QACxD,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAA;QACpC,MAAM,OAAO,GAA2B;YACtC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;YACtC,cAAc,EAAE,kBAAkB;SACnC,CAAA;QAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM;YACN,OAAO;YACP,IAAI,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;SAC5D,CAAC,CAAA;QAEF,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;QACzD,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YACnD,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE;YAClB,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;QAEpB,MAAM,eAAe,GAA2B,EAAE,CAAA;QAClD,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA,CAAC,CAAC,CAAC,CAAA;QAErE,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,CAAA;IAC/D,CAAC;IAED,GAAG,CAAC,IAAY,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA,CAAC,CAAC;IACtD,IAAI,CAAC,IAAY,EAAE,IAAc,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAY,EAAE,IAAc,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA,CAAC,CAAC;IAChF,GAAG,CAAC,IAAY,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA,CAAC,CAAC;CAC1D;AAiFD,6BAA6B;AAE7B,MAAM,0BAA0B,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;AAElD,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO,0BAA0B,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;AACpD,CAAC;AAED,oBAAoB;AAEpB;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAA2B;IACjE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,CAAA;IACnD,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;IACnD,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;IAEnD,MAAM,OAAO,GAAmC,EAAE,CAAA;IAClD,MAAM,QAAQ,GAAoC,EAAE,CAAA;IAEpD,IAAI,KAAK,GAAG,CAAC,CAAA;IAEb,oCAAoC;IACpC,KAAK,UAAU,OAAO,CACpB,IAAY,EACZ,EAAuB;QAEvB,KAAK,EAAE,CAAA;QACP,IAAI,CAAC;YACH,MAAM,EAAE,EAAE,CAAA;YACV,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC5D,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;YACnC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;QACpD,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QACf,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACjC,MAAM,OAAO,CAAC,SAAS,OAAO,CAAC,MAAM,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,KAAK,IAAI,EAAE;gBACnH,MAAM,UAAU,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAA;gBACjD,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAA;gBACzF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;gBACpD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,KAAK,CACb,qEAAqE,GAAG,CAAC,MAAM,EAAE,CAClF,CAAA;gBACH,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAClC,MAAM,OAAO,CAAC,UAAU,OAAO,CAAC,MAAM,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,KAAK,IAAI,EAAE;gBACpH,MAAM,UAAU,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAA;gBACjD,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAA;gBACzF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC,CAAA;gBACjF,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,KAAK,CACb,uEAAuE,GAAG,CAAC,MAAM,EAAE,CACpF,CAAA;gBACH,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACnC,MAAM,OAAO,CAAC,WAAW,OAAO,CAAC,MAAM,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,KAAK,IAAI,EAAE;gBACrH,MAAM,UAAU,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAA;gBACjD,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAA;gBACzF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;gBACpD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,KAAK,CACb,uEAAuE,GAAG,CAAC,MAAM,EAAE,CACpF,CAAA;gBACH,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACnC,MAAM,OAAO,CAAC,WAAW,OAAO,CAAC,MAAM,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,KAAK,IAAI,EAAE;gBACrH,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAA;gBACjF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC,CAAA;gBACnF,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,KAAK,CACb,6DAA6D,GAAG,CAAC,MAAM,EAAE,CAC1E,CAAA;gBACH,CAAC;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,OAAO,CAAC,WAAW,IAAI,CAAC,IAAI,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;gBACnD,SAAS,EAAE,IAAI;gBACf,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC,CAAA;QACL,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAA;IAEpC,OAAO;QACL,MAAM;QACN,UAAU,EAAE,KAAK;QACjB,WAAW,EAAE,KAAK,GAAG,QAAQ,CAAC,MAAM;QACpC,WAAW,EAAE,QAAQ,CAAC,MAAM;QAC5B,QAAQ;QACR,OAAO;KACR,CAAA;AACH,CAAC;AAED,gBAAgB;AAEhB;;;;GAIG;AACH,KAAK,UAAU,kBAAkB,CAAC,GAAc;IAC9C,MAAM,IAAI,GAAG,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAA;IAC3E,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE;QACxC,IAAI,EAAE,eAAe,IAAI,EAAE;QAC3B,IAAI;KACL,CAAC,CAAA;IACF,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,CAAC,MAAM,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAClG,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,IAA+B,CAAA;IAChD,OAAO,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;AAC9B,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAC5B,YAAoB,EACpB,WAAmB,EACnB,cAAuB;IAEvB,MAAM,UAAU,GAAG,0BAA0B,CAAA;IAC7C,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,YAAY,KAAK,cAAc,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CACb,GAAG,WAAW,cAAc,cAAc,SAAS,YAAY,EAAE,CAClE,CAAA;QACH,CAAC;IACH,CAAC;SAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,GAAG,WAAW,sBAAsB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,YAAY,EAAE,CAClF,CAAA;IACH,CAAC;AACH,CAAC"}