@tenxyte/core 0.1.5 → 0.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/README.md +444 -0
  2. package/dist/index.cjs +1881 -496
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.d.cts +2767 -1265
  5. package/dist/index.d.ts +2767 -1265
  6. package/dist/index.js +1830 -464
  7. package/dist/index.js.map +1 -1
  8. package/package.json +83 -67
  9. package/patched-schema.json +0 -11388
  10. package/src/client.ts +0 -21
  11. package/src/config.ts +0 -0
  12. package/src/http/client.ts +0 -162
  13. package/src/http/index.ts +0 -1
  14. package/src/http/interceptors.ts +0 -117
  15. package/src/index.ts +0 -7
  16. package/src/modules/ai.ts +0 -0
  17. package/src/modules/auth.ts +0 -95
  18. package/src/modules/b2b.ts +0 -0
  19. package/src/modules/rbac.ts +0 -160
  20. package/src/modules/security.ts +0 -122
  21. package/src/modules/user.ts +0 -80
  22. package/src/storage/cookie.ts +0 -39
  23. package/src/storage/index.ts +0 -29
  24. package/src/storage/localStorage.ts +0 -75
  25. package/src/storage/memory.ts +0 -30
  26. package/src/types/api-schema.d.ts +0 -6590
  27. package/src/types/index.ts +0 -150
  28. package/src/utils/device_info.ts +0 -94
  29. package/src/utils/events.ts +0 -71
  30. package/src/utils/jwt.ts +0 -51
  31. package/tests/http.test.ts +0 -144
  32. package/tests/modules/auth.test.ts +0 -93
  33. package/tests/modules/rbac.test.ts +0 -95
  34. package/tests/modules/security.test.ts +0 -75
  35. package/tests/modules/user.test.ts +0 -76
  36. package/tests/storage.test.ts +0 -96
  37. package/tests/utils.test.ts +0 -71
  38. package/tsconfig.json +0 -26
  39. package/tsup.config.ts +0 -10
  40. package/vitest.config.ts +0 -7
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/http/client.ts","../src/modules/auth.ts","../src/modules/security.ts","../src/utils/jwt.ts","../src/modules/rbac.ts","../src/modules/user.ts","../src/client.ts"],"sourcesContent":["export * from './client';\r\nexport * from './http/client';\r\nexport * from './modules/auth';\r\nexport * from './modules/security';\r\nexport * from './modules/rbac';\r\nexport * from './modules/user';\r\nexport * from './types';\r\n","import type { TenxyteError } from '../types';\r\n\r\nexport interface HttpClientOptions {\r\n baseUrl: string;\r\n timeoutMs?: number;\r\n headers?: Record<string, string>;\r\n}\r\n\r\nexport type RequestConfig = Omit<RequestInit, 'body' | 'headers'> & {\r\n body?: unknown;\r\n headers?: Record<string, string>;\r\n params?: Record<string, string | number | boolean>;\r\n};\r\n\r\n/**\r\n * Core HTTP Client underlying the SDK.\r\n * Handles JSON parsing, standard headers, simple request processing,\r\n * and normalizing errors into TenxyteError format.\r\n */\r\nexport class TenxyteHttpClient {\r\n private baseUrl: string;\r\n private defaultHeaders: Record<string, string>;\r\n\r\n // Interceptors\r\n private requestInterceptors: Array<(config: RequestConfig & { url: string }) => Promise<RequestConfig & { url: string }> | (RequestConfig & { url: string })> = [];\r\n private responseInterceptors: Array<(response: Response, request: { url: string; config: RequestConfig }) => Promise<Response> | Response> = [];\r\n\r\n constructor(options: HttpClientOptions) {\r\n this.baseUrl = options.baseUrl.replace(/\\/$/, ''); // Remove trailing slash\r\n this.defaultHeaders = {\r\n 'Content-Type': 'application/json',\r\n Accept: 'application/json',\r\n ...options.headers,\r\n };\r\n }\r\n\r\n // Interceptor Registration\r\n addRequestInterceptor(interceptor: typeof this.requestInterceptors[0]) {\r\n this.requestInterceptors.push(interceptor);\r\n }\r\n\r\n addResponseInterceptor(interceptor: typeof this.responseInterceptors[0]) {\r\n this.responseInterceptors.push(interceptor);\r\n }\r\n\r\n /**\r\n * Main request method wrapping fetch\r\n */\r\n async request<T>(endpoint: string, config: RequestConfig = {}): Promise<T> {\r\n const urlStr = endpoint.startsWith('http')\r\n ? endpoint\r\n : `${this.baseUrl}${endpoint.startsWith('/') ? '' : '/'}${endpoint}`;\r\n\r\n let urlObj = new URL(urlStr);\r\n\r\n if (config.params) {\r\n Object.entries(config.params).forEach(([key, value]) => {\r\n if (value !== undefined && value !== null) {\r\n urlObj.searchParams.append(key, String(value));\r\n }\r\n });\r\n }\r\n\r\n let requestContext: any = {\r\n url: urlObj.toString(),\r\n ...config,\r\n headers: { ...this.defaultHeaders, ...(config.headers || {}) } as Record<string, string>,\r\n };\r\n\r\n // Handle FormData implicitly for multipart requests\r\n if (typeof FormData !== 'undefined' && requestContext.body instanceof FormData) {\r\n const headers = requestContext.headers as Record<string, string>;\r\n // Explicitly remove Content-Type so fetch can auto-assign the multipart boundary\r\n delete headers['Content-Type'];\r\n delete headers['content-type'];\r\n } else if (requestContext.body && typeof requestContext.body === 'object') {\r\n const contentType = (requestContext.headers as Record<string, string>)['Content-Type'] || '';\r\n if (contentType.toLowerCase().includes('application/json')) {\r\n requestContext.body = JSON.stringify(requestContext.body);\r\n }\r\n }\r\n\r\n // Run Request Interceptors\r\n for (const interceptor of this.requestInterceptors) {\r\n requestContext = await interceptor(requestContext);\r\n }\r\n\r\n const { url, ...fetchConfig } = requestContext as any;\r\n\r\n try {\r\n let response = await fetch(url, fetchConfig as RequestInit);\r\n\r\n // Run Response Interceptors (e.g., token refresh logic)\r\n for (const interceptor of this.responseInterceptors) {\r\n response = await interceptor(response, { url, config: fetchConfig as RequestConfig });\r\n }\r\n\r\n if (!response.ok) {\r\n throw await this.normalizeError(response);\r\n }\r\n\r\n // Handle NoContent\r\n if (response.status === 204) {\r\n return {} as T;\r\n }\r\n\r\n const contentType = response.headers.get('content-type');\r\n if (contentType && contentType.includes('application/json')) {\r\n return (await response.json()) as T;\r\n }\r\n\r\n return (await response.text()) as unknown as T;\r\n } catch (error: any) {\r\n if (error && error.code) {\r\n throw error; // Already normalized\r\n }\r\n throw {\r\n error: error.message || 'Network request failed',\r\n code: 'NETWORK_ERROR' as unknown as import('../types').TenxyteErrorCode,\r\n details: String(error)\r\n } as TenxyteError;\r\n }\r\n }\r\n\r\n private async normalizeError(response: Response): Promise<TenxyteError> {\r\n try {\r\n const body = await response.json();\r\n return {\r\n error: body.error || body.detail || 'API request failed',\r\n code: body.code || `HTTP_${response.status}`,\r\n details: body.details || body,\r\n retry_after: response.headers.has('Retry-After') ? parseInt(response.headers.get('Retry-After')!, 10) : undefined,\r\n } as TenxyteError;\r\n } catch (e) {\r\n return {\r\n error: `HTTP Error ${response.status}: ${response.statusText}`,\r\n code: `HTTP_${response.status}` as unknown as import('../types').TenxyteErrorCode,\r\n } as TenxyteError;\r\n }\r\n }\r\n\r\n // Convenience methods\r\n get<T>(endpoint: string, config?: Omit<RequestConfig, 'method' | 'body'>) {\r\n return this.request<T>(endpoint, { ...config, method: 'GET' });\r\n }\r\n\r\n post<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>) {\r\n return this.request<T>(endpoint, { ...config, method: 'POST', body: data });\r\n }\r\n\r\n put<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>) {\r\n return this.request<T>(endpoint, { ...config, method: 'PUT', body: data });\r\n }\r\n\r\n patch<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>) {\r\n return this.request<T>(endpoint, { ...config, method: 'PATCH', body: data });\r\n }\r\n\r\n delete<T>(endpoint: string, config?: Omit<RequestConfig, 'method' | 'body'>) {\r\n return this.request<T>(endpoint, { ...config, method: 'DELETE' });\r\n }\r\n}\r\n","import { TenxyteHttpClient } from '../http/client';\r\nimport { TokenPair, GeneratedSchema } from '../types';\r\n\r\nexport interface LoginEmailOptions {\r\n totp_code?: string;\r\n}\r\n\r\nexport interface LoginPhoneOptions {\r\n totp_code?: string;\r\n}\r\n\r\nexport type RegisterRequest = any;\r\n\r\nexport interface MagicLinkRequest {\r\n email: string;\r\n}\r\n\r\nexport interface SocialLoginRequest {\r\n access_token?: string;\r\n authorization_code?: string;\r\n id_token?: string;\r\n}\r\n\r\nexport class AuthModule {\r\n constructor(private client: TenxyteHttpClient) { }\r\n\r\n /**\r\n * Authenticate user with email and password\r\n */\r\n async loginWithEmail(\r\n data: GeneratedSchema['LoginEmail'],\r\n ): Promise<TokenPair> {\r\n return this.client.post<TokenPair>('/api/v1/auth/login/email/', data);\r\n }\r\n\r\n /**\r\n * Authenticate user with international phone number and password\r\n */\r\n async loginWithPhone(\r\n data: GeneratedSchema['LoginPhone'],\r\n ): Promise<TokenPair> {\r\n return this.client.post<TokenPair>('/api/v1/auth/login/phone/', data);\r\n }\r\n\r\n /**\r\n * Register a new user\r\n */\r\n async register(data: RegisterRequest): Promise<any> {\r\n return this.client.post<any>('/api/v1/auth/register/', data);\r\n }\r\n\r\n /**\r\n * Logout from the current session\r\n */\r\n async logout(refreshToken: string): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/logout/', { refresh_token: refreshToken });\r\n }\r\n\r\n /**\r\n * Logout from all sessions (revokes all refresh tokens)\r\n */\r\n async logoutAll(): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/logout/all/');\r\n }\r\n\r\n /**\r\n * Request a magic link for sign-in\r\n */\r\n async requestMagicLink(data: MagicLinkRequest): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/magic-link/request/', data);\r\n }\r\n\r\n /**\r\n * Verify a magic link token\r\n */\r\n async verifyMagicLink(token: string): Promise<TokenPair> {\r\n return this.client.get<TokenPair>(`/api/v1/auth/magic-link/verify/`, { params: { token } });\r\n }\r\n\r\n /**\r\n * Perform OAuth2 Social Authentication (e.g. Google, GitHub)\r\n */\r\n async loginWithSocial(provider: 'google' | 'github' | 'microsoft' | 'facebook', data: SocialLoginRequest): Promise<TokenPair> {\r\n return this.client.post<TokenPair>(`/api/v1/auth/social/${provider}/`, data);\r\n }\r\n\r\n /**\r\n * Handle Social Auth Callback (authorization code flow)\r\n */\r\n async handleSocialCallback(provider: 'google' | 'github' | 'microsoft' | 'facebook', code: string, redirectUri: string): Promise<TokenPair> {\r\n return this.client.get<TokenPair>(`/api/v1/auth/social/${provider}/callback/`, {\r\n params: { code, redirect_uri: redirectUri },\r\n });\r\n }\r\n}\r\n","import { TenxyteHttpClient } from '../http/client';\r\nimport { TokenPair } from '../types';\r\n\r\nexport interface OtpRequestParams {\r\n email?: string;\r\n phone_country_code?: string;\r\n phone_number?: string;\r\n type: 'email_verification' | 'phone_verification' | 'password_reset';\r\n}\r\n\r\nexport interface VerifyOtpEmailParams {\r\n email: string;\r\n code: string;\r\n}\r\n\r\nexport interface VerifyOtpPhoneParams {\r\n phone_country_code: string;\r\n phone_number: string;\r\n code: string;\r\n}\r\n\r\nexport interface Setup2FAResponse {\r\n qr_code_url: string;\r\n secret: string;\r\n backup_codes: string[];\r\n}\r\n\r\nexport interface WebAuthnRegisterBeginResponse {\r\n publicKey: any; // CredentialCreationOptions\r\n}\r\n\r\nexport interface WebAuthnAuthenticateBeginResponse {\r\n publicKey: any; // CredentialRequestOptions\r\n}\r\n\r\nexport class SecurityModule {\r\n constructor(private client: TenxyteHttpClient) { }\r\n\r\n // --- OTP Verification --- //\r\n\r\n async requestOtp(data: OtpRequestParams): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/otp/request/', data);\r\n }\r\n\r\n async verifyOtpEmail(data: VerifyOtpEmailParams): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/otp/verify/email/', data);\r\n }\r\n\r\n async verifyOtpPhone(data: VerifyOtpPhoneParams): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/otp/verify/phone/', data);\r\n }\r\n\r\n // --- TOTP / 2FA --- //\r\n\r\n async get2FAStatus(): Promise<{ is_enabled: boolean; backup_codes_remaining: number }> {\r\n return this.client.get('/api/v1/auth/2fa/status/');\r\n }\r\n\r\n async setup2FA(): Promise<Setup2FAResponse> {\r\n return this.client.post<Setup2FAResponse>('/api/v1/auth/2fa/setup/');\r\n }\r\n\r\n async confirm2FA(totp_code: string): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/2fa/confirm/', { totp_code });\r\n }\r\n\r\n async disable2FA(totp_code: string, password?: string): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/2fa/disable/', { totp_code, password });\r\n }\r\n\r\n async regenerateBackupCodes(totp_code: string): Promise<{ backup_codes: string[] }> {\r\n return this.client.post('/api/v1/auth/2fa/backup-codes/', { totp_code });\r\n }\r\n\r\n // --- Password Management --- //\r\n\r\n async resetPasswordRequest(data: { email?: string; phone_country_code?: string; phone_number?: string }): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/password/reset/request/', data);\r\n }\r\n\r\n async resetPasswordConfirm(data: { otp_code: string; new_password: string; email?: string; phone_country_code?: string; phone_number?: string }): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/password/reset/confirm/', data);\r\n }\r\n\r\n async changePassword(data: { current_password: string; new_password: string }): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/password/change/', data);\r\n }\r\n\r\n async checkPasswordStrength(data: { password: string; email?: string }): Promise<{ score: number; feedback: string[] }> {\r\n return this.client.post('/api/v1/auth/password/strength/', data);\r\n }\r\n\r\n async getPasswordRequirements(): Promise<any> {\r\n return this.client.get('/api/v1/auth/password/requirements/');\r\n }\r\n\r\n // --- WebAuthn / Passkeys --- //\r\n\r\n async registerWebAuthnBegin(): Promise<WebAuthnRegisterBeginResponse> {\r\n return this.client.post<WebAuthnRegisterBeginResponse>('/api/v1/auth/webauthn/register/begin/');\r\n }\r\n\r\n async registerWebAuthnComplete(data: any): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/webauthn/register/complete/', data);\r\n }\r\n\r\n async authenticateWebAuthnBegin(data?: { email?: string }): Promise<WebAuthnAuthenticateBeginResponse> {\r\n return this.client.post<WebAuthnAuthenticateBeginResponse>('/api/v1/auth/webauthn/authenticate/begin/', data || {});\r\n }\r\n\r\n async authenticateWebAuthnComplete(data: any): Promise<TokenPair> {\r\n return this.client.post<TokenPair>('/api/v1/auth/webauthn/authenticate/complete/', data);\r\n }\r\n\r\n async listWebAuthnCredentials(): Promise<any[]> {\r\n return this.client.get<any[]>('/api/v1/auth/webauthn/credentials/');\r\n }\r\n\r\n async deleteWebAuthnCredential(credentialId: string): Promise<void> {\r\n return this.client.delete<void>(`/api/v1/auth/webauthn/credentials/${credentialId}/`);\r\n }\r\n}\r\n","export interface DecodedTenxyteToken {\r\n exp?: number;\r\n iat?: number;\r\n sub?: string;\r\n roles?: string[];\r\n permissions?: string[];\r\n [key: string]: any;\r\n}\r\n\r\n/**\r\n * Decodes the payload of a JWT without verifying the signature.\r\n * Suitable for client-side routing and UI state.\r\n */\r\nexport function decodeJwt(token: string): DecodedTenxyteToken | null {\r\n try {\r\n const parts = token.split('.');\r\n if (parts.length !== 3) {\r\n return null;\r\n }\r\n\r\n let base64Url = parts[1];\r\n if (!base64Url) return null;\r\n\r\n let base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');\r\n\r\n // Pad with standard base64 padding\r\n while (base64.length % 4) {\r\n base64 += '=';\r\n }\r\n\r\n const isBrowser = typeof window !== 'undefined' && typeof window.atob === 'function';\r\n let jsonPayload: string;\r\n\r\n if (isBrowser) {\r\n // Browser decode\r\n jsonPayload = decodeURIComponent(\r\n window.atob(base64)\r\n .split('')\r\n .map((c) => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2))\r\n .join('')\r\n );\r\n } else {\r\n // Node.js decode\r\n jsonPayload = Buffer.from(base64, 'base64').toString('utf8');\r\n }\r\n\r\n return JSON.parse(jsonPayload);\r\n } catch (e) {\r\n return null;\r\n }\r\n}\r\n","import { TenxyteHttpClient } from '../http/client';\r\nimport { decodeJwt, DecodedTenxyteToken } from '../utils/jwt';\r\n\r\nexport interface Role {\r\n id: string;\r\n name: string;\r\n description?: string;\r\n is_default?: boolean;\r\n permissions?: string[];\r\n}\r\n\r\nexport interface Permission {\r\n id: string;\r\n code: string;\r\n name: string;\r\n description?: string;\r\n}\r\n\r\nexport class RbacModule {\r\n private cachedToken: string | null = null;\r\n\r\n constructor(private client: TenxyteHttpClient) { }\r\n\r\n /**\r\n * Cache a token to use for parameter-less synchronous checks.\r\n */\r\n setToken(token: string | null) {\r\n this.cachedToken = token;\r\n }\r\n\r\n private getDecodedToken(token?: string): DecodedTenxyteToken | null {\r\n const t = token || this.cachedToken;\r\n if (!t) return null;\r\n return decodeJwt(t);\r\n }\r\n\r\n // --- Synchronous Checks --- //\r\n\r\n hasRole(role: string, token?: string): boolean {\r\n const decoded = this.getDecodedToken(token);\r\n if (!decoded?.roles) return false;\r\n return decoded.roles.includes(role);\r\n }\r\n\r\n hasAnyRole(roles: string[], token?: string): boolean {\r\n const decoded = this.getDecodedToken(token);\r\n if (!decoded?.roles) return false;\r\n return roles.some(r => decoded.roles!.includes(r));\r\n }\r\n\r\n hasAllRoles(roles: string[], token?: string): boolean {\r\n const decoded = this.getDecodedToken(token);\r\n if (!decoded?.roles) return false;\r\n return roles.every(r => decoded.roles!.includes(r));\r\n }\r\n\r\n hasPermission(permission: string, token?: string): boolean {\r\n const decoded = this.getDecodedToken(token);\r\n if (!decoded?.permissions) return false;\r\n // Check exact match or wildcard, assuming backend handles wildcard expansion in JWT\r\n return decoded.permissions.includes(permission);\r\n }\r\n\r\n hasAnyPermission(permissions: string[], token?: string): boolean {\r\n const decoded = this.getDecodedToken(token);\r\n if (!decoded?.permissions) return false;\r\n return permissions.some(p => decoded.permissions!.includes(p));\r\n }\r\n\r\n hasAllPermissions(permissions: string[], token?: string): boolean {\r\n const decoded = this.getDecodedToken(token);\r\n if (!decoded?.permissions) return false;\r\n return permissions.every(p => decoded.permissions!.includes(p));\r\n }\r\n\r\n // --- Roles CRUD --- //\r\n\r\n async listRoles(): Promise<Role[]> {\r\n return this.client.get<Role[]>('/api/v1/auth/roles/');\r\n }\r\n\r\n async createRole(data: { name: string; description?: string; permission_codes?: string[]; is_default?: boolean }): Promise<Role> {\r\n return this.client.post<Role>('/api/v1/auth/roles/', data);\r\n }\r\n\r\n async getRole(roleId: string): Promise<Role> {\r\n return this.client.get<Role>(`/api/v1/auth/roles/${roleId}/`);\r\n }\r\n\r\n async updateRole(roleId: string, data: { name?: string; description?: string; permission_codes?: string[]; is_default?: boolean }): Promise<Role> {\r\n return this.client.put<Role>(`/api/v1/auth/roles/${roleId}/`, data);\r\n }\r\n\r\n async deleteRole(roleId: string): Promise<void> {\r\n return this.client.delete<void>(`/api/v1/auth/roles/${roleId}/`);\r\n }\r\n\r\n // --- Role Permissions Management --- //\r\n\r\n async getRolePermissions(roleId: string): Promise<Permission[]> {\r\n return this.client.get<Permission[]>(`/api/v1/auth/roles/${roleId}/permissions/`);\r\n }\r\n\r\n async addPermissionsToRole(roleId: string, permission_codes: string[]): Promise<void> {\r\n return this.client.post<void>(`/api/v1/auth/roles/${roleId}/permissions/`, { permission_codes });\r\n }\r\n\r\n async removePermissionsFromRole(roleId: string, permission_codes: string[]): Promise<void> {\r\n return this.client.delete<void>(`/api/v1/auth/roles/${roleId}/permissions/`, {\r\n // Note: DELETE request with body is supported via our fetch wrapper if enabled,\r\n // or we might need to rely on query strings. The schema specifies body or query.\r\n // Let's pass it in body via a custom config or URL params.\r\n body: { permission_codes }\r\n } as any);\r\n }\r\n\r\n // --- Permissions CRUD --- //\r\n\r\n async listPermissions(): Promise<Permission[]> {\r\n return this.client.get<Permission[]>('/api/v1/auth/permissions/');\r\n }\r\n\r\n async createPermission(data: { code: string; name: string; description?: string; parent_code?: string }): Promise<Permission> {\r\n return this.client.post<Permission>('/api/v1/auth/permissions/', data);\r\n }\r\n\r\n async getPermission(permissionId: string): Promise<Permission> {\r\n return this.client.get<Permission>(`/api/v1/auth/permissions/${permissionId}/`);\r\n }\r\n\r\n async updatePermission(permissionId: string, data: { name?: string; description?: string }): Promise<Permission> {\r\n return this.client.put<Permission>(`/api/v1/auth/permissions/${permissionId}/`, data);\r\n }\r\n\r\n async deletePermission(permissionId: string): Promise<void> {\r\n return this.client.delete<void>(`/api/v1/auth/permissions/${permissionId}/`);\r\n }\r\n\r\n // --- Direct Assignment (Users) --- //\r\n\r\n async assignRoleToUser(userId: string, roleCode: string): Promise<void> {\r\n return this.client.post<void>(`/api/v1/auth/users/${userId}/roles/`, { role_code: roleCode });\r\n }\r\n\r\n async removeRoleFromUser(userId: string, roleCode: string): Promise<void> {\r\n return this.client.delete<void>(`/api/v1/auth/users/${userId}/roles/`, {\r\n params: { role_code: roleCode }\r\n });\r\n }\r\n\r\n async assignPermissionsToUser(userId: string, permissionCodes: string[]): Promise<void> {\r\n return this.client.post<void>(`/api/v1/auth/users/${userId}/permissions/`, { permission_codes: permissionCodes });\r\n }\r\n\r\n async removePermissionsFromUser(userId: string, permissionCodes: string[]): Promise<void> {\r\n return this.client.delete<void>(`/api/v1/auth/users/${userId}/permissions/`, {\r\n body: { permission_codes: permissionCodes }\r\n } as any);\r\n }\r\n}\r\n","import { TenxyteHttpClient } from '../http/client';\r\n\r\nexport interface UpdateProfileParams {\r\n first_name?: string;\r\n last_name?: string;\r\n [key: string]: any; // Allow custom metadata updates\r\n}\r\n\r\nexport interface AdminUpdateUserParams {\r\n first_name?: string;\r\n last_name?: string;\r\n is_active?: boolean;\r\n is_locked?: boolean;\r\n max_sessions?: number;\r\n max_devices?: number;\r\n}\r\n\r\nexport class UserModule {\r\n constructor(private client: TenxyteHttpClient) { }\r\n\r\n // --- Standard Profile Actions --- //\r\n\r\n async getProfile(): Promise<any> {\r\n return this.client.get('/api/v1/auth/me/');\r\n }\r\n\r\n async updateProfile(data: UpdateProfileParams): Promise<any> {\r\n return this.client.patch('/api/v1/auth/me/', data);\r\n }\r\n\r\n /**\r\n * Upload an avatar using FormData.\r\n * Ensure the environment supports FormData (browser or Node.js v18+).\r\n * @param formData The FormData object containing the 'avatar' field.\r\n */\r\n async uploadAvatar(formData: FormData): Promise<any> {\r\n return this.client.patch('/api/v1/auth/me/', formData);\r\n }\r\n\r\n async deleteAccount(password: string, otpCode?: string): Promise<void> {\r\n return this.client.post<void>('/api/v1/auth/request-account-deletion/', {\r\n password,\r\n otp_code: otpCode\r\n });\r\n }\r\n\r\n // --- Admin Actions Mapping --- //\r\n\r\n async listUsers(params?: Record<string, any>): Promise<any[]> {\r\n return this.client.get<any[]>('/api/v1/auth/admin/users/', { params });\r\n }\r\n\r\n async getUser(userId: string): Promise<any> {\r\n return this.client.get(`/api/v1/auth/admin/users/${userId}/`);\r\n }\r\n\r\n async adminUpdateUser(userId: string, data: AdminUpdateUserParams): Promise<any> {\r\n return this.client.patch(`/api/v1/auth/admin/users/${userId}/`, data);\r\n }\r\n\r\n async adminDeleteUser(userId: string): Promise<void> {\r\n return this.client.delete<void>(`/api/v1/auth/admin/users/${userId}/`);\r\n }\r\n\r\n async banUser(userId: string, reason: string = ''): Promise<void> {\r\n return this.client.post<void>(`/api/v1/auth/admin/users/${userId}/ban/`, { reason });\r\n }\r\n\r\n async unbanUser(userId: string): Promise<void> {\r\n return this.client.post<void>(`/api/v1/auth/admin/users/${userId}/unban/`);\r\n }\r\n\r\n async lockUser(userId: string, durationMinutes: number = 30, reason: string = ''): Promise<void> {\r\n return this.client.post<void>(`/api/v1/auth/admin/users/${userId}/lock/`, { duration_minutes: durationMinutes, reason });\r\n }\r\n\r\n async unlockUser(userId: string): Promise<void> {\r\n return this.client.post<void>(`/api/v1/auth/admin/users/${userId}/unlock/`);\r\n }\r\n}\r\n","import { TenxyteHttpClient, HttpClientOptions } from './http/client';\r\nimport { AuthModule } from './modules/auth';\r\nimport { SecurityModule } from './modules/security';\r\nimport { RbacModule } from './modules/rbac';\r\nimport { UserModule } from './modules/user';\r\n\r\nexport class TenxyteClient {\r\n public http: TenxyteHttpClient;\r\n public auth: AuthModule;\r\n public security: SecurityModule;\r\n public rbac: RbacModule;\r\n public user: UserModule;\r\n\r\n constructor(options: HttpClientOptions) {\r\n this.http = new TenxyteHttpClient(options);\r\n this.auth = new AuthModule(this.http);\r\n this.security = new SecurityModule(this.http);\r\n this.rbac = new RbacModule(this.http);\r\n this.user = new UserModule(this.http);\r\n }\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACmBO,IAAM,oBAAN,MAAwB;AAAA,EACnB;AAAA,EACA;AAAA;AAAA,EAGA,sBAAwJ,CAAC;AAAA,EACzJ,uBAAqI,CAAC;AAAA,EAE9I,YAAY,SAA4B;AACpC,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,iBAAiB;AAAA,MAClB,gBAAgB;AAAA,MAChB,QAAQ;AAAA,MACR,GAAG,QAAQ;AAAA,IACf;AAAA,EACJ;AAAA;AAAA,EAGA,sBAAsB,aAAiD;AACnE,SAAK,oBAAoB,KAAK,WAAW;AAAA,EAC7C;AAAA,EAEA,uBAAuB,aAAkD;AACrE,SAAK,qBAAqB,KAAK,WAAW;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAW,UAAkB,SAAwB,CAAC,GAAe;AACvE,UAAM,SAAS,SAAS,WAAW,MAAM,IACnC,WACA,GAAG,KAAK,OAAO,GAAG,SAAS,WAAW,GAAG,IAAI,KAAK,GAAG,GAAG,QAAQ;AAEtE,QAAI,SAAS,IAAI,IAAI,MAAM;AAE3B,QAAI,OAAO,QAAQ;AACf,aAAO,QAAQ,OAAO,MAAM,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACpD,YAAI,UAAU,UAAa,UAAU,MAAM;AACvC,iBAAO,aAAa,OAAO,KAAK,OAAO,KAAK,CAAC;AAAA,QACjD;AAAA,MACJ,CAAC;AAAA,IACL;AAEA,QAAI,iBAAsB;AAAA,MACtB,KAAK,OAAO,SAAS;AAAA,MACrB,GAAG;AAAA,MACH,SAAS,EAAE,GAAG,KAAK,gBAAgB,GAAI,OAAO,WAAW,CAAC,EAAG;AAAA,IACjE;AAGA,QAAI,OAAO,aAAa,eAAe,eAAe,gBAAgB,UAAU;AAC5E,YAAM,UAAU,eAAe;AAE/B,aAAO,QAAQ,cAAc;AAC7B,aAAO,QAAQ,cAAc;AAAA,IACjC,WAAW,eAAe,QAAQ,OAAO,eAAe,SAAS,UAAU;AACvE,YAAM,cAAe,eAAe,QAAmC,cAAc,KAAK;AAC1F,UAAI,YAAY,YAAY,EAAE,SAAS,kBAAkB,GAAG;AACxD,uBAAe,OAAO,KAAK,UAAU,eAAe,IAAI;AAAA,MAC5D;AAAA,IACJ;AAGA,eAAW,eAAe,KAAK,qBAAqB;AAChD,uBAAiB,MAAM,YAAY,cAAc;AAAA,IACrD;AAEA,UAAM,EAAE,KAAK,GAAG,YAAY,IAAI;AAEhC,QAAI;AACA,UAAI,WAAW,MAAM,MAAM,KAAK,WAA0B;AAG1D,iBAAW,eAAe,KAAK,sBAAsB;AACjD,mBAAW,MAAM,YAAY,UAAU,EAAE,KAAK,QAAQ,YAA6B,CAAC;AAAA,MACxF;AAEA,UAAI,CAAC,SAAS,IAAI;AACd,cAAM,MAAM,KAAK,eAAe,QAAQ;AAAA,MAC5C;AAGA,UAAI,SAAS,WAAW,KAAK;AACzB,eAAO,CAAC;AAAA,MACZ;AAEA,YAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;AACvD,UAAI,eAAe,YAAY,SAAS,kBAAkB,GAAG;AACzD,eAAQ,MAAM,SAAS,KAAK;AAAA,MAChC;AAEA,aAAQ,MAAM,SAAS,KAAK;AAAA,IAChC,SAAS,OAAY;AACjB,UAAI,SAAS,MAAM,MAAM;AACrB,cAAM;AAAA,MACV;AACA,YAAM;AAAA,QACF,OAAO,MAAM,WAAW;AAAA,QACxB,MAAM;AAAA,QACN,SAAS,OAAO,KAAK;AAAA,MACzB;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,MAAc,eAAe,UAA2C;AACpE,QAAI;AACA,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,aAAO;AAAA,QACH,OAAO,KAAK,SAAS,KAAK,UAAU;AAAA,QACpC,MAAM,KAAK,QAAQ,QAAQ,SAAS,MAAM;AAAA,QAC1C,SAAS,KAAK,WAAW;AAAA,QACzB,aAAa,SAAS,QAAQ,IAAI,aAAa,IAAI,SAAS,SAAS,QAAQ,IAAI,aAAa,GAAI,EAAE,IAAI;AAAA,MAC5G;AAAA,IACJ,SAAS,GAAG;AACR,aAAO;AAAA,QACH,OAAO,cAAc,SAAS,MAAM,KAAK,SAAS,UAAU;AAAA,QAC5D,MAAM,QAAQ,SAAS,MAAM;AAAA,MACjC;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA,EAGA,IAAO,UAAkB,QAAiD;AACtE,WAAO,KAAK,QAAW,UAAU,EAAE,GAAG,QAAQ,QAAQ,MAAM,CAAC;AAAA,EACjE;AAAA,EAEA,KAAQ,UAAkB,MAAgB,QAAiD;AACvF,WAAO,KAAK,QAAW,UAAU,EAAE,GAAG,QAAQ,QAAQ,QAAQ,MAAM,KAAK,CAAC;AAAA,EAC9E;AAAA,EAEA,IAAO,UAAkB,MAAgB,QAAiD;AACtF,WAAO,KAAK,QAAW,UAAU,EAAE,GAAG,QAAQ,QAAQ,OAAO,MAAM,KAAK,CAAC;AAAA,EAC7E;AAAA,EAEA,MAAS,UAAkB,MAAgB,QAAiD;AACxF,WAAO,KAAK,QAAW,UAAU,EAAE,GAAG,QAAQ,QAAQ,SAAS,MAAM,KAAK,CAAC;AAAA,EAC/E;AAAA,EAEA,OAAU,UAAkB,QAAiD;AACzE,WAAO,KAAK,QAAW,UAAU,EAAE,GAAG,QAAQ,QAAQ,SAAS,CAAC;AAAA,EACpE;AACJ;;;AC1IO,IAAM,aAAN,MAAiB;AAAA,EACpB,YAAoB,QAA2B;AAA3B;AAAA,EAA6B;AAAA;AAAA;AAAA;AAAA,EAKjD,MAAM,eACF,MACkB;AAClB,WAAO,KAAK,OAAO,KAAgB,6BAA6B,IAAI;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eACF,MACkB;AAClB,WAAO,KAAK,OAAO,KAAgB,6BAA6B,IAAI;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAS,MAAqC;AAChD,WAAO,KAAK,OAAO,KAAU,0BAA0B,IAAI;AAAA,EAC/D;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,cAAqC;AAC9C,WAAO,KAAK,OAAO,KAAW,wBAAwB,EAAE,eAAe,aAAa,CAAC;AAAA,EACzF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAA2B;AAC7B,WAAO,KAAK,OAAO,KAAW,0BAA0B;AAAA,EAC5D;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,MAAuC;AAC1D,WAAO,KAAK,OAAO,KAAW,oCAAoC,IAAI;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,OAAmC;AACrD,WAAO,KAAK,OAAO,IAAe,mCAAmC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AAAA,EAC9F;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,UAA0D,MAA8C;AAC1H,WAAO,KAAK,OAAO,KAAgB,uBAAuB,QAAQ,KAAK,IAAI;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,qBAAqB,UAA0D,MAAc,aAAyC;AACxI,WAAO,KAAK,OAAO,IAAe,uBAAuB,QAAQ,cAAc;AAAA,MAC3E,QAAQ,EAAE,MAAM,cAAc,YAAY;AAAA,IAC9C,CAAC;AAAA,EACL;AACJ;;;AC3DO,IAAM,iBAAN,MAAqB;AAAA,EACxB,YAAoB,QAA2B;AAA3B;AAAA,EAA6B;AAAA;AAAA,EAIjD,MAAM,WAAW,MAAuC;AACpD,WAAO,KAAK,OAAO,KAAW,6BAA6B,IAAI;AAAA,EACnE;AAAA,EAEA,MAAM,eAAe,MAA2C;AAC5D,WAAO,KAAK,OAAO,KAAW,kCAAkC,IAAI;AAAA,EACxE;AAAA,EAEA,MAAM,eAAe,MAA2C;AAC5D,WAAO,KAAK,OAAO,KAAW,kCAAkC,IAAI;AAAA,EACxE;AAAA;AAAA,EAIA,MAAM,eAAiF;AACnF,WAAO,KAAK,OAAO,IAAI,0BAA0B;AAAA,EACrD;AAAA,EAEA,MAAM,WAAsC;AACxC,WAAO,KAAK,OAAO,KAAuB,yBAAyB;AAAA,EACvE;AAAA,EAEA,MAAM,WAAW,WAAkC;AAC/C,WAAO,KAAK,OAAO,KAAW,6BAA6B,EAAE,UAAU,CAAC;AAAA,EAC5E;AAAA,EAEA,MAAM,WAAW,WAAmB,UAAkC;AAClE,WAAO,KAAK,OAAO,KAAW,6BAA6B,EAAE,WAAW,SAAS,CAAC;AAAA,EACtF;AAAA,EAEA,MAAM,sBAAsB,WAAwD;AAChF,WAAO,KAAK,OAAO,KAAK,kCAAkC,EAAE,UAAU,CAAC;AAAA,EAC3E;AAAA;AAAA,EAIA,MAAM,qBAAqB,MAA6F;AACpH,WAAO,KAAK,OAAO,KAAW,wCAAwC,IAAI;AAAA,EAC9E;AAAA,EAEA,MAAM,qBAAqB,MAAqI;AAC5J,WAAO,KAAK,OAAO,KAAW,wCAAwC,IAAI;AAAA,EAC9E;AAAA,EAEA,MAAM,eAAe,MAAyE;AAC1F,WAAO,KAAK,OAAO,KAAW,iCAAiC,IAAI;AAAA,EACvE;AAAA,EAEA,MAAM,sBAAsB,MAA4F;AACpH,WAAO,KAAK,OAAO,KAAK,mCAAmC,IAAI;AAAA,EACnE;AAAA,EAEA,MAAM,0BAAwC;AAC1C,WAAO,KAAK,OAAO,IAAI,qCAAqC;AAAA,EAChE;AAAA;AAAA,EAIA,MAAM,wBAAgE;AAClE,WAAO,KAAK,OAAO,KAAoC,uCAAuC;AAAA,EAClG;AAAA,EAEA,MAAM,yBAAyB,MAA0B;AACrD,WAAO,KAAK,OAAO,KAAW,4CAA4C,IAAI;AAAA,EAClF;AAAA,EAEA,MAAM,0BAA0B,MAAuE;AACnG,WAAO,KAAK,OAAO,KAAwC,6CAA6C,QAAQ,CAAC,CAAC;AAAA,EACtH;AAAA,EAEA,MAAM,6BAA6B,MAA+B;AAC9D,WAAO,KAAK,OAAO,KAAgB,gDAAgD,IAAI;AAAA,EAC3F;AAAA,EAEA,MAAM,0BAA0C;AAC5C,WAAO,KAAK,OAAO,IAAW,oCAAoC;AAAA,EACtE;AAAA,EAEA,MAAM,yBAAyB,cAAqC;AAChE,WAAO,KAAK,OAAO,OAAa,qCAAqC,YAAY,GAAG;AAAA,EACxF;AACJ;;;AC5GO,SAAS,UAAU,OAA2C;AACjE,MAAI;AACA,UAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,QAAI,MAAM,WAAW,GAAG;AACpB,aAAO;AAAA,IACX;AAEA,QAAI,YAAY,MAAM,CAAC;AACvB,QAAI,CAAC,UAAW,QAAO;AAEvB,QAAI,SAAS,UAAU,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AAG3D,WAAO,OAAO,SAAS,GAAG;AACtB,gBAAU;AAAA,IACd;AAEA,UAAM,YAAY,OAAO,WAAW,eAAe,OAAO,OAAO,SAAS;AAC1E,QAAI;AAEJ,QAAI,WAAW;AAEX,oBAAc;AAAA,QACV,OAAO,KAAK,MAAM,EACb,MAAM,EAAE,EACR,IAAI,CAAC,MAAM,OAAO,OAAO,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE,CAAC,EAChE,KAAK,EAAE;AAAA,MAChB;AAAA,IACJ,OAAO;AAEH,oBAAc,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,MAAM;AAAA,IAC/D;AAEA,WAAO,KAAK,MAAM,WAAW;AAAA,EACjC,SAAS,GAAG;AACR,WAAO;AAAA,EACX;AACJ;;;AChCO,IAAM,aAAN,MAAiB;AAAA,EAGpB,YAAoB,QAA2B;AAA3B;AAAA,EAA6B;AAAA,EAFzC,cAA6B;AAAA;AAAA;AAAA;AAAA,EAOrC,SAAS,OAAsB;AAC3B,SAAK,cAAc;AAAA,EACvB;AAAA,EAEQ,gBAAgB,OAA4C;AAChE,UAAM,IAAI,SAAS,KAAK;AACxB,QAAI,CAAC,EAAG,QAAO;AACf,WAAO,UAAU,CAAC;AAAA,EACtB;AAAA;AAAA,EAIA,QAAQ,MAAc,OAAyB;AAC3C,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,MAAO,QAAO;AAC5B,WAAO,QAAQ,MAAM,SAAS,IAAI;AAAA,EACtC;AAAA,EAEA,WAAW,OAAiB,OAAyB;AACjD,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,MAAO,QAAO;AAC5B,WAAO,MAAM,KAAK,OAAK,QAAQ,MAAO,SAAS,CAAC,CAAC;AAAA,EACrD;AAAA,EAEA,YAAY,OAAiB,OAAyB;AAClD,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,MAAO,QAAO;AAC5B,WAAO,MAAM,MAAM,OAAK,QAAQ,MAAO,SAAS,CAAC,CAAC;AAAA,EACtD;AAAA,EAEA,cAAc,YAAoB,OAAyB;AACvD,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,YAAa,QAAO;AAElC,WAAO,QAAQ,YAAY,SAAS,UAAU;AAAA,EAClD;AAAA,EAEA,iBAAiB,aAAuB,OAAyB;AAC7D,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,YAAa,QAAO;AAClC,WAAO,YAAY,KAAK,OAAK,QAAQ,YAAa,SAAS,CAAC,CAAC;AAAA,EACjE;AAAA,EAEA,kBAAkB,aAAuB,OAAyB;AAC9D,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,YAAa,QAAO;AAClC,WAAO,YAAY,MAAM,OAAK,QAAQ,YAAa,SAAS,CAAC,CAAC;AAAA,EAClE;AAAA;AAAA,EAIA,MAAM,YAA6B;AAC/B,WAAO,KAAK,OAAO,IAAY,qBAAqB;AAAA,EACxD;AAAA,EAEA,MAAM,WAAW,MAAgH;AAC7H,WAAO,KAAK,OAAO,KAAW,uBAAuB,IAAI;AAAA,EAC7D;AAAA,EAEA,MAAM,QAAQ,QAA+B;AACzC,WAAO,KAAK,OAAO,IAAU,sBAAsB,MAAM,GAAG;AAAA,EAChE;AAAA,EAEA,MAAM,WAAW,QAAgB,MAAiH;AAC9I,WAAO,KAAK,OAAO,IAAU,sBAAsB,MAAM,KAAK,IAAI;AAAA,EACtE;AAAA,EAEA,MAAM,WAAW,QAA+B;AAC5C,WAAO,KAAK,OAAO,OAAa,sBAAsB,MAAM,GAAG;AAAA,EACnE;AAAA;AAAA,EAIA,MAAM,mBAAmB,QAAuC;AAC5D,WAAO,KAAK,OAAO,IAAkB,sBAAsB,MAAM,eAAe;AAAA,EACpF;AAAA,EAEA,MAAM,qBAAqB,QAAgB,kBAA2C;AAClF,WAAO,KAAK,OAAO,KAAW,sBAAsB,MAAM,iBAAiB,EAAE,iBAAiB,CAAC;AAAA,EACnG;AAAA,EAEA,MAAM,0BAA0B,QAAgB,kBAA2C;AACvF,WAAO,KAAK,OAAO,OAAa,sBAAsB,MAAM,iBAAiB;AAAA;AAAA;AAAA;AAAA,MAIzE,MAAM,EAAE,iBAAiB;AAAA,IAC7B,CAAQ;AAAA,EACZ;AAAA;AAAA,EAIA,MAAM,kBAAyC;AAC3C,WAAO,KAAK,OAAO,IAAkB,2BAA2B;AAAA,EACpE;AAAA,EAEA,MAAM,iBAAiB,MAAuG;AAC1H,WAAO,KAAK,OAAO,KAAiB,6BAA6B,IAAI;AAAA,EACzE;AAAA,EAEA,MAAM,cAAc,cAA2C;AAC3D,WAAO,KAAK,OAAO,IAAgB,4BAA4B,YAAY,GAAG;AAAA,EAClF;AAAA,EAEA,MAAM,iBAAiB,cAAsB,MAAoE;AAC7G,WAAO,KAAK,OAAO,IAAgB,4BAA4B,YAAY,KAAK,IAAI;AAAA,EACxF;AAAA,EAEA,MAAM,iBAAiB,cAAqC;AACxD,WAAO,KAAK,OAAO,OAAa,4BAA4B,YAAY,GAAG;AAAA,EAC/E;AAAA;AAAA,EAIA,MAAM,iBAAiB,QAAgB,UAAiC;AACpE,WAAO,KAAK,OAAO,KAAW,sBAAsB,MAAM,WAAW,EAAE,WAAW,SAAS,CAAC;AAAA,EAChG;AAAA,EAEA,MAAM,mBAAmB,QAAgB,UAAiC;AACtE,WAAO,KAAK,OAAO,OAAa,sBAAsB,MAAM,WAAW;AAAA,MACnE,QAAQ,EAAE,WAAW,SAAS;AAAA,IAClC,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,wBAAwB,QAAgB,iBAA0C;AACpF,WAAO,KAAK,OAAO,KAAW,sBAAsB,MAAM,iBAAiB,EAAE,kBAAkB,gBAAgB,CAAC;AAAA,EACpH;AAAA,EAEA,MAAM,0BAA0B,QAAgB,iBAA0C;AACtF,WAAO,KAAK,OAAO,OAAa,sBAAsB,MAAM,iBAAiB;AAAA,MACzE,MAAM,EAAE,kBAAkB,gBAAgB;AAAA,IAC9C,CAAQ;AAAA,EACZ;AACJ;;;AC9IO,IAAM,aAAN,MAAiB;AAAA,EACpB,YAAoB,QAA2B;AAA3B;AAAA,EAA6B;AAAA;AAAA,EAIjD,MAAM,aAA2B;AAC7B,WAAO,KAAK,OAAO,IAAI,kBAAkB;AAAA,EAC7C;AAAA,EAEA,MAAM,cAAc,MAAyC;AACzD,WAAO,KAAK,OAAO,MAAM,oBAAoB,IAAI;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa,UAAkC;AACjD,WAAO,KAAK,OAAO,MAAM,oBAAoB,QAAQ;AAAA,EACzD;AAAA,EAEA,MAAM,cAAc,UAAkB,SAAiC;AACnE,WAAO,KAAK,OAAO,KAAW,0CAA0C;AAAA,MACpE;AAAA,MACA,UAAU;AAAA,IACd,CAAC;AAAA,EACL;AAAA;AAAA,EAIA,MAAM,UAAU,QAA8C;AAC1D,WAAO,KAAK,OAAO,IAAW,6BAA6B,EAAE,OAAO,CAAC;AAAA,EACzE;AAAA,EAEA,MAAM,QAAQ,QAA8B;AACxC,WAAO,KAAK,OAAO,IAAI,4BAA4B,MAAM,GAAG;AAAA,EAChE;AAAA,EAEA,MAAM,gBAAgB,QAAgB,MAA2C;AAC7E,WAAO,KAAK,OAAO,MAAM,4BAA4B,MAAM,KAAK,IAAI;AAAA,EACxE;AAAA,EAEA,MAAM,gBAAgB,QAA+B;AACjD,WAAO,KAAK,OAAO,OAAa,4BAA4B,MAAM,GAAG;AAAA,EACzE;AAAA,EAEA,MAAM,QAAQ,QAAgB,SAAiB,IAAmB;AAC9D,WAAO,KAAK,OAAO,KAAW,4BAA4B,MAAM,SAAS,EAAE,OAAO,CAAC;AAAA,EACvF;AAAA,EAEA,MAAM,UAAU,QAA+B;AAC3C,WAAO,KAAK,OAAO,KAAW,4BAA4B,MAAM,SAAS;AAAA,EAC7E;AAAA,EAEA,MAAM,SAAS,QAAgB,kBAA0B,IAAI,SAAiB,IAAmB;AAC7F,WAAO,KAAK,OAAO,KAAW,4BAA4B,MAAM,UAAU,EAAE,kBAAkB,iBAAiB,OAAO,CAAC;AAAA,EAC3H;AAAA,EAEA,MAAM,WAAW,QAA+B;AAC5C,WAAO,KAAK,OAAO,KAAW,4BAA4B,MAAM,UAAU;AAAA,EAC9E;AACJ;;;ACzEO,IAAM,gBAAN,MAAoB;AAAA,EAChB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEP,YAAY,SAA4B;AACpC,SAAK,OAAO,IAAI,kBAAkB,OAAO;AACzC,SAAK,OAAO,IAAI,WAAW,KAAK,IAAI;AACpC,SAAK,WAAW,IAAI,eAAe,KAAK,IAAI;AAC5C,SAAK,OAAO,IAAI,WAAW,KAAK,IAAI;AACpC,SAAK,OAAO,IAAI,WAAW,KAAK,IAAI;AAAA,EACxC;AACJ;","names":[]}
1
+ {"version":3,"sources":["../src/index.ts","../src/storage/memory.ts","../src/storage/localStorage.ts","../src/storage/cookie.ts","../src/config.ts","../src/http/client.ts","../src/utils/device_info.ts","../src/http/interceptors.ts","../src/modules/auth.ts","../src/utils/base64url.ts","../src/modules/security.ts","../src/utils/jwt.ts","../src/modules/rbac.ts","../src/modules/user.ts","../src/modules/b2b.ts","../src/modules/ai.ts","../src/modules/applications.ts","../src/modules/admin.ts","../src/modules/gdpr.ts","../src/modules/dashboard.ts","../src/utils/events.ts","../src/client.ts"],"sourcesContent":["export * from './config';\nexport * from './client';\nexport * from './http/client';\nexport * from './http/interceptors';\nexport * from './modules/auth';\nexport * from './modules/security';\nexport * from './modules/rbac';\nexport * from './modules/user';\nexport * from './modules/b2b';\nexport * from './modules/ai';\nexport * from './modules/applications';\nexport * from './modules/admin';\nexport * from './modules/gdpr';\nexport * from './modules/dashboard';\nexport * from './storage';\nexport * from './utils/events';\nexport * from './utils/jwt';\nexport * from './utils/device_info';\nexport * from './types';\n","import type { TenxyteStorage } from './index';\n\n/**\n * MemoryStorage implementation primarily used in Node.js (SSR)\n * environments or as a fallback when browser storage is unavailable.\n */\nexport class MemoryStorage implements TenxyteStorage {\n private store: Map<string, string>;\n\n constructor() {\n this.store = new Map<string, string>();\n }\n\n getItem(key: string): string | null {\n const value = this.store.get(key);\n return value !== undefined ? value : null;\n }\n\n setItem(key: string, value: string): void {\n this.store.set(key, value);\n }\n\n removeItem(key: string): void {\n this.store.delete(key);\n }\n\n clear(): void {\n this.store.clear();\n }\n}\n","import type { TenxyteStorage } from './index';\nimport { MemoryStorage } from './memory';\n\n/**\n * LocalStorage wrapper for the browser.\n * Degrades gracefully to MemoryStorage if localStorage is unavailable\n * (e.g., SSR, Private Browsing mode strictness).\n */\nexport class LocalStorage implements TenxyteStorage {\n private fallbackMemoryStore: MemoryStorage | null = null;\n private isAvailable: boolean;\n\n constructor() {\n this.isAvailable = this.checkAvailability();\n if (!this.isAvailable) {\n this.fallbackMemoryStore = new MemoryStorage();\n }\n }\n\n private checkAvailability(): boolean {\n try {\n if (typeof window === 'undefined' || !window.localStorage) {\n return false;\n }\n const testKey = '__tenxyte_test__';\n window.localStorage.setItem(testKey, '1');\n window.localStorage.removeItem(testKey);\n return true;\n } catch (_e) {\n return false;\n }\n }\n\n getItem(key: string): string | null {\n if (!this.isAvailable && this.fallbackMemoryStore) {\n return this.fallbackMemoryStore.getItem(key);\n }\n return window.localStorage.getItem(key);\n }\n\n setItem(key: string, value: string): void {\n if (!this.isAvailable && this.fallbackMemoryStore) {\n this.fallbackMemoryStore.setItem(key, value);\n return;\n }\n try {\n window.localStorage.setItem(key, value);\n } catch (_e) {\n // Storage quota exceeded or similar error\n console.warn(`[Tenxyte SDK] Warning: failed to write to localStorage for key ${key}`);\n }\n }\n\n removeItem(key: string): void {\n if (!this.isAvailable && this.fallbackMemoryStore) {\n this.fallbackMemoryStore.removeItem(key);\n return;\n }\n window.localStorage.removeItem(key);\n }\n\n clear(): void {\n if (!this.isAvailable && this.fallbackMemoryStore) {\n this.fallbackMemoryStore.clear();\n return;\n }\n // We ideally only clear tenxyte specific keys if needed,\n // but standard clear() removes everything.\n // If the library only ever writes specific keys,\n // we could keep track of them and iterate, but for now clear() is standard.\n // For safer implementation we could just let the caller do removeItems() individually\n // but let's conform to the clear API.\n window.localStorage.clear();\n }\n}\n","import type { TenxyteStorage } from './index';\n\n/**\n * CookieStorage implementation\n * Note: To be secure, tokens should be HttpOnly where possible.\n * This class handles client-side cookies if necessary.\n */\nexport class CookieStorage implements TenxyteStorage {\n private defaultOptions: string;\n\n constructor(options: { secure?: boolean; sameSite?: 'Strict' | 'Lax' | 'None' } = {}) {\n const secure = options.secure ?? true;\n const sameSite = options.sameSite ?? 'Lax';\n this.defaultOptions = `path=/; SameSite=${sameSite}${secure ? '; Secure' : ''}`;\n }\n\n getItem(key: string): string | null {\n if (typeof document === 'undefined') return null;\n const match = document.cookie.match(new RegExp(`(^| )${key}=([^;]+)`));\n return match ? decodeURIComponent(match[2]) : null;\n }\n\n setItem(key: string, value: string): void {\n if (typeof document === 'undefined') return;\n document.cookie = `${key}=${encodeURIComponent(value)}; ${this.defaultOptions}`;\n }\n\n removeItem(key: string): void {\n if (typeof document === 'undefined') return;\n document.cookie = `${key}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/`;\n }\n\n clear(): void {\n // Cannot easily clear all cookies securely because we don't know them all\n // Usually auth keys are known, e.g., tx_access, tx_refresh\n this.removeItem('tx_access');\n this.removeItem('tx_refresh');\n }\n}\n","import type { TenxyteStorage } from './storage';\nimport { MemoryStorage } from './storage';\nimport type { CustomDeviceInfo } from './utils/device_info';\nimport type { RetryConfig } from './http/interceptors';\n\n/**\n * Semantic version of the SDK, kept in sync with package.json.\n * Sent as X-SDK-Version header when diagnostics are enabled.\n */\nexport const SDK_VERSION = '0.9.0';\n\n/**\n * Log level controlling the verbosity of the SDK internal logger.\n *\n * - `'silent'` — No output (default).\n * - `'error'` — Errors only.\n * - `'warn'` — Errors and warnings.\n * - `'debug'` — Verbose output including debug traces.\n */\nexport type LogLevel = 'silent' | 'error' | 'warn' | 'debug';\n\n/**\n * Pluggable logger interface accepted by the SDK.\n * Any object satisfying this contract (e.g. `console`) can be passed as `logger`.\n */\nexport interface TenxyteLogger {\n /** Verbose diagnostic messages (interceptors, token lifecycle, etc.) */\n debug(message: string, ...args: unknown[]): void;\n /** Non-critical issues that deserve attention (deprecated usage, retry fallback, etc.) */\n warn(message: string, ...args: unknown[]): void;\n /** Unrecoverable errors (network failures, malformed responses, etc.) */\n error(message: string, ...args: unknown[]): void;\n}\n\n/**\n * Configuration object accepted by {@link TenxyteClient}.\n *\n * Only `baseUrl` is required — every other option has a sensible default.\n *\n * @example\n * ```typescript\n * import { TenxyteClient } from '@tenxyte/core';\n *\n * const tx = new TenxyteClient({\n * baseUrl: 'https://api.my-service.com',\n * headers: { 'X-Access-Key': 'pkg_abc123' },\n * autoRefresh: true,\n * autoDeviceInfo: true,\n * timeoutMs: 10_000,\n * onSessionExpired: () => router.push('/login'),\n * });\n * ```\n */\nexport interface TenxyteClientConfig {\n /** Base URL of the Tenxyte-powered API, without a trailing slash. */\n baseUrl: string;\n\n /** Extra HTTP headers merged into every outgoing request (e.g. X-Access-Key, X-Access-Secret). */\n headers?: Record<string, string>;\n\n /**\n * Persistent token storage back-end.\n * The SDK ships with MemoryStorage, LocalStorageAdapter, and CookieStorage.\n * Defaults to MemoryStorage (in-memory, lost on page reload / process exit).\n */\n storage?: TenxyteStorage;\n\n /**\n * When true, the SDK automatically attaches a response interceptor that\n * intercepts 401 responses, attempts a silent token refresh via\n * POST /refresh/, and replays the original request on success.\n * Defaults to true.\n */\n autoRefresh?: boolean;\n\n /**\n * When true, the SDK injects a device_info payload (built by\n * buildDeviceInfo()) into every authentication request body\n * (/login/email/, /login/phone/, /register/, /social/*).\n * Set to false if you supply your own fingerprint or run in an\n * environment where the auto-detected info is irrelevant (e.g. CI).\n * Defaults to true.\n */\n autoDeviceInfo?: boolean;\n\n /**\n * Global request timeout in milliseconds.\n * When set, every fetch call is wrapped with an AbortController.\n * If the timer fires before the response arrives, the SDK throws a\n * TenxyteError with code TIMEOUT.\n * Defaults to undefined (no timeout).\n */\n timeoutMs?: number;\n\n /**\n * Callback invoked whenever the active session can no longer be recovered\n * (e.g. refresh token is expired or revoked).\n * This is a convenience shortcut equivalent to tx.on('session:expired', callback).\n */\n onSessionExpired?: () => void;\n\n /**\n * Custom logger implementation.\n * Defaults to a silent no-op logger. Pass console for quick debugging\n * or supply any object that satisfies the TenxyteLogger interface.\n */\n logger?: TenxyteLogger;\n\n /**\n * Controls the verbosity of the built-in logger when no custom logger\n * is provided. Defaults to 'silent'.\n */\n logLevel?: LogLevel;\n\n /**\n * Override or supplement the auto-detected device information.\n * When provided, these values are merged on top of the auto-detected\n * fingerprint built by `buildDeviceInfo()`. Only relevant when\n * `autoDeviceInfo` is `true`.\n */\n deviceInfoOverride?: CustomDeviceInfo;\n\n /**\n * When provided, the SDK attaches a response interceptor that\n * automatically retries failed requests (429 / 5xx / network errors)\n * with exponential backoff. Pass `{}` for sensible defaults.\n */\n retryConfig?: RetryConfig;\n}\n\n/**\n * Fully resolved configuration where every optional field has been\n * filled with its default value. This is the shape used internally\n * by TenxyteClient after calling {@link resolveConfig}.\n */\nexport interface ResolvedTenxyteConfig {\n baseUrl: string;\n headers: Record<string, string>;\n storage: TenxyteStorage;\n autoRefresh: boolean;\n autoDeviceInfo: boolean;\n timeoutMs: number | undefined;\n onSessionExpired: (() => void) | undefined;\n logger: TenxyteLogger;\n logLevel: LogLevel;\n deviceInfoOverride: CustomDeviceInfo | undefined;\n retryConfig: RetryConfig | undefined;\n}\n\n/** Silent no-op logger used when the consumer does not provide one. */\nexport const NOOP_LOGGER: TenxyteLogger = {\n debug() {},\n warn() {},\n error() {},\n};\n\n/**\n * Merges user-provided configuration with sensible defaults.\n *\n * Default values:\n * - storage: new MemoryStorage()\n * - autoRefresh: true\n * - autoDeviceInfo: true\n * - headers: {}\n * - logLevel: 'silent'\n * - logger: NOOP_LOGGER\n */\nexport function resolveConfig(config: TenxyteClientConfig): ResolvedTenxyteConfig {\n return {\n baseUrl: config.baseUrl,\n headers: config.headers ?? {},\n storage: config.storage ?? new MemoryStorage(),\n autoRefresh: config.autoRefresh ?? true,\n autoDeviceInfo: config.autoDeviceInfo ?? true,\n timeoutMs: config.timeoutMs,\n onSessionExpired: config.onSessionExpired,\n logger: config.logger ?? NOOP_LOGGER,\n logLevel: config.logLevel ?? 'silent',\n deviceInfoOverride: config.deviceInfoOverride,\n retryConfig: config.retryConfig,\n };\n}\n","import type { TenxyteError } from '../types';\n\nexport interface HttpClientOptions {\n baseUrl: string;\n timeoutMs?: number;\n headers?: Record<string, string>;\n}\n\nexport type RequestConfig = Omit<RequestInit, 'body' | 'headers'> & {\n body?: unknown;\n headers?: Record<string, string>;\n params?: Record<string, string | number | boolean>;\n};\n\n/**\n * Core HTTP Client underlying the SDK.\n * Handles JSON parsing, standard headers, simple request processing,\n * and normalizing errors into TenxyteError format.\n */\nexport class TenxyteHttpClient {\n private baseUrl: string;\n private defaultHeaders: Record<string, string>;\n private timeoutMs: number | undefined;\n\n // Interceptors\n private requestInterceptors: Array<(config: RequestConfig & { url: string }) => Promise<RequestConfig & { url: string }> | (RequestConfig & { url: string })> = [];\n private responseInterceptors: Array<(response: Response, request: { url: string; config: RequestConfig }) => Promise<Response> | Response> = [];\n\n constructor(options: HttpClientOptions) {\n this.baseUrl = options.baseUrl.replace(/\\/$/, ''); // Remove trailing slash\n this.timeoutMs = options.timeoutMs;\n this.defaultHeaders = {\n 'Content-Type': 'application/json',\n Accept: 'application/json',\n ...options.headers,\n };\n }\n\n // Interceptor Registration\n addRequestInterceptor(interceptor: typeof this.requestInterceptors[0]) {\n this.requestInterceptors.push(interceptor);\n }\n\n addResponseInterceptor(interceptor: typeof this.responseInterceptors[0]) {\n this.responseInterceptors.push(interceptor);\n }\n\n /**\n * Main request method wrapping fetch\n */\n async request<T>(endpoint: string, config: RequestConfig = {}): Promise<T> {\n const urlStr = endpoint.startsWith('http')\n ? endpoint\n : `${this.baseUrl}${endpoint.startsWith('/') ? '' : '/'}${endpoint}`;\n\n const urlObj = new URL(urlStr);\n\n if (config.params) {\n Object.entries(config.params).forEach(([key, value]) => {\n if (value !== undefined && value !== null) {\n urlObj.searchParams.append(key, String(value));\n }\n });\n }\n\n let requestContext: any = {\n url: urlObj.toString(),\n ...config,\n headers: { ...this.defaultHeaders, ...(config.headers || {}) } as Record<string, string>,\n };\n\n // Handle FormData implicitly for multipart requests\n if (typeof FormData !== 'undefined' && requestContext.body instanceof FormData) {\n const headers = requestContext.headers as Record<string, string>;\n // Explicitly remove Content-Type so fetch can auto-assign the multipart boundary\n delete headers['Content-Type'];\n delete headers['content-type'];\n } else if (requestContext.body && typeof requestContext.body === 'object') {\n const contentType = (requestContext.headers as Record<string, string>)['Content-Type'] || '';\n if (contentType.toLowerCase().includes('application/json')) {\n requestContext.body = JSON.stringify(requestContext.body);\n }\n }\n\n // Run Request Interceptors\n for (const interceptor of this.requestInterceptors) {\n requestContext = await interceptor(requestContext);\n }\n\n const { url, ...fetchConfig } = requestContext as any;\n\n let controller: AbortController | undefined;\n let timeoutId: ReturnType<typeof setTimeout> | undefined;\n\n if (this.timeoutMs) {\n controller = new AbortController();\n (fetchConfig as any).signal = controller.signal;\n timeoutId = setTimeout(() => controller!.abort(), this.timeoutMs);\n }\n\n try {\n let response = await fetch(url, fetchConfig as RequestInit);\n\n // Run Response Interceptors (e.g., token refresh logic)\n for (const interceptor of this.responseInterceptors) {\n response = await interceptor(response, { url, config: fetchConfig as RequestConfig });\n }\n\n if (!response.ok) {\n throw await this.normalizeError(response);\n }\n\n // Handle NoContent\n if (response.status === 204) {\n return {} as T;\n }\n\n const contentType = response.headers.get('content-type');\n if (contentType && contentType.includes('application/json')) {\n return (await response.json()) as T;\n }\n\n return (await response.text()) as unknown as T;\n } catch (error: any) {\n if (error?.name === 'AbortError') {\n throw {\n error: `Request timed out after ${this.timeoutMs}ms`,\n code: 'TIMEOUT' as import('../types').TenxyteErrorCode,\n details: url,\n } as TenxyteError;\n }\n if (error && error.code) {\n throw error; // Already normalized\n }\n throw {\n error: error.message || 'Network request failed',\n code: 'NETWORK_ERROR' as import('../types').TenxyteErrorCode,\n details: String(error)\n } as TenxyteError;\n } finally {\n if (timeoutId !== undefined) {\n clearTimeout(timeoutId);\n }\n }\n }\n\n private async normalizeError(response: Response): Promise<TenxyteError> {\n try {\n const body = await response.json();\n return {\n error: body.error || body.detail || 'API request failed',\n code: body.code || `HTTP_${response.status}`,\n details: body.details || body,\n retry_after: response.headers.has('Retry-After') ? parseInt(response.headers.get('Retry-After')!, 10) : undefined,\n } as TenxyteError;\n } catch (_e) {\n return {\n error: `HTTP Error ${response.status}: ${response.statusText}`,\n code: `HTTP_${response.status}` as unknown as import('../types').TenxyteErrorCode,\n } as TenxyteError;\n }\n }\n\n // Convenience methods\n get<T>(endpoint: string, config?: Omit<RequestConfig, 'method' | 'body'>) {\n return this.request<T>(endpoint, { ...config, method: 'GET' });\n }\n\n post<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>) {\n return this.request<T>(endpoint, { ...config, method: 'POST', body: data });\n }\n\n put<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>) {\n return this.request<T>(endpoint, { ...config, method: 'PUT', body: data });\n }\n\n patch<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>) {\n return this.request<T>(endpoint, { ...config, method: 'PATCH', body: data });\n }\n\n delete<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>) {\n return this.request<T>(endpoint, { ...config, method: 'DELETE', body: data });\n }\n}\n","/**\n * Helper utility to build the device fingerprint required by Tenxyte security features.\n * Format: `v=1|os=windows;osv=11|device=desktop|arch=x64|app=tenxyte;appv=1.0.0|runtime=chrome;rtv=122|tz=Europe/Paris`\n */\nexport interface CustomDeviceInfo {\n os?: string;\n osVersion?: string;\n device?: string;\n arch?: string;\n app?: string;\n appVersion?: string;\n runtime?: string;\n runtimeVersion?: string;\n timezone?: string;\n}\n\nexport function buildDeviceInfo(customInfo: CustomDeviceInfo = {}): string {\n // Try to determine automatically from navigator\n const autoInfo = getAutoInfo();\n\n const v = '1';\n const os = customInfo.os || autoInfo.os;\n const osv = customInfo.osVersion || autoInfo.osVersion;\n const device = customInfo.device || autoInfo.device;\n const arch = customInfo.arch || autoInfo.arch;\n const app = customInfo.app || autoInfo.app;\n const appv = customInfo.appVersion || autoInfo.appVersion;\n const runtime = customInfo.runtime || autoInfo.runtime;\n const rtv = customInfo.runtimeVersion || autoInfo.runtimeVersion;\n const tz = customInfo.timezone || autoInfo.timezone;\n\n const parts = [\n `v=${v}`,\n `os=${os}` + (osv ? `;osv=${osv}` : ''),\n `device=${device}`,\n arch ? `arch=${arch}` : '',\n app ? `app=${app}${appv ? `;appv=${appv}` : ''}` : '',\n `runtime=${runtime}` + (rtv ? `;rtv=${rtv}` : ''),\n tz ? `tz=${tz}` : ''\n ];\n\n return parts.filter(Boolean).join('|');\n}\n\nfunction getAutoInfo() {\n const info = {\n os: 'unknown',\n osVersion: '',\n device: 'desktop', // default\n arch: '',\n app: 'sdk',\n appVersion: '0.1.0',\n runtime: 'unknown',\n runtimeVersion: '',\n timezone: ''\n };\n\n try {\n if (typeof Intl !== 'undefined') {\n info.timezone = Intl.DateTimeFormat().resolvedOptions().timeZone;\n }\n\n if (typeof process !== 'undefined' && process.version) {\n info.runtime = 'node';\n info.runtimeVersion = process.version;\n info.os = process.platform;\n info.arch = process.arch;\n info.device = 'server';\n } else if (typeof window !== 'undefined' && window.navigator) {\n const ua = window.navigator.userAgent.toLowerCase();\n\n // Basic OS detection\n if (ua.includes('windows')) info.os = 'windows';\n else if (ua.includes('mac')) info.os = 'macos';\n else if (ua.includes('linux')) info.os = 'linux';\n else if (ua.includes('android')) info.os = 'android';\n else if (ua.includes('ios') || ua.includes('iphone') || ua.includes('ipad')) info.os = 'ios';\n\n // Basic Device Type\n if (/mobi|android|touch|mini/i.test(ua)) info.device = 'mobile';\n if (/tablet|ipad/i.test(ua)) info.device = 'tablet';\n\n // Basic Runtime (Browser)\n if (ua.includes('firefox')) info.runtime = 'firefox';\n else if (ua.includes('edg/')) info.runtime = 'edge';\n else if (ua.includes('chrome')) info.runtime = 'chrome';\n else if (ua.includes('safari')) info.runtime = 'safari';\n }\n } catch (_e) {\n // Ignore context extraction errors\n }\n\n return info;\n}\n","import type { TenxyteStorage } from '../storage';\nimport type { RequestConfig, TenxyteHttpClient } from './client';\nimport { buildDeviceInfo, type CustomDeviceInfo } from '../utils/device_info';\nimport type { TenxyteLogger } from '../config';\n\nexport interface TenxyteContext {\n activeOrgSlug: string | null;\n agentTraceId: string | null;\n}\n\nexport function createAuthInterceptor(storage: TenxyteStorage, context: TenxyteContext) {\n return async (request: RequestConfig & { url: string }) => {\n // Inject Authorization if present\n const token = await storage.getItem('tx_access');\n const headers = { ...(request.headers as Record<string, string>) || {} };\n\n if (token && !headers['Authorization']) {\n headers['Authorization'] = `Bearer ${token}`;\n }\n\n // Inject Contextual Headers based on SDK state\n if (context.activeOrgSlug && !headers['X-Org-Slug']) {\n headers['X-Org-Slug'] = context.activeOrgSlug;\n }\n\n if (context.agentTraceId && !headers['X-Prompt-Trace-ID']) {\n headers['X-Prompt-Trace-ID'] = context.agentTraceId;\n }\n\n return { ...request, headers };\n };\n}\n\nexport function createRefreshInterceptor(\n client: TenxyteHttpClient,\n storage: TenxyteStorage,\n onSessionExpired: () => void,\n onTokenRefreshed?: (accessToken: string, refreshToken?: string) => void,\n) {\n let isRefreshing = false;\n let refreshQueue: Array<(token: string | null) => void> = [];\n\n const processQueue = (error: Error | null, token: string | null = null) => {\n refreshQueue.forEach(prom => prom(token));\n refreshQueue = [];\n };\n\n return async (response: Response, request: { url: string; config: RequestConfig }): Promise<Response> => {\n // Only intercept 401s when not attempting to login/refresh itself\n if (response.status === 401 && !request.url.includes('/auth/refresh') && !request.url.includes('/auth/login')) {\n const refreshToken = await storage.getItem('tx_refresh');\n\n if (!refreshToken) {\n onSessionExpired();\n return response; // Pass through 401 if we cannot refresh\n }\n\n if (isRefreshing) {\n // Wait in queue for the refresh to complete\n return new Promise<Response>((resolve) => {\n refreshQueue.push((newToken: string | null) => {\n if (newToken) {\n const retryHeaders = { ...(request.config.headers as Record<string, string>), Authorization: `Bearer ${newToken}` };\n resolve(fetch(request.url, { ...request.config, headers: retryHeaders } as RequestInit));\n } else {\n resolve(response);\n }\n });\n });\n }\n\n // We are the first one, initiate refresh\n isRefreshing = true;\n\n try {\n const refreshResponse = await fetch(`${client['baseUrl']}/auth/refresh/`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ refresh_token: refreshToken })\n });\n\n if (!refreshResponse.ok) {\n throw new Error('Refresh failed');\n }\n\n const data = await refreshResponse.json();\n\n await storage.setItem('tx_access', data.access);\n if (data.refresh) {\n await storage.setItem('tx_refresh', data.refresh);\n }\n\n isRefreshing = false;\n onTokenRefreshed?.(data.access, data.refresh);\n processQueue(null, data.access);\n\n // Retry original request seamlessly for the caller that initiated this\n const retryHeaders = { ...(request.config.headers as Record<string, string>), Authorization: `Bearer ${data.access}` };\n // We use fetch directly to return a true Response object back to the chain,\n // rather than using client.request which resolves the JSON.\n // Wait, the interceptor must return a Promise<Response>!\n const r = await fetch(request.url, { ...request.config, headers: retryHeaders } as RequestInit);\n return r;\n\n } catch (err) {\n // Refresh failed (invalid token, expired, network error)\n isRefreshing = false;\n await storage.removeItem('tx_access');\n await storage.removeItem('tx_refresh');\n\n processQueue(err as Error, null);\n onSessionExpired();\n\n // Pass original 401 back\n return response;\n }\n }\n\n return response;\n };\n}\n\nconst DEVICE_INFO_ENDPOINTS = [\n '/login/email/',\n '/login/phone/',\n '/register/',\n '/social/',\n];\n\n// ─── Retry Interceptor ───\n\n/** Configuration for the automatic retry middleware. */\nexport interface RetryConfig {\n /** Maximum number of retries per request. Defaults to 3. */\n maxRetries?: number;\n /** Retry on HTTP 429 (Too Many Requests). Defaults to true. */\n retryOn429?: boolean;\n /** Retry on network errors (fetch failures, timeouts). Defaults to true. */\n retryOnNetworkError?: boolean;\n /** Base delay in ms for exponential backoff. Defaults to 1000. */\n baseDelayMs?: number;\n}\n\nconst DEFAULT_RETRY: Required<RetryConfig> = {\n maxRetries: 3,\n retryOn429: true,\n retryOnNetworkError: true,\n baseDelayMs: 1000,\n};\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise(resolve => setTimeout(resolve, ms));\n}\n\n/**\n * Creates a response interceptor that retries failed requests with exponential backoff.\n * Respects the `Retry-After` header when present on 429 responses.\n */\nexport function createRetryInterceptor(config: RetryConfig = {}, logger?: TenxyteLogger) {\n const opts = { ...DEFAULT_RETRY, ...config };\n\n return async (response: Response, request: { url: string; config: RequestConfig }): Promise<Response> => {\n const shouldRetry429 = opts.retryOn429 && response.status === 429;\n const shouldRetryServer = response.status >= 500;\n\n if (!shouldRetry429 && !shouldRetryServer) {\n return response;\n }\n\n let lastResponse = response;\n\n for (let attempt = 1; attempt <= opts.maxRetries; attempt++) {\n // Determine delay: prefer Retry-After header, fall back to exponential backoff\n let delayMs = opts.baseDelayMs * Math.pow(2, attempt - 1);\n const retryAfter = lastResponse.headers.get('Retry-After');\n if (retryAfter) {\n const parsed = Number(retryAfter);\n if (!isNaN(parsed)) {\n delayMs = parsed * 1000;\n }\n }\n\n logger?.debug(`[Tenxyte Retry] Attempt ${attempt}/${opts.maxRetries} after ${delayMs}ms for ${request.url}`);\n await sleep(delayMs);\n\n try {\n const retryResponse = await fetch(request.url, request.config as RequestInit);\n\n if (retryResponse.status === 429 && opts.retryOn429 && attempt < opts.maxRetries) {\n lastResponse = retryResponse;\n continue;\n }\n if (retryResponse.status >= 500 && attempt < opts.maxRetries) {\n lastResponse = retryResponse;\n continue;\n }\n\n return retryResponse;\n } catch (err) {\n if (!opts.retryOnNetworkError || attempt >= opts.maxRetries) {\n throw err;\n }\n logger?.warn(`[Tenxyte Retry] Network error on attempt ${attempt}/${opts.maxRetries}`, err);\n }\n }\n\n return lastResponse;\n };\n}\n\n// ─── Device Info Interceptor ───\n\nexport function createDeviceInfoInterceptor(override?: CustomDeviceInfo) {\n const fingerprint = buildDeviceInfo(override);\n\n return (request: RequestConfig & { url: string }) => {\n const isPost = !request.method || request.method === 'POST';\n const matchesEndpoint = DEVICE_INFO_ENDPOINTS.some(ep => request.url.includes(ep));\n\n if (isPost && matchesEndpoint && request.body && typeof request.body === 'object') {\n const body = request.body as Record<string, unknown>;\n if (!body.device_info) {\n return { ...request, body: { ...body, device_info: fingerprint } };\n }\n }\n\n return request;\n };\n}\n","import { TenxyteHttpClient } from '../http/client';\nimport { TokenPair, GeneratedSchema } from '../types';\nimport type { TenxyteStorage } from '../storage';\n\nexport interface LoginEmailOptions {\n totp_code?: string;\n}\n\nexport interface LoginPhoneOptions {\n totp_code?: string;\n}\n\nexport interface RegisterRequest {\n /** Email address (required unless phone-based registration). */\n email?: string | null;\n /** International phone country code (e.g. \"+33\"). */\n phone_country_code?: string | null;\n /** Phone number without country code. */\n phone_number?: string | null;\n /** Account password. */\n password: string;\n /** User's first name. */\n first_name?: string;\n /** User's last name. */\n last_name?: string;\n /** Username (if enabled by the backend). */\n username?: string;\n /** If true, the user is logged in immediately after registration (JWT tokens returned). */\n login?: boolean;\n}\n\nexport interface MagicLinkRequest {\n email: string;\n /** URL used to build the verification link (required). */\n validation_url: string;\n}\n\nexport interface SocialLoginRequest {\n access_token?: string;\n authorization_code?: string;\n id_token?: string;\n}\n\n/** Response from the registration endpoint (may include tokens if `login: true`). */\nexport interface RegisterResponse {\n message?: string;\n user_id?: string;\n access_token?: string;\n refresh_token?: string;\n token_type?: string;\n expires_in?: number;\n}\n\n/** Response from the magic link request endpoint. */\nexport interface MagicLinkResponse {\n message?: string;\n expires_in_minutes?: number;\n /** Masked email for security. */\n sent_to?: string;\n}\n\nexport class AuthModule {\n constructor(\n private client: TenxyteHttpClient,\n private storage?: TenxyteStorage,\n private onTokens?: (accessToken: string, refreshToken?: string) => void,\n private onLogout?: () => void,\n ) { }\n\n private async clearTokens(): Promise<void> {\n if (this.storage) {\n await this.storage.removeItem('tx_access');\n await this.storage.removeItem('tx_refresh');\n this.onLogout?.();\n }\n }\n\n private async persistTokens(tokens: TokenPair): Promise<TokenPair> {\n if (this.storage) {\n await this.storage.setItem('tx_access', tokens.access_token);\n if (tokens.refresh_token) {\n await this.storage.setItem('tx_refresh', tokens.refresh_token);\n }\n this.onTokens?.(tokens.access_token, tokens.refresh_token);\n }\n return tokens;\n }\n\n /**\n * Authenticate a user with their email and password.\n * @param data - The login credentials and optional TOTP code if 2FA is required.\n * @returns A pair of Access and Refresh tokens upon successful authentication.\n * @throws {TenxyteError} If credentials are invalid, or if `2FA_REQUIRED` without a valid `totp_code`.\n */\n async loginWithEmail(\n data: GeneratedSchema['LoginEmail'],\n ): Promise<TokenPair> {\n const tokens = await this.client.post<TokenPair>('/api/v1/auth/login/email/', data);\n return this.persistTokens(tokens);\n }\n\n /**\n * Authenticate a user with an international phone number and password.\n * @param data - The login credentials and optional TOTP code if 2FA is required.\n * @returns A pair of Access and Refresh tokens.\n */\n async loginWithPhone(\n data: GeneratedSchema['LoginPhone'],\n ): Promise<TokenPair> {\n const tokens = await this.client.post<TokenPair>('/api/v1/auth/login/phone/', data);\n return this.persistTokens(tokens);\n }\n\n /**\n * Registers a new user account.\n * @param data - The registration details (email, password, etc.).\n * @returns The registered user data or a confirmation message.\n */\n async register(data: RegisterRequest): Promise<RegisterResponse> {\n const result = await this.client.post<RegisterResponse>('/api/v1/auth/register/', data);\n if (result?.access_token) {\n await this.persistTokens(result as TokenPair);\n }\n return result;\n }\n\n /**\n * Logout from the current session.\n * Informs the backend to immediately revoke the specified refresh token.\n * @param refreshToken - The refresh token to revoke.\n */\n async logout(refreshToken: string): Promise<void> {\n await this.client.post<void>('/api/v1/auth/logout/', { refresh_token: refreshToken });\n await this.clearTokens();\n }\n\n /**\n * Logout from all sessions across all devices.\n * Revokes all refresh tokens currently assigned to the user.\n */\n async logoutAll(): Promise<void> {\n await this.client.post<void>('/api/v1/auth/logout/all/');\n await this.clearTokens();\n }\n\n /**\n * Manually refresh the access token using a valid refresh token.\n * The refresh token is automatically rotated for improved security.\n * @param refreshToken - The current refresh token.\n * @returns A new token pair (access + rotated refresh).\n */\n async refreshToken(refreshToken: string): Promise<TokenPair> {\n const tokens = await this.client.post<TokenPair>('/api/v1/auth/refresh/', { refresh_token: refreshToken });\n return this.persistTokens(tokens);\n }\n\n /**\n * Request a Magic Link for passwordless sign-in.\n * @param data - The email to send the logic link to.\n */\n async requestMagicLink(data: MagicLinkRequest): Promise<MagicLinkResponse> {\n return this.client.post<MagicLinkResponse>('/api/v1/auth/magic-link/request/', data);\n }\n\n /**\n * Verifies a magic link token extracted from the URL.\n * @param token - The cryptographic token received via email.\n * @returns A session token pair if the token is valid and unexpired.\n */\n async verifyMagicLink(token: string): Promise<TokenPair> {\n const tokens = await this.client.get<TokenPair>(`/api/v1/auth/magic-link/verify/`, { params: { token } });\n return this.persistTokens(tokens);\n }\n\n /**\n * Submits OAuth2 Social Authentication payloads to the backend.\n * Can be used with native mobile SDK tokens (like Apple Sign-In JWTs).\n * @param provider - The OAuth provider ('google', 'github', etc.)\n * @param data - The OAuth tokens (access_token, id_token, etc.)\n * @returns An active session token pair.\n */\n async loginWithSocial(provider: 'google' | 'github' | 'microsoft' | 'facebook', data: SocialLoginRequest): Promise<TokenPair> {\n const tokens = await this.client.post<TokenPair>(`/api/v1/auth/social/${provider}/`, data);\n return this.persistTokens(tokens);\n }\n\n /**\n * Handle Social Auth Callbacks (Authorization Code flow).\n * @param provider - The OAuth provider ('google', 'github', etc.)\n * @param code - The authorization code retrieved from the query string parameters.\n * @param redirectUri - The original redirect URI that was requested.\n * @returns An active session token pair after successful code exchange.\n */\n async handleSocialCallback(provider: 'google' | 'github' | 'microsoft' | 'facebook', code: string, redirectUri: string): Promise<TokenPair> {\n const tokens = await this.client.get<TokenPair>(`/api/v1/auth/social/${provider}/callback/`, {\n params: { code, redirect_uri: redirectUri },\n });\n return this.persistTokens(tokens);\n }\n}\n","export function bufferToBase64url(buffer: ArrayBuffer | Uint8Array): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary)\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=/g, '');\n}\n\nexport function base64urlToBuffer(base64url: string): Uint8Array {\n const base64 = base64url\n .replace(/-/g, '+')\n .replace(/_/g, '/');\n const padLen = (4 - (base64.length % 4)) % 4;\n const padded = base64 + '='.repeat(padLen);\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n","import { TenxyteHttpClient } from '../http/client';\nimport { TenxyteUser } from '../types';\nimport { base64urlToBuffer, bufferToBase64url } from '../utils/base64url';\n\nexport class SecurityModule {\n constructor(private client: TenxyteHttpClient) { }\n\n // ─── 2FA (TOTP) Management ───\n\n /**\n * Get the current 2FA status for the authenticated user.\n * @returns Information about whether 2FA is enabled and how many backup codes remain.\n */\n async get2FAStatus(): Promise<{ is_enabled: boolean; backup_codes_remaining: number }> {\n return this.client.get('/api/v1/auth/2fa/status/');\n }\n\n /**\n * Start the 2FA enrollment process.\n * @returns The secret key and QR code URL to be scanned by an Authenticator app.\n */\n async setup2FA(): Promise<{\n message: string;\n secret: string;\n manual_entry_key: string;\n qr_code: string;\n provisioning_uri: string;\n backup_codes: string[];\n warning: string;\n }> {\n return this.client.post('/api/v1/auth/2fa/setup/');\n }\n\n /**\n * Confirm the 2FA setup by providing the first TOTP code generated by the Authenticator app.\n * @param totpCode - The 6-digit code.\n */\n async confirm2FA(totpCode: string): Promise<{\n message: string;\n is_enabled: boolean;\n enabled_at: string;\n }> {\n return this.client.post('/api/v1/auth/2fa/confirm/', { totp_code: totpCode });\n }\n\n /**\n * Disable 2FA for the current user.\n * Usually requires re-authentication or providing the active password/totp code.\n * @param totpCode - The current 6-digit code to verify intent.\n * @param password - (Optional) The user's password if required by backend policy.\n */\n async disable2FA(totpCode: string, password?: string): Promise<{\n message: string;\n is_enabled: boolean;\n disabled_at: string;\n backup_codes_invalidated: boolean;\n }> {\n return this.client.post('/api/v1/auth/2fa/disable/', { totp_code: totpCode, password });\n }\n\n /**\n * Invalidate old backup codes and explicitly generate a new batch.\n * @param totpCode - An active TOTP code to verify intent.\n */\n async regenerateBackupCodes(totpCode: string): Promise<{\n message: string;\n backup_codes: string[];\n codes_count: number;\n generated_at?: string;\n warning: string;\n }> {\n return this.client.post('/api/v1/auth/2fa/backup-codes/', { totp_code: totpCode });\n }\n\n // ─── Verification OTP (Email / Phone) ───\n\n /**\n * Request an OTP code to be dispatched to the user's primary contact method.\n * @param type - The channel type ('email' or 'phone').\n */\n async requestOtp(type: 'email' | 'phone'): Promise<{\n message: string;\n otp_id: number;\n expires_at: string;\n channel: 'email' | 'phone';\n masked_recipient: string;\n }> {\n return this.client.post('/api/v1/auth/otp/request/', { type: type === 'email' ? 'email_verification' : 'phone_verification' });\n }\n\n /**\n * Verify an email confirmation OTP.\n * @param code - The numeric code received via email.\n */\n async verifyOtpEmail(code: string): Promise<{\n message: string;\n email_verified: boolean;\n verified_at: string;\n }> {\n return this.client.post('/api/v1/auth/otp/verify/email/', { code });\n }\n\n /**\n * Verify a phone confirmation OTP (SMS dispatch).\n * @param code - The numeric code received via SMS.\n */\n async verifyOtpPhone(code: string): Promise<{\n message: string;\n phone_verified: boolean;\n verified_at: string;\n phone_number: string;\n }> {\n return this.client.post('/api/v1/auth/otp/verify/phone/', { code });\n }\n\n // ─── Password Sub-module ───\n\n /**\n * Triggers a password reset flow, dispatching an OTP to the target.\n * @param target - Either an email address or a phone configuration payload.\n */\n async resetPasswordRequest(target: { email: string } | { phone_country_code: string; phone_number: string }): Promise<{ message: string }> {\n return this.client.post('/api/v1/auth/password/reset/request/', target);\n }\n\n /**\n * Confirm a password reset using the OTP dispatched by `resetPasswordRequest`.\n * @param data - The OTP code and the new matching password fields.\n */\n async resetPasswordConfirm(data: {\n email?: string;\n phone_country_code?: string;\n phone_number?: string;\n otp_code: string;\n new_password: string;\n confirm_password: string;\n }): Promise<{ message: string }> {\n return this.client.post('/api/v1/auth/password/reset/confirm/', data);\n }\n\n /**\n * Change password for an already authenticated user.\n * @param currentPassword - The existing password to verify intent.\n * @param newPassword - The distinct new password.\n */\n async changePassword(currentPassword: string, newPassword: string): Promise<{ message: string }> {\n return this.client.post('/api/v1/auth/password/change/', {\n current_password: currentPassword,\n new_password: newPassword,\n });\n }\n\n /**\n * Evaluate the strength of a potential password against backend policies.\n * @param password - The password string to test.\n * @param email - (Optional) The user's email to ensure the password doesn't contain it.\n */\n async checkPasswordStrength(password: string, email?: string): Promise<{\n score: number;\n strength: string;\n is_valid: boolean;\n errors: string[];\n requirements: {\n min_length: number;\n require_lowercase: boolean;\n require_uppercase: boolean;\n require_numbers: boolean;\n require_special: boolean;\n };\n }> {\n return this.client.post('/api/v1/auth/password/strength/', { password, email });\n }\n\n /**\n * Fetch the password complexity requirements enforced by the Tenxyte backend.\n */\n async getPasswordRequirements(): Promise<{\n requirements: Record<string, boolean | number>;\n min_length: number;\n max_length: number;\n }> {\n return this.client.get('/api/v1/auth/password/requirements/');\n }\n\n // ─── WebAuthn / Passkeys (FIDO2) ───\n\n /**\n * Register a new WebAuthn device (Passkey/Biometrics/Security Key) for the authenticated user.\n * Integrates transparently with the browser `navigator.credentials` API.\n * @param deviceName - Optional human-readable name for the device being registered.\n */\n async registerWebAuthn(deviceName?: string): Promise<{\n message: string;\n credential: {\n id: number;\n device_name: string;\n created_at: string;\n };\n }> {\n // 1. Begin registration\n const optionsResponse = await this.client.post<any>('/api/v1/auth/webauthn/register/begin/');\n\n // 2. Map options for the browser\n const publicKeyOpts = optionsResponse.publicKey;\n publicKeyOpts.challenge = base64urlToBuffer(publicKeyOpts.challenge);\n publicKeyOpts.user.id = base64urlToBuffer(publicKeyOpts.user.id);\n if (publicKeyOpts.excludeCredentials) {\n publicKeyOpts.excludeCredentials.forEach((cred: any) => {\n cred.id = base64urlToBuffer(cred.id);\n });\n }\n\n // 3. Request credential creation from the Authenticator\n const cred = await navigator.credentials.create({ publicKey: publicKeyOpts }) as PublicKeyCredential;\n if (!cred) {\n throw new Error('WebAuthn registration was aborted or failed.');\n }\n\n const response = cred.response as AuthenticatorAttestationResponse;\n\n // 4. Complete registration on the backend\n const completionPayload = {\n device_name: deviceName,\n credential: {\n id: cred.id,\n type: cred.type,\n rawId: bufferToBase64url(cred.rawId),\n response: {\n attestationObject: bufferToBase64url(response.attestationObject),\n clientDataJSON: bufferToBase64url(response.clientDataJSON),\n },\n },\n };\n\n return this.client.post('/api/v1/auth/webauthn/register/complete/', completionPayload);\n }\n\n /**\n * Authenticate via WebAuthn (Passkey) without requiring a password.\n * Integrates transparently with the browser `navigator.credentials` API.\n * @param email - The email address identifying the user account (optional if discoverable credentials are used).\n * @returns A session token pair and the user context upon successful cryptographic challenge verification.\n */\n async authenticateWebAuthn(email?: string): Promise<{\n access: string;\n refresh: string;\n user: TenxyteUser;\n message: string;\n credential_used: string;\n }> {\n // 1. Begin authentication\n const optionsResponse = await this.client.post<any>('/api/v1/auth/webauthn/authenticate/begin/', email ? { email } : {});\n\n // 2. Map options for the browser\n const publicKeyOpts = optionsResponse.publicKey;\n publicKeyOpts.challenge = base64urlToBuffer(publicKeyOpts.challenge);\n if (publicKeyOpts.allowCredentials) {\n publicKeyOpts.allowCredentials.forEach((cred: any) => {\n cred.id = base64urlToBuffer(cred.id);\n });\n }\n\n // 3. Request assertion from the Authenticator\n const cred = await navigator.credentials.get({ publicKey: publicKeyOpts }) as PublicKeyCredential;\n if (!cred) {\n throw new Error('WebAuthn authentication was aborted or failed.');\n }\n\n const response = cred.response as AuthenticatorAssertionResponse;\n\n // 4. Complete authentication on the backend\n const completionPayload = {\n credential: {\n id: cred.id,\n type: cred.type,\n rawId: bufferToBase64url(cred.rawId),\n response: {\n authenticatorData: bufferToBase64url(response.authenticatorData),\n clientDataJSON: bufferToBase64url(response.clientDataJSON),\n signature: bufferToBase64url(response.signature),\n userHandle: response.userHandle ? bufferToBase64url(response.userHandle) : null,\n },\n },\n };\n\n return this.client.post('/api/v1/auth/webauthn/authenticate/complete/', completionPayload);\n }\n\n /**\n * List all registered WebAuthn credentials for the active user.\n */\n async listWebAuthnCredentials(): Promise<{\n credentials: Array<{\n id: number;\n device_name: string;\n created_at: string;\n last_used_at: string | null;\n authenticator_type: string;\n is_resident_key: boolean;\n }>;\n count: number;\n }> {\n return this.client.get('/api/v1/auth/webauthn/credentials/');\n }\n\n /**\n * Delete a specific WebAuthn credential, removing its capability to sign in.\n * @param credentialId - The internal ID of the credential to delete.\n */\n async deleteWebAuthnCredential(credentialId: number): Promise<void> {\n return this.client.delete(`/api/v1/auth/webauthn/credentials/${credentialId}/`);\n }\n}\n","export interface DecodedTenxyteToken {\n exp?: number;\n iat?: number;\n sub?: string;\n roles?: string[];\n permissions?: string[];\n [key: string]: any;\n}\n\n/**\n * Decodes the payload of a JWT without verifying the signature.\n * Suitable for client-side routing and UI state.\n */\nexport function decodeJwt(token: string): DecodedTenxyteToken | null {\n try {\n const parts = token.split('.');\n if (parts.length !== 3) {\n return null;\n }\n\n const base64Url = parts[1];\n if (!base64Url) return null;\n\n let base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');\n\n // Pad with standard base64 padding\n while (base64.length % 4) {\n base64 += '=';\n }\n\n const isBrowser = typeof window !== 'undefined' && typeof window.atob === 'function';\n let jsonPayload: string;\n\n if (isBrowser) {\n // Browser decode\n jsonPayload = decodeURIComponent(\n window.atob(base64)\n .split('')\n .map((c) => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2))\n .join('')\n );\n } else {\n // Node.js decode\n jsonPayload = Buffer.from(base64, 'base64').toString('utf8');\n }\n\n return JSON.parse(jsonPayload);\n } catch (_e) {\n return null;\n }\n}\n","import { TenxyteHttpClient } from '../http/client';\nimport { decodeJwt, DecodedTenxyteToken } from '../utils/jwt';\n\nexport interface Role {\n id: string;\n name: string;\n description?: string;\n is_default?: boolean;\n permissions?: string[];\n}\n\nexport interface Permission {\n id: string;\n code: string;\n name: string;\n description?: string;\n}\n\nexport class RbacModule {\n private cachedToken: string | null = null;\n\n constructor(private client: TenxyteHttpClient) { }\n\n /**\n * Cache a decoded JWT payload locally to perform parameter-less synchronous permission checks.\n * Usually invoked automatically by the system upon login or token refresh.\n * @param token - The raw JWT access token encoded string.\n */\n setToken(token: string | null) {\n this.cachedToken = token;\n }\n\n private getDecodedToken(token?: string): DecodedTenxyteToken | null {\n const t = token || this.cachedToken;\n if (!t) return null;\n return decodeJwt(t);\n }\n\n // --- Synchronous Checks --- //\n\n /**\n * Synchronously deeply inspects the cached (or provided) JWT to determine if the user has a specific Role.\n * @param role - The exact code name of the Role.\n * @param token - (Optional) Provide a specific token overriding the cached one.\n */\n hasRole(role: string, token?: string): boolean {\n const decoded = this.getDecodedToken(token);\n if (!decoded?.roles) return false;\n return decoded.roles.includes(role);\n }\n\n /**\n * Evaluates if the active session holds AT LEAST ONE of the listed Roles.\n * @param roles - An array of Role codes.\n */\n hasAnyRole(roles: string[], token?: string): boolean {\n const decoded = this.getDecodedToken(token);\n if (!decoded?.roles) return false;\n return roles.some(r => decoded.roles!.includes(r));\n }\n\n /**\n * Evaluates if the active session holds ALL of the listed Roles concurrently.\n * @param roles - An array of Role codes.\n */\n hasAllRoles(roles: string[], token?: string): boolean {\n const decoded = this.getDecodedToken(token);\n if (!decoded?.roles) return false;\n return roles.every(r => decoded.roles!.includes(r));\n }\n\n /**\n * Synchronously deeply inspects the cached (or provided) JWT to determine if the user has a specific granular Permission.\n * @param permission - The exact code name of the Permission (e.g., 'invoices.read').\n */\n hasPermission(permission: string, token?: string): boolean {\n const decoded = this.getDecodedToken(token);\n if (!decoded?.permissions) return false;\n return decoded.permissions.includes(permission);\n }\n\n /**\n * Evaluates if the active session holds AT LEAST ONE of the listed Permissions.\n */\n hasAnyPermission(permissions: string[], token?: string): boolean {\n const decoded = this.getDecodedToken(token);\n if (!decoded?.permissions) return false;\n return permissions.some(p => decoded.permissions!.includes(p));\n }\n\n /**\n * Evaluates if the active session holds ALL of the listed Permissions concurrently.\n */\n hasAllPermissions(permissions: string[], token?: string): boolean {\n const decoded = this.getDecodedToken(token);\n if (!decoded?.permissions) return false;\n return permissions.every(p => decoded.permissions!.includes(p));\n }\n\n // --- Roles CRUD --- //\n\n /** Fetch all application global Roles structure */\n async listRoles(): Promise<Role[]> {\n return this.client.get<Role[]>('/api/v1/auth/roles/');\n }\n\n /** Create a new architectural Role inside Tenxyte */\n async createRole(data: { name: string; description?: string; permission_codes?: string[]; is_default?: boolean }): Promise<Role> {\n return this.client.post<Role>('/api/v1/auth/roles/', data);\n }\n\n /** Get detailed metadata defining a single bounded Role */\n async getRole(roleId: string): Promise<Role> {\n return this.client.get<Role>(`/api/v1/auth/roles/${roleId}/`);\n }\n\n /** Modify properties bounding a Role */\n async updateRole(roleId: string, data: { name?: string; description?: string; permission_codes?: string[]; is_default?: boolean }): Promise<Role> {\n return this.client.put<Role>(`/api/v1/auth/roles/${roleId}/`, data);\n }\n\n /** Unbind and destruct a Role from the global Tenant. (Dangerous, implies cascading permission unbindings) */\n async deleteRole(roleId: string): Promise<void> {\n return this.client.delete<void>(`/api/v1/auth/roles/${roleId}/`);\n }\n\n // --- Role Permissions Management --- //\n\n async getRolePermissions(roleId: string): Promise<Permission[]> {\n return this.client.get<Permission[]>(`/api/v1/auth/roles/${roleId}/permissions/`);\n }\n\n async addPermissionsToRole(roleId: string, permission_codes: string[]): Promise<void> {\n return this.client.post<void>(`/api/v1/auth/roles/${roleId}/permissions/`, { permission_codes });\n }\n\n async removePermissionsFromRole(roleId: string, permission_codes: string[]): Promise<void> {\n return this.client.delete<void>(`/api/v1/auth/roles/${roleId}/permissions/`, { permission_codes });\n }\n\n // --- Permissions CRUD --- //\n\n /** Enumerates all available fine-grained Permissions inside this Tenant scope. */\n async listPermissions(): Promise<Permission[]> {\n return this.client.get<Permission[]>('/api/v1/auth/permissions/');\n }\n\n /** Bootstraps a new granular Permission flag (e.g. `billing.refund`). */\n async createPermission(data: { code: string; name: string; description?: string; parent_code?: string }): Promise<Permission> {\n return this.client.post<Permission>('/api/v1/auth/permissions/', data);\n }\n\n /** Retrieves an existing atomic Permission construct. */\n async getPermission(permissionId: string): Promise<Permission> {\n return this.client.get<Permission>(`/api/v1/auth/permissions/${permissionId}/`);\n }\n\n /** Edits the human readable description or structural dependencies of a Permission. */\n async updatePermission(permissionId: string, data: { name?: string; description?: string }): Promise<Permission> {\n return this.client.put<Permission>(`/api/v1/auth/permissions/${permissionId}/`, data);\n }\n\n /** Destroys an atomic Permission permanently. Any Roles referencing it will be stripped of this grant automatically. */\n async deletePermission(permissionId: string): Promise<void> {\n return this.client.delete<void>(`/api/v1/auth/permissions/${permissionId}/`);\n }\n\n // --- Direct Assignment (Users) --- //\n\n /**\n * Retrieve all roles assigned to a specific user.\n * @param userId - The target user ID.\n */\n async getUserRoles(userId: string): Promise<Record<string, unknown>> {\n return this.client.get<Record<string, unknown>>(`/api/v1/auth/users/${userId}/roles/`);\n }\n\n /**\n * Retrieve all permissions directly assigned to a specific user (excluding role-based permissions).\n * @param userId - The target user ID.\n */\n async getUserPermissions(userId: string): Promise<Record<string, unknown>> {\n return this.client.get<Record<string, unknown>>(`/api/v1/auth/users/${userId}/permissions/`);\n }\n\n /**\n * Attach a given Role globally to a user entity.\n * Use sparingly if B2B multi-tenancy contexts are preferred.\n */\n async assignRoleToUser(userId: string, roleCode: string): Promise<void> {\n return this.client.post<void>(`/api/v1/auth/users/${userId}/roles/`, { role_code: roleCode });\n }\n\n /**\n * Unbind a global Role from a user entity.\n */\n async removeRoleFromUser(userId: string, roleCode: string): Promise<void> {\n return this.client.delete<void>(`/api/v1/auth/users/${userId}/roles/`, undefined, {\n params: { role_code: roleCode }\n });\n }\n\n /**\n * Ad-Hoc directly attach specific granular Permissions to a single User, bypassing Role boundaries.\n */\n async assignPermissionsToUser(userId: string, permissionCodes: string[]): Promise<void> {\n return this.client.post<void>(`/api/v1/auth/users/${userId}/permissions/`, { permission_codes: permissionCodes });\n }\n\n /**\n * Ad-Hoc strip direct granular Permissions bindings from a specific User.\n */\n async removePermissionsFromUser(userId: string, permissionCodes: string[]): Promise<void> {\n return this.client.delete<void>(`/api/v1/auth/users/${userId}/permissions/`, { permission_codes: permissionCodes });\n }\n}\n","import { TenxyteHttpClient } from '../http/client';\nimport type { TenxyteUser, PaginatedResponse } from '../types';\n\nexport interface UpdateProfileParams {\n first_name?: string;\n last_name?: string;\n [key: string]: any; // Allow custom metadata updates\n}\n\nexport interface AdminUpdateUserParams {\n first_name?: string;\n last_name?: string;\n is_active?: boolean;\n is_locked?: boolean;\n max_sessions?: number;\n max_devices?: number;\n}\n\nexport class UserModule {\n constructor(private client: TenxyteHttpClient) { }\n\n // --- Standard Profile Actions --- //\n\n /** Retrieve your current comprehensive Profile metadata matching the active network bearer token. */\n async getProfile(): Promise<TenxyteUser> {\n return this.client.get('/api/v1/auth/me/');\n }\n\n /** Modify your active profile core details or injected application metadata. */\n async updateProfile(data: UpdateProfileParams): Promise<TenxyteUser> {\n return this.client.patch('/api/v1/auth/me/', data);\n }\n\n /**\n * Upload an avatar using FormData.\n * Ensure the environment supports FormData (browser or Node.js v18+).\n * @param formData The FormData object containing the 'avatar' field.\n */\n async uploadAvatar(formData: FormData): Promise<TenxyteUser> {\n return this.client.patch('/api/v1/auth/me/', formData);\n }\n\n /**\n * @deprecated Use `gdpr.requestAccountDeletion()` instead. This proxy will be removed in a future release.\n * Trigger self-deletion of an entire account data boundary.\n * @param password - Requires the active system password as destructive proof of intent.\n * @param otpCode - (Optional) If an OTP was queried prior to attempting account deletion.\n */\n async deleteAccount(password: string, otpCode?: string): Promise<void> {\n return this.client.post<void>('/api/v1/auth/request-account-deletion/', {\n password,\n otp_code: otpCode\n });\n }\n\n /**\n * Retrieve the roles and permissions of the currently authenticated user.\n * @returns An object containing `roles[]` and `permissions[]`.\n */\n async getMyRoles(): Promise<{ roles: any[]; permissions: any[]; [key: string]: unknown }> {\n return this.client.get('/api/v1/auth/me/roles/');\n }\n\n // --- Admin Actions Mapping --- //\n\n /** (Admin only) Lists users paginated matching criteria. */\n async listUsers(params?: Record<string, any>): Promise<PaginatedResponse<TenxyteUser>> {\n return this.client.get<PaginatedResponse<TenxyteUser>>('/api/v1/auth/admin/users/', { params });\n }\n\n /** (Admin only) Gets deterministic data related to a remote unassociated user. */\n async getUser(userId: string): Promise<TenxyteUser> {\n return this.client.get(`/api/v1/auth/admin/users/${userId}/`);\n }\n\n /** (Admin only) Modifies configuration/details or capacity bounds related to a remote unassociated user. */\n async adminUpdateUser(userId: string, data: AdminUpdateUserParams): Promise<TenxyteUser> {\n return this.client.patch(`/api/v1/auth/admin/users/${userId}/`, data);\n }\n\n /** (Admin only) Force obliterate a User boundary. Can affect relational database stability if not bound carefully. */\n async adminDeleteUser(userId: string): Promise<void> {\n return this.client.delete<void>(`/api/v1/auth/admin/users/${userId}/`);\n }\n\n /** (Admin only) Apply a permanent suspension / ban state globally on a user token footprint. */\n async banUser(userId: string, reason: string = ''): Promise<void> {\n return this.client.post<void>(`/api/v1/auth/admin/users/${userId}/ban/`, { reason });\n }\n\n /** (Admin only) Recover a user footprint from a global ban state. */\n async unbanUser(userId: string): Promise<void> {\n return this.client.post<void>(`/api/v1/auth/admin/users/${userId}/unban/`);\n }\n\n /** (Admin only) Apply a temporary lock bounding block on a user interaction footprint. */\n async lockUser(userId: string, durationMinutes: number = 30, reason: string = ''): Promise<void> {\n return this.client.post<void>(`/api/v1/auth/admin/users/${userId}/lock/`, { duration_minutes: durationMinutes, reason });\n }\n\n /** (Admin only) Releases an arbitrary temporary system lock placed on a user bounds. */\n async unlockUser(userId: string): Promise<void> {\n return this.client.post<void>(`/api/v1/auth/admin/users/${userId}/unlock/`);\n }\n}\n","import { TenxyteHttpClient } from '../http/client';\nimport { Organization, PaginatedResponse } from '../types';\n\nexport interface OrgMembership {\n id: number;\n user_id: number;\n email: string;\n first_name: string;\n last_name: string;\n role: { code: string; name: string };\n joined_at: string;\n}\n\nexport interface OrgTreeNode {\n id: number;\n name: string;\n slug: string;\n children: OrgTreeNode[];\n}\n\nexport class B2bModule {\n private currentOrgSlug: string | null = null;\n\n constructor(private client: TenxyteHttpClient) {\n // Register an interceptor to auto-inject the X-Org-Slug header\n this.client.addRequestInterceptor((config) => {\n if (this.currentOrgSlug) {\n config.headers = {\n ...config.headers,\n 'X-Org-Slug': this.currentOrgSlug,\n };\n }\n return config;\n });\n }\n\n // ─── Context Management ───\n\n /**\n * Set the active Organization context.\n * Subsequent API requests will automatically include the `X-Org-Slug` header.\n * @param slug - The unique string identifier of the organization.\n */\n switchOrganization(slug: string): void {\n this.currentOrgSlug = slug;\n }\n\n /**\n * Clear the active Organization context, dropping the `X-Org-Slug` header for standard User operations.\n */\n clearOrganization(): void {\n this.currentOrgSlug = null;\n }\n\n /** Get the currently active Organization slug context if set. */\n getCurrentOrganizationSlug(): string | null {\n return this.currentOrgSlug;\n }\n\n // ─── Organizations CRUD ───\n\n /** Create a new top-level or child Organization in the backend. */\n async createOrganization(data: {\n name: string;\n slug?: string;\n description?: string;\n parent_id?: number;\n metadata?: Record<string, unknown>;\n max_members?: number;\n }): Promise<Organization> {\n return this.client.post('/api/v1/auth/organizations/', data);\n }\n\n /** List organizations the currently authenticated user belongs to. */\n async listMyOrganizations(params?: {\n search?: string;\n is_active?: boolean;\n parent?: string;\n ordering?: string;\n page?: number;\n page_size?: number;\n }): Promise<PaginatedResponse<Organization>> {\n return this.client.get('/api/v1/auth/organizations/', { params });\n }\n\n /** Retrieve details about a specific organization by slug. */\n async getOrganization(slug: string): Promise<Organization> {\n return this.client.get(`/api/v1/auth/organizations/${slug}/`);\n }\n\n /** Update configuration and metadata of an Organization. */\n async updateOrganization(slug: string, data: Partial<{\n name: string;\n slug: string;\n description: string;\n parent_id: number | null;\n metadata: Record<string, unknown>;\n max_members: number;\n is_active: boolean;\n }>): Promise<Organization> {\n return this.client.patch(`/api/v1/auth/organizations/${slug}/`, data);\n }\n\n /** Permanently delete an Organization. */\n async deleteOrganization(slug: string): Promise<{ message: string }> {\n return this.client.delete(`/api/v1/auth/organizations/${slug}/`);\n }\n\n /** Retrieve the topology subtree extending downward from this point. */\n async getOrganizationTree(slug: string): Promise<OrgTreeNode> {\n return this.client.get(`/api/v1/auth/organizations/${slug}/tree/`);\n }\n\n // ─── Member Management ───\n\n /** List users bound to a specific Organization. */\n async listMembers(slug: string, params?: {\n search?: string;\n role?: 'owner' | 'admin' | 'member';\n status?: 'active' | 'inactive' | 'pending';\n ordering?: string;\n page?: number;\n page_size?: number;\n }): Promise<PaginatedResponse<OrgMembership>> {\n return this.client.get(`/api/v1/auth/organizations/${slug}/members/`, { params });\n }\n\n /** Add a user directly into an Organization with a designated role. */\n async addMember(slug: string, data: {\n user_id: number;\n role_code: string;\n }): Promise<OrgMembership> {\n return this.client.post(`/api/v1/auth/organizations/${slug}/members/`, data);\n }\n\n /** Evolve or demote an existing member's role within the Organization. */\n async updateMemberRole(slug: string, userId: number, roleCode: string): Promise<OrgMembership> {\n return this.client.patch(`/api/v1/auth/organizations/${slug}/members/${userId}/`, { role_code: roleCode });\n }\n\n /** Kick a user out of the Organization. */\n async removeMember(slug: string, userId: number): Promise<{ message: string }> {\n return this.client.delete(`/api/v1/auth/organizations/${slug}/members/${userId}/`);\n }\n\n // ─── Invitations ───\n\n /** Send an onboarding email invitation to join an Organization. */\n async inviteMember(slug: string, data: {\n email: string;\n role_code: string;\n expires_in_days?: number;\n }): Promise<{\n id: number;\n email: string;\n role: string;\n token: string;\n expires_at: string;\n invited_by: { id: number; email: string };\n organization: { id: number; name: string; slug: string };\n }> {\n return this.client.post(`/api/v1/auth/organizations/${slug}/invitations/`, data);\n }\n\n /** Fetch a definition matrix of what Organization-level roles can be assigned. */\n async listOrgRoles(): Promise<Array<{\n code: string;\n name: string;\n description: string;\n weight: number;\n permissions: Array<{ code: string; name: string; description: string }>;\n is_system_role: boolean;\n created_at: string;\n }>> {\n return this.client.get('/api/v1/auth/organizations/roles/');\n }\n}\n","import { TenxyteHttpClient } from '../http/client';\nimport { AgentTokenSummary, AgentPendingAction } from '../types';\nimport type { TenxyteLogger } from '../config';\n\nexport class AiModule {\n private agentToken: string | null = null;\n private traceId: string | null = null;\n private logger?: TenxyteLogger;\n\n constructor(private client: TenxyteHttpClient, logger?: TenxyteLogger) {\n this.logger = logger;\n // Register an interceptor to auto-inject AgentBearer and Trace ID\n this.client.addRequestInterceptor((config) => {\n const headers: Record<string, string> = { ...config.headers };\n\n if (this.agentToken) {\n // Determine if we should replace the standard Authorization\n // By Tenxyte specification, AgentToken uses \"AgentBearer\"\n headers['Authorization'] = `AgentBearer ${this.agentToken}`;\n }\n\n if (this.traceId) {\n headers['X-Prompt-Trace-ID'] = this.traceId;\n }\n\n return { ...config, headers };\n });\n\n // Intercept 202 Accepted and specific 403 errors (Circuit Breaker)\n // Usually, these should be emitted via the main TenxyteClient EventEmitter.\n // For now, we add a response interceptor to handle the HTTP side.\n this.client.addResponseInterceptor(async (response, _request) => {\n // Note: Since response streams can only be read once, full integration\n // with EventEmitter for deep inspection (like 202s body) requires cloning.\n if (response.status === 202) {\n // HTTP 202 Accepted indicates HITL awaiting confirmation\n const cloned = response.clone();\n try {\n const data = await cloned.json();\n // Assuming TenxyteClient will fire 'agent:awaiting_approval' based on this later\n this.logger?.debug('[Tenxyte AI] Received 202 Awaiting Approval:', data);\n } catch {\n // Ignore parsing errors\n }\n } else if (response.status === 403) {\n const cloned = response.clone();\n try {\n const data = await cloned.json();\n if (data.code === 'BUDGET_EXCEEDED') {\n this.logger?.warn('[Tenxyte AI] Network responded with Budget Exceeded for Agent.');\n } else if (data.status === 'suspended') {\n this.logger?.warn('[Tenxyte AI] Circuit breaker open for Agent.');\n }\n } catch {\n // Ignore parsing errors\n }\n }\n return response;\n });\n }\n\n // ─── AgentToken Lifecycle ───\n\n /**\n * Create an AgentToken granting specific deterministic limits to an AI Agent.\n */\n async createAgentToken(data: {\n agent_id: string;\n permissions?: string[];\n expires_in?: number;\n organization?: string;\n budget_limit_usd?: number;\n circuit_breaker?: {\n max_requests?: number;\n window_seconds?: number;\n };\n dead_mans_switch?: {\n heartbeat_required_every?: number;\n };\n }): Promise<{\n id: number;\n token: string;\n agent_id: string;\n status: string;\n expires_at: string;\n }> {\n return this.client.post('/api/v1/auth/ai/tokens/', data);\n }\n\n /**\n * Set the SDK to operate on behalf of an Agent using the generated Agent Token payload.\n * Overrides standard `Authorization` headers with `AgentBearer`.\n */\n setAgentToken(token: string): void {\n this.agentToken = token;\n }\n\n /** Disables the active Agent override and reverts to standard User session requests. */\n clearAgentToken(): void {\n this.agentToken = null;\n }\n\n /** Check if the SDK is currently mocking requests as an AI Agent. */\n isAgentMode(): boolean {\n return this.agentToken !== null;\n }\n\n /** List previously provisioned active Agent tokens. */\n async listAgentTokens(): Promise<AgentTokenSummary[]> {\n return this.client.get('/api/v1/auth/ai/tokens/');\n }\n\n /** Fetch the status and configuration of a specific AgentToken. */\n async getAgentToken(tokenId: number): Promise<AgentTokenSummary> {\n return this.client.get(`/api/v1/auth/ai/tokens/${tokenId}/`);\n }\n\n /** Irreversibly revoke a targeted AgentToken from acting upon the Tenant. */\n async revokeAgentToken(tokenId: number): Promise<{ status: 'revoked' }> {\n return this.client.post(`/api/v1/auth/ai/tokens/${tokenId}/revoke/`);\n }\n\n /** Temporarily freeze an AgentToken by forcibly closing its Circuit Breaker. */\n async suspendAgentToken(tokenId: number): Promise<{ status: 'suspended' }> {\n return this.client.post(`/api/v1/auth/ai/tokens/${tokenId}/suspend/`);\n }\n\n /** Emergency kill-switch to wipe all operational Agent Tokens. */\n async revokeAllAgentTokens(): Promise<{ status: 'revoked'; count: number }> {\n return this.client.post('/api/v1/auth/ai/tokens/revoke-all/');\n }\n\n // ─── Circuit Breaker ───\n\n /** Satisfy an Agent's Dead-Man's switch heartbeat requirement to prevent suspension. */\n async sendHeartbeat(tokenId: number): Promise<{ status: 'ok' }> {\n return this.client.post(`/api/v1/auth/ai/tokens/${tokenId}/heartbeat/`);\n }\n\n // ─── Human in the Loop (HITL) ───\n\n /** List intercepted HTTP 202 actions waiting for Human interaction / approval. */\n async listPendingActions(): Promise<AgentPendingAction[]> {\n return this.client.get('/api/v1/auth/ai/pending-actions/');\n }\n\n /** Complete a pending HITL authorization to finally flush the Agent action to backend systems. */\n async confirmPendingAction(confirmationToken: string): Promise<{ status: 'confirmed' }> {\n return this.client.post('/api/v1/auth/ai/pending-actions/confirm/', { token: confirmationToken });\n }\n\n /** Block an Agent action permanently. */\n async denyPendingAction(confirmationToken: string): Promise<{ status: 'denied' }> {\n return this.client.post('/api/v1/auth/ai/pending-actions/deny/', { token: confirmationToken });\n }\n\n // ─── Traceability and Budget ───\n\n /** Start piping the `X-Prompt-Trace-ID` custom header outwards for tracing logs against LLM inputs. */\n setTraceId(traceId: string): void {\n this.traceId = traceId;\n }\n\n /** Disable trace forwarding context. */\n clearTraceId(): void {\n this.traceId = null;\n }\n\n /** \n * Report consumption costs associated with a backend invocation back to Tenxyte for strict circuit budgeting.\n * @param tokenId - AgentToken evaluating ID.\n * @param usage - Sunk token costs or explicit USD derivations.\n */\n async reportUsage(tokenId: number, usage: {\n cost_usd: number;\n prompt_tokens: number;\n completion_tokens: number;\n }): Promise<{ status: 'ok' } | { error: 'Budget exceeded'; status: 'suspended' }> {\n return this.client.post(`/api/v1/auth/ai/tokens/${tokenId}/report-usage/`, usage);\n }\n}\n","import { TenxyteHttpClient } from '../http/client';\nimport type { PaginatedResponse } from '../types';\n\n/**\n * Represents an application (API client) registered in the Tenxyte platform.\n * The `access_secret` is never returned after creation — only `access_key` is visible.\n */\nexport interface Application {\n id: string;\n name: string;\n description?: string;\n access_key: string;\n is_active: boolean;\n created_at: string;\n updated_at: string;\n}\n\n/**\n * Parameters accepted by `listApplications()`.\n */\nexport interface ApplicationListParams {\n /** Search within name and description. */\n search?: string;\n /** Filter by active status. */\n is_active?: boolean;\n /** Sort field: `name`, `is_active`, `created_at`, `updated_at`. */\n ordering?: string;\n /** Page number (1-indexed). */\n page?: number;\n /** Items per page (max 100). */\n page_size?: number;\n}\n\n/**\n * Body accepted by `createApplication()`.\n */\nexport interface ApplicationCreateData {\n name: string;\n description?: string;\n}\n\n/**\n * Response returned by `createApplication()`.\n * **`client_secret` is only shown once at creation time.**\n */\nexport interface ApplicationCreateResponse {\n id: number;\n name: string;\n description?: string;\n client_id: string;\n client_secret: string;\n is_active: boolean;\n created_at: string;\n secret_rotation_warning?: string;\n}\n\n/**\n * Body accepted by `updateApplication()` (PUT — full replace).\n */\nexport interface ApplicationUpdateData {\n name?: string;\n description?: string;\n is_active?: boolean;\n}\n\n/**\n * Response returned by `regenerateCredentials()`.\n * **`credentials.access_secret` is only shown once.**\n */\nexport interface ApplicationRegenerateResponse {\n message?: string;\n application?: Record<string, unknown>;\n credentials?: {\n access_key?: string;\n access_secret?: string;\n };\n warning?: string;\n old_credentials_invalidated?: boolean;\n}\n\nexport class ApplicationsModule {\n constructor(private client: TenxyteHttpClient) {}\n\n /**\n * List all registered applications (paginated).\n * @param params - Optional filters: `search`, `is_active`, `ordering`, `page`, `page_size`.\n * @returns A paginated list of applications.\n */\n async listApplications(params?: ApplicationListParams): Promise<PaginatedResponse<Application>> {\n return this.client.get<PaginatedResponse<Application>>('/api/v1/auth/applications/', {\n params: params as Record<string, string | number | boolean> | undefined,\n });\n }\n\n /**\n * Create a new application.\n * @param data - The application name and optional description.\n * @returns The created application including one-time `client_secret`.\n */\n async createApplication(data: ApplicationCreateData): Promise<ApplicationCreateResponse> {\n return this.client.post<ApplicationCreateResponse>('/api/v1/auth/applications/', data);\n }\n\n /**\n * Get a single application by its ID.\n * @param appId - The application ID.\n * @returns The application details (secret is never included).\n */\n async getApplication(appId: string): Promise<Application> {\n return this.client.get<Application>(`/api/v1/auth/applications/${appId}/`);\n }\n\n /**\n * Fully update an application (PUT — all fields replaced).\n * @param appId - The application ID.\n * @param data - The full updated application data.\n * @returns The updated application.\n */\n async updateApplication(appId: string, data: ApplicationUpdateData): Promise<Application> {\n return this.client.put<Application>(`/api/v1/auth/applications/${appId}/`, data);\n }\n\n /**\n * Partially update an application (PATCH — only provided fields are changed).\n * @param appId - The application ID.\n * @param data - The fields to update.\n * @returns The updated application.\n */\n async patchApplication(appId: string, data: Partial<ApplicationUpdateData>): Promise<Application> {\n return this.client.patch<Application>(`/api/v1/auth/applications/${appId}/`, data);\n }\n\n /**\n * Delete an application permanently.\n * @param appId - The application ID.\n */\n async deleteApplication(appId: string): Promise<void> {\n return this.client.delete<void>(`/api/v1/auth/applications/${appId}/`);\n }\n\n /**\n * Regenerate credentials for an application.\n * **Warning:** Old credentials are immediately invalidated. The new secret is shown only once.\n * @param appId - The application ID.\n * @param confirmation - Must be the string `\"REGENERATE\"` to confirm the irreversible action.\n * @returns The new credentials (access_key + access_secret shown once).\n */\n async regenerateCredentials(appId: string, confirmation: string = 'REGENERATE'): Promise<ApplicationRegenerateResponse> {\n return this.client.post<ApplicationRegenerateResponse>(`/api/v1/auth/applications/${appId}/regenerate/`, { confirmation });\n }\n}\n","import { TenxyteHttpClient } from '../http/client';\nimport type { PaginatedResponse } from '../types';\n\n// ─── Action enum ───\n\n/**\n * All possible audit log action types.\n */\nexport type AuditAction =\n | 'login'\n | 'login_failed'\n | 'logout'\n | 'logout_all'\n | 'token_refresh'\n | 'password_change'\n | 'password_reset_request'\n | 'password_reset_complete'\n | '2fa_enabled'\n | '2fa_disabled'\n | '2fa_backup_used'\n | 'account_created'\n | 'account_locked'\n | 'account_unlocked'\n | 'email_verified'\n | 'phone_verified'\n | 'role_assigned'\n | 'role_removed'\n | 'permission_changed'\n | 'app_created'\n | 'app_credentials_regenerated'\n | 'account_deleted'\n | 'suspicious_activity'\n | 'session_limit_exceeded'\n | 'device_limit_exceeded'\n | 'new_device_detected'\n | 'agent_action';\n\n// ─── Entity types ───\n\n/** An audit log entry. */\nexport interface AuditLog {\n id: string;\n user?: number | null;\n user_email: string;\n action: AuditAction;\n ip_address?: string | null;\n user_agent?: string;\n application?: number | null;\n application_name: string;\n details?: unknown;\n created_at: string;\n}\n\n/** A login attempt record. */\nexport interface LoginAttempt {\n id: string;\n identifier: string;\n ip_address: string;\n application?: number | null;\n success?: boolean;\n failure_reason?: string;\n created_at: string;\n}\n\n/** A blacklisted (revoked) JWT token. */\nexport interface BlacklistedToken {\n id: string;\n token_jti: string;\n user?: number | null;\n user_email: string;\n blacklisted_at: string;\n expires_at: string;\n reason?: string;\n is_expired: string;\n}\n\n/** A refresh token as seen from the admin view (token value hidden). */\nexport interface RefreshTokenInfo {\n id: string;\n user: number;\n user_email: string;\n application: number;\n application_name: string;\n device_info?: string;\n ip_address?: string | null;\n is_revoked?: boolean;\n is_expired: string;\n expires_at: string;\n created_at: string;\n last_used_at: string;\n}\n\n// ─── Query param types ───\n\n/** Parameters accepted by `listAuditLogs()`. */\nexport interface AuditLogListParams {\n /** Filter by user ID. */\n user_id?: string;\n /** Filter by action (login, login_failed, password_change, etc.). */\n action?: string;\n /** Filter by IP address. */\n ip_address?: string;\n /** Filter by application ID. */\n application_id?: string;\n /** After date (YYYY-MM-DD). */\n date_from?: string;\n /** Before date (YYYY-MM-DD). */\n date_to?: string;\n /** Sort field: `created_at`, `action`, `user`. */\n ordering?: string;\n /** Page number (1-indexed). */\n page?: number;\n /** Items per page (max 100). */\n page_size?: number;\n}\n\n/** Parameters accepted by `listLoginAttempts()`. */\nexport interface LoginAttemptListParams {\n /** Filter by identifier (email/phone). */\n identifier?: string;\n /** Filter by IP address. */\n ip_address?: string;\n /** Filter by success/failure. */\n success?: boolean;\n /** After date (YYYY-MM-DD). */\n date_from?: string;\n /** Before date (YYYY-MM-DD). */\n date_to?: string;\n /** Sort field: `created_at`, `identifier`, `ip_address`. */\n ordering?: string;\n /** Page number (1-indexed). */\n page?: number;\n /** Items per page (max 100). */\n page_size?: number;\n}\n\n/** Parameters accepted by `listBlacklistedTokens()`. */\nexport interface BlacklistedTokenListParams {\n /** Filter by user ID. */\n user_id?: string;\n /** Filter by reason (`logout`, `password_change`, `security`). */\n reason?: string;\n /** Filter by expired (true/false). */\n expired?: boolean;\n /** Sort field: `blacklisted_at`, `expires_at`. */\n ordering?: string;\n /** Page number (1-indexed). */\n page?: number;\n /** Items per page (max 100). */\n page_size?: number;\n}\n\n/** Parameters accepted by `listRefreshTokens()`. */\nexport interface RefreshTokenListParams {\n /** Filter by user ID. */\n user_id?: string;\n /** Filter by application ID. */\n application_id?: string;\n /** Filter by revoked status. */\n is_revoked?: boolean;\n /** Filter by expired status. */\n expired?: boolean;\n /** Sort field: `created_at`, `expires_at`, `last_used_at`. */\n ordering?: string;\n /** Page number (1-indexed). */\n page?: number;\n /** Items per page (max 100). */\n page_size?: number;\n}\n\n// ─── Module ───\n\nexport class AdminModule {\n constructor(private client: TenxyteHttpClient) {}\n\n // ─── Audit Logs ───\n\n /**\n * List audit log entries (paginated).\n * @param params - Optional filters and pagination.\n */\n async listAuditLogs(params?: AuditLogListParams): Promise<PaginatedResponse<AuditLog>> {\n return this.client.get<PaginatedResponse<AuditLog>>('/api/v1/auth/admin/audit-logs/', {\n params: params as Record<string, string | number | boolean> | undefined,\n });\n }\n\n /**\n * Get a single audit log entry by ID.\n * @param logId - The audit log entry ID.\n */\n async getAuditLog(logId: string): Promise<AuditLog> {\n return this.client.get<AuditLog>(`/api/v1/auth/admin/audit-logs/${logId}/`);\n }\n\n // ─── Login Attempts ───\n\n /**\n * List login attempt records (paginated).\n * @param params - Optional filters and pagination.\n */\n async listLoginAttempts(params?: LoginAttemptListParams): Promise<PaginatedResponse<LoginAttempt>> {\n return this.client.get<PaginatedResponse<LoginAttempt>>('/api/v1/auth/admin/login-attempts/', {\n params: params as Record<string, string | number | boolean> | undefined,\n });\n }\n\n // ─── Blacklisted Tokens ───\n\n /**\n * List blacklisted (revoked) JWT tokens (paginated).\n * @param params - Optional filters and pagination.\n */\n async listBlacklistedTokens(params?: BlacklistedTokenListParams): Promise<PaginatedResponse<BlacklistedToken>> {\n return this.client.get<PaginatedResponse<BlacklistedToken>>('/api/v1/auth/admin/blacklisted-tokens/', {\n params: params as Record<string, string | number | boolean> | undefined,\n });\n }\n\n /**\n * Remove expired blacklisted tokens.\n * @returns A summary object with cleanup results.\n */\n async cleanupBlacklistedTokens(): Promise<Record<string, unknown>> {\n return this.client.post<Record<string, unknown>>('/api/v1/auth/admin/blacklisted-tokens/cleanup/');\n }\n\n // ─── Refresh Tokens ───\n\n /**\n * List refresh tokens (admin view — token values are hidden).\n * @param params - Optional filters and pagination.\n */\n async listRefreshTokens(params?: RefreshTokenListParams): Promise<PaginatedResponse<RefreshTokenInfo>> {\n return this.client.get<PaginatedResponse<RefreshTokenInfo>>('/api/v1/auth/admin/refresh-tokens/', {\n params: params as Record<string, string | number | boolean> | undefined,\n });\n }\n\n /**\n * Revoke a specific refresh token.\n * @param tokenId - The refresh token ID.\n * @returns The updated refresh token record.\n */\n async revokeRefreshToken(tokenId: string): Promise<RefreshTokenInfo> {\n return this.client.post<RefreshTokenInfo>(`/api/v1/auth/admin/refresh-tokens/${tokenId}/revoke/`);\n }\n}\n","import { TenxyteHttpClient } from '../http/client';\nimport type { PaginatedResponse } from '../types';\n\n// ─── Request body types ───\n\n/** Body accepted by `requestAccountDeletion()`. */\nexport interface AccountDeletionRequestData {\n /** Current password (required for confirmation). */\n password: string;\n /** 6-digit OTP code (required if 2FA is enabled). */\n otp_code?: string;\n /** Optional reason for the deletion request. */\n reason?: string;\n}\n\n// ─── Response types ───\n\n/** Response returned by `requestAccountDeletion()`. */\nexport interface AccountDeletionRequestResponse {\n message?: string;\n deletion_request_id?: number;\n scheduled_deletion_date?: string;\n grace_period_days?: number;\n cancellation_token?: string;\n data_retention_policy?: {\n anonymization_after?: string;\n final_deletion_after?: string;\n };\n}\n\n/** Response returned by `confirmAccountDeletion()`. */\nexport interface AccountDeletionConfirmResponse {\n message?: string;\n deletion_confirmed?: boolean;\n grace_period_ends?: string;\n cancellation_instructions?: string;\n}\n\n/** Response returned by `cancelAccountDeletion()`. */\nexport interface AccountDeletionCancelResponse {\n message?: string;\n deletion_cancelled?: boolean;\n account_reactivated?: boolean;\n cancellation_time?: string;\n security_note?: string;\n}\n\n/**\n * Deletion status for the current user.\n * The shape is not strictly defined by the API schema — it returns a generic object.\n */\nexport type DeletionStatus = Record<string, unknown>;\n\n/** Response returned by `exportUserData()`. */\nexport interface UserDataExport {\n user_info?: Record<string, unknown>;\n roles?: unknown[];\n permissions?: unknown[];\n applications?: unknown[];\n audit_logs?: unknown[];\n export_metadata?: Record<string, unknown>;\n}\n\n// ─── Admin entity types ───\n\n/** Possible statuses for a deletion request. */\nexport type DeletionRequestStatus = 'pending' | 'confirmation_sent' | 'confirmed' | 'completed' | 'cancelled';\n\n/** A GDPR account deletion request (admin view). */\nexport interface DeletionRequest {\n id: string;\n user: number;\n user_email: string;\n status?: DeletionRequestStatus;\n requested_at: string;\n confirmed_at?: string | null;\n grace_period_ends_at?: string | null;\n completed_at?: string | null;\n ip_address?: string | null;\n reason?: string;\n admin_notes?: string;\n processed_by?: number | null;\n processed_by_email: string;\n is_grace_period_expired: string;\n}\n\n/** Parameters accepted by `listDeletionRequests()`. */\nexport interface DeletionRequestListParams {\n /** Filter by user ID. */\n user_id?: number;\n /** Filter by request status. */\n status?: DeletionRequestStatus;\n /** After date (YYYY-MM-DD). */\n date_from?: string;\n /** Before date (YYYY-MM-DD). */\n date_to?: string;\n /** Filter requests whose grace period expires within 7 days. */\n grace_period_expiring?: boolean;\n /** Sort field: `requested_at`, `confirmed_at`, `grace_period_ends_at`, `user__email`. */\n ordering?: string;\n /** Page number (1-indexed). */\n page?: number;\n /** Items per page (max 100). */\n page_size?: number;\n}\n\n/** Body accepted by `processDeletionRequest()`. */\nexport interface ProcessDeletionRequestData {\n /** Must be `\"PERMANENTLY DELETE\"` to confirm the irreversible action. */\n confirmation: string;\n /** Optional admin notes. */\n admin_notes?: string;\n}\n\n/** Response returned by `processDeletionRequest()`. */\nexport interface ProcessDeletionResponse {\n message?: string;\n deletion_completed?: boolean;\n processed_at?: string;\n data_anonymized?: boolean;\n audit_log_id?: number;\n user_notified?: boolean;\n}\n\n/** Response returned by `processExpiredDeletions()`. */\nexport interface ProcessExpiredDeletionsResponse {\n message?: string;\n processed_count?: number;\n failed_count?: number;\n skipped_count?: number;\n processing_time?: number;\n details?: {\n request_id?: number;\n user_email?: string;\n status?: string;\n grace_period_expired?: string;\n }[];\n}\n\n// ─── Module ───\n\nexport class GdprModule {\n constructor(private client: TenxyteHttpClient) {}\n\n // ─── User-facing ───\n\n /**\n * Request account deletion (GDPR-compliant).\n * Initiates a 30-day grace period during which the user can cancel.\n * @param data - Password (+ optional OTP code and reason).\n */\n async requestAccountDeletion(data: AccountDeletionRequestData): Promise<AccountDeletionRequestResponse> {\n return this.client.post<AccountDeletionRequestResponse>('/api/v1/auth/request-account-deletion/', data);\n }\n\n /**\n * Confirm the account deletion using the token received by email.\n * The token is valid for 24 hours. After confirmation the account enters the 30-day grace period.\n * @param token - The confirmation token from the email.\n */\n async confirmAccountDeletion(token: string): Promise<AccountDeletionConfirmResponse> {\n return this.client.post<AccountDeletionConfirmResponse>('/api/v1/auth/confirm-account-deletion/', { token });\n }\n\n /**\n * Cancel a pending account deletion during the grace period.\n * The account is immediately reactivated.\n * @param password - The current password for security.\n */\n async cancelAccountDeletion(password: string): Promise<AccountDeletionCancelResponse> {\n return this.client.post<AccountDeletionCancelResponse>('/api/v1/auth/cancel-account-deletion/', { password });\n }\n\n /**\n * Get the deletion status for the current user.\n * Includes pending, confirmed, or cancelled requests.\n */\n async getAccountDeletionStatus(): Promise<DeletionStatus> {\n return this.client.get<DeletionStatus>('/api/v1/auth/account-deletion-status/');\n }\n\n /**\n * Export all personal data (GDPR right to data portability).\n * @param password - The current password for security.\n */\n async exportUserData(password: string): Promise<UserDataExport> {\n return this.client.post<UserDataExport>('/api/v1/auth/export-user-data/', { password });\n }\n\n // ─── Admin-facing ───\n\n /**\n * List deletion requests (admin, paginated).\n * @param params - Optional filters and pagination.\n */\n async listDeletionRequests(params?: DeletionRequestListParams): Promise<PaginatedResponse<DeletionRequest>> {\n return this.client.get<PaginatedResponse<DeletionRequest>>('/api/v1/auth/admin/deletion-requests/', {\n params: params as Record<string, string | number | boolean> | undefined,\n });\n }\n\n /**\n * Get a single deletion request by ID.\n * @param requestId - The deletion request ID.\n */\n async getDeletionRequest(requestId: string): Promise<DeletionRequest> {\n return this.client.get<DeletionRequest>(`/api/v1/auth/admin/deletion-requests/${requestId}/`);\n }\n\n /**\n * Process (execute) a confirmed deletion request.\n * **WARNING:** This is irreversible and permanently destroys all user data.\n * @param requestId - The deletion request ID.\n * @param data - Must include `{ confirmation: \"PERMANENTLY DELETE\" }`.\n */\n async processDeletionRequest(requestId: string | number, data: ProcessDeletionRequestData): Promise<ProcessDeletionResponse> {\n return this.client.post<ProcessDeletionResponse>(`/api/v1/auth/admin/deletion-requests/${requestId}/process/`, data);\n }\n\n /**\n * Batch-process all confirmed deletion requests whose 30-day grace period has expired.\n * Typically run by a daily cron job.\n */\n async processExpiredDeletions(): Promise<ProcessExpiredDeletionsResponse> {\n return this.client.post<ProcessExpiredDeletionsResponse>('/api/v1/auth/admin/deletion-requests/process-expired/');\n }\n}\n","import { TenxyteHttpClient } from '../http/client';\n\n// ─── Parameter types ───\n\n/** Parameters accepted by `getStats()`. */\nexport interface DashboardStatsParams {\n /** Analysis period (default: `\"7d\"`). */\n period?: '7d' | '30d' | '90d';\n /** Include comparison with previous period. */\n compare?: boolean;\n}\n\n// ─── Response types ───\n\n/** Global dashboard statistics returned by `getStats()`. */\nexport interface DashboardStats {\n summary?: {\n total_users?: number;\n active_users?: number;\n total_organizations?: number;\n total_applications?: number;\n active_sessions?: number;\n pending_deletions?: number;\n };\n trends?: {\n user_growth?: number;\n login_success_rate?: number;\n application_usage?: number;\n security_incidents?: number;\n };\n organization_context?: {\n current_org?: Record<string, unknown> | null;\n user_role?: string;\n accessible_orgs?: number;\n org_specific_stats?: Record<string, unknown>;\n };\n quick_actions?: {\n action?: string;\n count?: number;\n priority?: string;\n }[];\n charts?: {\n daily_logins?: unknown[];\n user_registrations?: unknown[];\n security_events?: unknown[];\n };\n}\n\n/**\n * Authentication statistics returned by `getAuthStats()`.\n * Login stats, methods, registrations, tokens, top failure reasons, 7-day graphs.\n */\nexport type AuthStats = Record<string, unknown>;\n\n/**\n * Security statistics returned by `getSecurityStats()`.\n * Audit summary, blacklisted tokens, suspicious activity, 2FA adoption.\n */\nexport type SecurityStats = Record<string, unknown>;\n\n/**\n * GDPR statistics returned by `getGdprStats()`.\n * Deletion requests by status, data exports.\n */\nexport type GdprStats = Record<string, unknown>;\n\n/**\n * Organization statistics returned by `getOrganizationStats()`.\n * Organizations, members, roles, top organizations.\n */\nexport type OrgStats = Record<string, unknown>;\n\n// ─── Module ───\n\nexport class DashboardModule {\n constructor(private client: TenxyteHttpClient) {}\n\n /**\n * Get global cross-module dashboard statistics.\n * Data varies based on the organizational context (`X-Org-Slug`) and permissions.\n * Covers users, authentication, applications, security, and GDPR metrics.\n * Charts span the last 7 days with previous-period comparisons.\n * @param params - Optional period and comparison flag.\n */\n async getStats(params?: DashboardStatsParams): Promise<DashboardStats> {\n return this.client.get<DashboardStats>('/api/v1/auth/dashboard/stats/', {\n params: params as Record<string, string | number | boolean> | undefined,\n });\n }\n\n /**\n * Get authentication-specific statistics.\n * Includes login stats, methods breakdown, registrations, tokens, top failure reasons, and 7-day graphs.\n */\n async getAuthStats(): Promise<AuthStats> {\n return this.client.get<AuthStats>('/api/v1/auth/dashboard/auth/');\n }\n\n /**\n * Get security-specific statistics.\n * Includes audit summary, blacklisted tokens, suspicious activity, and 2FA adoption.\n */\n async getSecurityStats(): Promise<SecurityStats> {\n return this.client.get<SecurityStats>('/api/v1/auth/dashboard/security/');\n }\n\n /**\n * Get GDPR-specific statistics.\n * Includes deletion requests by status and data export metrics.\n */\n async getGdprStats(): Promise<GdprStats> {\n return this.client.get<GdprStats>('/api/v1/auth/dashboard/gdpr/');\n }\n\n /**\n * Get organization-specific statistics.\n * Includes organizations, members, roles, and top organizations.\n */\n async getOrganizationStats(): Promise<OrgStats> {\n return this.client.get<OrgStats>('/api/v1/auth/dashboard/organizations/');\n }\n}\n","/**\n * Lightweight EventEmitter for TenxyteClient.\n * Provides `.on`, `.once`, `.off`, and `.emit`.\n */\nexport class EventEmitter<Events extends Record<string, any>> {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-function-type\n private events: Map<keyof Events, Array<Function>>;\n\n constructor() {\n this.events = new Map();\n }\n\n /**\n * Subscribe to an event.\n * @param event The event name\n * @param callback The callback function\n * @returns Unsubscribe function\n */\n on<K extends keyof Events>(event: K, callback: (payload: Events[K]) => void): () => void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(callback);\n return () => this.off(event, callback);\n }\n\n /**\n * Unsubscribe from an event.\n * @param event The event name\n * @param callback The exact callback function that was passed to .on()\n */\n off<K extends keyof Events>(event: K, callback: (payload: Events[K]) => void): void {\n const callbacks = this.events.get(event);\n if (!callbacks) return;\n const index = callbacks.indexOf(callback);\n if (index !== -1) {\n callbacks.splice(index, 1);\n }\n }\n\n /**\n * Subscribe to an event exactly once.\n */\n once<K extends keyof Events>(event: K, callback: (payload: Events[K]) => void): () => void {\n const wrapped = (payload: Events[K]) => {\n this.off(event, wrapped);\n callback(payload);\n };\n return this.on(event, wrapped);\n }\n\n /**\n * Emit an event internally.\n */\n emit<K extends keyof Events>(event: K, payload: Events[K]): void {\n const callbacks = this.events.get(event);\n if (!callbacks) return;\n // Copy array to prevent mutation issues during emission\n const copy = [...callbacks];\n for (const callback of copy) {\n try {\n callback(payload);\n } catch (err) {\n console.error(`[Tenxyte EventEmitter] Error executing callback for event ${String(event)}`, err);\n }\n }\n }\n\n removeAllListeners(): void {\n this.events.clear();\n }\n}\n","import { TenxyteHttpClient } from './http/client';\nimport { createAuthInterceptor, createRefreshInterceptor, createDeviceInfoInterceptor, createRetryInterceptor } from './http/interceptors';\nimport type { TenxyteContext } from './http/interceptors';\nimport type { TenxyteClientConfig, ResolvedTenxyteConfig } from './config';\nimport type { TenxyteStorage } from './storage';\nimport { resolveConfig } from './config';\nimport { AuthModule } from './modules/auth';\nimport { SecurityModule } from './modules/security';\nimport { RbacModule } from './modules/rbac';\nimport { UserModule } from './modules/user';\nimport { B2bModule } from './modules/b2b';\nimport { AiModule } from './modules/ai';\nimport { ApplicationsModule } from './modules/applications';\nimport { AdminModule } from './modules/admin';\nimport { GdprModule } from './modules/gdpr';\nimport { DashboardModule } from './modules/dashboard';\nimport { EventEmitter } from './utils/events';\nimport { decodeJwt } from './utils/jwt';\nimport type { DecodedTenxyteToken } from './utils/jwt';\n\n/**\n * Map of all SDK events and their associated payload types.\n */\nexport interface TenxyteEventMap {\n /** Fired when the active session can no longer be recovered (refresh token expired/revoked). */\n 'session:expired': void;\n /** Fired after a successful silent token refresh. Payload is the new access token. */\n 'token:refreshed': { accessToken: string };\n /** Fired after tokens are persisted to storage (login, register, refresh). */\n 'token:stored': { accessToken: string; refreshToken?: string };\n /** Fired when an AI agent action requires human-in-the-loop approval (HTTP 202). */\n 'agent:awaiting_approval': { action: unknown };\n /** Fired on unrecoverable SDK errors that are not tied to a specific call. */\n 'error': { error: unknown };\n}\n\n/**\n * The primary entry point for the Tenxyte SDK.\n * Groups together logic for authentication, security, organization switching, and AI control.\n */\nexport class TenxyteClient {\n /** Fully resolved configuration (all defaults applied). */\n public readonly config: ResolvedTenxyteConfig;\n /** Persistent token storage back-end (defaults to MemoryStorage). */\n public readonly storage: TenxyteStorage;\n /** Shared mutable context used by interceptors (org slug, agent trace ID). */\n public readonly context: TenxyteContext;\n /** The core HTTP wrapper handling network interception and parsing */\n public http: TenxyteHttpClient;\n /** Authentication module (Login, Signup, Magic link, session handling) */\n public auth: AuthModule;\n /** Security module (2FA, WebAuthn, Passwords, OTPs) */\n public security: SecurityModule;\n /** Role-Based Access Control and permission checking module */\n public rbac: RbacModule;\n /** Connected user's profile and management module */\n public user: UserModule;\n /** Business-to-Business organizations module (multi-tenant environments) */\n public b2b: B2bModule;\n /** AIRS - AI Responsibility & Security module (Agent tokens, Circuit breakers, HITL) */\n public ai: AiModule;\n /** Applications module (API client CRUD, credential management) */\n public applications: ApplicationsModule;\n /** Admin module (audit logs, login attempts, blacklisted tokens, refresh tokens) */\n public admin: AdminModule;\n /** GDPR module (account deletion, data export, deletion request management) */\n public gdpr: GdprModule;\n /** Dashboard module (global, auth, security, GDPR, organization statistics) */\n public dashboard: DashboardModule;\n\n /** Internal event emitter used via composition. */\n private emitter: EventEmitter<TenxyteEventMap>;\n\n /**\n * Initializes the SDK with connection details for your Tenxyte-powered API.\n *\n * Accepts the full TenxyteClientConfig. Minimal usage with just { baseUrl }\n * is still supported for backward compatibility.\n *\n * @param options Configuration options including `baseUrl` and custom headers like `X-Access-Key`\n * \n * @example\n * ```typescript\n * const tx = new TenxyteClient({ \n * baseUrl: 'https://api.my-service.com',\n * headers: { 'X-Access-Key': 'pkg_abc123' }\n * });\n * ```\n */\n constructor(options: TenxyteClientConfig) {\n this.config = resolveConfig(options);\n this.storage = this.config.storage;\n\n this.emitter = new EventEmitter<TenxyteEventMap>();\n\n this.context = { activeOrgSlug: null, agentTraceId: null };\n\n this.http = new TenxyteHttpClient({\n baseUrl: this.config.baseUrl,\n headers: this.config.headers,\n timeoutMs: this.config.timeoutMs,\n });\n\n // Auto-inject Authorization header + contextual headers on every request\n this.http.addRequestInterceptor(createAuthInterceptor(this.storage, this.context));\n\n // Auto-inject device_info into authentication request bodies\n if (this.config.autoDeviceInfo) {\n this.http.addRequestInterceptor(createDeviceInfoInterceptor(this.config.deviceInfoOverride));\n }\n\n // Auto-retry: configurable retry middleware with exponential backoff\n if (this.config.retryConfig) {\n this.http.addResponseInterceptor(\n createRetryInterceptor(this.config.retryConfig, this.config.logger),\n );\n }\n\n // Auto-refresh: silently retry on 401 by refreshing the access token\n if (this.config.autoRefresh) {\n this.http.addResponseInterceptor(\n createRefreshInterceptor(\n this.http,\n this.storage,\n () => {\n this.emit('session:expired', undefined as void);\n this.config.onSessionExpired?.();\n },\n (accessToken, refreshToken) => {\n this.rbac.setToken(accessToken);\n this.emit('token:refreshed', { accessToken });\n this.emit('token:stored', { accessToken, refreshToken });\n },\n ),\n );\n }\n\n this.rbac = new RbacModule(this.http);\n this.auth = new AuthModule(\n this.http,\n this.storage,\n (accessToken, refreshToken) => {\n this.rbac.setToken(accessToken);\n this.emit('token:stored', { accessToken, refreshToken });\n },\n () => {\n this.rbac.setToken(null);\n this.emit('session:expired', undefined as void);\n },\n );\n this.security = new SecurityModule(this.http);\n this.user = new UserModule(this.http);\n this.b2b = new B2bModule(this.http);\n this.ai = new AiModule(this.http, this.config.logger);\n this.applications = new ApplicationsModule(this.http);\n this.admin = new AdminModule(this.http);\n this.gdpr = new GdprModule(this.http);\n this.dashboard = new DashboardModule(this.http);\n }\n\n // ─── Event delegation ───\n\n /** Subscribe to an SDK event. Returns an unsubscribe function. */\n on<K extends keyof TenxyteEventMap>(event: K, callback: (payload: TenxyteEventMap[K]) => void): () => void {\n return this.emitter.on(event, callback);\n }\n\n /** Subscribe to an SDK event exactly once. Returns an unsubscribe function. */\n once<K extends keyof TenxyteEventMap>(event: K, callback: (payload: TenxyteEventMap[K]) => void): () => void {\n return this.emitter.once(event, callback);\n }\n\n /** Unsubscribe a previously registered callback from an SDK event. */\n off<K extends keyof TenxyteEventMap>(event: K, callback: (payload: TenxyteEventMap[K]) => void): void {\n this.emitter.off(event, callback);\n }\n\n /** Emit an SDK event (internal use). */\n emit<K extends keyof TenxyteEventMap>(event: K, payload: TenxyteEventMap[K]): void {\n this.emitter.emit(event, payload);\n }\n\n // ─── High-level helpers ───\n\n /**\n * Check whether a valid (non-expired) access token exists in storage.\n * Performs a synchronous JWT expiry check — no network call.\n */\n async isAuthenticated(): Promise<boolean> {\n const token = await this.storage.getItem('tx_access');\n if (!token) return false;\n return !this.isTokenExpiredSync(token);\n }\n\n /**\n * Return the current access token from storage, or `null` if absent.\n */\n async getAccessToken(): Promise<string | null> {\n return this.storage.getItem('tx_access');\n }\n\n /**\n * Decode the current access token and return the JWT payload.\n * Returns `null` if no token is stored or if decoding fails.\n * No network call is made — this reads from the cached JWT.\n */\n async getCurrentUser(): Promise<DecodedTenxyteToken | null> {\n const token = await this.storage.getItem('tx_access');\n if (!token) return null;\n return decodeJwt(token);\n }\n\n /**\n * Check whether the stored access token is expired without making a network call.\n * Returns `true` if expired or if no token is present.\n */\n async isTokenExpired(): Promise<boolean> {\n const token = await this.storage.getItem('tx_access');\n if (!token) return true;\n return this.isTokenExpiredSync(token);\n }\n\n /** Synchronous helper: checks JWT `exp` claim against current time. */\n private isTokenExpiredSync(token: string): boolean {\n const decoded = decodeJwt(token);\n if (!decoded?.exp) return true;\n // Allow 30s clock skew\n return decoded.exp * 1000 < Date.now() - 30_000;\n }\n\n // ─── Framework wrapper interface ───\n\n /**\n * Returns a synchronous snapshot of the SDK state.\n * Designed for consumption by framework wrappers (React, Vue, etc.).\n * Note: This is async because storage access may be async.\n */\n async getState(): Promise<TenxyteClientState> {\n const token = await this.storage.getItem('tx_access');\n const isAuthenticated = token ? !this.isTokenExpiredSync(token) : false;\n const user = token ? decodeJwt(token) : null;\n\n return {\n isAuthenticated,\n user,\n accessToken: token,\n activeOrg: this.context.activeOrgSlug,\n isAgentMode: this.ai.isAgentMode(),\n };\n }\n}\n\n/**\n * Snapshot of the SDK state, intended for framework wrappers.\n *\n * **Event contract for reactive bindings:**\n * - `token:stored` → re-read state (login, register, refresh succeeded)\n * - `token:refreshed` → access token was silently rotated\n * - `session:expired` → clear authenticated state\n * - `agent:awaiting_approval` → an AI action needs human confirmation\n * - `error` → unrecoverable SDK error\n */\nexport interface TenxyteClientState {\n /** Whether the user has a valid, non-expired access token. */\n isAuthenticated: boolean;\n /** Decoded JWT payload of the current access token, or `null`. */\n user: DecodedTenxyteToken | null;\n /** Raw access token string, or `null`. */\n accessToken: string | null;\n /** Currently active organization slug, or `null`. */\n activeOrg: string | null;\n /** Whether the SDK is operating in AI Agent mode. */\n isAgentMode: boolean;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACMO,IAAM,gBAAN,MAA8C;AAAA,EACzC;AAAA,EAER,cAAc;AACV,SAAK,QAAQ,oBAAI,IAAoB;AAAA,EACzC;AAAA,EAEA,QAAQ,KAA4B;AAChC,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,WAAO,UAAU,SAAY,QAAQ;AAAA,EACzC;AAAA,EAEA,QAAQ,KAAa,OAAqB;AACtC,SAAK,MAAM,IAAI,KAAK,KAAK;AAAA,EAC7B;AAAA,EAEA,WAAW,KAAmB;AAC1B,SAAK,MAAM,OAAO,GAAG;AAAA,EACzB;AAAA,EAEA,QAAc;AACV,SAAK,MAAM,MAAM;AAAA,EACrB;AACJ;;;ACrBO,IAAM,eAAN,MAA6C;AAAA,EACxC,sBAA4C;AAAA,EAC5C;AAAA,EAER,cAAc;AACV,SAAK,cAAc,KAAK,kBAAkB;AAC1C,QAAI,CAAC,KAAK,aAAa;AACnB,WAAK,sBAAsB,IAAI,cAAc;AAAA,IACjD;AAAA,EACJ;AAAA,EAEQ,oBAA6B;AACjC,QAAI;AACA,UAAI,OAAO,WAAW,eAAe,CAAC,OAAO,cAAc;AACvD,eAAO;AAAA,MACX;AACA,YAAM,UAAU;AAChB,aAAO,aAAa,QAAQ,SAAS,GAAG;AACxC,aAAO,aAAa,WAAW,OAAO;AACtC,aAAO;AAAA,IACX,SAAS,IAAI;AACT,aAAO;AAAA,IACX;AAAA,EACJ;AAAA,EAEA,QAAQ,KAA4B;AAChC,QAAI,CAAC,KAAK,eAAe,KAAK,qBAAqB;AAC/C,aAAO,KAAK,oBAAoB,QAAQ,GAAG;AAAA,IAC/C;AACA,WAAO,OAAO,aAAa,QAAQ,GAAG;AAAA,EAC1C;AAAA,EAEA,QAAQ,KAAa,OAAqB;AACtC,QAAI,CAAC,KAAK,eAAe,KAAK,qBAAqB;AAC/C,WAAK,oBAAoB,QAAQ,KAAK,KAAK;AAC3C;AAAA,IACJ;AACA,QAAI;AACA,aAAO,aAAa,QAAQ,KAAK,KAAK;AAAA,IAC1C,SAAS,IAAI;AAET,cAAQ,KAAK,kEAAkE,GAAG,EAAE;AAAA,IACxF;AAAA,EACJ;AAAA,EAEA,WAAW,KAAmB;AAC1B,QAAI,CAAC,KAAK,eAAe,KAAK,qBAAqB;AAC/C,WAAK,oBAAoB,WAAW,GAAG;AACvC;AAAA,IACJ;AACA,WAAO,aAAa,WAAW,GAAG;AAAA,EACtC;AAAA,EAEA,QAAc;AACV,QAAI,CAAC,KAAK,eAAe,KAAK,qBAAqB;AAC/C,WAAK,oBAAoB,MAAM;AAC/B;AAAA,IACJ;AAOA,WAAO,aAAa,MAAM;AAAA,EAC9B;AACJ;;;ACnEO,IAAM,gBAAN,MAA8C;AAAA,EACzC;AAAA,EAER,YAAY,UAAsE,CAAC,GAAG;AAClF,UAAM,SAAS,QAAQ,UAAU;AACjC,UAAM,WAAW,QAAQ,YAAY;AACrC,SAAK,iBAAiB,oBAAoB,QAAQ,GAAG,SAAS,aAAa,EAAE;AAAA,EACjF;AAAA,EAEA,QAAQ,KAA4B;AAChC,QAAI,OAAO,aAAa,YAAa,QAAO;AAC5C,UAAM,QAAQ,SAAS,OAAO,MAAM,IAAI,OAAO,QAAQ,GAAG,UAAU,CAAC;AACrE,WAAO,QAAQ,mBAAmB,MAAM,CAAC,CAAC,IAAI;AAAA,EAClD;AAAA,EAEA,QAAQ,KAAa,OAAqB;AACtC,QAAI,OAAO,aAAa,YAAa;AACrC,aAAS,SAAS,GAAG,GAAG,IAAI,mBAAmB,KAAK,CAAC,KAAK,KAAK,cAAc;AAAA,EACjF;AAAA,EAEA,WAAW,KAAmB;AAC1B,QAAI,OAAO,aAAa,YAAa;AACrC,aAAS,SAAS,GAAG,GAAG;AAAA,EAC5B;AAAA,EAEA,QAAc;AAGV,SAAK,WAAW,WAAW;AAC3B,SAAK,WAAW,YAAY;AAAA,EAChC;AACJ;;;AC7BO,IAAM,cAAc;AA6IpB,IAAM,cAA6B;AAAA,EACtC,QAAQ;AAAA,EAAC;AAAA,EACT,OAAO;AAAA,EAAC;AAAA,EACR,QAAQ;AAAA,EAAC;AACb;AAaO,SAAS,cAAc,QAAoD;AAC9E,SAAO;AAAA,IACH,SAAS,OAAO;AAAA,IAChB,SAAS,OAAO,WAAW,CAAC;AAAA,IAC5B,SAAS,OAAO,WAAW,IAAI,cAAc;AAAA,IAC7C,aAAa,OAAO,eAAe;AAAA,IACnC,gBAAgB,OAAO,kBAAkB;AAAA,IACzC,WAAW,OAAO;AAAA,IAClB,kBAAkB,OAAO;AAAA,IACzB,QAAQ,OAAO,UAAU;AAAA,IACzB,UAAU,OAAO,YAAY;AAAA,IAC7B,oBAAoB,OAAO;AAAA,IAC3B,aAAa,OAAO;AAAA,EACxB;AACJ;;;AClKO,IAAM,oBAAN,MAAwB;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA,sBAAwJ,CAAC;AAAA,EACzJ,uBAAqI,CAAC;AAAA,EAE9I,YAAY,SAA4B;AACpC,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,YAAY,QAAQ;AACzB,SAAK,iBAAiB;AAAA,MAClB,gBAAgB;AAAA,MAChB,QAAQ;AAAA,MACR,GAAG,QAAQ;AAAA,IACf;AAAA,EACJ;AAAA;AAAA,EAGA,sBAAsB,aAAiD;AACnE,SAAK,oBAAoB,KAAK,WAAW;AAAA,EAC7C;AAAA,EAEA,uBAAuB,aAAkD;AACrE,SAAK,qBAAqB,KAAK,WAAW;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAW,UAAkB,SAAwB,CAAC,GAAe;AACvE,UAAM,SAAS,SAAS,WAAW,MAAM,IACnC,WACA,GAAG,KAAK,OAAO,GAAG,SAAS,WAAW,GAAG,IAAI,KAAK,GAAG,GAAG,QAAQ;AAEtE,UAAM,SAAS,IAAI,IAAI,MAAM;AAE7B,QAAI,OAAO,QAAQ;AACf,aAAO,QAAQ,OAAO,MAAM,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACpD,YAAI,UAAU,UAAa,UAAU,MAAM;AACvC,iBAAO,aAAa,OAAO,KAAK,OAAO,KAAK,CAAC;AAAA,QACjD;AAAA,MACJ,CAAC;AAAA,IACL;AAEA,QAAI,iBAAsB;AAAA,MACtB,KAAK,OAAO,SAAS;AAAA,MACrB,GAAG;AAAA,MACH,SAAS,EAAE,GAAG,KAAK,gBAAgB,GAAI,OAAO,WAAW,CAAC,EAAG;AAAA,IACjE;AAGA,QAAI,OAAO,aAAa,eAAe,eAAe,gBAAgB,UAAU;AAC5E,YAAM,UAAU,eAAe;AAE/B,aAAO,QAAQ,cAAc;AAC7B,aAAO,QAAQ,cAAc;AAAA,IACjC,WAAW,eAAe,QAAQ,OAAO,eAAe,SAAS,UAAU;AACvE,YAAM,cAAe,eAAe,QAAmC,cAAc,KAAK;AAC1F,UAAI,YAAY,YAAY,EAAE,SAAS,kBAAkB,GAAG;AACxD,uBAAe,OAAO,KAAK,UAAU,eAAe,IAAI;AAAA,MAC5D;AAAA,IACJ;AAGA,eAAW,eAAe,KAAK,qBAAqB;AAChD,uBAAiB,MAAM,YAAY,cAAc;AAAA,IACrD;AAEA,UAAM,EAAE,KAAK,GAAG,YAAY,IAAI;AAEhC,QAAI;AACJ,QAAI;AAEJ,QAAI,KAAK,WAAW;AAChB,mBAAa,IAAI,gBAAgB;AACjC,MAAC,YAAoB,SAAS,WAAW;AACzC,kBAAY,WAAW,MAAM,WAAY,MAAM,GAAG,KAAK,SAAS;AAAA,IACpE;AAEA,QAAI;AACA,UAAI,WAAW,MAAM,MAAM,KAAK,WAA0B;AAG1D,iBAAW,eAAe,KAAK,sBAAsB;AACjD,mBAAW,MAAM,YAAY,UAAU,EAAE,KAAK,QAAQ,YAA6B,CAAC;AAAA,MACxF;AAEA,UAAI,CAAC,SAAS,IAAI;AACd,cAAM,MAAM,KAAK,eAAe,QAAQ;AAAA,MAC5C;AAGA,UAAI,SAAS,WAAW,KAAK;AACzB,eAAO,CAAC;AAAA,MACZ;AAEA,YAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;AACvD,UAAI,eAAe,YAAY,SAAS,kBAAkB,GAAG;AACzD,eAAQ,MAAM,SAAS,KAAK;AAAA,MAChC;AAEA,aAAQ,MAAM,SAAS,KAAK;AAAA,IAChC,SAAS,OAAY;AACjB,UAAI,OAAO,SAAS,cAAc;AAC9B,cAAM;AAAA,UACF,OAAO,2BAA2B,KAAK,SAAS;AAAA,UAChD,MAAM;AAAA,UACN,SAAS;AAAA,QACb;AAAA,MACJ;AACA,UAAI,SAAS,MAAM,MAAM;AACrB,cAAM;AAAA,MACV;AACA,YAAM;AAAA,QACF,OAAO,MAAM,WAAW;AAAA,QACxB,MAAM;AAAA,QACN,SAAS,OAAO,KAAK;AAAA,MACzB;AAAA,IACJ,UAAE;AACE,UAAI,cAAc,QAAW;AACzB,qBAAa,SAAS;AAAA,MAC1B;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,MAAc,eAAe,UAA2C;AACpE,QAAI;AACA,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,aAAO;AAAA,QACH,OAAO,KAAK,SAAS,KAAK,UAAU;AAAA,QACpC,MAAM,KAAK,QAAQ,QAAQ,SAAS,MAAM;AAAA,QAC1C,SAAS,KAAK,WAAW;AAAA,QACzB,aAAa,SAAS,QAAQ,IAAI,aAAa,IAAI,SAAS,SAAS,QAAQ,IAAI,aAAa,GAAI,EAAE,IAAI;AAAA,MAC5G;AAAA,IACJ,SAAS,IAAI;AACT,aAAO;AAAA,QACH,OAAO,cAAc,SAAS,MAAM,KAAK,SAAS,UAAU;AAAA,QAC5D,MAAM,QAAQ,SAAS,MAAM;AAAA,MACjC;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA,EAGA,IAAO,UAAkB,QAAiD;AACtE,WAAO,KAAK,QAAW,UAAU,EAAE,GAAG,QAAQ,QAAQ,MAAM,CAAC;AAAA,EACjE;AAAA,EAEA,KAAQ,UAAkB,MAAgB,QAAiD;AACvF,WAAO,KAAK,QAAW,UAAU,EAAE,GAAG,QAAQ,QAAQ,QAAQ,MAAM,KAAK,CAAC;AAAA,EAC9E;AAAA,EAEA,IAAO,UAAkB,MAAgB,QAAiD;AACtF,WAAO,KAAK,QAAW,UAAU,EAAE,GAAG,QAAQ,QAAQ,OAAO,MAAM,KAAK,CAAC;AAAA,EAC7E;AAAA,EAEA,MAAS,UAAkB,MAAgB,QAAiD;AACxF,WAAO,KAAK,QAAW,UAAU,EAAE,GAAG,QAAQ,QAAQ,SAAS,MAAM,KAAK,CAAC;AAAA,EAC/E;AAAA,EAEA,OAAU,UAAkB,MAAgB,QAAiD;AACzF,WAAO,KAAK,QAAW,UAAU,EAAE,GAAG,QAAQ,QAAQ,UAAU,MAAM,KAAK,CAAC;AAAA,EAChF;AACJ;;;ACvKO,SAAS,gBAAgB,aAA+B,CAAC,GAAW;AAEvE,QAAM,WAAW,YAAY;AAE7B,QAAM,IAAI;AACV,QAAM,KAAK,WAAW,MAAM,SAAS;AACrC,QAAM,MAAM,WAAW,aAAa,SAAS;AAC7C,QAAM,SAAS,WAAW,UAAU,SAAS;AAC7C,QAAM,OAAO,WAAW,QAAQ,SAAS;AACzC,QAAM,MAAM,WAAW,OAAO,SAAS;AACvC,QAAM,OAAO,WAAW,cAAc,SAAS;AAC/C,QAAM,UAAU,WAAW,WAAW,SAAS;AAC/C,QAAM,MAAM,WAAW,kBAAkB,SAAS;AAClD,QAAM,KAAK,WAAW,YAAY,SAAS;AAE3C,QAAM,QAAQ;AAAA,IACV,KAAK,CAAC;AAAA,IACN,MAAM,EAAE,MAAM,MAAM,QAAQ,GAAG,KAAK;AAAA,IACpC,UAAU,MAAM;AAAA,IAChB,OAAO,QAAQ,IAAI,KAAK;AAAA,IACxB,MAAM,OAAO,GAAG,GAAG,OAAO,SAAS,IAAI,KAAK,EAAE,KAAK;AAAA,IACnD,WAAW,OAAO,MAAM,MAAM,QAAQ,GAAG,KAAK;AAAA,IAC9C,KAAK,MAAM,EAAE,KAAK;AAAA,EACtB;AAEA,SAAO,MAAM,OAAO,OAAO,EAAE,KAAK,GAAG;AACzC;AAEA,SAAS,cAAc;AACnB,QAAM,OAAO;AAAA,IACT,IAAI;AAAA,IACJ,WAAW;AAAA,IACX,QAAQ;AAAA;AAAA,IACR,MAAM;AAAA,IACN,KAAK;AAAA,IACL,YAAY;AAAA,IACZ,SAAS;AAAA,IACT,gBAAgB;AAAA,IAChB,UAAU;AAAA,EACd;AAEA,MAAI;AACA,QAAI,OAAO,SAAS,aAAa;AAC7B,WAAK,WAAW,KAAK,eAAe,EAAE,gBAAgB,EAAE;AAAA,IAC5D;AAEA,QAAI,OAAO,YAAY,eAAe,QAAQ,SAAS;AACnD,WAAK,UAAU;AACf,WAAK,iBAAiB,QAAQ;AAC9B,WAAK,KAAK,QAAQ;AAClB,WAAK,OAAO,QAAQ;AACpB,WAAK,SAAS;AAAA,IAClB,WAAW,OAAO,WAAW,eAAe,OAAO,WAAW;AAC1D,YAAM,KAAK,OAAO,UAAU,UAAU,YAAY;AAGlD,UAAI,GAAG,SAAS,SAAS,EAAG,MAAK,KAAK;AAAA,eAC7B,GAAG,SAAS,KAAK,EAAG,MAAK,KAAK;AAAA,eAC9B,GAAG,SAAS,OAAO,EAAG,MAAK,KAAK;AAAA,eAChC,GAAG,SAAS,SAAS,EAAG,MAAK,KAAK;AAAA,eAClC,GAAG,SAAS,KAAK,KAAK,GAAG,SAAS,QAAQ,KAAK,GAAG,SAAS,MAAM,EAAG,MAAK,KAAK;AAGvF,UAAI,2BAA2B,KAAK,EAAE,EAAG,MAAK,SAAS;AACvD,UAAI,eAAe,KAAK,EAAE,EAAG,MAAK,SAAS;AAG3C,UAAI,GAAG,SAAS,SAAS,EAAG,MAAK,UAAU;AAAA,eAClC,GAAG,SAAS,MAAM,EAAG,MAAK,UAAU;AAAA,eACpC,GAAG,SAAS,QAAQ,EAAG,MAAK,UAAU;AAAA,eACtC,GAAG,SAAS,QAAQ,EAAG,MAAK,UAAU;AAAA,IACnD;AAAA,EACJ,SAAS,IAAI;AAAA,EAEb;AAEA,SAAO;AACX;;;ACnFO,SAAS,sBAAsB,SAAyB,SAAyB;AACpF,SAAO,OAAO,YAA6C;AAEvD,UAAM,QAAQ,MAAM,QAAQ,QAAQ,WAAW;AAC/C,UAAM,UAAU,EAAE,GAAI,QAAQ,WAAsC,CAAC,EAAE;AAEvE,QAAI,SAAS,CAAC,QAAQ,eAAe,GAAG;AACpC,cAAQ,eAAe,IAAI,UAAU,KAAK;AAAA,IAC9C;AAGA,QAAI,QAAQ,iBAAiB,CAAC,QAAQ,YAAY,GAAG;AACjD,cAAQ,YAAY,IAAI,QAAQ;AAAA,IACpC;AAEA,QAAI,QAAQ,gBAAgB,CAAC,QAAQ,mBAAmB,GAAG;AACvD,cAAQ,mBAAmB,IAAI,QAAQ;AAAA,IAC3C;AAEA,WAAO,EAAE,GAAG,SAAS,QAAQ;AAAA,EACjC;AACJ;AAEO,SAAS,yBACZ,QACA,SACA,kBACA,kBACF;AACE,MAAI,eAAe;AACnB,MAAI,eAAsD,CAAC;AAE3D,QAAM,eAAe,CAAC,OAAqB,QAAuB,SAAS;AACvE,iBAAa,QAAQ,UAAQ,KAAK,KAAK,CAAC;AACxC,mBAAe,CAAC;AAAA,EACpB;AAEA,SAAO,OAAO,UAAoB,YAAuE;AAErG,QAAI,SAAS,WAAW,OAAO,CAAC,QAAQ,IAAI,SAAS,eAAe,KAAK,CAAC,QAAQ,IAAI,SAAS,aAAa,GAAG;AAC3G,YAAM,eAAe,MAAM,QAAQ,QAAQ,YAAY;AAEvD,UAAI,CAAC,cAAc;AACf,yBAAiB;AACjB,eAAO;AAAA,MACX;AAEA,UAAI,cAAc;AAEd,eAAO,IAAI,QAAkB,CAAC,YAAY;AACtC,uBAAa,KAAK,CAAC,aAA4B;AAC3C,gBAAI,UAAU;AACV,oBAAM,eAAe,EAAE,GAAI,QAAQ,OAAO,SAAoC,eAAe,UAAU,QAAQ,GAAG;AAClH,sBAAQ,MAAM,QAAQ,KAAK,EAAE,GAAG,QAAQ,QAAQ,SAAS,aAAa,CAAgB,CAAC;AAAA,YAC3F,OAAO;AACH,sBAAQ,QAAQ;AAAA,YACpB;AAAA,UACJ,CAAC;AAAA,QACL,CAAC;AAAA,MACL;AAGA,qBAAe;AAEf,UAAI;AACA,cAAM,kBAAkB,MAAM,MAAM,GAAG,OAAO,SAAS,CAAC,kBAAkB;AAAA,UACtE,QAAQ;AAAA,UACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,UAC9C,MAAM,KAAK,UAAU,EAAE,eAAe,aAAa,CAAC;AAAA,QACxD,CAAC;AAED,YAAI,CAAC,gBAAgB,IAAI;AACrB,gBAAM,IAAI,MAAM,gBAAgB;AAAA,QACpC;AAEA,cAAM,OAAO,MAAM,gBAAgB,KAAK;AAExC,cAAM,QAAQ,QAAQ,aAAa,KAAK,MAAM;AAC9C,YAAI,KAAK,SAAS;AACd,gBAAM,QAAQ,QAAQ,cAAc,KAAK,OAAO;AAAA,QACpD;AAEA,uBAAe;AACf,2BAAmB,KAAK,QAAQ,KAAK,OAAO;AAC5C,qBAAa,MAAM,KAAK,MAAM;AAG9B,cAAM,eAAe,EAAE,GAAI,QAAQ,OAAO,SAAoC,eAAe,UAAU,KAAK,MAAM,GAAG;AAIrH,cAAM,IAAI,MAAM,MAAM,QAAQ,KAAK,EAAE,GAAG,QAAQ,QAAQ,SAAS,aAAa,CAAgB;AAC9F,eAAO;AAAA,MAEX,SAAS,KAAK;AAEV,uBAAe;AACf,cAAM,QAAQ,WAAW,WAAW;AACpC,cAAM,QAAQ,WAAW,YAAY;AAErC,qBAAa,KAAc,IAAI;AAC/B,yBAAiB;AAGjB,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AACJ;AAEA,IAAM,wBAAwB;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACJ;AAgBA,IAAM,gBAAuC;AAAA,EACzC,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,qBAAqB;AAAA,EACrB,aAAa;AACjB;AAEA,SAAS,MAAM,IAA2B;AACtC,SAAO,IAAI,QAAQ,aAAW,WAAW,SAAS,EAAE,CAAC;AACzD;AAMO,SAAS,uBAAuB,SAAsB,CAAC,GAAG,QAAwB;AACrF,QAAM,OAAO,EAAE,GAAG,eAAe,GAAG,OAAO;AAE3C,SAAO,OAAO,UAAoB,YAAuE;AACrG,UAAM,iBAAiB,KAAK,cAAc,SAAS,WAAW;AAC9D,UAAM,oBAAoB,SAAS,UAAU;AAE7C,QAAI,CAAC,kBAAkB,CAAC,mBAAmB;AACvC,aAAO;AAAA,IACX;AAEA,QAAI,eAAe;AAEnB,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAEzD,UAAI,UAAU,KAAK,cAAc,KAAK,IAAI,GAAG,UAAU,CAAC;AACxD,YAAM,aAAa,aAAa,QAAQ,IAAI,aAAa;AACzD,UAAI,YAAY;AACZ,cAAM,SAAS,OAAO,UAAU;AAChC,YAAI,CAAC,MAAM,MAAM,GAAG;AAChB,oBAAU,SAAS;AAAA,QACvB;AAAA,MACJ;AAEA,cAAQ,MAAM,2BAA2B,OAAO,IAAI,KAAK,UAAU,UAAU,OAAO,UAAU,QAAQ,GAAG,EAAE;AAC3G,YAAM,MAAM,OAAO;AAEnB,UAAI;AACA,cAAM,gBAAgB,MAAM,MAAM,QAAQ,KAAK,QAAQ,MAAqB;AAE5E,YAAI,cAAc,WAAW,OAAO,KAAK,cAAc,UAAU,KAAK,YAAY;AAC9E,yBAAe;AACf;AAAA,QACJ;AACA,YAAI,cAAc,UAAU,OAAO,UAAU,KAAK,YAAY;AAC1D,yBAAe;AACf;AAAA,QACJ;AAEA,eAAO;AAAA,MACX,SAAS,KAAK;AACV,YAAI,CAAC,KAAK,uBAAuB,WAAW,KAAK,YAAY;AACzD,gBAAM;AAAA,QACV;AACA,gBAAQ,KAAK,4CAA4C,OAAO,IAAI,KAAK,UAAU,IAAI,GAAG;AAAA,MAC9F;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AACJ;AAIO,SAAS,4BAA4B,UAA6B;AACrE,QAAM,cAAc,gBAAgB,QAAQ;AAE5C,SAAO,CAAC,YAA6C;AACjD,UAAM,SAAS,CAAC,QAAQ,UAAU,QAAQ,WAAW;AACrD,UAAM,kBAAkB,sBAAsB,KAAK,QAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;AAEjF,QAAI,UAAU,mBAAmB,QAAQ,QAAQ,OAAO,QAAQ,SAAS,UAAU;AAC/E,YAAM,OAAO,QAAQ;AACrB,UAAI,CAAC,KAAK,aAAa;AACnB,eAAO,EAAE,GAAG,SAAS,MAAM,EAAE,GAAG,MAAM,aAAa,YAAY,EAAE;AAAA,MACrE;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AACJ;;;ACvKO,IAAM,aAAN,MAAiB;AAAA,EACpB,YACY,QACA,SACA,UACA,UACV;AAJU;AACA;AACA;AACA;AAAA,EACR;AAAA,EAEJ,MAAc,cAA6B;AACvC,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,QAAQ,WAAW,WAAW;AACzC,YAAM,KAAK,QAAQ,WAAW,YAAY;AAC1C,WAAK,WAAW;AAAA,IACpB;AAAA,EACJ;AAAA,EAEA,MAAc,cAAc,QAAuC;AAC/D,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,QAAQ,QAAQ,aAAa,OAAO,YAAY;AAC3D,UAAI,OAAO,eAAe;AACtB,cAAM,KAAK,QAAQ,QAAQ,cAAc,OAAO,aAAa;AAAA,MACjE;AACA,WAAK,WAAW,OAAO,cAAc,OAAO,aAAa;AAAA,IAC7D;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,eACF,MACkB;AAClB,UAAM,SAAS,MAAM,KAAK,OAAO,KAAgB,6BAA6B,IAAI;AAClF,WAAO,KAAK,cAAc,MAAM;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eACF,MACkB;AAClB,UAAM,SAAS,MAAM,KAAK,OAAO,KAAgB,6BAA6B,IAAI;AAClF,WAAO,KAAK,cAAc,MAAM;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,SAAS,MAAkD;AAC7D,UAAM,SAAS,MAAM,KAAK,OAAO,KAAuB,0BAA0B,IAAI;AACtF,QAAI,QAAQ,cAAc;AACtB,YAAM,KAAK,cAAc,MAAmB;AAAA,IAChD;AACA,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,OAAO,cAAqC;AAC9C,UAAM,KAAK,OAAO,KAAW,wBAAwB,EAAE,eAAe,aAAa,CAAC;AACpF,UAAM,KAAK,YAAY;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAA2B;AAC7B,UAAM,KAAK,OAAO,KAAW,0BAA0B;AACvD,UAAM,KAAK,YAAY;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAa,cAA0C;AACzD,UAAM,SAAS,MAAM,KAAK,OAAO,KAAgB,yBAAyB,EAAE,eAAe,aAAa,CAAC;AACzG,WAAO,KAAK,cAAc,MAAM;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,iBAAiB,MAAoD;AACvE,WAAO,KAAK,OAAO,KAAwB,oCAAoC,IAAI;AAAA,EACvF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,gBAAgB,OAAmC;AACrD,UAAM,SAAS,MAAM,KAAK,OAAO,IAAe,mCAAmC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AACxG,WAAO,KAAK,cAAc,MAAM;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,gBAAgB,UAA0D,MAA8C;AAC1H,UAAM,SAAS,MAAM,KAAK,OAAO,KAAgB,uBAAuB,QAAQ,KAAK,IAAI;AACzF,WAAO,KAAK,cAAc,MAAM;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,qBAAqB,UAA0D,MAAc,aAAyC;AACxI,UAAM,SAAS,MAAM,KAAK,OAAO,IAAe,uBAAuB,QAAQ,cAAc;AAAA,MACzF,QAAQ,EAAE,MAAM,cAAc,YAAY;AAAA,IAC9C,CAAC;AACD,WAAO,KAAK,cAAc,MAAM;AAAA,EACpC;AACJ;;;ACvMO,SAAS,kBAAkB,QAA0C;AACxE,QAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,MAAM,YAAY,KAAK;AACvC,cAAU,OAAO,aAAa,MAAM,CAAC,CAAC;AAAA,EAC1C;AACA,SAAO,KAAK,MAAM,EACb,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,MAAM,EAAE;AACzB;AAEO,SAAS,kBAAkB,WAA+B;AAC7D,QAAM,SAAS,UACV,QAAQ,MAAM,GAAG,EACjB,QAAQ,MAAM,GAAG;AACtB,QAAM,UAAU,IAAK,OAAO,SAAS,KAAM;AAC3C,QAAM,SAAS,SAAS,IAAI,OAAO,MAAM;AACzC,QAAM,SAAS,KAAK,MAAM;AAC1B,QAAM,QAAQ,IAAI,WAAW,OAAO,MAAM;AAC1C,WAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACpC,UAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AAAA,EAClC;AACA,SAAO;AACX;;;ACpBO,IAAM,iBAAN,MAAqB;AAAA,EACxB,YAAoB,QAA2B;AAA3B;AAAA,EAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQjD,MAAM,eAAiF;AACnF,WAAO,KAAK,OAAO,IAAI,0BAA0B;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAQH;AACC,WAAO,KAAK,OAAO,KAAK,yBAAyB;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAAW,UAId;AACC,WAAO,KAAK,OAAO,KAAK,6BAA6B,EAAE,WAAW,SAAS,CAAC;AAAA,EAChF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,WAAW,UAAkB,UAKhC;AACC,WAAO,KAAK,OAAO,KAAK,6BAA6B,EAAE,WAAW,UAAU,SAAS,CAAC;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,sBAAsB,UAMzB;AACC,WAAO,KAAK,OAAO,KAAK,kCAAkC,EAAE,WAAW,SAAS,CAAC;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,WAAW,MAMd;AACC,WAAO,KAAK,OAAO,KAAK,6BAA6B,EAAE,MAAM,SAAS,UAAU,uBAAuB,qBAAqB,CAAC;AAAA,EACjI;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAe,MAIlB;AACC,WAAO,KAAK,OAAO,KAAK,kCAAkC,EAAE,KAAK,CAAC;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAe,MAKlB;AACC,WAAO,KAAK,OAAO,KAAK,kCAAkC,EAAE,KAAK,CAAC;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,qBAAqB,QAAgH;AACvI,WAAO,KAAK,OAAO,KAAK,wCAAwC,MAAM;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,MAOM;AAC7B,WAAO,KAAK,OAAO,KAAK,wCAAwC,IAAI;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAAe,iBAAyB,aAAmD;AAC7F,WAAO,KAAK,OAAO,KAAK,iCAAiC;AAAA,MACrD,kBAAkB;AAAA,MAClB,cAAc;AAAA,IAClB,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,sBAAsB,UAAkB,OAY3C;AACC,WAAO,KAAK,OAAO,KAAK,mCAAmC,EAAE,UAAU,MAAM,CAAC;AAAA,EAClF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,0BAIH;AACC,WAAO,KAAK,OAAO,IAAI,qCAAqC;AAAA,EAChE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,iBAAiB,YAOpB;AAEC,UAAM,kBAAkB,MAAM,KAAK,OAAO,KAAU,uCAAuC;AAG3F,UAAM,gBAAgB,gBAAgB;AACtC,kBAAc,YAAY,kBAAkB,cAAc,SAAS;AACnE,kBAAc,KAAK,KAAK,kBAAkB,cAAc,KAAK,EAAE;AAC/D,QAAI,cAAc,oBAAoB;AAClC,oBAAc,mBAAmB,QAAQ,CAACA,UAAc;AACpD,QAAAA,MAAK,KAAK,kBAAkBA,MAAK,EAAE;AAAA,MACvC,CAAC;AAAA,IACL;AAGA,UAAM,OAAO,MAAM,UAAU,YAAY,OAAO,EAAE,WAAW,cAAc,CAAC;AAC5E,QAAI,CAAC,MAAM;AACP,YAAM,IAAI,MAAM,8CAA8C;AAAA,IAClE;AAEA,UAAM,WAAW,KAAK;AAGtB,UAAM,oBAAoB;AAAA,MACtB,aAAa;AAAA,MACb,YAAY;AAAA,QACR,IAAI,KAAK;AAAA,QACT,MAAM,KAAK;AAAA,QACX,OAAO,kBAAkB,KAAK,KAAK;AAAA,QACnC,UAAU;AAAA,UACN,mBAAmB,kBAAkB,SAAS,iBAAiB;AAAA,UAC/D,gBAAgB,kBAAkB,SAAS,cAAc;AAAA,QAC7D;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO,KAAK,OAAO,KAAK,4CAA4C,iBAAiB;AAAA,EACzF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,qBAAqB,OAMxB;AAEC,UAAM,kBAAkB,MAAM,KAAK,OAAO,KAAU,6CAA6C,QAAQ,EAAE,MAAM,IAAI,CAAC,CAAC;AAGvH,UAAM,gBAAgB,gBAAgB;AACtC,kBAAc,YAAY,kBAAkB,cAAc,SAAS;AACnE,QAAI,cAAc,kBAAkB;AAChC,oBAAc,iBAAiB,QAAQ,CAACA,UAAc;AAClD,QAAAA,MAAK,KAAK,kBAAkBA,MAAK,EAAE;AAAA,MACvC,CAAC;AAAA,IACL;AAGA,UAAM,OAAO,MAAM,UAAU,YAAY,IAAI,EAAE,WAAW,cAAc,CAAC;AACzE,QAAI,CAAC,MAAM;AACP,YAAM,IAAI,MAAM,gDAAgD;AAAA,IACpE;AAEA,UAAM,WAAW,KAAK;AAGtB,UAAM,oBAAoB;AAAA,MACtB,YAAY;AAAA,QACR,IAAI,KAAK;AAAA,QACT,MAAM,KAAK;AAAA,QACX,OAAO,kBAAkB,KAAK,KAAK;AAAA,QACnC,UAAU;AAAA,UACN,mBAAmB,kBAAkB,SAAS,iBAAiB;AAAA,UAC/D,gBAAgB,kBAAkB,SAAS,cAAc;AAAA,UACzD,WAAW,kBAAkB,SAAS,SAAS;AAAA,UAC/C,YAAY,SAAS,aAAa,kBAAkB,SAAS,UAAU,IAAI;AAAA,QAC/E;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO,KAAK,OAAO,KAAK,gDAAgD,iBAAiB;AAAA,EAC7F;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,0BAUH;AACC,WAAO,KAAK,OAAO,IAAI,oCAAoC;AAAA,EAC/D;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,yBAAyB,cAAqC;AAChE,WAAO,KAAK,OAAO,OAAO,qCAAqC,YAAY,GAAG;AAAA,EAClF;AACJ;;;AC3SO,SAAS,UAAU,OAA2C;AACjE,MAAI;AACA,UAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,QAAI,MAAM,WAAW,GAAG;AACpB,aAAO;AAAA,IACX;AAEA,UAAM,YAAY,MAAM,CAAC;AACzB,QAAI,CAAC,UAAW,QAAO;AAEvB,QAAI,SAAS,UAAU,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AAG3D,WAAO,OAAO,SAAS,GAAG;AACtB,gBAAU;AAAA,IACd;AAEA,UAAM,YAAY,OAAO,WAAW,eAAe,OAAO,OAAO,SAAS;AAC1E,QAAI;AAEJ,QAAI,WAAW;AAEX,oBAAc;AAAA,QACV,OAAO,KAAK,MAAM,EACb,MAAM,EAAE,EACR,IAAI,CAAC,MAAM,OAAO,OAAO,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE,CAAC,EAChE,KAAK,EAAE;AAAA,MAChB;AAAA,IACJ,OAAO;AAEH,oBAAc,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,MAAM;AAAA,IAC/D;AAEA,WAAO,KAAK,MAAM,WAAW;AAAA,EACjC,SAAS,IAAI;AACT,WAAO;AAAA,EACX;AACJ;;;AChCO,IAAM,aAAN,MAAiB;AAAA,EAGpB,YAAoB,QAA2B;AAA3B;AAAA,EAA6B;AAAA,EAFzC,cAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASrC,SAAS,OAAsB;AAC3B,SAAK,cAAc;AAAA,EACvB;AAAA,EAEQ,gBAAgB,OAA4C;AAChE,UAAM,IAAI,SAAS,KAAK;AACxB,QAAI,CAAC,EAAG,QAAO;AACf,WAAO,UAAU,CAAC;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,QAAQ,MAAc,OAAyB;AAC3C,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,MAAO,QAAO;AAC5B,WAAO,QAAQ,MAAM,SAAS,IAAI;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAW,OAAiB,OAAyB;AACjD,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,MAAO,QAAO;AAC5B,WAAO,MAAM,KAAK,OAAK,QAAQ,MAAO,SAAS,CAAC,CAAC;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,OAAiB,OAAyB;AAClD,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,MAAO,QAAO;AAC5B,WAAO,MAAM,MAAM,OAAK,QAAQ,MAAO,SAAS,CAAC,CAAC;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cAAc,YAAoB,OAAyB;AACvD,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,YAAa,QAAO;AAClC,WAAO,QAAQ,YAAY,SAAS,UAAU;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA,EAKA,iBAAiB,aAAuB,OAAyB;AAC7D,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,YAAa,QAAO;AAClC,WAAO,YAAY,KAAK,OAAK,QAAQ,YAAa,SAAS,CAAC,CAAC;AAAA,EACjE;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAkB,aAAuB,OAAyB;AAC9D,UAAM,UAAU,KAAK,gBAAgB,KAAK;AAC1C,QAAI,CAAC,SAAS,YAAa,QAAO;AAClC,WAAO,YAAY,MAAM,OAAK,QAAQ,YAAa,SAAS,CAAC,CAAC;AAAA,EAClE;AAAA;AAAA;AAAA,EAKA,MAAM,YAA6B;AAC/B,WAAO,KAAK,OAAO,IAAY,qBAAqB;AAAA,EACxD;AAAA;AAAA,EAGA,MAAM,WAAW,MAAgH;AAC7H,WAAO,KAAK,OAAO,KAAW,uBAAuB,IAAI;AAAA,EAC7D;AAAA;AAAA,EAGA,MAAM,QAAQ,QAA+B;AACzC,WAAO,KAAK,OAAO,IAAU,sBAAsB,MAAM,GAAG;AAAA,EAChE;AAAA;AAAA,EAGA,MAAM,WAAW,QAAgB,MAAiH;AAC9I,WAAO,KAAK,OAAO,IAAU,sBAAsB,MAAM,KAAK,IAAI;AAAA,EACtE;AAAA;AAAA,EAGA,MAAM,WAAW,QAA+B;AAC5C,WAAO,KAAK,OAAO,OAAa,sBAAsB,MAAM,GAAG;AAAA,EACnE;AAAA;AAAA,EAIA,MAAM,mBAAmB,QAAuC;AAC5D,WAAO,KAAK,OAAO,IAAkB,sBAAsB,MAAM,eAAe;AAAA,EACpF;AAAA,EAEA,MAAM,qBAAqB,QAAgB,kBAA2C;AAClF,WAAO,KAAK,OAAO,KAAW,sBAAsB,MAAM,iBAAiB,EAAE,iBAAiB,CAAC;AAAA,EACnG;AAAA,EAEA,MAAM,0BAA0B,QAAgB,kBAA2C;AACvF,WAAO,KAAK,OAAO,OAAa,sBAAsB,MAAM,iBAAiB,EAAE,iBAAiB,CAAC;AAAA,EACrG;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAyC;AAC3C,WAAO,KAAK,OAAO,IAAkB,2BAA2B;AAAA,EACpE;AAAA;AAAA,EAGA,MAAM,iBAAiB,MAAuG;AAC1H,WAAO,KAAK,OAAO,KAAiB,6BAA6B,IAAI;AAAA,EACzE;AAAA;AAAA,EAGA,MAAM,cAAc,cAA2C;AAC3D,WAAO,KAAK,OAAO,IAAgB,4BAA4B,YAAY,GAAG;AAAA,EAClF;AAAA;AAAA,EAGA,MAAM,iBAAiB,cAAsB,MAAoE;AAC7G,WAAO,KAAK,OAAO,IAAgB,4BAA4B,YAAY,KAAK,IAAI;AAAA,EACxF;AAAA;AAAA,EAGA,MAAM,iBAAiB,cAAqC;AACxD,WAAO,KAAK,OAAO,OAAa,4BAA4B,YAAY,GAAG;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAa,QAAkD;AACjE,WAAO,KAAK,OAAO,IAA6B,sBAAsB,MAAM,SAAS;AAAA,EACzF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,mBAAmB,QAAkD;AACvE,WAAO,KAAK,OAAO,IAA6B,sBAAsB,MAAM,eAAe;AAAA,EAC/F;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,iBAAiB,QAAgB,UAAiC;AACpE,WAAO,KAAK,OAAO,KAAW,sBAAsB,MAAM,WAAW,EAAE,WAAW,SAAS,CAAC;AAAA,EAChG;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAmB,QAAgB,UAAiC;AACtE,WAAO,KAAK,OAAO,OAAa,sBAAsB,MAAM,WAAW,QAAW;AAAA,MAC9E,QAAQ,EAAE,WAAW,SAAS;AAAA,IAClC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,wBAAwB,QAAgB,iBAA0C;AACpF,WAAO,KAAK,OAAO,KAAW,sBAAsB,MAAM,iBAAiB,EAAE,kBAAkB,gBAAgB,CAAC;AAAA,EACpH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,0BAA0B,QAAgB,iBAA0C;AACtF,WAAO,KAAK,OAAO,OAAa,sBAAsB,MAAM,iBAAiB,EAAE,kBAAkB,gBAAgB,CAAC;AAAA,EACtH;AACJ;;;ACrMO,IAAM,aAAN,MAAiB;AAAA,EACpB,YAAoB,QAA2B;AAA3B;AAAA,EAA6B;AAAA;AAAA;AAAA,EAKjD,MAAM,aAAmC;AACrC,WAAO,KAAK,OAAO,IAAI,kBAAkB;AAAA,EAC7C;AAAA;AAAA,EAGA,MAAM,cAAc,MAAiD;AACjE,WAAO,KAAK,OAAO,MAAM,oBAAoB,IAAI;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa,UAA0C;AACzD,WAAO,KAAK,OAAO,MAAM,oBAAoB,QAAQ;AAAA,EACzD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,UAAkB,SAAiC;AACnE,WAAO,KAAK,OAAO,KAAW,0CAA0C;AAAA,MACpE;AAAA,MACA,UAAU;AAAA,IACd,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,aAAoF;AACtF,WAAO,KAAK,OAAO,IAAI,wBAAwB;AAAA,EACnD;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,QAAuE;AACnF,WAAO,KAAK,OAAO,IAAoC,6BAA6B,EAAE,OAAO,CAAC;AAAA,EAClG;AAAA;AAAA,EAGA,MAAM,QAAQ,QAAsC;AAChD,WAAO,KAAK,OAAO,IAAI,4BAA4B,MAAM,GAAG;AAAA,EAChE;AAAA;AAAA,EAGA,MAAM,gBAAgB,QAAgB,MAAmD;AACrF,WAAO,KAAK,OAAO,MAAM,4BAA4B,MAAM,KAAK,IAAI;AAAA,EACxE;AAAA;AAAA,EAGA,MAAM,gBAAgB,QAA+B;AACjD,WAAO,KAAK,OAAO,OAAa,4BAA4B,MAAM,GAAG;AAAA,EACzE;AAAA;AAAA,EAGA,MAAM,QAAQ,QAAgB,SAAiB,IAAmB;AAC9D,WAAO,KAAK,OAAO,KAAW,4BAA4B,MAAM,SAAS,EAAE,OAAO,CAAC;AAAA,EACvF;AAAA;AAAA,EAGA,MAAM,UAAU,QAA+B;AAC3C,WAAO,KAAK,OAAO,KAAW,4BAA4B,MAAM,SAAS;AAAA,EAC7E;AAAA;AAAA,EAGA,MAAM,SAAS,QAAgB,kBAA0B,IAAI,SAAiB,IAAmB;AAC7F,WAAO,KAAK,OAAO,KAAW,4BAA4B,MAAM,UAAU,EAAE,kBAAkB,iBAAiB,OAAO,CAAC;AAAA,EAC3H;AAAA;AAAA,EAGA,MAAM,WAAW,QAA+B;AAC5C,WAAO,KAAK,OAAO,KAAW,4BAA4B,MAAM,UAAU;AAAA,EAC9E;AACJ;;;ACpFO,IAAM,YAAN,MAAgB;AAAA,EAGnB,YAAoB,QAA2B;AAA3B;AAEhB,SAAK,OAAO,sBAAsB,CAAC,WAAW;AAC1C,UAAI,KAAK,gBAAgB;AACrB,eAAO,UAAU;AAAA,UACb,GAAG,OAAO;AAAA,UACV,cAAc,KAAK;AAAA,QACvB;AAAA,MACJ;AACA,aAAO;AAAA,IACX,CAAC;AAAA,EACL;AAAA,EAbQ,iBAAgC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBxC,mBAAmB,MAAoB;AACnC,SAAK,iBAAiB;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA,EAKA,oBAA0B;AACtB,SAAK,iBAAiB;AAAA,EAC1B;AAAA;AAAA,EAGA,6BAA4C;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAmB,MAOC;AACtB,WAAO,KAAK,OAAO,KAAK,+BAA+B,IAAI;AAAA,EAC/D;AAAA;AAAA,EAGA,MAAM,oBAAoB,QAOmB;AACzC,WAAO,KAAK,OAAO,IAAI,+BAA+B,EAAE,OAAO,CAAC;AAAA,EACpE;AAAA;AAAA,EAGA,MAAM,gBAAgB,MAAqC;AACvD,WAAO,KAAK,OAAO,IAAI,8BAA8B,IAAI,GAAG;AAAA,EAChE;AAAA;AAAA,EAGA,MAAM,mBAAmB,MAAc,MAQZ;AACvB,WAAO,KAAK,OAAO,MAAM,8BAA8B,IAAI,KAAK,IAAI;AAAA,EACxE;AAAA;AAAA,EAGA,MAAM,mBAAmB,MAA4C;AACjE,WAAO,KAAK,OAAO,OAAO,8BAA8B,IAAI,GAAG;AAAA,EACnE;AAAA;AAAA,EAGA,MAAM,oBAAoB,MAAoC;AAC1D,WAAO,KAAK,OAAO,IAAI,8BAA8B,IAAI,QAAQ;AAAA,EACrE;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY,MAAc,QAOc;AAC1C,WAAO,KAAK,OAAO,IAAI,8BAA8B,IAAI,aAAa,EAAE,OAAO,CAAC;AAAA,EACpF;AAAA;AAAA,EAGA,MAAM,UAAU,MAAc,MAGH;AACvB,WAAO,KAAK,OAAO,KAAK,8BAA8B,IAAI,aAAa,IAAI;AAAA,EAC/E;AAAA;AAAA,EAGA,MAAM,iBAAiB,MAAc,QAAgB,UAA0C;AAC3F,WAAO,KAAK,OAAO,MAAM,8BAA8B,IAAI,YAAY,MAAM,KAAK,EAAE,WAAW,SAAS,CAAC;AAAA,EAC7G;AAAA;AAAA,EAGA,MAAM,aAAa,MAAc,QAA8C;AAC3E,WAAO,KAAK,OAAO,OAAO,8BAA8B,IAAI,YAAY,MAAM,GAAG;AAAA,EACrF;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,MAAc,MAY9B;AACC,WAAO,KAAK,OAAO,KAAK,8BAA8B,IAAI,iBAAiB,IAAI;AAAA,EACnF;AAAA;AAAA,EAGA,MAAM,eAQF;AACA,WAAO,KAAK,OAAO,IAAI,mCAAmC;AAAA,EAC9D;AACJ;;;AC5KO,IAAM,WAAN,MAAe;AAAA,EAKlB,YAAoB,QAA2B,QAAwB;AAAnD;AAChB,SAAK,SAAS;AAEd,SAAK,OAAO,sBAAsB,CAAC,WAAW;AAC1C,YAAM,UAAkC,EAAE,GAAG,OAAO,QAAQ;AAE5D,UAAI,KAAK,YAAY;AAGjB,gBAAQ,eAAe,IAAI,eAAe,KAAK,UAAU;AAAA,MAC7D;AAEA,UAAI,KAAK,SAAS;AACd,gBAAQ,mBAAmB,IAAI,KAAK;AAAA,MACxC;AAEA,aAAO,EAAE,GAAG,QAAQ,QAAQ;AAAA,IAChC,CAAC;AAKD,SAAK,OAAO,uBAAuB,OAAO,UAAU,aAAa;AAG7D,UAAI,SAAS,WAAW,KAAK;AAEzB,cAAM,SAAS,SAAS,MAAM;AAC9B,YAAI;AACA,gBAAM,OAAO,MAAM,OAAO,KAAK;AAE/B,eAAK,QAAQ,MAAM,gDAAgD,IAAI;AAAA,QAC3E,QAAQ;AAAA,QAER;AAAA,MACJ,WAAW,SAAS,WAAW,KAAK;AAChC,cAAM,SAAS,SAAS,MAAM;AAC9B,YAAI;AACA,gBAAM,OAAO,MAAM,OAAO,KAAK;AAC/B,cAAI,KAAK,SAAS,mBAAmB;AACjC,iBAAK,QAAQ,KAAK,gEAAgE;AAAA,UACtF,WAAW,KAAK,WAAW,aAAa;AACpC,iBAAK,QAAQ,KAAK,8CAA8C;AAAA,UACpE;AAAA,QACJ,QAAQ;AAAA,QAER;AAAA,MACJ;AACA,aAAO;AAAA,IACX,CAAC;AAAA,EACL;AAAA,EAtDQ,aAA4B;AAAA,EAC5B,UAAyB;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA,EA2DR,MAAM,iBAAiB,MAmBpB;AACC,WAAO,KAAK,OAAO,KAAK,2BAA2B,IAAI;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cAAc,OAAqB;AAC/B,SAAK,aAAa;AAAA,EACtB;AAAA;AAAA,EAGA,kBAAwB;AACpB,SAAK,aAAa;AAAA,EACtB;AAAA;AAAA,EAGA,cAAuB;AACnB,WAAO,KAAK,eAAe;AAAA,EAC/B;AAAA;AAAA,EAGA,MAAM,kBAAgD;AAClD,WAAO,KAAK,OAAO,IAAI,yBAAyB;AAAA,EACpD;AAAA;AAAA,EAGA,MAAM,cAAc,SAA6C;AAC7D,WAAO,KAAK,OAAO,IAAI,0BAA0B,OAAO,GAAG;AAAA,EAC/D;AAAA;AAAA,EAGA,MAAM,iBAAiB,SAAiD;AACpE,WAAO,KAAK,OAAO,KAAK,0BAA0B,OAAO,UAAU;AAAA,EACvE;AAAA;AAAA,EAGA,MAAM,kBAAkB,SAAmD;AACvE,WAAO,KAAK,OAAO,KAAK,0BAA0B,OAAO,WAAW;AAAA,EACxE;AAAA;AAAA,EAGA,MAAM,uBAAsE;AACxE,WAAO,KAAK,OAAO,KAAK,oCAAoC;AAAA,EAChE;AAAA;AAAA;AAAA,EAKA,MAAM,cAAc,SAA4C;AAC5D,WAAO,KAAK,OAAO,KAAK,0BAA0B,OAAO,aAAa;AAAA,EAC1E;AAAA;AAAA;AAAA,EAKA,MAAM,qBAAoD;AACtD,WAAO,KAAK,OAAO,IAAI,kCAAkC;AAAA,EAC7D;AAAA;AAAA,EAGA,MAAM,qBAAqB,mBAA6D;AACpF,WAAO,KAAK,OAAO,KAAK,4CAA4C,EAAE,OAAO,kBAAkB,CAAC;AAAA,EACpG;AAAA;AAAA,EAGA,MAAM,kBAAkB,mBAA0D;AAC9E,WAAO,KAAK,OAAO,KAAK,yCAAyC,EAAE,OAAO,kBAAkB,CAAC;AAAA,EACjG;AAAA;AAAA;AAAA,EAKA,WAAW,SAAuB;AAC9B,SAAK,UAAU;AAAA,EACnB;AAAA;AAAA,EAGA,eAAqB;AACjB,SAAK,UAAU;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,YAAY,SAAiB,OAI+C;AAC9E,WAAO,KAAK,OAAO,KAAK,0BAA0B,OAAO,kBAAkB,KAAK;AAAA,EACpF;AACJ;;;ACpGO,IAAM,qBAAN,MAAyB;AAAA,EAC5B,YAAoB,QAA2B;AAA3B;AAAA,EAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOhD,MAAM,iBAAiB,QAAyE;AAC5F,WAAO,KAAK,OAAO,IAAoC,8BAA8B;AAAA,MACjF;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,kBAAkB,MAAiE;AACrF,WAAO,KAAK,OAAO,KAAgC,8BAA8B,IAAI;AAAA,EACzF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAAe,OAAqC;AACtD,WAAO,KAAK,OAAO,IAAiB,6BAA6B,KAAK,GAAG;AAAA,EAC7E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,kBAAkB,OAAe,MAAmD;AACtF,WAAO,KAAK,OAAO,IAAiB,6BAA6B,KAAK,KAAK,IAAI;AAAA,EACnF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,iBAAiB,OAAe,MAA4D;AAC9F,WAAO,KAAK,OAAO,MAAmB,6BAA6B,KAAK,KAAK,IAAI;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAAkB,OAA8B;AAClD,WAAO,KAAK,OAAO,OAAa,6BAA6B,KAAK,GAAG;AAAA,EACzE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,sBAAsB,OAAe,eAAuB,cAAsD;AACpH,WAAO,KAAK,OAAO,KAAoC,6BAA6B,KAAK,gBAAgB,EAAE,aAAa,CAAC;AAAA,EAC7H;AACJ;;;ACsBO,IAAM,cAAN,MAAkB;AAAA,EACrB,YAAoB,QAA2B;AAA3B;AAAA,EAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQhD,MAAM,cAAc,QAAmE;AACnF,WAAO,KAAK,OAAO,IAAiC,kCAAkC;AAAA,MAClF;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAY,OAAkC;AAChD,WAAO,KAAK,OAAO,IAAc,iCAAiC,KAAK,GAAG;AAAA,EAC9E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,kBAAkB,QAA2E;AAC/F,WAAO,KAAK,OAAO,IAAqC,sCAAsC;AAAA,MAC1F;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,sBAAsB,QAAmF;AAC3G,WAAO,KAAK,OAAO,IAAyC,0CAA0C;AAAA,MAClG;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,2BAA6D;AAC/D,WAAO,KAAK,OAAO,KAA8B,gDAAgD;AAAA,EACrG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,kBAAkB,QAA+E;AACnG,WAAO,KAAK,OAAO,IAAyC,sCAAsC;AAAA,MAC9F;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,mBAAmB,SAA4C;AACjE,WAAO,KAAK,OAAO,KAAuB,qCAAqC,OAAO,UAAU;AAAA,EACpG;AACJ;;;AC1GO,IAAM,aAAN,MAAiB;AAAA,EACpB,YAAoB,QAA2B;AAA3B;AAAA,EAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAShD,MAAM,uBAAuB,MAA2E;AACpG,WAAO,KAAK,OAAO,KAAqC,0CAA0C,IAAI;AAAA,EAC1G;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,uBAAuB,OAAwD;AACjF,WAAO,KAAK,OAAO,KAAqC,0CAA0C,EAAE,MAAM,CAAC;AAAA,EAC/G;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,sBAAsB,UAA0D;AAClF,WAAO,KAAK,OAAO,KAAoC,yCAAyC,EAAE,SAAS,CAAC;AAAA,EAChH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,2BAAoD;AACtD,WAAO,KAAK,OAAO,IAAoB,uCAAuC;AAAA,EAClF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAe,UAA2C;AAC5D,WAAO,KAAK,OAAO,KAAqB,kCAAkC,EAAE,SAAS,CAAC;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,qBAAqB,QAAiF;AACxG,WAAO,KAAK,OAAO,IAAwC,yCAAyC;AAAA,MAChG;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,mBAAmB,WAA6C;AAClE,WAAO,KAAK,OAAO,IAAqB,wCAAwC,SAAS,GAAG;AAAA,EAChG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,uBAAuB,WAA4B,MAAoE;AACzH,WAAO,KAAK,OAAO,KAA8B,wCAAwC,SAAS,aAAa,IAAI;AAAA,EACvH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,0BAAoE;AACtE,WAAO,KAAK,OAAO,KAAsC,uDAAuD;AAAA,EACpH;AACJ;;;ACxJO,IAAM,kBAAN,MAAsB;AAAA,EACzB,YAAoB,QAA2B;AAA3B;AAAA,EAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAShD,MAAM,SAAS,QAAwD;AACnE,WAAO,KAAK,OAAO,IAAoB,iCAAiC;AAAA,MACpE;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAmC;AACrC,WAAO,KAAK,OAAO,IAAe,8BAA8B;AAAA,EACpE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,mBAA2C;AAC7C,WAAO,KAAK,OAAO,IAAmB,kCAAkC;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAmC;AACrC,WAAO,KAAK,OAAO,IAAe,8BAA8B;AAAA,EACpE;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,uBAA0C;AAC5C,WAAO,KAAK,OAAO,IAAc,uCAAuC;AAAA,EAC5E;AACJ;;;ACrHO,IAAM,eAAN,MAAuD;AAAA;AAAA,EAElD;AAAA,EAER,cAAc;AACV,SAAK,SAAS,oBAAI,IAAI;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,GAA2B,OAAU,UAAoD;AACrF,QAAI,CAAC,KAAK,OAAO,IAAI,KAAK,GAAG;AACzB,WAAK,OAAO,IAAI,OAAO,CAAC,CAAC;AAAA,IAC7B;AACA,SAAK,OAAO,IAAI,KAAK,EAAG,KAAK,QAAQ;AACrC,WAAO,MAAM,KAAK,IAAI,OAAO,QAAQ;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAA4B,OAAU,UAA8C;AAChF,UAAM,YAAY,KAAK,OAAO,IAAI,KAAK;AACvC,QAAI,CAAC,UAAW;AAChB,UAAM,QAAQ,UAAU,QAAQ,QAAQ;AACxC,QAAI,UAAU,IAAI;AACd,gBAAU,OAAO,OAAO,CAAC;AAAA,IAC7B;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKA,KAA6B,OAAU,UAAoD;AACvF,UAAM,UAAU,CAAC,YAAuB;AACpC,WAAK,IAAI,OAAO,OAAO;AACvB,eAAS,OAAO;AAAA,IACpB;AACA,WAAO,KAAK,GAAG,OAAO,OAAO;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKA,KAA6B,OAAU,SAA0B;AAC7D,UAAM,YAAY,KAAK,OAAO,IAAI,KAAK;AACvC,QAAI,CAAC,UAAW;AAEhB,UAAM,OAAO,CAAC,GAAG,SAAS;AAC1B,eAAW,YAAY,MAAM;AACzB,UAAI;AACA,iBAAS,OAAO;AAAA,MACpB,SAAS,KAAK;AACV,gBAAQ,MAAM,6DAA6D,OAAO,KAAK,CAAC,IAAI,GAAG;AAAA,MACnG;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,qBAA2B;AACvB,SAAK,OAAO,MAAM;AAAA,EACtB;AACJ;;;AC/BO,IAAM,gBAAN,MAAoB;AAAA;AAAA,EAEP;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAET;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAGC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBR,YAAY,SAA8B;AACtC,SAAK,SAAS,cAAc,OAAO;AACnC,SAAK,UAAU,KAAK,OAAO;AAE3B,SAAK,UAAU,IAAI,aAA8B;AAEjD,SAAK,UAAU,EAAE,eAAe,MAAM,cAAc,KAAK;AAEzD,SAAK,OAAO,IAAI,kBAAkB;AAAA,MAC9B,SAAS,KAAK,OAAO;AAAA,MACrB,SAAS,KAAK,OAAO;AAAA,MACrB,WAAW,KAAK,OAAO;AAAA,IAC3B,CAAC;AAGD,SAAK,KAAK,sBAAsB,sBAAsB,KAAK,SAAS,KAAK,OAAO,CAAC;AAGjF,QAAI,KAAK,OAAO,gBAAgB;AAC5B,WAAK,KAAK,sBAAsB,4BAA4B,KAAK,OAAO,kBAAkB,CAAC;AAAA,IAC/F;AAGA,QAAI,KAAK,OAAO,aAAa;AACzB,WAAK,KAAK;AAAA,QACN,uBAAuB,KAAK,OAAO,aAAa,KAAK,OAAO,MAAM;AAAA,MACtE;AAAA,IACJ;AAGA,QAAI,KAAK,OAAO,aAAa;AACzB,WAAK,KAAK;AAAA,QACN;AAAA,UACI,KAAK;AAAA,UACL,KAAK;AAAA,UACL,MAAM;AACF,iBAAK,KAAK,mBAAmB,MAAiB;AAC9C,iBAAK,OAAO,mBAAmB;AAAA,UACnC;AAAA,UACA,CAAC,aAAa,iBAAiB;AAC3B,iBAAK,KAAK,SAAS,WAAW;AAC9B,iBAAK,KAAK,mBAAmB,EAAE,YAAY,CAAC;AAC5C,iBAAK,KAAK,gBAAgB,EAAE,aAAa,aAAa,CAAC;AAAA,UAC3D;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAEA,SAAK,OAAO,IAAI,WAAW,KAAK,IAAI;AACpC,SAAK,OAAO,IAAI;AAAA,MACZ,KAAK;AAAA,MACL,KAAK;AAAA,MACL,CAAC,aAAa,iBAAiB;AAC3B,aAAK,KAAK,SAAS,WAAW;AAC9B,aAAK,KAAK,gBAAgB,EAAE,aAAa,aAAa,CAAC;AAAA,MAC3D;AAAA,MACA,MAAM;AACF,aAAK,KAAK,SAAS,IAAI;AACvB,aAAK,KAAK,mBAAmB,MAAiB;AAAA,MAClD;AAAA,IACJ;AACA,SAAK,WAAW,IAAI,eAAe,KAAK,IAAI;AAC5C,SAAK,OAAO,IAAI,WAAW,KAAK,IAAI;AACpC,SAAK,MAAM,IAAI,UAAU,KAAK,IAAI;AAClC,SAAK,KAAK,IAAI,SAAS,KAAK,MAAM,KAAK,OAAO,MAAM;AACpD,SAAK,eAAe,IAAI,mBAAmB,KAAK,IAAI;AACpD,SAAK,QAAQ,IAAI,YAAY,KAAK,IAAI;AACtC,SAAK,OAAO,IAAI,WAAW,KAAK,IAAI;AACpC,SAAK,YAAY,IAAI,gBAAgB,KAAK,IAAI;AAAA,EAClD;AAAA;AAAA;AAAA,EAKA,GAAoC,OAAU,UAA6D;AACvG,WAAO,KAAK,QAAQ,GAAG,OAAO,QAAQ;AAAA,EAC1C;AAAA;AAAA,EAGA,KAAsC,OAAU,UAA6D;AACzG,WAAO,KAAK,QAAQ,KAAK,OAAO,QAAQ;AAAA,EAC5C;AAAA;AAAA,EAGA,IAAqC,OAAU,UAAuD;AAClG,SAAK,QAAQ,IAAI,OAAO,QAAQ;AAAA,EACpC;AAAA;AAAA,EAGA,KAAsC,OAAU,SAAmC;AAC/E,SAAK,QAAQ,KAAK,OAAO,OAAO;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,kBAAoC;AACtC,UAAM,QAAQ,MAAM,KAAK,QAAQ,QAAQ,WAAW;AACpD,QAAI,CAAC,MAAO,QAAO;AACnB,WAAO,CAAC,KAAK,mBAAmB,KAAK;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAyC;AAC3C,WAAO,KAAK,QAAQ,QAAQ,WAAW;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,iBAAsD;AACxD,UAAM,QAAQ,MAAM,KAAK,QAAQ,QAAQ,WAAW;AACpD,QAAI,CAAC,MAAO,QAAO;AACnB,WAAO,UAAU,KAAK;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,iBAAmC;AACrC,UAAM,QAAQ,MAAM,KAAK,QAAQ,QAAQ,WAAW;AACpD,QAAI,CAAC,MAAO,QAAO;AACnB,WAAO,KAAK,mBAAmB,KAAK;AAAA,EACxC;AAAA;AAAA,EAGQ,mBAAmB,OAAwB;AAC/C,UAAM,UAAU,UAAU,KAAK;AAC/B,QAAI,CAAC,SAAS,IAAK,QAAO;AAE1B,WAAO,QAAQ,MAAM,MAAO,KAAK,IAAI,IAAI;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,WAAwC;AAC1C,UAAM,QAAQ,MAAM,KAAK,QAAQ,QAAQ,WAAW;AACpD,UAAM,kBAAkB,QAAQ,CAAC,KAAK,mBAAmB,KAAK,IAAI;AAClE,UAAM,OAAO,QAAQ,UAAU,KAAK,IAAI;AAExC,WAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA,aAAa;AAAA,MACb,WAAW,KAAK,QAAQ;AAAA,MACxB,aAAa,KAAK,GAAG,YAAY;AAAA,IACrC;AAAA,EACJ;AACJ;","names":["cred"]}