@tinycloud/sdk-core 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (166) hide show
  1. package/LICENSE.md +320 -0
  2. package/dist/TinyCloud.d.ts +206 -0
  3. package/dist/TinyCloud.d.ts.map +1 -0
  4. package/dist/TinyCloud.js +244 -0
  5. package/dist/TinyCloud.js.map +1 -0
  6. package/dist/TinyCloud.schema.d.ts +173 -0
  7. package/dist/TinyCloud.schema.d.ts.map +1 -0
  8. package/dist/TinyCloud.schema.js +136 -0
  9. package/dist/TinyCloud.schema.js.map +1 -0
  10. package/dist/TinyCloud.schema.test.d.ts +5 -0
  11. package/dist/TinyCloud.schema.test.d.ts.map +1 -0
  12. package/dist/TinyCloud.schema.test.js +286 -0
  13. package/dist/TinyCloud.schema.test.js.map +1 -0
  14. package/dist/authorization/CapabilityKeyRegistry.d.ts +317 -0
  15. package/dist/authorization/CapabilityKeyRegistry.d.ts.map +1 -0
  16. package/dist/authorization/CapabilityKeyRegistry.js +509 -0
  17. package/dist/authorization/CapabilityKeyRegistry.js.map +1 -0
  18. package/dist/authorization/authorization.schema.d.ts +233 -0
  19. package/dist/authorization/authorization.schema.d.ts.map +1 -0
  20. package/dist/authorization/authorization.schema.js +220 -0
  21. package/dist/authorization/authorization.schema.js.map +1 -0
  22. package/dist/authorization/authorization.schema.test.d.ts +5 -0
  23. package/dist/authorization/authorization.schema.test.d.ts.map +1 -0
  24. package/dist/authorization/authorization.schema.test.js +618 -0
  25. package/dist/authorization/authorization.schema.test.js.map +1 -0
  26. package/dist/authorization/index.d.ts +38 -0
  27. package/dist/authorization/index.d.ts.map +1 -0
  28. package/dist/authorization/index.js +52 -0
  29. package/dist/authorization/index.js.map +1 -0
  30. package/dist/authorization/spaceCreation.d.ts +96 -0
  31. package/dist/authorization/spaceCreation.d.ts.map +1 -0
  32. package/dist/authorization/spaceCreation.js +35 -0
  33. package/dist/authorization/spaceCreation.js.map +1 -0
  34. package/dist/authorization/spaceCreation.schema.d.ts +67 -0
  35. package/dist/authorization/spaceCreation.schema.d.ts.map +1 -0
  36. package/dist/authorization/spaceCreation.schema.js +95 -0
  37. package/dist/authorization/spaceCreation.schema.js.map +1 -0
  38. package/dist/authorization/spaceCreation.schema.test.d.ts +5 -0
  39. package/dist/authorization/spaceCreation.schema.test.d.ts.map +1 -0
  40. package/dist/authorization/spaceCreation.schema.test.js +168 -0
  41. package/dist/authorization/spaceCreation.schema.test.js.map +1 -0
  42. package/dist/authorization/strategies.d.ts +134 -0
  43. package/dist/authorization/strategies.d.ts.map +1 -0
  44. package/dist/authorization/strategies.js +15 -0
  45. package/dist/authorization/strategies.js.map +1 -0
  46. package/dist/authorization/strategies.schema.d.ts +185 -0
  47. package/dist/authorization/strategies.schema.d.ts.map +1 -0
  48. package/dist/authorization/strategies.schema.js +147 -0
  49. package/dist/authorization/strategies.schema.js.map +1 -0
  50. package/dist/authorization/strategies.schema.test.d.ts +5 -0
  51. package/dist/authorization/strategies.schema.test.d.ts.map +1 -0
  52. package/dist/authorization/strategies.schema.test.js +253 -0
  53. package/dist/authorization/strategies.schema.test.js.map +1 -0
  54. package/dist/delegations/DelegationManager.d.ts +164 -0
  55. package/dist/delegations/DelegationManager.d.ts.map +1 -0
  56. package/dist/delegations/DelegationManager.js +428 -0
  57. package/dist/delegations/DelegationManager.js.map +1 -0
  58. package/dist/delegations/SharingService.d.ts +279 -0
  59. package/dist/delegations/SharingService.d.ts.map +1 -0
  60. package/dist/delegations/SharingService.js +558 -0
  61. package/dist/delegations/SharingService.js.map +1 -0
  62. package/dist/delegations/SharingService.schema.d.ts +401 -0
  63. package/dist/delegations/SharingService.schema.d.ts.map +1 -0
  64. package/dist/delegations/SharingService.schema.js +211 -0
  65. package/dist/delegations/SharingService.schema.js.map +1 -0
  66. package/dist/delegations/index.d.ts +38 -0
  67. package/dist/delegations/index.d.ts.map +1 -0
  68. package/dist/delegations/index.js +42 -0
  69. package/dist/delegations/index.js.map +1 -0
  70. package/dist/delegations/types.d.ts +13 -0
  71. package/dist/delegations/types.d.ts.map +1 -0
  72. package/dist/delegations/types.js +42 -0
  73. package/dist/delegations/types.js.map +1 -0
  74. package/dist/delegations/types.schema.d.ts +1641 -0
  75. package/dist/delegations/types.schema.d.ts.map +1 -0
  76. package/dist/delegations/types.schema.js +535 -0
  77. package/dist/delegations/types.schema.js.map +1 -0
  78. package/dist/delegations/types.schema.test.d.ts +5 -0
  79. package/dist/delegations/types.schema.test.d.ts.map +1 -0
  80. package/dist/delegations/types.schema.test.js +627 -0
  81. package/dist/delegations/types.schema.test.js.map +1 -0
  82. package/dist/index.d.ts +22 -0
  83. package/dist/index.d.ts.map +1 -0
  84. package/dist/index.js +52 -0
  85. package/dist/index.js.map +1 -0
  86. package/dist/json-schema.d.ts +327 -0
  87. package/dist/json-schema.d.ts.map +1 -0
  88. package/dist/json-schema.js +703 -0
  89. package/dist/json-schema.js.map +1 -0
  90. package/dist/json-schema.test.d.ts +7 -0
  91. package/dist/json-schema.test.d.ts.map +1 -0
  92. package/dist/json-schema.test.js +365 -0
  93. package/dist/json-schema.test.js.map +1 -0
  94. package/dist/signer.d.ts +28 -0
  95. package/dist/signer.d.ts.map +1 -0
  96. package/dist/signer.js +2 -0
  97. package/dist/signer.js.map +1 -0
  98. package/dist/space.d.ts +53 -0
  99. package/dist/space.d.ts.map +1 -0
  100. package/dist/space.js +67 -0
  101. package/dist/space.js.map +1 -0
  102. package/dist/space.schema.d.ts +65 -0
  103. package/dist/space.schema.d.ts.map +1 -0
  104. package/dist/space.schema.js +65 -0
  105. package/dist/space.schema.js.map +1 -0
  106. package/dist/space.schema.test.d.ts +5 -0
  107. package/dist/space.schema.test.d.ts.map +1 -0
  108. package/dist/space.schema.test.js +148 -0
  109. package/dist/space.schema.test.js.map +1 -0
  110. package/dist/spaces/Space.d.ts +175 -0
  111. package/dist/spaces/Space.d.ts.map +1 -0
  112. package/dist/spaces/Space.js +84 -0
  113. package/dist/spaces/Space.js.map +1 -0
  114. package/dist/spaces/SpaceService.d.ts +271 -0
  115. package/dist/spaces/SpaceService.d.ts.map +1 -0
  116. package/dist/spaces/SpaceService.js +715 -0
  117. package/dist/spaces/SpaceService.js.map +1 -0
  118. package/dist/spaces/index.d.ts +11 -0
  119. package/dist/spaces/index.d.ts.map +1 -0
  120. package/dist/spaces/index.js +20 -0
  121. package/dist/spaces/index.js.map +1 -0
  122. package/dist/spaces/spaces.schema.d.ts +421 -0
  123. package/dist/spaces/spaces.schema.d.ts.map +1 -0
  124. package/dist/spaces/spaces.schema.js +342 -0
  125. package/dist/spaces/spaces.schema.js.map +1 -0
  126. package/dist/spaces/spaces.schema.test.d.ts +5 -0
  127. package/dist/spaces/spaces.schema.test.d.ts.map +1 -0
  128. package/dist/spaces/spaces.schema.test.js +471 -0
  129. package/dist/spaces/spaces.schema.test.js.map +1 -0
  130. package/dist/storage.d.ts +47 -0
  131. package/dist/storage.d.ts.map +1 -0
  132. package/dist/storage.js +14 -0
  133. package/dist/storage.js.map +1 -0
  134. package/dist/storage.schema.d.ts +277 -0
  135. package/dist/storage.schema.d.ts.map +1 -0
  136. package/dist/storage.schema.js +185 -0
  137. package/dist/storage.schema.js.map +1 -0
  138. package/dist/storage.schema.test.d.ts +5 -0
  139. package/dist/storage.schema.test.d.ts.map +1 -0
  140. package/dist/storage.schema.test.js +346 -0
  141. package/dist/storage.schema.test.js.map +1 -0
  142. package/dist/userAuthorization.d.ts +99 -0
  143. package/dist/userAuthorization.d.ts.map +1 -0
  144. package/dist/userAuthorization.js +3 -0
  145. package/dist/userAuthorization.js.map +1 -0
  146. package/dist/userAuthorization.schema.d.ts +259 -0
  147. package/dist/userAuthorization.schema.d.ts.map +1 -0
  148. package/dist/userAuthorization.schema.js +175 -0
  149. package/dist/userAuthorization.schema.js.map +1 -0
  150. package/dist/userAuthorization.schema.test.d.ts +5 -0
  151. package/dist/userAuthorization.schema.test.d.ts.map +1 -0
  152. package/dist/userAuthorization.schema.test.js +356 -0
  153. package/dist/userAuthorization.schema.test.js.map +1 -0
  154. package/dist/version.d.ts +30 -0
  155. package/dist/version.d.ts.map +1 -0
  156. package/dist/version.js +54 -0
  157. package/dist/version.js.map +1 -0
  158. package/dist/wasm-validation.d.ts +287 -0
  159. package/dist/wasm-validation.d.ts.map +1 -0
  160. package/dist/wasm-validation.js +219 -0
  161. package/dist/wasm-validation.js.map +1 -0
  162. package/dist/wasm-validation.test.d.ts +5 -0
  163. package/dist/wasm-validation.test.d.ts.map +1 -0
  164. package/dist/wasm-validation.test.js +233 -0
  165. package/dist/wasm-validation.test.js.map +1 -0
  166. package/package.json +40 -0
package/dist/authorization/CapabilityKeyRegistry.js ADDED
@@ -0,0 +1,509 @@
1
+ /**
2
+ * CapabilityKeyRegistry - Tracks keys and their capabilities for automatic key selection.
3
+ *
4
+ * The registry maintains mappings between:
5
+ * - Keys and their associated delegations
6
+ * - Capabilities (resource/action pairs) and the keys that can exercise them
7
+ *
8
+ * This enables automatic key selection when performing operations, choosing
9
+ * the most appropriate key based on priority and validity.
10
+ *
11
+ * @packageDocumentation
12
+ */
13
+ import { ok, err, serviceError } from "@tinycloud/sdk-services";
14
+ // =============================================================================
15
+ // Service Name
16
+ // =============================================================================
17
+ const SERVICE_NAME = "capability-key-registry";
18
+ // =============================================================================
19
+ // Error Codes
20
+ // =============================================================================
21
+ /**
22
+ * Error codes specific to CapabilityKeyRegistry operations.
23
+ */
24
+ export const CapabilityKeyRegistryErrorCodes = {
25
+ /** Key not found in registry */
26
+ KEY_NOT_FOUND: "KEY_NOT_FOUND",
27
+ /** No key available for the requested capability */
28
+ NO_CAPABLE_KEY: "NO_CAPABLE_KEY",
29
+ /** Delegation has expired */
30
+ DELEGATION_EXPIRED: "DELEGATION_EXPIRED",
31
+ /** Delegation has been revoked */
32
+ DELEGATION_REVOKED: "DELEGATION_REVOKED",
33
+ /** Invalid delegation data */
34
+ INVALID_DELEGATION: "INVALID_DELEGATION",
35
+ /** Key already registered */
36
+ KEY_EXISTS: "KEY_EXISTS",
37
+ };
38
+ // =============================================================================
39
+ // Implementation
40
+ // =============================================================================
41
+ /**
42
+ * CapabilityKeyRegistry - Tracks keys and their capabilities for automatic key selection.
43
+ *
44
+ * @example
45
+ * ```typescript
46
+ * const registry = new CapabilityKeyRegistry();
47
+ *
48
+ * // Register a session key with its delegations
49
+ * registry.registerKey(sessionKey, [rootDelegation]);
50
+ *
51
+ * // Get the best key for an operation
52
+ * const key = registry.getKeyForCapability(
53
+ * "tinycloud://my-space/kv/data",
54
+ * "tinycloud.kv/get"
55
+ * );
56
+ *
57
+ * if (key) {
58
+ * // Use this key for the operation
59
+ * console.log("Using key:", key.id);
60
+ * }
61
+ * ```
62
+ */
63
+ export class CapabilityKeyRegistry {
64
+ constructor() {
65
+ /**
66
+ * Registry of all keys indexed by ID.
67
+ */
68
+ this.keys = new Map();
69
+ /**
70
+ * Delegation storage.
71
+ */
72
+ this.store = {
73
+ byKey: new Map(),
74
+ byCid: new Map(),
75
+ byCapability: new Map(),
76
+ };
77
+ }
78
+ // ===========================================================================
79
+ // Key Management
80
+ // ===========================================================================
81
+ /**
82
+ * Register a key with its associated delegations.
83
+ *
84
+ * @param key - Key information
85
+ * @param delegations - Delegations granted to this key
86
+ */
87
+ registerKey(key, delegations) {
88
+ // Store the key
89
+ this.keys.set(key.id, key);
90
+ // Initialize delegation storage for this key
91
+ if (!this.store.byKey.has(key.id)) {
92
+ this.store.byKey.set(key.id, []);
93
+ }
94
+ // Process each delegation
95
+ for (const delegation of delegations) {
96
+ this.addDelegation(key, delegation);
97
+ }
98
+ }
99
+ /**
100
+ * Remove a key and all its associated delegations.
101
+ *
102
+ * @param keyId - The key ID to remove
103
+ */
104
+ removeKey(keyId) {
105
+ // Get delegations for this key
106
+ const delegations = this.store.byKey.get(keyId) || [];
107
+ // Remove from byCid
108
+ for (const delegation of delegations) {
109
+ this.store.byCid.delete(delegation.cid);
110
+ }
111
+ // Remove from byCapability
112
+ for (const [capKey, entries] of this.store.byCapability) {
113
+ const filtered = entries.filter((entry) => !entry.keys.some((k) => k.id === keyId));
114
+ if (filtered.length === 0) {
115
+ this.store.byCapability.delete(capKey);
116
+ }
117
+ else {
118
+ // Remove this key from entries that have multiple keys
119
+ for (const entry of filtered) {
120
+ entry.keys = entry.keys.filter((k) => k.id !== keyId);
121
+ }
122
+ this.store.byCapability.set(capKey, filtered.filter((e) => e.keys.length > 0));
123
+ }
124
+ }
125
+ // Remove from byKey
126
+ this.store.byKey.delete(keyId);
127
+ // Remove the key itself
128
+ this.keys.delete(keyId);
129
+ }
130
+ // ===========================================================================
131
+ // Capability Lookup
132
+ // ===========================================================================
133
+ /**
134
+ * Get a key that can exercise the specified capability.
135
+ *
136
+ * Key selection algorithm:
137
+ * 1. Filter keys that have the required capability
138
+ * 2. Check delegation validity (not expired, not revoked)
139
+ * 3. Sort by priority (session=0, main=1, ingested=2)
140
+ * 4. Return highest priority valid key
141
+ *
142
+ * @param resource - Resource URI
143
+ * @param action - Action to perform
144
+ * @returns The best matching key, or null if none available
145
+ */
146
+ getKeyForCapability(resource, action) {
147
+ // Find matching capabilities
148
+ const matchingEntries = this.findMatchingEntries(resource, action);
149
+ if (matchingEntries.length === 0) {
150
+ return null;
151
+ }
152
+ // Collect all valid keys from matching entries
153
+ const validKeys = [];
154
+ for (const entry of matchingEntries) {
155
+ // Check if the delegation is valid
156
+ if (!this.isDelegationValid(entry.delegation)) {
157
+ continue;
158
+ }
159
+ // Add keys from this entry
160
+ for (const key of entry.keys) {
161
+ if (!validKeys.some((k) => k.id === key.id)) {
162
+ validKeys.push(key);
163
+ }
164
+ }
165
+ }
166
+ if (validKeys.length === 0) {
167
+ return null;
168
+ }
169
+ // Sort by priority (lower is better)
170
+ validKeys.sort((a, b) => a.priority - b.priority);
171
+ return validKeys[0];
172
+ }
173
+ /**
174
+ * Get all registered capabilities.
175
+ *
176
+ * @returns All capability entries in the registry
177
+ */
178
+ getAllCapabilities() {
179
+ const all = [];
180
+ for (const entries of this.store.byCapability.values()) {
181
+ all.push(...entries);
182
+ }
183
+ return all;
184
+ }
185
+ // ===========================================================================
186
+ // Delegation Tracking
187
+ // ===========================================================================
188
+ /**
189
+ * Get all delegations for a specific key.
190
+ *
191
+ * @param keyId - The key ID
192
+ * @returns Array of delegations for this key
193
+ */
194
+ getDelegationsForKey(keyId) {
195
+ return this.store.byKey.get(keyId) || [];
196
+ }
197
+ // ===========================================================================
198
+ // Ingestion
199
+ // ===========================================================================
200
+ /**
201
+ * Ingest a key and delegation from an external source.
202
+ *
203
+ * @param key - Key information to ingest
204
+ * @param delegation - Delegation to associate with the key
205
+ * @param options - Ingestion options
206
+ */
207
+ ingestKey(key, delegation, options) {
208
+ // Apply priority override if specified
209
+ const keyToStore = options?.priority !== undefined
210
+ ? { ...key, priority: options.priority }
211
+ : key;
212
+ // Store the key
213
+ this.keys.set(keyToStore.id, keyToStore);
214
+ // Initialize delegation storage
215
+ if (!this.store.byKey.has(keyToStore.id)) {
216
+ this.store.byKey.set(keyToStore.id, []);
217
+ }
218
+ // Add the delegation
219
+ this.addDelegation(keyToStore, delegation);
220
+ }
221
+ // ===========================================================================
222
+ // Validation
223
+ // ===========================================================================
224
+ /**
225
+ * Check if a delegation is currently valid.
226
+ *
227
+ * @param delegation - The delegation to check
228
+ * @returns true if valid, false if expired or revoked
229
+ */
230
+ isDelegationValid(delegation) {
231
+ // Check if revoked
232
+ if (delegation.isRevoked) {
233
+ return false;
234
+ }
235
+ // Check expiry
236
+ const now = new Date();
237
+ if (delegation.expiry && delegation.expiry < now) {
238
+ return false;
239
+ }
240
+ return true;
241
+ }
242
+ // ===========================================================================
243
+ // Key Access
244
+ // ===========================================================================
245
+ /**
246
+ * Get a key by its ID.
247
+ *
248
+ * @param keyId - The key ID
249
+ * @returns The key info, or undefined if not found
250
+ */
251
+ getKey(keyId) {
252
+ return this.keys.get(keyId);
253
+ }
254
+ /**
255
+ * Get all registered keys.
256
+ *
257
+ * @returns Array of all registered keys
258
+ */
259
+ getAllKeys() {
260
+ return Array.from(this.keys.values());
261
+ }
262
+ // ===========================================================================
263
+ // Clear
264
+ // ===========================================================================
265
+ /**
266
+ * Clear all registered keys and delegations.
267
+ */
268
+ clear() {
269
+ this.keys.clear();
270
+ this.store.byKey.clear();
271
+ this.store.byCid.clear();
272
+ this.store.byCapability.clear();
273
+ }
274
+ // ===========================================================================
275
+ // Revocation
276
+ // ===========================================================================
277
+ /**
278
+ * Revoke a delegation by CID.
279
+ *
280
+ * @param cid - The delegation CID to revoke
281
+ * @returns Result indicating success or failure
282
+ */
283
+ revokeDelegation(cid) {
284
+ const stored = this.store.byCid.get(cid);
285
+ if (!stored) {
286
+ return err(serviceError(CapabilityKeyRegistryErrorCodes.KEY_NOT_FOUND, `Delegation not found: ${cid}`, SERVICE_NAME));
287
+ }
288
+ // Mark the delegation as revoked
289
+ stored.delegation.isRevoked = true;
290
+ // Update in byKey
291
+ const keyDelegations = this.store.byKey.get(stored.keyId);
292
+ if (keyDelegations) {
293
+ const delegation = keyDelegations.find((d) => d.cid === cid);
294
+ if (delegation) {
295
+ delegation.isRevoked = true;
296
+ }
297
+ }
298
+ // Update in byCapability
299
+ for (const entries of this.store.byCapability.values()) {
300
+ for (const entry of entries) {
301
+ if (entry.delegation.cid === cid) {
302
+ entry.delegation.isRevoked = true;
303
+ }
304
+ }
305
+ }
306
+ return ok(undefined);
307
+ }
308
+ // ===========================================================================
309
+ // Search
310
+ // ===========================================================================
311
+ /**
312
+ * Find capabilities that match a resource path pattern.
313
+ *
314
+ * @param resourcePattern - Resource pattern (supports wildcards)
315
+ * @param action - Optional action filter
316
+ * @returns Matching capability entries
317
+ */
318
+ findCapabilities(resourcePattern, action) {
319
+ const results = [];
320
+ for (const entries of this.store.byCapability.values()) {
321
+ for (const entry of entries) {
322
+ // Check action match if specified
323
+ if (action && entry.action !== action) {
324
+ continue;
325
+ }
326
+ // Check resource pattern match
327
+ if (this.matchesResourcePattern(entry.resource, resourcePattern)) {
328
+ results.push(entry);
329
+ }
330
+ }
331
+ }
332
+ return results;
333
+ }
334
+ // ===========================================================================
335
+ // Private Methods
336
+ // ===========================================================================
337
+ /**
338
+ * Add a delegation to the store.
339
+ *
340
+ * @param key - The key associated with this delegation
341
+ * @param delegation - The delegation to add
342
+ */
343
+ addDelegation(key, delegation) {
344
+ // Add to byKey
345
+ const keyDelegations = this.store.byKey.get(key.id) || [];
346
+ if (!keyDelegations.some((d) => d.cid === delegation.cid)) {
347
+ keyDelegations.push(delegation);
348
+ this.store.byKey.set(key.id, keyDelegations);
349
+ }
350
+ // Add to byCid
351
+ if (!this.store.byCid.has(delegation.cid)) {
352
+ this.store.byCid.set(delegation.cid, {
353
+ delegation,
354
+ parentCid: delegation.parentCid,
355
+ keyId: key.id,
356
+ storedAt: new Date(),
357
+ });
358
+ }
359
+ // Add to byCapability for each action
360
+ for (const action of delegation.actions) {
361
+ const capKey = this.makeCapabilityKey(delegation.path, action);
362
+ const entries = this.store.byCapability.get(capKey) || [];
363
+ // Check if we already have an entry for this exact delegation
364
+ const existingEntry = entries.find((e) => e.delegation.cid === delegation.cid);
365
+ if (existingEntry) {
366
+ // Add this key if not already present
367
+ if (!existingEntry.keys.some((k) => k.id === key.id)) {
368
+ existingEntry.keys.push(key);
369
+ // Re-sort by priority
370
+ existingEntry.keys.sort((a, b) => a.priority - b.priority);
371
+ }
372
+ }
373
+ else {
374
+ // Create new capability entry
375
+ const entry = {
376
+ resource: delegation.path,
377
+ action,
378
+ keys: [key],
379
+ delegation,
380
+ expiresAt: delegation.expiry,
381
+ };
382
+ entries.push(entry);
383
+ this.store.byCapability.set(capKey, entries);
384
+ }
385
+ }
386
+ }
387
+ /**
388
+ * Create a capability key for indexing.
389
+ *
390
+ * @param resource - Resource path
391
+ * @param action - Action
392
+ * @returns Combined key string
393
+ */
394
+ makeCapabilityKey(resource, action) {
395
+ return `${resource}|${action}`;
396
+ }
397
+ /**
398
+ * Find capability entries that match a resource and action.
399
+ *
400
+ * @param resource - Resource to match
401
+ * @param action - Action to match
402
+ * @returns Matching entries
403
+ */
404
+ findMatchingEntries(resource, action) {
405
+ const results = [];
406
+ // Exact match
407
+ const exactKey = this.makeCapabilityKey(resource, action);
408
+ const exactEntries = this.store.byCapability.get(exactKey);
409
+ if (exactEntries) {
410
+ results.push(...exactEntries);
411
+ }
412
+ // Wildcard matches - check all entries for patterns that match this resource
413
+ for (const [capKey, entries] of this.store.byCapability) {
414
+ if (capKey === exactKey)
415
+ continue; // Already handled
416
+ for (const entry of entries) {
417
+ // Check if the entry's action matches
418
+ if (!this.actionMatches(entry.action, action)) {
419
+ continue;
420
+ }
421
+ // Check if the entry's resource pattern matches the requested resource
422
+ if (this.resourceMatchesPattern(resource, entry.resource)) {
423
+ if (!results.some((r) => r.delegation.cid === entry.delegation.cid)) {
424
+ results.push(entry);
425
+ }
426
+ }
427
+ }
428
+ }
429
+ return results;
430
+ }
431
+ /**
432
+ * Check if an action pattern matches a specific action.
433
+ *
434
+ * @param pattern - Action pattern (may include wildcard like "tinycloud.kv/*")
435
+ * @param action - Specific action to check
436
+ * @returns true if pattern matches action
437
+ */
438
+ actionMatches(pattern, action) {
439
+ // Exact match
440
+ if (pattern === action) {
441
+ return true;
442
+ }
443
+ // Wildcard match (e.g., "tinycloud.kv/*" matches "tinycloud.kv/get")
444
+ if (pattern.endsWith("/*")) {
445
+ const prefix = pattern.slice(0, -2);
446
+ return action.startsWith(prefix + "/") || action === prefix;
447
+ }
448
+ return false;
449
+ }
450
+ /**
451
+ * Check if a resource matches a pattern.
452
+ *
453
+ * Patterns support:
454
+ * - Exact match: "/kv/data" matches "/kv/data"
455
+ * - Wildcard suffix: "/kv/*" matches "/kv/anything"
456
+ * - Double wildcard: "/kv/**" matches "/kv/any/nested/path"
457
+ *
458
+ * @param resource - The specific resource being accessed
459
+ * @param pattern - The pattern from the delegation
460
+ * @returns true if resource matches pattern
461
+ */
462
+ resourceMatchesPattern(resource, pattern) {
463
+ // Exact match
464
+ if (pattern === resource) {
465
+ return true;
466
+ }
467
+ // Double wildcard (**) - matches any nested path
468
+ if (pattern.endsWith("/**")) {
469
+ const prefix = pattern.slice(0, -3);
470
+ return resource.startsWith(prefix);
471
+ }
472
+ // Single wildcard (*) - matches one path segment
473
+ if (pattern.endsWith("/*")) {
474
+ const prefix = pattern.slice(0, -2);
475
+ if (!resource.startsWith(prefix)) {
476
+ return false;
477
+ }
478
+ const remainder = resource.slice(prefix.length);
479
+ // Should be a single segment (no more slashes except possibly trailing)
480
+ return !remainder.includes("/") || remainder === "/";
481
+ }
482
+ // Prefix match for paths ending with /
483
+ if (pattern.endsWith("/") && resource.startsWith(pattern)) {
484
+ return true;
485
+ }
486
+ return false;
487
+ }
488
+ /**
489
+ * Check if a specific resource matches a resource pattern for searching.
490
+ *
491
+ * @param entryResource - The resource from a capability entry
492
+ * @param searchPattern - The pattern to search for
493
+ * @returns true if entry resource matches search pattern
494
+ */
495
+ matchesResourcePattern(entryResource, searchPattern) {
496
+ // Use the same logic as resourceMatchesPattern
497
+ return this.resourceMatchesPattern(entryResource, searchPattern) ||
498
+ this.resourceMatchesPattern(searchPattern, entryResource);
499
+ }
500
+ }
501
+ /**
502
+ * Create a new CapabilityKeyRegistry instance.
503
+ *
504
+ * @returns A new registry instance
505
+ */
506
+ export function createCapabilityKeyRegistry() {
507
+ return new CapabilityKeyRegistry();
508
+ }
509
+ //# sourceMappingURL=CapabilityKeyRegistry.js.map
package/dist/authorization/CapabilityKeyRegistry.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"CapabilityKeyRegistry.js","sourceRoot":"","sources":["../../src/authorization/CapabilityKeyRegistry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAQhE,gFAAgF;AAChF,eAAe;AACf,gFAAgF;AAEhF,MAAM,YAAY,GAAG,yBAAyB,CAAC;AAE/C,gFAAgF;AAChF,cAAc;AACd,gFAAgF;AAEhF;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG;IAC7C,gCAAgC;IAChC,aAAa,EAAE,eAAe;IAC9B,oDAAoD;IACpD,cAAc,EAAE,gBAAgB;IAChC,6BAA6B;IAC7B,kBAAkB,EAAE,oBAAoB;IACxC,kCAAkC;IAClC,kBAAkB,EAAE,oBAAoB;IACxC,8BAA8B;IAC9B,kBAAkB,EAAE,oBAAoB;IACxC,6BAA6B;IAC7B,UAAU,EAAE,YAAY;CAChB,CAAC;AAwJX,gFAAgF;AAChF,iBAAiB;AACjB,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,OAAO,qBAAqB;IAAlC;QACE;;WAEG;QACK,SAAI,GAAyB,IAAI,GAAG,EAAE,CAAC;QAE/C;;WAEG;QACK,UAAK,GAAoB;YAC/B,KAAK,EAAE,IAAI,GAAG,EAAE;YAChB,KAAK,EAAE,IAAI,GAAG,EAAE;YAChB,YAAY,EAAE,IAAI,GAAG,EAAE;SACxB,CAAC;IA8fJ,CAAC;IA5fC,8EAA8E;IAC9E,iBAAiB;IACjB,8EAA8E;IAE9E;;;;;OAKG;IACH,WAAW,CAAC,GAAY,EAAE,WAAyB;QACjD,gBAAgB;QAChB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAE3B,6CAA6C;QAC7C,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YAClC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACnC,CAAC;QAED,0BAA0B;QAC1B,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,SAAS,CAAC,KAAa;QACrB,+BAA+B;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAEtD,oBAAoB;QACpB,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAC1C,CAAC;QAED,2BAA2B;QAC3B,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;YACxD,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAC7B,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAC5D,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACzC,CAAC;iBAAM,CAAC;gBACN,uDAAuD;gBACvD,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;oBAC7B,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC;gBACjE,CAAC;gBACD,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;YACjF,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE/B,wBAAwB;QACxB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;IAED,8EAA8E;IAC9E,oBAAoB;IACpB,8EAA8E;IAE9E;;;;;;;;;;;;OAYG;IACH,mBAAmB,CAAC,QAAgB,EAAE,MAAc;QAClD,6BAA6B;QAC7B,MAAM,eAAe,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAEnE,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,+CAA+C;QAC/C,MAAM,SAAS,GAAc,EAAE,CAAC;QAEhC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;YACpC,mCAAmC;YACnC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9C,SAAS;YACX,CAAC;YAED,2BAA2B;YAC3B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBAC7B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBACrD,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtB,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,qCAAqC;QACrC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAU,EAAE,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAEpE,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAED;;;;OAIG;IACH,kBAAkB;QAChB,MAAM,GAAG,GAAsB,EAAE,CAAC;QAClC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YACvD,GAAG,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QACvB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,8EAA8E;IAC9E,sBAAsB;IACtB,8EAA8E;IAE9E;;;;;OAKG;IACH,oBAAoB,CAAC,KAAa;QAChC,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAC3C,CAAC;IAED,8EAA8E;IAC9E,YAAY;IACZ,8EAA8E;IAE9E;;;;;;OAMG;IACH,SAAS,CACP,GAAY,EACZ,UAAsB,EACtB,OAAuB;QAEvB,uCAAuC;QACvC,MAAM,UAAU,GAAY,OAAO,EAAE,QAAQ,KAAK,SAAS;YACzD,CAAC,CAAC,EAAE,GAAG,GAAG,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE;YACxC,CAAC,CAAC,GAAG,CAAC;QAER,gBAAgB;QAChB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;QAEzC,gCAAgC;QAChC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IAC7C,CAAC;IAED,8EAA8E;IAC9E,aAAa;IACb,8EAA8E;IAE9E;;;;;OAKG;IACH,iBAAiB,CAAC,UAAsB;QACtC,mBAAmB;QACnB,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;YACzB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,eAAe;QACf,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACjD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8EAA8E;IAC9E,aAAa;IACb,8EAA8E;IAE9E;;;;;OAKG;IACH,MAAM,CAAC,KAAa;QAClB,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED;;;;OAIG;IACH,UAAU;QACR,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,8EAA8E;IAC9E,QAAQ;IACR,8EAA8E;IAE9E;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAClB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;IAClC,CAAC;IAED,8EAA8E;IAC9E,aAAa;IACb,8EAA8E;IAE9E;;;;;OAKG;IACH,gBAAgB,CAAC,GAAW;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,GAAG,CACR,YAAY,CACV,+BAA+B,CAAC,aAAa,EAC7C,yBAAyB,GAAG,EAAE,EAC9B,YAAY,CACb,CACF,CAAC;QACJ,CAAC;QAED,iCAAiC;QACjC,MAAM,CAAC,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC;QAEnC,kBAAkB;QAClB,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,UAAU,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;YAC7D,IAAI,UAAU,EAAE,CAAC;gBACf,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YACvD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;oBACjC,KAAK,CAAC,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC;IACvB,CAAC;IAED,8EAA8E;IAC9E,SAAS;IACT,8EAA8E;IAE9E;;;;;;OAMG;IACH,gBAAgB,CACd,eAAuB,EACvB,MAAe;QAEf,MAAM,OAAO,GAAsB,EAAE,CAAC;QAEtC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YACvD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,kCAAkC;gBAClC,IAAI,MAAM,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBACtC,SAAS;gBACX,CAAC;gBAED,+BAA+B;gBAC/B,IAAI,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;oBACjE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACtB,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAE9E;;;;;OAKG;IACK,aAAa,CAAC,GAAY,EAAE,UAAsB;QACxD,eAAe;QACf,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;QAC1D,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1D,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;QAC/C,CAAC;QAED,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE;gBACnC,UAAU;gBACV,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,KAAK,EAAE,GAAG,CAAC,EAAE;gBACb,QAAQ,EAAE,IAAI,IAAI,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;QAED,sCAAsC;QACtC,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAE1D,8DAA8D;YAC9D,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,KAAK,UAAU,CAAC,GAAG,CAAC,CAAC;YAE/E,IAAI,aAAa,EAAE,CAAC;gBAClB,sCAAsC;gBACtC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBAC9D,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAC7B,sBAAsB;oBACtB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAU,EAAE,CAAU,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAC/E,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,8BAA8B;gBAC9B,MAAM,KAAK,GAAoB;oBAC7B,QAAQ,EAAE,UAAU,CAAC,IAAI;oBACzB,MAAM;oBACN,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,UAAU;oBACV,SAAS,EAAE,UAAU,CAAC,MAAM;iBAC7B,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,iBAAiB,CAAC,QAAgB,EAAE,MAAc;QACxD,OAAO,GAAG,QAAQ,IAAI,MAAM,EAAE,CAAC;IACjC,CAAC;IAED;;;;;;OAMG;IACK,mBAAmB,CACzB,QAAgB,EAChB,MAAc;QAEd,MAAM,OAAO,GAAsB,EAAE,CAAC;QAEtC,cAAc;QACd,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3D,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QAChC,CAAC;QAED,6EAA6E;QAC7E,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;YACxD,IAAI,MAAM,KAAK,QAAQ;gBAAE,SAAS,CAAC,kBAAkB;YAErD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,sCAAsC;gBACtC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBAED,uEAAuE;gBACvE,IAAI,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC1D,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,KAAK,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;wBACpE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBACtB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;OAMG;IACK,aAAa,CAAC,OAAe,EAAE,MAAc;QACnD,cAAc;QACd,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,qEAAqE;QACrE,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACpC,OAAO,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,MAAM,KAAK,MAAM,CAAC;QAC9D,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;;;;;OAWG;IACK,sBAAsB,CAAC,QAAgB,EAAE,OAAe;QAC9D,cAAc;QACd,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,iDAAiD;QACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACpC,OAAO,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC;QAED,iDAAiD;QACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACpC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAChD,wEAAwE;YACxE,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,SAAS,KAAK,GAAG,CAAC;QACvD,CAAC;QAED,uCAAuC;QACvC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;OAMG;IACK,sBAAsB,CAC5B,aAAqB,EACrB,aAAqB;QAErB,+CAA+C;QAC/C,OAAO,IAAI,CAAC,sBAAsB,CAAC,aAAa,EAAE,aAAa,CAAC;YACzD,IAAI,CAAC,sBAAsB,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;IACnE,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,UAAU,2BAA2B;IACzC,OAAO,IAAI,qBAAqB,EAAE,CAAC;AACrC,CAAC"}