@tinyrack/tinyauth-server 0.0.7

package/dist/lib/config/logging.d.ts

@@ -0,0 +1,52 @@
+import z from 'zod';
+/**
+ * Log level schema.
+ * Maps to pino log levels.
+ */
+export declare const LogLevelSchema: z.ZodEnum<{
+    error: "error";
+    trace: "trace";
+    debug: "debug";
+    info: "info";
+    warn: "warn";
+    fatal: "fatal";
+    silent: "silent";
+}>;
+export type LogLevel = z.infer<typeof LogLevelSchema>;
+/**
+ * Log format schema.
+ * - 'json': Structured JSON output (default)
+ * - 'pretty': Human-readable pretty-printed output
+ */
+export declare const LogFormatSchema: z.ZodEnum<{
+    json: "json";
+    pretty: "pretty";
+}>;
+export type LogFormat = z.infer<typeof LogFormatSchema>;
+export declare const LOGGING_CONFIG_DEFAULT: {
+    level: LogLevel;
+    format: LogFormat;
+};
+/**
+ * Logging configuration schema.
+ *
+ * Controls the log level and output format.
+ * Configured via config file only (no environment variable override).
+ */
+export declare const LoggingConfigSchema: z.ZodDefault<z.ZodObject<{
+    level: z.ZodDefault<z.ZodEnum<{
+        error: "error";
+        trace: "trace";
+        debug: "debug";
+        info: "info";
+        warn: "warn";
+        fatal: "fatal";
+        silent: "silent";
+    }>>;
+    format: z.ZodDefault<z.ZodEnum<{
+        json: "json";
+        pretty: "pretty";
+    }>>;
+}, z.z.core.$strict>>;
+export type LoggingConfig = z.infer<typeof LoggingConfigSchema>;
+//# sourceMappingURL=logging.d.ts.map

package/dist/lib/config/logging.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logging.d.ts","sourceRoot":"","sources":["../../../src/lib/config/logging.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAEpB;;;GAGG;AACH,eAAO,MAAM,cAAc;;;;;;;;EAQzB,CAAC;AAEH,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAEtD;;;;GAIG;AACH,eAAO,MAAM,eAAe;;;EAA6B,CAAC;AAE1D,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAExD,eAAO,MAAM,sBAAsB,EAAE;IACnC,KAAK,EAAE,QAAQ,CAAC;IAChB,MAAM,EAAE,SAAS,CAAC;CAInB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;qBAaI,CAAC;AAErC,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC"}

package/dist/lib/config/logging.js

@@ -0,0 +1,41 @@
+import z from 'zod';
+/**
+ * Log level schema.
+ * Maps to pino log levels.
+ */
+export const LogLevelSchema = z.enum([
+    'trace',
+    'debug',
+    'info',
+    'warn',
+    'error',
+    'fatal',
+    'silent',
+]);
+/**
+ * Log format schema.
+ * - 'json': Structured JSON output (default)
+ * - 'pretty': Human-readable pretty-printed output
+ */
+export const LogFormatSchema = z.enum(['json', 'pretty']);
+export const LOGGING_CONFIG_DEFAULT = {
+    level: 'info',
+    format: 'json',
+};
+/**
+ * Logging configuration schema.
+ *
+ * Controls the log level and output format.
+ * Configured via config file only (no environment variable override).
+ */
+export const LoggingConfigSchema = z
+    .object({
+    level: LogLevelSchema.default(LOGGING_CONFIG_DEFAULT.level).describe('Log level.'),
+    format: LogFormatSchema.default(LOGGING_CONFIG_DEFAULT.format).describe('Log output format. ' +
+        '"json" outputs structured JSON (default). ' +
+        '"pretty" outputs human-readable format.'),
+})
+    .strict()
+    .default(LOGGING_CONFIG_DEFAULT)
+    .describe('Logging configuration');
+//# sourceMappingURL=logging.js.map

package/dist/lib/config/logging.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logging.js","sourceRoot":"","sources":["../../../src/lib/config/logging.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAEpB;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,IAAI,CAAC;IACnC,OAAO;IACP,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;CACT,CAAC,CAAC;AAIH;;;;GAIG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;AAI1D,MAAM,CAAC,MAAM,sBAAsB,GAG/B;IACF,KAAK,EAAE,MAAM;IACb,MAAM,EAAE,MAAM;CACf,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,KAAK,EAAE,cAAc,CAAC,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,QAAQ,CAClE,YAAY,CACb;IACD,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,QAAQ,CACrE,qBAAqB;QACnB,4CAA4C;QAC5C,yCAAyC,CAC5C;CACF,CAAC;KACD,MAAM,EAAE;KACR,OAAO,CAAC,sBAAsB,CAAC;KAC/B,QAAQ,CAAC,uBAAuB,CAAC,CAAC"}

package/dist/lib/config/openapi.d.ts

@@ -0,0 +1,15 @@
+import z from 'zod';
+export declare const OPENAPI_CONFIG_DEFAULT: {
+    readonly enabled: true;
+    readonly title: "TinyAuth API";
+    readonly description: "OpenID Connect Provider API";
+    readonly ui_title: "TinyAuth API Reference";
+};
+export declare const OpenApiConfigSchema: z.ZodDefault<z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+    title: z.ZodDefault<z.ZodString>;
+    description: z.ZodDefault<z.ZodString>;
+    ui_title: z.ZodDefault<z.ZodString>;
+}, z.z.core.$strict>>;
+export type OpenApiConfig = z.infer<typeof OpenApiConfigSchema>;
+//# sourceMappingURL=openapi.d.ts.map

package/dist/lib/config/openapi.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openapi.d.ts","sourceRoot":"","sources":["../../../src/lib/config/openapi.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAGpB,eAAO,MAAM,sBAAsB;;;;;CAKzB,CAAC;AAEX,eAAO,MAAM,mBAAmB;;;;;qBAoBkB,CAAC;AAEnD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC"}

package/dist/lib/config/openapi.js

@@ -0,0 +1,28 @@
+import z from 'zod';
+import { zz } from "../../schemas/provider.js";
+export const OPENAPI_CONFIG_DEFAULT = {
+    enabled: true,
+    title: 'TinyAuth API',
+    description: 'OpenID Connect Provider API',
+    ui_title: 'TinyAuth API Reference',
+};
+export const OpenApiConfigSchema = z
+    .object({
+    enabled: zz.COERCE_BOOLEAN.default(OPENAPI_CONFIG_DEFAULT.enabled).describe('Whether live OpenAPI JSON and Scalar UI routes are exposed.'),
+    title: z
+        .string()
+        .default(OPENAPI_CONFIG_DEFAULT.title)
+        .describe('OpenAPI document title.'),
+    description: z
+        .string()
+        .default(OPENAPI_CONFIG_DEFAULT.description)
+        .describe('OpenAPI document description.'),
+    ui_title: z
+        .string()
+        .default(OPENAPI_CONFIG_DEFAULT.ui_title)
+        .describe('Browser page title for the Scalar API reference UI.'),
+})
+    .strict()
+    .default(OPENAPI_CONFIG_DEFAULT)
+    .describe('OpenAPI and API reference settings.');
+//# sourceMappingURL=openapi.js.map

package/dist/lib/config/openapi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openapi.js","sourceRoot":"","sources":["../../../src/lib/config/openapi.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,EAAE,EAAE,MAAM,2BAA2B,CAAC;AAE/C,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,OAAO,EAAE,IAAI;IACb,KAAK,EAAE,cAAc;IACrB,WAAW,EAAE,6BAA6B;IAC1C,QAAQ,EAAE,wBAAwB;CAC1B,CAAC;AAEX,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,OAAO,EAAE,EAAE,CAAC,cAAc,CAAC,OAAO,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,QAAQ,CACzE,6DAA6D,CAC9D;IACD,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC;SACrC,QAAQ,CAAC,yBAAyB,CAAC;IACtC,WAAW,EAAE,CAAC;SACX,MAAM,EAAE;SACR,OAAO,CAAC,sBAAsB,CAAC,WAAW,CAAC;SAC3C,QAAQ,CAAC,+BAA+B,CAAC;IAC5C,QAAQ,EAAE,CAAC;SACR,MAAM,EAAE;SACR,OAAO,CAAC,sBAAsB,CAAC,QAAQ,CAAC;SACxC,QAAQ,CAAC,qDAAqD,CAAC;CACnE,CAAC;KACD,MAAM,EAAE;KACR,OAAO,CAAC,sBAAsB,CAAC;KAC/B,QAAQ,CAAC,qCAAqC,CAAC,CAAC"}

package/dist/lib/config/registration.d.ts

@@ -0,0 +1,15 @@
+import z from 'zod';
+export declare const REGISTRATION_CONFIG_DEFAULT: {
+    readonly enabled: false;
+    readonly allowed_email_patterns: string[];
+    readonly email_verification_required: true;
+    readonly signup_notice: Record<string, string>;
+};
+export declare const RegistrationConfigSchema: z.ZodDefault<z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+    allowed_email_patterns: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    email_verification_required: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+    signup_notice: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodString>>;
+}, z.z.core.$strict>>;
+export type RegistrationConfig = z.infer<typeof RegistrationConfigSchema>;
+//# sourceMappingURL=registration.d.ts.map

package/dist/lib/config/registration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registration.d.ts","sourceRoot":"","sources":["../../../src/lib/config/registration.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAGpB,eAAO,MAAM,2BAA2B;;qCAER,MAAM,EAAE;;4BAEjB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;CACnC,CAAC;AAEX,eAAO,MAAM,wBAAwB;;;;;qBAwBE,CAAC;AAExC,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC"}

package/dist/lib/config/registration.js

@@ -0,0 +1,24 @@
+import z from 'zod';
+import { zz } from "../../schemas/provider.js";
+export const REGISTRATION_CONFIG_DEFAULT = {
+    enabled: false,
+    allowed_email_patterns: [],
+    email_verification_required: true,
+    signup_notice: {},
+};
+export const RegistrationConfigSchema = z
+    .object({
+    enabled: zz.COERCE_BOOLEAN.default(REGISTRATION_CONFIG_DEFAULT.enabled).describe('Whether self-registration is enabled.'),
+    allowed_email_patterns: z
+        .array(z.string())
+        .default(REGISTRATION_CONFIG_DEFAULT.allowed_email_patterns)
+        .describe('Optional email filters for signup. When enabled is true and this list is empty, signup is unrestricted.'),
+    email_verification_required: zz.COERCE_BOOLEAN.default(REGISTRATION_CONFIG_DEFAULT.email_verification_required).describe('Whether newly registered password users must verify email before full access.'),
+    signup_notice: z
+        .record(z.string(), z.string())
+        .default(REGISTRATION_CONFIG_DEFAULT.signup_notice)
+        .describe('Localized notice text for implicit consent terms during signup.'),
+})
+    .strict()
+    .default(REGISTRATION_CONFIG_DEFAULT);
+//# sourceMappingURL=registration.js.map

package/dist/lib/config/registration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registration.js","sourceRoot":"","sources":["../../../src/lib/config/registration.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,EAAE,EAAE,MAAM,2BAA2B,CAAC;AAE/C,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,OAAO,EAAE,KAAK;IACd,sBAAsB,EAAE,EAAc;IACtC,2BAA2B,EAAE,IAAI;IACjC,aAAa,EAAE,EAA4B;CACnC,CAAC;AAEX,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC;KACtC,MAAM,CAAC;IACN,OAAO,EAAE,EAAE,CAAC,cAAc,CAAC,OAAO,CAChC,2BAA2B,CAAC,OAAO,CACpC,CAAC,QAAQ,CAAC,uCAAuC,CAAC;IACnD,sBAAsB,EAAE,CAAC;SACtB,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SACjB,OAAO,CAAC,2BAA2B,CAAC,sBAAsB,CAAC;SAC3D,QAAQ,CACP,yGAAyG,CAC1G;IACH,2BAA2B,EAAE,EAAE,CAAC,cAAc,CAAC,OAAO,CACpD,2BAA2B,CAAC,2BAA2B,CACxD,CAAC,QAAQ,CACR,+EAA+E,CAChF;IACD,aAAa,EAAE,CAAC;SACb,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;SAC9B,OAAO,CAAC,2BAA2B,CAAC,aAAa,CAAC;SAClD,QAAQ,CACP,iEAAiE,CAClE;CACJ,CAAC;KACD,MAAM,EAAE;KACR,OAAO,CAAC,2BAA2B,CAAC,CAAC"}

package/dist/lib/config/resolved.d.ts

@@ -0,0 +1,274 @@
+import z from 'zod';
+export declare const TinyAuthRuntimeConfigSchema: z.ZodObject<{
+    server: z.ZodDefault<z.ZodObject<{
+        public_origin: z.ZodDefault<z.ZodURL>;
+        listen_port: z.ZodDefault<z.ZodPipe<z.ZodUnion<[z.ZodString, z.ZodNumber]>, z.ZodTransform<number, string | number>>>;
+        trust_proxy: z.ZodPipe<z.ZodDefault<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString, z.ZodArray<z.ZodString>, z.ZodNumber]>>, z.ZodTransform<string | number | boolean | string[], string | number | boolean | string[]>>;
+    }, z.z.core.$strict>>;
+    tokens: z.ZodDefault<z.ZodObject<{
+        access_token_ttl: z.ZodDefault<z.ZodPipe<z.ZodPipe<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>, z.ZodTransform<number, string | number>>, z.ZodNumber>>;
+        refresh_token_ttl: z.ZodDefault<z.ZodPipe<z.ZodPipe<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>, z.ZodTransform<number, string | number>>, z.ZodNumber>>;
+        key_rotation: z.ZodDefault<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+            interval_days: z.ZodDefault<z.ZodPipe<z.ZodPipe<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>, z.ZodTransform<number, string | number>>, z.ZodNumber>>;
+            overlap_days: z.ZodDefault<z.ZodPipe<z.ZodPipe<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>, z.ZodTransform<number, string | number>>, z.ZodNumber>>;
+        }, z.z.core.$strict>>;
+    }, z.z.core.$strict>>;
+    i18n: z.ZodDefault<z.ZodObject<{
+        supported_languages: z.ZodDefault<z.ZodArray<z.ZodEnum<{
+            en: "en";
+            ko: "ko";
+            ja: "ja";
+        }>>>;
+        default_language: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"auto">, z.ZodEnum<{
+            en: "en";
+            ko: "ko";
+            ja: "ja";
+        }>]>>;
+        fallback_language: z.ZodDefault<z.ZodEnum<{
+            en: "en";
+            ko: "ko";
+            ja: "ja";
+        }>>;
+    }, z.z.core.$strict>>;
+    branding: z.ZodDefault<z.ZodObject<{
+        light_theme: z.ZodDefault<z.ZodEnum<{
+            light: "light";
+            dark: "dark";
+            cupcake: "cupcake";
+            bumblebee: "bumblebee";
+            emerald: "emerald";
+            corporate: "corporate";
+            synthwave: "synthwave";
+            retro: "retro";
+            cyberpunk: "cyberpunk";
+            valentine: "valentine";
+            halloween: "halloween";
+            garden: "garden";
+            forest: "forest";
+            aqua: "aqua";
+            lofi: "lofi";
+            pastel: "pastel";
+            fantasy: "fantasy";
+            wireframe: "wireframe";
+            black: "black";
+            luxury: "luxury";
+            dracula: "dracula";
+            cmyk: "cmyk";
+            autumn: "autumn";
+            business: "business";
+            acid: "acid";
+            lemonade: "lemonade";
+            night: "night";
+            coffee: "coffee";
+            winter: "winter";
+            dim: "dim";
+            nord: "nord";
+            sunset: "sunset";
+            caramellatte: "caramellatte";
+            abyss: "abyss";
+            silk: "silk";
+        }>>;
+        dark_theme: z.ZodDefault<z.ZodEnum<{
+            light: "light";
+            dark: "dark";
+            cupcake: "cupcake";
+            bumblebee: "bumblebee";
+            emerald: "emerald";
+            corporate: "corporate";
+            synthwave: "synthwave";
+            retro: "retro";
+            cyberpunk: "cyberpunk";
+            valentine: "valentine";
+            halloween: "halloween";
+            garden: "garden";
+            forest: "forest";
+            aqua: "aqua";
+            lofi: "lofi";
+            pastel: "pastel";
+            fantasy: "fantasy";
+            wireframe: "wireframe";
+            black: "black";
+            luxury: "luxury";
+            dracula: "dracula";
+            cmyk: "cmyk";
+            autumn: "autumn";
+            business: "business";
+            acid: "acid";
+            lemonade: "lemonade";
+            night: "night";
+            coffee: "coffee";
+            winter: "winter";
+            dim: "dim";
+            nord: "nord";
+            sunset: "sunset";
+            caramellatte: "caramellatte";
+            abyss: "abyss";
+            silk: "silk";
+        }>>;
+        theme_mode: z.ZodDefault<z.ZodEnum<{
+            light: "light";
+            dark: "dark";
+            system: "system";
+        }>>;
+        background_url: z.ZodDefault<z.ZodURL>;
+        icon_url: z.ZodOptional<z.ZodURL>;
+        title: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodString>>;
+        subtitle: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodString>>;
+    }, z.z.core.$strict>>;
+    registration: z.ZodDefault<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+        allowed_email_patterns: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        email_verification_required: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+        signup_notice: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodString>>;
+    }, z.z.core.$strict>>;
+    account_deletion: z.ZodDefault<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+        retention: z.ZodDefault<z.ZodString>;
+    }, z.z.core.$strict>>;
+    logging: z.ZodDefault<z.ZodObject<{
+        level: z.ZodDefault<z.ZodEnum<{
+            error: "error";
+            trace: "trace";
+            debug: "debug";
+            info: "info";
+            warn: "warn";
+            fatal: "fatal";
+            silent: "silent";
+        }>>;
+        format: z.ZodDefault<z.ZodEnum<{
+            json: "json";
+            pretty: "pretty";
+        }>>;
+    }, z.z.core.$strict>>;
+    openapi: z.ZodDefault<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+        title: z.ZodDefault<z.ZodString>;
+        description: z.ZodDefault<z.ZodString>;
+        ui_title: z.ZodDefault<z.ZodString>;
+    }, z.z.core.$strict>>;
+    auth: z.ZodDefault<z.ZodObject<{
+        password: z.ZodDefault<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+            two_factor: z.ZodDefault<z.ZodObject<{
+                enrollment_required: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+            }, z.z.core.$strict>>;
+            totp: z.ZodDefault<z.ZodObject<{
+                enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+                issuer: z.ZodDefault<z.ZodString>;
+            }, z.z.core.$strict>>;
+            policy: z.ZodDefault<z.ZodObject<{
+                min_length: z.ZodDefault<z.z.ZodCoercedNumber<unknown>>;
+                max_length: z.ZodDefault<z.z.ZodCoercedNumber<unknown>>;
+            }, z.z.core.$strip>>;
+        }, z.z.core.$strict>>;
+        passkey: z.ZodDefault<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>;
+            rp_id: z.ZodOptional<z.ZodString>;
+            origins: z.ZodOptional<z.ZodArray<z.ZodURL>>;
+        }, z.z.core.$strict>>;
+    }, z.z.core.$strict>>;
+    security: z.ZodObject<{
+        session_secret: z.ZodString;
+        hash_secret: z.ZodString;
+        pbkdf2_iterations: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>, z.ZodPipe<z.ZodPipe<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>, z.ZodTransform<number, string | number>>, z.ZodNumber>>>;
+    }, z.z.core.$strict>;
+    cleanup: z.ZodDefault<z.ZodObject<{
+        revoked_tokens: z.ZodDefault<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>>;
+            retention: z.ZodDefault<z.ZodString>;
+        }, z.z.core.$strip>>;
+        oauth_codes: z.ZodDefault<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>>;
+            consumed_retention: z.ZodDefault<z.ZodString>;
+        }, z.z.core.$strip>>;
+        email_verifications: z.ZodDefault<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>>;
+            retention: z.ZodDefault<z.ZodString>;
+        }, z.z.core.$strip>>;
+        password_resets: z.ZodDefault<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>>;
+            retention: z.ZodDefault<z.ZodString>;
+        }, z.z.core.$strip>>;
+        pending_oauth_registrations: z.ZodDefault<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>>;
+            retention: z.ZodDefault<z.ZodString>;
+        }, z.z.core.$strip>>;
+    }, z.z.core.$strict>>;
+    scheduler: z.ZodOptional<z.ZodCustom<import("./scheduler.ts").SchedulerConfig, import("./scheduler.ts").SchedulerConfig>>;
+    terms: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        required: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>>>;
+        consent_mode: z.ZodDefault<z.ZodEnum<{
+            explicit: "explicit";
+            implicit: "implicit";
+        }>>;
+        version: z.ZodString;
+        content: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
+            title: z.ZodString;
+            type: z.ZodLiteral<"link">;
+            content: z.ZodURL;
+        }, z.z.core.$strict>, z.ZodObject<{
+            title: z.ZodString;
+            type: z.ZodLiteral<"text">;
+            content: z.ZodString;
+        }, z.z.core.$strict>]>>>;
+    }, z.z.core.$strict>>>;
+    clients: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        name: z.ZodString;
+        logo_uri: z.ZodOptional<z.ZodString>;
+        client_id: z.ZodString;
+        client_secret: z.ZodOptional<z.ZodString>;
+        redirect_uris: z.ZodArray<z.ZodString>;
+        response_types: z.ZodArray<z.ZodString>;
+        grant_types: z.ZodArray<z.ZodString>;
+        scope: z.ZodString;
+    }, z.z.core.$strict>>>;
+    users: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        sub: z.ZodString;
+        email: z.ZodString;
+        password: z.ZodString;
+        role: z.ZodEnum<{
+            user: "user";
+            admin: "admin";
+        }>;
+    }, z.z.core.$strict>>>;
+    database: z.ZodCustom<import("./database.ts").DatabaseConfig, import("./database.ts").DatabaseConfig>;
+    frontend: z.ZodOptional<z.ZodCustom<import("./frontend.ts").FrontendConfig, import("./frontend.ts").FrontendConfig>>;
+    email: z.ZodOptional<z.ZodCustom<import("./email.ts").EmailConfig, import("./email.ts").EmailConfig>>;
+    identity_providers: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodEnum<{
+            github: "github";
+            google: "google";
+            apple: "apple";
+            generic_oauth: "generic_oauth";
+        }>;
+        enabled: z.ZodBoolean;
+        display_name: z.ZodString;
+        icon_url: z.ZodOptional<z.ZodString>;
+        client_id: z.ZodString;
+        client_secret: z.ZodString;
+        authorization_url: z.ZodString;
+        token_url: z.ZodString;
+        userinfo_url: z.ZodNullable<z.ZodString>;
+        email_url: z.ZodOptional<z.ZodString>;
+        scopes: z.ZodArray<z.ZodString>;
+        response_mode: z.ZodOptional<z.ZodString>;
+        email_conflict_strategy: z.ZodEnum<{
+            auto_link: "auto_link";
+            require_link: "require_link";
+        }>;
+        userinfo_mapping: z.ZodObject<{
+            id: z.ZodString;
+            email: z.ZodString;
+            email_verified: z.ZodOptional<z.ZodString>;
+            name: z.ZodOptional<z.ZodString>;
+            picture: z.ZodOptional<z.ZodString>;
+        }, z.z.core.$strict>;
+    }, z.z.core.$strict>>>;
+}, z.z.core.$strict>;
+export type TinyAuthRuntimeConfigInput = z.input<typeof TinyAuthRuntimeConfigSchema>;
+export type TinyAuthRuntimeConfig = z.output<typeof TinyAuthRuntimeConfigSchema>;
+//# sourceMappingURL=resolved.d.ts.map

package/dist/lib/config/resolved.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolved.d.ts","sourceRoot":"","sources":["../../../src/lib/config/resolved.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAqBpB,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBA2CM,CAAC;AAE/C,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAC9C,OAAO,2BAA2B,CACnC,CAAC;AACF,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAC1C,OAAO,2BAA2B,CACnC,CAAC"}

package/dist/lib/config/resolved.js

@@ -0,0 +1,45 @@
+import z from 'zod';
+import { AccountDeletionConfigSchema } from "./account-deletion.js";
+import { AuthConfigSchema } from "./auth.js";
+import { BrandingConfigSchema } from "./branding.js";
+import { CleanupConfigSchema } from "./cleanup.js";
+import { ClientConfigsSchema } from "./client.js";
+import { DatabaseConfigSchema } from "./database.js";
+import { EmailConfigSchema } from "./email.js";
+import { FrontendConfigSchema } from "./frontend.js";
+import { I18nConfigSchema } from "./i18n.js";
+import { IdentityProviderConfigsSchema } from "./identity-providers.js";
+import { LoggingConfigSchema } from "./logging.js";
+import { OpenApiConfigSchema } from "./openapi.js";
+import { RegistrationConfigSchema } from "./registration.js";
+import { SchedulerConfigSchema } from "./scheduler.js";
+import { SecurityConfigSchema } from "./security.js";
+import { ServerConfigSchema } from "./server.js";
+import { TermsConfigSchema } from "./terms.js";
+import { TokensConfigSchema } from "./tokens.js";
+import { UserConfigsSchema } from "./user.js";
+export const TinyAuthRuntimeConfigSchema = z
+    .object({
+    server: ServerConfigSchema.describe('HTTP server settings.'),
+    tokens: TokensConfigSchema.describe('Token issuance and signing key settings.'),
+    i18n: I18nConfigSchema.describe('Internationalization settings.'),
+    branding: BrandingConfigSchema.describe('Branding and visual customization settings.'),
+    registration: RegistrationConfigSchema.describe('User self-registration settings.'),
+    account_deletion: AccountDeletionConfigSchema.describe('Account deletion settings.'),
+    logging: LoggingConfigSchema.describe('Logging settings.'),
+    openapi: OpenApiConfigSchema.describe('OpenAPI and API reference settings.'),
+    auth: AuthConfigSchema.describe('Authentication methods settings.'),
+    security: SecurityConfigSchema.describe('Security and cryptographic settings.'),
+    cleanup: CleanupConfigSchema.describe('Data cleanup settings.'),
+    scheduler: SchedulerConfigSchema.describe('In-process cleanup scheduler adapter.'),
+    terms: TermsConfigSchema.describe('Terms of service settings.'),
+    clients: ClientConfigsSchema.describe('Registered OAuth/OIDC client applications.'),
+    users: UserConfigsSchema.describe('Pre-provisioned user accounts.'),
+    database: DatabaseConfigSchema.describe('Database adapter settings.'),
+    frontend: FrontendConfigSchema.describe('Frontend handler for serving the UI.'),
+    email: EmailConfigSchema.describe('Email transport adapter settings.'),
+    identity_providers: IdentityProviderConfigsSchema.describe('External identity provider settings.'),
+})
+    .strict()
+    .describe('TinyAuth runtime configuration.');
+//# sourceMappingURL=resolved.js.map

package/dist/lib/config/resolved.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolved.js","sourceRoot":"","sources":["../../../src/lib/config/resolved.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,6BAA6B,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAE9C,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC;KACzC,MAAM,CAAC;IACN,MAAM,EAAE,kBAAkB,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IAC5D,MAAM,EAAE,kBAAkB,CAAC,QAAQ,CACjC,0CAA0C,CAC3C;IACD,IAAI,EAAE,gBAAgB,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IACjE,QAAQ,EAAE,oBAAoB,CAAC,QAAQ,CACrC,6CAA6C,CAC9C;IACD,YAAY,EAAE,wBAAwB,CAAC,QAAQ,CAC7C,kCAAkC,CACnC;IACD,gBAAgB,EAAE,2BAA2B,CAAC,QAAQ,CACpD,4BAA4B,CAC7B;IACD,OAAO,EAAE,mBAAmB,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC1D,OAAO,EAAE,mBAAmB,CAAC,QAAQ,CACnC,qCAAqC,CACtC;IACD,IAAI,EAAE,gBAAgB,CAAC,QAAQ,CAAC,kCAAkC,CAAC;IACnE,QAAQ,EAAE,oBAAoB,CAAC,QAAQ,CACrC,sCAAsC,CACvC;IACD,OAAO,EAAE,mBAAmB,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IAC/D,SAAS,EAAE,qBAAqB,CAAC,QAAQ,CACvC,uCAAuC,CACxC;IACD,KAAK,EAAE,iBAAiB,CAAC,QAAQ,CAAC,4BAA4B,CAAC;IAC/D,OAAO,EAAE,mBAAmB,CAAC,QAAQ,CACnC,4CAA4C,CAC7C;IACD,KAAK,EAAE,iBAAiB,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IACnE,QAAQ,EAAE,oBAAoB,CAAC,QAAQ,CAAC,4BAA4B,CAAC;IACrE,QAAQ,EAAE,oBAAoB,CAAC,QAAQ,CACrC,sCAAsC,CACvC;IACD,KAAK,EAAE,iBAAiB,CAAC,QAAQ,CAAC,mCAAmC,CAAC;IACtE,kBAAkB,EAAE,6BAA6B,CAAC,QAAQ,CACxD,sCAAsC,CACvC;CACF,CAAC;KACD,MAAM,EAAE;KACR,QAAQ,CAAC,iCAAiC,CAAC,CAAC"}

package/dist/lib/config/scheduler.d.ts

@@ -0,0 +1,13 @@
+import z from 'zod';
+export interface SchedulerStartOptions {
+    runCleanup: () => Promise<void>;
+}
+export interface SchedulerHandle {
+    stop: () => void | Promise<void>;
+    getNextRunAt?: () => Date | null;
+}
+export interface SchedulerConfig {
+    start: (options: SchedulerStartOptions) => SchedulerHandle | Promise<SchedulerHandle>;
+}
+export declare const SchedulerConfigSchema: z.ZodOptional<z.ZodCustom<SchedulerConfig, SchedulerConfig>>;
+//# sourceMappingURL=scheduler.d.ts.map

package/dist/lib/config/scheduler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scheduler.d.ts","sourceRoot":"","sources":["../../../src/lib/config/scheduler.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAEpB,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,IAAI,GAAG,IAAI,CAAC;CAClC;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,CACL,OAAO,EAAE,qBAAqB,KAC3B,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;CACjD;AAUD,eAAO,MAAM,qBAAqB,8DAKkB,CAAC"}

package/dist/lib/config/scheduler.js

@@ -0,0 +1,14 @@
+import z from 'zod';
+function isSchedulerConfig(value) {
+    if (typeof value !== 'object' || value === null) {
+        return false;
+    }
+    return 'start' in value && typeof value.start === 'function';
+}
+export const SchedulerConfigSchema = z
+    .custom(isSchedulerConfig, {
+    message: 'Invalid SchedulerConfig: must have a start function',
+})
+    .optional()
+    .describe('In-process cleanup scheduler adapter.');
+//# sourceMappingURL=scheduler.js.map

package/dist/lib/config/scheduler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scheduler.js","sourceRoot":"","sources":["../../../src/lib/config/scheduler.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAiBpB,SAAS,iBAAiB,CAAC,KAAc;IACvC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,OAAO,IAAI,KAAK,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,UAAU,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC;KACnC,MAAM,CAAkB,iBAAiB,EAAE;IAC1C,OAAO,EAAE,qDAAqD;CAC/D,CAAC;KACD,QAAQ,EAAE;KACV,QAAQ,CAAC,uCAAuC,CAAC,CAAC"}

package/dist/lib/config/security.d.ts

@@ -0,0 +1,11 @@
+import z from 'zod';
+export declare const SECURITY_CONFIG_DEFAULT: {
+    pbkdf2_iterations: number;
+};
+export declare const SecurityConfigSchema: z.ZodObject<{
+    session_secret: z.ZodString;
+    hash_secret: z.ZodString;
+    pbkdf2_iterations: z.ZodDefault<z.ZodPipe<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>, z.ZodPipe<z.ZodPipe<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>, z.ZodTransform<number, string | number>>, z.ZodNumber>>>;
+}, z.z.core.$strict>;
+export type SecurityConfig = z.infer<typeof SecurityConfigSchema>;
+//# sourceMappingURL=security.d.ts.map

package/dist/lib/config/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../src/lib/config/security.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAIpB,eAAO,MAAM,uBAAuB;;CAEnC,CAAC;AAEF,eAAO,MAAM,oBAAoB;;;;oBAmC4C,CAAC;AAE9E,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC"}

package/dist/lib/config/security.js

@@ -0,0 +1,42 @@
+import z from 'zod';
+import { zz } from "../../schemas/provider.js";
+import { fromBase64Url } from "../base64url.js";
+export const SECURITY_CONFIG_DEFAULT = {
+    pbkdf2_iterations: 600000,
+};
+export const SecurityConfigSchema = z
+    .object({
+    session_secret: z
+        .string()
+        .min(16)
+        .describe('Secret key for signing session cookies. Must be at least 16 characters.'),
+    hash_secret: z
+        .string()
+        .min(1)
+        .describe('Base64url-encoded 32-byte secret used for HMAC hashing.')
+        .superRefine((value, ctx) => {
+        try {
+            const decoded = fromBase64Url(value);
+            if (decoded.length !== 32) {
+                ctx.addIssue({
+                    code: 'custom',
+                    message: 'hash_secret must be a base64url-encoded 32-byte secret',
+                });
+            }
+        }
+        catch {
+            ctx.addIssue({
+                code: 'custom',
+                message: 'hash_secret must be a valid base64url-encoded secret',
+            });
+        }
+    }),
+    pbkdf2_iterations: z
+        .union([z.string(), z.number()])
+        .pipe(zz.coerceInt().pipe(z.number().int().min(1)))
+        .default(SECURITY_CONFIG_DEFAULT.pbkdf2_iterations)
+        .describe('Number of PBKDF2 iterations for password hashing.'),
+})
+    .strict()
+    .describe('Security configuration for secrets and cryptographic settings.');
+//# sourceMappingURL=security.js.map

package/dist/lib/config/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../../../src/lib/config/security.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,EAAE,EAAE,MAAM,2BAA2B,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,iBAAiB,EAAE,MAAM;CAC1B,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC;KAClC,MAAM,CAAC;IACN,cAAc,EAAE,CAAC;SACd,MAAM,EAAE;SACR,GAAG,CAAC,EAAE,CAAC;SACP,QAAQ,CACP,yEAAyE,CAC1E;IACH,WAAW,EAAE,CAAC;SACX,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CAAC,yDAAyD,CAAC;SACnE,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;YACrC,IAAI,OAAO,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBAC1B,GAAG,CAAC,QAAQ,CAAC;oBACX,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,wDAAwD;iBAClE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,sDAAsD;aAChE,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IACJ,iBAAiB,EAAE,CAAC;SACjB,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;SAC/B,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;SAClD,OAAO,CAAC,uBAAuB,CAAC,iBAAiB,CAAC;SAClD,QAAQ,CAAC,mDAAmD,CAAC;CACjE,CAAC;KACD,MAAM,EAAE;KACR,QAAQ,CAAC,gEAAgE,CAAC,CAAC"}