@tinyrack/tinyauth-server 0.0.7

package/dist/schemas/error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../src/schemas/error.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AACnE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,qBAAa,aAAa,CACxB,MAAM,SAAS,oBAAoB,GAAG,oBAAoB,EAC1D,IAAI,SAAS,MAAM,GAAG,MAAM,EAC5B,OAAO,SAAS,MAAM,GAAG,MAAM,CAC/B,SAAQ,KAAK;IACb,SAAgB,MAAM,EAAE,MAAM,CAAC;IAC/B,SAAgB,IAAI,EAAE,IAAI,CAAC;IAC3B,SAAyB,OAAO,EAAE,OAAO,CAAC;gBAEvB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO;IAOxD,MAAM;;;;CAMd;AA6DD,eAAO,MAAM,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqcb,CAAC"}

package/dist/schemas/error.js

@@ -0,0 +1,164 @@
+import { z } from 'zod';
+export class TinyAuthError extends Error {
+    status;
+    code;
+    message;
+    constructor(status, code, message) {
+        super(message);
+        this.status = status;
+        this.code = code;
+        this.message = message;
+    }
+    toJson() {
+        return {
+            code: this.code,
+            message: this.message,
+        };
+    }
+}
+const createError = (status, code, message) => {
+    return {
+        Status: status,
+        Error: class extends TinyAuthError {
+            constructor() {
+                super(status, code, message);
+            }
+        },
+        Schema: z.object({
+            code: z.literal(code).describe('Machine-readable error code'),
+            message: z.literal(message).describe('Human-readable error message'),
+        }),
+    };
+};
+const createErrorWithData = (status, code, message, dataSchema) => {
+    return {
+        Status: status,
+        Error: class extends TinyAuthError {
+            data;
+            constructor(data) {
+                super(status, code, message);
+                this.data = data;
+            }
+            toJson() {
+                return {
+                    ...super.toJson(),
+                    data: this.data,
+                };
+            }
+        },
+        Schema: z.object({
+            code: z.literal(code).describe('Machine-readable error code'),
+            message: z.literal(message).describe('Human-readable error message'),
+            data: dataSchema.describe('Additional error context'),
+        }),
+    };
+};
+export const e = {
+    InvalidEmailOrPassword: createError(401, 'INVALID_EMAIL_OR_PASSWORD', 'The provided email or password is incorrect.'),
+    EmailAlreadyExists: createError(409, 'EMAIL_ALREADY_EXISTS', 'The provided email is already registered.'),
+    RegistrationDisabled: createError(403, 'REGISTRATION_DISABLED', 'Public registration is disabled.'),
+    RegistrationEmailNotAllowed: createError(403, 'REGISTRATION_EMAIL_NOT_ALLOWED', 'This email address is not allowed for registration.'),
+    ValidationError: createErrorWithData(400, 'VALIDATION_ERROR', 'The provided data is invalid.', z.string()),
+    InternalServerError: createError(500, 'INTERNAL_SERVER_ERROR', 'An unexpected error occurred.'),
+    InvalidVerificationToken: createError(400, 'INVALID_VERIFICATION_TOKEN', 'The verification token is invalid or has expired.'),
+    EmailNotActivated: createError(403, 'EMAIL_NOT_ACTIVATED', 'The email service not activated.'),
+    EmailAlreadyVerified: createError(400, 'EMAIL_ALREADY_VERIFIED', 'The email address is already verified.'),
+    UserNotFound: createError(404, 'USER_NOT_FOUND', 'User not found.'),
+    // OAuth errors
+    OAuthClientNotFound: createError(400, 'OAUTH_CLIENT_NOT_FOUND', 'The OAuth client was not found.'),
+    OAuthClientDisabled: createError(400, 'OAUTH_CLIENT_DISABLED', 'The OAuth client is disabled.'),
+    InvalidRedirectUri: createError(400, 'INVALID_REDIRECT_URI', 'The redirect URI is not registered for this client.'),
+    UnsupportedResponseType: createError(400, 'UNSUPPORTED_RESPONSE_TYPE', 'The response type is not supported for this client.'),
+    InvalidScope: createErrorWithData(400, 'INVALID_SCOPE', 'One or more requested scopes are invalid.', z.object({
+        invalidScopes: z.array(z.string()),
+    })),
+    InvalidCodeChallengeMethod: createError(400, 'INVALID_CODE_CHALLENGE_METHOD', 'The code challenge method must be S256 or plain.'),
+    OAuthServerError: createError(500, 'OAUTH_SERVER_ERROR', 'An unexpected error occurred during OAuth authorization.'),
+    // OAuth Token Endpoint Errors (RFC 6749)
+    // invalid_request errors (400)
+    MissingAuthorizationCode: createError(400, 'MISSING_AUTHORIZATION_CODE', 'Missing authorization code.'),
+    MissingRedirectUri: createError(400, 'MISSING_REDIRECT_URI', 'Missing redirect_uri.'),
+    MissingCodeVerifier: createError(400, 'MISSING_CODE_VERIFIER', 'Missing code_verifier for PKCE.'),
+    MissingRefreshToken: createError(400, 'MISSING_REFRESH_TOKEN', 'Missing refresh_token.'),
+    // invalid_grant errors (400)
+    InvalidAuthorizationCode: createError(400, 'INVALID_AUTHORIZATION_CODE', 'Invalid or expired authorization code.'),
+    RedirectUriMismatch: createError(400, 'REDIRECT_URI_MISMATCH', 'Redirect URI mismatch.'),
+    InvalidPKCEVerifier: createError(400, 'INVALID_PKCE_VERIFIER', 'Invalid PKCE code_verifier.'),
+    InvalidRefreshToken: createError(400, 'INVALID_REFRESH_TOKEN', 'Invalid or expired refresh token.'),
+    ClientIdMismatch: createError(400, 'CLIENT_ID_MISMATCH', 'Client ID mismatch.'),
+    // invalid_client errors (401)
+    InvalidClientCredentials: createError(401, 'INVALID_CLIENT_CREDENTIALS', 'Invalid client credentials.'),
+    // unsupported_grant_type errors (400)
+    UnsupportedGrantType: createError(400, 'UNSUPPORTED_GRANT_TYPE', 'Grant type is not supported.'),
+    // JWT Token Errors
+    InvalidAccessToken: createError(401, 'INVALID_ACCESS_TOKEN', 'Invalid or expired access token.'),
+    InvalidIdToken: createError(401, 'INVALID_ID_TOKEN', 'Invalid or expired ID token.'),
+    // Bearer Token Authorization Errors
+    MissingAuthorizationHeader: createError(401, 'MISSING_AUTHORIZATION_HEADER', 'Missing Authorization header.'),
+    InvalidAuthorizationHeaderFormat: createError(401, 'INVALID_AUTHORIZATION_HEADER_FORMAT', 'Invalid Authorization header format. Expected: Bearer <token>'),
+    MissingBearerToken: createError(401, 'MISSING_BEARER_TOKEN', 'Missing token in Authorization header.'),
+    // PKCE Errors (RFC 7636)
+    InvalidCodeVerifierLength: createError(400, 'INVALID_CODE_VERIFIER_LENGTH', 'Code verifier length must be between 43 and 128 characters.'),
+    // Token Introspection Errors (RFC 7662)
+    MissingToken: createError(400, 'MISSING_TOKEN', 'Missing token parameter.'),
+    // Consent Errors (OIDC Core 1.0)
+    ConsentRequired: createError(400, 'consent_required', 'The Authorization Server requires End-User consent.'),
+    LoginRequired: createError(400, 'login_required', 'The Authorization Server requires End-User authentication.'),
+    AccessDenied: createError(400, 'access_denied', 'The resource owner or authorization server denied the request.'),
+    InteractionRequired: createError(400, 'interaction_required', 'The Authorization Server requires End-User interaction.'),
+    // Password Reset Errors
+    InvalidPasswordResetToken: createError(400, 'INVALID_PASSWORD_RESET_TOKEN', 'The password reset token is invalid or has expired.'),
+    UserNotEditable: createError(403, 'USER_NOT_EDITABLE', 'This user account cannot be modified.'),
+    // OAuth Connect Errors (Social Login)
+    OAuthProviderNotFound: createError(404, 'OAUTH_PROVIDER_NOT_FOUND', 'The OAuth provider is not configured or is disabled.'),
+    OAuthStateMismatch: createError(400, 'OAUTH_STATE_MISMATCH', 'The OAuth state parameter does not match. Please try again.'),
+    OAuthTokenExchangeFailed: createError(502, 'OAUTH_TOKEN_EXCHANGE_FAILED', 'Failed to exchange authorization code for tokens.'),
+    OAuthUserInfoFailed: createError(502, 'OAUTH_USERINFO_FAILED', 'Failed to fetch user information from OAuth provider.'),
+    OAuthAccountAlreadyLinked: createError(409, 'OAUTH_ACCOUNT_ALREADY_LINKED', 'This OAuth account is already linked to another user.'),
+    OAuthAccountNotLinked: createError(404, 'OAUTH_ACCOUNT_NOT_LINKED', 'No OAuth account is linked for this provider.'),
+    OAuthEmailNotVerified: createError(403, 'OAUTH_EMAIL_NOT_VERIFIED', 'The email address from the OAuth provider is not verified.'),
+    OAuthEmailConflict: createError(409, 'OAUTH_EMAIL_CONFLICT', 'An account with this email already exists. Please link your account instead.'),
+    CannotUnlinkLastAuthMethod: createError(400, 'CANNOT_UNLINK_LAST_AUTH_METHOD', 'Cannot unlink the last authentication method. You need at least one way to log in.'),
+    OAuthSessionExpired: createError(400, 'OAUTH_SESSION_EXPIRED', 'The OAuth session has expired. Please start the login process again.'),
+    OAuthInvalidRequest: createError(400, 'OAUTH_INVALID_REQUEST', 'Missing required parameters: code and state.'),
+    Unauthorized: createError(401, 'UNAUTHORIZED', 'You must be logged in to perform this action.'),
+    // Password Management Errors
+    PasswordAlreadySet: createError(409, 'PASSWORD_ALREADY_SET', 'A password is already set for this account. Use password change instead.'),
+    PasswordNotSet: createError(400, 'PASSWORD_NOT_SET', 'No password is set for this account.'),
+    InvalidCurrentPassword: createError(401, 'INVALID_CURRENT_PASSWORD', 'The current password is incorrect.'),
+    CannotRemoveLastAuthMethod: createError(400, 'CANNOT_REMOVE_LAST_AUTH_METHOD', 'Cannot remove password. You need at least one way to log in.'),
+    CannotRemovePasswordWithSecondFactorOnly: createError(400, 'CANNOT_REMOVE_PASSWORD_WITH_SECOND_FACTOR_ONLY', 'Cannot remove password when 2FA (TOTP/Passkey) is set up without OAuth. Add an OAuth account first, or disable 2FA before removing password.'),
+    // TOTP Errors
+    TotpAlreadyEnabled: createError(409, 'TOTP_ALREADY_ENABLED', 'TOTP is already enabled for this account.'),
+    TotpNotEnabled: createError(400, 'TOTP_NOT_ENABLED', 'TOTP is not enabled for this account.'),
+    TotpNotSetup: createError(400, 'TOTP_NOT_SETUP', 'TOTP setup has not been initiated. Please start setup first.'),
+    InvalidTotpCode: createError(400, 'INVALID_TOTP_CODE', 'The provided TOTP code is invalid.'),
+    TotpVerificationRequired: createError(401, 'TOTP_VERIFICATION_REQUIRED', 'TOTP verification is required to complete login.'),
+    TotpVerificationSessionExpired: createError(401, 'TOTP_VERIFICATION_SESSION_EXPIRED', 'TOTP verification session has expired. Please login again.'),
+    SecondFactorSessionExpired: createError(401, 'SECOND_FACTOR_SESSION_EXPIRED', 'Second factor authentication session has expired. Please login again.'),
+    // TOTP Recovery Code Errors
+    InvalidRecoveryCode: createError(400, 'INVALID_RECOVERY_CODE', 'The provided recovery code is invalid.'),
+    NoRecoveryCodesAvailable: createError(400, 'NO_RECOVERY_CODES_AVAILABLE', 'No recovery codes are available. All codes have been used.'),
+    // Passkey Errors
+    PasskeyNotEnabled: createError(400, 'PASSKEY_NOT_ENABLED', 'Passkey authentication is not enabled.'),
+    PasskeyNotFound: createError(404, 'PASSKEY_NOT_FOUND', 'The passkey was not found.'),
+    PasskeyAlreadyExists: createError(409, 'PASSKEY_ALREADY_EXISTS', 'This passkey is already registered.'),
+    PasskeyVerificationFailed: createError(400, 'PASSKEY_VERIFICATION_FAILED', 'Passkey verification failed.'),
+    PasskeyChallengeExpired: createError(400, 'PASSKEY_CHALLENGE_EXPIRED', 'The passkey challenge has expired. Please try again.'),
+    PasskeyChallengeNotFound: createError(400, 'PASSKEY_CHALLENGE_NOT_FOUND', 'No passkey challenge found. Please start the registration process again.'),
+    CannotRemoveLastPasskey: createError(400, 'CANNOT_REMOVE_LAST_PASSKEY', 'Cannot remove the last passkey. You need at least one way to log in.'),
+    CannotRemoveLastSecondFactor: createError(400, 'CANNOT_REMOVE_LAST_SECOND_FACTOR', 'Cannot remove the last second factor. At least one 2FA method is required.'),
+    SecondFactorNotAllowedForConfigUser: createError(403, 'SECOND_FACTOR_NOT_ALLOWED_FOR_CONFIG_USER', 'Second factor authentication is not available for config-managed users.'),
+    PasskeyUserMismatch: createError(403, 'PASSKEY_USER_MISMATCH', 'The passkey does not belong to the pending user.'),
+    // Email Verification Errors
+    EmailVerificationRequired: createError(403, 'EMAIL_VERIFICATION_REQUIRED', 'Email verification is required before logging in.'),
+    // Account Deletion Errors
+    AccountDeletionDisabled: createError(403, 'ACCOUNT_DELETION_DISABLED', 'Account deletion is not enabled.'),
+    AccountAlreadyDeleted: createError(400, 'ACCOUNT_ALREADY_DELETED', 'This account has already been deleted.'),
+    // Terms Consent Errors
+    TermsConsentRequired: createError(403, 'TERMS_CONSENT_REQUIRED', 'You must agree to the terms of service before continuing.'),
+    TermsNotFound: createError(404, 'TERMS_NOT_FOUND', 'The specified terms were not found.'),
+    // Proxy Security Errors
+    UntrustedProxy: createError(403, 'UNTRUSTED_PROXY', 'Request rejected: connection from untrusted source.'),
+};
+//# sourceMappingURL=error.js.map

package/dist/schemas/error.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.js","sourceRoot":"","sources":["../../src/schemas/error.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,OAAO,aAIX,SAAQ,KAAK;IACG,MAAM,CAAS;IACf,IAAI,CAAO;IACF,OAAO,CAAU;IAE1C,YAAmB,MAAc,EAAE,IAAU,EAAE,OAAgB;QAC7D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAEM,MAAM;QACX,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;IACJ,CAAC;CACF;AAED,MAAM,WAAW,GAAG,CAKlB,MAAc,EACd,IAAU,EACV,OAAgB,EAChB,EAAE;IACF,OAAO;QACL,MAAM,EAAE,MAAM;QACd,KAAK,EAAE,KAAM,SAAQ,aAAoC;YACvD;gBACE,KAAK,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAC/B,CAAC;SACF;QACD,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;YACf,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,6BAA6B,CAAC;YAC7D,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,8BAA8B,CAAC;SACrE,CAAC;KACH,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,CAM1B,MAAc,EACd,IAAU,EACV,OAAgB,EAChB,UAAuB,EACvB,EAAE;IACF,OAAO;QACL,MAAM,EAAE,MAAM;QACd,KAAK,EAAE,KAAM,SAAQ,aAAoC;YAChD,IAAI,CAAuB;YAElC,YAAmB,IAA0B;gBAC3C,KAAK,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC7B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;YACnB,CAAC;YAEe,MAAM;gBACpB,OAAO;oBACL,GAAG,KAAK,CAAC,MAAM,EAAE;oBACjB,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB,CAAC;YACJ,CAAC;SACF;QACD,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;YACf,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,6BAA6B,CAAC;YAC7D,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,8BAA8B,CAAC;YACpE,IAAI,EAAE,UAAU,CAAC,QAAQ,CAAC,0BAA0B,CAAC;SACtD,CAAC;KACH,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,CAAC,GAAG;IACf,sBAAsB,EAAE,WAAW,CACjC,GAAG,EACH,2BAA2B,EAC3B,8CAA8C,CAC/C;IACD,kBAAkB,EAAE,WAAW,CAC7B,GAAG,EACH,sBAAsB,EACtB,2CAA2C,CAC5C;IACD,oBAAoB,EAAE,WAAW,CAC/B,GAAG,EACH,uBAAuB,EACvB,kCAAkC,CACnC;IACD,2BAA2B,EAAE,WAAW,CACtC,GAAG,EACH,gCAAgC,EAChC,qDAAqD,CACtD;IACD,eAAe,EAAE,mBAAmB,CAClC,GAAG,EACH,kBAAkB,EAClB,+BAA+B,EAC/B,CAAC,CAAC,MAAM,EAAE,CACX;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,+BAA+B,CAChC;IACD,wBAAwB,EAAE,WAAW,CACnC,GAAG,EACH,4BAA4B,EAC5B,mDAAmD,CACpD;IACD,iBAAiB,EAAE,WAAW,CAC5B,GAAG,EACH,qBAAqB,EACrB,kCAAkC,CACnC;IACD,oBAAoB,EAAE,WAAW,CAC/B,GAAG,EACH,wBAAwB,EACxB,wCAAwC,CACzC;IACD,YAAY,EAAE,WAAW,CAAC,GAAG,EAAE,gBAAgB,EAAE,iBAAiB,CAAC;IAEnE,eAAe;IACf,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,wBAAwB,EACxB,iCAAiC,CAClC;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,+BAA+B,CAChC;IACD,kBAAkB,EAAE,WAAW,CAC7B,GAAG,EACH,sBAAsB,EACtB,qDAAqD,CACtD;IACD,uBAAuB,EAAE,WAAW,CAClC,GAAG,EACH,2BAA2B,EAC3B,qDAAqD,CACtD;IACD,YAAY,EAAE,mBAAmB,CAC/B,GAAG,EACH,eAAe,EACf,2CAA2C,EAC3C,CAAC,CAAC,MAAM,CAAC;QACP,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACnC,CAAC,CACH;IACD,0BAA0B,EAAE,WAAW,CACrC,GAAG,EACH,+BAA+B,EAC/B,kDAAkD,CACnD;IACD,gBAAgB,EAAE,WAAW,CAC3B,GAAG,EACH,oBAAoB,EACpB,0DAA0D,CAC3D;IAED,yCAAyC;IACzC,+BAA+B;IAC/B,wBAAwB,EAAE,WAAW,CACnC,GAAG,EACH,4BAA4B,EAC5B,6BAA6B,CAC9B;IACD,kBAAkB,EAAE,WAAW,CAC7B,GAAG,EACH,sBAAsB,EACtB,uBAAuB,CACxB;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,iCAAiC,CAClC;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,wBAAwB,CACzB;IAED,6BAA6B;IAC7B,wBAAwB,EAAE,WAAW,CACnC,GAAG,EACH,4BAA4B,EAC5B,wCAAwC,CACzC;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,wBAAwB,CACzB;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,6BAA6B,CAC9B;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,mCAAmC,CACpC;IACD,gBAAgB,EAAE,WAAW,CAC3B,GAAG,EACH,oBAAoB,EACpB,qBAAqB,CACtB;IAED,8BAA8B;IAC9B,wBAAwB,EAAE,WAAW,CACnC,GAAG,EACH,4BAA4B,EAC5B,6BAA6B,CAC9B;IAED,sCAAsC;IACtC,oBAAoB,EAAE,WAAW,CAC/B,GAAG,EACH,wBAAwB,EACxB,8BAA8B,CAC/B;IAED,mBAAmB;IACnB,kBAAkB,EAAE,WAAW,CAC7B,GAAG,EACH,sBAAsB,EACtB,kCAAkC,CACnC;IACD,cAAc,EAAE,WAAW,CACzB,GAAG,EACH,kBAAkB,EAClB,8BAA8B,CAC/B;IAED,oCAAoC;IACpC,0BAA0B,EAAE,WAAW,CACrC,GAAG,EACH,8BAA8B,EAC9B,+BAA+B,CAChC;IACD,gCAAgC,EAAE,WAAW,CAC3C,GAAG,EACH,qCAAqC,EACrC,+DAA+D,CAChE;IACD,kBAAkB,EAAE,WAAW,CAC7B,GAAG,EACH,sBAAsB,EACtB,wCAAwC,CACzC;IAED,yBAAyB;IACzB,yBAAyB,EAAE,WAAW,CACpC,GAAG,EACH,8BAA8B,EAC9B,6DAA6D,CAC9D;IAED,wCAAwC;IACxC,YAAY,EAAE,WAAW,CAAC,GAAG,EAAE,eAAe,EAAE,0BAA0B,CAAC;IAE3E,iCAAiC;IACjC,eAAe,EAAE,WAAW,CAC1B,GAAG,EACH,kBAAkB,EAClB,qDAAqD,CACtD;IACD,aAAa,EAAE,WAAW,CACxB,GAAG,EACH,gBAAgB,EAChB,4DAA4D,CAC7D;IACD,YAAY,EAAE,WAAW,CACvB,GAAG,EACH,eAAe,EACf,gEAAgE,CACjE;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,sBAAsB,EACtB,yDAAyD,CAC1D;IAED,wBAAwB;IACxB,yBAAyB,EAAE,WAAW,CACpC,GAAG,EACH,8BAA8B,EAC9B,qDAAqD,CACtD;IACD,eAAe,EAAE,WAAW,CAC1B,GAAG,EACH,mBAAmB,EACnB,uCAAuC,CACxC;IAED,sCAAsC;IACtC,qBAAqB,EAAE,WAAW,CAChC,GAAG,EACH,0BAA0B,EAC1B,sDAAsD,CACvD;IACD,kBAAkB,EAAE,WAAW,CAC7B,GAAG,EACH,sBAAsB,EACtB,6DAA6D,CAC9D;IACD,wBAAwB,EAAE,WAAW,CACnC,GAAG,EACH,6BAA6B,EAC7B,mDAAmD,CACpD;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,uDAAuD,CACxD;IACD,yBAAyB,EAAE,WAAW,CACpC,GAAG,EACH,8BAA8B,EAC9B,uDAAuD,CACxD;IACD,qBAAqB,EAAE,WAAW,CAChC,GAAG,EACH,0BAA0B,EAC1B,+CAA+C,CAChD;IACD,qBAAqB,EAAE,WAAW,CAChC,GAAG,EACH,0BAA0B,EAC1B,4DAA4D,CAC7D;IACD,kBAAkB,EAAE,WAAW,CAC7B,GAAG,EACH,sBAAsB,EACtB,8EAA8E,CAC/E;IACD,0BAA0B,EAAE,WAAW,CACrC,GAAG,EACH,gCAAgC,EAChC,oFAAoF,CACrF;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,sEAAsE,CACvE;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,8CAA8C,CAC/C;IACD,YAAY,EAAE,WAAW,CACvB,GAAG,EACH,cAAc,EACd,+CAA+C,CAChD;IAED,6BAA6B;IAC7B,kBAAkB,EAAE,WAAW,CAC7B,GAAG,EACH,sBAAsB,EACtB,0EAA0E,CAC3E;IACD,cAAc,EAAE,WAAW,CACzB,GAAG,EACH,kBAAkB,EAClB,sCAAsC,CACvC;IACD,sBAAsB,EAAE,WAAW,CACjC,GAAG,EACH,0BAA0B,EAC1B,oCAAoC,CACrC;IACD,0BAA0B,EAAE,WAAW,CACrC,GAAG,EACH,gCAAgC,EAChC,8DAA8D,CAC/D;IACD,wCAAwC,EAAE,WAAW,CACnD,GAAG,EACH,gDAAgD,EAChD,8IAA8I,CAC/I;IAED,cAAc;IACd,kBAAkB,EAAE,WAAW,CAC7B,GAAG,EACH,sBAAsB,EACtB,2CAA2C,CAC5C;IACD,cAAc,EAAE,WAAW,CACzB,GAAG,EACH,kBAAkB,EAClB,uCAAuC,CACxC;IACD,YAAY,EAAE,WAAW,CACvB,GAAG,EACH,gBAAgB,EAChB,8DAA8D,CAC/D;IACD,eAAe,EAAE,WAAW,CAC1B,GAAG,EACH,mBAAmB,EACnB,oCAAoC,CACrC;IACD,wBAAwB,EAAE,WAAW,CACnC,GAAG,EACH,4BAA4B,EAC5B,kDAAkD,CACnD;IACD,8BAA8B,EAAE,WAAW,CACzC,GAAG,EACH,mCAAmC,EACnC,4DAA4D,CAC7D;IACD,0BAA0B,EAAE,WAAW,CACrC,GAAG,EACH,+BAA+B,EAC/B,uEAAuE,CACxE;IAED,4BAA4B;IAC5B,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,wCAAwC,CACzC;IACD,wBAAwB,EAAE,WAAW,CACnC,GAAG,EACH,6BAA6B,EAC7B,4DAA4D,CAC7D;IAED,iBAAiB;IACjB,iBAAiB,EAAE,WAAW,CAC5B,GAAG,EACH,qBAAqB,EACrB,wCAAwC,CACzC;IACD,eAAe,EAAE,WAAW,CAC1B,GAAG,EACH,mBAAmB,EACnB,4BAA4B,CAC7B;IACD,oBAAoB,EAAE,WAAW,CAC/B,GAAG,EACH,wBAAwB,EACxB,qCAAqC,CACtC;IACD,yBAAyB,EAAE,WAAW,CACpC,GAAG,EACH,6BAA6B,EAC7B,8BAA8B,CAC/B;IACD,uBAAuB,EAAE,WAAW,CAClC,GAAG,EACH,2BAA2B,EAC3B,sDAAsD,CACvD;IACD,wBAAwB,EAAE,WAAW,CACnC,GAAG,EACH,6BAA6B,EAC7B,0EAA0E,CAC3E;IACD,uBAAuB,EAAE,WAAW,CAClC,GAAG,EACH,4BAA4B,EAC5B,sEAAsE,CACvE;IACD,4BAA4B,EAAE,WAAW,CACvC,GAAG,EACH,kCAAkC,EAClC,4EAA4E,CAC7E;IACD,mCAAmC,EAAE,WAAW,CAC9C,GAAG,EACH,2CAA2C,EAC3C,yEAAyE,CAC1E;IACD,mBAAmB,EAAE,WAAW,CAC9B,GAAG,EACH,uBAAuB,EACvB,kDAAkD,CACnD;IAED,4BAA4B;IAC5B,yBAAyB,EAAE,WAAW,CACpC,GAAG,EACH,6BAA6B,EAC7B,mDAAmD,CACpD;IAED,0BAA0B;IAC1B,uBAAuB,EAAE,WAAW,CAClC,GAAG,EACH,2BAA2B,EAC3B,kCAAkC,CACnC;IACD,qBAAqB,EAAE,WAAW,CAChC,GAAG,EACH,yBAAyB,EACzB,wCAAwC,CACzC;IAED,uBAAuB;IACvB,oBAAoB,EAAE,WAAW,CAC/B,GAAG,EACH,wBAAwB,EACxB,2DAA2D,CAC5D;IACD,aAAa,EAAE,WAAW,CACxB,GAAG,EACH,iBAAiB,EACjB,qCAAqC,CACtC;IAED,wBAAwB;IACxB,cAAc,EAAE,WAAW,CACzB,GAAG,EACH,iBAAiB,EACjB,qDAAqD,CACtD;CACF,CAAC"}

package/dist/schemas/field.d.ts

@@ -0,0 +1,97 @@
+import { z } from 'zod';
+export declare const f: {
+    uuid: z.ZodUUID;
+    userSub: z.ZodUUID;
+    userEmail: z.ZodEmail;
+    userPassword: z.ZodString;
+    newUserPassword: z.ZodString;
+    emailVerified: z.ZodBoolean;
+    clientId: z.ZodString;
+    clientSecret: z.ZodString;
+    redirectUri: z.ZodURL;
+    scope: z.ZodString;
+    responseType: z.ZodString;
+    state: z.ZodString;
+    nonce: z.ZodString;
+    codeChallenge: z.ZodString;
+    codeChallengeMethod: z.ZodEnum<{
+        S256: "S256";
+        plain: "plain";
+    }>;
+    codeVerifier: z.ZodString;
+    grantType: z.ZodEnum<{
+        refresh_token: "refresh_token";
+        authorization_code: "authorization_code";
+    }>;
+    authorizationCode: z.ZodString;
+    token: z.ZodString;
+    tokenTypeHint: z.ZodEnum<{
+        access_token: "access_token";
+        refresh_token: "refresh_token";
+    }>;
+    prompt: z.ZodEnum<{
+        none: "none";
+        login: "login";
+        consent: "consent";
+        select_account: "select_account";
+    }>;
+    display: z.ZodEnum<{
+        page: "page";
+        popup: "popup";
+        touch: "touch";
+        wap: "wap";
+    }>;
+    maxAge: z.ZodCoercedNumber<unknown>;
+    consentDecision: z.ZodEnum<{
+        allow: "allow";
+        deny: "deny";
+    }>;
+    providerName: z.ZodString;
+    oauthConnectMode: z.ZodEnum<{
+        link: "link";
+        register: "register";
+        login: "login";
+    }>;
+    returnUrl: z.ZodString;
+    languageCode: z.ZodDefault<z.ZodString>;
+    /**
+     * Accept-Language header schema with transform.
+     * Parses header like "ko-KR,ko;q=0.9,en-US;q=0.8" into Locale.
+     */
+    acceptLanguage: z.ZodPipe<z.ZodOptional<z.ZodString>, z.ZodTransform<"en" | "ko" | "ja", string | undefined>>;
+    totpCode: z.ZodString;
+    recoveryCode: z.ZodPipe<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>, z.ZodString>;
+    base64UrlString: z.ZodString;
+    passkeyCredentialId: z.ZodString;
+    passkeyChallenge: z.ZodString;
+    passkeyName: z.ZodString;
+    passkeyDeviceType: z.ZodEnum<{
+        singleDevice: "singleDevice";
+        multiDevice: "multiDevice";
+    }>;
+    authenticatorTransport: z.ZodEnum<{
+        ble: "ble";
+        cable: "cable";
+        hybrid: "hybrid";
+        internal: "internal";
+        nfc: "nfc";
+        "smart-card": "smart-card";
+        usb: "usb";
+    }>;
+    userVerificationRequirement: z.ZodEnum<{
+        required: "required";
+        preferred: "preferred";
+        discouraged: "discouraged";
+    }>;
+    publicKeyCredentialType: z.ZodLiteral<"public-key">;
+    authenticatorAttachment: z.ZodEnum<{
+        platform: "platform";
+        "cross-platform": "cross-platform";
+    }>;
+    publicKeyCredentialHint: z.ZodEnum<{
+        hybrid: "hybrid";
+        "security-key": "security-key";
+        "client-device": "client-device";
+    }>;
+};
+//# sourceMappingURL=field.d.ts.map

package/dist/schemas/field.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"field.d.ts","sourceRoot":"","sources":["../../src/schemas/field.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAQxB,eAAO,MAAM,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAsGZ;;;OAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4EJ,CAAC"}

package/dist/schemas/field.js

@@ -0,0 +1,168 @@
+import { z } from 'zod';
+import { DEFAULT_LOCALE, isAvailableLocale, } from "../lib/locale.js";
+import { PASSWORD_POLICY_MAX_LENGTH } from "../lib/password-policy.js";
+export const f = {
+    // Common fields
+    uuid: z.uuid().describe('Entity UUID'),
+    // User fields
+    userSub: z.uuid().describe('User subject identifier (UUID)'),
+    userEmail: z.email().describe('User email address'),
+    userPassword: z
+        .string()
+        .min(1)
+        .max(PASSWORD_POLICY_MAX_LENGTH)
+        .describe("User's password"),
+    newUserPassword: z
+        .string()
+        .min(1)
+        .max(PASSWORD_POLICY_MAX_LENGTH)
+        .describe("User's new password"),
+    emailVerified: z.boolean().describe("Whether the user's email is verified"),
+    // OAuth fields
+    clientId: z.string().min(1).max(1000).describe('OAuth client ID'),
+    clientSecret: z.string().min(1).max(1000).describe('OAuth client secret'),
+    redirectUri: z.url().max(1000).describe('OAuth redirect URI'),
+    scope: z.string().max(1000).describe('Space-delimited list of OAuth scopes'),
+    responseType: z
+        .string()
+        .min(1)
+        .max(100)
+        .describe('OAuth response type (e.g., "code", "token")'),
+    state: z
+        .string()
+        .min(1)
+        .max(1000)
+        .describe('OAuth state parameter for CSRF protection'),
+    nonce: z
+        .string()
+        .min(1)
+        .max(1000)
+        .describe('OIDC nonce for replay attack prevention'),
+    codeChallenge: z.string().min(1).max(1000).describe('PKCE code challenge'),
+    codeChallengeMethod: z
+        .enum(['S256', 'plain'])
+        .describe('PKCE code challenge method'),
+    codeVerifier: z
+        .string()
+        .min(43)
+        .max(128)
+        .describe('PKCE code verifier (43-128 characters)'),
+    grantType: z
+        .enum(['authorization_code', 'refresh_token'])
+        .describe('OAuth grant type'),
+    authorizationCode: z
+        .string()
+        .min(1)
+        .max(1000)
+        .describe('OAuth authorization code'),
+    token: z
+        .string()
+        .min(1)
+        .describe('Token string (verification, reset, or OAuth token)'),
+    tokenTypeHint: z
+        .enum(['access_token', 'refresh_token'])
+        .describe('Hint about the type of token'),
+    // OIDC fields
+    prompt: z
+        .enum(['none', 'login', 'consent', 'select_account'])
+        .describe('OIDC prompt parameter'),
+    display: z
+        .enum(['page', 'popup', 'touch', 'wap'])
+        .describe('OIDC display parameter'),
+    maxAge: z.coerce
+        .number()
+        .int()
+        .min(0)
+        .describe('Maximum authentication age in seconds'),
+    // Consent fields
+    consentDecision: z.enum(['allow', 'deny']).describe('User consent decision'),
+    // Provider fields
+    providerName: z
+        .string()
+        .min(1)
+        .describe('OAuth provider name (e.g., "google", "github")'),
+    oauthConnectMode: z
+        .enum(['login', 'register', 'link'])
+        .describe('OAuth connect mode'),
+    returnUrl: z
+        .string()
+        .min(1)
+        .max(2000)
+        .describe('Return URL or path to redirect after completion'),
+    // i18n fields
+    languageCode: z
+        .string()
+        .min(2)
+        .max(10)
+        .default('en')
+        .describe('Language code for localized content'),
+    /**
+     * Accept-Language header schema with transform.
+     * Parses header like "ko-KR,ko;q=0.9,en-US;q=0.8" into Locale.
+     */
+    acceptLanguage: z
+        .string()
+        .optional()
+        .transform((val) => {
+        if (!val) {
+            return DEFAULT_LOCALE;
+        }
+        // Parse Accept-Language header (e.g., "ko-KR,ko;q=0.9,en-US;q=0.8")
+        const languages = val
+            .split(',')
+            .map((lang) => {
+            const [code, qValue] = lang.trim().split(';q=');
+            return {
+                code: code?.split('-')[0]?.toLowerCase(),
+                q: qValue ? Number.parseFloat(qValue) : 1,
+            };
+        })
+            .filter((lang) => lang.code)
+            .sort((a, b) => b.q - a.q);
+        for (const lang of languages) {
+            if (lang.code && isAvailableLocale(lang.code)) {
+                return lang.code;
+            }
+        }
+        return DEFAULT_LOCALE;
+    })
+        .describe('Accept-Language header (e.g., "ko-KR,ko;q=0.9,en;q=0.8")'),
+    // TOTP fields
+    totpCode: z
+        .string()
+        .length(6)
+        .regex(/^\d{6}$/, 'TOTP code must be 6 digits')
+        .describe('6-digit TOTP code from authenticator app'),
+    // TOTP Recovery Code fields
+    recoveryCode: z
+        .string()
+        .transform((value) => value.toUpperCase())
+        .pipe(z
+        .string()
+        .regex(/^[A-HJ-NP-TV-Z2-9]{4}(?:-[A-HJ-NP-TV-Z2-9]{4}){3}$/, 'Recovery code must be in format: XXXX-XXXX-XXXX-XXXX'))
+        .describe('One-time recovery code for TOTP (format: XXXX-XXXX-XXXX-XXXX)'),
+    // WebAuthn/Passkey fields
+    base64UrlString: z.string().describe('Base64URL-encoded string'),
+    passkeyCredentialId: z.string().describe('Passkey credential ID'),
+    passkeyChallenge: z.string().describe('WebAuthn challenge'),
+    passkeyName: z.string().min(1).max(100).describe('Passkey display name'),
+    passkeyDeviceType: z
+        .enum(['singleDevice', 'multiDevice'])
+        .describe('Passkey device type'),
+    authenticatorTransport: z
+        .enum(['ble', 'cable', 'hybrid', 'internal', 'nfc', 'smart-card', 'usb'])
+        .describe('Authenticator transport method'),
+    userVerificationRequirement: z
+        .enum(['required', 'preferred', 'discouraged'])
+        .describe('User verification requirement'),
+    publicKeyCredentialType: z
+        .literal('public-key')
+        .describe('Public key credential type'),
+    authenticatorAttachment: z
+        .enum(['platform', 'cross-platform'])
+        .describe('Authenticator attachment type'),
+    publicKeyCredentialHint: z
+        .enum(['hybrid', 'security-key', 'client-device'])
+        .describe('Public key credential hint'),
+};
+//# sourceMappingURL=field.js.map

package/dist/schemas/field.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"field.js","sourceRoot":"","sources":["../../src/schemas/field.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACL,cAAc,EACd,iBAAiB,GAElB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AAEvE,MAAM,CAAC,MAAM,CAAC,GAAG;IACf,gBAAgB;IAChB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC;IAEtC,cAAc;IACd,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC5D,SAAS,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACnD,YAAY,EAAE,CAAC;SACZ,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,0BAA0B,CAAC;SAC/B,QAAQ,CAAC,iBAAiB,CAAC;IAC9B,eAAe,EAAE,CAAC;SACf,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,0BAA0B,CAAC;SAC/B,QAAQ,CAAC,qBAAqB,CAAC;IAClC,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;IAE3E,eAAe;IACf,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACjE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IACzE,WAAW,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IAC7D,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,sCAAsC,CAAC;IAC5E,YAAY,EAAE,CAAC;SACZ,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,GAAG,CAAC;SACR,QAAQ,CAAC,6CAA6C,CAAC;IAC1D,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,IAAI,CAAC;SACT,QAAQ,CAAC,2CAA2C,CAAC;IACxD,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,IAAI,CAAC;SACT,QAAQ,CAAC,yCAAyC,CAAC;IACtD,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC1E,mBAAmB,EAAE,CAAC;SACnB,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACvB,QAAQ,CAAC,4BAA4B,CAAC;IACzC,YAAY,EAAE,CAAC;SACZ,MAAM,EAAE;SACR,GAAG,CAAC,EAAE,CAAC;SACP,GAAG,CAAC,GAAG,CAAC;SACR,QAAQ,CAAC,wCAAwC,CAAC;IACrD,SAAS,EAAE,CAAC;SACT,IAAI,CAAC,CAAC,oBAAoB,EAAE,eAAe,CAAC,CAAC;SAC7C,QAAQ,CAAC,kBAAkB,CAAC;IAC/B,iBAAiB,EAAE,CAAC;SACjB,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,IAAI,CAAC;SACT,QAAQ,CAAC,0BAA0B,CAAC;IACvC,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CAAC,oDAAoD,CAAC;IACjE,aAAa,EAAE,CAAC;SACb,IAAI,CAAC,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC;SACvC,QAAQ,CAAC,8BAA8B,CAAC;IAE3C,cAAc;IACd,MAAM,EAAE,CAAC;SACN,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;SACpD,QAAQ,CAAC,uBAAuB,CAAC;IACpC,OAAO,EAAE,CAAC;SACP,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;SACvC,QAAQ,CAAC,wBAAwB,CAAC;IACrC,MAAM,EAAE,CAAC,CAAC,MAAM;SACb,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CAAC,uCAAuC,CAAC;IAEpD,iBAAiB;IACjB,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IAE5E,kBAAkB;IAClB,YAAY,EAAE,CAAC;SACZ,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CAAC,gDAAgD,CAAC;IAC7D,gBAAgB,EAAE,CAAC;SAChB,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;SACnC,QAAQ,CAAC,oBAAoB,CAAC;IACjC,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,IAAI,CAAC;SACT,QAAQ,CAAC,iDAAiD,CAAC;IAE9D,cAAc;IACd,YAAY,EAAE,CAAC;SACZ,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,EAAE,CAAC;SACP,OAAO,CAAC,IAAI,CAAC;SACb,QAAQ,CAAC,qCAAqC,CAAC;IAElD;;;OAGG;IACH,cAAc,EAAE,CAAC;SACd,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,SAAS,CAAC,CAAC,GAAG,EAAU,EAAE;QACzB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,oEAAoE;QACpE,MAAM,SAAS,GAAG,GAAG;aAClB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACZ,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAChD,OAAO;gBACL,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE;gBACxC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;aAC1C,CAAC;QACJ,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;aAC3B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAE7B,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,IAAI,CAAC,IAAI,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9C,OAAO,IAAI,CAAC,IAAI,CAAC;YACnB,CAAC;QACH,CAAC;QAED,OAAO,cAAc,CAAC;IACxB,CAAC,CAAC;SACD,QAAQ,CAAC,0DAA0D,CAAC;IAEvE,cAAc;IACd,QAAQ,EAAE,CAAC;SACR,MAAM,EAAE;SACR,MAAM,CAAC,CAAC,CAAC;SACT,KAAK,CAAC,SAAS,EAAE,4BAA4B,CAAC;SAC9C,QAAQ,CAAC,0CAA0C,CAAC;IAEvD,4BAA4B;IAC5B,YAAY,EAAE,CAAC;SACZ,MAAM,EAAE;SACR,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;SACzC,IAAI,CACH,CAAC;SACE,MAAM,EAAE;SACR,KAAK,CACJ,oDAAoD,EACpD,sDAAsD,CACvD,CACJ;SACA,QAAQ,CAAC,+DAA+D,CAAC;IAE5E,0BAA0B;IAC1B,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IAChE,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IACjE,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IAC3D,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;IACxE,iBAAiB,EAAE,CAAC;SACjB,IAAI,CAAC,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;SACrC,QAAQ,CAAC,qBAAqB,CAAC;IAClC,sBAAsB,EAAE,CAAC;SACtB,IAAI,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;SACxE,QAAQ,CAAC,gCAAgC,CAAC;IAC7C,2BAA2B,EAAE,CAAC;SAC3B,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;SAC9C,QAAQ,CAAC,+BAA+B,CAAC;IAC5C,uBAAuB,EAAE,CAAC;SACvB,OAAO,CAAC,YAAY,CAAC;SACrB,QAAQ,CAAC,4BAA4B,CAAC;IACzC,uBAAuB,EAAE,CAAC;SACvB,IAAI,CAAC,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;SACpC,QAAQ,CAAC,+BAA+B,CAAC;IAC5C,uBAAuB,EAAE,CAAC;SACvB,IAAI,CAAC,CAAC,QAAQ,EAAE,cAAc,EAAE,eAAe,CAAC,CAAC;SACjD,QAAQ,CAAC,4BAA4B,CAAC;CAC1C,CAAC"}

package/dist/schemas/header.d.ts

@@ -0,0 +1,7 @@
+import { z } from 'zod';
+export declare const h: {
+    BearerAuth: z.ZodObject<{
+        authorization: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>;
+};
+//# sourceMappingURL=header.d.ts.map

package/dist/schemas/header.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"header.d.ts","sourceRoot":"","sources":["../../src/schemas/header.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,CAAC;;;;CAQb,CAAC"}

package/dist/schemas/header.js

@@ -0,0 +1,11 @@
+import { z } from 'zod';
+export const h = {
+    BearerAuth: z.object({
+        authorization: z
+            .string()
+            .min(1)
+            .optional()
+            .describe('Bearer token: "Bearer <access_token>"'),
+    }),
+};
+//# sourceMappingURL=header.js.map

package/dist/schemas/header.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"header.js","sourceRoot":"","sources":["../../src/schemas/header.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,CAAC,GAAG;IACf,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC;QACnB,aAAa,EAAE,CAAC;aACb,MAAM,EAAE;aACR,GAAG,CAAC,CAAC,CAAC;aACN,QAAQ,EAAE;aACV,QAAQ,CAAC,uCAAuC,CAAC;KACrD,CAAC;CACH,CAAC"}

package/dist/schemas/oauth.d.ts

@@ -0,0 +1,26 @@
+import { z } from 'zod';
+/**
+ * OAuth-related schemas namespace
+ * Contains only schemas used for runtime validation (route schemas, etc.)
+ */
+export declare const oauthSchema: {
+    TokenIntrospectionResult: z.ZodObject<{
+        active: z.ZodBoolean;
+        scope: z.ZodOptional<z.ZodString>;
+        client_id: z.ZodOptional<z.ZodString>;
+        token_type: z.ZodOptional<z.ZodLiteral<"Bearer">>;
+        exp: z.ZodOptional<z.ZodNumber>;
+        iat: z.ZodOptional<z.ZodNumber>;
+        sub: z.ZodOptional<z.ZodString>;
+        iss: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>;
+    TokenResponse: z.ZodObject<{
+        access_token: z.ZodString;
+        token_type: z.ZodLiteral<"Bearer">;
+        expires_in: z.ZodNumber;
+        refresh_token: z.ZodString;
+        id_token: z.ZodOptional<z.ZodString>;
+        scope: z.ZodString;
+    }, z.core.$strip>;
+};
+//# sourceMappingURL=oauth.d.ts.map

package/dist/schemas/oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/schemas/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA6CxB;;;GAGG;AACH,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;CAGvB,CAAC"}

package/dist/schemas/oauth.js

@@ -0,0 +1,51 @@
+import { z } from 'zod';
+/**
+ * Token introspection result (RFC 7662 §2.2)
+ * @see https://datatracker.ietf.org/doc/html/rfc7662#section-2.2
+ */
+const TokenIntrospectionResult = z.object({
+    /** Whether the token is currently active */
+    active: z.boolean().describe('Whether the token is currently active'),
+    /** Space-separated list of scopes (only if active) */
+    scope: z.string().optional().describe('Space-separated list of scopes'),
+    /** Client identifier (only if active) */
+    client_id: z.string().optional().describe('OAuth client identifier'),
+    /** Type of token (only if active) */
+    token_type: z.literal('Bearer').optional().describe('OAuth token type'),
+    /** Expiration timestamp in seconds (only if active) */
+    exp: z.number().int().optional().describe('Expiration timestamp (seconds)'),
+    /** Issued-at timestamp in seconds (only if active) */
+    iat: z.number().int().optional().describe('Issued-at timestamp (seconds)'),
+    /** Subject identifier - user ID (only if active) */
+    sub: z.string().uuid().optional().describe('Subject identifier (UUID)'),
+    /** Issuer identifier (only if active) */
+    iss: z.string().url().optional().describe('Token issuer URL'),
+});
+/**
+ * OAuth 2.0 / OIDC token response (RFC 6749 §5.1)
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
+ */
+const TokenResponse = z.object({
+    /** OAuth 2.0 access token (JWT format) */
+    access_token: z.string().describe('OAuth 2.0 access token (JWT)'),
+    /** Token type identifier */
+    token_type: z.literal('Bearer').describe('OAuth token type'),
+    /** Access token lifetime in seconds */
+    expires_in: z.number().int().describe('Access token lifetime in seconds'),
+    /** Refresh token for obtaining new access tokens */
+    refresh_token: z.string().describe('Refresh token'),
+    /** OpenID Connect ID Token (JWT format, only if openid scope requested) */
+    id_token: z.string().optional().describe('OpenID Connect ID token (JWT)'),
+    /** Space-separated list of granted scopes */
+    scope: z.string().describe('Space-separated granted scopes'),
+});
+/**
+ * OAuth-related schemas namespace
+ * Contains only schemas used for runtime validation (route schemas, etc.)
+ */
+export const oauthSchema = {
+    TokenIntrospectionResult,
+    TokenResponse,
+};
+//# sourceMappingURL=oauth.js.map

package/dist/schemas/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/schemas/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;GAGG;AACH,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,4CAA4C;IAC5C,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;IACrE,sDAAsD;IACtD,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IACvE,yCAAyC;IACzC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yBAAyB,CAAC;IACpE,qCAAqC;IACrC,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;IACvE,uDAAuD;IACvD,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC3E,sDAAsD;IACtD,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IAC1E,oDAAoD;IACpD,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IACvE,yCAAyC;IACzC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;CAC9D,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,0CAA0C;IAC1C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;IACjE,4BAA4B;IAC5B,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC;IAC5D,uCAAuC;IACvC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,kCAAkC,CAAC;IACzE,oDAAoD;IACpD,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;IACnD,2EAA2E;IAC3E,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IACzE,6CAA6C;IAC7C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;CAC7D,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,wBAAwB;IACxB,aAAa;CACd,CAAC"}

package/dist/schemas/provider.d.ts

@@ -0,0 +1,7 @@
+import { z } from 'zod';
+export declare const zz: {
+    PORT: z.ZodPipe<z.ZodUnion<[z.ZodString, z.ZodNumber]>, z.ZodTransform<number, string | number>>;
+    COERCE_BOOLEAN: z.ZodPipe<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString]>, z.ZodTransform<boolean, string | boolean>>;
+    coerceInt: () => z.ZodPipe<z.ZodUnion<readonly [z.ZodString, z.ZodNumber]>, z.ZodTransform<number, string | number>>;
+};
+//# sourceMappingURL=provider.d.ts.map

package/dist/schemas/provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../src/schemas/provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAuBxB,eAAO,MAAM,EAAE;;;;CAYd,CAAC"}

package/dist/schemas/provider.js

@@ -0,0 +1,31 @@
+import { z } from 'zod';
+/**
+ * Coerce a string or boolean value to boolean.
+ * Handles "true"/"1" as true, everything else as false.
+ * Passes native booleans through unchanged.
+ */
+const CoerceBoolean = z.union([z.boolean(), z.string()]).transform((val) => {
+    if (typeof val === 'string') {
+        return val === 'true' || val === '1';
+    }
+    return val;
+});
+/**
+ * Create a coerced integer schema that accepts both string and number.
+ * Useful for config fields that may come from env var interpolation.
+ */
+const coerceInt = () => z
+    .union([z.string(), z.number()])
+    .transform((val) => (typeof val === 'string' ? Number(val) : val));
+export const zz = {
+    PORT: z
+        .string()
+        .or(z.number())
+        .transform((val) => (typeof val === 'string' ? Number(val) : val))
+        .check(z.refine((val) => val > 0 && val < 65536, {
+        error: 'PORT must be a valid port number between 1 and 65535',
+    })),
+    COERCE_BOOLEAN: CoerceBoolean,
+    coerceInt,
+};
+//# sourceMappingURL=provider.js.map

package/dist/schemas/provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../src/schemas/provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;GAIG;AACH,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,GAAG,EAAE,EAAE;IACzE,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,GAAG,CAAC;IACvC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,SAAS,GAAG,GAAG,EAAE,CACrB,CAAC;KACE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;KAC/B,SAAS,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;AAEvE,MAAM,CAAC,MAAM,EAAE,GAAG;IAChB,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SACd,SAAS,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;SACjE,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,IAAI,GAAG,GAAG,KAAK,EAAE;QACxC,KAAK,EAAE,sDAAsD;KAC9D,CAAC,CACH;IACH,cAAc,EAAE,aAAa;IAC7B,SAAS;CACV,CAAC"}