@uniforge/core 0.1.0-alpha.2

package/dist/security/index.d.cts

@@ -0,0 +1,47 @@
+import { InputValidator, SecurityHeadersConfig, SecurityHeadersMiddleware, CSPDirectives, CSPMiddleware, RateLimitConfig, RequestRateLimiter, SecurityAuditor } from '@uniforge/platform-core/security';
+
+/**
+ * Input validation implementation.
+ *
+ * Factory function that creates an InputValidator with methods for
+ * validating and sanitizing user input including shop domains, emails,
+ * URLs, API keys, and custom patterns.
+ */
+
+/** Create an InputValidator with standard validation and sanitization methods. */
+declare function createInputValidator(): InputValidator;
+
+/**
+ * Security headers middleware implementation.
+ *
+ * Factory functions for applying security-related HTTP headers
+ * including HSTS, X-Content-Type-Options, X-Frame-Options,
+ * X-XSS-Protection, Referrer-Policy, and Content Security Policy.
+ */
+
+/** Create a SecurityHeadersMiddleware that applies standard security headers to responses. */
+declare function createSecurityHeadersMiddleware(config: SecurityHeadersConfig): SecurityHeadersMiddleware;
+/** Create a CSPMiddleware that applies Content Security Policy headers to responses. */
+declare function createCSPMiddleware(directives: CSPDirectives): CSPMiddleware;
+
+/**
+ * In-memory sliding window rate limiter.
+ *
+ * Tracks request timestamps per key and enforces a maximum
+ * number of requests within a configurable time window.
+ */
+
+/** Create a RequestRateLimiter using an in-memory sliding window algorithm. */
+declare function createRateLimiter(config: RateLimitConfig): RequestRateLimiter;
+
+/**
+ * Security auditor implementation.
+ *
+ * Factory function that creates a SecurityAuditor capable of running
+ * security configuration checks for encryption, headers, and more.
+ */
+
+/** Create a SecurityAuditor that checks encryption and header configurations. */
+declare function createSecurityAuditor(): SecurityAuditor;
+
+export { createCSPMiddleware, createInputValidator, createRateLimiter, createSecurityAuditor, createSecurityHeadersMiddleware };

package/dist/security/index.d.ts

@@ -0,0 +1,47 @@
+import { InputValidator, SecurityHeadersConfig, SecurityHeadersMiddleware, CSPDirectives, CSPMiddleware, RateLimitConfig, RequestRateLimiter, SecurityAuditor } from '@uniforge/platform-core/security';
+
+/**
+ * Input validation implementation.
+ *
+ * Factory function that creates an InputValidator with methods for
+ * validating and sanitizing user input including shop domains, emails,
+ * URLs, API keys, and custom patterns.
+ */
+
+/** Create an InputValidator with standard validation and sanitization methods. */
+declare function createInputValidator(): InputValidator;
+
+/**
+ * Security headers middleware implementation.
+ *
+ * Factory functions for applying security-related HTTP headers
+ * including HSTS, X-Content-Type-Options, X-Frame-Options,
+ * X-XSS-Protection, Referrer-Policy, and Content Security Policy.
+ */
+
+/** Create a SecurityHeadersMiddleware that applies standard security headers to responses. */
+declare function createSecurityHeadersMiddleware(config: SecurityHeadersConfig): SecurityHeadersMiddleware;
+/** Create a CSPMiddleware that applies Content Security Policy headers to responses. */
+declare function createCSPMiddleware(directives: CSPDirectives): CSPMiddleware;
+
+/**
+ * In-memory sliding window rate limiter.
+ *
+ * Tracks request timestamps per key and enforces a maximum
+ * number of requests within a configurable time window.
+ */
+
+/** Create a RequestRateLimiter using an in-memory sliding window algorithm. */
+declare function createRateLimiter(config: RateLimitConfig): RequestRateLimiter;
+
+/**
+ * Security auditor implementation.
+ *
+ * Factory function that creates a SecurityAuditor capable of running
+ * security configuration checks for encryption, headers, and more.
+ */
+
+/** Create a SecurityAuditor that checks encryption and header configurations. */
+declare function createSecurityAuditor(): SecurityAuditor;
+
+export { createCSPMiddleware, createInputValidator, createRateLimiter, createSecurityAuditor, createSecurityHeadersMiddleware };

package/dist/security/index.js

@@ -0,0 +1,505 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/security/index.ts
+var security_exports = {};
+__export(security_exports, {
+  createCSPMiddleware: () => createCSPMiddleware,
+  createInputValidator: () => createInputValidator,
+  createRateLimiter: () => createRateLimiter,
+  createSecurityAuditor: () => createSecurityAuditor,
+  createSecurityHeadersMiddleware: () => createSecurityHeadersMiddleware
+});
+module.exports = __toCommonJS(security_exports);
+
+// src/security/input-validator.ts
+var SHOP_DOMAIN_RE = /^[a-zA-Z0-9][a-zA-Z0-9-]*\.myshopify\.com$/;
+var EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+var API_KEY_RE = /^[a-zA-Z0-9-]{32,64}$/;
+var HTML_TAG_RE = /<[^>]*>/g;
+function createInputValidator() {
+  function isValidShopDomain(domain) {
+    return SHOP_DOMAIN_RE.test(domain);
+  }
+  function isValidEmail(email) {
+    return EMAIL_RE.test(email);
+  }
+  function isValidUrl(url) {
+    try {
+      const parsed = new URL(url);
+      return parsed.protocol === "http:" || parsed.protocol === "https:";
+    } catch {
+      return false;
+    }
+  }
+  function isValidApiKey(key) {
+    return API_KEY_RE.test(key);
+  }
+  function sanitize(value, options) {
+    let result = value;
+    if (options?.stripHtml) {
+      result = result.replace(HTML_TAG_RE, "");
+    }
+    if (options?.maxLength != null && result.length > options.maxLength) {
+      result = result.slice(0, options.maxLength);
+    }
+    if (options?.allowedPattern !== void 0) {
+      const matches = result.match(options.allowedPattern);
+      result = matches ? matches.join("") : "";
+    }
+    return result;
+  }
+  function validateField(fieldValue, rule) {
+    const value = fieldValue;
+    if (rule.required && (value == null || value === "")) {
+      return {
+        field: rule.field,
+        message: rule.message ?? `${rule.field} is required`,
+        code: "REQUIRED"
+      };
+    }
+    if (value == null || value === "") {
+      return void 0;
+    }
+    const strValue = String(value);
+    if (rule.maxLength != null && strValue.length > rule.maxLength) {
+      return {
+        field: rule.field,
+        message: rule.message ?? `${rule.field} exceeds maximum length of ${rule.maxLength}`,
+        code: "MAX_LENGTH"
+      };
+    }
+    switch (rule.type) {
+      case "shopDomain":
+        if (!isValidShopDomain(strValue)) {
+          return {
+            field: rule.field,
+            message: rule.message ?? `${rule.field} is not a valid shop domain`,
+            code: "INVALID_SHOP_DOMAIN"
+          };
+        }
+        break;
+      case "email":
+        if (!isValidEmail(strValue)) {
+          return {
+            field: rule.field,
+            message: rule.message ?? `${rule.field} is not a valid email`,
+            code: "INVALID_EMAIL"
+          };
+        }
+        break;
+      case "url":
+        if (!isValidUrl(strValue)) {
+          return {
+            field: rule.field,
+            message: rule.message ?? `${rule.field} is not a valid URL`,
+            code: "INVALID_URL"
+          };
+        }
+        break;
+      case "apiKey":
+        if (!isValidApiKey(strValue)) {
+          return {
+            field: rule.field,
+            message: rule.message ?? `${rule.field} is not a valid API key`,
+            code: "INVALID_API_KEY"
+          };
+        }
+        break;
+      case "custom":
+        if (rule.pattern !== void 0 && !rule.pattern.test(strValue)) {
+          return {
+            field: rule.field,
+            message: rule.message ?? `${rule.field} does not match the required pattern`,
+            code: "PATTERN_MISMATCH"
+          };
+        }
+        break;
+      case "string":
+        break;
+    }
+    return void 0;
+  }
+  function validate(input, rules) {
+    const errors = [];
+    const sanitized = {};
+    for (const rule of rules) {
+      const rawValue = input[rule.field];
+      const error = validateField(rawValue, rule);
+      if (error) {
+        errors.push(error);
+      } else if (rawValue != null && rawValue !== "") {
+        sanitized[rule.field] = String(rawValue);
+      }
+    }
+    return {
+      valid: errors.length === 0,
+      errors,
+      sanitized
+    };
+  }
+  return {
+    validate,
+    sanitize,
+    isValidShopDomain,
+    isValidEmail,
+    isValidUrl,
+    isValidApiKey
+  };
+}
+
+// src/security/security-headers.ts
+function createSecurityHeadersMiddleware(config) {
+  function applyHeaders(res) {
+    if (config.hsts) {
+      const maxAge = config.hstsMaxAge ?? 31536e3;
+      let value = `max-age=${maxAge}`;
+      if (config.hstsIncludeSubDomains === true) {
+        value += "; includeSubDomains";
+      }
+      res.setHeader("Strict-Transport-Security", value);
+    }
+    if (config.noSniff) {
+      res.setHeader("X-Content-Type-Options", "nosniff");
+    }
+    res.setHeader("X-Frame-Options", config.frameOptions);
+    if (config.xssProtection) {
+      res.setHeader("X-XSS-Protection", "1; mode=block");
+    }
+    res.setHeader("Referrer-Policy", config.referrerPolicy);
+  }
+  return {
+    config,
+    applyHeaders
+  };
+}
+function buildCSPString(directives) {
+  const parts = [];
+  const directiveMap = [
+    ["default-src", directives.defaultSrc],
+    ["script-src", directives.scriptSrc],
+    ["style-src", directives.styleSrc],
+    ["img-src", directives.imgSrc],
+    ["connect-src", directives.connectSrc],
+    ["font-src", directives.fontSrc],
+    ["frame-src", directives.frameSrc],
+    ["frame-ancestors", directives.frameAncestors]
+  ];
+  for (const [name, values] of directiveMap) {
+    if (values.length > 0) {
+      parts.push(`${name} ${values.join(" ")}`);
+    }
+  }
+  return parts.join("; ");
+}
+function createCSPMiddleware(directives) {
+  function toHeaderString() {
+    return buildCSPString(directives);
+  }
+  function applyCSP(res) {
+    const headerValue = toHeaderString();
+    if (headerValue) {
+      res.setHeader("Content-Security-Policy", headerValue);
+    }
+  }
+  return {
+    directives,
+    applyCSP,
+    toHeaderString
+  };
+}
+
+// src/security/rate-limiter.ts
+var CLEANUP_THRESHOLD = 1e4;
+function createRateLimiter(config) {
+  const windows = /* @__PURE__ */ new Map();
+  function cleanupStaleEntries() {
+    if (windows.size <= CLEANUP_THRESHOLD) return;
+    const now = Date.now();
+    const cutoff = now - config.windowMs;
+    for (const [key, timestamps] of windows) {
+      if (timestamps.length === 0 || timestamps[timestamps.length - 1] <= cutoff) {
+        windows.delete(key);
+      }
+    }
+  }
+  function resolveKey(key) {
+    if (config.keyPrefix !== void 0) {
+      return `${config.keyPrefix}:${key}`;
+    }
+    return key;
+  }
+  async function check(key) {
+    cleanupStaleEntries();
+    const resolvedKey = resolveKey(key);
+    const now = Date.now();
+    const windowStart = now - config.windowMs;
+    let timestamps = windows.get(resolvedKey);
+    if (!timestamps) {
+      timestamps = [];
+      windows.set(resolvedKey, timestamps);
+    }
+    const validTimestamps = timestamps.filter((t) => t > windowStart);
+    windows.set(resolvedKey, validTimestamps);
+    const remaining = Math.max(0, config.maxRequests - validTimestamps.length);
+    const resetAt = now + config.windowMs;
+    if (validTimestamps.length >= config.maxRequests) {
+      const earliest = validTimestamps[0];
+      const retryAfter = earliest + config.windowMs - now;
+      return {
+        allowed: false,
+        remaining: 0,
+        resetAt,
+        retryAfter: Math.max(0, retryAfter)
+      };
+    }
+    validTimestamps.push(now);
+    return {
+      allowed: true,
+      remaining: remaining - 1,
+      resetAt
+    };
+  }
+  async function reset(key) {
+    const resolvedKey = resolveKey(key);
+    windows.delete(resolvedKey);
+  }
+  return {
+    config,
+    check,
+    reset
+  };
+}
+
+// src/security/security-auditor.ts
+var SEVERITY_PENALTY = {
+  critical: 25,
+  high: 15,
+  medium: 10,
+  low: 5,
+  info: 0
+};
+function createFinding(id, severity, category, title, description, recommendation) {
+  return { id, severity, category, title, description, recommendation };
+}
+function calculateScore(findings) {
+  let score = 100;
+  for (const finding of findings) {
+    score -= SEVERITY_PENALTY[finding.severity];
+  }
+  return Math.max(0, score);
+}
+function buildResult(findings) {
+  const score = calculateScore(findings);
+  const hasCriticalOrHigh = findings.some(
+    (f) => f.severity === "critical" || f.severity === "high"
+  );
+  return {
+    passed: !hasCriticalOrHigh && score >= 70,
+    score,
+    findings,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function createSecurityAuditor() {
+  function checkEncryption(config) {
+    const findings = [];
+    if (!config["encryptionKey"] && !config["ENCRYPTION_KEY"]) {
+      findings.push(
+        createFinding(
+          "ENC-001",
+          "critical",
+          "encryption",
+          "Missing encryption key",
+          "No encryption key is configured in the application.",
+          "Set the ENCRYPTION_KEY environment variable or encryptionKey config property."
+        )
+      );
+    } else {
+      const key = config["encryptionKey"] ?? config["ENCRYPTION_KEY"];
+      if (key.length < 32) {
+        findings.push(
+          createFinding(
+            "ENC-002",
+            "high",
+            "encryption",
+            "Encryption key too short",
+            `Encryption key is ${key.length} characters, which may be insufficient for AES-256.`,
+            "Use a key of at least 32 characters (256 bits) for AES-256-GCM encryption."
+          )
+        );
+      }
+    }
+    if (config["algorithm"] && config["algorithm"] !== "aes-256-gcm") {
+      findings.push(
+        createFinding(
+          "ENC-003",
+          "medium",
+          "encryption",
+          "Non-standard encryption algorithm",
+          `Encryption algorithm "${String(config["algorithm"])}" is not the recommended AES-256-GCM.`,
+          "Use AES-256-GCM for authenticated encryption."
+        )
+      );
+    }
+    return buildResult(findings);
+  }
+  function checkHeaders(headers) {
+    const findings = [];
+    if (!headers["strict-transport-security"] && !headers["Strict-Transport-Security"]) {
+      findings.push(
+        createFinding(
+          "HDR-001",
+          "high",
+          "headers",
+          "Missing HSTS header",
+          "Strict-Transport-Security header is not configured.",
+          "Enable HSTS with a minimum max-age of 31536000 (1 year)."
+        )
+      );
+    }
+    if (!headers["x-content-type-options"] && !headers["X-Content-Type-Options"]) {
+      findings.push(
+        createFinding(
+          "HDR-002",
+          "medium",
+          "headers",
+          "Missing X-Content-Type-Options header",
+          "X-Content-Type-Options header is not set to nosniff.",
+          "Set X-Content-Type-Options: nosniff to prevent MIME type sniffing."
+        )
+      );
+    }
+    if (!headers["x-frame-options"] && !headers["X-Frame-Options"]) {
+      findings.push(
+        createFinding(
+          "HDR-003",
+          "medium",
+          "headers",
+          "Missing X-Frame-Options header",
+          "X-Frame-Options header is not configured.",
+          "Set X-Frame-Options to DENY or SAMEORIGIN to prevent clickjacking."
+        )
+      );
+    }
+    if (!headers["content-security-policy"] && !headers["Content-Security-Policy"]) {
+      findings.push(
+        createFinding(
+          "HDR-004",
+          "high",
+          "headers",
+          "Missing Content-Security-Policy header",
+          "Content-Security-Policy header is not configured.",
+          "Define a Content Security Policy to mitigate XSS and data injection attacks."
+        )
+      );
+    }
+    return buildResult(findings);
+  }
+  function audit(config) {
+    const allFindings = [];
+    if (config.checkEncryption) {
+      allFindings.push(
+        createFinding(
+          "AUD-001",
+          "info",
+          "audit",
+          "Encryption check enabled",
+          "Encryption configuration check is enabled. Use checkEncryption() for detailed results.",
+          "Run checkEncryption() with your application config for detailed findings."
+        )
+      );
+    }
+    if (config.checkHeaders) {
+      allFindings.push(
+        createFinding(
+          "AUD-002",
+          "info",
+          "audit",
+          "Headers check enabled",
+          "Security headers check is enabled. Use checkHeaders() for detailed results.",
+          "Run checkHeaders() with your response headers for detailed findings."
+        )
+      );
+    }
+    if (config.checkRateLimiting) {
+      allFindings.push(
+        createFinding(
+          "AUD-003",
+          "info",
+          "audit",
+          "Rate limiting check enabled",
+          "Rate limiting configuration check is enabled.",
+          "Ensure rate limiting is configured for all public-facing endpoints."
+        )
+      );
+    }
+    if (config.checkInputValidation) {
+      allFindings.push(
+        createFinding(
+          "AUD-004",
+          "info",
+          "audit",
+          "Input validation check enabled",
+          "Input validation check is enabled.",
+          "Ensure all user input is validated and sanitized before processing."
+        )
+      );
+    }
+    if (config.checkWebhookSecurity) {
+      allFindings.push(
+        createFinding(
+          "AUD-005",
+          "info",
+          "audit",
+          "Webhook security check enabled",
+          "Webhook security check is enabled.",
+          "Ensure webhook payloads are validated with HMAC signatures."
+        )
+      );
+    }
+    if (config.checkSessionSecurity) {
+      allFindings.push(
+        createFinding(
+          "AUD-006",
+          "info",
+          "audit",
+          "Session security check enabled",
+          "Session security check is enabled.",
+          "Ensure sessions are encrypted at rest and use secure cookie flags."
+        )
+      );
+    }
+    return buildResult(allFindings);
+  }
+  return {
+    audit,
+    checkEncryption,
+    checkHeaders
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createCSPMiddleware,
+  createInputValidator,
+  createRateLimiter,
+  createSecurityAuditor,
+  createSecurityHeadersMiddleware
+});
+//# sourceMappingURL=index.js.map

package/dist/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/security/index.ts","../../src/security/input-validator.ts","../../src/security/security-headers.ts","../../src/security/rate-limiter.ts","../../src/security/security-auditor.ts"],"sourcesContent":["/**\n * @uniforge/core/security\n *\n * Core security implementations: input validation, security headers,\n * CSP middleware, rate limiting, and security auditing.\n */\n\nexport { createInputValidator } from './input-validator.js';\nexport { createSecurityHeadersMiddleware, createCSPMiddleware } from './security-headers.js';\nexport { createRateLimiter } from './rate-limiter.js';\nexport { createSecurityAuditor } from './security-auditor.js';\n","/**\n * Input validation implementation.\n *\n * Factory function that creates an InputValidator with methods for\n * validating and sanitizing user input including shop domains, emails,\n * URLs, API keys, and custom patterns.\n */\n\nimport type {\n  InputValidator,\n} from '@uniforge/platform-core/security';\nimport type {\n  InputValidationRule,\n  InputValidationResult,\n  InputValidationError,\n  SanitizeOptions,\n} from '@uniforge/platform-core/security';\n\nconst SHOP_DOMAIN_RE = /^[a-zA-Z0-9][a-zA-Z0-9-]*\\.myshopify\\.com$/;\n\nconst EMAIL_RE = /^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/;\n\nconst API_KEY_RE = /^[a-zA-Z0-9-]{32,64}$/;\n\nconst HTML_TAG_RE = /<[^>]*>/g;\n\n/** Create an InputValidator with standard validation and sanitization methods. */\nexport function createInputValidator(): InputValidator {\n  function isValidShopDomain(domain: string): boolean {\n    return SHOP_DOMAIN_RE.test(domain);\n  }\n\n  function isValidEmail(email: string): boolean {\n    return EMAIL_RE.test(email);\n  }\n\n  function isValidUrl(url: string): boolean {\n    try {\n      const parsed = new URL(url);\n      return parsed.protocol === 'http:' || parsed.protocol === 'https:';\n    } catch {\n      return false;\n    }\n  }\n\n  function isValidApiKey(key: string): boolean {\n    return API_KEY_RE.test(key);\n  }\n\n  function sanitize(value: string, options?: SanitizeOptions): string {\n    let result = value;\n\n    if (options?.stripHtml) {\n      result = result.replace(HTML_TAG_RE, '');\n    }\n\n    if (options?.maxLength != null && result.length > options.maxLength) {\n      result = result.slice(0, options.maxLength);\n    }\n\n    if (options?.allowedPattern !== undefined) {\n      const matches = result.match(options.allowedPattern);\n      result = matches ? matches.join('') : '';\n    }\n\n    return result;\n  }\n\n  function validateField(\n    fieldValue: unknown,\n    rule: InputValidationRule,\n  ): InputValidationError | undefined {\n    const value = fieldValue as string | undefined | null;\n\n    // Check required\n    if (rule.required && (value == null || value === '')) {\n      return {\n        field: rule.field,\n        message: rule.message ?? `${rule.field} is required`,\n        code: 'REQUIRED',\n      };\n    }\n\n    // If not required and empty, skip further validation\n    if (value == null || value === '') {\n      return undefined;\n    }\n\n    const strValue = String(value);\n\n    // Check maxLength\n    if (rule.maxLength != null && strValue.length > rule.maxLength) {\n      return {\n        field: rule.field,\n        message: rule.message ?? `${rule.field} exceeds maximum length of ${rule.maxLength}`,\n        code: 'MAX_LENGTH',\n      };\n    }\n\n    // Type-specific validation\n    switch (rule.type) {\n      case 'shopDomain':\n        if (!isValidShopDomain(strValue)) {\n          return {\n            field: rule.field,\n            message: rule.message ?? `${rule.field} is not a valid shop domain`,\n            code: 'INVALID_SHOP_DOMAIN',\n          };\n        }\n        break;\n\n      case 'email':\n        if (!isValidEmail(strValue)) {\n          return {\n            field: rule.field,\n            message: rule.message ?? `${rule.field} is not a valid email`,\n            code: 'INVALID_EMAIL',\n          };\n        }\n        break;\n\n      case 'url':\n        if (!isValidUrl(strValue)) {\n          return {\n            field: rule.field,\n            message: rule.message ?? `${rule.field} is not a valid URL`,\n            code: 'INVALID_URL',\n          };\n        }\n        break;\n\n      case 'apiKey':\n        if (!isValidApiKey(strValue)) {\n          return {\n            field: rule.field,\n            message: rule.message ?? `${rule.field} is not a valid API key`,\n            code: 'INVALID_API_KEY',\n          };\n        }\n        break;\n\n      case 'custom':\n        if (rule.pattern !== undefined && !rule.pattern.test(strValue)) {\n          return {\n            field: rule.field,\n            message: rule.message ?? `${rule.field} does not match the required pattern`,\n            code: 'PATTERN_MISMATCH',\n          };\n        }\n        break;\n\n      case 'string':\n        // No additional validation for plain strings beyond required/maxLength\n        break;\n    }\n\n    return undefined;\n  }\n\n  function validate(\n    input: Record<string, unknown>,\n    rules: InputValidationRule[],\n  ): InputValidationResult {\n    const errors: InputValidationError[] = [];\n    const sanitized: Record<string, string> = {};\n\n    for (const rule of rules) {\n      const rawValue = input[rule.field];\n      const error = validateField(rawValue, rule);\n\n      if (error) {\n        errors.push(error);\n      } else if (rawValue != null && rawValue !== '') {\n        sanitized[rule.field] = String(rawValue);\n      }\n    }\n\n    return {\n      valid: errors.length === 0,\n      errors,\n      sanitized,\n    };\n  }\n\n  return {\n    validate,\n    sanitize,\n    isValidShopDomain,\n    isValidEmail,\n    isValidUrl,\n    isValidApiKey,\n  };\n}\n","/**\n * Security headers middleware implementation.\n *\n * Factory functions for applying security-related HTTP headers\n * including HSTS, X-Content-Type-Options, X-Frame-Options,\n * X-XSS-Protection, Referrer-Policy, and Content Security Policy.\n */\n\nimport type {\n  SecurityHeadersMiddleware,\n  CSPMiddleware,\n  SecurityResponse,\n} from '@uniforge/platform-core/security';\nimport type {\n  SecurityHeadersConfig,\n  CSPDirectives,\n} from '@uniforge/platform-core/security';\n\n/** Create a SecurityHeadersMiddleware that applies standard security headers to responses. */\nexport function createSecurityHeadersMiddleware(\n  config: SecurityHeadersConfig,\n): SecurityHeadersMiddleware {\n  function applyHeaders(res: SecurityResponse): void {\n    if (config.hsts) {\n      const maxAge = config.hstsMaxAge ?? 31536000;\n      let value = `max-age=${maxAge}`;\n      if (config.hstsIncludeSubDomains === true) {\n        value += '; includeSubDomains';\n      }\n      res.setHeader('Strict-Transport-Security', value);\n    }\n\n    if (config.noSniff) {\n      res.setHeader('X-Content-Type-Options', 'nosniff');\n    }\n\n    res.setHeader('X-Frame-Options', config.frameOptions);\n\n    if (config.xssProtection) {\n      res.setHeader('X-XSS-Protection', '1; mode=block');\n    }\n\n    res.setHeader('Referrer-Policy', config.referrerPolicy);\n  }\n\n  return {\n    config,\n    applyHeaders,\n  };\n}\n\n/** Build a CSP header string from a set of directives. */\nfunction buildCSPString(directives: CSPDirectives): string {\n  const parts: string[] = [];\n\n  const directiveMap: Array<[string, string[]]> = [\n    ['default-src', directives.defaultSrc],\n    ['script-src', directives.scriptSrc],\n    ['style-src', directives.styleSrc],\n    ['img-src', directives.imgSrc],\n    ['connect-src', directives.connectSrc],\n    ['font-src', directives.fontSrc],\n    ['frame-src', directives.frameSrc],\n    ['frame-ancestors', directives.frameAncestors],\n  ];\n\n  for (const [name, values] of directiveMap) {\n    if (values.length > 0) {\n      parts.push(`${name} ${values.join(' ')}`);\n    }\n  }\n\n  return parts.join('; ');\n}\n\n/** Create a CSPMiddleware that applies Content Security Policy headers to responses. */\nexport function createCSPMiddleware(directives: CSPDirectives): CSPMiddleware {\n  function toHeaderString(): string {\n    return buildCSPString(directives);\n  }\n\n  function applyCSP(res: SecurityResponse): void {\n    const headerValue = toHeaderString();\n    if (headerValue) {\n      res.setHeader('Content-Security-Policy', headerValue);\n    }\n  }\n\n  return {\n    directives,\n    applyCSP,\n    toHeaderString,\n  };\n}\n","/**\n * In-memory sliding window rate limiter.\n *\n * Tracks request timestamps per key and enforces a maximum\n * number of requests within a configurable time window.\n */\n\nimport type { RequestRateLimiter } from '@uniforge/platform-core/security';\nimport type { RateLimitConfig, RateLimitResult } from '@uniforge/platform-core/security';\n\nconst CLEANUP_THRESHOLD = 10000;\n\n/** Create a RequestRateLimiter using an in-memory sliding window algorithm. */\nexport function createRateLimiter(config: RateLimitConfig): RequestRateLimiter {\n  const windows = new Map<string, number[]>();\n\n  function cleanupStaleEntries(): void {\n    if (windows.size <= CLEANUP_THRESHOLD) return;\n\n    const now = Date.now();\n    const cutoff = now - config.windowMs;\n\n    for (const [key, timestamps] of windows) {\n      // Remove entries whose timestamps array is empty or\n      // whose most recent timestamp is older than the window\n      if (timestamps.length === 0 || timestamps[timestamps.length - 1]! <= cutoff) {\n        windows.delete(key);\n      }\n    }\n  }\n\n  function resolveKey(key: string): string {\n    if (config.keyPrefix !== undefined) {\n      return `${config.keyPrefix}:${key}`;\n    }\n    return key;\n  }\n\n  async function check(key: string): Promise<RateLimitResult> {\n    cleanupStaleEntries();\n    const resolvedKey = resolveKey(key);\n    const now = Date.now();\n    const windowStart = now - config.windowMs;\n\n    // Get or create timestamps array\n    let timestamps = windows.get(resolvedKey);\n    if (!timestamps) {\n      timestamps = [];\n      windows.set(resolvedKey, timestamps);\n    }\n\n    // Filter out expired timestamps (outside the window)\n    const validTimestamps = timestamps.filter((t) => t > windowStart);\n    windows.set(resolvedKey, validTimestamps);\n\n    const remaining = Math.max(0, config.maxRequests - validTimestamps.length);\n    const resetAt = now + config.windowMs;\n\n    if (validTimestamps.length >= config.maxRequests) {\n      // Find the earliest timestamp — that determines when the window slides enough\n      // validTimestamps is non-empty here since length >= maxRequests (>= 1)\n      const earliest = validTimestamps[0] as number;\n      const retryAfter = earliest + config.windowMs - now;\n\n      return {\n        allowed: false,\n        remaining: 0,\n        resetAt,\n        retryAfter: Math.max(0, retryAfter),\n      };\n    }\n\n    // Allow the request, record the timestamp\n    validTimestamps.push(now);\n\n    return {\n      allowed: true,\n      remaining: remaining - 1,\n      resetAt,\n    };\n  }\n\n  async function reset(key: string): Promise<void> {\n    const resolvedKey = resolveKey(key);\n    windows.delete(resolvedKey);\n  }\n\n  return {\n    config,\n    check,\n    reset,\n  };\n}\n","/**\n * Security auditor implementation.\n *\n * Factory function that creates a SecurityAuditor capable of running\n * security configuration checks for encryption, headers, and more.\n */\n\nimport type { SecurityAuditor, SecurityAuditConfig } from '@uniforge/platform-core/security';\nimport type {\n  SecurityAuditResult,\n  SecurityAuditFinding,\n  SecurityFindingSeverity,\n} from '@uniforge/platform-core/security';\n\n/** Severity weights used for score calculation. */\nconst SEVERITY_PENALTY: Record<SecurityFindingSeverity, number> = {\n  critical: 25,\n  high: 15,\n  medium: 10,\n  low: 5,\n  info: 0,\n};\n\nfunction createFinding(\n  id: string,\n  severity: SecurityFindingSeverity,\n  category: string,\n  title: string,\n  description: string,\n  recommendation: string,\n): SecurityAuditFinding {\n  return { id, severity, category, title, description, recommendation };\n}\n\nfunction calculateScore(findings: SecurityAuditFinding[]): number {\n  let score = 100;\n\n  for (const finding of findings) {\n    score -= SEVERITY_PENALTY[finding.severity];\n  }\n\n  return Math.max(0, score);\n}\n\nfunction buildResult(findings: SecurityAuditFinding[]): SecurityAuditResult {\n  const score = calculateScore(findings);\n  const hasCriticalOrHigh = findings.some(\n    (f) => f.severity === 'critical' || f.severity === 'high',\n  );\n\n  return {\n    passed: !hasCriticalOrHigh && score >= 70,\n    score,\n    findings,\n    timestamp: new Date().toISOString(),\n  };\n}\n\n/** Create a SecurityAuditor that checks encryption and header configurations. */\nexport function createSecurityAuditor(): SecurityAuditor {\n  function checkEncryption(config: Record<string, unknown>): SecurityAuditResult {\n    const findings: SecurityAuditFinding[] = [];\n\n    // Check for encryption key presence\n    if (!config['encryptionKey'] && !config['ENCRYPTION_KEY']) {\n      findings.push(\n        createFinding(\n          'ENC-001',\n          'critical',\n          'encryption',\n          'Missing encryption key',\n          'No encryption key is configured in the application.',\n          'Set the ENCRYPTION_KEY environment variable or encryptionKey config property.',\n        ),\n      );\n    } else {\n      const key = (config['encryptionKey'] ?? config['ENCRYPTION_KEY']) as string;\n\n      // Check key length (AES-256 requires 32 bytes = 64 hex chars or 44 base64 chars)\n      if (key.length < 32) {\n        findings.push(\n          createFinding(\n            'ENC-002',\n            'high',\n            'encryption',\n            'Encryption key too short',\n            `Encryption key is ${key.length} characters, which may be insufficient for AES-256.`,\n            'Use a key of at least 32 characters (256 bits) for AES-256-GCM encryption.',\n          ),\n        );\n      }\n    }\n\n    // Check algorithm configuration\n    if (config['algorithm'] && config['algorithm'] !== 'aes-256-gcm') {\n      findings.push(\n        createFinding(\n          'ENC-003',\n          'medium',\n          'encryption',\n          'Non-standard encryption algorithm',\n          `Encryption algorithm \"${String(config['algorithm'])}\" is not the recommended AES-256-GCM.`,\n          'Use AES-256-GCM for authenticated encryption.',\n        ),\n      );\n    }\n\n    return buildResult(findings);\n  }\n\n  function checkHeaders(headers: Record<string, string>): SecurityAuditResult {\n    const findings: SecurityAuditFinding[] = [];\n\n    // Check HSTS\n    if (!headers['strict-transport-security'] && !headers['Strict-Transport-Security']) {\n      findings.push(\n        createFinding(\n          'HDR-001',\n          'high',\n          'headers',\n          'Missing HSTS header',\n          'Strict-Transport-Security header is not configured.',\n          'Enable HSTS with a minimum max-age of 31536000 (1 year).',\n        ),\n      );\n    }\n\n    // Check X-Content-Type-Options\n    if (!headers['x-content-type-options'] && !headers['X-Content-Type-Options']) {\n      findings.push(\n        createFinding(\n          'HDR-002',\n          'medium',\n          'headers',\n          'Missing X-Content-Type-Options header',\n          'X-Content-Type-Options header is not set to nosniff.',\n          'Set X-Content-Type-Options: nosniff to prevent MIME type sniffing.',\n        ),\n      );\n    }\n\n    // Check X-Frame-Options\n    if (!headers['x-frame-options'] && !headers['X-Frame-Options']) {\n      findings.push(\n        createFinding(\n          'HDR-003',\n          'medium',\n          'headers',\n          'Missing X-Frame-Options header',\n          'X-Frame-Options header is not configured.',\n          'Set X-Frame-Options to DENY or SAMEORIGIN to prevent clickjacking.',\n        ),\n      );\n    }\n\n    // Check Content-Security-Policy\n    if (!headers['content-security-policy'] && !headers['Content-Security-Policy']) {\n      findings.push(\n        createFinding(\n          'HDR-004',\n          'high',\n          'headers',\n          'Missing Content-Security-Policy header',\n          'Content-Security-Policy header is not configured.',\n          'Define a Content Security Policy to mitigate XSS and data injection attacks.',\n        ),\n      );\n    }\n\n    return buildResult(findings);\n  }\n\n  function audit(config: SecurityAuditConfig): SecurityAuditResult {\n    const allFindings: SecurityAuditFinding[] = [];\n\n    if (config.checkEncryption) {\n      // Without actual config data, report as info finding\n      allFindings.push(\n        createFinding(\n          'AUD-001',\n          'info',\n          'audit',\n          'Encryption check enabled',\n          'Encryption configuration check is enabled. Use checkEncryption() for detailed results.',\n          'Run checkEncryption() with your application config for detailed findings.',\n        ),\n      );\n    }\n\n    if (config.checkHeaders) {\n      allFindings.push(\n        createFinding(\n          'AUD-002',\n          'info',\n          'audit',\n          'Headers check enabled',\n          'Security headers check is enabled. Use checkHeaders() for detailed results.',\n          'Run checkHeaders() with your response headers for detailed findings.',\n        ),\n      );\n    }\n\n    if (config.checkRateLimiting) {\n      allFindings.push(\n        createFinding(\n          'AUD-003',\n          'info',\n          'audit',\n          'Rate limiting check enabled',\n          'Rate limiting configuration check is enabled.',\n          'Ensure rate limiting is configured for all public-facing endpoints.',\n        ),\n      );\n    }\n\n    if (config.checkInputValidation) {\n      allFindings.push(\n        createFinding(\n          'AUD-004',\n          'info',\n          'audit',\n          'Input validation check enabled',\n          'Input validation check is enabled.',\n          'Ensure all user input is validated and sanitized before processing.',\n        ),\n      );\n    }\n\n    if (config.checkWebhookSecurity) {\n      allFindings.push(\n        createFinding(\n          'AUD-005',\n          'info',\n          'audit',\n          'Webhook security check enabled',\n          'Webhook security check is enabled.',\n          'Ensure webhook payloads are validated with HMAC signatures.',\n        ),\n      );\n    }\n\n    if (config.checkSessionSecurity) {\n      allFindings.push(\n        createFinding(\n          'AUD-006',\n          'info',\n          'audit',\n          'Session security check enabled',\n          'Session security check is enabled.',\n          'Ensure sessions are encrypted at rest and use secure cookie flags.',\n        ),\n      );\n    }\n\n    return buildResult(allFindings);\n  }\n\n  return {\n    audit,\n    checkEncryption,\n    checkHeaders,\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACkBA,IAAM,iBAAiB;AAEvB,IAAM,WAAW;AAEjB,IAAM,aAAa;AAEnB,IAAM,cAAc;AAGb,SAAS,uBAAuC;AACrD,WAAS,kBAAkB,QAAyB;AAClD,WAAO,eAAe,KAAK,MAAM;AAAA,EACnC;AAEA,WAAS,aAAa,OAAwB;AAC5C,WAAO,SAAS,KAAK,KAAK;AAAA,EAC5B;AAEA,WAAS,WAAW,KAAsB;AACxC,QAAI;AACF,YAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,aAAO,OAAO,aAAa,WAAW,OAAO,aAAa;AAAA,IAC5D,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,WAAS,cAAc,KAAsB;AAC3C,WAAO,WAAW,KAAK,GAAG;AAAA,EAC5B;AAEA,WAAS,SAAS,OAAe,SAAmC;AAClE,QAAI,SAAS;AAEb,QAAI,SAAS,WAAW;AACtB,eAAS,OAAO,QAAQ,aAAa,EAAE;AAAA,IACzC;AAEA,QAAI,SAAS,aAAa,QAAQ,OAAO,SAAS,QAAQ,WAAW;AACnE,eAAS,OAAO,MAAM,GAAG,QAAQ,SAAS;AAAA,IAC5C;AAEA,QAAI,SAAS,mBAAmB,QAAW;AACzC,YAAM,UAAU,OAAO,MAAM,QAAQ,cAAc;AACnD,eAAS,UAAU,QAAQ,KAAK,EAAE,IAAI;AAAA,IACxC;AAEA,WAAO;AAAA,EACT;AAEA,WAAS,cACP,YACA,MACkC;AAClC,UAAM,QAAQ;AAGd,QAAI,KAAK,aAAa,SAAS,QAAQ,UAAU,KAAK;AACpD,aAAO;AAAA,QACL,OAAO,KAAK;AAAA,QACZ,SAAS,KAAK,WAAW,GAAG,KAAK,KAAK;AAAA,QACtC,MAAM;AAAA,MACR;AAAA,IACF;AAGA,QAAI,SAAS,QAAQ,UAAU,IAAI;AACjC,aAAO;AAAA,IACT;AAEA,UAAM,WAAW,OAAO,KAAK;AAG7B,QAAI,KAAK,aAAa,QAAQ,SAAS,SAAS,KAAK,WAAW;AAC9D,aAAO;AAAA,QACL,OAAO,KAAK;AAAA,QACZ,SAAS,KAAK,WAAW,GAAG,KAAK,KAAK,8BAA8B,KAAK,SAAS;AAAA,QAClF,MAAM;AAAA,MACR;AAAA,IACF;AAGA,YAAQ,KAAK,MAAM;AAAA,MACjB,KAAK;AACH,YAAI,CAAC,kBAAkB,QAAQ,GAAG;AAChC,iBAAO;AAAA,YACL,OAAO,KAAK;AAAA,YACZ,SAAS,KAAK,WAAW,GAAG,KAAK,KAAK;AAAA,YACtC,MAAM;AAAA,UACR;AAAA,QACF;AACA;AAAA,MAEF,KAAK;AACH,YAAI,CAAC,aAAa,QAAQ,GAAG;AAC3B,iBAAO;AAAA,YACL,OAAO,KAAK;AAAA,YACZ,SAAS,KAAK,WAAW,GAAG,KAAK,KAAK;AAAA,YACtC,MAAM;AAAA,UACR;AAAA,QACF;AACA;AAAA,MAEF,KAAK;AACH,YAAI,CAAC,WAAW,QAAQ,GAAG;AACzB,iBAAO;AAAA,YACL,OAAO,KAAK;AAAA,YACZ,SAAS,KAAK,WAAW,GAAG,KAAK,KAAK;AAAA,YACtC,MAAM;AAAA,UACR;AAAA,QACF;AACA;AAAA,MAEF,KAAK;AACH,YAAI,CAAC,cAAc,QAAQ,GAAG;AAC5B,iBAAO;AAAA,YACL,OAAO,KAAK;AAAA,YACZ,SAAS,KAAK,WAAW,GAAG,KAAK,KAAK;AAAA,YACtC,MAAM;AAAA,UACR;AAAA,QACF;AACA;AAAA,MAEF,KAAK;AACH,YAAI,KAAK,YAAY,UAAa,CAAC,KAAK,QAAQ,KAAK,QAAQ,GAAG;AAC9D,iBAAO;AAAA,YACL,OAAO,KAAK;AAAA,YACZ,SAAS,KAAK,WAAW,GAAG,KAAK,KAAK;AAAA,YACtC,MAAM;AAAA,UACR;AAAA,QACF;AACA;AAAA,MAEF,KAAK;AAEH;AAAA,IACJ;AAEA,WAAO;AAAA,EACT;AAEA,WAAS,SACP,OACA,OACuB;AACvB,UAAM,SAAiC,CAAC;AACxC,UAAM,YAAoC,CAAC;AAE3C,eAAW,QAAQ,OAAO;AACxB,YAAM,WAAW,MAAM,KAAK,KAAK;AACjC,YAAM,QAAQ,cAAc,UAAU,IAAI;AAE1C,UAAI,OAAO;AACT,eAAO,KAAK,KAAK;AAAA,MACnB,WAAW,YAAY,QAAQ,aAAa,IAAI;AAC9C,kBAAU,KAAK,KAAK,IAAI,OAAO,QAAQ;AAAA,MACzC;AAAA,IACF;AAEA,WAAO;AAAA,MACL,OAAO,OAAO,WAAW;AAAA,MACzB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AC7KO,SAAS,gCACd,QAC2B;AAC3B,WAAS,aAAa,KAA6B;AACjD,QAAI,OAAO,MAAM;AACf,YAAM,SAAS,OAAO,cAAc;AACpC,UAAI,QAAQ,WAAW,MAAM;AAC7B,UAAI,OAAO,0BAA0B,MAAM;AACzC,iBAAS;AAAA,MACX;AACA,UAAI,UAAU,6BAA6B,KAAK;AAAA,IAClD;AAEA,QAAI,OAAO,SAAS;AAClB,UAAI,UAAU,0BAA0B,SAAS;AAAA,IACnD;AAEA,QAAI,UAAU,mBAAmB,OAAO,YAAY;AAEpD,QAAI,OAAO,eAAe;AACxB,UAAI,UAAU,oBAAoB,eAAe;AAAA,IACnD;AAEA,QAAI,UAAU,mBAAmB,OAAO,cAAc;AAAA,EACxD;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;AAGA,SAAS,eAAe,YAAmC;AACzD,QAAM,QAAkB,CAAC;AAEzB,QAAM,eAA0C;AAAA,IAC9C,CAAC,eAAe,WAAW,UAAU;AAAA,IACrC,CAAC,cAAc,WAAW,SAAS;AAAA,IACnC,CAAC,aAAa,WAAW,QAAQ;AAAA,IACjC,CAAC,WAAW,WAAW,MAAM;AAAA,IAC7B,CAAC,eAAe,WAAW,UAAU;AAAA,IACrC,CAAC,YAAY,WAAW,OAAO;AAAA,IAC/B,CAAC,aAAa,WAAW,QAAQ;AAAA,IACjC,CAAC,mBAAmB,WAAW,cAAc;AAAA,EAC/C;AAEA,aAAW,CAAC,MAAM,MAAM,KAAK,cAAc;AACzC,QAAI,OAAO,SAAS,GAAG;AACrB,YAAM,KAAK,GAAG,IAAI,IAAI,OAAO,KAAK,GAAG,CAAC,EAAE;AAAA,IAC1C;AAAA,EACF;AAEA,SAAO,MAAM,KAAK,IAAI;AACxB;AAGO,SAAS,oBAAoB,YAA0C;AAC5E,WAAS,iBAAyB;AAChC,WAAO,eAAe,UAAU;AAAA,EAClC;AAEA,WAAS,SAAS,KAA6B;AAC7C,UAAM,cAAc,eAAe;AACnC,QAAI,aAAa;AACf,UAAI,UAAU,2BAA2B,WAAW;AAAA,IACtD;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACnFA,IAAM,oBAAoB;AAGnB,SAAS,kBAAkB,QAA6C;AAC7E,QAAM,UAAU,oBAAI,IAAsB;AAE1C,WAAS,sBAA4B;AACnC,QAAI,QAAQ,QAAQ,kBAAmB;AAEvC,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,SAAS,MAAM,OAAO;AAE5B,eAAW,CAAC,KAAK,UAAU,KAAK,SAAS;AAGvC,UAAI,WAAW,WAAW,KAAK,WAAW,WAAW,SAAS,CAAC,KAAM,QAAQ;AAC3E,gBAAQ,OAAO,GAAG;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AAEA,WAAS,WAAW,KAAqB;AACvC,QAAI,OAAO,cAAc,QAAW;AAClC,aAAO,GAAG,OAAO,SAAS,IAAI,GAAG;AAAA,IACnC;AACA,WAAO;AAAA,EACT;AAEA,iBAAe,MAAM,KAAuC;AAC1D,wBAAoB;AACpB,UAAM,cAAc,WAAW,GAAG;AAClC,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,cAAc,MAAM,OAAO;AAGjC,QAAI,aAAa,QAAQ,IAAI,WAAW;AACxC,QAAI,CAAC,YAAY;AACf,mBAAa,CAAC;AACd,cAAQ,IAAI,aAAa,UAAU;AAAA,IACrC;AAGA,UAAM,kBAAkB,WAAW,OAAO,CAAC,MAAM,IAAI,WAAW;AAChE,YAAQ,IAAI,aAAa,eAAe;AAExC,UAAM,YAAY,KAAK,IAAI,GAAG,OAAO,cAAc,gBAAgB,MAAM;AACzE,UAAM,UAAU,MAAM,OAAO;AAE7B,QAAI,gBAAgB,UAAU,OAAO,aAAa;AAGhD,YAAM,WAAW,gBAAgB,CAAC;AAClC,YAAM,aAAa,WAAW,OAAO,WAAW;AAEhD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,WAAW;AAAA,QACX;AAAA,QACA,YAAY,KAAK,IAAI,GAAG,UAAU;AAAA,MACpC;AAAA,IACF;AAGA,oBAAgB,KAAK,GAAG;AAExB,WAAO;AAAA,MACL,SAAS;AAAA,MACT,WAAW,YAAY;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,MAAM,KAA4B;AAC/C,UAAM,cAAc,WAAW,GAAG;AAClC,YAAQ,OAAO,WAAW;AAAA,EAC5B;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AC7EA,IAAM,mBAA4D;AAAA,EAChE,UAAU;AAAA,EACV,MAAM;AAAA,EACN,QAAQ;AAAA,EACR,KAAK;AAAA,EACL,MAAM;AACR;AAEA,SAAS,cACP,IACA,UACA,UACA,OACA,aACA,gBACsB;AACtB,SAAO,EAAE,IAAI,UAAU,UAAU,OAAO,aAAa,eAAe;AACtE;AAEA,SAAS,eAAe,UAA0C;AAChE,MAAI,QAAQ;AAEZ,aAAW,WAAW,UAAU;AAC9B,aAAS,iBAAiB,QAAQ,QAAQ;AAAA,EAC5C;AAEA,SAAO,KAAK,IAAI,GAAG,KAAK;AAC1B;AAEA,SAAS,YAAY,UAAuD;AAC1E,QAAM,QAAQ,eAAe,QAAQ;AACrC,QAAM,oBAAoB,SAAS;AAAA,IACjC,CAAC,MAAM,EAAE,aAAa,cAAc,EAAE,aAAa;AAAA,EACrD;AAEA,SAAO;AAAA,IACL,QAAQ,CAAC,qBAAqB,SAAS;AAAA,IACvC;AAAA,IACA;AAAA,IACA,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,EACpC;AACF;AAGO,SAAS,wBAAyC;AACvD,WAAS,gBAAgB,QAAsD;AAC7E,UAAM,WAAmC,CAAC;AAG1C,QAAI,CAAC,OAAO,eAAe,KAAK,CAAC,OAAO,gBAAgB,GAAG;AACzD,eAAS;AAAA,QACP;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF,OAAO;AACL,YAAM,MAAO,OAAO,eAAe,KAAK,OAAO,gBAAgB;AAG/D,UAAI,IAAI,SAAS,IAAI;AACnB,iBAAS;AAAA,UACP;AAAA,YACE;AAAA,YACA;AAAA,YACA;AAAA,YACA;AAAA,YACA,qBAAqB,IAAI,MAAM;AAAA,YAC/B;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,OAAO,WAAW,KAAK,OAAO,WAAW,MAAM,eAAe;AAChE,eAAS;AAAA,QACP;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA,yBAAyB,OAAO,OAAO,WAAW,CAAC,CAAC;AAAA,UACpD;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,WAAO,YAAY,QAAQ;AAAA,EAC7B;AAEA,WAAS,aAAa,SAAsD;AAC1E,UAAM,WAAmC,CAAC;AAG1C,QAAI,CAAC,QAAQ,2BAA2B,KAAK,CAAC,QAAQ,2BAA2B,GAAG;AAClF,eAAS;AAAA,QACP;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,CAAC,QAAQ,wBAAwB,KAAK,CAAC,QAAQ,wBAAwB,GAAG;AAC5E,eAAS;AAAA,QACP;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,CAAC,QAAQ,iBAAiB,KAAK,CAAC,QAAQ,iBAAiB,GAAG;AAC9D,eAAS;AAAA,QACP;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,CAAC,QAAQ,yBAAyB,KAAK,CAAC,QAAQ,yBAAyB,GAAG;AAC9E,eAAS;AAAA,QACP;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,WAAO,YAAY,QAAQ;AAAA,EAC7B;AAEA,WAAS,MAAM,QAAkD;AAC/D,UAAM,cAAsC,CAAC;AAE7C,QAAI,OAAO,iBAAiB;AAE1B,kBAAY;AAAA,QACV;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,QAAI,OAAO,cAAc;AACvB,kBAAY;AAAA,QACV;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,QAAI,OAAO,mBAAmB;AAC5B,kBAAY;AAAA,QACV;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,QAAI,OAAO,sBAAsB;AAC/B,kBAAY;AAAA,QACV;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,QAAI,OAAO,sBAAsB;AAC/B,kBAAY;AAAA,QACV;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,QAAI,OAAO,sBAAsB;AAC/B,kBAAY;AAAA,QACV;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,WAAO,YAAY,WAAW;AAAA,EAChC;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}