@varshylinc/team-management 0.1.0

package/dist/server/routes/orgs.routes.js

@@ -0,0 +1,371 @@
+import { Router } from 'express';
+import { requireMembership } from '../middleware/require-membership.js';
+import { requireRole } from '../middleware/require-role.js';
+import { getOrg, updateOrg, softDeleteOrg, listOrgMembers } from '../services/organizations.service.js';
+import { removeMember, changeRole, validateRoleChange } from '../services/memberships.service.js';
+import { getPendingTransfer } from '../services/ownership.service.js';
+import { writeAuditEvent, getClientIp } from '../services/audit.service.js';
+export function createOrgsRouter(pool, adapter, flags) {
+    const router = Router({ mergeParams: true });
+    const authMiddleware = requireMembership(pool, adapter);
+    // POST /orgs — create org (any authenticated user)
+    router.post('/', async (req, res) => {
+        try {
+            const userId = await adapter.getCurrentUserId(req);
+            if (!userId) {
+                res.status(401).json({ error: 'Authentication required' });
+                return;
+            }
+            const { name, slug, settings } = req.body;
+            if (!name || !slug) {
+                res.status(400).json({ error: 'name and slug are required' });
+                return;
+            }
+            const result = await pool.query(`INSERT INTO tm_organizations (name, slug, owner_user_id, settings)
+         VALUES ($1, $2, $3, $4) RETURNING *`, [name, slug, userId, JSON.stringify(settings ?? {})]);
+            const org = result.rows[0];
+            await pool.query(`INSERT INTO tm_memberships (org_id, user_id, role, joined_at)
+         VALUES ($1, $2, 'owner', NOW())`, [org.id, userId]);
+            if (flags.enableAuditLog) {
+                await writeAuditEvent({
+                    pool,
+                    orgId: org.id,
+                    actorUserId: userId,
+                    action: 'org.created',
+                    targetType: 'org',
+                    targetId: org.id,
+                    after: { name, slug },
+                    ip: getClientIp(req),
+                    userAgent: req.headers['user-agent'] ?? null,
+                });
+            }
+            res.status(201).json({ org });
+        }
+        catch (e) {
+            const msg = e.message;
+            adapter.logger.error('[orgs] POST /', { error: msg });
+            if (msg.includes('unique') || msg.includes('duplicate') || msg.includes('already exists')) {
+                res.status(409).json({ error: 'Organization with that slug already exists' });
+            }
+            else {
+                res.status(500).json({ error: 'Failed to create organization' });
+            }
+        }
+    });
+    // GET /orgs/:orgId — org info (member+)
+    router.get('/:orgId', authMiddleware, async (req, res) => {
+        const { orgId } = req;
+        try {
+            const org = await getOrg(pool, orgId);
+            if (!org) {
+                res.status(404).json({ error: 'Organization not found' });
+                return;
+            }
+            res.json({ org });
+        }
+        catch (e) {
+            adapter.logger.error('[orgs] GET /:orgId', { error: e.message });
+            res.status(500).json({ error: 'Failed to fetch organization' });
+        }
+    });
+    // PATCH /orgs/:orgId — update name/slug/settings (admin+)
+    router.patch('/:orgId', authMiddleware, requireRole('admin'), async (req, res) => {
+        const { orgId, userId } = req;
+        const { name, slug } = req.body;
+        try {
+            const before = await getOrg(pool, orgId);
+            const updated = await updateOrg(pool, orgId, { name, slug });
+            if (flags.enableAuditLog) {
+                await writeAuditEvent({
+                    pool,
+                    orgId,
+                    actorUserId: userId,
+                    action: 'org.settings.updated',
+                    targetType: 'org',
+                    targetId: orgId,
+                    before: { name: before?.name, slug: before?.slug },
+                    after: { name: updated.name, slug: updated.slug },
+                    ip: getClientIp(req),
+                    userAgent: req.headers['user-agent'] ?? null,
+                });
+            }
+            res.json({ org: updated });
+        }
+        catch (e) {
+            adapter.logger.error('[orgs] PATCH /:orgId', { error: e.message });
+            res.status(500).json({ error: 'Failed to update organization' });
+        }
+    });
+    // DELETE /orgs/:orgId — soft delete (owner only), requires confirmName
+    router.delete('/:orgId', authMiddleware, requireRole('owner'), async (req, res) => {
+        const { orgId, userId } = req;
+        // Accept both confirmName and confirmOrgName for compatibility
+        const { confirmName, confirmOrgName } = req.body;
+        const confirm = confirmName ?? confirmOrgName;
+        try {
+            const org = await getOrg(pool, orgId);
+            if (!org) {
+                res.status(404).json({ error: 'Organization not found' });
+                return;
+            }
+            if (!confirm || confirm !== org.name) {
+                res.status(422).json({ error: 'Confirmation name does not match organization name' });
+                return;
+            }
+            // Transfer lock: cannot delete org while ownership transfer is pending
+            const pendingTransfer = await getPendingTransfer(pool, orgId);
+            if (pendingTransfer) {
+                res.status(409).json({ error: 'Cannot delete organization while an ownership transfer is pending. Cancel the transfer first.' });
+                return;
+            }
+            await softDeleteOrg(pool, orgId, userId);
+            if (flags.enableAuditLog) {
+                await writeAuditEvent({
+                    pool,
+                    orgId,
+                    actorUserId: userId,
+                    action: 'org.deleted',
+                    targetType: 'org',
+                    targetId: orgId,
+                    ip: getClientIp(req),
+                    userAgent: req.headers['user-agent'] ?? null,
+                });
+            }
+            try {
+                const members = await listOrgMembers(pool, orgId, { includeRemoved: false });
+                const userIds = members.map(m => m.user_id);
+                const users = await adapter.getUsersByIds(userIds);
+                const scheduledFor = new Date(Date.now() + 30 * 24 * 60 * 60 * 1000);
+                for (const user of users) {
+                    await adapter.sendOrgDeletionNotice({
+                        to: user.email,
+                        orgName: org.name,
+                        scheduledFor,
+                    });
+                }
+            }
+            catch (e) {
+                adapter.logger.warn('[orgs] Failed to send deletion notices', { error: e.message });
+            }
+            res.json({ message: 'Organization scheduled for deletion in 30 days' });
+        }
+        catch (e) {
+            adapter.logger.error('[orgs] DELETE /:orgId', { error: e.message });
+            res.status(500).json({ error: 'Failed to delete organization' });
+        }
+    });
+    // GET /orgs/:orgId/members — list members (member+)
+    router.get('/:orgId/members', authMiddleware, async (req, res) => {
+        const { orgId } = req;
+        try {
+            const members = await listOrgMembers(pool, orgId);
+            const userIds = members.map(m => m.user_id);
+            const users = await adapter.getUsersByIds(userIds);
+            const userMap = new Map(users.map(u => [u.id, u]));
+            const enriched = members.map(m => ({ ...m, user: userMap.get(m.user_id) }));
+            res.json({ members: enriched });
+        }
+        catch (e) {
+            adapter.logger.error('[orgs] GET /:orgId/members', { error: e.message });
+            res.status(500).json({ error: 'Failed to fetch members' });
+        }
+    });
+    // GET /orgs/:orgId/members/former — former members (admin+)
+    router.get('/:orgId/members/former', authMiddleware, requireRole('admin'), async (req, res) => {
+        const { orgId } = req;
+        try {
+            const allMembers = await listOrgMembers(pool, orgId, { includeRemoved: true });
+            const former = allMembers.filter(m => m.removed_at !== null);
+            res.json({ members: former });
+        }
+        catch (e) {
+            adapter.logger.error('[orgs] GET /:orgId/members/former', { error: e.message });
+            res.status(500).json({ error: 'Failed to fetch former members' });
+        }
+    });
+    // DELETE /orgs/:orgId/members/:userId — remove member (admin+)
+    router.delete('/:orgId/members/:userId', authMiddleware, requireRole('admin'), async (req, res) => {
+        const { orgId, userId: actorId, userRole } = req;
+        const targetUserId = parseInt(req.params.userId, 10);
+        const { reason } = req.body;
+        if (isNaN(targetUserId)) {
+            res.status(400).json({ error: 'Invalid user ID' });
+            return;
+        }
+        if (targetUserId === actorId) {
+            res.status(400).json({ message: 'Cannot remove yourself: you are the owner of this organization' });
+            return;
+        }
+        try {
+            const targetMemberResult = await pool.query(`SELECT role FROM tm_memberships WHERE org_id = $1 AND user_id = $2 AND removed_at IS NULL`, [orgId, targetUserId]);
+            if (targetMemberResult.rows.length === 0) {
+                res.status(404).json({ error: 'Member not found' });
+                return;
+            }
+            const targetRole = targetMemberResult.rows[0].role;
+            if (userRole === 'admin' && (targetRole === 'owner' || targetRole === 'admin')) {
+                res.status(403).json({ error: 'Admins cannot remove owners or other admins' });
+                return;
+            }
+            // Transfer lock: cannot remove a user involved in a pending transfer
+            const pendingTransferForRemove = await getPendingTransfer(pool, orgId);
+            if (pendingTransferForRemove &&
+                (pendingTransferForRemove.from_user_id === targetUserId ||
+                    pendingTransferForRemove.to_user_id === targetUserId)) {
+                res.status(409).json({ error: 'Cannot remove a member involved in a pending ownership transfer. Cancel the transfer first.' });
+                return;
+            }
+            await removeMember(pool, { orgId, userId: targetUserId, removedByUserId: actorId, reason });
+            if (flags.enableAuditLog) {
+                await writeAuditEvent({
+                    pool,
+                    orgId,
+                    actorUserId: actorId,
+                    action: 'member.removed',
+                    targetType: 'user',
+                    targetId: targetUserId,
+                    before: { role: targetRole },
+                    reason: reason ?? null,
+                    ip: getClientIp(req),
+                    userAgent: req.headers['user-agent'] ?? null,
+                });
+            }
+            res.json({ message: 'Member removed successfully' });
+        }
+        catch (e) {
+            adapter.logger.error('[orgs] DELETE /:orgId/members/:userId', { error: e.message });
+            res.status(500).json({ error: 'Failed to remove member' });
+        }
+    });
+    // PATCH /orgs/:orgId/members/:userId/role — change role (admin+)
+    router.patch('/:orgId/members/:userId/role', authMiddleware, requireRole('admin'), async (req, res) => {
+        const { orgId, userId: actorId, userRole } = req;
+        const targetUserId = parseInt(req.params.userId, 10);
+        const { role: newRole } = req.body;
+        if (isNaN(targetUserId)) {
+            res.status(400).json({ error: 'Invalid user ID' });
+            return;
+        }
+        if (!newRole) {
+            res.status(400).json({ error: 'role is required' });
+            return;
+        }
+        try {
+            await validateRoleChange(pool, { orgId, actorRole: userRole, targetUserId, newRole: newRole });
+            // Transfer lock: cannot change role of a user involved in a pending transfer
+            const pendingTransferForPatch = await getPendingTransfer(pool, orgId);
+            if (pendingTransferForPatch &&
+                (pendingTransferForPatch.from_user_id === targetUserId ||
+                    pendingTransferForPatch.to_user_id === targetUserId)) {
+                res.status(409).json({ error: 'Cannot change role of a member involved in a pending ownership transfer. Cancel the transfer first.' });
+                return;
+            }
+            const before = await pool.query(`SELECT role FROM tm_memberships WHERE org_id = $1 AND user_id = $2 AND removed_at IS NULL`, [orgId, targetUserId]);
+            const updated = await changeRole(pool, { orgId, userId: targetUserId, newRole: newRole, changedByUserId: actorId });
+            if (flags.enableAuditLog) {
+                await writeAuditEvent({
+                    pool,
+                    orgId,
+                    actorUserId: actorId,
+                    action: 'member.role_changed',
+                    targetType: 'user',
+                    targetId: targetUserId,
+                    before: { role: before.rows[0]?.role },
+                    after: { role: newRole },
+                    ip: getClientIp(req),
+                    userAgent: req.headers['user-agent'] ?? null,
+                });
+            }
+            res.json({ membership: updated });
+        }
+        catch (e) {
+            const msg = e.message;
+            adapter.logger.error('[orgs] PATCH /:orgId/members/:userId/role', { error: msg });
+            if (msg.includes('Cannot') || msg.includes('Requires') || msg.includes('cannot')) {
+                res.status(403).json({ error: msg });
+            }
+            else {
+                res.status(500).json({ error: 'Failed to change role' });
+            }
+        }
+    });
+    // PATCH /orgs/:orgId/members/:userId — alias without /role suffix (for compatibility)
+    router.patch('/:orgId/members/:userId', authMiddleware, requireRole('admin'), async (req, res) => {
+        const { orgId, userId: actorId, userRole } = req;
+        const targetUserId = parseInt(req.params.userId, 10);
+        const { role: newRole } = req.body;
+        if (isNaN(targetUserId)) {
+            res.status(400).json({ error: 'Invalid user ID' });
+            return;
+        }
+        if (!newRole) {
+            res.status(400).json({ error: 'role is required' });
+            return;
+        }
+        try {
+            await validateRoleChange(pool, { orgId, actorRole: userRole, targetUserId, newRole: newRole });
+            // Transfer lock: cannot change role of a user involved in a pending transfer
+            const pendingTransferForPatch = await getPendingTransfer(pool, orgId);
+            if (pendingTransferForPatch &&
+                (pendingTransferForPatch.from_user_id === targetUserId ||
+                    pendingTransferForPatch.to_user_id === targetUserId)) {
+                res.status(409).json({ error: 'Cannot change role of a member involved in a pending ownership transfer. Cancel the transfer first.' });
+                return;
+            }
+            const before = await pool.query(`SELECT role FROM tm_memberships WHERE org_id = $1 AND user_id = $2 AND removed_at IS NULL`, [orgId, targetUserId]);
+            const updated = await changeRole(pool, { orgId, userId: targetUserId, newRole: newRole, changedByUserId: actorId });
+            if (flags.enableAuditLog) {
+                await writeAuditEvent({
+                    pool,
+                    orgId,
+                    actorUserId: actorId,
+                    action: 'member.role_changed',
+                    targetType: 'user',
+                    targetId: targetUserId,
+                    before: { role: before.rows[0]?.role },
+                    after: { role: newRole },
+                    ip: getClientIp(req),
+                    userAgent: req.headers['user-agent'] ?? null,
+                });
+            }
+            res.json({ membership: updated });
+        }
+        catch (e) {
+            const msg = e.message;
+            adapter.logger.error('[orgs] PATCH /:orgId/members/:userId', { error: msg });
+            if (msg.includes('Cannot') || msg.includes('Requires') || msg.includes('cannot')) {
+                res.status(403).json({ error: msg });
+            }
+            else {
+                res.status(500).json({ error: 'Failed to change role' });
+            }
+        }
+    });
+    // GET /orgs/:orgId/members/:userId/cascade-preview — preview cascade effects of removing a member (admin+)
+    router.get('/:orgId/members/:userId/cascade-preview', authMiddleware, requireRole('admin'), async (req, res) => {
+        const { orgId } = req;
+        const targetUserId = parseInt(req.params.userId, 10);
+        if (isNaN(targetUserId)) {
+            res.status(400).json({ error: 'Invalid user ID' });
+            return;
+        }
+        try {
+            const membershipResult = await pool.query(`SELECT * FROM tm_memberships WHERE org_id = $1 AND user_id = $2 AND removed_at IS NULL`, [orgId, targetUserId]);
+            if (membershipResult.rows.length === 0) {
+                res.status(404).json({ error: 'Member not found' });
+                return;
+            }
+            const membership = membershipResult.rows[0];
+            const invitationsResult = await pool.query(`SELECT * FROM tm_invitations
+         WHERE org_id = $1 AND invited_by_user_id = $2
+           AND revoked_at IS NULL AND accepted_at IS NULL AND expires_at > NOW()`, [orgId, targetUserId]);
+            res.json({ membership, pendingInvitations: invitationsResult.rows });
+        }
+        catch (e) {
+            adapter.logger.error('[orgs] GET cascade-preview', { error: e.message });
+            res.status(500).json({ error: 'Failed to fetch cascade preview' });
+        }
+    });
+    return router;
+}
+//# sourceMappingURL=orgs.routes.js.map

package/dist/server/routes/orgs.routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"orgs.routes.js","sourceRoot":"","sources":["../../../src/server/routes/orgs.routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGjC,OAAO,EAAE,iBAAiB,EAA6B,MAAM,qCAAqC,CAAC;AACnG,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AACxG,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAClG,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAE5E,MAAM,UAAU,gBAAgB,CAC9B,IAAU,EACV,OAA4B,EAC5B,KAAiC;IAEjC,MAAM,MAAM,GAAG,MAAM,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAExD,mDAAmD;IACnD,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,gBAAgB,CAAC,GAAgC,CAAC,CAAC;YAChF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;gBAC3D,OAAO;YACT,CAAC;YACD,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAA4E,CAAC;YAClH,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAC7B;6CACqC,EACrC,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,CACrD,CAAC;YACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAE3B,MAAM,IAAI,CAAC,KAAK,CACd;yCACiC,EACjC,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,CACjB,CAAC;YAEF,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,eAAe,CAAC;oBACpB,IAAI;oBACJ,KAAK,EAAE,GAAG,CAAC,EAAE;oBACb,WAAW,EAAE,MAAM;oBACnB,MAAM,EAAE,aAAa;oBACrB,UAAU,EAAE,KAAK;oBACjB,QAAQ,EAAE,GAAG,CAAC,EAAE;oBAChB,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;oBACrB,EAAE,EAAE,WAAW,CAAC,GAAG,CAAC;oBACpB,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI;iBAC7C,CAAC,CAAC;YACL,CAAC;YAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAI,CAAW,CAAC,OAAO,CAAC;YACjC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACtD,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC1F,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC;YAChF,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,wCAAwC;IACxC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACvD,MAAM,EAAE,KAAK,EAAE,GAAG,GAA2B,CAAC;QAC9C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACtC,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;gBAC1D,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QACpB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;QAClE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,0DAA0D;IAC1D,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,cAAc,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC/E,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,GAA2B,CAAC;QACtD,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAwC,CAAC;QACpE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACzC,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YAE7D,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,eAAe,CAAC;oBACpB,IAAI;oBACJ,KAAK;oBACL,WAAW,EAAE,MAAM;oBACnB,MAAM,EAAE,sBAAsB;oBAC9B,UAAU,EAAE,KAAK;oBACjB,QAAQ,EAAE,KAAK;oBACf,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;oBAClD,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE;oBACjD,EAAE,EAAE,WAAW,CAAC,GAAG,CAAC;oBACpB,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI;iBAC7C,CAAC,CAAC;YACL,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QAC7B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,uEAAuE;IACvE,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,cAAc,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChF,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,GAA2B,CAAC;QACtD,+DAA+D;QAC/D,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,GAAG,CAAC,IAAyD,CAAC;QACtG,MAAM,OAAO,GAAG,WAAW,IAAI,cAAc,CAAC;QAC9C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACtC,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;gBAC1D,OAAO;YACT,CAAC;YACD,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC;gBACrC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oDAAoD,EAAE,CAAC,CAAC;gBACtF,OAAO;YACT,CAAC;YAED,uEAAuE;YACvE,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC9D,IAAI,eAAe,EAAE,CAAC;gBACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,+FAA+F,EAAE,CAAC,CAAC;gBACjI,OAAO;YACT,CAAC;YAED,MAAM,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAEzC,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,eAAe,CAAC;oBACpB,IAAI;oBACJ,KAAK;oBACL,WAAW,EAAE,MAAM;oBACnB,MAAM,EAAE,aAAa;oBACrB,UAAU,EAAE,KAAK;oBACjB,QAAQ,EAAE,KAAK;oBACf,EAAE,EAAE,WAAW,CAAC,GAAG,CAAC;oBACpB,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI;iBAC7C,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC7E,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBAC5C,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;gBACnD,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBACrE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,MAAM,OAAO,CAAC,qBAAqB,CAAC;wBAClC,EAAE,EAAE,IAAI,CAAC,KAAK;wBACd,OAAO,EAAE,GAAG,CAAC,IAAI;wBACjB,YAAY;qBACb,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE,EAAE,KAAK,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YACjG,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,gDAAgD,EAAE,CAAC,CAAC;QAC1E,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,CAAC,GAAG,CAAC,iBAAiB,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC/D,MAAM,EAAE,KAAK,EAAE,GAAG,GAA2B,CAAC;QAC9C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAClD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAC5C,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YACnD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACnD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;YAC5E,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,EAAE,KAAK,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YACpF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,MAAM,CAAC,GAAG,CAAC,wBAAwB,EAAE,cAAc,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC5F,MAAM,EAAE,KAAK,EAAE,GAAG,GAA2B,CAAC;QAC9C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/E,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;YAC7D,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE,EAAE,KAAK,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3F,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,+DAA+D;IAC/D,MAAM,CAAC,MAAM,CAAC,yBAAyB,EAAE,cAAc,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChG,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,GAA2B,CAAC;QACzE,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACrD,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,IAA2B,CAAC;QAEnD,IAAI,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QACD,IAAI,YAAY,KAAK,OAAO,EAAE,CAAC;YAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,gEAAgE,EAAE,CAAC,CAAC;YACpG,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,KAAK,CACzC,2FAA2F,EAC3F,CAAC,KAAK,EAAE,YAAY,CAAC,CACtB,CAAC;YACF,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YACD,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAEnD,IAAI,QAAQ,KAAK,OAAO,IAAI,CAAC,UAAU,KAAK,OAAO,IAAI,UAAU,KAAK,OAAO,CAAC,EAAE,CAAC;gBAC/E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6CAA6C,EAAE,CAAC,CAAC;gBAC/E,OAAO;YACT,CAAC;YAED,qEAAqE;YACrE,MAAM,wBAAwB,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACvE,IAAI,wBAAwB;gBACxB,CAAC,wBAAwB,CAAC,YAAY,KAAK,YAAY;oBACtD,wBAAwB,CAAC,UAAU,KAAK,YAAY,CAAC,EAAE,CAAC;gBAC3D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6FAA6F,EAAE,CAAC,CAAC;gBAC/H,OAAO;YACT,CAAC;YAED,MAAM,YAAY,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;YAE5F,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,eAAe,CAAC;oBACpB,IAAI;oBACJ,KAAK;oBACL,WAAW,EAAE,OAAO;oBACpB,MAAM,EAAE,gBAAgB;oBACxB,UAAU,EAAE,MAAM;oBAClB,QAAQ,EAAE,YAAY;oBACtB,MAAM,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE;oBAC5B,MAAM,EAAE,MAAM,IAAI,IAAI;oBACtB,EAAE,EAAE,WAAW,CAAC,GAAG,CAAC;oBACpB,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI;iBAC7C,CAAC,CAAC;YACL,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE,EAAE,KAAK,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/F,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,iEAAiE;IACjE,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,cAAc,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACpG,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,GAA2B,CAAC;QACzE,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACrD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAyB,CAAC;QAExD,IAAI,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QACD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;YACpD,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,kBAAkB,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,OAAkB,EAAE,CAAC,CAAC;YAE1G,6EAA6E;YAC7E,MAAM,uBAAuB,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACtE,IAAI,uBAAuB;gBACvB,CAAC,uBAAuB,CAAC,YAAY,KAAK,YAAY;oBACrD,uBAAuB,CAAC,UAAU,KAAK,YAAY,CAAC,EAAE,CAAC;gBAC1D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qGAAqG,EAAE,CAAC,CAAC;gBACvI,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAC7B,2FAA2F,EAC3F,CAAC,KAAK,EAAE,YAAY,CAAC,CACtB,CAAC;YACF,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,OAAkB,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC,CAAC;YAE/H,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,eAAe,CAAC;oBACpB,IAAI;oBACJ,KAAK;oBACL,WAAW,EAAE,OAAO;oBACpB,MAAM,EAAE,qBAAqB;oBAC7B,UAAU,EAAE,MAAM;oBAClB,QAAQ,EAAE,YAAY;oBACtB,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;oBACtC,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;oBACxB,EAAE,EAAE,WAAW,CAAC,GAAG,CAAC;oBACpB,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI;iBAC7C,CAAC,CAAC;YACL,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAI,CAAW,CAAC,OAAO,CAAC;YACjC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YAClF,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACvC,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,sFAAsF;IACtF,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,cAAc,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC/F,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,GAA2B,CAAC;QACzE,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACrD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAyB,CAAC;QAExD,IAAI,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QACD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;YACpD,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,kBAAkB,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,OAAkB,EAAE,CAAC,CAAC;YAE1G,6EAA6E;YAC7E,MAAM,uBAAuB,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACtE,IAAI,uBAAuB;gBACvB,CAAC,uBAAuB,CAAC,YAAY,KAAK,YAAY;oBACrD,uBAAuB,CAAC,UAAU,KAAK,YAAY,CAAC,EAAE,CAAC;gBAC1D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qGAAqG,EAAE,CAAC,CAAC;gBACvI,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAC7B,2FAA2F,EAC3F,CAAC,KAAK,EAAE,YAAY,CAAC,CACtB,CAAC;YACF,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,OAAkB,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC,CAAC;YAE/H,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,eAAe,CAAC;oBACpB,IAAI;oBACJ,KAAK;oBACL,WAAW,EAAE,OAAO;oBACpB,MAAM,EAAE,qBAAqB;oBAC7B,UAAU,EAAE,MAAM;oBAClB,QAAQ,EAAE,YAAY;oBACtB,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;oBACtC,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;oBACxB,EAAE,EAAE,WAAW,CAAC,GAAG,CAAC;oBACpB,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI;iBAC7C,CAAC,CAAC;YACL,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAI,CAAW,CAAC,OAAO,CAAC;YACjC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YAC7E,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACvC,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAGH,2GAA2G;IAC3G,MAAM,CAAC,GAAG,CAAC,yCAAyC,EAAE,cAAc,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC7G,MAAM,EAAE,KAAK,EAAE,GAAG,GAA2B,CAAC;QAC9C,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACrD,IAAI,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QACD,IAAI,CAAC;YACH,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,KAAK,CACvC,wFAAwF,EACxF,CAAC,KAAK,EAAE,YAAY,CAAC,CACtB,CAAC;YACF,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YACD,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAE5C,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,KAAK,CACxC;;iFAEyE,EACzE,CAAC,KAAK,EAAE,YAAY,CAAC,CACtB,CAAC;YAEF,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,kBAAkB,EAAE,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,EAAE,KAAK,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YACpF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iCAAiC,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/server/routes/transfer.routes.d.ts

@@ -0,0 +1,5 @@
+import { Router } from 'express';
+import type { Pool } from 'pg';
+import type { ServerModuleAdapter, TeamManagementFeatureFlags } from '../types.js';
+export declare function createTransferRouter(pool: Pool, adapter: ServerModuleAdapter, flags: TeamManagementFeatureFlags, baseUrl: string): Router;
+//# sourceMappingURL=transfer.routes.d.ts.map

package/dist/server/routes/transfer.routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transfer.routes.d.ts","sourceRoot":"","sources":["../../../src/server/routes/transfer.routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAC/B,OAAO,KAAK,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC;AAWnF,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,mBAAmB,EAC5B,KAAK,EAAE,0BAA0B,EACjC,OAAO,EAAE,MAAM,GACd,MAAM,CA2FR"}

package/dist/server/routes/transfer.routes.js

@@ -0,0 +1,108 @@
+import { Router } from 'express';
+import { requireMembership } from '../middleware/require-membership.js';
+import { requireRole } from '../middleware/require-role.js';
+import { initiateTransfer, acceptTransfer, cancelTransfer, getPendingTransfer, } from '../services/ownership.service.js';
+import { writeAuditEvent, getClientIp } from '../services/audit.service.js';
+export function createTransferRouter(pool, adapter, flags, baseUrl) {
+    const router = Router({ mergeParams: true });
+    const authMiddleware = requireMembership(pool, adapter);
+    function featureCheck(res) {
+        if (!flags.enableOwnershipTransfer) {
+            res.status(501).json({ error: 'Ownership transfer is not enabled' });
+            return false;
+        }
+        return true;
+    }
+    router.get('/:orgId/transfer', authMiddleware, async (req, res) => {
+        if (!featureCheck(res))
+            return;
+        const { orgId } = req;
+        try {
+            const transfer = await getPendingTransfer(pool, orgId);
+            res.json({ transfer });
+        }
+        catch (e) {
+            adapter.logger.error('[transfer] GET', { error: e.message });
+            res.status(500).json({ error: 'Failed to fetch transfer' });
+        }
+    });
+    router.post('/:orgId/transfer', authMiddleware, requireRole('owner'), async (req, res) => {
+        if (!featureCheck(res))
+            return;
+        const { orgId, userId } = req;
+        const { toUserId } = req.body;
+        if (!toUserId) {
+            res.status(400).json({ error: 'toUserId is required' });
+            return;
+        }
+        try {
+            const transfer = await initiateTransfer(pool, adapter, { orgId, fromUserId: userId, toUserId, baseUrl });
+            if (flags.enableAuditLog) {
+                await writeAuditEvent({ pool, orgId, actorUserId: userId, action: 'ownership.transfer_initiated',
+                    targetType: 'user', targetId: toUserId, ip: getClientIp(req), userAgent: req.headers['user-agent'] ?? null });
+            }
+            res.status(201).json({ transfer });
+        }
+        catch (e) {
+            const msg = e.message;
+            adapter.logger.error('[transfer] POST initiate', { error: msg });
+            if (msg.includes('not a member') || msg.includes('admin') || msg.includes('pending')) {
+                res.status(422).json({ error: msg });
+            }
+            else {
+                res.status(500).json({ error: 'Failed to initiate transfer' });
+            }
+        }
+    });
+    router.post('/:orgId/transfer/accept', authMiddleware, async (req, res) => {
+        if (!featureCheck(res))
+            return;
+        const { orgId, userId } = req;
+        try {
+            await acceptTransfer(pool, adapter, { orgId, acceptingUserId: userId });
+            if (flags.enableAuditLog) {
+                await writeAuditEvent({ pool, orgId, actorUserId: userId, action: 'ownership.transfer_accepted',
+                    targetType: 'org', targetId: orgId, ip: getClientIp(req), userAgent: req.headers['user-agent'] ?? null });
+            }
+            res.json({ message: 'Ownership transfer accepted. You are now the owner.' });
+        }
+        catch (e) {
+            const msg = e.message;
+            adapter.logger.error('[transfer] POST accept', { error: msg });
+            if (msg.includes('No valid') || msg.includes('Only the designated')) {
+                res.status(422).json({ error: msg });
+            }
+            else {
+                res.status(500).json({ error: 'Failed to accept transfer' });
+            }
+        }
+    });
+    router.delete('/:orgId/transfer', authMiddleware, async (req, res) => {
+        if (!featureCheck(res))
+            return;
+        const { orgId, userId, userRole } = req;
+        try {
+            const pending = await getPendingTransfer(pool, orgId);
+            if (!pending) {
+                res.status(404).json({ error: 'No pending transfer found' });
+                return;
+            }
+            if (userRole !== 'owner' && pending.to_user_id !== userId) {
+                res.status(403).json({ error: 'Only the initiating owner or designated recipient can cancel this transfer' });
+                return;
+            }
+            await cancelTransfer(pool, { orgId, cancelledByUserId: userId });
+            if (flags.enableAuditLog) {
+                await writeAuditEvent({ pool, orgId, actorUserId: userId, action: 'ownership.transfer_cancelled',
+                    targetType: 'org', targetId: orgId, ip: getClientIp(req), userAgent: req.headers['user-agent'] ?? null });
+            }
+            res.json({ message: 'Transfer cancelled' });
+        }
+        catch (e) {
+            adapter.logger.error('[transfer] DELETE cancel', { error: e.message });
+            res.status(500).json({ error: 'Failed to cancel transfer' });
+        }
+    });
+    return router;
+}
+//# sourceMappingURL=transfer.routes.js.map

package/dist/server/routes/transfer.routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transfer.routes.js","sourceRoot":"","sources":["../../../src/server/routes/transfer.routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGjC,OAAO,EAAE,iBAAiB,EAA6B,MAAM,qCAAqC,CAAC;AACnG,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,cAAc,EACd,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAE5E,MAAM,UAAU,oBAAoB,CAClC,IAAU,EACV,OAA4B,EAC5B,KAAiC,EACjC,OAAe;IAEf,MAAM,MAAM,GAAG,MAAM,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAExD,SAAS,YAAY,CAAC,GAA+B;QACnD,IAAI,CAAC,KAAK,CAAC,uBAAuB,EAAE,CAAC;YACnC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC,CAAC;YACrE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YAAE,OAAO;QAC/B,MAAM,EAAE,KAAK,EAAE,GAAG,GAA2B,CAAC;QAC9C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACvD,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QACzB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,KAAK,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YACxE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,cAAc,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACvF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YAAE,OAAO;QAC/B,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,GAA2B,CAAC;QACtD,MAAM,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAA6B,CAAC;QACvD,IAAI,CAAC,QAAQ,EAAE,CAAC;YAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;YAAC,OAAO;QAAC,CAAC;QACnF,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACzG,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,eAAe,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,8BAA8B;oBAC9F,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;YAClH,CAAC;YACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAI,CAAW,CAAC,OAAO,CAAC;YACjC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACjE,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACvC,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACxE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YAAE,OAAO;QAC/B,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,GAA2B,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,cAAc,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC;YACxE,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,eAAe,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,6BAA6B;oBAC7F,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,WAAW,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;YAC9G,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,qDAAqD,EAAE,CAAC,CAAC;QAC/E,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAI,CAAW,CAAC,OAAO,CAAC;YACjC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YAC/D,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC;gBACpE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACvC,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,MAAM,CAAC,kBAAkB,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACnE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YAAE,OAAO;QAC/B,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,GAA2B,CAAC;QAChE,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACtD,IAAI,CAAC,OAAO,EAAE,CAAC;gBAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC;gBAAC,OAAO;YAAC,CAAC;YACvF,IAAI,QAAQ,KAAK,OAAO,IAAI,OAAO,CAAC,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4EAA4E,EAAE,CAAC,CAAC;gBAC9G,OAAO;YACT,CAAC;YACD,MAAM,cAAc,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,CAAC,CAAC;YACjE,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;gBACzB,MAAM,eAAe,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,8BAA8B;oBAC9F,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,WAAW,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;YAC9G,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,KAAK,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAClF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/server/services/audit.service.d.ts

@@ -0,0 +1,20 @@
+import type { Pool, PoolClient } from 'pg';
+import type { AuditActorType } from '../types.js';
+interface WriteAuditEventParams {
+    pool: Pool | PoolClient;
+    orgId: number | null;
+    actorUserId: number | null;
+    actorType?: AuditActorType;
+    action: string;
+    targetType?: string | null;
+    targetId?: string | number | null;
+    before?: Record<string, unknown> | null;
+    after?: Record<string, unknown> | null;
+    ip?: string | null;
+    userAgent?: string | null;
+    reason?: string | null;
+}
+export declare function writeAuditEvent(params: WriteAuditEventParams): Promise<void>;
+export declare function getClientIp(req: import('express').Request): string;
+export {};
+//# sourceMappingURL=audit.service.d.ts.map

package/dist/server/services/audit.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.service.d.ts","sourceRoot":"","sources":["../../../src/server/services/audit.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC3C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,UAAU,qBAAqB;IAC7B,IAAI,EAAE,IAAI,GAAG,UAAU,CAAC;IACxB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IACxC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IACvC,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB;AAED,wBAAsB,eAAe,CAAC,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,IAAI,CAAC,CA0BlF;AAED,wBAAgB,WAAW,CAAC,GAAG,EAAE,OAAO,SAAS,EAAE,OAAO,GAAG,MAAM,CAElE"}

package/dist/server/services/audit.service.js

@@ -0,0 +1,23 @@
+export async function writeAuditEvent(params) {
+    const { pool, orgId, actorUserId, actorType = 'user', action, targetType = null, targetId = null, before = null, after = null, ip = null, userAgent = null, reason = null, } = params;
+    await pool.query(`INSERT INTO tm_audit_events
+      (org_id, actor_user_id, actor_type, action, target_type, target_id,
+       before_state, after_state, ip, user_agent, reason)
+     VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11)`, [
+        orgId,
+        actorUserId,
+        actorType,
+        action,
+        targetType,
+        targetId !== null ? String(targetId) : null,
+        before ? JSON.stringify(before) : null,
+        after ? JSON.stringify(after) : null,
+        ip,
+        userAgent,
+        reason,
+    ]);
+}
+export function getClientIp(req) {
+    return req.headers['x-forwarded-for']?.split(',')[0]?.trim() ?? req.socket.remoteAddress ?? 'unknown';
+}
+//# sourceMappingURL=audit.service.js.map

package/dist/server/services/audit.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.service.js","sourceRoot":"","sources":["../../../src/server/services/audit.service.ts"],"names":[],"mappings":"AAkBA,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,MAA6B;IACjE,MAAM,EACJ,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,GAAG,MAAM,EAAE,MAAM,EACpD,UAAU,GAAG,IAAI,EAAE,QAAQ,GAAG,IAAI,EAAE,MAAM,GAAG,IAAI,EAAE,KAAK,GAAG,IAAI,EAC/D,EAAE,GAAG,IAAI,EAAE,SAAS,GAAG,IAAI,EAAE,MAAM,GAAG,IAAI,GAC3C,GAAG,MAAM,CAAC;IAEX,MAAO,IAAa,CAAC,KAAK,CACxB;;;iDAG6C,EAC7C;QACE,KAAK;QACL,WAAW;QACX,SAAS;QACT,MAAM;QACN,UAAU;QACV,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;QAC3C,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI;QACtC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI;QACpC,EAAE;QACF,SAAS;QACT,MAAM;KACP,CACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAA8B;IACxD,OAAQ,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;AACpH,CAAC"}

package/dist/server/services/email-change.service.d.ts

@@ -0,0 +1,16 @@
+import type { Pool } from 'pg';
+import type { ServerModuleAdapter } from '../types.js';
+export declare function requestEmailChange(pool: Pool, adapter: ServerModuleAdapter, { userId, currentEmail, newEmail, baseUrl, }: {
+    userId: number;
+    currentEmail: string;
+    newEmail: string;
+    baseUrl: string;
+}): Promise<void>;
+export declare function verifyEmailChange(pool: Pool, adapter: ServerModuleAdapter, { token, userId: _userId }: {
+    token: string;
+    userId?: number | null;
+}): Promise<void>;
+export declare function cancelEmailChange(pool: Pool, adapter: ServerModuleAdapter, { token }: {
+    token: string;
+}): Promise<void>;
+//# sourceMappingURL=email-change.service.d.ts.map

package/dist/server/services/email-change.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-change.service.d.ts","sourceRoot":"","sources":["../../../src/server/services/email-change.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAC/B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAoBvD,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,mBAAmB,EAC5B,EACE,MAAM,EACN,YAAY,EACZ,QAAQ,EACR,OAAO,GACR,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAC7E,OAAO,CAAC,IAAI,CAAC,CAsDf;AAED,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,mBAAmB,EAC5B,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,GACpE,OAAO,CAAC,IAAI,CAAC,CA4Df;AAED,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,mBAAmB,EAC5B,EAAE,KAAK,EAAE,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAC3B,OAAO,CAAC,IAAI,CAAC,CAqBf"}