@veritas-lex/contract-analysis-package 1.2.3

package/dist/config/logging.config.js

@@ -0,0 +1,106 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createLoggingConfig = createLoggingConfig;
+exports.buildPinoParams = buildPinoParams;
+const config_1 = require("@nestjs/config");
+/**
+ * Creates a logging config factory registered under the `'logging'` namespace.
+ *
+ * @param options - Default values that can be overridden by environment variables
+ */
+function createLoggingConfig(options = {}) {
+    return (0, config_1.registerAs)("logging", () => ({
+        level: process.env.LOG_LEVEL || options.defaultLevel || "info",
+        env: process.env.APP_ENV || "development",
+    }));
+}
+/**
+ * Builds nestjs-pino LoggerModule configuration from environment.
+ *
+ * Features:
+ * - Production: JSON output for log aggregation (Datadog, ELK, CloudWatch)
+ * - Development: Pretty-printed, colorized output via pino-pretty
+ * - Sensitive field redaction (Authorization headers, cookies, passwords)
+ * - Health check endpoint noise suppression
+ * - Request ID propagation via X-Correlation-Id header
+ *
+ * @param logLevel - Pino log level (trace, debug, info, warn, error, fatal)
+ * @param env - Application environment (development, production, etc.)
+ * @param serviceName - Service name tag for log context (e.g. 'ai-analysis-api')
+ */
+function buildPinoParams(logLevel, env, serviceName = "nestjs-api") {
+    const isProduction = env === "production";
+    return {
+        pinoHttp: {
+            level: logLevel,
+            // Prevent req/res context from being attached to every intermediate log line.
+            quietReqLogger: true,
+            // Redact sensitive fields from logs
+            redact: {
+                paths: [
+                    "req.headers.authorization",
+                    "req.headers.cookie",
+                    'req.headers["x-api-key"]',
+                    'res.headers["set-cookie"]',
+                    "body.password",
+                    "body.token",
+                    "body.refreshToken",
+                ],
+                censor: "[REDACTED]",
+            },
+            // Generate request IDs — reads X-Correlation-Id if present,
+            // otherwise falls back to pino's auto-generated reqId
+            genReqId: (req) => {
+                return req.headers["x-correlation-id"] || req.id;
+            },
+            // Suppress health check endpoint noise
+            autoLogging: {
+                ignore: (req) => {
+                    const url = req.url || req.originalUrl || "";
+                    return (url.includes("/health") ||
+                        url.includes("/readiness") ||
+                        url.includes("/liveness"));
+                },
+            },
+            // Custom serializers for cleaner request completion logs
+            serializers: {
+                req: (req) => ({
+                    id: req.id,
+                    method: req.method,
+                    url: req.url,
+                    query: req.query,
+                    // Omit headers in production to reduce log volume
+                    ...(isProduction ? {} : { headers: req.headers }),
+                }),
+                res: (res) => ({
+                    statusCode: res.statusCode,
+                }),
+            },
+            // Attach service context to every log line
+            customProps: () => ({
+                context: "HTTP",
+                service: serviceName,
+            }),
+            // Pretty-print in development, JSON in production
+            ...(isProduction
+                ? {}
+                : {
+                    transport: {
+                        target: "pino-pretty",
+                        options: {
+                            singleLine: true,
+                            colorize: true,
+                            colorizeObjects: true,
+                            levelFirst: true,
+                            translateTime: "SYS:HH:MM:ss.l",
+                            ignore: "pid,hostname,req,res,context,service,responseTime",
+                            messageFormat: "{if context}[{context}] {end}{msg}",
+                            customColors: "err:red,info:blue",
+                            minimumLevel: "debug",
+                        },
+                    },
+                }),
+        },
+    };
+}
+//# sourceMappingURL=logging.config.js.map

package/dist/config/logging.config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logging.config.js","sourceRoot":"","sources":["../../src/config/logging.config.ts"],"names":[],"mappings":";;AAaA,kDAKC;AAgBD,0CAwFC;AA1HD,2CAA4C;AAQ5C;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,UAAgC,EAAE;IACpE,OAAO,IAAA,mBAAU,EAAC,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;QAClC,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,OAAO,CAAC,YAAY,IAAI,MAAM;QAC9D,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,aAAa;KAC1C,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,SAAgB,eAAe,CAC7B,QAAgB,EAChB,GAAW,EACX,WAAW,GAAG,YAAY;IAE1B,MAAM,YAAY,GAAG,GAAG,KAAK,YAAY,CAAC;IAE1C,OAAO;QACL,QAAQ,EAAE;YACR,KAAK,EAAE,QAAQ;YAEf,8EAA8E;YAC9E,cAAc,EAAE,IAAI;YAEpB,oCAAoC;YACpC,MAAM,EAAE;gBACN,KAAK,EAAE;oBACL,2BAA2B;oBAC3B,oBAAoB;oBACpB,0BAA0B;oBAC1B,2BAA2B;oBAC3B,eAAe;oBACf,YAAY;oBACZ,mBAAmB;iBACpB;gBACD,MAAM,EAAE,YAAY;aACrB;YAED,4DAA4D;YAC5D,sDAAsD;YACtD,QAAQ,EAAE,CAAC,GAAQ,EAAE,EAAE;gBACrB,OAAO,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACnD,CAAC;YAED,uCAAuC;YACvC,WAAW,EAAE;gBACX,MAAM,EAAE,CAAC,GAAQ,EAAE,EAAE;oBACnB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;oBAC7C,OAAO,CACL,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;wBACvB,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC;wBAC1B,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC1B,CAAC;gBACJ,CAAC;aACF;YAED,yDAAyD;YACzD,WAAW,EAAE;gBACX,GAAG,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC;oBAClB,EAAE,EAAE,GAAG,CAAC,EAAE;oBACV,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,GAAG,EAAE,GAAG,CAAC,GAAG;oBACZ,KAAK,EAAE,GAAG,CAAC,KAAK;oBAChB,kDAAkD;oBAClD,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;iBAClD,CAAC;gBACF,GAAG,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC;oBAClB,UAAU,EAAE,GAAG,CAAC,UAAU;iBAC3B,CAAC;aACH;YAED,2CAA2C;YAC3C,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;gBAClB,OAAO,EAAE,MAAM;gBACf,OAAO,EAAE,WAAW;aACrB,CAAC;YAEF,kDAAkD;YAClD,GAAG,CAAC,YAAY;gBACd,CAAC,CAAC,EAAE;gBACJ,CAAC,CAAC;oBACE,SAAS,EAAE;wBACT,MAAM,EAAE,aAAa;wBACrB,OAAO,EAAE;4BACP,UAAU,EAAE,IAAI;4BAChB,QAAQ,EAAE,IAAI;4BACd,eAAe,EAAE,IAAI;4BACrB,UAAU,EAAE,IAAI;4BAChB,aAAa,EAAE,gBAAgB;4BAC/B,MAAM,EAAE,mDAAmD;4BAC3D,aAAa,EAAE,oCAAoC;4BACnD,YAAY,EAAE,mBAAmB;4BACjC,YAAY,EAAE,OAAO;yBACtB;qBACF;iBACF,CAAC;SACP;KACF,CAAC;AACJ,CAAC"}

package/dist/config/redis.config.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Redis configuration for BullMQ job queue.
+ *
+ * Registered under the `'redis'` namespace. Used by the
+ * RedisModule / RedisProvider for BullMQ queue infrastructure.
+ */
+declare const _default: (() => {
+    host: string;
+    port: number;
+    password: string | undefined;
+    db: number;
+}) & import("@nestjs/config").ConfigFactoryKeyHost<{
+    host: string;
+    port: number;
+    password: string | undefined;
+    db: number;
+}>;
+export default _default;
+//# sourceMappingURL=redis.config.d.ts.map

package/dist/config/redis.config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redis.config.d.ts","sourceRoot":"","sources":["../../src/config/redis.config.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;;;;;;;;;;;;AACH,wBAKI"}

package/dist/config/redis.config.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const config_1 = require("@nestjs/config");
+/**
+ * Redis configuration for BullMQ job queue.
+ *
+ * Registered under the `'redis'` namespace. Used by the
+ * RedisModule / RedisProvider for BullMQ queue infrastructure.
+ */
+exports.default = (0, config_1.registerAs)("redis", () => ({
+    host: process.env.REDIS_HOST || "localhost",
+    port: parseInt(process.env.REDIS_PORT || "6379", 10),
+    password: process.env.REDIS_PASSWORD || undefined,
+    db: parseInt(process.env.REDIS_DB || "0", 10),
+}));
+//# sourceMappingURL=redis.config.js.map

package/dist/config/redis.config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redis.config.js","sourceRoot":"","sources":["../../src/config/redis.config.ts"],"names":[],"mappings":";;AAAA,2CAA4C;AAE5C;;;;;GAKG;AACH,kBAAe,IAAA,mBAAU,EAAC,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;IACxC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW;IAC3C,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,MAAM,EAAE,EAAE,CAAC;IACpD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,SAAS;IACjD,EAAE,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,GAAG,EAAE,EAAE,CAAC;CAC9C,CAAC,CAAC,CAAC"}

package/dist/config/security.config.d.ts

@@ -0,0 +1,66 @@
+export interface SecurityConfigOptions {
+    /** Include and validate PII_ENCRYPTION_KEY (default: true) */
+    validatePiiKey?: boolean;
+    /** Include ENCRYPTION_KEY with production-only validation */
+    includeEncryptionKey?: boolean;
+}
+/**
+ * Creates a security config factory registered under the `'security'` namespace.
+ *
+ * Provides CORS, Helmet, and rate-limiting configuration. Optionally validates
+ * encryption keys at startup.
+ *
+ * @param options - Control which encryption keys to include and validate
+ */
+export declare function createSecurityConfig(options?: SecurityConfigOptions): (() => {
+    piiEncryptionKey: string | undefined;
+    cors: {
+        origin: string[];
+        credentials: boolean;
+    };
+    helmet: {
+        contentSecurityPolicy: boolean;
+        crossOriginEmbedderPolicy: boolean;
+    };
+    rateLimit: {
+        short: {
+            ttl: number;
+            limit: number;
+        };
+        medium: {
+            ttl: number;
+            limit: number;
+        };
+        long: {
+            ttl: number;
+            limit: number;
+        };
+    };
+    encryptionKey?: string | undefined;
+}) & import("@nestjs/config").ConfigFactoryKeyHost<{
+    piiEncryptionKey: string | undefined;
+    cors: {
+        origin: string[];
+        credentials: boolean;
+    };
+    helmet: {
+        contentSecurityPolicy: boolean;
+        crossOriginEmbedderPolicy: boolean;
+    };
+    rateLimit: {
+        short: {
+            ttl: number;
+            limit: number;
+        };
+        medium: {
+            ttl: number;
+            limit: number;
+        };
+        long: {
+            ttl: number;
+            limit: number;
+        };
+    };
+    encryptionKey?: string | undefined;
+}>;
+//# sourceMappingURL=security.config.d.ts.map

package/dist/config/security.config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.config.d.ts","sourceRoot":"","sources":["../../src/config/security.config.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,qBAAqB;IACpC,8DAA8D;IAC9D,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,6DAA6D;IAC7D,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,GAAE,qBAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6DvE"}

package/dist/config/security.config.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSecurityConfig = createSecurityConfig;
+const config_1 = require("@nestjs/config");
+/**
+ * Creates a security config factory registered under the `'security'` namespace.
+ *
+ * Provides CORS, Helmet, and rate-limiting configuration. Optionally validates
+ * encryption keys at startup.
+ *
+ * @param options - Control which encryption keys to include and validate
+ */
+function createSecurityConfig(options = {}) {
+    return (0, config_1.registerAs)("security", () => {
+        const piiEncryptionKey = process.env.PII_ENCRYPTION_KEY;
+        const encryptionKey = process.env.ENCRYPTION_KEY;
+        const isProduction = process.env.NODE_ENV === "production";
+        // Validate PII encryption key (default: enabled)
+        if (options.validatePiiKey !== false) {
+            if (!piiEncryptionKey) {
+                throw new Error("PII_ENCRYPTION_KEY must be set (required for PII encryption at rest)");
+            }
+            if (Buffer.from(piiEncryptionKey, "hex").length !== 32) {
+                throw new Error("PII_ENCRYPTION_KEY must be a 64-character hex string (32 bytes)");
+            }
+        }
+        // Validate ENCRYPTION_KEY in production if included
+        if (options.includeEncryptionKey) {
+            if (isProduction && !encryptionKey) {
+                throw new Error("ENCRYPTION_KEY must be set in production environment");
+            }
+            if (encryptionKey && Buffer.from(encryptionKey, "hex").length !== 32) {
+                throw new Error("ENCRYPTION_KEY must be a 64-character hex string (32 bytes)");
+            }
+        }
+        return {
+            ...(options.includeEncryptionKey ? { encryptionKey } : {}),
+            piiEncryptionKey,
+            cors: {
+                origin: process.env.CORS_ORIGINS?.split(",") || [
+                    "http://localhost:3000",
+                ],
+                credentials: true,
+            },
+            helmet: {
+                contentSecurityPolicy: isProduction,
+                crossOriginEmbedderPolicy: false,
+            },
+            rateLimit: {
+                short: {
+                    ttl: parseInt(process.env.RATE_LIMIT_SHORT_TTL || "1000"),
+                    limit: parseInt(process.env.RATE_LIMIT_SHORT_LIMIT || "3"),
+                },
+                medium: {
+                    ttl: parseInt(process.env.RATE_LIMIT_MEDIUM_TTL || "10000"),
+                    limit: parseInt(process.env.RATE_LIMIT_MEDIUM_LIMIT || "20"),
+                },
+                long: {
+                    ttl: parseInt(process.env.RATE_LIMIT_LONG_TTL || "60000"),
+                    limit: parseInt(process.env.RATE_LIMIT_LONG_LIMIT || "100"),
+                },
+            },
+        };
+    });
+}
+//# sourceMappingURL=security.config.js.map

package/dist/config/security.config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.config.js","sourceRoot":"","sources":["../../src/config/security.config.ts"],"names":[],"mappings":";;AAiBA,oDA6DC;AA9ED,2CAA4C;AAS5C;;;;;;;GAOG;AACH,SAAgB,oBAAoB,CAAC,UAAiC,EAAE;IACtE,OAAO,IAAA,mBAAU,EAAC,UAAU,EAAE,GAAG,EAAE;QACjC,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACxD,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACjD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;QAE3D,iDAAiD;QACjD,IAAI,OAAO,CAAC,cAAc,KAAK,KAAK,EAAE,CAAC;YACrC,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CACb,sEAAsE,CACvE,CAAC;YACJ,CAAC;YACD,IAAI,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACvD,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;YACjC,IAAI,YAAY,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;YAC1E,CAAC;YACD,IAAI,aAAa,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACrE,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO;YACL,GAAG,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1D,gBAAgB;YAChB,IAAI,EAAE;gBACJ,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI;oBAC9C,uBAAuB;iBACxB;gBACD,WAAW,EAAE,IAAI;aAClB;YACD,MAAM,EAAE;gBACN,qBAAqB,EAAE,YAAY;gBACnC,yBAAyB,EAAE,KAAK;aACjC;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,MAAM,CAAC;oBACzD,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,GAAG,CAAC;iBAC3D;gBACD,MAAM,EAAE;oBACN,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,OAAO,CAAC;oBAC3D,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,IAAI,CAAC;iBAC7D;gBACD,IAAI,EAAE;oBACJ,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC;oBACzD,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,KAAK,CAAC;iBAC5D;aACF;SACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/config/storage.config.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Supabase storage configuration registered under the `'storage'` namespace.
+ */
+declare const _default: (() => {
+    supabase: {
+        url: string | undefined;
+        key: string | undefined;
+        bucket: string;
+        signedUrlExpiry: number;
+    };
+}) & import("@nestjs/config").ConfigFactoryKeyHost<{
+    supabase: {
+        url: string | undefined;
+        key: string | undefined;
+        bucket: string;
+        signedUrlExpiry: number;
+    };
+}>;
+export default _default;
+//# sourceMappingURL=storage.config.d.ts.map

package/dist/config/storage.config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage.config.d.ts","sourceRoot":"","sources":["../../src/config/storage.config.ts"],"names":[],"mappings":"AAEA;;GAEG;;;;;;;;;;;;;;;;AACH,wBASI"}

package/dist/config/storage.config.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const config_1 = require("@nestjs/config");
+/**
+ * Supabase storage configuration registered under the `'storage'` namespace.
+ */
+exports.default = (0, config_1.registerAs)("storage", () => ({
+    supabase: {
+        url: process.env.SUPABASE_URL,
+        key: process.env.SUPABASE_SERVICE_ROLE_KEY,
+        bucket: process.env.SUPABASE_STORAGE_BUCKET || "contracts",
+        signedUrlExpiry: process.env.SUPABASE_SIGNED_URL_EXPIRY
+            ? parseInt(process.env.SUPABASE_SIGNED_URL_EXPIRY, 10)
+            : 3600, // Default to 1 hour
+    },
+}));
+//# sourceMappingURL=storage.config.js.map

package/dist/config/storage.config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage.config.js","sourceRoot":"","sources":["../../src/config/storage.config.ts"],"names":[],"mappings":";;AAAA,2CAA4C;AAE5C;;GAEG;AACH,kBAAe,IAAA,mBAAU,EAAC,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;IAC1C,QAAQ,EAAE;QACR,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;QAC7B,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QAC1C,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,WAAW;QAC1D,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B;YACrD,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,EAAE,CAAC;YACtD,CAAC,CAAC,IAAI,EAAE,oBAAoB;KAC/B;CACF,CAAC,CAAC,CAAC"}

package/dist/config/validation.config.d.ts

@@ -0,0 +1,62 @@
+import * as Joi from "joi";
+export interface BaseValidationOptions {
+    /** Application defaults */
+    app?: {
+        name?: string;
+        port?: number;
+    };
+    /** Swagger doc defaults */
+    doc?: {
+        name?: string;
+    };
+    /** Database defaults */
+    database?: {
+        poolMax?: number;
+        /** Include DATABASE_SSL rule */
+        includeSsl?: boolean;
+        /** Include DB_LOGGING key (default: DATABASE_LOGGING) */
+        loggingKey?: "DB_LOGGING" | "DATABASE_LOGGING";
+    };
+    /** JWT rules */
+    jwt?: {
+        /** Whether JWT_SECRET is required (default: false → optional) */
+        secretRequired?: boolean;
+        /** Default issuer name */
+        issuer?: string;
+        /** Include JWT_JWKS_URI rule */
+        includeJwks?: boolean;
+    };
+    /** HTTP versioning defaults */
+    http?: {
+        /** Default for HTTP_VERSIONING_ENABLE */
+        versioningEnabled?: boolean;
+    };
+    /** CORS defaults */
+    cors?: {
+        /** Default CORS_ORIGINS value (omit for optional-with-no-default) */
+        origins?: string;
+    };
+}
+/**
+ * Creates the base Joi validation rules shared across all APIs.
+ *
+ * Returns a plain object of Joi schema keys that can be spread into
+ * a `Joi.object({ ...base, ...apiSpecific })` call.
+ *
+ * Covers: application, swagger, database, redis, JWT, security/rate-limiting,
+ * HTTP versioning, and Presidio base URLs.
+ *
+ * @example
+ * ```typescript
+ * import * as Joi from 'joi';
+ * import { createBaseValidationRules } from '@veritas-lex/contract-analysis-package';
+ *
+ * export const configValidationSchema = Joi.object({
+ *   ...createBaseValidationRules({ jwt: { secretRequired: true } }),
+ *   // API-specific keys
+ *   MY_CUSTOM_KEY: Joi.string().required(),
+ * }).options({ allowUnknown: true, stripUnknown: false });
+ * ```
+ */
+export declare function createBaseValidationRules(options?: BaseValidationOptions): Record<string, Joi.Schema>;
+//# sourceMappingURL=validation.config.d.ts.map

package/dist/config/validation.config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.config.d.ts","sourceRoot":"","sources":["../../src/config/validation.config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,KAAK,CAAC;AAE3B,MAAM,WAAW,qBAAqB;IACpC,2BAA2B;IAC3B,GAAG,CAAC,EAAE;QACJ,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;IACF,2BAA2B;IAC3B,GAAG,CAAC,EAAE;QACJ,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;IACF,wBAAwB;IACxB,QAAQ,CAAC,EAAE;QACT,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,gCAAgC;QAChC,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,yDAAyD;QACzD,UAAU,CAAC,EAAE,YAAY,GAAG,kBAAkB,CAAC;KAChD,CAAC;IACF,gBAAgB;IAChB,GAAG,CAAC,EAAE;QACJ,iEAAiE;QACjE,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,0BAA0B;QAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,gCAAgC;QAChC,WAAW,CAAC,EAAE,OAAO,CAAC;KACvB,CAAC;IACF,+BAA+B;IAC/B,IAAI,CAAC,EAAE;QACL,yCAAyC;QACzC,iBAAiB,CAAC,EAAE,OAAO,CAAC;KAC7B,CAAC;IACF,oBAAoB;IACpB,IAAI,CAAC,EAAE;QACL,qEAAqE;QACrE,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,yBAAyB,CACvC,OAAO,GAAE,qBAA0B,GAClC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAqG5B"}

package/dist/config/validation.config.js

@@ -0,0 +1,139 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createBaseValidationRules = createBaseValidationRules;
+const Joi = __importStar(require("joi"));
+/**
+ * Creates the base Joi validation rules shared across all APIs.
+ *
+ * Returns a plain object of Joi schema keys that can be spread into
+ * a `Joi.object({ ...base, ...apiSpecific })` call.
+ *
+ * Covers: application, swagger, database, redis, JWT, security/rate-limiting,
+ * HTTP versioning, and Presidio base URLs.
+ *
+ * @example
+ * ```typescript
+ * import * as Joi from 'joi';
+ * import { createBaseValidationRules } from '@veritas-lex/contract-analysis-package';
+ *
+ * export const configValidationSchema = Joi.object({
+ *   ...createBaseValidationRules({ jwt: { secretRequired: true } }),
+ *   // API-specific keys
+ *   MY_CUSTOM_KEY: Joi.string().required(),
+ * }).options({ allowUnknown: true, stripUnknown: false });
+ * ```
+ */
+function createBaseValidationRules(options = {}) {
+    const { app = {}, doc = {}, database = {}, jwt = {}, http = {}, cors = {}, } = options;
+    const dbLoggingKey = database.loggingKey ?? "DATABASE_LOGGING";
+    return {
+        // ── Application ─────────────────────────────────────────────────
+        NODE_ENV: Joi.string()
+            .valid("development", "production", "test")
+            .default("development"),
+        APP_NAME: Joi.string().default(app.name ?? "Contract Analysis API"),
+        APP_ENV: Joi.string()
+            .valid("development", "production", "test")
+            .default("development"),
+        HTTP_PORT: Joi.number()
+            .port()
+            .default(app.port ?? 3003),
+        LOG_LEVEL: Joi.string()
+            .valid("trace", "debug", "info", "warn", "error", "fatal")
+            .default("info"),
+        // ── Swagger ─────────────────────────────────────────────────────
+        SWAGGER_USER: Joi.string().default("admin"),
+        SWAGGER_PASSWORD: Joi.string().default("admin"),
+        DOC_NAME: Joi.string().default(doc.name ?? "Contract Analysis API Specification"),
+        DOC_VERSION: Joi.string().default("1.0"),
+        // ── Database ────────────────────────────────────────────────────
+        DATABASE_HOST: Joi.string().default("localhost"),
+        DATABASE_PORT: Joi.number().port().default(5432),
+        DATABASE_USERNAME: Joi.string().default("postgres"),
+        DATABASE_PASSWORD: Joi.string().default("postgres"),
+        DATABASE_NAME: Joi.string().default("contract_analysis"),
+        [dbLoggingKey]: Joi.boolean().default(false),
+        ...(database.includeSsl
+            ? { DATABASE_SSL: Joi.boolean().default(false) }
+            : {}),
+        DATABASE_POOL_MAX: Joi.number()
+            .integer()
+            .min(1)
+            .max(100)
+            .default(database.poolMax ?? 20),
+        DATABASE_POOL_IDLE_TIMEOUT: Joi.number().integer().min(1000).default(30000),
+        DATABASE_POOL_CONNECTION_TIMEOUT: Joi.number()
+            .integer()
+            .min(1000)
+            .default(5000),
+        // ── Redis ───────────────────────────────────────────────────────
+        REDIS_HOST: Joi.string().default("localhost"),
+        REDIS_PORT: Joi.number().port().default(6379),
+        REDIS_PASSWORD: Joi.string().optional().allow(""),
+        REDIS_DB: Joi.number().integer().min(0).max(15).default(0),
+        // ── JWT ─────────────────────────────────────────────────────────
+        JWT_SECRET: jwt.secretRequired
+            ? Joi.string().min(32).required().messages({
+                "string.min": "JWT_SECRET must be at least 32 characters long for security",
+                "any.required": "JWT_SECRET is required for authentication",
+            })
+            : Joi.string().min(32).optional().messages({
+                "string.min": "JWT_SECRET must be at least 32 characters long for security",
+            }),
+        JWT_EXPIRES_IN: Joi.string().default("7d"),
+        JWT_ISSUER: Joi.string().default(jwt.issuer ?? "contract-analysis-api"),
+        ...(jwt.includeJwks ? { JWT_JWKS_URI: Joi.string().uri().optional() } : {}),
+        // ── Security / Rate Limiting ────────────────────────────────────
+        CORS_ORIGINS: cors.origins
+            ? Joi.string().default(cors.origins)
+            : Joi.string().optional(),
+        RATE_LIMIT_SHORT_TTL: Joi.number().positive().default(1000),
+        RATE_LIMIT_SHORT_LIMIT: Joi.number().positive().default(3),
+        RATE_LIMIT_MEDIUM_TTL: Joi.number().positive().default(10000),
+        RATE_LIMIT_MEDIUM_LIMIT: Joi.number().positive().default(20),
+        RATE_LIMIT_LONG_TTL: Joi.number().positive().default(60000),
+        RATE_LIMIT_LONG_LIMIT: Joi.number().positive().default(100),
+        // ── HTTP Versioning ─────────────────────────────────────────────
+        HTTP_VERSIONING_ENABLE: Joi.boolean().default(http.versioningEnabled ?? false),
+        HTTP_VERSION: Joi.string().default("1"),
+        // ── Presidio (base URLs only) ───────────────────────────────────
+        PRESIDIO_ANALYZER_URL: Joi.string().uri().default("http://localhost:5001"),
+        PRESIDIO_ANONYMIZER_URL: Joi.string()
+            .uri()
+            .default("http://localhost:5002"),
+    };
+}
+//# sourceMappingURL=validation.config.js.map

package/dist/config/validation.config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.config.js","sourceRoot":"","sources":["../../src/config/validation.config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8DA,8DAuGC;AArKD,yCAA2B;AAyC3B;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,yBAAyB,CACvC,UAAiC,EAAE;IAEnC,MAAM,EACJ,GAAG,GAAG,EAAE,EACR,GAAG,GAAG,EAAE,EACR,QAAQ,GAAG,EAAE,EACb,GAAG,GAAG,EAAE,EACR,IAAI,GAAG,EAAE,EACT,IAAI,GAAG,EAAE,GACV,GAAG,OAAO,CAAC;IAEZ,MAAM,YAAY,GAAG,QAAQ,CAAC,UAAU,IAAI,kBAAkB,CAAC;IAE/D,OAAO;QACL,mEAAmE;QACnE,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE;aACnB,KAAK,CAAC,aAAa,EAAE,YAAY,EAAE,MAAM,CAAC;aAC1C,OAAO,CAAC,aAAa,CAAC;QACzB,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,uBAAuB,CAAC;QACnE,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE;aAClB,KAAK,CAAC,aAAa,EAAE,YAAY,EAAE,MAAM,CAAC;aAC1C,OAAO,CAAC,aAAa,CAAC;QACzB,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE;aACpB,IAAI,EAAE;aACN,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;QAC5B,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE;aACpB,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;aACzD,OAAO,CAAC,MAAM,CAAC;QAElB,mEAAmE;QACnE,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;QAC3C,gBAAgB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;QAC/C,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAC5B,GAAG,CAAC,IAAI,IAAI,qCAAqC,CAClD;QACD,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;QAExC,mEAAmE;QACnE,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC;QAChD,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QAChD,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC;QACnD,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC;QACnD,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,mBAAmB,CAAC;QACxD,CAAC,YAAY,CAAC,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;QAC5C,GAAG,CAAC,QAAQ,CAAC,UAAU;YACrB,CAAC,CAAC,EAAE,YAAY,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;YAChD,CAAC,CAAC,EAAE,CAAC;QACP,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE;aAC5B,OAAO,EAAE;aACT,GAAG,CAAC,CAAC,CAAC;aACN,GAAG,CAAC,GAAG,CAAC;aACR,OAAO,CAAC,QAAQ,CAAC,OAAO,IAAI,EAAE,CAAC;QAClC,0BAA0B,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;QAC3E,gCAAgC,EAAE,GAAG,CAAC,MAAM,EAAE;aAC3C,OAAO,EAAE;aACT,GAAG,CAAC,IAAI,CAAC;aACT,OAAO,CAAC,IAAI,CAAC;QAEhB,mEAAmE;QACnE,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QAC7C,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;QACjD,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QAE1D,mEAAmE;QACnE,UAAU,EAAE,GAAG,CAAC,cAAc;YAC5B,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC;gBACvC,YAAY,EACV,6DAA6D;gBAC/D,cAAc,EAAE,2CAA2C;aAC5D,CAAC;YACJ,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC;gBACvC,YAAY,EACV,6DAA6D;aAChE,CAAC;QACN,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QAC1C,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,IAAI,uBAAuB,CAAC;QACvE,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAE3E,mEAAmE;QACnE,YAAY,EAAE,IAAI,CAAC,OAAO;YACxB,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;YACpC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC3B,oBAAoB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QAC3D,sBAAsB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1D,qBAAqB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;QAC7D,uBAAuB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5D,mBAAmB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;QAC3D,qBAAqB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;QAE3D,mEAAmE;QACnE,sBAAsB,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAC3C,IAAI,CAAC,iBAAiB,IAAI,KAAK,CAChC;QACD,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;QAEvC,mEAAmE;QACnE,qBAAqB,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,uBAAuB,CAAC;QAC1E,uBAAuB,EAAE,GAAG,CAAC,MAAM,EAAE;aAClC,GAAG,EAAE;aACL,OAAO,CAAC,uBAAuB,CAAC;KACpC,CAAC;AACJ,CAAC"}

package/dist/constants/enums.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Shared Enums
+ *
+ * Single source of truth for workflow/status enums used across
+ * both contract-analysis-api and ai-analysis-api.
+ */
+export declare enum ContractStatus {
+    UPLOADED = "uploaded",
+    DETECTING_TYPE = "detecting_type",
+    EXTRACTING_TEXT = "extracting_text",
+    OCR_PENDING = "ocr_pending",
+    OCR_RUNNING = "ocr_running",
+    SCANNING_PII = "scanning_pii",
+    PII_DETECTED = "pii_detected",
+    AWAITING_PII_APPROVAL = "awaiting_pii_approval",
+    PSEUDONYMIZING = "pseudonymizing",
+    CHUNKING = "chunking",
+    EMBEDDING = "embedding",
+    INDEXED = "indexed",
+    PARTIALLY_INDEXED = "partially_indexed",
+    ANALYSIS_PENDING = "analysis_pending",
+    ANALYSIS_RUNNING = "analysis_running",
+    ANALYZING_RED_FLAGS = "analyzing_red_flags",
+    ANALYZING_DEEP = "analyzing_deep",
+    GENERATING_REPORT = "generating_report",
+    DEEP_ANALYSIS_COMPLETE = "deep_analysis_complete",
+    READY = "ready",
+    FAILED = "failed",
+    ACTION_REQUIRED = "action_required"
+}
+export declare enum JobType {
+    DOCUMENT_TYPE_DETECTION = "document_type_detection",
+    EXTRACT_TEXT = "extract_text",
+    OCR = "ocr",
+    PII_SCAN = "pii_scan",
+    CHUNK = "chunk",
+    EMBED = "embed",
+    QNA = "qna"
+}
+export declare enum JobStatus {
+    QUEUED = "queued",
+    STARTED = "started",
+    RUNNING = "running",
+    SUCCEEDED = "succeeded",
+    FAILED = "failed",
+    CANCELLED = "cancelled"
+}
+export declare enum TaskStatus {
+    OPEN = "open",
+    DONE = "done",
+    CANCELLED = "cancelled",
+    SNOOZED = "snoozed"
+}
+export declare enum TaskPriority {
+    LOW = "low",
+    MEDIUM = "medium",
+    HIGH = "high",
+    CRITICAL = "critical"
+}
+export declare enum RiskLevel {
+    CRITICAL = "critical",
+    HIGH = "high",
+    MEDIUM = "medium",
+    LOW = "low",
+    INFORMATIONAL = "informational"
+}
+export declare enum RuleKind {
+    ABSOLUTE = "absolute",
+    RELATIVE = "relative",
+    EVENT_DRIVEN = "event_driven"
+}
+export declare enum RuleDirection {
+    BEFORE = "before",
+    AFTER = "after"
+}
+//# sourceMappingURL=enums.d.ts.map

package/dist/constants/enums.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enums.d.ts","sourceRoot":"","sources":["../../src/constants/enums.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,oBAAY,cAAc;IACxB,QAAQ,aAAa;IACrB,cAAc,mBAAmB;IACjC,eAAe,oBAAoB;IACnC,WAAW,gBAAgB;IAC3B,WAAW,gBAAgB;IAC3B,YAAY,iBAAiB;IAC7B,YAAY,iBAAiB;IAC7B,qBAAqB,0BAA0B;IAC/C,cAAc,mBAAmB;IACjC,QAAQ,aAAa;IACrB,SAAS,cAAc;IACvB,OAAO,YAAY;IACnB,iBAAiB,sBAAsB;IACvC,gBAAgB,qBAAqB;IACrC,gBAAgB,qBAAqB;IACrC,mBAAmB,wBAAwB;IAC3C,cAAc,mBAAmB;IACjC,iBAAiB,sBAAsB;IACvC,sBAAsB,2BAA2B;IACjD,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,eAAe,oBAAoB;CACpC;AAID,oBAAY,OAAO;IACjB,uBAAuB,4BAA4B;IACnD,YAAY,iBAAiB;IAC7B,GAAG,QAAQ;IACX,QAAQ,aAAa;IACrB,KAAK,UAAU;IACf,KAAK,UAAU;IACf,GAAG,QAAQ;CACZ;AAED,oBAAY,SAAS;IACnB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,SAAS,cAAc;IACvB,MAAM,WAAW;IACjB,SAAS,cAAc;CACxB;AAID,oBAAY,UAAU;IACpB,IAAI,SAAS;IACb,IAAI,SAAS;IACb,SAAS,cAAc;IACvB,OAAO,YAAY;CACpB;AAED,oBAAY,YAAY;IACtB,GAAG,QAAQ;IACX,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAID,oBAAY,SAAS;IACnB,QAAQ,aAAa;IACrB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,GAAG,QAAQ;IACX,aAAa,kBAAkB;CAChC;AAID,oBAAY,QAAQ;IAClB,QAAQ,aAAa;IACrB,QAAQ,aAAa;IACrB,YAAY,iBAAiB;CAC9B;AAED,oBAAY,aAAa;IACvB,MAAM,WAAW;IACjB,KAAK,UAAU;CAChB"}