@vorionsys/contracts 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (225) hide show
  1. package/README.md +146 -0
  2. package/dist/aci/aci-string.d.ts +7 -7
  3. package/dist/aci/aci-string.js +87 -69
  4. package/dist/aci/aci-string.js.map +1 -1
  5. package/dist/aci/attestation.d.ts +71 -71
  6. package/dist/aci/attestation.js +67 -57
  7. package/dist/aci/attestation.js.map +1 -1
  8. package/dist/aci/domains.d.ts +1 -1
  9. package/dist/aci/domains.js +55 -37
  10. package/dist/aci/domains.js.map +1 -1
  11. package/dist/aci/effective-permission.d.ts +6 -6
  12. package/dist/aci/effective-permission.js +59 -46
  13. package/dist/aci/effective-permission.js.map +1 -1
  14. package/dist/aci/identity.d.ts +99 -99
  15. package/dist/aci/identity.js +95 -85
  16. package/dist/aci/identity.js.map +1 -1
  17. package/dist/aci/index.d.ts +13 -3
  18. package/dist/aci/index.d.ts.map +1 -1
  19. package/dist/aci/index.js +268 -43
  20. package/dist/aci/index.js.map +1 -1
  21. package/dist/aci/jwt-claims.d.ts +29 -29
  22. package/dist/aci/jwt-claims.js +72 -62
  23. package/dist/aci/jwt-claims.js.map +1 -1
  24. package/dist/aci/levels.d.ts +3 -3
  25. package/dist/aci/levels.js +79 -60
  26. package/dist/aci/levels.js.map +1 -1
  27. package/dist/aci/mapping.d.ts +3 -3
  28. package/dist/aci/mapping.js +94 -74
  29. package/dist/aci/mapping.js.map +1 -1
  30. package/dist/aci/skills.d.ts +3 -3
  31. package/dist/aci/skills.js +71 -49
  32. package/dist/aci/skills.js.map +1 -1
  33. package/dist/aci/tiers.d.ts +1 -1
  34. package/dist/aci/tiers.js +144 -117
  35. package/dist/aci/tiers.js.map +1 -1
  36. package/dist/canonical/agent.d.ts +1 -1
  37. package/dist/canonical/agent.js +146 -130
  38. package/dist/canonical/agent.js.map +1 -1
  39. package/dist/canonical/governance.d.ts +1 -1
  40. package/dist/canonical/governance.js +134 -120
  41. package/dist/canonical/governance.js.map +1 -1
  42. package/dist/canonical/index.d.ts +1 -0
  43. package/dist/canonical/index.d.ts.map +1 -1
  44. package/dist/canonical/index.js +26 -8
  45. package/dist/canonical/index.js.map +1 -1
  46. package/dist/canonical/intent.d.ts +8 -15
  47. package/dist/canonical/intent.d.ts.map +1 -1
  48. package/dist/canonical/intent.js +91 -82
  49. package/dist/canonical/intent.js.map +1 -1
  50. package/dist/canonical/middleware.d.ts +513 -0
  51. package/dist/canonical/middleware.d.ts.map +1 -0
  52. package/dist/canonical/middleware.js +218 -0
  53. package/dist/canonical/middleware.js.map +1 -0
  54. package/dist/canonical/risk-level.d.ts +1 -1
  55. package/dist/canonical/risk-level.js +66 -46
  56. package/dist/canonical/risk-level.js.map +1 -1
  57. package/dist/canonical/trust-band.d.ts +1 -1
  58. package/dist/canonical/trust-band.js +39 -28
  59. package/dist/canonical/trust-band.js.map +1 -1
  60. package/dist/canonical/trust-score.d.ts +1 -1
  61. package/dist/canonical/trust-score.js +46 -29
  62. package/dist/canonical/trust-score.js.map +1 -1
  63. package/dist/canonical/trust-signal.d.ts +13 -13
  64. package/dist/canonical/trust-signal.js +91 -78
  65. package/dist/canonical/trust-signal.js.map +1 -1
  66. package/dist/canonical/validation.js +148 -102
  67. package/dist/canonical/validation.js.map +1 -1
  68. package/dist/car/attestation.d.ts +648 -0
  69. package/dist/car/attestation.d.ts.map +1 -0
  70. package/dist/car/attestation.js +299 -0
  71. package/dist/car/attestation.js.map +1 -0
  72. package/dist/car/car-string.d.ts +846 -0
  73. package/dist/car/car-string.d.ts.map +1 -0
  74. package/dist/car/car-string.js +734 -0
  75. package/dist/car/car-string.js.map +1 -0
  76. package/dist/car/domains.d.ts +260 -0
  77. package/dist/car/domains.d.ts.map +1 -0
  78. package/dist/car/domains.js +340 -0
  79. package/dist/car/domains.js.map +1 -0
  80. package/dist/car/effective-permission.d.ts +371 -0
  81. package/dist/car/effective-permission.d.ts.map +1 -0
  82. package/dist/car/effective-permission.js +364 -0
  83. package/dist/car/effective-permission.js.map +1 -0
  84. package/dist/car/identity.d.ts +1206 -0
  85. package/dist/car/identity.d.ts.map +1 -0
  86. package/dist/car/identity.js +348 -0
  87. package/dist/car/identity.js.map +1 -0
  88. package/dist/car/index.d.ts +104 -0
  89. package/dist/car/index.d.ts.map +1 -0
  90. package/dist/car/index.js +401 -0
  91. package/dist/car/index.js.map +1 -0
  92. package/dist/car/jwt-claims.d.ts +1364 -0
  93. package/dist/car/jwt-claims.d.ts.map +1 -0
  94. package/dist/car/jwt-claims.js +388 -0
  95. package/dist/car/jwt-claims.js.map +1 -0
  96. package/dist/car/levels.d.ts +279 -0
  97. package/dist/car/levels.d.ts.map +1 -0
  98. package/dist/car/levels.js +486 -0
  99. package/dist/car/levels.js.map +1 -0
  100. package/dist/car/mapping.d.ts +291 -0
  101. package/dist/car/mapping.d.ts.map +1 -0
  102. package/dist/car/mapping.js +447 -0
  103. package/dist/car/mapping.js.map +1 -0
  104. package/dist/car/skills.d.ts +314 -0
  105. package/dist/car/skills.d.ts.map +1 -0
  106. package/dist/car/skills.js +426 -0
  107. package/dist/car/skills.js.map +1 -0
  108. package/dist/car/tiers.d.ts +403 -0
  109. package/dist/car/tiers.d.ts.map +1 -0
  110. package/dist/car/tiers.js +686 -0
  111. package/dist/car/tiers.js.map +1 -0
  112. package/dist/common/index.d.ts +1 -0
  113. package/dist/common/index.d.ts.map +1 -1
  114. package/dist/common/index.js +18 -1
  115. package/dist/common/index.js.map +1 -1
  116. package/dist/common/primitives.d.ts +9 -7
  117. package/dist/common/primitives.d.ts.map +1 -1
  118. package/dist/common/primitives.js +30 -25
  119. package/dist/common/primitives.js.map +1 -1
  120. package/dist/common/types.d.ts +328 -0
  121. package/dist/common/types.d.ts.map +1 -0
  122. package/dist/common/types.js +61 -0
  123. package/dist/common/types.js.map +1 -0
  124. package/dist/db/agents.d.ts +1374 -0
  125. package/dist/db/agents.d.ts.map +1 -0
  126. package/dist/db/agents.js +283 -0
  127. package/dist/db/agents.js.map +1 -0
  128. package/dist/db/api-keys.d.ts +365 -0
  129. package/dist/db/api-keys.d.ts.map +1 -0
  130. package/dist/db/api-keys.js +101 -0
  131. package/dist/db/api-keys.js.map +1 -0
  132. package/dist/db/escalations.d.ts +400 -0
  133. package/dist/db/escalations.d.ts.map +1 -0
  134. package/dist/db/escalations.js +100 -0
  135. package/dist/db/escalations.js.map +1 -0
  136. package/dist/db/index.d.ts +20 -0
  137. package/dist/db/index.d.ts.map +1 -0
  138. package/dist/db/index.js +47 -0
  139. package/dist/db/index.js.map +1 -0
  140. package/dist/db/intents.d.ts +384 -0
  141. package/dist/db/intents.d.ts.map +1 -0
  142. package/dist/db/intents.js +93 -0
  143. package/dist/db/intents.js.map +1 -0
  144. package/dist/db/merkle.d.ts +344 -0
  145. package/dist/db/merkle.d.ts.map +1 -0
  146. package/dist/db/merkle.js +103 -0
  147. package/dist/db/merkle.js.map +1 -0
  148. package/dist/db/operations.d.ts +187 -0
  149. package/dist/db/operations.d.ts.map +1 -0
  150. package/dist/db/operations.js +68 -0
  151. package/dist/db/operations.js.map +1 -0
  152. package/dist/db/policy-versions.d.ts +112 -0
  153. package/dist/db/policy-versions.d.ts.map +1 -0
  154. package/dist/db/policy-versions.js +44 -0
  155. package/dist/db/policy-versions.js.map +1 -0
  156. package/dist/db/proofs.d.ts +296 -0
  157. package/dist/db/proofs.d.ts.map +1 -0
  158. package/dist/db/proofs.js +66 -0
  159. package/dist/db/proofs.js.map +1 -0
  160. package/dist/db/rbac.d.ts +655 -0
  161. package/dist/db/rbac.d.ts.map +1 -0
  162. package/dist/db/rbac.js +189 -0
  163. package/dist/db/rbac.js.map +1 -0
  164. package/dist/db/service-accounts.d.ts +571 -0
  165. package/dist/db/service-accounts.d.ts.map +1 -0
  166. package/dist/db/service-accounts.js +179 -0
  167. package/dist/db/service-accounts.js.map +1 -0
  168. package/dist/db/trust.d.ts +437 -0
  169. package/dist/db/trust.d.ts.map +1 -0
  170. package/dist/db/trust.js +111 -0
  171. package/dist/db/trust.js.map +1 -0
  172. package/dist/db/webhooks.d.ts +280 -0
  173. package/dist/db/webhooks.d.ts.map +1 -0
  174. package/dist/db/webhooks.js +94 -0
  175. package/dist/db/webhooks.js.map +1 -0
  176. package/dist/flags.d.ts +214 -0
  177. package/dist/flags.d.ts.map +1 -0
  178. package/dist/flags.js +443 -0
  179. package/dist/flags.js.map +1 -0
  180. package/dist/index.d.ts +3 -1
  181. package/dist/index.d.ts.map +1 -1
  182. package/dist/index.js +47 -4
  183. package/dist/index.js.map +1 -1
  184. package/dist/v2/canary-probe.js +10 -7
  185. package/dist/v2/canary-probe.js.map +1 -1
  186. package/dist/v2/component.js +2 -1
  187. package/dist/v2/component.js.map +1 -1
  188. package/dist/v2/decision.js +5 -2
  189. package/dist/v2/decision.js.map +1 -1
  190. package/dist/v2/enums.js +28 -25
  191. package/dist/v2/enums.js.map +1 -1
  192. package/dist/v2/evidence.js +75 -72
  193. package/dist/v2/evidence.js.map +1 -1
  194. package/dist/v2/execution.js +2 -1
  195. package/dist/v2/execution.js.map +1 -1
  196. package/dist/v2/index.js +29 -13
  197. package/dist/v2/index.js.map +1 -1
  198. package/dist/v2/intent.js +2 -1
  199. package/dist/v2/intent.js.map +1 -1
  200. package/dist/v2/policy-bundle.js +5 -2
  201. package/dist/v2/policy-bundle.js.map +1 -1
  202. package/dist/v2/pre-action-gate.js +10 -7
  203. package/dist/v2/pre-action-gate.js.map +1 -1
  204. package/dist/v2/proof-event.js +2 -1
  205. package/dist/v2/proof-event.js.map +1 -1
  206. package/dist/v2/retention.js +104 -101
  207. package/dist/v2/retention.js.map +1 -1
  208. package/dist/v2/trust-delta.js +5 -2
  209. package/dist/v2/trust-delta.js.map +1 -1
  210. package/dist/v2/trust-profile.js +12 -9
  211. package/dist/v2/trust-profile.js.map +1 -1
  212. package/dist/validators/decision.d.ts +2 -2
  213. package/dist/validators/decision.js +49 -46
  214. package/dist/validators/decision.js.map +1 -1
  215. package/dist/validators/enums.js +14 -11
  216. package/dist/validators/enums.js.map +1 -1
  217. package/dist/validators/index.js +30 -9
  218. package/dist/validators/index.js.map +1 -1
  219. package/dist/validators/intent.js +40 -37
  220. package/dist/validators/intent.js.map +1 -1
  221. package/dist/validators/proof-event.js +101 -98
  222. package/dist/validators/proof-event.js.map +1 -1
  223. package/dist/validators/trust-profile.js +40 -37
  224. package/dist/validators/trust-profile.js.map +1 -1
  225. package/package.json +65 -13
package/dist/db/trust.js ADDED
@@ -0,0 +1,111 @@
1
+ "use strict";
2
+ /**
3
+ * Trust Schema
4
+ *
5
+ * Database schema for trust records, signals, and history.
6
+ *
7
+ * @packageDocumentation
8
+ */
9
+ Object.defineProperty(exports, "__esModule", { value: true });
10
+ exports.trustHistory = exports.trustSignals = exports.trustRecords = exports.trustLevelEnum = void 0;
11
+ const pg_core_1 = require("drizzle-orm/pg-core");
12
+ /**
13
+ * Trust level enum (T0-T7)
14
+ *
15
+ * 8-tier model:
16
+ * - 0: T0 Sandbox
17
+ * - 1: T1 Observed
18
+ * - 2: T2 Provisional
19
+ * - 3: T3 Monitored
20
+ * - 4: T4 Standard
21
+ * - 5: T5 Trusted
22
+ * - 6: T6 Certified
23
+ * - 7: T7 Autonomous
24
+ */
25
+ exports.trustLevelEnum = (0, pg_core_1.pgEnum)('trust_level', ['0', '1', '2', '3', '4', '5', '6', '7']);
26
+ /**
27
+ * Trust records table - current trust state for entities
28
+ */
29
+ exports.trustRecords = (0, pg_core_1.pgTable)('trust_records', {
30
+ id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
31
+ entityId: (0, pg_core_1.uuid)('entity_id').notNull().unique(),
32
+ // Current score (0-1000)
33
+ score: (0, pg_core_1.integer)('score').notNull().default(200),
34
+ level: (0, exports.trustLevelEnum)('level').notNull().default('1'),
35
+ // Component scores (0.0 - 1.0)
36
+ behavioralScore: (0, pg_core_1.real)('behavioral_score').notNull().default(0.5),
37
+ complianceScore: (0, pg_core_1.real)('compliance_score').notNull().default(0.5),
38
+ identityScore: (0, pg_core_1.real)('identity_score').notNull().default(0.5),
39
+ contextScore: (0, pg_core_1.real)('context_score').notNull().default(0.5),
40
+ // Metadata
41
+ signalCount: (0, pg_core_1.integer)('signal_count').notNull().default(0),
42
+ lastCalculatedAt: (0, pg_core_1.timestamp)('last_calculated_at', { withTimezone: true })
43
+ .notNull()
44
+ .defaultNow(),
45
+ lastActivityAt: (0, pg_core_1.timestamp)('last_activity_at', { withTimezone: true })
46
+ .notNull()
47
+ .defaultNow(),
48
+ // Observability metadata for trust ceiling calculations
49
+ // Stores ObservabilityClass, attestation info, audit history, etc.
50
+ metadata: (0, pg_core_1.jsonb)('metadata').$type(),
51
+ // Timestamps
52
+ createdAt: (0, pg_core_1.timestamp)('created_at', { withTimezone: true })
53
+ .notNull()
54
+ .defaultNow(),
55
+ updatedAt: (0, pg_core_1.timestamp)('updated_at', { withTimezone: true })
56
+ .notNull()
57
+ .defaultNow(),
58
+ }, (table) => ({
59
+ entityIdIdx: (0, pg_core_1.index)('trust_records_entity_id_idx').on(table.entityId),
60
+ scoreIdx: (0, pg_core_1.index)('trust_records_score_idx').on(table.score),
61
+ levelIdx: (0, pg_core_1.index)('trust_records_level_idx').on(table.level),
62
+ }));
63
+ /**
64
+ * Trust signals table - behavioral events affecting trust
65
+ */
66
+ exports.trustSignals = (0, pg_core_1.pgTable)('trust_signals', {
67
+ id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
68
+ entityId: (0, pg_core_1.uuid)('entity_id').notNull(),
69
+ // Signal details
70
+ type: (0, pg_core_1.text)('type').notNull(), // e.g., 'behavioral.success', 'compliance.violation'
71
+ value: (0, pg_core_1.real)('value').notNull(), // 0.0 - 1.0
72
+ weight: (0, pg_core_1.real)('weight').notNull().default(1.0),
73
+ // Context
74
+ source: (0, pg_core_1.text)('source'), // Where the signal came from
75
+ metadata: (0, pg_core_1.jsonb)('metadata').$type(),
76
+ // Timestamp
77
+ timestamp: (0, pg_core_1.timestamp)('timestamp', { withTimezone: true })
78
+ .notNull()
79
+ .defaultNow(),
80
+ }, (table) => ({
81
+ entityIdIdx: (0, pg_core_1.index)('trust_signals_entity_id_idx').on(table.entityId),
82
+ typeIdx: (0, pg_core_1.index)('trust_signals_type_idx').on(table.type),
83
+ timestampIdx: (0, pg_core_1.index)('trust_signals_timestamp_idx').on(table.timestamp),
84
+ // Composite for efficient signal queries
85
+ entityTimestampIdx: (0, pg_core_1.index)('trust_signals_entity_timestamp_idx').on(table.entityId, table.timestamp),
86
+ }));
87
+ /**
88
+ * Trust history table - significant score changes
89
+ */
90
+ exports.trustHistory = (0, pg_core_1.pgTable)('trust_history', {
91
+ id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
92
+ entityId: (0, pg_core_1.uuid)('entity_id').notNull(),
93
+ // Score snapshot
94
+ score: (0, pg_core_1.integer)('score').notNull(),
95
+ previousScore: (0, pg_core_1.integer)('previous_score'),
96
+ level: (0, exports.trustLevelEnum)('level').notNull(),
97
+ previousLevel: (0, exports.trustLevelEnum)('previous_level'),
98
+ // Change details
99
+ reason: (0, pg_core_1.text)('reason').notNull(),
100
+ signalId: (0, pg_core_1.uuid)('signal_id'), // Reference to triggering signal
101
+ // Timestamp
102
+ timestamp: (0, pg_core_1.timestamp)('timestamp', { withTimezone: true })
103
+ .notNull()
104
+ .defaultNow(),
105
+ }, (table) => ({
106
+ entityIdIdx: (0, pg_core_1.index)('trust_history_entity_id_idx').on(table.entityId),
107
+ timestampIdx: (0, pg_core_1.index)('trust_history_timestamp_idx').on(table.timestamp),
108
+ // For history queries with ordering
109
+ entityTimestampIdx: (0, pg_core_1.index)('trust_history_entity_timestamp_idx').on(table.entityId, table.timestamp),
110
+ }));
111
+ //# sourceMappingURL=trust.js.map
package/dist/db/trust.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"trust.js","sourceRoot":"","sources":["../../src/db/trust.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAEH,iDAU6B;AAE7B;;;;;;;;;;;;GAYG;AACU,QAAA,cAAc,GAAG,IAAA,gBAAM,EAAC,aAAa,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AAE9F;;GAEG;AACU,QAAA,YAAY,GAAG,IAAA,iBAAO,EACjC,eAAe,EACf;IACE,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAC3C,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE;IAE9C,yBAAyB;IACzB,KAAK,EAAE,IAAA,iBAAO,EAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IAC9C,KAAK,EAAE,IAAA,sBAAc,EAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IAErD,+BAA+B;IAC/B,eAAe,EAAE,IAAA,cAAI,EAAC,kBAAkB,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IAChE,eAAe,EAAE,IAAA,cAAI,EAAC,kBAAkB,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IAChE,aAAa,EAAE,IAAA,cAAI,EAAC,gBAAgB,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IAC5D,YAAY,EAAE,IAAA,cAAI,EAAC,eAAe,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IAE1D,WAAW;IACX,WAAW,EAAE,IAAA,iBAAO,EAAC,cAAc,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IACzD,gBAAgB,EAAE,IAAA,mBAAS,EAAC,oBAAoB,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;SACtE,OAAO,EAAE;SACT,UAAU,EAAE;IACf,cAAc,EAAE,IAAA,mBAAS,EAAC,kBAAkB,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;SAClE,OAAO,EAAE;SACT,UAAU,EAAE;IAEf,wDAAwD;IACxD,mEAAmE;IACnE,QAAQ,EAAE,IAAA,eAAK,EAAC,UAAU,CAAC,CAAC,KAAK,EAO7B;IAEJ,aAAa;IACb,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;SACvD,OAAO,EAAE;SACT,UAAU,EAAE;IACf,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;SACvD,OAAO,EAAE;SACT,UAAU,EAAE;CAChB,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACV,WAAW,EAAE,IAAA,eAAK,EAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IACpE,QAAQ,EAAE,IAAA,eAAK,EAAC,yBAAyB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1D,QAAQ,EAAE,IAAA,eAAK,EAAC,yBAAyB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC;CAC3D,CAAC,CACH,CAAC;AAEF;;GAEG;AACU,QAAA,YAAY,GAAG,IAAA,iBAAO,EACjC,eAAe,EACf;IACE,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAC3C,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,iBAAiB;IACjB,IAAI,EAAE,IAAA,cAAI,EAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,qDAAqD;IACnF,KAAK,EAAE,IAAA,cAAI,EAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,YAAY;IAC5C,MAAM,EAAE,IAAA,cAAI,EAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IAE7C,UAAU;IACV,MAAM,EAAE,IAAA,cAAI,EAAC,QAAQ,CAAC,EAAE,6BAA6B;IACrD,QAAQ,EAAE,IAAA,eAAK,EAAC,UAAU,CAAC,CAAC,KAAK,EAA2B;IAE5D,YAAY;IACZ,SAAS,EAAE,IAAA,mBAAS,EAAC,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;SACtD,OAAO,EAAE;SACT,UAAU,EAAE;CAChB,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACV,WAAW,EAAE,IAAA,eAAK,EAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IACpE,OAAO,EAAE,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;IACvD,YAAY,EAAE,IAAA,eAAK,EAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IACtE,yCAAyC;IACzC,kBAAkB,EAAE,IAAA,eAAK,EAAC,oCAAoC,CAAC,CAAC,EAAE,CAChE,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,SAAS,CAChB;CACF,CAAC,CACH,CAAC;AAEF;;GAEG;AACU,QAAA,YAAY,GAAG,IAAA,iBAAO,EACjC,eAAe,EACf;IACE,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAC3C,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,iBAAiB;IACjB,KAAK,EAAE,IAAA,iBAAO,EAAC,OAAO,CAAC,CAAC,OAAO,EAAE;IACjC,aAAa,EAAE,IAAA,iBAAO,EAAC,gBAAgB,CAAC;IACxC,KAAK,EAAE,IAAA,sBAAc,EAAC,OAAO,CAAC,CAAC,OAAO,EAAE;IACxC,aAAa,EAAE,IAAA,sBAAc,EAAC,gBAAgB,CAAC;IAE/C,iBAAiB;IACjB,MAAM,EAAE,IAAA,cAAI,EAAC,QAAQ,CAAC,CAAC,OAAO,EAAE;IAChC,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,EAAE,iCAAiC;IAE9D,YAAY;IACZ,SAAS,EAAE,IAAA,mBAAS,EAAC,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;SACtD,OAAO,EAAE;SACT,UAAU,EAAE;CAChB,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACV,WAAW,EAAE,IAAA,eAAK,EAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IACpE,YAAY,EAAE,IAAA,eAAK,EAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IACtE,oCAAoC;IACpC,kBAAkB,EAAE,IAAA,eAAK,EAAC,oCAAoC,CAAC,CAAC,EAAE,CAChE,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,SAAS,CAChB;CACF,CAAC,CACH,CAAC"}
package/dist/db/webhooks.d.ts ADDED
@@ -0,0 +1,280 @@
1
+ /**
2
+ * Webhook Database Schema
3
+ *
4
+ * Defines the database schema for webhook configurations including
5
+ * secret management for request signing.
6
+ *
7
+ * @packageDocumentation
8
+ */
9
+ /**
10
+ * Webhook configurations table
11
+ *
12
+ * Stores webhook endpoint configurations including:
13
+ * - URL and event subscriptions
14
+ * - Secret hash for HMAC signing (not stored in plaintext)
15
+ * - Secret rotation tracking
16
+ * - SSRF protection via resolved IP pinning
17
+ */
18
+ export declare const webhookConfigs: import("drizzle-orm/pg-core").PgTableWithColumns<{
19
+ name: "webhook_configs";
20
+ schema: undefined;
21
+ columns: {
22
+ id: import("drizzle-orm/pg-core").PgColumn<{
23
+ name: "id";
24
+ tableName: "webhook_configs";
25
+ dataType: "string";
26
+ columnType: "PgUUID";
27
+ data: string;
28
+ driverParam: string;
29
+ notNull: true;
30
+ hasDefault: true;
31
+ enumValues: undefined;
32
+ baseColumn: never;
33
+ }, {}, {}>;
34
+ tenantId: import("drizzle-orm/pg-core").PgColumn<{
35
+ name: "tenant_id";
36
+ tableName: "webhook_configs";
37
+ dataType: "string";
38
+ columnType: "PgText";
39
+ data: string;
40
+ driverParam: string;
41
+ notNull: true;
42
+ hasDefault: false;
43
+ enumValues: [string, ...string[]];
44
+ baseColumn: never;
45
+ }, {}, {}>;
46
+ url: import("drizzle-orm/pg-core").PgColumn<{
47
+ name: "url";
48
+ tableName: "webhook_configs";
49
+ dataType: "string";
50
+ columnType: "PgText";
51
+ data: string;
52
+ driverParam: string;
53
+ notNull: true;
54
+ hasDefault: false;
55
+ enumValues: [string, ...string[]];
56
+ baseColumn: never;
57
+ }, {}, {}>;
58
+ secretHash: import("drizzle-orm/pg-core").PgColumn<{
59
+ name: "secret_hash";
60
+ tableName: "webhook_configs";
61
+ dataType: "string";
62
+ columnType: "PgText";
63
+ data: string;
64
+ driverParam: string;
65
+ notNull: true;
66
+ hasDefault: false;
67
+ enumValues: [string, ...string[]];
68
+ baseColumn: never;
69
+ }, {}, {}>;
70
+ secretPrefix: import("drizzle-orm/pg-core").PgColumn<{
71
+ name: "secret_prefix";
72
+ tableName: "webhook_configs";
73
+ dataType: "string";
74
+ columnType: "PgText";
75
+ data: string;
76
+ driverParam: string;
77
+ notNull: true;
78
+ hasDefault: false;
79
+ enumValues: [string, ...string[]];
80
+ baseColumn: never;
81
+ }, {}, {}>;
82
+ enabled: import("drizzle-orm/pg-core").PgColumn<{
83
+ name: "enabled";
84
+ tableName: "webhook_configs";
85
+ dataType: "boolean";
86
+ columnType: "PgBoolean";
87
+ data: boolean;
88
+ driverParam: boolean;
89
+ notNull: true;
90
+ hasDefault: true;
91
+ enumValues: undefined;
92
+ baseColumn: never;
93
+ }, {}, {}>;
94
+ events: import("drizzle-orm/pg-core").PgColumn<{
95
+ name: "events";
96
+ tableName: "webhook_configs";
97
+ dataType: "json";
98
+ columnType: "PgJsonb";
99
+ data: string[];
100
+ driverParam: unknown;
101
+ notNull: true;
102
+ hasDefault: false;
103
+ enumValues: undefined;
104
+ baseColumn: never;
105
+ }, {}, {}>;
106
+ retryAttempts: import("drizzle-orm/pg-core").PgColumn<{
107
+ name: "retry_attempts";
108
+ tableName: "webhook_configs";
109
+ dataType: "string";
110
+ columnType: "PgText";
111
+ data: string;
112
+ driverParam: string;
113
+ notNull: false;
114
+ hasDefault: false;
115
+ enumValues: [string, ...string[]];
116
+ baseColumn: never;
117
+ }, {}, {}>;
118
+ retryDelayMs: import("drizzle-orm/pg-core").PgColumn<{
119
+ name: "retry_delay_ms";
120
+ tableName: "webhook_configs";
121
+ dataType: "string";
122
+ columnType: "PgText";
123
+ data: string;
124
+ driverParam: string;
125
+ notNull: false;
126
+ hasDefault: false;
127
+ enumValues: [string, ...string[]];
128
+ baseColumn: never;
129
+ }, {}, {}>;
130
+ resolvedIp: import("drizzle-orm/pg-core").PgColumn<{
131
+ name: "resolved_ip";
132
+ tableName: "webhook_configs";
133
+ dataType: "string";
134
+ columnType: "PgText";
135
+ data: string;
136
+ driverParam: string;
137
+ notNull: false;
138
+ hasDefault: false;
139
+ enumValues: [string, ...string[]];
140
+ baseColumn: never;
141
+ }, {}, {}>;
142
+ lastRotatedAt: import("drizzle-orm/pg-core").PgColumn<{
143
+ name: "last_rotated_at";
144
+ tableName: "webhook_configs";
145
+ dataType: "date";
146
+ columnType: "PgTimestamp";
147
+ data: Date;
148
+ driverParam: string;
149
+ notNull: false;
150
+ hasDefault: false;
151
+ enumValues: undefined;
152
+ baseColumn: never;
153
+ }, {}, {}>;
154
+ createdAt: import("drizzle-orm/pg-core").PgColumn<{
155
+ name: "created_at";
156
+ tableName: "webhook_configs";
157
+ dataType: "date";
158
+ columnType: "PgTimestamp";
159
+ data: Date;
160
+ driverParam: string;
161
+ notNull: true;
162
+ hasDefault: true;
163
+ enumValues: undefined;
164
+ baseColumn: never;
165
+ }, {}, {}>;
166
+ updatedAt: import("drizzle-orm/pg-core").PgColumn<{
167
+ name: "updated_at";
168
+ tableName: "webhook_configs";
169
+ dataType: "date";
170
+ columnType: "PgTimestamp";
171
+ data: Date;
172
+ driverParam: string;
173
+ notNull: true;
174
+ hasDefault: true;
175
+ enumValues: undefined;
176
+ baseColumn: never;
177
+ }, {}, {}>;
178
+ };
179
+ dialect: "pg";
180
+ }>;
181
+ /**
182
+ * Webhook secret rotation history for audit purposes.
183
+ * Tracks when secrets were rotated and by whom.
184
+ */
185
+ export declare const webhookSecretRotations: import("drizzle-orm/pg-core").PgTableWithColumns<{
186
+ name: "webhook_secret_rotations";
187
+ schema: undefined;
188
+ columns: {
189
+ id: import("drizzle-orm/pg-core").PgColumn<{
190
+ name: "id";
191
+ tableName: "webhook_secret_rotations";
192
+ dataType: "string";
193
+ columnType: "PgUUID";
194
+ data: string;
195
+ driverParam: string;
196
+ notNull: true;
197
+ hasDefault: true;
198
+ enumValues: undefined;
199
+ baseColumn: never;
200
+ }, {}, {}>;
201
+ webhookId: import("drizzle-orm/pg-core").PgColumn<{
202
+ name: "webhook_id";
203
+ tableName: "webhook_secret_rotations";
204
+ dataType: "string";
205
+ columnType: "PgUUID";
206
+ data: string;
207
+ driverParam: string;
208
+ notNull: true;
209
+ hasDefault: false;
210
+ enumValues: undefined;
211
+ baseColumn: never;
212
+ }, {}, {}>;
213
+ tenantId: import("drizzle-orm/pg-core").PgColumn<{
214
+ name: "tenant_id";
215
+ tableName: "webhook_secret_rotations";
216
+ dataType: "string";
217
+ columnType: "PgText";
218
+ data: string;
219
+ driverParam: string;
220
+ notNull: true;
221
+ hasDefault: false;
222
+ enumValues: [string, ...string[]];
223
+ baseColumn: never;
224
+ }, {}, {}>;
225
+ rotatedBy: import("drizzle-orm/pg-core").PgColumn<{
226
+ name: "rotated_by";
227
+ tableName: "webhook_secret_rotations";
228
+ dataType: "string";
229
+ columnType: "PgText";
230
+ data: string;
231
+ driverParam: string;
232
+ notNull: false;
233
+ hasDefault: false;
234
+ enumValues: [string, ...string[]];
235
+ baseColumn: never;
236
+ }, {}, {}>;
237
+ previousSecretHash: import("drizzle-orm/pg-core").PgColumn<{
238
+ name: "previous_secret_hash";
239
+ tableName: "webhook_secret_rotations";
240
+ dataType: "string";
241
+ columnType: "PgText";
242
+ data: string;
243
+ driverParam: string;
244
+ notNull: false;
245
+ hasDefault: false;
246
+ enumValues: [string, ...string[]];
247
+ baseColumn: never;
248
+ }, {}, {}>;
249
+ reason: import("drizzle-orm/pg-core").PgColumn<{
250
+ name: "reason";
251
+ tableName: "webhook_secret_rotations";
252
+ dataType: "string";
253
+ columnType: "PgText";
254
+ data: string;
255
+ driverParam: string;
256
+ notNull: false;
257
+ hasDefault: false;
258
+ enumValues: [string, ...string[]];
259
+ baseColumn: never;
260
+ }, {}, {}>;
261
+ rotatedAt: import("drizzle-orm/pg-core").PgColumn<{
262
+ name: "rotated_at";
263
+ tableName: "webhook_secret_rotations";
264
+ dataType: "date";
265
+ columnType: "PgTimestamp";
266
+ data: Date;
267
+ driverParam: string;
268
+ notNull: true;
269
+ hasDefault: true;
270
+ enumValues: undefined;
271
+ baseColumn: never;
272
+ }, {}, {}>;
273
+ };
274
+ dialect: "pg";
275
+ }>;
276
+ export type WebhookConfigRow = typeof webhookConfigs.$inferSelect;
277
+ export type NewWebhookConfigRow = typeof webhookConfigs.$inferInsert;
278
+ export type WebhookSecretRotationRow = typeof webhookSecretRotations.$inferSelect;
279
+ export type NewWebhookSecretRotationRow = typeof webhookSecretRotations.$inferInsert;
280
+ //# sourceMappingURL=webhooks.d.ts.map
package/dist/db/webhooks.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../../src/db/webhooks.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAaH;;;;;;;;GAQG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA0DxB,CAAC;AAEJ;;;GAGG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6BhC,CAAC;AAMJ,MAAM,MAAM,gBAAgB,GAAG,OAAO,cAAc,CAAC,YAAY,CAAC;AAClE,MAAM,MAAM,mBAAmB,GAAG,OAAO,cAAc,CAAC,YAAY,CAAC;AACrE,MAAM,MAAM,wBAAwB,GAAG,OAAO,sBAAsB,CAAC,YAAY,CAAC;AAClF,MAAM,MAAM,2BAA2B,GAAG,OAAO,sBAAsB,CAAC,YAAY,CAAC"}
package/dist/db/webhooks.js ADDED
@@ -0,0 +1,94 @@
1
+ "use strict";
2
+ /**
3
+ * Webhook Database Schema
4
+ *
5
+ * Defines the database schema for webhook configurations including
6
+ * secret management for request signing.
7
+ *
8
+ * @packageDocumentation
9
+ */
10
+ Object.defineProperty(exports, "__esModule", { value: true });
11
+ exports.webhookSecretRotations = exports.webhookConfigs = void 0;
12
+ const pg_core_1 = require("drizzle-orm/pg-core");
13
+ /**
14
+ * Webhook configurations table
15
+ *
16
+ * Stores webhook endpoint configurations including:
17
+ * - URL and event subscriptions
18
+ * - Secret hash for HMAC signing (not stored in plaintext)
19
+ * - Secret rotation tracking
20
+ * - SSRF protection via resolved IP pinning
21
+ */
22
+ exports.webhookConfigs = (0, pg_core_1.pgTable)('webhook_configs', {
23
+ /** Unique webhook identifier */
24
+ id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
25
+ /** Tenant ID for multi-tenant isolation */
26
+ tenantId: (0, pg_core_1.text)('tenant_id').notNull(),
27
+ /** Webhook endpoint URL */
28
+ url: (0, pg_core_1.text)('url').notNull(),
29
+ /**
30
+ * Hashed webhook secret for signature verification.
31
+ * The actual secret is only returned once on creation/rotation.
32
+ * Stored as SHA-256 hash for verification purposes.
33
+ */
34
+ secretHash: (0, pg_core_1.text)('secret_hash').notNull(),
35
+ /**
36
+ * Secret ID prefix shown to users (e.g., "whsec_abc...xyz").
37
+ * Allows users to identify which secret is in use without exposing it.
38
+ */
39
+ secretPrefix: (0, pg_core_1.text)('secret_prefix').notNull(),
40
+ /** Whether the webhook is enabled for delivery */
41
+ enabled: (0, pg_core_1.boolean)('enabled').notNull().default(true),
42
+ /** Array of event types this webhook subscribes to */
43
+ events: (0, pg_core_1.jsonb)('events').notNull().$type(),
44
+ /** Number of retry attempts for failed deliveries */
45
+ retryAttempts: (0, pg_core_1.text)('retry_attempts'),
46
+ /** Delay between retry attempts in milliseconds */
47
+ retryDelayMs: (0, pg_core_1.text)('retry_delay_ms'),
48
+ /**
49
+ * Resolved IP address at registration time for DNS pinning.
50
+ * Prevents DNS rebinding attacks.
51
+ */
52
+ resolvedIp: (0, pg_core_1.text)('resolved_ip'),
53
+ /** Timestamp of last secret rotation */
54
+ lastRotatedAt: (0, pg_core_1.timestamp)('last_rotated_at', { withTimezone: true }),
55
+ /** Created timestamp */
56
+ createdAt: (0, pg_core_1.timestamp)('created_at', { withTimezone: true }).defaultNow().notNull(),
57
+ /** Updated timestamp */
58
+ updatedAt: (0, pg_core_1.timestamp)('updated_at', { withTimezone: true }).defaultNow().notNull(),
59
+ }, (table) => ({
60
+ /** Index for efficient tenant-scoped queries */
61
+ tenantIdx: (0, pg_core_1.index)('webhook_configs_tenant_idx').on(table.tenantId),
62
+ /** Index for finding webhooks by tenant and enabled status */
63
+ tenantEnabledIdx: (0, pg_core_1.index)('webhook_configs_tenant_enabled_idx').on(table.tenantId, table.enabled),
64
+ /** Unique constraint: only one webhook per URL per tenant */
65
+ tenantUrlUnique: (0, pg_core_1.uniqueIndex)('webhook_configs_tenant_url_unique').on(table.tenantId, table.url),
66
+ }));
67
+ /**
68
+ * Webhook secret rotation history for audit purposes.
69
+ * Tracks when secrets were rotated and by whom.
70
+ */
71
+ exports.webhookSecretRotations = (0, pg_core_1.pgTable)('webhook_secret_rotations', {
72
+ /** Unique rotation record identifier */
73
+ id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
74
+ /** Reference to the webhook */
75
+ webhookId: (0, pg_core_1.uuid)('webhook_id')
76
+ .notNull()
77
+ .references(() => exports.webhookConfigs.id, { onDelete: 'cascade' }),
78
+ /** Tenant ID for multi-tenant isolation */
79
+ tenantId: (0, pg_core_1.text)('tenant_id').notNull(),
80
+ /** User ID who performed the rotation (if applicable) */
81
+ rotatedBy: (0, pg_core_1.text)('rotated_by'),
82
+ /** Previous secret hash (for audit trail) */
83
+ previousSecretHash: (0, pg_core_1.text)('previous_secret_hash'),
84
+ /** Reason for rotation */
85
+ reason: (0, pg_core_1.text)('reason'),
86
+ /** Timestamp of rotation */
87
+ rotatedAt: (0, pg_core_1.timestamp)('rotated_at', { withTimezone: true }).defaultNow().notNull(),
88
+ }, (table) => ({
89
+ /** Index for efficient webhook history queries */
90
+ webhookIdx: (0, pg_core_1.index)('webhook_secret_rotations_webhook_idx').on(table.webhookId),
91
+ /** Index for tenant-scoped audit queries */
92
+ tenantIdx: (0, pg_core_1.index)('webhook_secret_rotations_tenant_idx').on(table.tenantId),
93
+ }));
94
+ //# sourceMappingURL=webhooks.js.map
package/dist/db/webhooks.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"webhooks.js","sourceRoot":"","sources":["../../src/db/webhooks.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,iDAS6B;AAE7B;;;;;;;;GAQG;AACU,QAAA,cAAc,GAAG,IAAA,iBAAO,EAAC,iBAAiB,EAAE;IACvD,gCAAgC;IAChC,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAE3C,2CAA2C;IAC3C,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,2BAA2B;IAC3B,GAAG,EAAE,IAAA,cAAI,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE;IAE1B;;;;OAIG;IACH,UAAU,EAAE,IAAA,cAAI,EAAC,aAAa,CAAC,CAAC,OAAO,EAAE;IAEzC;;;OAGG;IACH,YAAY,EAAE,IAAA,cAAI,EAAC,eAAe,CAAC,CAAC,OAAO,EAAE;IAE7C,kDAAkD;IAClD,OAAO,EAAE,IAAA,iBAAO,EAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAEnD,sDAAsD;IACtD,MAAM,EAAE,IAAA,eAAK,EAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,KAAK,EAAY;IAEnD,qDAAqD;IACrD,aAAa,EAAE,IAAA,cAAI,EAAC,gBAAgB,CAAC;IAErC,mDAAmD;IACnD,YAAY,EAAE,IAAA,cAAI,EAAC,gBAAgB,CAAC;IAEpC;;;OAGG;IACH,UAAU,EAAE,IAAA,cAAI,EAAC,aAAa,CAAC;IAE/B,wCAAwC;IACxC,aAAa,EAAE,IAAA,mBAAS,EAAC,iBAAiB,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAEnE,wBAAwB;IACxB,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;IAEjF,wBAAwB;IACxB,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;CAClF,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACb,gDAAgD;IAChD,SAAS,EAAE,IAAA,eAAK,EAAC,4BAA4B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAEjE,8DAA8D;IAC9D,gBAAgB,EAAE,IAAA,eAAK,EAAC,oCAAoC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC;IAE/F,6DAA6D;IAC7D,eAAe,EAAE,IAAA,qBAAW,EAAC,mCAAmC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC;CAChG,CAAC,CAAC,CAAC;AAEJ;;;GAGG;AACU,QAAA,sBAAsB,GAAG,IAAA,iBAAO,EAAC,0BAA0B,EAAE;IACxE,wCAAwC;IACxC,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAE3C,+BAA+B;IAC/B,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;SAC1B,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,sBAAc,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAE/D,2CAA2C;IAC3C,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,yDAAyD;IACzD,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;IAE7B,6CAA6C;IAC7C,kBAAkB,EAAE,IAAA,cAAI,EAAC,sBAAsB,CAAC;IAEhD,0BAA0B;IAC1B,MAAM,EAAE,IAAA,cAAI,EAAC,QAAQ,CAAC;IAEtB,4BAA4B;IAC5B,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;CAClF,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACb,kDAAkD;IAClD,UAAU,EAAE,IAAA,eAAK,EAAC,sCAAsC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAE7E,4CAA4C;IAC5C,SAAS,EAAE,IAAA,eAAK,EAAC,qCAAqC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;CAC3E,CAAC,CAAC,CAAC"}