@vorionsys/contracts 0.1.0 → 0.1.2

package/dist/db/service-accounts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service-accounts.d.ts","sourceRoot":"","sources":["../../src/db/service-accounts.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAiBH;;GAEG;AACH,eAAO,MAAM,wBAAwB,0EAInC,CAAC;AAMH;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4D3B,CAAC;AAMF;;GAEG;AACH,eAAO,MAAM,4BAA4B,qMAYvC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqElC,CAAC;AAMF;;;GAGG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwDzB,CAAC;AAMF,MAAM,MAAM,oBAAoB,GAAG,OAAO,eAAe,CAAC,YAAY,CAAC;AACvE,MAAM,MAAM,uBAAuB,GAAG,OAAO,eAAe,CAAC,YAAY,CAAC;AAE1E,MAAM,MAAM,4BAA4B,GAAG,OAAO,sBAAsB,CAAC,YAAY,CAAC;AACtF,MAAM,MAAM,+BAA+B,GAAG,OAAO,sBAAsB,CAAC,YAAY,CAAC;AAEzF,MAAM,MAAM,kBAAkB,GAAG,OAAO,aAAa,CAAC,YAAY,CAAC;AACnE,MAAM,MAAM,qBAAqB,GAAG,OAAO,aAAa,CAAC,YAAY,CAAC;AAMtE;;GAEG;AACH,MAAM,WAAW,uBAAwB,SAAQ,oBAAoB;IACnE,QAAQ,CAAC,EAAE,4BAA4B,EAAE,CAAC;IAC1C,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC;IAC5C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,IAAI,CAAC;IACpB,aAAa,CAAC,EAAE,IAAI,CAAC;IACrB,aAAa,CAAC,EAAE,IAAI,CAAC;IACrB,cAAc,CAAC,EAAE,IAAI,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,GAAG,WAAW,GAAG,YAAY,CAAC;IAC9C,QAAQ,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,OAAO,CAAC,EAAE,IAAI,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}

package/dist/db/service-accounts.js

@@ -0,0 +1,179 @@
+"use strict";
+/**
+ * Service Accounts Schema
+ *
+ * Database schema for service-to-service authentication accounts
+ * using Drizzle ORM.
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.serviceTokens = exports.serviceAccountAuditLog = exports.serviceAccountAuditEventEnum = exports.serviceAccounts = exports.serviceAccountStatusEnum = void 0;
+const pg_core_1 = require("drizzle-orm/pg-core");
+// =============================================================================
+// ENUMS
+// =============================================================================
+/**
+ * Service account status enum
+ */
+exports.serviceAccountStatusEnum = (0, pg_core_1.pgEnum)('service_account_status', [
+    'active',
+    'revoked',
+    'suspended',
+]);
+// =============================================================================
+// SERVICE ACCOUNTS TABLE
+// =============================================================================
+/**
+ * Service accounts table - stores service account credentials and metadata
+ */
+exports.serviceAccounts = (0, pg_core_1.pgTable)('service_accounts', {
+    // Primary key
+    id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
+    // Unique client identifier (e.g., svc_abc123...)
+    clientId: (0, pg_core_1.text)('client_id').notNull().unique(),
+    // Hashed client secret (SHA-256)
+    clientSecret: (0, pg_core_1.text)('client_secret').notNull(),
+    // Human-readable name
+    name: (0, pg_core_1.text)('name').notNull(),
+    // Description of the service
+    description: (0, pg_core_1.text)('description'),
+    // Tenant ownership
+    tenantId: (0, pg_core_1.uuid)('tenant_id').notNull(),
+    // Permissions granted to this service
+    permissions: (0, pg_core_1.jsonb)('permissions').$type().notNull().default([]),
+    // Optional IP whitelist for additional security
+    ipWhitelist: (0, pg_core_1.jsonb)('ip_whitelist').$type(),
+    // Status
+    status: (0, exports.serviceAccountStatusEnum)('status').notNull().default('active'),
+    // Timestamps
+    createdAt: (0, pg_core_1.timestamp)('created_at', { withTimezone: true }).notNull().defaultNow(),
+    lastUsedAt: (0, pg_core_1.timestamp)('last_used_at', { withTimezone: true }),
+    secretRotatedAt: (0, pg_core_1.timestamp)('secret_rotated_at', { withTimezone: true }),
+    // User who created the account
+    createdBy: (0, pg_core_1.text)('created_by'),
+    // Additional metadata
+    metadata: (0, pg_core_1.jsonb)('metadata').$type().default({}),
+}, (table) => ({
+    // Unique constraint on client ID for fast lookup
+    clientIdUniqueIdx: (0, pg_core_1.uniqueIndex)('service_accounts_client_id_unique_idx').on(table.clientId),
+    // Index by tenant for listing
+    tenantIdIdx: (0, pg_core_1.index)('service_accounts_tenant_id_idx').on(table.tenantId),
+    // Composite index for listing with status filter
+    tenantStatusIdx: (0, pg_core_1.index)('service_accounts_tenant_status_idx').on(table.tenantId, table.status),
+    // Index for status-based queries
+    statusIdx: (0, pg_core_1.index)('service_accounts_status_idx').on(table.status),
+    // Index for finding accounts by name within tenant
+    tenantNameIdx: (0, pg_core_1.index)('service_accounts_tenant_name_idx').on(table.tenantId, table.name),
+    // Index for audit: recently used accounts
+    lastUsedAtIdx: (0, pg_core_1.index)('service_accounts_last_used_at_idx').on(table.lastUsedAt),
+}));
+// =============================================================================
+// SERVICE ACCOUNT AUDIT LOG TABLE
+// =============================================================================
+/**
+ * Service account audit event types
+ */
+exports.serviceAccountAuditEventEnum = (0, pg_core_1.pgEnum)('service_account_audit_event', [
+    'created',
+    'updated',
+    'revoked',
+    'suspended',
+    'reactivated',
+    'deleted',
+    'secret_rotated',
+    'auth_success',
+    'auth_failure',
+    'permission_denied',
+    'ip_blocked',
+]);
+/**
+ * Service account audit log table - tracks all changes to service accounts
+ */
+exports.serviceAccountAuditLog = (0, pg_core_1.pgTable)('service_account_audit_log', {
+    // Primary key
+    id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
+    // Reference to service account
+    serviceAccountId: (0, pg_core_1.uuid)('service_account_id').notNull(),
+    // Client ID (stored separately for audit even if account deleted)
+    clientId: (0, pg_core_1.text)('client_id').notNull(),
+    // Tenant ID (stored separately for audit)
+    tenantId: (0, pg_core_1.uuid)('tenant_id').notNull(),
+    // Event type
+    event: (0, exports.serviceAccountAuditEventEnum)('event').notNull(),
+    // Actor who performed the action (user ID or system)
+    actorId: (0, pg_core_1.text)('actor_id'),
+    actorType: (0, pg_core_1.text)('actor_type').notNull().default('user'), // 'user', 'system', 'service'
+    // Request context
+    ipAddress: (0, pg_core_1.text)('ip_address'),
+    userAgent: (0, pg_core_1.text)('user_agent'),
+    requestId: (0, pg_core_1.text)('request_id'),
+    // Event details
+    details: (0, pg_core_1.jsonb)('details').$type().default({}),
+    // Previous state (for updates)
+    previousState: (0, pg_core_1.jsonb)('previous_state').$type(),
+    // New state (for updates)
+    newState: (0, pg_core_1.jsonb)('new_state').$type(),
+    // Timestamp
+    timestamp: (0, pg_core_1.timestamp)('timestamp', { withTimezone: true }).notNull().defaultNow(),
+}, (table) => ({
+    // Index for looking up audit by service account
+    serviceAccountIdIdx: (0, pg_core_1.index)('service_account_audit_service_account_id_idx').on(table.serviceAccountId),
+    // Index for looking up audit by client ID (even after deletion)
+    clientIdIdx: (0, pg_core_1.index)('service_account_audit_client_id_idx').on(table.clientId),
+    // Index for tenant-wide audit queries
+    tenantIdIdx: (0, pg_core_1.index)('service_account_audit_tenant_id_idx').on(table.tenantId),
+    // Index for filtering by event type
+    eventIdx: (0, pg_core_1.index)('service_account_audit_event_idx').on(table.event),
+    // Index for time-based queries
+    timestampIdx: (0, pg_core_1.index)('service_account_audit_timestamp_idx').on(table.timestamp),
+    // Composite for tenant + time range queries
+    tenantTimestampIdx: (0, pg_core_1.index)('service_account_audit_tenant_timestamp_idx').on(table.tenantId, table.timestamp),
+    // Composite for service account + event queries
+    serviceAccountEventIdx: (0, pg_core_1.index)('service_account_audit_sa_event_idx').on(table.serviceAccountId, table.event),
+}));
+// =============================================================================
+// SERVICE TOKENS TABLE (Optional - for token tracking/revocation)
+// =============================================================================
+/**
+ * Service tokens table - tracks issued service tokens for revocation support
+ * Optional: Only needed if you want to track and revoke individual tokens
+ */
+exports.serviceTokens = (0, pg_core_1.pgTable)('service_tokens', {
+    // Primary key - the JWT ID (jti)
+    id: (0, pg_core_1.uuid)('id').primaryKey().defaultRandom(),
+    // JWT ID for lookup
+    jti: (0, pg_core_1.text)('jti').notNull().unique(),
+    // Reference to service account
+    serviceAccountId: (0, pg_core_1.uuid)('service_account_id')
+        .notNull()
+        .references(() => exports.serviceAccounts.id, { onDelete: 'cascade' }),
+    // Client ID (for queries after account deletion)
+    clientId: (0, pg_core_1.text)('client_id').notNull(),
+    // Tenant ID
+    tenantId: (0, pg_core_1.uuid)('tenant_id').notNull(),
+    // Token metadata
+    issuedAt: (0, pg_core_1.timestamp)('issued_at', { withTimezone: true }).notNull(),
+    expiresAt: (0, pg_core_1.timestamp)('expires_at', { withTimezone: true }).notNull(),
+    // Revocation status
+    revokedAt: (0, pg_core_1.timestamp)('revoked_at', { withTimezone: true }),
+    revokedBy: (0, pg_core_1.text)('revoked_by'),
+    revokedReason: (0, pg_core_1.text)('revoked_reason'),
+    // Request context at issuance
+    issuedIp: (0, pg_core_1.text)('issued_ip'),
+    issuedUserAgent: (0, pg_core_1.text)('issued_user_agent'),
+}, (table) => ({
+    // Unique index on JTI for fast lookup
+    jtiUniqueIdx: (0, pg_core_1.uniqueIndex)('service_tokens_jti_unique_idx').on(table.jti),
+    // Index for service account token queries
+    serviceAccountIdIdx: (0, pg_core_1.index)('service_tokens_service_account_id_idx').on(table.serviceAccountId),
+    // Index for tenant queries
+    tenantIdIdx: (0, pg_core_1.index)('service_tokens_tenant_id_idx').on(table.tenantId),
+    // Index for expiration cleanup
+    expiresAtIdx: (0, pg_core_1.index)('service_tokens_expires_at_idx').on(table.expiresAt),
+    // Index for revocation queries
+    revokedAtIdx: (0, pg_core_1.index)('service_tokens_revoked_at_idx').on(table.revokedAt),
+    // Composite for finding active tokens
+    activeTokensIdx: (0, pg_core_1.index)('service_tokens_active_idx').on(table.serviceAccountId, table.expiresAt, table.revokedAt),
+}));
+//# sourceMappingURL=service-accounts.js.map

package/dist/db/service-accounts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"service-accounts.js","sourceRoot":"","sources":["../../src/db/service-accounts.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,iDAS6B;AAE7B,gFAAgF;AAChF,QAAQ;AACR,gFAAgF;AAEhF;;GAEG;AACU,QAAA,wBAAwB,GAAG,IAAA,gBAAM,EAAC,wBAAwB,EAAE;IACvE,QAAQ;IACR,SAAS;IACT,WAAW;CACZ,CAAC,CAAC;AAEH,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF;;GAEG;AACU,QAAA,eAAe,GAAG,IAAA,iBAAO,EACpC,kBAAkB,EAClB;IACE,cAAc;IACd,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAE3C,iDAAiD;IACjD,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE;IAE9C,iCAAiC;IACjC,YAAY,EAAE,IAAA,cAAI,EAAC,eAAe,CAAC,CAAC,OAAO,EAAE;IAE7C,sBAAsB;IACtB,IAAI,EAAE,IAAA,cAAI,EAAC,MAAM,CAAC,CAAC,OAAO,EAAE;IAE5B,6BAA6B;IAC7B,WAAW,EAAE,IAAA,cAAI,EAAC,aAAa,CAAC;IAEhC,mBAAmB;IACnB,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,sCAAsC;IACtC,WAAW,EAAE,IAAA,eAAK,EAAC,aAAa,CAAC,CAAC,KAAK,EAAY,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAEzE,gDAAgD;IAChD,WAAW,EAAE,IAAA,eAAK,EAAC,cAAc,CAAC,CAAC,KAAK,EAAY;IAEpD,SAAS;IACT,MAAM,EAAE,IAAA,gCAAwB,EAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC;IAEtE,aAAa;IACb,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,UAAU,EAAE;IACjF,UAAU,EAAE,IAAA,mBAAS,EAAC,cAAc,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAC7D,eAAe,EAAE,IAAA,mBAAS,EAAC,mBAAmB,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAEvE,+BAA+B;IAC/B,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;IAE7B,sBAAsB;IACtB,QAAQ,EAAE,IAAA,eAAK,EAAC,UAAU,CAAC,CAAC,KAAK,EAA2B,CAAC,OAAO,CAAC,EAAE,CAAC;CACzE,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACV,iDAAiD;IACjD,iBAAiB,EAAE,IAAA,qBAAW,EAAC,uCAAuC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAE1F,8BAA8B;IAC9B,WAAW,EAAE,IAAA,eAAK,EAAC,gCAAgC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAEvE,iDAAiD;IACjD,eAAe,EAAE,IAAA,eAAK,EAAC,oCAAoC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC;IAE7F,iCAAiC;IACjC,SAAS,EAAE,IAAA,eAAK,EAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;IAEhE,mDAAmD;IACnD,aAAa,EAAE,IAAA,eAAK,EAAC,kCAAkC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC;IAEvF,0CAA0C;IAC1C,aAAa,EAAE,IAAA,eAAK,EAAC,mCAAmC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC;CAC/E,CAAC,CACH,CAAC;AAEF,gFAAgF;AAChF,kCAAkC;AAClC,gFAAgF;AAEhF;;GAEG;AACU,QAAA,4BAA4B,GAAG,IAAA,gBAAM,EAAC,6BAA6B,EAAE;IAChF,SAAS;IACT,SAAS;IACT,SAAS;IACT,WAAW;IACX,aAAa;IACb,SAAS;IACT,gBAAgB;IAChB,cAAc;IACd,cAAc;IACd,mBAAmB;IACnB,YAAY;CACb,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,sBAAsB,GAAG,IAAA,iBAAO,EAC3C,2BAA2B,EAC3B;IACE,cAAc;IACd,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAE3C,+BAA+B;IAC/B,gBAAgB,EAAE,IAAA,cAAI,EAAC,oBAAoB,CAAC,CAAC,OAAO,EAAE;IAEtD,kEAAkE;IAClE,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,0CAA0C;IAC1C,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,aAAa;IACb,KAAK,EAAE,IAAA,oCAA4B,EAAC,OAAO,CAAC,CAAC,OAAO,EAAE;IAEtD,qDAAqD;IACrD,OAAO,EAAE,IAAA,cAAI,EAAC,UAAU,CAAC;IACzB,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,8BAA8B;IAEvF,kBAAkB;IAClB,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;IAC7B,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;IAC7B,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;IAE7B,gBAAgB;IAChB,OAAO,EAAE,IAAA,eAAK,EAAC,SAAS,CAAC,CAAC,KAAK,EAA2B,CAAC,OAAO,CAAC,EAAE,CAAC;IAEtE,+BAA+B;IAC/B,aAAa,EAAE,IAAA,eAAK,EAAC,gBAAgB,CAAC,CAAC,KAAK,EAA2B;IAEvE,0BAA0B;IAC1B,QAAQ,EAAE,IAAA,eAAK,EAAC,WAAW,CAAC,CAAC,KAAK,EAA2B;IAE7D,YAAY;IACZ,SAAS,EAAE,IAAA,mBAAS,EAAC,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,UAAU,EAAE;CACjF,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACV,gDAAgD;IAChD,mBAAmB,EAAE,IAAA,eAAK,EAAC,8CAA8C,CAAC,CAAC,EAAE,CAC3E,KAAK,CAAC,gBAAgB,CACvB;IAED,gEAAgE;IAChE,WAAW,EAAE,IAAA,eAAK,EAAC,qCAAqC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAE5E,sCAAsC;IACtC,WAAW,EAAE,IAAA,eAAK,EAAC,qCAAqC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAE5E,oCAAoC;IACpC,QAAQ,EAAE,IAAA,eAAK,EAAC,iCAAiC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC;IAElE,+BAA+B;IAC/B,YAAY,EAAE,IAAA,eAAK,EAAC,qCAAqC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAE9E,4CAA4C;IAC5C,kBAAkB,EAAE,IAAA,eAAK,EAAC,4CAA4C,CAAC,CAAC,EAAE,CACxE,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,SAAS,CAChB;IAED,gDAAgD;IAChD,sBAAsB,EAAE,IAAA,eAAK,EAAC,oCAAoC,CAAC,CAAC,EAAE,CACpE,KAAK,CAAC,gBAAgB,EACtB,KAAK,CAAC,KAAK,CACZ;CACF,CAAC,CACH,CAAC;AAEF,gFAAgF;AAChF,kEAAkE;AAClE,gFAAgF;AAEhF;;;GAGG;AACU,QAAA,aAAa,GAAG,IAAA,iBAAO,EAClC,gBAAgB,EAChB;IACE,iCAAiC;IACjC,EAAE,EAAE,IAAA,cAAI,EAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC,aAAa,EAAE;IAE3C,oBAAoB;IACpB,GAAG,EAAE,IAAA,cAAI,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE;IAEnC,+BAA+B;IAC/B,gBAAgB,EAAE,IAAA,cAAI,EAAC,oBAAoB,CAAC;SACzC,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,uBAAe,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAEhE,iDAAiD;IACjD,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,YAAY;IACZ,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC,CAAC,OAAO,EAAE;IAErC,iBAAiB;IACjB,QAAQ,EAAE,IAAA,mBAAS,EAAC,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IAClE,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IAEpE,oBAAoB;IACpB,SAAS,EAAE,IAAA,mBAAS,EAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAC1D,SAAS,EAAE,IAAA,cAAI,EAAC,YAAY,CAAC;IAC7B,aAAa,EAAE,IAAA,cAAI,EAAC,gBAAgB,CAAC;IAErC,8BAA8B;IAC9B,QAAQ,EAAE,IAAA,cAAI,EAAC,WAAW,CAAC;IAC3B,eAAe,EAAE,IAAA,cAAI,EAAC,mBAAmB,CAAC;CAC3C,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACV,sCAAsC;IACtC,YAAY,EAAE,IAAA,qBAAW,EAAC,+BAA+B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC;IAExE,0CAA0C;IAC1C,mBAAmB,EAAE,IAAA,eAAK,EAAC,uCAAuC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC;IAE9F,2BAA2B;IAC3B,WAAW,EAAE,IAAA,eAAK,EAAC,8BAA8B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;IAErE,+BAA+B;IAC/B,YAAY,EAAE,IAAA,eAAK,EAAC,+BAA+B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAExE,+BAA+B;IAC/B,YAAY,EAAE,IAAA,eAAK,EAAC,+BAA+B,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAExE,sCAAsC;IACtC,eAAe,EAAE,IAAA,eAAK,EAAC,2BAA2B,CAAC,CAAC,EAAE,CACpD,KAAK,CAAC,gBAAgB,EACtB,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,SAAS,CAChB;CACF,CAAC,CACH,CAAC"}