npm - @workos-inc/node - Versions diffs - 8.7.0 → 8.9.0 - Mend

@workos-inc/node 8.7.0 → 8.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2466) hide show

package/lib/factory-ClnPnWTz.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"factory-ClnPnWTz.mjs","names":["deserializeFactor","deserializeFactorWithSecrets","deserializeRole","uint8ArrayToBase64","base64ToUint8Array","base64ToUint8Array","uint8ArrayToBase64","ironSeal","ironUnseal","deserializeFactorWithSecrets","deserializeFactor","serializeCreateResourceOptions","serializeCreateResourceOptions","serializeCreateResourceOptions","deserializeRole","VERSION"],"sources":["../src/common/crypto/crypto-provider.ts","../src/common/crypto/subtle-crypto-provider.ts","../src/common/net/http-client.ts","../src/common/exceptions/parse-error.ts","../src/common/net/fetch-client.ts","../src/common/exceptions/api-key-required.exception.ts","../src/common/exceptions/generic-server.exception.ts","../src/common/exceptions/bad-request.exception.ts","../src/common/exceptions/no-api-key-provided.exception.ts","../src/common/exceptions/not-found.exception.ts","../src/common/exceptions/oauth.exception.ts","../src/common/exceptions/rate-limit-exceeded.exception.ts","../src/common/exceptions/signature-verification.exception.ts","../src/common/exceptions/unauthorized.exception.ts","../src/common/exceptions/unprocessable-entity.exception.ts","../src/common/crypto/signature-provider.ts","../src/common/utils/unreachable.ts","../src/organization-domains/serializers/organization-domain.serializer.ts","../src/organizations/serializers/organization.serializer.ts","../src/user-management/serializers/authenticate-with-code-options.serializer.ts","../src/user-management/serializers/authenticate-with-code-and-verifier-options.serializer.ts","../src/user-management/serializers/authenticate-with-magic-auth-options.serializer.ts","../src/user-management/serializers/authenticate-with-password-options.serializer.ts","../src/user-management/serializers/authenticate-with-refresh-token.options.serializer.ts","../src/user-management/serializers/authenticate-with-refresh-token-public-client-options.serializer.ts","../src/user-management/serializers/authenticate-with-totp-options.serializer.ts","../src/user-management/serializers/authentication-event.serializer.ts","../src/user-management/serializers/oauth-tokens.serializer.ts","../src/user-management/serializers/user.serializer.ts","../src/user-management/serializers/authentication-response.serializer.ts","../src/user-management/serializers/create-magic-auth-options.serializer.ts","../src/user-management/serializers/create-password-reset-options.serializer.ts","../src/user-management/serializers/email-verification.serializer.ts","../src/user-management/serializers/enroll-auth-factor-options.serializer.ts","../src/mfa/serializers/totp.serializer.ts","../src/user-management/serializers/factor.serializer.ts","../src/user-management/serializers/invitation.serializer.ts","../src/user-management/serializers/list-sessions-options.serializer.ts","../src/user-management/serializers/magic-auth.serializer.ts","../src/user-management/serializers/password-reset.serializer.ts","../src/user-management/serializers/reset-password-options.serializer.ts","../src/user-management/serializers/session.serializer.ts","../src/user-management/serializers/create-user-options.serializer.ts","../src/user-management/serializers/update-user-options.serializer.ts","../src/user-management/serializers/organization-membership.serializer.ts","../src/actions/serializers/action.serializer.ts","../src/actions/actions.ts","../src/directory-sync/serializers/directory-group.serializer.ts","../src/directory-sync/serializers/directory-user.serializer.ts","../src/directory-sync/serializers/directory.serializer.ts","../src/directory-sync/serializers/list-directories-options.serializer.ts","../src/organizations/serializers/create-organization-options.serializer.ts","../src/organizations/serializers/update-organization-options.serializer.ts","../src/sso/serializers/connection.serializer.ts","../src/sso/serializers/list-connections-options.serializer.ts","../src/sso/serializers/profile.serializer.ts","../src/sso/serializers/profile-and-token.serializer.ts","../src/user-management/serializers/role.serializer.ts","../src/user-management/serializers/authentication-radar-risk-event-serializer.ts","../src/api-keys/serializers/api-key.serializer.ts","../src/authorization/serializers/organization-role.serializer.ts","../src/authorization/serializers/permission.serializer.ts","../src/feature-flags/serializers/feature-flag.serializer.ts","../src/common/serializers/event.serializer.ts","../src/common/serializers/list.serializer.ts","../src/common/serializers/pagination-options.serializer.ts","../src/webhooks/webhooks.ts","../src/pkce/pkce.ts","../src/api-keys/serializers/validate-api-key.serializer.ts","../src/api-keys/api-keys.ts","../src/common/utils/pagination.ts","../src/common/utils/fetch-and-deserialize.ts","../src/directory-sync/directory-sync.ts","../src/events/serializers/list-event-options.serializer.ts","../src/events/events.ts","../src/roles/serializers/role.serializer.ts","../src/api-keys/serializers/create-organization-api-key-options.serializer.ts","../src/api-keys/serializers/created-api-key.serializer.ts","../src/organizations/organizations.ts","../src/organization-domains/serializers/create-organization-domain-options.serializer.ts","../src/organization-domains/organization-domains.ts","../src/passwordless/serializers/passwordless-session.serializer.ts","../src/passwordless/passwordless.ts","../src/pipes/serializers/access-token.serializer.ts","../src/pipes/serializers/get-access-token.serializer.ts","../src/pipes/pipes.ts","../src/portal/portal.ts","../src/common/utils/query-string.ts","../src/sso/sso.ts","../src/mfa/serializers/challenge.serializer.ts","../src/mfa/serializers/sms.serializer.ts","../src/mfa/serializers/factor.serializer.ts","../src/mfa/serializers/verify-response.serializer.ts","../src/mfa/mfa.ts","../src/audit-logs/serializers/audit-log-export.serializer.ts","../src/audit-logs/serializers/audit-log-export-options.serializer.ts","../src/audit-logs/serializers/create-audit-log-event-options.serializer.ts","../src/audit-logs/serializers/create-audit-log-schema-options.serializer.ts","../src/audit-logs/serializers/create-audit-log-schema.serializer.ts","../src/audit-logs/audit-logs.ts","../node_modules/uint8array-extras/index.js","../node_modules/iron-webcrypto/index.js","../src/common/crypto/seal.ts","../src/common/utils/env.ts","../src/user-management/interfaces/authenticate-with-session-cookie.interface.ts","../src/user-management/interfaces/revoke-session-options.interface.ts","../src/user-management/serializers/authenticate-with-email-verification.serializer.ts","../src/user-management/serializers/authenticate-with-organization-selection-options.serializer.ts","../src/user-management/serializers/create-organization-membership-options.serializer.ts","../src/user-management/serializers/identity.serializer.ts","../src/user-management/serializers/list-invitations-options.serializer.ts","../src/user-management/serializers/list-organization-memberships-options.serializer.ts","../src/user-management/serializers/list-users-options.serializer.ts","../src/user-management/serializers/resend-invitation-options.serializer.ts","../src/user-management/interfaces/refresh-and-seal-session-data.interface.ts","../src/user-management/serializers/send-invitation-options.serializer.ts","../src/user-management/serializers/update-organization-membership-options.serializer.ts","../src/utils/jose.ts","../src/user-management/session.ts","../src/user-management/user-management.ts","../src/fga/interfaces/check-op.enum.ts","../src/fga/utils/interface-check.ts","../src/fga/serializers/check-options.serializer.ts","../src/fga/interfaces/check.interface.ts","../src/fga/interfaces/resource-op.enum.ts","../src/fga/interfaces/warrant-op.enum.ts","../src/fga/serializers/create-resource-options.serializer.ts","../src/fga/serializers/delete-resource-options.serializer.ts","../src/fga/serializers/batch-write-resources-options.serializer.ts","../src/fga/serializers/list-resources-options.serializer.ts","../src/fga/serializers/list-warrants-options.serializer.ts","../src/fga/serializers/query-options.serializer.ts","../src/fga/serializers/query-result.serializer.ts","../src/fga/serializers/resource.serializer.ts","../src/fga/serializers/warrant-token.serializer.ts","../src/fga/serializers/warrant.serializer.ts","../src/fga/serializers/write-warrant-options.serializer.ts","../src/fga/serializers/list.serializer.ts","../src/fga/utils/fga-paginatable.ts","../src/fga/utils/fetch-and-deserialize-list.ts","../src/fga/fga.ts","../src/feature-flags/feature-flags.ts","../src/widgets/interfaces/get-token.ts","../src/widgets/widgets.ts","../src/authorization/serializers/environment-role.serializer.ts","../src/authorization/serializers/create-environment-role-options.serializer.ts","../src/authorization/serializers/update-environment-role-options.serializer.ts","../src/authorization/serializers/create-organization-role-options.serializer.ts","../src/authorization/serializers/update-organization-role-options.serializer.ts","../src/authorization/serializers/create-permission-options.serializer.ts","../src/authorization/serializers/update-permission-options.serializer.ts","../src/authorization/serializers/authorization-resource.serializer.ts","../src/authorization/serializers/create-authorization-resource-options.serializer.ts","../src/authorization/serializers/update-authorization-resource-options.serializer.ts","../src/authorization/serializers/update-authorization-resource-by-external-id-options.serializer.ts","../src/authorization/serializers/list-authorization-resources-options.serializer.ts","../src/authorization/serializers/authorization-check-options.serializer.ts","../src/authorization/serializers/list-resources-for-membership-options.serializer.ts","../src/authorization/serializers/list-memberships-for-resource-options.serializer.ts","../src/authorization/serializers/role-assignment.serializer.ts","../src/authorization/serializers/assign-role-options.serializer.ts","../src/authorization/serializers/remove-role-options.serializer.ts","../src/authorization/authorization.ts","../src/common/utils/leb128.ts","../src/common/utils/base64.ts","../src/vault/serializers/vault-key.serializer.ts","../src/vault/serializers/vault-object.serializer.ts","../src/vault/vault.ts","../src/common/exceptions/conflict.exception.ts","../src/common/utils/runtime-info.ts","../package.json","../src/workos.ts","../src/organizations/interfaces/domain-data.interface.ts","../src/organization-domains/interfaces/organization-domain.interface.ts","../src/portal/interfaces/generate-portal-link-intent.interface.ts","../src/sso/interfaces/connection-type.enum.ts","../src/factory.ts"],"sourcesContent":["/**\n * Interface encapsulating the various crypto computations used by the library,\n * allowing pluggable underlying crypto implementations.\n */\nexport abstract class CryptoProvider {\n encoder = new TextEncoder();\n\n /**\n * Computes a SHA-256 HMAC given a secret and a payload (encoded in UTF-8).\n * The output HMAC should be encoded in hexadecimal.\n *\n * Sample values for implementations:\n * - computeHMACSignature('', 'test_secret') => 'f7f9bd47fb987337b5796fdc1fdb9ba221d0d5396814bfcaf9521f43fd8927fd'\n * - computeHMACSignature('\\ud83d\\ude00', 'test_secret') => '837da296d05c4fe31f61d5d7ead035099d9585a5bcde87de952012a78f0b0c43\n */\n abstract computeHMACSignature(payload: string, secret: string): string;\n\n /**\n * Asynchronous version of `computeHMACSignature`. Some implementations may\n * only allow support async signature computation.\n *\n * Computes a SHA-256 HMAC given a secret and a payload (encoded in UTF-8).\n * The output HMAC should be encoded in hexadecimal.\n *\n * Sample values for implementations:\n * - computeHMACSignature('', 'test_secret') => 'f7f9bd47fb987337b5796fdc1fdb9ba221d0d5396814bfcaf9521f43fd8927fd'\n * - computeHMACSignature('\\ud83d\\ude00', 'test_secret') => '837da296d05c4fe31f61d5d7ead035099d9585a5bcde87de952012a78f0b0c43\n */\n abstract computeHMACSignatureAsync(\n payload: string,\n secret: string,\n ): Promise<string>;\n\n /**\n * Cryptographically determine whether two signatures are equal\n */\n abstract secureCompare(stringA: string, stringB: string): Promise<boolean>;\n\n /**\n * Encrypts data using AES-256-GCM algorithm.\n *\n * @param plaintext The data to encrypt\n * @param key The encryption key (should be 32 bytes for AES-256)\n * @param iv Optional initialization vector (if not provided, a random one will be generated)\n * @param aad Optional additional authenticated data\n * @returns Object containing the encrypted ciphertext, the IV used, and the authentication tag\n */\n abstract encrypt(\n plaintext: Uint8Array,\n key: Uint8Array,\n iv?: Uint8Array,\n aad?: Uint8Array,\n ): Promise<{\n ciphertext: Uint8Array;\n iv: Uint8Array;\n tag: Uint8Array;\n }>;\n\n /**\n * Decrypts data that was encrypted using AES-256-GCM algorithm.\n *\n * @param ciphertext The encrypted data\n * @param key The decryption key (must be the same key used for encryption)\n * @param iv The initialization vector used during encryption\n * @param tag The authentication tag produced during encryption\n * @param aad Optional additional authenticated data (must match what was used during encryption)\n * @returns The decrypted data\n * @throws Will throw an error if authentication fails or the data has been tampered with\n */\n abstract decrypt(\n ciphertext: Uint8Array,\n key: Uint8Array,\n iv: Uint8Array,\n tag: Uint8Array,\n aad?: Uint8Array,\n ): Promise<Uint8Array>;\n\n /**\n * Generates cryptographically secure random bytes.\n *\n * @param length The number of random bytes to generate\n * @returns A Uint8Array containing the random bytes\n */\n abstract randomBytes(length: number): Uint8Array;\n\n /**\n * Generates a random UUID v4 string.\n *\n * @returns A UUID v4 string in the format xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\n */\n abstract randomUUID(): string;\n}\n","import { CryptoProvider } from './crypto-provider';\n\n/**\n * `CryptoProvider which uses the SubtleCrypto interface of the Web Crypto API.\n *\n * This only supports asynchronous operations.\n */\nexport class SubtleCryptoProvider extends CryptoProvider {\n subtleCrypto: SubtleCrypto;\n\n constructor(subtleCrypto?: SubtleCrypto) {\n super();\n\n // If no subtle crypto is interface, default to the global namespace. This\n // is to allow custom interfaces (eg. using the Node webcrypto interface in\n // tests).\n this.subtleCrypto = subtleCrypto || crypto.subtle;\n }\n\n computeHMACSignature(_payload: string, _secret: string): string {\n throw new Error(\n 'SubleCryptoProvider cannot be used in a synchronous context.',\n );\n }\n\n /** @override */\n async computeHMACSignatureAsync(\n payload: string,\n secret: string,\n ): Promise<string> {\n const encoder = new TextEncoder();\n\n const key = await this.subtleCrypto.importKey(\n 'raw',\n encoder.encode(secret),\n {\n name: 'HMAC',\n hash: { name: 'SHA-256' },\n },\n false,\n ['sign'],\n );\n\n const signatureBuffer = await this.subtleCrypto.sign(\n 'hmac',\n key,\n encoder.encode(payload),\n );\n\n // crypto.subtle returns the signature in base64 format. This must be\n // encoded in hex to match the CryptoProvider contract. We map each byte in\n // the buffer to its corresponding hex octet and then combine into a string.\n const signatureBytes = new Uint8Array(signatureBuffer);\n const signatureHexCodes = new Array(signatureBytes.length);\n\n for (let i = 0; i < signatureBytes.length; i++) {\n signatureHexCodes[i] = byteHexMapping[signatureBytes[i]];\n }\n\n return signatureHexCodes.join('');\n }\n\n /** @override */\n async secureCompare(stringA: string, stringB: string): Promise<boolean> {\n const bufferA = this.encoder.encode(stringA);\n const bufferB = this.encoder.encode(stringB);\n\n if (bufferA.length !== bufferB.length) {\n return false;\n }\n\n const algorithm = { name: 'HMAC', hash: 'SHA-256' };\n const key = (await crypto.subtle.generateKey(algorithm, false, [\n 'sign',\n 'verify',\n ])) as CryptoKey;\n const hmac = await crypto.subtle.sign(algorithm, key, bufferA);\n const equal = await crypto.subtle.verify(algorithm, key, hmac, bufferB);\n\n return equal;\n }\n\n async encrypt(\n plaintext: Uint8Array,\n key: Uint8Array,\n iv?: Uint8Array,\n aad?: Uint8Array,\n ): Promise<{\n ciphertext: Uint8Array;\n iv: Uint8Array;\n tag: Uint8Array;\n }> {\n const actualIv = iv || crypto.getRandomValues(new Uint8Array(32));\n\n const cryptoKey = await this.subtleCrypto.importKey(\n 'raw',\n key as BufferSource,\n { name: 'AES-GCM' },\n false,\n ['encrypt'],\n );\n\n const encryptParams: AesGcmParams = {\n name: 'AES-GCM',\n iv: actualIv as BufferSource,\n };\n\n if (aad) {\n encryptParams.additionalData = aad as BufferSource;\n }\n\n const encryptedData = await this.subtleCrypto.encrypt(\n encryptParams,\n cryptoKey,\n plaintext as BufferSource,\n );\n\n const encryptedBytes = new Uint8Array(encryptedData);\n\n // Extract tag (last 16 bytes)\n const tagSize = 16;\n const tagStart = encryptedBytes.length - tagSize;\n const tag = encryptedBytes.slice(tagStart);\n const ciphertext = encryptedBytes.slice(0, tagStart);\n\n return {\n ciphertext,\n iv: actualIv,\n tag,\n };\n }\n\n async decrypt(\n ciphertext: Uint8Array,\n key: Uint8Array,\n iv: Uint8Array,\n tag: Uint8Array,\n aad?: Uint8Array,\n ): Promise<Uint8Array> {\n // SubtleCrypto expects tag to be appended to ciphertext for AES-GCM\n const combinedData = new Uint8Array(ciphertext.length + tag.length);\n combinedData.set(ciphertext, 0);\n combinedData.set(tag, ciphertext.length);\n\n const cryptoKey = await this.subtleCrypto.importKey(\n 'raw',\n key as BufferSource,\n { name: 'AES-GCM' },\n false,\n ['decrypt'],\n );\n\n const decryptParams: AesGcmParams = {\n name: 'AES-GCM',\n iv: iv as BufferSource,\n };\n\n if (aad) {\n decryptParams.additionalData = aad as BufferSource;\n }\n\n const decryptedData = await this.subtleCrypto.decrypt(\n decryptParams,\n cryptoKey,\n combinedData,\n );\n\n return new Uint8Array(decryptedData);\n }\n\n randomBytes(length: number): Uint8Array {\n const bytes = new Uint8Array(length);\n crypto.getRandomValues(bytes);\n return bytes;\n }\n\n randomUUID(): string {\n if (\n typeof crypto !== 'undefined' &&\n typeof crypto.randomUUID === 'function'\n ) {\n return crypto.randomUUID();\n }\n\n // Fallback for environments without crypto.randomUUID\n const bytes = this.randomBytes(16);\n // tslint:disable-next-line:no-bitwise\n bytes[6] = (bytes[6] & 0x0f) | 0x40; // version 4\n // tslint:disable-next-line:no-bitwise\n bytes[8] = (bytes[8] & 0x3f) | 0x80; // variant\n\n const hex = Array.from(bytes, (b) => byteHexMapping[b]).join('');\n return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(\n 12,\n 16,\n )}-${hex.slice(16, 20)}-${hex.slice(20)}`;\n }\n}\n\n// Cached mapping of byte to hex representation. We do this once to avoid re-\n// computing every time we need to convert the result of a signature to hex.\nconst byteHexMapping = new Array(256);\nfor (let i = 0; i < byteHexMapping.length; i++) {\n byteHexMapping[i] = i.toString(16).padStart(2, '0');\n}\n","import {\n HttpClientInterface,\n HttpClientResponseInterface,\n RequestHeaders,\n RequestOptions,\n ResponseHeaders,\n} from '../interfaces/http-client.interface';\n\nexport abstract class HttpClient implements HttpClientInterface {\n readonly MAX_RETRY_ATTEMPTS = 3;\n readonly BACKOFF_MULTIPLIER = 1.5;\n readonly MINIMUM_SLEEP_TIME_IN_MILLISECONDS = 500;\n readonly RETRY_STATUS_CODES = [408, 500, 502, 504];\n\n constructor(\n readonly baseURL: string,\n readonly options?: RequestInit,\n ) {}\n\n /** The HTTP client name used for diagnostics */\n getClientName(): string {\n throw new Error('getClientName not implemented');\n }\n\n abstract get(\n path: string,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface>;\n\n abstract post<Entity = any>(\n path: string,\n entity: Entity,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface>;\n\n abstract put<Entity = any>(\n path: string,\n entity: Entity,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface>;\n\n abstract patch<Entity = any>(\n path: string,\n entity: Entity,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface>;\n\n abstract delete(\n path: string,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface>;\n\n abstract deleteWithBody<Entity = any>(\n path: string,\n entity: Entity,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface>;\n\n addClientToUserAgent(userAgent: string): string {\n if (userAgent.indexOf(' ') > -1) {\n return userAgent.replace(/\\b\\s/, `/${this.getClientName()} `);\n } else {\n return (userAgent += `/${this.getClientName()}`);\n }\n }\n\n static getResourceURL(\n baseURL: string,\n path: string,\n params?: Record<string, any>,\n ) {\n const queryString = HttpClient.getQueryString(params);\n const url = new URL([path, queryString].filter(Boolean).join('?'), baseURL);\n return url.toString();\n }\n\n static getQueryString(queryObj?: Record<string, any>) {\n if (!queryObj) return undefined;\n\n const sanitizedQueryObj: Record<string, any> = {};\n\n Object.entries(queryObj).forEach(([param, value]) => {\n if (value !== null && value !== undefined && value !== '') {\n sanitizedQueryObj[param] = value;\n }\n });\n\n return new URLSearchParams(sanitizedQueryObj).toString();\n }\n\n static getContentTypeHeader(entity: any): RequestHeaders | undefined {\n if (entity instanceof URLSearchParams) {\n return {\n 'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8',\n };\n }\n return undefined;\n }\n\n static getBody(entity: any): BodyInit | null | undefined {\n if (entity === null || entity instanceof URLSearchParams) {\n return entity;\n }\n\n return JSON.stringify(entity);\n }\n\n static isPathRetryable(path: string): boolean {\n return (\n path.startsWith('/fga/') ||\n path.startsWith('/vault/') ||\n path.startsWith('/audit_logs/events')\n );\n }\n\n private getSleepTimeInMilliseconds(retryAttempt: number): number {\n const sleepTime =\n this.MINIMUM_SLEEP_TIME_IN_MILLISECONDS *\n Math.pow(this.BACKOFF_MULTIPLIER, retryAttempt);\n const jitter = Math.random() + 0.5;\n return sleepTime * jitter;\n }\n\n sleep = (retryAttempt: number) =>\n new Promise((resolve) =>\n setTimeout(resolve, this.getSleepTimeInMilliseconds(retryAttempt)),\n );\n}\n\n// tslint:disable-next-line\nexport abstract class HttpClientResponse implements HttpClientResponseInterface {\n _statusCode: number;\n _headers: ResponseHeaders;\n\n constructor(statusCode: number, headers: ResponseHeaders) {\n this._statusCode = statusCode;\n this._headers = headers;\n }\n\n getStatusCode(): number {\n return this._statusCode;\n }\n\n getHeaders(): ResponseHeaders {\n return this._headers;\n }\n\n abstract getRawResponse(): unknown;\n\n abstract toJSON(): any | null;\n}\n\n// tslint:disable-next-line\nexport class HttpClientError<T> extends Error {\n readonly name: string = 'HttpClientError';\n readonly message: string = 'The request could not be completed.';\n readonly response: { status: number; headers: any; data: T };\n\n constructor({\n message,\n response,\n }: {\n message: string;\n readonly response: HttpClientError<T>['response'];\n }) {\n super(message);\n this.message = message;\n this.response = response;\n }\n}\n","import { RequestException } from '../interfaces/request-exception.interface';\n\nexport class ParseError extends Error implements RequestException {\n readonly name = 'ParseError';\n readonly status = 500;\n readonly rawBody: string;\n readonly rawStatus: number;\n readonly requestID: string;\n\n constructor({\n message,\n rawBody,\n rawStatus,\n requestID,\n }: {\n message: string;\n rawBody: string;\n requestID: string;\n rawStatus: number;\n }) {\n super(message);\n this.rawBody = rawBody;\n this.rawStatus = rawStatus;\n this.requestID = requestID;\n }\n}\n","import {\n HttpClientInterface,\n HttpClientResponseInterface,\n RequestHeaders,\n RequestOptions,\n ResponseHeaders,\n} from '../interfaces/http-client.interface';\nimport { HttpClient, HttpClientError, HttpClientResponse } from './http-client';\nimport { ParseError } from '../exceptions/parse-error';\n\ninterface FetchHttpClientOptions extends RequestInit {\n timeout?: number;\n}\n\nconst DEFAULT_FETCH_TIMEOUT = 60_000; // 60 seconds\nexport class FetchHttpClient extends HttpClient implements HttpClientInterface {\n private readonly _fetchFn;\n\n constructor(\n readonly baseURL: string,\n readonly options?: FetchHttpClientOptions,\n fetchFn?: typeof fetch,\n ) {\n super(baseURL, options);\n\n // Default to global fetch if available\n if (!fetchFn) {\n if (!globalThis.fetch) {\n throw new Error(\n 'Fetch function not defined in the global scope and no replacement was provided.',\n );\n }\n fetchFn = globalThis.fetch;\n }\n\n this._fetchFn = fetchFn.bind(globalThis);\n }\n\n /** @override */\n getClientName(): string {\n return 'fetch';\n }\n\n async get(\n path: string,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface> {\n const resourceURL = HttpClient.getResourceURL(\n this.baseURL,\n path,\n options.params,\n );\n\n if (HttpClient.isPathRetryable(path)) {\n return await this.fetchRequestWithRetry(\n resourceURL,\n 'GET',\n null,\n options.headers,\n );\n } else {\n return await this.fetchRequest(resourceURL, 'GET', null, options.headers);\n }\n }\n\n async post<Entity = any>(\n path: string,\n entity: Entity,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface> {\n const resourceURL = HttpClient.getResourceURL(\n this.baseURL,\n path,\n options.params,\n );\n\n if (HttpClient.isPathRetryable(path)) {\n return await this.fetchRequestWithRetry(\n resourceURL,\n 'POST',\n HttpClient.getBody(entity),\n {\n ...HttpClient.getContentTypeHeader(entity),\n ...options.headers,\n },\n );\n } else {\n return await this.fetchRequest(\n resourceURL,\n 'POST',\n HttpClient.getBody(entity),\n {\n ...HttpClient.getContentTypeHeader(entity),\n ...options.headers,\n },\n );\n }\n }\n\n async put<Entity = any>(\n path: string,\n entity: Entity,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface> {\n const resourceURL = HttpClient.getResourceURL(\n this.baseURL,\n path,\n options.params,\n );\n\n if (HttpClient.isPathRetryable(path)) {\n return await this.fetchRequestWithRetry(\n resourceURL,\n 'PUT',\n HttpClient.getBody(entity),\n {\n ...HttpClient.getContentTypeHeader(entity),\n ...options.headers,\n },\n );\n } else {\n return await this.fetchRequest(\n resourceURL,\n 'PUT',\n HttpClient.getBody(entity),\n {\n ...HttpClient.getContentTypeHeader(entity),\n ...options.headers,\n },\n );\n }\n }\n\n async patch<Entity = any>(\n path: string,\n entity: Entity,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface> {\n const resourceURL = HttpClient.getResourceURL(\n this.baseURL,\n path,\n options.params,\n );\n\n if (HttpClient.isPathRetryable(path)) {\n return await this.fetchRequestWithRetry(\n resourceURL,\n 'PATCH',\n HttpClient.getBody(entity),\n {\n ...HttpClient.getContentTypeHeader(entity),\n ...options.headers,\n },\n );\n } else {\n return await this.fetchRequest(\n resourceURL,\n 'PATCH',\n HttpClient.getBody(entity),\n {\n ...HttpClient.getContentTypeHeader(entity),\n ...options.headers,\n },\n );\n }\n }\n\n async delete(\n path: string,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface> {\n const resourceURL = HttpClient.getResourceURL(\n this.baseURL,\n path,\n options.params,\n );\n\n if (HttpClient.isPathRetryable(path)) {\n return await this.fetchRequestWithRetry(\n resourceURL,\n 'DELETE',\n null,\n options.headers,\n );\n } else {\n return await this.fetchRequest(\n resourceURL,\n 'DELETE',\n null,\n options.headers,\n );\n }\n }\n\n async deleteWithBody<Entity = any>(\n path: string,\n entity: Entity,\n options: RequestOptions,\n ): Promise<HttpClientResponseInterface> {\n const resourceURL = HttpClient.getResourceURL(\n this.baseURL,\n path,\n options.params,\n );\n\n if (HttpClient.isPathRetryable(path)) {\n return await this.fetchRequestWithRetry(\n resourceURL,\n 'DELETE',\n HttpClient.getBody(entity),\n {\n ...HttpClient.getContentTypeHeader(entity),\n ...options.headers,\n },\n );\n } else {\n return await this.fetchRequest(\n resourceURL,\n 'DELETE',\n HttpClient.getBody(entity),\n {\n ...HttpClient.getContentTypeHeader(entity),\n ...options.headers,\n },\n );\n }\n }\n\n private async fetchRequest(\n url: string,\n method: string,\n body?: any,\n headers?: RequestHeaders,\n ): Promise<HttpClientResponseInterface> {\n // For methods which expect payloads, we should always pass a body value\n // even when it is empty. Without this, some JS runtimes (eg. Deno) will\n // inject a second Content-Length header.\n const methodHasPayload =\n method === 'POST' || method === 'PUT' || method === 'PATCH';\n\n const requestBody = body || (methodHasPayload ? '' : undefined);\n\n const { 'User-Agent': userAgent } = (this.options?.headers ||\n {}) as RequestHeaders;\n\n // Access timeout from the options with default of 60 seconds\n const timeout = this.options?.timeout ?? DEFAULT_FETCH_TIMEOUT; // Default 60 seconds\n const abortController = new AbortController();\n const timeoutId = setTimeout(() => {\n abortController?.abort();\n }, timeout);\n\n try {\n const res = await this._fetchFn(url, {\n method,\n headers: {\n Accept: 'application/json, text/plain, */*',\n 'Content-Type': 'application/json',\n ...this.options?.headers,\n ...headers,\n 'User-Agent': this.addClientToUserAgent(\n (userAgent || 'workos-node').toString(),\n ),\n },\n body: requestBody,\n signal: abortController?.signal,\n });\n\n // Clear timeout if request completed successfully\n if (timeoutId) {\n clearTimeout(timeoutId);\n }\n\n if (!res.ok) {\n const requestID = res.headers.get('X-Request-ID') ?? '';\n const rawBody = await res.text();\n\n let responseJson: any;\n\n try {\n responseJson = JSON.parse(rawBody);\n } catch (error) {\n if (error instanceof SyntaxError) {\n throw new ParseError({\n message: error.message,\n rawBody,\n requestID,\n rawStatus: res.status,\n });\n }\n throw error;\n }\n\n throw new HttpClientError({\n message: res.statusText,\n response: {\n status: res.status,\n headers: res.headers,\n data: responseJson,\n },\n });\n }\n return new FetchHttpClientResponse(res);\n } catch (error) {\n // Clear timeout if request failed\n if (timeoutId) {\n clearTimeout(timeoutId);\n }\n\n // Handle timeout errors\n if (error instanceof Error && error.name === 'AbortError') {\n throw new HttpClientError({\n message: `Request timeout after ${timeout}ms`,\n response: {\n status: 408,\n headers: {},\n data: { error: 'Request timeout' },\n },\n });\n }\n\n throw error;\n }\n }\n\n private async fetchRequestWithRetry(\n url: string,\n method: string,\n body?: any,\n headers?: RequestHeaders,\n ): Promise<HttpClientResponseInterface> {\n let response: HttpClientResponseInterface;\n let retryAttempts = 1;\n\n const makeRequest = async (): Promise<HttpClientResponseInterface> => {\n let requestError: any = null;\n\n try {\n response = await this.fetchRequest(url, method, body, headers);\n } catch (e) {\n requestError = e;\n }\n\n if (this.shouldRetryRequest(requestError, retryAttempts)) {\n retryAttempts++;\n await this.sleep(retryAttempts);\n return makeRequest();\n }\n\n if (requestError != null) {\n throw requestError;\n }\n\n return response;\n };\n\n return makeRequest();\n }\n\n private shouldRetryRequest(requestError: any, retryAttempt: number): boolean {\n if (retryAttempt > this.MAX_RETRY_ATTEMPTS) {\n return false;\n }\n\n if (requestError != null) {\n if (requestError instanceof TypeError) {\n return true;\n }\n\n if (\n requestError instanceof HttpClientError &&\n this.RETRY_STATUS_CODES.includes(requestError.response.status)\n ) {\n return true;\n }\n }\n\n return false;\n }\n}\n\n// tslint:disable-next-line\nexport class FetchHttpClientResponse\n extends HttpClientResponse\n implements HttpClientResponseInterface\n{\n _res: Response;\n\n constructor(res: Response) {\n super(\n res.status,\n FetchHttpClientResponse._transformHeadersToObject(res.headers),\n );\n this._res = res;\n }\n\n getRawResponse(): Response {\n return this._res;\n }\n\n toJSON(): Promise<any> | null {\n const contentType = this._res.headers.get('content-type');\n const isJsonResponse = contentType?.includes('application/json');\n\n return isJsonResponse ? this._res.json() : null;\n }\n\n static _transformHeadersToObject(headers: Headers): ResponseHeaders {\n // Fetch uses a Headers instance so this must be converted to a barebones\n // JS object to meet the HttpClient interface.\n const headersObj: ResponseHeaders = {};\n for (const entry of Object.entries(headers)) {\n if (!Array.isArray(entry) || entry.length !== 2) {\n throw new Error(\n 'Response objects produced by the fetch function given to FetchHttpClient do not have an iterable headers map. Response#headers should be an iterable object.',\n );\n }\n\n headersObj[entry[0]] = entry[1];\n }\n\n return headersObj;\n }\n}\n","export class ApiKeyRequiredException extends Error {\n readonly status = 403;\n readonly name = 'ApiKeyRequiredException';\n readonly path: string;\n\n constructor(path: string) {\n super(\n `API key required for \"${path}\". ` +\n `For server-side apps, initialize with: new WorkOS(\"sk_...\"). ` +\n `For browser/mobile/CLI apps, use authenticateWithCodeAndVerifier() and authenticateWithRefreshToken() which work without an API key.`,\n );\n this.path = path;\n }\n}\n","import { RequestException } from '../interfaces/request-exception.interface';\n\nexport class GenericServerException extends Error implements RequestException {\n readonly name: string = 'GenericServerException';\n readonly message: string = 'The request could not be completed.';\n\n constructor(\n readonly status: number,\n message: string | undefined,\n readonly rawData: unknown,\n readonly requestID: string,\n ) {\n super();\n if (message) {\n this.message = message;\n }\n }\n}\n","import { RequestException } from '../interfaces/request-exception.interface';\n\nexport class BadRequestException extends Error implements RequestException {\n readonly status = 400;\n readonly name = 'BadRequestException';\n readonly message: string = 'Bad request';\n readonly code?: string;\n readonly errors?: unknown[];\n readonly requestID: string;\n\n constructor({\n code,\n errors,\n message,\n requestID,\n }: {\n code?: string;\n errors?: unknown[];\n message?: string;\n requestID: string;\n }) {\n super();\n\n this.requestID = requestID;\n\n if (message) {\n this.message = message;\n }\n\n if (code) {\n this.code = code;\n }\n\n if (errors) {\n this.errors = errors;\n }\n }\n}\n","export class NoApiKeyProvidedException extends Error {\n readonly status = 500;\n readonly name = 'NoApiKeyProvidedException';\n readonly message =\n `Missing API key. Pass it to the constructor (new WorkOS(\"sk_test_Sz3IQjepeSWaI4cMS4ms4sMuU\")) ` +\n `or define it in the WORKOS_API_KEY environment variable.`;\n}\n","import { RequestException } from '../interfaces/request-exception.interface';\n\nexport class NotFoundException extends Error implements RequestException {\n readonly status = 404;\n readonly name = 'NotFoundException';\n readonly message: string;\n readonly code?: string;\n readonly requestID: string;\n\n constructor({\n code,\n message,\n path,\n requestID,\n }: {\n code?: string;\n message?: string;\n path: string;\n requestID: string;\n }) {\n super();\n this.code = code;\n this.message =\n message ?? `The requested path '${path}' could not be found.`;\n this.requestID = requestID;\n }\n}\n","import { RequestException } from '../interfaces/request-exception.interface';\n\nexport class OauthException extends Error implements RequestException {\n readonly name = 'OauthException';\n\n constructor(\n readonly status: number,\n readonly requestID: string,\n readonly error: string | undefined,\n readonly errorDescription: string | undefined,\n readonly rawData: unknown,\n ) {\n super();\n if (error && errorDescription) {\n this.message = `Error: ${error}\\nError Description: ${errorDescription}`;\n } else if (error) {\n this.message = `Error: ${error}`;\n } else {\n this.message = `An error has occurred.`;\n }\n }\n}\n","import { GenericServerException } from './generic-server.exception';\n\n// Inheriting from `GenericServerException` in order to maintain backwards\n// compatibility with what 429 errors would have previously been thrown as.\n//\n// TODO: Consider making it the base class for all request errors.\nexport class RateLimitExceededException extends GenericServerException {\n readonly name = 'RateLimitExceededException';\n\n constructor(\n message: string,\n requestID: string,\n /**\n * The number of seconds to wait before retrying the request.\n */\n readonly retryAfter: number | null,\n ) {\n super(429, message, {}, requestID);\n }\n}\n","export class SignatureVerificationException extends Error {\n readonly name = 'SignatureVerificationException';\n\n constructor(message: string) {\n super(message || 'Signature verification failed.');\n }\n}\n","import { RequestException } from '../interfaces/request-exception.interface';\n\nexport class UnauthorizedException extends Error implements RequestException {\n readonly status = 401;\n readonly name = 'UnauthorizedException';\n readonly message: string;\n\n constructor(readonly requestID: string) {\n super();\n this.message = `Could not authorize the request. Maybe your API key is invalid?`;\n }\n}\n","import { UnprocessableEntityError } from '../interfaces';\nimport { RequestException } from '../interfaces/request-exception.interface';\n\nexport class UnprocessableEntityException\n extends Error\n implements RequestException\n{\n readonly status = 422;\n readonly name = 'UnprocessableEntityException';\n readonly message: string = 'Unprocessable entity';\n readonly code?: string;\n readonly requestID: string;\n\n constructor({\n code,\n errors,\n message,\n requestID,\n }: {\n code?: string;\n errors?: UnprocessableEntityError[];\n message?: string;\n requestID: string;\n }) {\n super();\n\n this.requestID = requestID;\n\n if (message) {\n this.message = message;\n }\n\n if (code) {\n this.code = code;\n }\n\n if (errors) {\n const requirement = errors.length === 1 ? 'requirement' : 'requirements';\n\n this.message = `The following ${requirement} must be met:\\n`;\n\n for (const { code } of errors) {\n this.message = this.message.concat(`\\t${code}\\n`);\n }\n }\n }\n}\n","import { SignatureVerificationException } from '../exceptions';\nimport { CryptoProvider } from './crypto-provider';\n\nexport class SignatureProvider {\n private cryptoProvider: CryptoProvider;\n\n constructor(cryptoProvider: CryptoProvider) {\n this.cryptoProvider = cryptoProvider;\n }\n\n async verifyHeader({\n payload,\n sigHeader,\n secret,\n tolerance = 180000,\n }: {\n payload: any;\n sigHeader: string;\n secret: string;\n tolerance?: number;\n }): Promise<boolean> {\n const [timestamp, signatureHash] =\n this.getTimestampAndSignatureHash(sigHeader);\n\n if (!signatureHash || Object.keys(signatureHash).length === 0) {\n throw new SignatureVerificationException(\n 'No signature hash found with expected scheme v1',\n );\n }\n\n if (parseInt(timestamp, 10) < Date.now() - tolerance) {\n throw new SignatureVerificationException(\n 'Timestamp outside the tolerance zone',\n );\n }\n\n const expectedSig = await this.computeSignature(timestamp, payload, secret);\n if (\n (await this.cryptoProvider.secureCompare(expectedSig, signatureHash)) ===\n false\n ) {\n throw new SignatureVerificationException(\n 'Signature hash does not match the expected signature hash for payload',\n );\n }\n return true;\n }\n\n getTimestampAndSignatureHash(sigHeader: string): [string, string] {\n const signature = sigHeader;\n const [t, v1] = signature.split(',');\n if (typeof t === 'undefined' || typeof v1 === 'undefined') {\n throw new SignatureVerificationException(\n 'Signature or timestamp missing',\n );\n }\n const { 1: timestamp } = t.split('=');\n const { 1: signatureHash } = v1.split('=');\n\n return [timestamp, signatureHash];\n }\n\n async computeSignature(\n timestamp: any,\n payload: any,\n secret: string,\n ): Promise<string> {\n payload = JSON.stringify(payload);\n const signedPayload = `${timestamp}.${payload}`;\n\n return await this.cryptoProvider.computeHMACSignatureAsync(\n signedPayload,\n secret,\n );\n }\n}\n","/**\n * Indicates that code is unreachable.\n *\n * This can be used for exhaustiveness checks in situations where the compiler\n * would not otherwise check for exhaustiveness.\n *\n * If the determination that the code is unreachable proves incorrect, an\n * exception is thrown.\n */\nexport const unreachable = (\n condition: never,\n message = `Entered unreachable code. Received '${condition}'.`,\n): never => {\n throw new TypeError(message);\n};\n","import { OrganizationDomain, OrganizationDomainResponse } from '../interfaces';\n\nexport const deserializeOrganizationDomain = (\n organizationDomain: OrganizationDomainResponse,\n): OrganizationDomain => ({\n object: organizationDomain.object,\n id: organizationDomain.id,\n domain: organizationDomain.domain,\n organizationId: organizationDomain.organization_id,\n state: organizationDomain.state,\n ...(organizationDomain.verification_token !== undefined && {\n verificationToken: organizationDomain.verification_token,\n }),\n verificationStrategy: organizationDomain.verification_strategy,\n ...(organizationDomain.verification_prefix !== undefined && {\n verificationPrefix: organizationDomain.verification_prefix,\n }),\n createdAt: organizationDomain.created_at,\n updatedAt: organizationDomain.updated_at,\n});\n","import { deserializeOrganizationDomain } from '../../organization-domains/serializers/organization-domain.serializer';\nimport { Organization, OrganizationResponse } from '../interfaces';\n\nexport const deserializeOrganization = (\n organization: OrganizationResponse,\n): Organization => ({\n object: organization.object,\n id: organization.id,\n name: organization.name,\n allowProfilesOutsideOrganization:\n organization.allow_profiles_outside_organization,\n domains: organization.domains.map(deserializeOrganizationDomain),\n ...(typeof organization.stripe_customer_id === 'undefined'\n ? undefined\n : { stripeCustomerId: organization.stripe_customer_id }),\n createdAt: organization.created_at,\n updatedAt: organization.updated_at,\n externalId: organization.external_id ?? null,\n metadata: organization.metadata ?? {},\n});\n","import {\n AuthenticateUserWithCodeCredentials,\n AuthenticateWithCodeOptions,\n SerializedAuthenticateWithCodeOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithCodeOptions = (\n options: WithResolvedClientId<AuthenticateWithCodeOptions> &\n AuthenticateUserWithCodeCredentials,\n): SerializedAuthenticateWithCodeOptions => ({\n grant_type: 'authorization_code',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n code: options.code,\n code_verifier: options.codeVerifier,\n invitation_token: options.invitationToken,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n","import {\n AuthenticateWithCodeAndVerifierOptions,\n SerializedAuthenticateWithCodeAndVerifierOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithCodeAndVerifierOptions = (\n options: WithResolvedClientId<AuthenticateWithCodeAndVerifierOptions>,\n): SerializedAuthenticateWithCodeAndVerifierOptions => ({\n grant_type: 'authorization_code',\n client_id: options.clientId,\n code: options.code,\n code_verifier: options.codeVerifier,\n invitation_token: options.invitationToken,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n","import {\n AuthenticateUserWithMagicAuthCredentials,\n AuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithMagicAuthOptions = (\n options: WithResolvedClientId<AuthenticateWithMagicAuthOptions> &\n AuthenticateUserWithMagicAuthCredentials,\n): SerializedAuthenticateWithMagicAuthOptions => ({\n grant_type: 'urn:workos:oauth:grant-type:magic-auth:code',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n code: options.code,\n email: options.email,\n invitation_token: options.invitationToken,\n link_authorization_code: options.linkAuthorizationCode,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n","import {\n AuthenticateUserWithPasswordCredentials,\n AuthenticateWithPasswordOptions,\n SerializedAuthenticateWithPasswordOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithPasswordOptions = (\n options: WithResolvedClientId<AuthenticateWithPasswordOptions> &\n AuthenticateUserWithPasswordCredentials,\n): SerializedAuthenticateWithPasswordOptions => ({\n grant_type: 'password',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n email: options.email,\n password: options.password,\n invitation_token: options.invitationToken,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n","import {\n AuthenticateUserWithCodeCredentials,\n AuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithRefreshTokenOptions = (\n options: WithResolvedClientId<AuthenticateWithRefreshTokenOptions> &\n AuthenticateUserWithCodeCredentials,\n): SerializedAuthenticateWithRefreshTokenOptions => ({\n grant_type: 'refresh_token',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n refresh_token: options.refreshToken,\n organization_id: options.organizationId,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n","import {\n AuthenticateWithRefreshTokenPublicClientOptions,\n SerializedAuthenticateWithRefreshTokenPublicClientOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithRefreshTokenPublicClientOptions = (\n options: WithResolvedClientId<AuthenticateWithRefreshTokenPublicClientOptions>,\n): SerializedAuthenticateWithRefreshTokenPublicClientOptions => ({\n grant_type: 'refresh_token',\n client_id: options.clientId,\n refresh_token: options.refreshToken,\n organization_id: options.organizationId,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n","import {\n AuthenticateUserWithTotpCredentials,\n AuthenticateWithTotpOptions,\n SerializedAuthenticateWithTotpOptions,\n WithResolvedClientId,\n} from '../interfaces';\n\nexport const serializeAuthenticateWithTotpOptions = (\n options: WithResolvedClientId<AuthenticateWithTotpOptions> &\n AuthenticateUserWithTotpCredentials,\n): SerializedAuthenticateWithTotpOptions => ({\n grant_type: 'urn:workos:oauth:grant-type:mfa-totp',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n code: options.code,\n authentication_challenge_id: options.authenticationChallengeId,\n pending_authentication_token: options.pendingAuthenticationToken,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n","import {\n AuthenticationEvent,\n AuthenticationEventResponse,\n AuthenticationEventSso,\n AuthenticationEventSsoResponse,\n} from '../interfaces';\n\nconst deserializeAuthenticationEventSso = (\n sso: AuthenticationEventSsoResponse,\n): AuthenticationEventSso => ({\n connectionId: sso.connection_id,\n organizationId: sso.organization_id,\n ...(sso.session_id !== undefined && { sessionId: sso.session_id }),\n});\n\nexport const deserializeAuthenticationEvent = (\n authenticationEvent: AuthenticationEventResponse,\n): AuthenticationEvent => ({\n email: authenticationEvent.email,\n ...(authenticationEvent.error !== undefined && {\n error: authenticationEvent.error,\n }),\n ipAddress: authenticationEvent.ip_address,\n ...(authenticationEvent.sso !== undefined && {\n sso: deserializeAuthenticationEventSso(authenticationEvent.sso),\n }),\n status: authenticationEvent.status,\n type: authenticationEvent.type,\n userAgent: authenticationEvent.user_agent,\n userId: authenticationEvent.user_id,\n});\n","import { OauthTokensResponse, OauthTokens } from '../interfaces';\n\nexport const deserializeOauthTokens = (\n oauthTokens?: OauthTokensResponse,\n): OauthTokens | undefined =>\n oauthTokens\n ? {\n accessToken: oauthTokens.access_token,\n refreshToken: oauthTokens.refresh_token,\n expiresAt: oauthTokens.expires_at,\n scopes: oauthTokens.scopes,\n }\n : undefined;\n","import { User, UserResponse } from '../interfaces';\n\nexport const deserializeUser = (user: UserResponse): User => ({\n object: user.object,\n id: user.id,\n email: user.email,\n emailVerified: user.email_verified,\n firstName: user.first_name,\n profilePictureUrl: user.profile_picture_url,\n lastName: user.last_name,\n lastSignInAt: user.last_sign_in_at,\n locale: user.locale,\n createdAt: user.created_at,\n updatedAt: user.updated_at,\n externalId: user.external_id ?? null,\n metadata: user.metadata ?? {},\n});\n","import {\n AuthenticationResponse,\n AuthenticationResponseResponse,\n} from '../interfaces';\nimport { deserializeOauthTokens } from './oauth-tokens.serializer';\nimport { deserializeUser } from './user.serializer';\n\nexport const deserializeAuthenticationResponse = (\n authenticationResponse: AuthenticationResponseResponse,\n): AuthenticationResponse => {\n const {\n user,\n organization_id,\n access_token,\n refresh_token,\n authentication_method,\n impersonator,\n oauth_tokens,\n ...rest\n } = authenticationResponse;\n\n return {\n user: deserializeUser(user),\n organizationId: organization_id,\n accessToken: access_token,\n refreshToken: refresh_token,\n impersonator,\n authenticationMethod: authentication_method,\n oauthTokens: deserializeOauthTokens(oauth_tokens),\n ...rest,\n };\n};\n","import {\n CreateMagicAuthOptions,\n SerializedCreateMagicAuthOptions,\n} from '../interfaces';\n\nexport const serializeCreateMagicAuthOptions = (\n options: CreateMagicAuthOptions,\n): SerializedCreateMagicAuthOptions => ({\n email: options.email,\n invitation_token: options.invitationToken,\n});\n","import {\n CreatePasswordResetOptions,\n SerializedCreatePasswordResetOptions,\n} from '../interfaces';\n\nexport const serializeCreatePasswordResetOptions = (\n options: CreatePasswordResetOptions,\n): SerializedCreatePasswordResetOptions => ({\n email: options.email,\n});\n","import {\n EmailVerification,\n EmailVerificationEvent,\n EmailVerificationEventResponse,\n EmailVerificationResponse,\n} from '../interfaces';\n\nexport const deserializeEmailVerification = (\n emailVerification: EmailVerificationResponse,\n): EmailVerification => ({\n object: emailVerification.object,\n id: emailVerification.id,\n userId: emailVerification.user_id,\n email: emailVerification.email,\n expiresAt: emailVerification.expires_at,\n code: emailVerification.code,\n createdAt: emailVerification.created_at,\n updatedAt: emailVerification.updated_at,\n});\n\nexport const deserializeEmailVerificationEvent = (\n emailVerification: EmailVerificationEventResponse,\n): EmailVerificationEvent => ({\n object: emailVerification.object,\n id: emailVerification.id,\n userId: emailVerification.user_id,\n email: emailVerification.email,\n expiresAt: emailVerification.expires_at,\n createdAt: emailVerification.created_at,\n updatedAt: emailVerification.updated_at,\n});\n","import {\n EnrollAuthFactorOptions,\n SerializedEnrollUserInMfaFactorOptions,\n} from '../interfaces';\n\nexport const serializeEnrollAuthFactorOptions = (\n options: EnrollAuthFactorOptions,\n): SerializedEnrollUserInMfaFactorOptions => ({\n type: options.type,\n totp_issuer: options.totpIssuer,\n totp_user: options.totpUser,\n totp_secret: options.totpSecret,\n});\n","import {\n Totp,\n TotpResponse,\n TotpWithSecretsResponse,\n TotpWithSecrets,\n} from '../interfaces';\n\nexport const deserializeTotp = (totp: TotpResponse): Totp => {\n return {\n issuer: totp.issuer,\n user: totp.user,\n };\n};\n\nexport const deserializeTotpWithSecrets = (\n totp: TotpWithSecretsResponse,\n): TotpWithSecrets => {\n return {\n issuer: totp.issuer,\n user: totp.user,\n qrCode: totp.qr_code,\n secret: totp.secret,\n uri: totp.uri,\n };\n};\n","import {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from '../interfaces/factor.interface';\nimport {\n deserializeTotp,\n deserializeTotpWithSecrets,\n} from '../../mfa/serializers/totp.serializer';\n\nexport const deserializeFactor = (factor: FactorResponse): Factor => ({\n object: factor.object,\n id: factor.id,\n createdAt: factor.created_at,\n updatedAt: factor.updated_at,\n type: factor.type,\n totp: deserializeTotp(factor.totp),\n userId: factor.user_id,\n});\n\nexport const deserializeFactorWithSecrets = (\n factor: FactorWithSecretsResponse,\n): FactorWithSecrets => ({\n object: factor.object,\n id: factor.id,\n createdAt: factor.created_at,\n updatedAt: factor.updated_at,\n type: factor.type,\n totp: deserializeTotpWithSecrets(factor.totp),\n userId: factor.user_id,\n});\n","import {\n Invitation,\n InvitationEvent,\n InvitationEventResponse,\n InvitationResponse,\n} from '../interfaces/invitation.interface';\n\nexport const deserializeInvitation = (\n invitation: InvitationResponse,\n): Invitation => ({\n object: invitation.object,\n id: invitation.id,\n email: invitation.email,\n state: invitation.state,\n acceptedAt: invitation.accepted_at,\n revokedAt: invitation.revoked_at,\n expiresAt: invitation.expires_at,\n organizationId: invitation.organization_id,\n inviterUserId: invitation.inviter_user_id,\n acceptedUserId: invitation.accepted_user_id,\n token: invitation.token,\n acceptInvitationUrl: invitation.accept_invitation_url,\n createdAt: invitation.created_at,\n updatedAt: invitation.updated_at,\n});\n\nexport const deserializeInvitationEvent = (\n invitation: InvitationEventResponse,\n): InvitationEvent => ({\n object: invitation.object,\n id: invitation.id,\n email: invitation.email,\n state: invitation.state,\n acceptedAt: invitation.accepted_at,\n revokedAt: invitation.revoked_at,\n expiresAt: invitation.expires_at,\n organizationId: invitation.organization_id,\n inviterUserId: invitation.inviter_user_id,\n acceptedUserId: invitation.accepted_user_id,\n createdAt: invitation.created_at,\n updatedAt: invitation.updated_at,\n});\n","import {\n ListSessionsOptions,\n SerializedListSessionsOptions,\n} from '../interfaces/list-sessions-options.interface';\n\nexport const serializeListSessionsOptions = (\n options: ListSessionsOptions,\n): SerializedListSessionsOptions => ({\n ...options,\n});\n","import {\n MagicAuth,\n MagicAuthEvent,\n MagicAuthEventResponse,\n MagicAuthResponse,\n} from '../interfaces/magic-auth.interface';\n\nexport const deserializeMagicAuth = (\n magicAuth: MagicAuthResponse,\n): MagicAuth => ({\n object: magicAuth.object,\n id: magicAuth.id,\n userId: magicAuth.user_id,\n email: magicAuth.email,\n expiresAt: magicAuth.expires_at,\n code: magicAuth.code,\n createdAt: magicAuth.created_at,\n updatedAt: magicAuth.updated_at,\n});\n\nexport const deserializeMagicAuthEvent = (\n magicAuth: MagicAuthEventResponse,\n): MagicAuthEvent => ({\n object: magicAuth.object,\n id: magicAuth.id,\n userId: magicAuth.user_id,\n email: magicAuth.email,\n expiresAt: magicAuth.expires_at,\n createdAt: magicAuth.created_at,\n updatedAt: magicAuth.updated_at,\n});\n","import {\n PasswordReset,\n PasswordResetEvent,\n PasswordResetEventResponse,\n PasswordResetResponse,\n} from '../interfaces';\n\nexport const deserializePasswordReset = (\n passwordReset: PasswordResetResponse,\n): PasswordReset => ({\n object: passwordReset.object,\n id: passwordReset.id,\n userId: passwordReset.user_id,\n email: passwordReset.email,\n passwordResetToken: passwordReset.password_reset_token,\n passwordResetUrl: passwordReset.password_reset_url,\n expiresAt: passwordReset.expires_at,\n createdAt: passwordReset.created_at,\n});\n\nexport const deserializePasswordResetEvent = (\n passwordReset: PasswordResetEventResponse,\n): PasswordResetEvent => ({\n object: passwordReset.object,\n id: passwordReset.id,\n userId: passwordReset.user_id,\n email: passwordReset.email,\n expiresAt: passwordReset.expires_at,\n createdAt: passwordReset.created_at,\n});\n","import {\n ResetPasswordOptions,\n SerializedResetPasswordOptions,\n} from '../interfaces';\n\nexport const serializeResetPasswordOptions = (\n options: ResetPasswordOptions,\n): SerializedResetPasswordOptions => ({\n token: options.token,\n new_password: options.newPassword,\n});\n","import { Session, SessionResponse } from '../interfaces';\n\nexport const deserializeSession = (session: SessionResponse): Session => ({\n object: 'session',\n id: session.id,\n userId: session.user_id,\n ipAddress: session.ip_address,\n userAgent: session.user_agent,\n ...(session.organization_id !== undefined && {\n organizationId: session.organization_id,\n }),\n ...(session.impersonator !== undefined && {\n impersonator: session.impersonator,\n }),\n authMethod: session.auth_method,\n status: session.status,\n expiresAt: session.expires_at,\n endedAt: session.ended_at,\n createdAt: session.created_at,\n updatedAt: session.updated_at,\n});\n","import { CreateUserOptions, SerializedCreateUserOptions } from '../interfaces';\n\nexport const serializeCreateUserOptions = (\n options: CreateUserOptions,\n): SerializedCreateUserOptions => ({\n email: options.email,\n password: options.password,\n password_hash: options.passwordHash,\n password_hash_type: options.passwordHashType,\n first_name: options.firstName,\n last_name: options.lastName,\n email_verified: options.emailVerified,\n external_id: options.externalId,\n metadata: options.metadata,\n});\n","import { SerializedUpdateUserOptions, UpdateUserOptions } from '../interfaces';\n\nexport const serializeUpdateUserOptions = (\n options: UpdateUserOptions,\n): SerializedUpdateUserOptions => ({\n email: options.email,\n email_verified: options.emailVerified,\n first_name: options.firstName,\n last_name: options.lastName,\n password: options.password,\n password_hash: options.passwordHash,\n password_hash_type: options.passwordHashType,\n external_id: options.externalId,\n locale: options.locale,\n metadata: options.metadata,\n});\n","import {\n AuthorizationOrganizationMembership,\n AuthorizationOrganizationMembershipResponse,\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from '../interfaces/organization-membership.interface';\n\nexport const deserializeOrganizationMembership = (\n organizationMembership: OrganizationMembershipResponse,\n): OrganizationMembership => ({\n object: organizationMembership.object,\n id: organizationMembership.id,\n userId: organizationMembership.user_id,\n organizationId: organizationMembership.organization_id,\n organizationName: organizationMembership.organization_name,\n status: organizationMembership.status,\n directoryManaged: organizationMembership.directory_managed ?? false,\n createdAt: organizationMembership.created_at,\n updatedAt: organizationMembership.updated_at,\n role: organizationMembership.role,\n ...(organizationMembership.roles && { roles: organizationMembership.roles }),\n customAttributes: organizationMembership.custom_attributes ?? {},\n});\n\nexport const deserializeAuthorizationOrganizationMembership = (\n organizationMembership: AuthorizationOrganizationMembershipResponse,\n): AuthorizationOrganizationMembership => ({\n object: organizationMembership.object,\n id: organizationMembership.id,\n userId: organizationMembership.user_id,\n organizationId: organizationMembership.organization_id,\n status: organizationMembership.status,\n directoryManaged: organizationMembership.directory_managed ?? false,\n createdAt: organizationMembership.created_at,\n updatedAt: organizationMembership.updated_at,\n customAttributes: organizationMembership.custom_attributes ?? {},\n});\n","import { deserializeOrganization } from '../../organizations/serializers/organization.serializer';\nimport {\n deserializeInvitation,\n deserializeUser,\n} from '../../user-management/serializers';\nimport { deserializeOrganizationMembership } from '../../user-management/serializers/organization-membership.serializer';\nimport {\n ActionContext,\n ActionPayload,\n UserData,\n UserDataPayload,\n} from '../interfaces/action.interface';\n\nconst deserializeUserData = (userData: UserDataPayload): UserData => {\n return {\n object: userData.object,\n email: userData.email,\n firstName: userData.first_name,\n lastName: userData.last_name,\n };\n};\n\nexport const deserializeAction = (\n actionPayload: ActionPayload,\n): ActionContext => {\n switch (actionPayload.object) {\n case 'user_registration_action_context':\n return {\n id: actionPayload.id,\n object: actionPayload.object,\n userData: deserializeUserData(actionPayload.user_data),\n invitation: actionPayload.invitation\n ? deserializeInvitation(actionPayload.invitation)\n : undefined,\n\n ipAddress: actionPayload.ip_address,\n userAgent: actionPayload.user_agent,\n deviceFingerprint: actionPayload.device_fingerprint,\n };\n case 'authentication_action_context':\n return {\n id: actionPayload.id,\n object: actionPayload.object,\n user: deserializeUser(actionPayload.user),\n organization: actionPayload.organization\n ? deserializeOrganization(actionPayload.organization)\n : undefined,\n organizationMembership: actionPayload.organization_membership\n ? deserializeOrganizationMembership(\n actionPayload.organization_membership,\n )\n : undefined,\n ipAddress: actionPayload.ip_address,\n userAgent: actionPayload.user_agent,\n deviceFingerprint: actionPayload.device_fingerprint,\n issuer: actionPayload.issuer,\n };\n }\n};\n","import { CryptoProvider } from '../common/crypto/crypto-provider';\nimport { SignatureProvider } from '../common/crypto/signature-provider';\nimport { unreachable } from '../common/utils/unreachable';\nimport { ActionContext, ActionPayload } from './interfaces/action.interface';\nimport {\n AuthenticationActionResponseData,\n ResponsePayload,\n UserRegistrationActionResponseData,\n} from './interfaces/response-payload.interface';\nimport { deserializeAction } from './serializers/action.serializer';\n\nexport class Actions {\n private signatureProvider: SignatureProvider;\n\n constructor(cryptoProvider: CryptoProvider) {\n this.signatureProvider = new SignatureProvider(cryptoProvider);\n }\n\n private get computeSignature() {\n return this.signatureProvider.computeSignature.bind(this.signatureProvider);\n }\n\n get verifyHeader() {\n return this.signatureProvider.verifyHeader.bind(this.signatureProvider);\n }\n\n serializeType(\n type:\n | AuthenticationActionResponseData['type']\n | UserRegistrationActionResponseData['type'],\n ) {\n switch (type) {\n case 'authentication':\n return 'authentication_action_response';\n case 'user_registration':\n return 'user_registration_action_response';\n default:\n return unreachable(type);\n }\n }\n\n async signResponse(\n data: AuthenticationActionResponseData | UserRegistrationActionResponseData,\n secret: string,\n ) {\n let errorMessage: string | undefined;\n const { verdict, type } = data;\n\n if (verdict === 'Deny' && data.errorMessage) {\n errorMessage = data.errorMessage;\n }\n\n const responsePayload: ResponsePayload = {\n timestamp: Date.now(),\n verdict,\n ...(verdict === 'Deny' &&\n data.errorMessage && { error_message: errorMessage }),\n };\n\n const response = {\n object: this.serializeType(type),\n payload: responsePayload,\n signature: await this.computeSignature(\n responsePayload.timestamp,\n responsePayload,\n secret,\n ),\n };\n\n return response;\n }\n\n async constructAction({\n payload,\n sigHeader,\n secret,\n tolerance = 30000,\n }: {\n payload: unknown;\n sigHeader: string;\n secret: string;\n tolerance?: number;\n }): Promise<ActionContext> {\n const options = { payload, sigHeader, secret, tolerance };\n await this.verifyHeader(options);\n\n return deserializeAction(payload as ActionPayload);\n }\n}\n","import { DirectoryGroup, DirectoryGroupResponse } from '../interfaces';\n\nexport const deserializeDirectoryGroup = (\n directoryGroup: DirectoryGroupResponse,\n): DirectoryGroup => ({\n id: directoryGroup.id,\n idpId: directoryGroup.idp_id,\n directoryId: directoryGroup.directory_id,\n organizationId: directoryGroup.organization_id,\n name: directoryGroup.name,\n createdAt: directoryGroup.created_at,\n updatedAt: directoryGroup.updated_at,\n rawAttributes: directoryGroup.raw_attributes,\n});\n\nexport const deserializeUpdatedEventDirectoryGroup = (\n directoryGroup: DirectoryGroupResponse & Record<'previous_attributes', any>,\n): DirectoryGroup & Record<'previousAttributes', any> => ({\n id: directoryGroup.id,\n idpId: directoryGroup.idp_id,\n directoryId: directoryGroup.directory_id,\n organizationId: directoryGroup.organization_id,\n name: directoryGroup.name,\n createdAt: directoryGroup.created_at,\n updatedAt: directoryGroup.updated_at,\n rawAttributes: directoryGroup.raw_attributes,\n previousAttributes: directoryGroup.previous_attributes,\n});\n","import {\n DefaultCustomAttributes,\n DirectoryUser,\n DirectoryUserResponse,\n DirectoryUserWithGroups,\n DirectoryUserWithGroupsResponse,\n} from '../interfaces';\nimport { deserializeDirectoryGroup } from './directory-group.serializer';\n\nexport const deserializeDirectoryUser = <\n TCustomAttributes extends object = DefaultCustomAttributes,\n>(\n directoryUser:\n | DirectoryUserResponse<TCustomAttributes>\n | DirectoryUserWithGroupsResponse<TCustomAttributes>,\n): DirectoryUser<TCustomAttributes> => ({\n object: directoryUser.object,\n id: directoryUser.id,\n directoryId: directoryUser.directory_id,\n organizationId: directoryUser.organization_id,\n rawAttributes: directoryUser.raw_attributes,\n customAttributes: directoryUser.custom_attributes,\n idpId: directoryUser.idp_id,\n firstName: directoryUser.first_name,\n email: directoryUser.email,\n lastName: directoryUser.last_name,\n state: directoryUser.state,\n ...(directoryUser.role !== undefined && { role: directoryUser.role }),\n ...(directoryUser.roles !== undefined && { roles: directoryUser.roles }),\n createdAt: directoryUser.created_at,\n updatedAt: directoryUser.updated_at,\n});\n\nexport const deserializeDirectoryUserWithGroups = <\n TCustomAttributes extends object = DefaultCustomAttributes,\n>(\n directoryUserWithGroups: DirectoryUserWithGroupsResponse<TCustomAttributes>,\n): DirectoryUserWithGroups<TCustomAttributes> => ({\n ...deserializeDirectoryUser(directoryUserWithGroups),\n groups: directoryUserWithGroups.groups.map(deserializeDirectoryGroup),\n});\n\nexport const deserializeUpdatedEventDirectoryUser = (\n directoryUser: DirectoryUserResponse & Record<'previous_attributes', any>,\n): DirectoryUser & Record<'previousAttributes', any> => ({\n object: 'directory_user',\n id: directoryUser.id,\n directoryId: directoryUser.directory_id,\n organizationId: directoryUser.organization_id,\n rawAttributes: directoryUser.raw_attributes,\n customAttributes: directoryUser.custom_attributes,\n idpId: directoryUser.idp_id,\n firstName: directoryUser.first_name,\n email: directoryUser.email,\n lastName: directoryUser.last_name,\n state: directoryUser.state,\n ...(directoryUser.role !== undefined && { role: directoryUser.role }),\n ...(directoryUser.roles !== undefined && { roles: directoryUser.roles }),\n createdAt: directoryUser.created_at,\n updatedAt: directoryUser.updated_at,\n previousAttributes: directoryUser.previous_attributes,\n});\n","import {\n Directory,\n DirectoryResponse,\n DirectoryState,\n DirectoryStateResponse,\n EventDirectory,\n EventDirectoryResponse,\n} from '../interfaces';\n\nexport const deserializeDirectory = (\n directory: DirectoryResponse,\n): Directory => ({\n object: directory.object,\n id: directory.id,\n domain: directory.domain,\n externalKey: directory.external_key,\n name: directory.name,\n organizationId: directory.organization_id,\n state: deserializeDirectoryState(directory.state),\n type: directory.type,\n createdAt: directory.created_at,\n updatedAt: directory.updated_at,\n});\n\nexport const deserializeDirectoryState = (\n state: DirectoryStateResponse,\n): DirectoryState => {\n if (state === 'linked') {\n return 'active';\n }\n\n if (state === 'unlinked') {\n return 'inactive';\n }\n\n return state;\n};\n\nexport const deserializeEventDirectory = (\n directory: EventDirectoryResponse,\n): EventDirectory => ({\n object: directory.object,\n id: directory.id,\n externalKey: directory.external_key,\n type: directory.type,\n state: directory.state,\n name: directory.name,\n organizationId: directory.organization_id,\n domains: directory.domains,\n createdAt: directory.created_at,\n updatedAt: directory.updated_at,\n});\n\nexport const deserializeDeletedEventDirectory = (\n directory: Omit<EventDirectoryResponse, 'domains' | 'external_key'>,\n): Omit<EventDirectory, 'domains' | 'externalKey'> => ({\n object: directory.object,\n id: directory.id,\n type: directory.type,\n state: directory.state,\n name: directory.name,\n organizationId: directory.organization_id,\n createdAt: directory.created_at,\n updatedAt: directory.updated_at,\n});\n","import {\n ListDirectoriesOptions,\n SerializedListDirectoriesOptions,\n} from '../interfaces';\n\nexport const serializeListDirectoriesOptions = (\n options: ListDirectoriesOptions,\n): SerializedListDirectoriesOptions => ({\n organization_id: options.organizationId,\n search: options.search,\n limit: options.limit,\n before: options.before,\n after: options.after,\n order: options.order,\n});\n","import {\n CreateOrganizationOptions,\n SerializedCreateOrganizationOptions,\n} from '../interfaces';\n\nexport const serializeCreateOrganizationOptions = (\n options: CreateOrganizationOptions,\n): SerializedCreateOrganizationOptions => ({\n name: options.name,\n domain_data: options.domainData,\n external_id: options.externalId,\n metadata: options.metadata,\n});\n","import {\n SerializedUpdateOrganizationOptions,\n UpdateOrganizationOptions,\n} from '../interfaces';\n\nexport const serializeUpdateOrganizationOptions = (\n options: Omit<UpdateOrganizationOptions, 'organization'>,\n): SerializedUpdateOrganizationOptions => ({\n name: options.name,\n domain_data: options.domainData,\n stripe_customer_id: options.stripeCustomerId,\n external_id: options.externalId,\n metadata: options.metadata,\n});\n","import { Connection, ConnectionResponse } from '../interfaces';\n\nexport const deserializeConnection = (\n connection: ConnectionResponse,\n): Connection => ({\n object: connection.object,\n id: connection.id,\n ...(connection.organization_id !== undefined && {\n organizationId: connection.organization_id,\n }),\n name: connection.name,\n type: connection.connection_type,\n state: connection.state,\n domains: connection.domains,\n createdAt: connection.created_at,\n updatedAt: connection.updated_at,\n});\n","import {\n ListConnectionsOptions,\n SerializedListConnectionsOptions,\n} from '../interfaces';\n\nexport const serializeListConnectionsOptions = (\n options: ListConnectionsOptions,\n): SerializedListConnectionsOptions => ({\n connection_type: options.connectionType,\n domain: options.domain,\n organization_id: options.organizationId,\n limit: options.limit,\n before: options.before,\n after: options.after,\n order: options.order,\n});\n","import { UnknownRecord } from '../../common/interfaces/unknown-record.interface';\nimport { Profile, ProfileResponse } from '../interfaces';\n\nexport const deserializeProfile = <CustomAttributesType extends UnknownRecord>(\n profile: ProfileResponse<CustomAttributesType>,\n): Profile<CustomAttributesType> => ({\n id: profile.id,\n idpId: profile.idp_id,\n ...(profile.organization_id !== undefined && {\n organizationId: profile.organization_id,\n }),\n connectionId: profile.connection_id,\n connectionType: profile.connection_type,\n email: profile.email,\n ...(profile.first_name !== undefined && { firstName: profile.first_name }),\n ...(profile.last_name !== undefined && { lastName: profile.last_name }),\n ...(profile.role !== undefined && { role: profile.role }),\n ...(profile.roles !== undefined && { roles: profile.roles }),\n ...(profile.groups !== undefined && { groups: profile.groups }),\n ...(profile.custom_attributes !== undefined && {\n customAttributes: profile.custom_attributes,\n }),\n ...(profile.raw_attributes !== undefined && {\n rawAttributes: profile.raw_attributes,\n }),\n});\n","import { UnknownRecord } from '../../common/interfaces/unknown-record.interface';\nimport { deserializeOauthTokens } from '../../user-management/serializers/oauth-tokens.serializer';\nimport { ProfileAndToken, ProfileAndTokenResponse } from '../interfaces';\nimport { deserializeProfile } from './profile.serializer';\n\nexport const deserializeProfileAndToken = <\n CustomAttributesType extends UnknownRecord,\n>(\n profileAndToken: ProfileAndTokenResponse<CustomAttributesType>,\n): ProfileAndToken<CustomAttributesType> => ({\n accessToken: profileAndToken.access_token,\n profile: deserializeProfile(profileAndToken.profile),\n oauthTokens: deserializeOauthTokens(profileAndToken.oauth_tokens),\n});\n","import { RoleEvent, RoleEventResponse } from '../../roles/interfaces';\n\nexport const deserializeRoleEvent = (role: RoleEventResponse): RoleEvent => ({\n object: 'role',\n slug: role.slug,\n permissions: role.permissions,\n createdAt: role.created_at,\n updatedAt: role.updated_at,\n});\n","import type {\n AuthenticationRadarRiskDetectedEventData,\n AuthenticationRadarRiskDetectedEventResponseData,\n} from '../interfaces';\n\nexport const deserializeAuthenticationRadarRiskDetectedEvent = (\n authenticationRadarRiskDetectedEvent: AuthenticationRadarRiskDetectedEventResponseData,\n): AuthenticationRadarRiskDetectedEventData => ({\n authMethod: authenticationRadarRiskDetectedEvent.auth_method,\n action: authenticationRadarRiskDetectedEvent.action,\n control: authenticationRadarRiskDetectedEvent.control,\n blocklistType: authenticationRadarRiskDetectedEvent.blocklist_type,\n ipAddress: authenticationRadarRiskDetectedEvent.ip_address,\n userAgent: authenticationRadarRiskDetectedEvent.user_agent,\n userId: authenticationRadarRiskDetectedEvent.user_id,\n email: authenticationRadarRiskDetectedEvent.email,\n});\n","import { ApiKey, SerializedApiKey } from '../interfaces/api-key.interface';\n\nexport function deserializeApiKey(apiKey: SerializedApiKey): ApiKey {\n return {\n object: apiKey.object,\n id: apiKey.id,\n owner: apiKey.owner,\n name: apiKey.name,\n obfuscatedValue: apiKey.obfuscated_value,\n lastUsedAt: apiKey.last_used_at,\n permissions: apiKey.permissions,\n createdAt: apiKey.created_at,\n updatedAt: apiKey.updated_at,\n };\n}\n","import {\n Role,\n OrganizationRoleResponse,\n OrganizationRoleEvent,\n OrganizationRoleEventResponse,\n} from '../../roles/interfaces';\nimport { OrganizationRole } from '../interfaces';\n\nexport const deserializeRole = (role: OrganizationRoleResponse): Role => ({\n object: role.object,\n id: role.id,\n name: role.name,\n slug: role.slug,\n description: role.description,\n permissions: role.permissions,\n resourceTypeSlug: role.resource_type_slug,\n type: role.type,\n createdAt: role.created_at,\n updatedAt: role.updated_at,\n});\n\nexport const deserializeOrganizationRole = (\n role: OrganizationRoleResponse,\n): OrganizationRole => ({\n object: role.object,\n id: role.id,\n name: role.name,\n slug: role.slug,\n description: role.description,\n permissions: role.permissions,\n resourceTypeSlug: role.resource_type_slug,\n type: 'OrganizationRole',\n createdAt: role.created_at,\n updatedAt: role.updated_at,\n});\n\nexport const deserializeOrganizationRoleEvent = (\n event: OrganizationRoleEventResponse,\n): OrganizationRoleEvent => ({\n object: event.object,\n organizationId: event.organization_id,\n slug: event.slug,\n name: event.name,\n description: event.description,\n resourceTypeSlug: event.resource_type_slug,\n permissions: event.permissions,\n createdAt: event.created_at,\n updatedAt: event.updated_at,\n});\n","import {\n Permission,\n PermissionResponse,\n} from '../interfaces/permission.interface';\n\nexport const deserializePermission = (\n permission: PermissionResponse,\n): Permission => ({\n object: permission.object,\n id: permission.id,\n slug: permission.slug,\n name: permission.name,\n description: permission.description,\n resourceTypeSlug: permission.resource_type_slug,\n system: permission.system,\n createdAt: permission.created_at,\n updatedAt: permission.updated_at,\n});\n","import {\n FeatureFlag,\n FeatureFlagResponse,\n} from '../interfaces/feature-flag.interface';\n\nexport const deserializeFeatureFlag = (\n featureFlag: FeatureFlagResponse,\n): FeatureFlag => ({\n object: featureFlag.object,\n id: featureFlag.id,\n name: featureFlag.name,\n slug: featureFlag.slug,\n description: featureFlag.description,\n tags: featureFlag.tags,\n enabled: featureFlag.enabled,\n defaultValue: featureFlag.default_value,\n createdAt: featureFlag.created_at,\n updatedAt: featureFlag.updated_at,\n});\n","import {\n deserializeDeletedEventDirectory,\n deserializeDirectoryUser,\n deserializeEventDirectory,\n deserializeDirectoryGroup,\n deserializeUpdatedEventDirectoryGroup,\n deserializeUpdatedEventDirectoryUser,\n} from '../../directory-sync/serializers';\nimport { deserializeOrganization } from '../../organizations/serializers';\nimport { deserializeConnection } from '../../sso/serializers';\nimport {\n deserializeAuthenticationEvent,\n deserializeEmailVerificationEvent,\n deserializeInvitationEvent,\n deserializeMagicAuthEvent,\n deserializePasswordResetEvent,\n deserializeUser,\n} from '../../user-management/serializers';\nimport { deserializeOrganizationDomain } from '../../organization-domains/serializers/organization-domain.serializer';\nimport { deserializeOrganizationMembership } from '../../user-management/serializers/organization-membership.serializer';\nimport { deserializeRoleEvent } from '../../user-management/serializers/role.serializer';\nimport { deserializeSession } from '../../user-management/serializers/session.serializer';\nimport { Event, EventBase, EventResponse } from '../interfaces';\nimport { deserializeAuthenticationRadarRiskDetectedEvent } from '../../user-management/serializers/authentication-radar-risk-event-serializer';\nimport { deserializeApiKey } from '../../api-keys/serializers/api-key.serializer';\nimport { deserializeOrganizationRoleEvent } from '../../authorization/serializers/organization-role.serializer';\nimport { deserializePermission } from '../../authorization/serializers/permission.serializer';\nimport { deserializeFeatureFlag } from '../../feature-flags/serializers/feature-flag.serializer';\n\nexport const deserializeEvent = (event: EventResponse): Event => {\n const eventBase: EventBase = {\n id: event.id,\n createdAt: event.created_at,\n context: event.context,\n };\n\n switch (event.event) {\n case 'authentication.email_verification_succeeded':\n case 'authentication.magic_auth_failed':\n case 'authentication.magic_auth_succeeded':\n case 'authentication.mfa_succeeded':\n case 'authentication.oauth_failed':\n case 'authentication.oauth_succeeded':\n case 'authentication.passkey_failed':\n case 'authentication.passkey_succeeded':\n case 'authentication.password_failed':\n case 'authentication.password_succeeded':\n case 'authentication.sso_failed':\n case 'authentication.sso_succeeded':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeAuthenticationEvent(event.data),\n };\n case 'authentication.radar_risk_detected':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeAuthenticationRadarRiskDetectedEvent(event.data),\n };\n case 'connection.activated':\n case 'connection.deactivated':\n case 'connection.deleted':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeConnection(event.data),\n };\n case 'dsync.activated':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeEventDirectory(event.data),\n };\n case 'dsync.deleted':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeDeletedEventDirectory(event.data),\n };\n case 'dsync.group.created':\n case 'dsync.group.deleted':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeDirectoryGroup(event.data),\n };\n case 'dsync.group.updated':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeUpdatedEventDirectoryGroup(event.data),\n };\n case 'dsync.group.user_added':\n case 'dsync.group.user_removed':\n return {\n ...eventBase,\n event: event.event,\n data: {\n directoryId: event.data.directory_id,\n user: deserializeDirectoryUser(event.data.user),\n group: deserializeDirectoryGroup(event.data.group),\n },\n };\n case 'dsync.user.created':\n case 'dsync.user.deleted':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeDirectoryUser(event.data),\n };\n case 'dsync.user.updated':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeUpdatedEventDirectoryUser(event.data),\n };\n case 'email_verification.created':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeEmailVerificationEvent(event.data),\n };\n case 'invitation.accepted':\n case 'invitation.created':\n case 'invitation.revoked':\n case 'invitation.resent':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeInvitationEvent(event.data),\n };\n case 'magic_auth.created':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeMagicAuthEvent(event.data),\n };\n case 'password_reset.created':\n case 'password_reset.succeeded':\n return {\n ...eventBase,\n event: event.event,\n data: deserializePasswordResetEvent(event.data),\n };\n case 'user.created':\n case 'user.updated':\n case 'user.deleted':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeUser(event.data),\n };\n case 'organization_membership.created':\n case 'organization_membership.deleted':\n case 'organization_membership.updated':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeOrganizationMembership(event.data),\n };\n case 'role.created':\n case 'role.deleted':\n case 'role.updated':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeRoleEvent(event.data),\n };\n case 'organization_role.created':\n case 'organization_role.updated':\n case 'organization_role.deleted':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeOrganizationRoleEvent(event.data),\n };\n case 'permission.created':\n case 'permission.updated':\n case 'permission.deleted':\n return {\n ...eventBase,\n event: event.event,\n data: deserializePermission(event.data),\n };\n case 'session.created':\n case 'session.revoked':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeSession(event.data),\n };\n case 'organization.created':\n case 'organization.updated':\n case 'organization.deleted':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeOrganization(event.data),\n };\n case 'organization_domain.verified':\n case 'organization_domain.verification_failed':\n case 'organization_domain.created':\n case 'organization_domain.updated':\n case 'organization_domain.deleted':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeOrganizationDomain(event.data),\n };\n case 'api_key.created':\n case 'api_key.revoked':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeApiKey(event.data),\n };\n case 'flag.created':\n case 'flag.updated':\n case 'flag.deleted':\n case 'flag.rule_updated':\n return {\n ...eventBase,\n event: event.event,\n data: deserializeFeatureFlag(event.data),\n };\n }\n};\n","import { List, ListResponse } from '../interfaces';\n\nexport const deserializeList = <TSerialized, TDeserialized>(\n list: ListResponse<TSerialized>,\n deserializer: (serialized: TSerialized) => TDeserialized,\n): List<TDeserialized> => ({\n object: 'list',\n data: list.data.map(deserializer),\n listMetadata: list.list_metadata,\n});\n","import { PaginationOptions } from '../interfaces/pagination-options.interface';\n\nexport const serializePaginationOptions = (\n options: PaginationOptions,\n): Record<string, string | number> => ({\n ...(options.limit !== undefined && { limit: options.limit }),\n ...(options.after && { after: options.after }),\n ...(options.before && { before: options.before }),\n ...(options.order && { order: options.order }),\n});\n","import { deserializeEvent } from '../common/serializers';\nimport { Event, EventResponse } from '../common/interfaces';\nimport { SignatureProvider } from '../common/crypto/signature-provider';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\n\nexport class Webhooks {\n private signatureProvider: SignatureProvider;\n\n constructor(cryptoProvider: CryptoProvider) {\n this.signatureProvider = new SignatureProvider(cryptoProvider);\n }\n\n get verifyHeader() {\n return this.signatureProvider.verifyHeader.bind(this.signatureProvider);\n }\n\n get computeSignature() {\n return this.signatureProvider.computeSignature.bind(this.signatureProvider);\n }\n\n get getTimestampAndSignatureHash() {\n return this.signatureProvider.getTimestampAndSignatureHash.bind(\n this.signatureProvider,\n );\n }\n\n async constructEvent({\n payload,\n sigHeader,\n secret,\n tolerance = 180000,\n }: {\n payload: Record<string, unknown>;\n sigHeader: string;\n secret: string;\n tolerance?: number;\n }): Promise<Event> {\n const options = { payload, sigHeader, secret, tolerance };\n await this.verifyHeader(options);\n\n const webhookPayload = payload as unknown as EventResponse;\n\n return deserializeEvent(webhookPayload);\n }\n}\n","export interface PKCEPair {\n codeVerifier: string;\n codeChallenge: string;\n codeChallengeMethod: 'S256';\n}\n\n/**\n * PKCE (Proof Key for Code Exchange) utilities for OAuth 2.0 public clients.\n *\n * Implements RFC 7636 for secure authorization code exchange without a client secret.\n * Used by Electron apps, React Native/mobile apps, CLI tools, and other public clients.\n */\nexport class PKCE {\n /**\n * Generate a cryptographically random code verifier.\n *\n * @param length - Length of verifier (43-128, default 43)\n * @returns RFC 7636 compliant code verifier\n */\n generateCodeVerifier(length: number = 43): string {\n if (length < 43 || length > 128) {\n throw new RangeError(\n `Code verifier length must be between 43 and 128, got ${length}`,\n );\n }\n\n const byteLength = Math.ceil((length * 3) / 4);\n const randomBytes = new Uint8Array(byteLength);\n crypto.getRandomValues(randomBytes);\n\n return this.base64UrlEncode(randomBytes).slice(0, length);\n }\n\n /**\n * Generate S256 code challenge from a verifier.\n *\n * @param verifier - The code verifier\n * @returns Base64URL-encoded SHA256 hash\n */\n async generateCodeChallenge(verifier: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(verifier);\n const hash = await crypto.subtle.digest('SHA-256', data);\n return this.base64UrlEncode(new Uint8Array(hash));\n }\n\n /**\n * Generate a complete PKCE pair (verifier + challenge).\n *\n * @returns Code verifier, challenge, and method ('S256')\n */\n async generate(): Promise<PKCEPair> {\n const codeVerifier = this.generateCodeVerifier();\n const codeChallenge = await this.generateCodeChallenge(codeVerifier);\n return { codeVerifier, codeChallenge, codeChallengeMethod: 'S256' };\n }\n\n private base64UrlEncode(buffer: Uint8Array): string {\n const base64 = btoa(String.fromCharCode(...buffer));\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n }\n}\n","import {\n SerializedValidateApiKeyResponse,\n ValidateApiKeyResponse,\n} from '../interfaces/validate-api-key.interface';\nimport { deserializeApiKey } from './api-key.serializer';\n\nexport function deserializeValidateApiKeyResponse(\n response: SerializedValidateApiKeyResponse,\n): ValidateApiKeyResponse {\n return {\n apiKey: response.api_key ? deserializeApiKey(response.api_key) : null,\n };\n}\n","import { WorkOS } from '../workos';\nimport {\n SerializedValidateApiKeyResponse,\n ValidateApiKeyOptions,\n ValidateApiKeyResponse,\n} from './interfaces/validate-api-key.interface';\nimport { deserializeValidateApiKeyResponse } from './serializers/validate-api-key.serializer';\n\nexport class ApiKeys {\n constructor(private readonly workos: WorkOS) {}\n\n async validateApiKey(\n payload: ValidateApiKeyOptions,\n ): Promise<ValidateApiKeyResponse> {\n const { data } = await this.workos.post<SerializedValidateApiKeyResponse>(\n '/api_keys/validations',\n payload,\n );\n\n return deserializeValidateApiKeyResponse(data);\n }\n\n async deleteApiKey(id: string): Promise<void> {\n await this.workos.delete(`/api_keys/${id}`);\n }\n}\n","import { List, PaginationOptions } from '../interfaces';\n\nexport class AutoPaginatable<\n ResourceType,\n ParametersType extends PaginationOptions = PaginationOptions,\n> {\n readonly object = 'list' as const;\n readonly options: ParametersType;\n\n constructor(\n protected list: List<ResourceType>,\n private apiCall: (params: PaginationOptions) => Promise<List<ResourceType>>,\n options?: ParametersType,\n ) {\n this.options = options ?? ({} as ParametersType);\n }\n\n get data(): ResourceType[] {\n return this.list.data;\n }\n\n get listMetadata() {\n return this.list.listMetadata;\n }\n\n private async *generatePages(\n params: PaginationOptions,\n ): AsyncGenerator<ResourceType[]> {\n const result = await this.apiCall({\n ...this.options,\n limit: 100,\n after: params.after,\n });\n\n yield result.data;\n\n if (result.listMetadata.after) {\n // Delay of 4rps to respect list users rate limits\n await new Promise((resolve) => setTimeout(resolve, 350));\n yield* this.generatePages({ after: result.listMetadata.after });\n }\n }\n\n /**\n * Automatically paginates over the list of results, returning the complete data set.\n * Returns the first result if `options.limit` is passed to the first request.\n */\n async autoPagination(): Promise<ResourceType[]> {\n if (this.options.limit) {\n return this.data;\n }\n\n const results: ResourceType[] = [];\n\n for await (const page of this.generatePages({\n after: this.options.after,\n })) {\n results.push(...page);\n }\n\n return results;\n }\n}\n","import { WorkOS } from '../../workos';\nimport {\n GetOptions,\n List,\n ListResponse,\n PaginationOptions,\n} from '../interfaces';\nimport { deserializeList } from '../serializers';\n\nconst setDefaultOptions = (options?: PaginationOptions): PaginationOptions => {\n return {\n ...options,\n order: options?.order || 'desc',\n };\n};\n\nexport const fetchAndDeserialize = async <T, U>(\n workos: WorkOS,\n endpoint: string,\n deserializeFn: (data: T) => U,\n options?: PaginationOptions,\n requestOptions?: GetOptions,\n): Promise<List<U>> => {\n const { data } = await workos.get<ListResponse<T>>(endpoint, {\n query: setDefaultOptions(options),\n ...requestOptions,\n });\n\n return deserializeList(data, deserializeFn);\n};\n","import { WorkOS } from '../workos';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport {\n DefaultCustomAttributes,\n Directory,\n DirectoryGroup,\n DirectoryGroupResponse,\n DirectoryResponse,\n DirectoryUserWithGroups,\n DirectoryUserWithGroupsResponse,\n ListDirectoriesOptions,\n ListDirectoryGroupsOptions,\n ListDirectoryUsersOptions,\n SerializedListDirectoriesOptions,\n} from './interfaces';\nimport {\n deserializeDirectory,\n deserializeDirectoryGroup,\n deserializeDirectoryUserWithGroups,\n serializeListDirectoriesOptions,\n} from './serializers';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\n\nexport class DirectorySync {\n constructor(private readonly workos: WorkOS) {}\n\n async listDirectories(\n options?: ListDirectoriesOptions,\n ): Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<DirectoryResponse, Directory>(\n this.workos,\n '/directories',\n deserializeDirectory,\n options ? serializeListDirectoriesOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<DirectoryResponse, Directory>(\n this.workos,\n '/directories',\n deserializeDirectory,\n params,\n ),\n options ? serializeListDirectoriesOptions(options) : undefined,\n );\n }\n\n async getDirectory(id: string): Promise<Directory> {\n const { data } = await this.workos.get<DirectoryResponse>(\n `/directories/${id}`,\n );\n\n return deserializeDirectory(data);\n }\n\n async deleteDirectory(id: string) {\n await this.workos.delete(`/directories/${id}`);\n }\n\n async listGroups(\n options: ListDirectoryGroupsOptions,\n ): Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<DirectoryGroupResponse, DirectoryGroup>(\n this.workos,\n '/directory_groups',\n deserializeDirectoryGroup,\n options,\n ),\n (params) =>\n fetchAndDeserialize<DirectoryGroupResponse, DirectoryGroup>(\n this.workos,\n '/directory_groups',\n deserializeDirectoryGroup,\n params,\n ),\n options,\n );\n }\n\n async listUsers<TCustomAttributes extends object = DefaultCustomAttributes>(\n options: ListDirectoryUsersOptions,\n ): Promise<\n AutoPaginatable<\n DirectoryUserWithGroups<TCustomAttributes>,\n ListDirectoryUsersOptions\n >\n > {\n return new AutoPaginatable(\n await fetchAndDeserialize<\n DirectoryUserWithGroupsResponse<TCustomAttributes>,\n DirectoryUserWithGroups<TCustomAttributes>\n >(\n this.workos,\n '/directory_users',\n deserializeDirectoryUserWithGroups,\n options,\n ),\n (params) =>\n fetchAndDeserialize<\n DirectoryUserWithGroupsResponse<TCustomAttributes>,\n DirectoryUserWithGroups<TCustomAttributes>\n >(\n this.workos,\n '/directory_users',\n deserializeDirectoryUserWithGroups,\n params,\n ),\n options,\n );\n }\n\n async getUser<TCustomAttributes extends object = DefaultCustomAttributes>(\n user: string,\n ): Promise<DirectoryUserWithGroups<TCustomAttributes>> {\n const { data } = await this.workos.get<\n DirectoryUserWithGroupsResponse<TCustomAttributes>\n >(`/directory_users/${user}`);\n\n return deserializeDirectoryUserWithGroups(data);\n }\n\n async getGroup(group: string): Promise<DirectoryGroup> {\n const { data } = await this.workos.get<DirectoryGroupResponse>(\n `/directory_groups/${group}`,\n );\n\n return deserializeDirectoryGroup(data);\n }\n}\n","import { ListEventOptions, SerializedListEventOptions } from '../interfaces';\n\nexport const serializeListEventOptions = (\n options: ListEventOptions,\n): SerializedListEventOptions => ({\n events: options.events,\n organization_id: options.organizationId,\n range_start: options.rangeStart,\n range_end: options.rangeEnd,\n limit: options.limit,\n after: options.after,\n});\n","import { WorkOS } from '../workos';\nimport { ListEventOptions } from './interfaces';\nimport { deserializeEvent, deserializeList } from '../common/serializers';\nimport { serializeListEventOptions } from './serializers';\nimport { Event, EventResponse, List, ListResponse } from '../common/interfaces';\n\nexport class Events {\n constructor(private readonly workos: WorkOS) {}\n\n async listEvents(options: ListEventOptions): Promise<List<Event>> {\n const { data } = await this.workos.get<ListResponse<EventResponse>>(\n `/events`,\n {\n query: options ? serializeListEventOptions(options) : undefined,\n },\n );\n\n return deserializeList(data, deserializeEvent);\n }\n}\n","import { OrganizationRoleResponse, Role } from '../interfaces';\n\nexport const deserializeRole = (role: OrganizationRoleResponse): Role => ({\n object: role.object,\n id: role.id,\n name: role.name,\n slug: role.slug,\n description: role.description,\n permissions: role.permissions,\n type: role.type,\n createdAt: role.created_at,\n updatedAt: role.updated_at,\n});\n","import {\n CreateOrganizationApiKeyOptions,\n SerializedCreateOrganizationApiKeyOptions,\n} from '../interfaces/create-organization-api-key-options.interface';\n\nexport function serializeCreateOrganizationApiKeyOptions(\n options: CreateOrganizationApiKeyOptions,\n): SerializedCreateOrganizationApiKeyOptions {\n return {\n name: options.name,\n permissions: options.permissions,\n };\n}\n","import {\n CreatedApiKey,\n SerializedCreatedApiKey,\n} from '../interfaces/created-api-key.interface';\n\nexport function deserializeCreatedApiKey(\n apiKey: SerializedCreatedApiKey,\n): CreatedApiKey {\n return {\n object: apiKey.object,\n id: apiKey.id,\n owner: apiKey.owner,\n name: apiKey.name,\n obfuscatedValue: apiKey.obfuscated_value,\n value: apiKey.value,\n lastUsedAt: apiKey.last_used_at,\n permissions: apiKey.permissions,\n createdAt: apiKey.created_at,\n updatedAt: apiKey.updated_at,\n };\n}\n","import { AutoPaginatable } from '../common/utils/pagination';\nimport { WorkOS } from '../workos';\nimport {\n CreateOrganizationOptions,\n CreateOrganizationRequestOptions,\n ListOrganizationsOptions,\n Organization,\n OrganizationResponse,\n UpdateOrganizationOptions,\n} from './interfaces';\nimport {\n FeatureFlag,\n FeatureFlagResponse,\n} from '../feature-flags/interfaces/feature-flag.interface';\nimport {\n deserializeOrganization,\n serializeCreateOrganizationOptions,\n serializeUpdateOrganizationOptions,\n} from './serializers';\n\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { ListOrganizationRolesResponse, RoleList } from '../roles/interfaces';\nimport { deserializeRole } from '../roles/serializers/role.serializer';\nimport { ListOrganizationRolesOptions } from './interfaces/list-organization-roles-options.interface';\nimport { ListOrganizationFeatureFlagsOptions } from './interfaces/list-organization-feature-flags-options.interface';\nimport { deserializeFeatureFlag } from '../feature-flags/serializers';\nimport {\n ApiKey,\n SerializedApiKey,\n ListOrganizationApiKeysOptions,\n CreateOrganizationApiKeyOptions,\n CreateOrganizationApiKeyRequestOptions,\n CreatedApiKey,\n SerializedCreatedApiKey,\n} from '../api-keys/interfaces';\nimport {\n deserializeApiKey,\n serializeCreateOrganizationApiKeyOptions,\n deserializeCreatedApiKey,\n} from '../api-keys/serializers';\n\nexport class Organizations {\n constructor(private readonly workos: WorkOS) {}\n\n async listOrganizations(\n options?: ListOrganizationsOptions,\n ): Promise<AutoPaginatable<Organization, ListOrganizationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<OrganizationResponse, Organization>(\n this.workos,\n '/organizations',\n deserializeOrganization,\n options,\n ),\n (params) =>\n fetchAndDeserialize<OrganizationResponse, Organization>(\n this.workos,\n '/organizations',\n deserializeOrganization,\n params,\n ),\n options,\n );\n }\n\n async createOrganization(\n payload: CreateOrganizationOptions,\n requestOptions: CreateOrganizationRequestOptions = {},\n ): Promise<Organization> {\n const { data } = await this.workos.post<OrganizationResponse>(\n '/organizations',\n serializeCreateOrganizationOptions(payload),\n requestOptions,\n );\n\n return deserializeOrganization(data);\n }\n\n async deleteOrganization(id: string) {\n await this.workos.delete(`/organizations/${id}`);\n }\n\n async getOrganization(id: string): Promise<Organization> {\n const { data } = await this.workos.get<OrganizationResponse>(\n `/organizations/${id}`,\n );\n\n return deserializeOrganization(data);\n }\n\n async getOrganizationByExternalId(externalId: string): Promise<Organization> {\n const { data } = await this.workos.get<OrganizationResponse>(\n `/organizations/external_id/${externalId}`,\n );\n\n return deserializeOrganization(data);\n }\n\n async updateOrganization(\n options: UpdateOrganizationOptions,\n ): Promise<Organization> {\n const { organization: organizationId, ...payload } = options;\n\n const { data } = await this.workos.put<OrganizationResponse>(\n `/organizations/${organizationId}`,\n serializeUpdateOrganizationOptions(payload),\n );\n\n return deserializeOrganization(data);\n }\n\n async listOrganizationRoles(\n options: ListOrganizationRolesOptions,\n ): Promise<RoleList> {\n const { organizationId } = options;\n\n const { data: response } =\n await this.workos.get<ListOrganizationRolesResponse>(\n `/organizations/${organizationId}/roles`,\n );\n\n return {\n object: 'list',\n data: response.data.map((role) => deserializeRole(role)),\n };\n }\n\n async listOrganizationFeatureFlags(\n options: ListOrganizationFeatureFlagsOptions,\n ): Promise<AutoPaginatable<FeatureFlag>> {\n const { organizationId, ...paginationOptions } = options;\n\n return new AutoPaginatable(\n await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/organizations/${organizationId}/feature-flags`,\n deserializeFeatureFlag,\n paginationOptions,\n ),\n (params) =>\n fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/organizations/${organizationId}/feature-flags`,\n deserializeFeatureFlag,\n params,\n ),\n paginationOptions,\n );\n }\n\n async listOrganizationApiKeys(\n options: ListOrganizationApiKeysOptions,\n ): Promise<AutoPaginatable<ApiKey>> {\n const { organizationId, ...paginationOptions } = options;\n\n return new AutoPaginatable(\n await fetchAndDeserialize<SerializedApiKey, ApiKey>(\n this.workos,\n `/organizations/${organizationId}/api_keys`,\n deserializeApiKey,\n paginationOptions,\n ),\n (params) =>\n fetchAndDeserialize<SerializedApiKey, ApiKey>(\n this.workos,\n `/organizations/${organizationId}/api_keys`,\n deserializeApiKey,\n params,\n ),\n paginationOptions,\n );\n }\n\n async createOrganizationApiKey(\n options: CreateOrganizationApiKeyOptions,\n requestOptions: CreateOrganizationApiKeyRequestOptions = {},\n ): Promise<CreatedApiKey> {\n const { organizationId } = options;\n\n const { data } = await this.workos.post<SerializedCreatedApiKey>(\n `/organizations/${organizationId}/api_keys`,\n serializeCreateOrganizationApiKeyOptions(options),\n requestOptions,\n );\n\n return deserializeCreatedApiKey(data);\n }\n}\n","import {\n CreateOrganizationDomainOptions,\n SerializedCreateOrganizationDomainOptions,\n} from '../interfaces';\n\nexport const serializeCreateOrganizationDomainOptions = (\n options: CreateOrganizationDomainOptions,\n): SerializedCreateOrganizationDomainOptions => ({\n domain: options.domain,\n organization_id: options.organizationId,\n});\n","import { WorkOS } from '../workos';\nimport {\n CreateOrganizationDomainOptions,\n OrganizationDomain,\n OrganizationDomainResponse,\n} from './interfaces';\nimport { serializeCreateOrganizationDomainOptions } from './serializers/create-organization-domain-options.serializer';\nimport { deserializeOrganizationDomain } from './serializers/organization-domain.serializer';\n\nexport class OrganizationDomains {\n constructor(private readonly workos: WorkOS) {}\n\n async get(id: string): Promise<OrganizationDomain> {\n const { data } = await this.workos.get<OrganizationDomainResponse>(\n `/organization_domains/${id}`,\n );\n\n return deserializeOrganizationDomain(data);\n }\n\n async verify(id: string): Promise<OrganizationDomain> {\n const { data } = await this.workos.post<OrganizationDomainResponse>(\n `/organization_domains/${id}/verify`,\n {},\n );\n\n return deserializeOrganizationDomain(data);\n }\n\n async create(\n payload: CreateOrganizationDomainOptions,\n ): Promise<OrganizationDomain> {\n const { data } = await this.workos.post<OrganizationDomainResponse>(\n `/organization_domains`,\n serializeCreateOrganizationDomainOptions(payload),\n );\n\n return deserializeOrganizationDomain(data);\n }\n\n async delete(id: string): Promise<void> {\n await this.workos.delete(`/organization_domains/${id}`);\n }\n}\n","import {\n PasswordlessSession,\n PasswordlessSessionResponse,\n} from '../interfaces';\n\nexport const deserializePasswordlessSession = (\n passwordlessSession: PasswordlessSessionResponse,\n): PasswordlessSession => ({\n id: passwordlessSession.id,\n email: passwordlessSession.email,\n expiresAt: passwordlessSession.expires_at,\n link: passwordlessSession.link,\n object: passwordlessSession.object,\n});\n","import { WorkOS } from '../workos';\nimport {\n CreatePasswordlessSessionOptions,\n PasswordlessSession,\n PasswordlessSessionResponse,\n SendSessionResponse,\n SerializedCreatePasswordlessSessionOptions,\n} from './interfaces';\nimport { deserializePasswordlessSession } from './serializers/passwordless-session.serializer';\n\nexport class Passwordless {\n constructor(private readonly workos: WorkOS) {}\n\n async createSession({\n redirectURI,\n expiresIn,\n ...options\n }: CreatePasswordlessSessionOptions): Promise<PasswordlessSession> {\n const { data } = await this.workos.post<\n PasswordlessSessionResponse,\n SerializedCreatePasswordlessSessionOptions\n >('/passwordless/sessions', {\n ...options,\n redirect_uri: redirectURI,\n expires_in: expiresIn,\n });\n\n return deserializePasswordlessSession(data);\n }\n\n async sendSession(sessionId: string): Promise<SendSessionResponse> {\n const { data } = await this.workos.post(\n `/passwordless/sessions/${sessionId}/send`,\n {},\n );\n return data;\n }\n}\n","import {\n AccessToken,\n SerializedAccessToken,\n} from '../interfaces/access-token.interface';\n\nexport function deserializeAccessToken(\n serialized: SerializedAccessToken,\n): AccessToken {\n return {\n object: 'access_token',\n accessToken: serialized.access_token,\n expiresAt: serialized.expires_at\n ? new Date(Date.parse(serialized.expires_at))\n : null,\n scopes: serialized.scopes,\n missingScopes: serialized.missing_scopes,\n };\n}\n","import {\n GetAccessTokenOptions,\n GetAccessTokenResponse,\n SerializedGetAccessTokenOptions,\n SerializedGetAccessTokenResponse,\n} from '../interfaces/get-access-token.interface';\nimport { deserializeAccessToken } from './access-token.serializer';\n\nexport function serializeGetAccessTokenOptions(\n options: GetAccessTokenOptions,\n): SerializedGetAccessTokenOptions {\n return {\n user_id: options.userId,\n organization_id: options.organizationId,\n };\n}\n\nexport function deserializeGetAccessTokenResponse(\n response: SerializedGetAccessTokenResponse,\n): GetAccessTokenResponse {\n if (response.active) {\n return {\n active: true,\n accessToken: deserializeAccessToken(response.access_token),\n };\n }\n\n return {\n active: false,\n error: response.error,\n };\n}\n","import type { WorkOS } from '../workos';\nimport {\n GetAccessTokenOptions,\n GetAccessTokenResponse,\n SerializedGetAccessTokenResponse,\n} from './interfaces/get-access-token.interface';\nimport {\n serializeGetAccessTokenOptions,\n deserializeGetAccessTokenResponse,\n} from './serializers/get-access-token.serializer';\n\nexport class Pipes {\n constructor(private readonly workos: WorkOS) {}\n\n async getAccessToken({\n provider,\n ...options\n }: GetAccessTokenOptions & {\n provider: string;\n }): Promise<GetAccessTokenResponse> {\n const { data } = await this.workos.post<SerializedGetAccessTokenResponse>(\n `data-integrations/${provider}/token`,\n serializeGetAccessTokenOptions(options),\n );\n\n return deserializeGetAccessTokenResponse(data);\n }\n}\n","import { WorkOS } from '../workos';\nimport { GeneratePortalLinkIntent } from './interfaces/generate-portal-link-intent.interface';\n\nexport class Portal {\n constructor(private readonly workos: WorkOS) {}\n\n async generateLink({\n intent,\n organization,\n returnUrl,\n successUrl,\n }: {\n intent: GeneratePortalLinkIntent;\n organization: string;\n returnUrl?: string;\n successUrl?: string;\n }): Promise<{ link: string }> {\n const { data } = await this.workos.post('/portal/generate_link', {\n intent,\n organization,\n return_url: returnUrl,\n success_url: successUrl,\n });\n\n return data;\n }\n}\n","type QueryValue =\n | string\n | string[]\n | Record<string, string | boolean | number>\n | undefined;\n\n/**\n * Converts options to a query string.\n * - Arrays: scope=read&scope=write (repeat format)\n * - Objects: params[key]=value (bracket notation)\n * - Encoding: RFC1738 (space as +)\n * - Keys sorted alphabetically\n */\nexport function toQueryString(options: Record<string, QueryValue>): string {\n const params: Array<[string, string]> = [];\n const sortedKeys = Object.keys(options).sort((a, b) => a.localeCompare(b));\n\n for (const key of sortedKeys) {\n const value = options[key];\n\n if (value === undefined) {\n continue;\n }\n\n if (Array.isArray(value)) {\n for (const item of value) {\n params.push([key, String(item)]);\n }\n } else if (typeof value === 'object' && value !== null) {\n const sortedSubKeys = Object.keys(value).sort((a, b) =>\n a.localeCompare(b),\n );\n for (const subKey of sortedSubKeys) {\n const subValue = value[subKey];\n if (subValue !== undefined) {\n params.push([`${key}[${subKey}]`, String(subValue)]);\n }\n }\n } else {\n params.push([key, String(value)]);\n }\n }\n\n return params\n .map(([key, value]) => {\n const encodedKey = encodeRFC1738(key);\n const encodedValue = encodeRFC1738(value);\n return `${encodedKey}=${encodedValue}`;\n })\n .join('&');\n}\n\nfunction encodeRFC1738(str: string): string {\n return encodeURIComponent(str)\n .replace(/%20/g, '+')\n .replace(/[!'*]/g, (c) => '%' + c.charCodeAt(0).toString(16).toUpperCase());\n}\n","import { UnknownRecord } from '../common/interfaces/unknown-record.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { toQueryString } from '../common/utils/query-string';\nimport { WorkOS } from '../workos';\nimport {\n Connection,\n ConnectionResponse,\n GetProfileAndTokenOptions,\n GetProfileOptions,\n ListConnectionsOptions,\n Profile,\n ProfileAndToken,\n ProfileAndTokenResponse,\n ProfileResponse,\n SSOAuthorizationURLOptions,\n SSOPKCEAuthorizationURLResult,\n SerializedListConnectionsOptions,\n} from './interfaces';\nimport {\n deserializeConnection,\n deserializeProfile,\n deserializeProfileAndToken,\n serializeListConnectionsOptions,\n} from './serializers';\n\nexport class SSO {\n constructor(private readonly workos: WorkOS) {}\n\n async listConnections(\n options?: ListConnectionsOptions,\n ): Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n options ? serializeListConnectionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<ConnectionResponse, Connection>(\n this.workos,\n '/connections',\n deserializeConnection,\n params,\n ),\n options ? serializeListConnectionsOptions(options) : undefined,\n );\n }\n async deleteConnection(id: string) {\n await this.workos.delete(`/connections/${id}`);\n }\n\n getAuthorizationUrl(options: SSOAuthorizationURLOptions): string {\n const {\n codeChallenge,\n codeChallengeMethod,\n connection,\n clientId,\n domainHint,\n loginHint,\n organization,\n provider,\n providerQueryParams,\n providerScopes,\n redirectUri,\n state,\n } = options;\n\n if (!provider && !connection && !organization) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`,\n );\n }\n\n const query = toQueryString({\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n connection,\n organization,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n });\n\n return `${this.workos.baseURL}/sso/authorize?${query}`;\n }\n\n /**\n * Generates an authorization URL with PKCE parameters automatically generated.\n * Use this for public clients (CLI apps, Electron, mobile) that cannot\n * securely store a client secret.\n *\n * @returns Object containing url, state, and codeVerifier\n *\n * @example\n * ```typescript\n * const { url, state, codeVerifier } = await workos.sso.getAuthorizationUrlWithPKCE({\n * connection: 'conn_123',\n * clientId: 'client_123',\n * redirectUri: 'myapp://callback',\n * });\n *\n * // Store state and codeVerifier securely, then redirect user to url\n * // After callback, exchange the code:\n * const { profile, accessToken } = await workos.sso.getProfileAndToken({\n * code: authorizationCode,\n * codeVerifier,\n * clientId: 'client_123',\n * });\n * ```\n */\n async getAuthorizationUrlWithPKCE(\n options: Omit<\n SSOAuthorizationURLOptions,\n 'codeChallenge' | 'codeChallengeMethod' | 'state'\n >,\n ): Promise<SSOPKCEAuthorizationURLResult> {\n const {\n connection,\n clientId,\n domainHint,\n loginHint,\n organization,\n provider,\n providerQueryParams,\n providerScopes,\n redirectUri,\n } = options;\n\n if (!provider && !connection && !organization) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connection', 'organization', or 'provider'.`,\n );\n }\n\n // Generate PKCE parameters\n const pkce = await this.workos.pkce.generate();\n\n // Generate secure random state\n const state = this.workos.pkce.generateCodeVerifier(43);\n\n const query = toQueryString({\n code_challenge: pkce.codeChallenge,\n code_challenge_method: 'S256',\n connection,\n organization,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n });\n\n const url = `${this.workos.baseURL}/sso/authorize?${query}`;\n\n return { url, state, codeVerifier: pkce.codeVerifier };\n }\n\n async getConnection(id: string): Promise<Connection> {\n const { data } = await this.workos.get<ConnectionResponse>(\n `/connections/${id}`,\n );\n\n return deserializeConnection(data);\n }\n\n /**\n * Exchange an authorization code for a profile and access token.\n *\n * Auto-detects public vs confidential client mode:\n * - If codeVerifier is provided: Uses PKCE flow (public client)\n * - If no codeVerifier: Uses client_secret from API key (confidential client)\n * - If both: Uses both client_secret AND codeVerifier (confidential client with PKCE)\n *\n * Using PKCE with confidential clients is recommended by OAuth 2.1 for defense\n * in depth and provides additional CSRF protection on the authorization flow.\n *\n * @throws Error if neither codeVerifier nor API key is available\n */\n async getProfileAndToken<\n CustomAttributesType extends UnknownRecord = UnknownRecord,\n >({\n code,\n clientId,\n codeVerifier,\n }: GetProfileAndTokenOptions): Promise<\n ProfileAndToken<CustomAttributesType>\n > {\n // Validate codeVerifier is not an empty string (common mistake)\n if (codeVerifier !== undefined && codeVerifier.trim() === '') {\n throw new TypeError(\n 'codeVerifier cannot be an empty string. ' +\n 'Generate a valid PKCE pair using workos.pkce.generate().',\n );\n }\n\n const hasApiKey = !!this.workos.key;\n const hasPKCE = !!codeVerifier;\n\n if (!hasPKCE && !hasApiKey) {\n throw new TypeError(\n 'getProfileAndToken requires either a codeVerifier (for public clients) ' +\n 'or an API key configured on the WorkOS instance (for confidential clients).',\n );\n }\n\n const form = new URLSearchParams({\n client_id: clientId,\n grant_type: 'authorization_code',\n code,\n });\n\n // Support PKCE with confidential clients (OAuth 2.1 best practice)\n // Both can be sent together for defense in depth\n if (hasPKCE) {\n form.set('code_verifier', codeVerifier);\n }\n if (hasApiKey) {\n form.set('client_secret', this.workos.key as string);\n }\n\n const { data } = await this.workos.post<\n ProfileAndTokenResponse<CustomAttributesType>\n >('/sso/token', form, { skipApiKeyCheck: !hasApiKey });\n\n return deserializeProfileAndToken(data);\n }\n\n async getProfile<CustomAttributesType extends UnknownRecord = UnknownRecord>({\n accessToken,\n }: GetProfileOptions): Promise<Profile<CustomAttributesType>> {\n const { data } = await this.workos.get<\n ProfileResponse<CustomAttributesType>\n >('/sso/profile', {\n accessToken,\n });\n\n return deserializeProfile(data);\n }\n}\n","import { Challenge, ChallengeResponse } from '../interfaces';\n\nexport const deserializeChallenge = (\n challenge: ChallengeResponse,\n): Challenge => ({\n object: challenge.object,\n id: challenge.id,\n createdAt: challenge.created_at,\n updatedAt: challenge.updated_at,\n expiresAt: challenge.expires_at,\n code: challenge.code,\n authenticationFactorId: challenge.authentication_factor_id,\n});\n","import { Sms, SmsResponse } from '../interfaces';\n\nexport const deserializeSms = (sms: SmsResponse): Sms => ({\n phoneNumber: sms.phone_number,\n});\n","import {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from '../interfaces';\nimport { deserializeSms } from './sms.serializer';\nimport { deserializeTotp, deserializeTotpWithSecrets } from './totp.serializer';\n\nexport const deserializeFactor = (factor: FactorResponse): Factor => ({\n object: factor.object,\n id: factor.id,\n createdAt: factor.created_at,\n updatedAt: factor.updated_at,\n type: factor.type,\n ...(factor.sms ? { sms: deserializeSms(factor.sms) } : {}),\n ...(factor.totp ? { totp: deserializeTotp(factor.totp) } : {}),\n});\n\nexport const deserializeFactorWithSecrets = (\n factor: FactorWithSecretsResponse,\n): FactorWithSecrets => ({\n object: factor.object,\n id: factor.id,\n createdAt: factor.created_at,\n updatedAt: factor.updated_at,\n type: factor.type,\n ...(factor.sms ? { sms: deserializeSms(factor.sms) } : {}),\n ...(factor.totp ? { totp: deserializeTotpWithSecrets(factor.totp) } : {}),\n});\n","import { VerifyResponse, VerifyResponseResponse } from '../interfaces';\nimport { deserializeChallenge } from './challenge.serializer';\n\nexport const deserializeVerifyResponse = (\n verifyResponse: VerifyResponseResponse,\n): VerifyResponse => ({\n challenge: deserializeChallenge(verifyResponse.challenge),\n valid: verifyResponse.valid,\n});\n","import { WorkOS } from '../workos';\nimport {\n Challenge,\n ChallengeFactorOptions,\n ChallengeResponse,\n EnrollFactorOptions,\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n VerifyChallengeOptions,\n VerifyResponse,\n VerifyResponseResponse,\n} from './interfaces';\nimport {\n deserializeChallenge,\n deserializeFactor,\n deserializeFactorWithSecrets,\n deserializeVerifyResponse,\n} from './serializers';\n\nexport class Mfa {\n constructor(private readonly workos: WorkOS) {}\n\n async deleteFactor(id: string) {\n await this.workos.delete(`/auth/factors/${id}`);\n }\n\n async getFactor(id: string): Promise<Factor> {\n const { data } = await this.workos.get<FactorResponse>(\n `/auth/factors/${id}`,\n );\n\n return deserializeFactor(data);\n }\n\n async enrollFactor(options: EnrollFactorOptions): Promise<FactorWithSecrets> {\n const { data } = await this.workos.post<FactorWithSecretsResponse>(\n '/auth/factors/enroll',\n {\n type: options.type,\n ...(() => {\n switch (options.type) {\n case 'sms':\n return {\n phone_number: options.phoneNumber,\n };\n case 'totp':\n return {\n totp_issuer: options.issuer,\n totp_user: options.user,\n };\n default:\n return {};\n }\n })(),\n },\n );\n\n return deserializeFactorWithSecrets(data);\n }\n\n async challengeFactor(options: ChallengeFactorOptions): Promise<Challenge> {\n const { data } = await this.workos.post<ChallengeResponse>(\n `/auth/factors/${options.authenticationFactorId}/challenge`,\n {\n sms_template:\n 'smsTemplate' in options ? options.smsTemplate : undefined,\n },\n );\n\n return deserializeChallenge(data);\n }\n\n async verifyChallenge(\n options: VerifyChallengeOptions,\n ): Promise<VerifyResponse> {\n const { data } = await this.workos.post<VerifyResponseResponse>(\n `/auth/challenges/${options.authenticationChallengeId}/verify`,\n {\n code: options.code,\n },\n );\n\n return deserializeVerifyResponse(data);\n }\n}\n","import { AuditLogExport, AuditLogExportResponse } from '../interfaces';\n\nexport const deserializeAuditLogExport = (\n auditLogExport: AuditLogExportResponse,\n): AuditLogExport => ({\n object: auditLogExport.object,\n id: auditLogExport.id,\n state: auditLogExport.state,\n url: auditLogExport.url,\n createdAt: auditLogExport.created_at,\n updatedAt: auditLogExport.updated_at,\n});\n","import {\n AuditLogExportOptions,\n SerializedAuditLogExportOptions,\n} from '../interfaces';\n\nexport const serializeAuditLogExportOptions = (\n options: AuditLogExportOptions,\n): SerializedAuditLogExportOptions => ({\n actions: options.actions,\n actor_names: options.actorNames,\n actor_ids: options.actorIds,\n organization_id: options.organizationId,\n range_end: options.rangeEnd.toISOString(),\n range_start: options.rangeStart.toISOString(),\n targets: options.targets,\n});\n","import {\n CreateAuditLogEventOptions,\n SerializedCreateAuditLogEventOptions,\n} from '../interfaces';\n\nexport const serializeCreateAuditLogEventOptions = (\n event: CreateAuditLogEventOptions,\n): SerializedCreateAuditLogEventOptions => ({\n action: event.action,\n version: event.version,\n occurred_at: event.occurredAt.toISOString(),\n actor: event.actor,\n targets: event.targets,\n context: {\n location: event.context.location,\n user_agent: event.context.userAgent,\n },\n metadata: event.metadata,\n});\n","import {\n AuditLogSchemaMetadata,\n CreateAuditLogSchemaOptions,\n SerializedCreateAuditLogSchemaOptions,\n} from '../interfaces';\n\nfunction serializeMetadata(\n metadata: Record<string, string | number | boolean> | undefined,\n) {\n if (!metadata) {\n return {};\n }\n\n const serializedMetadata: AuditLogSchemaMetadata = {};\n\n Object.keys(metadata).forEach((key) => {\n serializedMetadata[key] = {\n type: metadata[key] as 'string' | 'number' | 'boolean',\n };\n });\n\n return serializedMetadata;\n}\n\nexport const serializeCreateAuditLogSchemaOptions = (\n schema: CreateAuditLogSchemaOptions,\n): SerializedCreateAuditLogSchemaOptions => ({\n actor: {\n metadata: {\n type: 'object',\n properties: serializeMetadata(schema.actor?.metadata),\n },\n },\n targets: schema.targets.map((target) => {\n return {\n type: target.type,\n metadata: target.metadata\n ? {\n type: 'object',\n properties: serializeMetadata(target.metadata),\n }\n : undefined,\n };\n }),\n metadata: schema.metadata\n ? {\n type: 'object',\n properties: serializeMetadata(schema.metadata),\n }\n : undefined,\n});\n","import { AuditLogSchema, CreateAuditLogSchemaResponse } from '../interfaces';\n\nfunction deserializeMetadata(metadata: {\n properties?: Record<string, { type: string | number | boolean }>;\n}): Record<string, string | number | boolean> {\n if (!metadata || !metadata.properties) {\n return {};\n }\n\n const deserializedMetadata: Record<string, string | number | boolean> = {};\n\n Object.keys(metadata.properties).forEach((key) => {\n if (metadata.properties) {\n deserializedMetadata[key] = metadata.properties[key].type;\n }\n });\n\n return deserializedMetadata;\n}\n\nexport const deserializeAuditLogSchema = (\n auditLogSchema: CreateAuditLogSchemaResponse,\n): AuditLogSchema => ({\n object: auditLogSchema.object,\n version: auditLogSchema.version,\n targets: auditLogSchema.targets.map((target) => {\n return {\n type: target.type,\n metadata: target.metadata\n ? deserializeMetadata(target.metadata)\n : undefined,\n };\n }),\n actor: {\n metadata: deserializeMetadata(auditLogSchema.actor?.metadata),\n },\n metadata: auditLogSchema.metadata\n ? deserializeMetadata(auditLogSchema.metadata)\n : undefined,\n createdAt: auditLogSchema.created_at,\n});\n","import { WorkOS } from '../workos';\nimport {\n CreateAuditLogEventOptions,\n CreateAuditLogEventRequestOptions,\n} from './interfaces';\nimport { AuditLogExportOptions } from './interfaces/audit-log-export-options.interface';\nimport {\n AuditLogExport,\n AuditLogExportResponse,\n} from './interfaces/audit-log-export.interface';\nimport {\n AuditLogSchema,\n CreateAuditLogSchemaOptions,\n CreateAuditLogSchemaRequestOptions,\n CreateAuditLogSchemaResponse,\n} from './interfaces/create-audit-log-schema-options.interface';\nimport {\n deserializeAuditLogExport,\n serializeAuditLogExportOptions,\n serializeCreateAuditLogEventOptions,\n serializeCreateAuditLogSchemaOptions,\n deserializeAuditLogSchema,\n} from './serializers';\n\nexport class AuditLogs {\n constructor(private readonly workos: WorkOS) {}\n\n async createEvent(\n organization: string,\n event: CreateAuditLogEventOptions,\n options: CreateAuditLogEventRequestOptions = {},\n ): Promise<void> {\n // Auto-generate idempotency key if not provided\n const optionsWithIdempotency: CreateAuditLogEventRequestOptions = {\n ...options,\n idempotencyKey:\n options.idempotencyKey ||\n `workos-node-${globalThis.crypto.randomUUID()}`,\n };\n\n await this.workos.post(\n '/audit_logs/events',\n {\n event: serializeCreateAuditLogEventOptions(event),\n organization_id: organization,\n },\n optionsWithIdempotency,\n );\n }\n\n async createExport(options: AuditLogExportOptions): Promise<AuditLogExport> {\n const { data } = await this.workos.post<AuditLogExportResponse>(\n '/audit_logs/exports',\n serializeAuditLogExportOptions(options),\n );\n\n return deserializeAuditLogExport(data);\n }\n\n async getExport(auditLogExportId: string): Promise<AuditLogExport> {\n const { data } = await this.workos.get<AuditLogExportResponse>(\n `/audit_logs/exports/${auditLogExportId}`,\n );\n\n return deserializeAuditLogExport(data);\n }\n\n async createSchema(\n schema: CreateAuditLogSchemaOptions,\n options: CreateAuditLogSchemaRequestOptions = {},\n ): Promise<AuditLogSchema> {\n const { data } = await this.workos.post<CreateAuditLogSchemaResponse>(\n `/audit_logs/actions/${schema.action}/schemas`,\n serializeCreateAuditLogSchemaOptions(schema),\n options,\n );\n\n return deserializeAuditLogSchema(data);\n }\n}\n","const objectToString = Object.prototype.toString;\nconst uint8ArrayStringified = '[object Uint8Array]';\nconst arrayBufferStringified = '[object ArrayBuffer]';\n\nfunction isType(value, typeConstructor, typeStringified) {\n\tif (!value) {\n\t\treturn false;\n\t}\n\n\tif (value.constructor === typeConstructor) {\n\t\treturn true;\n\t}\n\n\treturn objectToString.call(value) === typeStringified;\n}\n\nexport function isUint8Array(value) {\n\treturn isType(value, Uint8Array, uint8ArrayStringified);\n}\n\nfunction isArrayBuffer(value) {\n\treturn isType(value, ArrayBuffer, arrayBufferStringified);\n}\n\nfunction isUint8ArrayOrArrayBuffer(value) {\n\treturn isUint8Array(value) || isArrayBuffer(value);\n}\n\nexport function assertUint8Array(value) {\n\tif (!isUint8Array(value)) {\n\t\tthrow new TypeError(`Expected \\`Uint8Array\\`, got \\`${typeof value}\\``);\n\t}\n}\n\nexport function assertUint8ArrayOrArrayBuffer(value) {\n\tif (!isUint8ArrayOrArrayBuffer(value)) {\n\t\tthrow new TypeError(`Expected \\`Uint8Array\\` or \\`ArrayBuffer\\`, got \\`${typeof value}\\``);\n\t}\n}\n\nexport function toUint8Array(value) {\n\tif (value instanceof ArrayBuffer) {\n\t\treturn new Uint8Array(value);\n\t}\n\n\tif (ArrayBuffer.isView(value)) {\n\t\treturn new Uint8Array(value.buffer, value.byteOffset, value.byteLength);\n\t}\n\n\tthrow new TypeError(`Unsupported value, got \\`${typeof value}\\`.`);\n}\n\nexport function concatUint8Arrays(arrays, totalLength) {\n\tif (arrays.length === 0) {\n\t\treturn new Uint8Array(0);\n\t}\n\n\ttotalLength ??= arrays.reduce((accumulator, currentValue) => accumulator + currentValue.length, 0);\n\n\tconst returnValue = new Uint8Array(totalLength);\n\n\tlet offset = 0;\n\tfor (const array of arrays) {\n\t\tassertUint8Array(array);\n\t\treturnValue.set(array, offset);\n\t\toffset += array.length;\n\t}\n\n\treturn returnValue;\n}\n\nexport function areUint8ArraysEqual(a, b) {\n\tassertUint8Array(a);\n\tassertUint8Array(b);\n\n\tif (a === b) {\n\t\treturn true;\n\t}\n\n\tif (a.length !== b.length) {\n\t\treturn false;\n\t}\n\n\t// eslint-disable-next-line unicorn/no-for-loop\n\tfor (let index = 0; index < a.length; index++) {\n\t\tif (a[index] !== b[index]) {\n\t\t\treturn false;\n\t\t}\n\t}\n\n\treturn true;\n}\n\nexport function compareUint8Arrays(a, b) {\n\tassertUint8Array(a);\n\tassertUint8Array(b);\n\n\tconst length = Math.min(a.length, b.length);\n\n\tfor (let index = 0; index < length; index++) {\n\t\tconst diff = a[index] - b[index];\n\t\tif (diff !== 0) {\n\t\t\treturn Math.sign(diff);\n\t\t}\n\t}\n\n\t// At this point, all the compared elements are equal.\n\t// The shorter array should come first if the arrays are of different lengths.\n\treturn Math.sign(a.length - b.length);\n}\n\nconst cachedDecoders = {\n\tutf8: new globalThis.TextDecoder('utf8'),\n};\n\nexport function uint8ArrayToString(array, encoding = 'utf8') {\n\tassertUint8ArrayOrArrayBuffer(array);\n\tcachedDecoders[encoding] ??= new globalThis.TextDecoder(encoding);\n\treturn cachedDecoders[encoding].decode(array);\n}\n\nfunction assertString(value) {\n\tif (typeof value !== 'string') {\n\t\tthrow new TypeError(`Expected \\`string\\`, got \\`${typeof value}\\``);\n\t}\n}\n\nconst cachedEncoder = new globalThis.TextEncoder();\n\nexport function stringToUint8Array(string) {\n\tassertString(string);\n\treturn cachedEncoder.encode(string);\n}\n\nfunction base64ToBase64Url(base64) {\n\treturn base64.replaceAll('+', '-').replaceAll('/', '_').replace(/=+$/, '');\n}\n\nfunction base64UrlToBase64(base64url) {\n\tconst base64 = base64url.replaceAll('-', '+').replaceAll('_', '/');\n\tconst padding = (4 - (base64.length % 4)) % 4;\n\treturn base64 + '='.repeat(padding);\n}\n\n// Reference: https://phuoc.ng/collection/this-vs-that/concat-vs-push/\n// Important: Keep this value divisible by 3 so intermediate chunks produce no Base64 padding.\nconst MAX_BLOCK_SIZE = 65_535;\n\nexport function uint8ArrayToBase64(array, {urlSafe = false} = {}) {\n\tassertUint8Array(array);\n\n\tlet base64 = '';\n\n\tfor (let index = 0; index < array.length; index += MAX_BLOCK_SIZE) {\n\t\tconst chunk = array.subarray(index, index + MAX_BLOCK_SIZE);\n\t\t// Required as `btoa` and `atob` don't properly support Unicode: https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem\n\t\tbase64 += globalThis.btoa(String.fromCodePoint.apply(undefined, chunk));\n\t}\n\n\treturn urlSafe ? base64ToBase64Url(base64) : base64;\n}\n\nexport function base64ToUint8Array(base64String) {\n\tassertString(base64String);\n\treturn Uint8Array.from(globalThis.atob(base64UrlToBase64(base64String)), x => x.codePointAt(0));\n}\n\nexport function stringToBase64(string, {urlSafe = false} = {}) {\n\tassertString(string);\n\treturn uint8ArrayToBase64(stringToUint8Array(string), {urlSafe});\n}\n\nexport function base64ToString(base64String) {\n\tassertString(base64String);\n\treturn uint8ArrayToString(base64ToUint8Array(base64String));\n}\n\nconst byteToHexLookupTable = Array.from({length: 256}, (_, index) => index.toString(16).padStart(2, '0'));\n\nexport function uint8ArrayToHex(array) {\n\tassertUint8Array(array);\n\n\t// Concatenating a string is faster than using an array.\n\tlet hexString = '';\n\n\t// eslint-disable-next-line unicorn/no-for-loop -- Max performance is critical.\n\tfor (let index = 0; index < array.length; index++) {\n\t\thexString += byteToHexLookupTable[array[index]];\n\t}\n\n\treturn hexString;\n}\n\nconst hexToDecimalLookupTable = {\n\t0: 0,\n\t1: 1,\n\t2: 2,\n\t3: 3,\n\t4: 4,\n\t5: 5,\n\t6: 6,\n\t7: 7,\n\t8: 8,\n\t9: 9,\n\ta: 10,\n\tb: 11,\n\tc: 12,\n\td: 13,\n\te: 14,\n\tf: 15,\n\tA: 10,\n\tB: 11,\n\tC: 12,\n\tD: 13,\n\tE: 14,\n\tF: 15,\n};\n\nexport function hexToUint8Array(hexString) {\n\tassertString(hexString);\n\n\tif (hexString.length % 2 !== 0) {\n\t\tthrow new Error('Invalid Hex string length.');\n\t}\n\n\tconst resultLength = hexString.length / 2;\n\tconst bytes = new Uint8Array(resultLength);\n\n\tfor (let index = 0; index < resultLength; index++) {\n\t\tconst highNibble = hexToDecimalLookupTable[hexString[index * 2]];\n\t\tconst lowNibble = hexToDecimalLookupTable[hexString[(index * 2) + 1]];\n\n\t\tif (highNibble === undefined || lowNibble === undefined) {\n\t\t\tthrow new Error(`Invalid Hex character encountered at position ${index * 2}`);\n\t\t}\n\n\t\tbytes[index] = (highNibble << 4) | lowNibble; // eslint-disable-line no-bitwise\n\t}\n\n\treturn bytes;\n}\n\n/**\n@param {DataView} view\n@returns {number}\n*/\nexport function getUintBE(view) {\n\tconst {byteLength} = view;\n\n\tif (byteLength === 6) {\n\t\treturn (view.getUint16(0) * (2 ** 32)) + view.getUint32(2);\n\t}\n\n\tif (byteLength === 5) {\n\t\treturn (view.getUint8(0) * (2 ** 32)) + view.getUint32(1);\n\t}\n\n\tif (byteLength === 4) {\n\t\treturn view.getUint32(0);\n\t}\n\n\tif (byteLength === 3) {\n\t\treturn (view.getUint8(0) * (2 ** 16)) + view.getUint16(1);\n\t}\n\n\tif (byteLength === 2) {\n\t\treturn view.getUint16(0);\n\t}\n\n\tif (byteLength === 1) {\n\t\treturn view.getUint8(0);\n\t}\n}\n\n/**\n@param {Uint8Array} array\n@param {Uint8Array} value\n@returns {number}\n*/\nexport function indexOf(array, value) {\n\tconst arrayLength = array.length;\n\tconst valueLength = value.length;\n\n\tif (valueLength === 0) {\n\t\treturn -1;\n\t}\n\n\tif (valueLength > arrayLength) {\n\t\treturn -1;\n\t}\n\n\tconst validOffsetLength = arrayLength - valueLength;\n\n\tfor (let index = 0; index <= validOffsetLength; index++) {\n\t\tlet isMatch = true;\n\t\tfor (let index2 = 0; index2 < valueLength; index2++) {\n\t\t\tif (array[index + index2] !== value[index2]) {\n\t\t\t\tisMatch = false;\n\t\t\t\tbreak;\n\t\t\t}\n\t\t}\n\n\t\tif (isMatch) {\n\t\t\treturn index;\n\t\t}\n\t}\n\n\treturn -1;\n}\n\n/**\n@param {Uint8Array} array\n@param {Uint8Array} value\n@returns {boolean}\n*/\nexport function includes(array, value) {\n\treturn indexOf(array, value) !== -1;\n}\n","/* @ts-self-types=\"./index.d.ts\" */\nimport { base64ToUint8Array, uint8ArrayToBase64, uint8ArrayToHex } from \"uint8array-extras\";\nfunction losslessJsonStringify(data) {\n\ttry {\n\t\tif (isJson(data)) {\n\t\t\tlet stringified = JSON.stringify(data);\n\t\t\tif (stringified) return stringified;\n\t\t}\n\t} catch {}\n\tthrow Error(\"Data is not JSON serializable\");\n}\nfunction jsonParse(string) {\n\ttry {\n\t\treturn JSON.parse(string);\n\t} catch (err) {\n\t\tthrow Error(\"Failed parsing sealed object JSON: \" + err.message);\n\t}\n}\nfunction isJson(val) {\n\tlet stack = [], seen = /* @__PURE__ */ new WeakSet(), check = (val$1) => val$1 === null || typeof val$1 == \"string\" || typeof val$1 == \"boolean\" ? !0 : typeof val$1 == \"number\" ? Number.isFinite(val$1) : typeof val$1 == \"object\" ? seen.has(val$1) ? !0 : (seen.add(val$1), stack.push(val$1), !0) : !1;\n\tif (!check(val)) return !1;\n\tfor (; stack.length;) {\n\t\tlet obj = stack.pop();\n\t\tif (Array.isArray(obj)) {\n\t\t\tlet i$1 = obj.length;\n\t\t\tfor (; i$1--;) if (!check(obj[i$1])) return !1;\n\t\t\tcontinue;\n\t\t}\n\t\tlet proto = Reflect.getPrototypeOf(obj);\n\t\tif (proto !== null && proto !== Object.prototype) return !1;\n\t\tlet keys = Reflect.ownKeys(obj), i = keys.length;\n\t\tfor (; i--;) {\n\t\t\tlet key = keys[i];\n\t\t\tif (typeof key != \"string\" || Reflect.getOwnPropertyDescriptor(obj, key)?.enumerable === !1) return !1;\n\t\t\tlet val$1 = obj[key];\n\t\t\tif (val$1 !== void 0 && !check(val$1)) return !1;\n\t\t}\n\t}\n\treturn !0;\n}\nconst enc = /* @__PURE__ */ new TextEncoder(), dec = /* @__PURE__ */ new TextDecoder(), jsBase64Enabled = /* @__PURE__ */ (() => typeof Uint8Array.fromBase64 == \"function\" && typeof Uint8Array.prototype.toBase64 == \"function\" && typeof Uint8Array.prototype.toHex == \"function\")();\nfunction b64ToU8(str) {\n\treturn jsBase64Enabled ? Uint8Array.fromBase64(str, { alphabet: \"base64url\" }) : base64ToUint8Array(str);\n}\nfunction u8ToB64(arr) {\n\treturn arr = arr instanceof ArrayBuffer ? new Uint8Array(arr) : arr, jsBase64Enabled ? arr.toBase64({\n\t\talphabet: \"base64url\",\n\t\tomitPadding: !0\n\t}) : uint8ArrayToBase64(arr, { urlSafe: !0 });\n}\nfunction u8ToHex(arr) {\n\treturn arr = arr instanceof ArrayBuffer ? new Uint8Array(arr) : arr, jsBase64Enabled ? arr.toHex() : uint8ArrayToHex(arr);\n}\nconst defaults = /* @__PURE__ */ Object.freeze({\n\tencryption: /* @__PURE__ */ Object.freeze({\n\t\talgorithm: \"aes-256-cbc\",\n\t\tsaltBits: 256,\n\t\titerations: 1,\n\t\tminPasswordlength: 32\n\t}),\n\tintegrity: /* @__PURE__ */ Object.freeze({\n\t\talgorithm: \"sha256\",\n\t\tsaltBits: 256,\n\t\titerations: 1,\n\t\tminPasswordlength: 32\n\t}),\n\tttl: 0,\n\ttimestampSkewSec: 60,\n\tlocaltimeOffsetMsec: 0\n});\nfunction clone(options) {\n\treturn {\n\t\t...options,\n\t\tencryption: { ...options.encryption },\n\t\tintegrity: { ...options.integrity }\n\t};\n}\nconst algorithms = /* @__PURE__ */ Object.freeze({\n\t\"aes-128-ctr\": /* @__PURE__ */ Object.freeze({\n\t\tkeyBits: 128,\n\t\tivBits: 128,\n\t\tname: \"AES-CTR\"\n\t}),\n\t\"aes-256-cbc\": /* @__PURE__ */ Object.freeze({\n\t\tkeyBits: 256,\n\t\tivBits: 128,\n\t\tname: \"AES-CBC\"\n\t}),\n\tsha256: /* @__PURE__ */ Object.freeze({\n\t\tkeyBits: 256,\n\t\tivBits: void 0,\n\t\tname: \"SHA-256\"\n\t})\n}), macFormatVersion = \"2\", macPrefix = \"Fe26.2\";\nfunction randomBits(bits) {\n\treturn crypto.getRandomValues(new Uint8Array(bits / 8));\n}\nasync function generateKey(password, options) {\n\tif (!password || !password.length) throw Error(\"Empty password\");\n\tif (!options || typeof options != \"object\") throw Error(\"Bad options\");\n\tlet algorithm = algorithms[options.algorithm];\n\tif (!algorithm) throw Error(\"Unknown algorithm: \" + options.algorithm);\n\tlet isHmac = algorithm.name === \"SHA-256\", id = isHmac ? {\n\t\tname: \"HMAC\",\n\t\thash: algorithm.name,\n\t\tlength: algorithm.keyBits\n\t} : {\n\t\tname: algorithm.name,\n\t\tlength: algorithm.keyBits\n\t}, usages = isHmac ? [\"sign\", \"verify\"] : [\"encrypt\", \"decrypt\"], iv = options.iv || (algorithm.ivBits ? randomBits(algorithm.ivBits) : void 0);\n\tif (typeof password == \"string\") {\n\t\tif (password.length < options.minPasswordlength) throw Error(\"Password string too short (min \" + options.minPasswordlength + \" characters required)\");\n\t\tlet salt = options.salt;\n\t\tif (!salt) {\n\t\t\tif (!options.saltBits) throw Error(\"Missing salt and saltBits options\");\n\t\t\tsalt = u8ToHex(randomBits(options.saltBits));\n\t\t}\n\t\tlet baseKey = await crypto.subtle.importKey(\"raw\", enc.encode(password), \"PBKDF2\", !1, [\"deriveKey\"]), algorithm$1 = {\n\t\t\tname: \"PBKDF2\",\n\t\t\tsalt: enc.encode(salt),\n\t\t\titerations: options.iterations,\n\t\t\thash: \"SHA-1\"\n\t\t};\n\t\treturn {\n\t\t\tkey: await crypto.subtle.deriveKey(algorithm$1, baseKey, id, !1, usages),\n\t\t\tiv,\n\t\t\tsalt\n\t\t};\n\t}\n\tif (password.length < algorithm.keyBits / 8) throw Error(\"Key buffer (password) too small\");\n\treturn {\n\t\tkey: await crypto.subtle.importKey(\"raw\", password.slice(), id, !1, usages),\n\t\tiv,\n\t\tsalt: \"\"\n\t};\n}\nfunction getEncryptParams(algorithm, key, data) {\n\treturn [\n\t\talgorithm === \"aes-128-ctr\" ? {\n\t\t\tname: \"AES-CTR\",\n\t\t\tcounter: key.iv,\n\t\t\tlength: 128\n\t\t} : {\n\t\t\tname: \"AES-CBC\",\n\t\t\tiv: key.iv\n\t\t},\n\t\tkey.key,\n\t\ttypeof data == \"string\" ? enc.encode(data) : data.slice()\n\t];\n}\nasync function encrypt(password, options, data) {\n\tlet key = await generateKey(password, options), encrypted = await crypto.subtle.encrypt(...getEncryptParams(options.algorithm, key, data));\n\treturn {\n\t\tencrypted: new Uint8Array(encrypted),\n\t\tkey\n\t};\n}\nasync function decrypt(password, options, data) {\n\tlet key = await generateKey(password, options), decrypted = await crypto.subtle.decrypt(...getEncryptParams(options.algorithm, key, data));\n\treturn dec.decode(decrypted);\n}\nasync function hmacWithPassword(password, options, data) {\n\tlet key = await generateKey(password, options);\n\treturn {\n\t\tdigest: u8ToB64(await crypto.subtle.sign(\"HMAC\", key.key, enc.encode(data))),\n\t\tsalt: key.salt\n\t};\n}\nfunction normalizePassword(password) {\n\tlet normalized = typeof password == \"string\" || password instanceof Uint8Array ? {\n\t\tencryption: password,\n\t\tintegrity: password\n\t} : password && typeof password == \"object\" ? \"secret\" in password ? {\n\t\tid: password.id,\n\t\tencryption: password.secret,\n\t\tintegrity: password.secret\n\t} : {\n\t\tid: password.id,\n\t\tencryption: password.encryption,\n\t\tintegrity: password.integrity\n\t} : void 0;\n\tif (!normalized || !normalized.encryption || normalized.encryption.length === 0 || !normalized.integrity || normalized.integrity.length === 0) throw Error(\"Empty password\");\n\treturn normalized;\n}\nasync function seal(object, password, options) {\n\tlet now = Date.now() + (options.localtimeOffsetMsec || 0), { id = \"\", encryption, integrity } = normalizePassword(password);\n\tif (id && !/^\\w+$/.test(id)) throw Error(\"Invalid password id\");\n\tlet { encrypted, key } = await encrypt(encryption, options.encryption, (options.encode || losslessJsonStringify)(object)), expiration = options.ttl ? now + options.ttl : \"\", macBaseString = macPrefix + \"*\" + id + \"*\" + key.salt + \"*\" + u8ToB64(key.iv) + \"*\" + u8ToB64(encrypted) + \"*\" + expiration, mac = await hmacWithPassword(integrity, options.integrity, macBaseString);\n\treturn macBaseString + \"*\" + mac.salt + \"*\" + mac.digest;\n}\nasync function unseal(sealed, password, options) {\n\tlet now = Date.now() + (options.localtimeOffsetMsec || 0), parts = sealed.split(\"*\");\n\tif (parts.length !== 8) throw Error(\"Incorrect number of sealed components\");\n\tlet [prefix, passwordId, encryptionSalt, ivB64, encryptedB64, expiration, hmacSalt, hmacDigestB64] = parts;\n\tif (prefix !== macPrefix) throw Error(\"Wrong mac prefix\");\n\tif (expiration) {\n\t\tif (!/^[1-9]\\d*$/.test(expiration)) throw Error(\"Invalid expiration\");\n\t\tif (Number.parseInt(expiration, 10) <= now - options.timestampSkewSec * 1e3) throw Error(\"Expired seal\");\n\t}\n\tlet pass;\n\tif (typeof password == \"string\" || password instanceof Uint8Array) pass = password;\n\telse if (typeof password == \"object\" && password) {\n\t\tlet passwordIdKey = passwordId || \"default\";\n\t\tif (pass = password[passwordIdKey], !pass) throw Error(\"Cannot find password: \" + passwordIdKey);\n\t}\n\tpass = normalizePassword(pass);\n\tlet key = await generateKey(pass.integrity, {\n\t\t...options.integrity,\n\t\tsalt: hmacSalt\n\t}), macBaseString = prefix + \"*\" + passwordId + \"*\" + encryptionSalt + \"*\" + ivB64 + \"*\" + encryptedB64 + \"*\" + expiration;\n\tif (!await crypto.subtle.verify(\"HMAC\", key.key, b64ToU8(hmacDigestB64), enc.encode(macBaseString))) throw Error(\"Bad hmac value\");\n\tlet decryptedString = await decrypt(pass.encryption, {\n\t\t...options.encryption,\n\t\tsalt: encryptionSalt,\n\t\tiv: b64ToU8(ivB64)\n\t}, b64ToU8(encryptedB64));\n\treturn (options.decode || jsonParse)(decryptedString);\n}\nexport { algorithms, clone, decrypt, defaults, encrypt, generateKey, hmacWithPassword, macFormatVersion, macPrefix, randomBits, seal, unseal };\n","import {\n seal as ironSeal,\n unseal as ironUnseal,\n defaults,\n} from 'iron-webcrypto';\n\nconst VERSION_DELIMITER = '~';\nconst CURRENT_MAJOR_VERSION = 2;\n\ninterface SealOptions {\n password: string;\n}\n\ninterface UnsealOptions {\n password: string;\n}\n\nfunction parseSeal(seal: string): {\n sealWithoutVersion: string;\n tokenVersion: number | null;\n} {\n const [sealWithoutVersion = '', tokenVersionAsString] =\n seal.split(VERSION_DELIMITER);\n const tokenVersion =\n tokenVersionAsString == null ? null : parseInt(tokenVersionAsString, 10);\n return { sealWithoutVersion, tokenVersion };\n}\n\nexport async function sealData(\n data: unknown,\n { password }: SealOptions,\n): Promise<string> {\n const passwordObj = {\n id: '1',\n secret: password,\n };\n\n const seal = await ironSeal(data, passwordObj, {\n ...defaults,\n ttl: 0,\n encode: JSON.stringify,\n });\n\n return `${seal}${VERSION_DELIMITER}${CURRENT_MAJOR_VERSION}`;\n}\n\nexport async function unsealData<T = unknown>(\n encryptedData: string,\n { password }: UnsealOptions,\n): Promise<T> {\n const { sealWithoutVersion, tokenVersion } = parseSeal(encryptedData);\n\n const passwordMap = { 1: password };\n\n let data: unknown;\n try {\n data =\n (await ironUnseal(sealWithoutVersion, passwordMap, {\n ...defaults,\n ttl: 0,\n })) ?? {};\n } catch (error) {\n if (\n error instanceof Error &&\n /^(Expired seal|Bad hmac value|Cannot find password|Incorrect number of sealed components|Wrong mac prefix)/.test(\n error.message,\n )\n ) {\n return {} as T;\n }\n throw error;\n }\n\n if (tokenVersion === 2) {\n return data as T;\n } else if (tokenVersion !== null) {\n const record = data as Record<string, unknown>;\n return (record.persistent ?? data) as T;\n }\n\n return data as T;\n}\n","/**\n * Cross-runtime environment variable helper\n */\n\ntype Runtime =\n | 'node'\n | 'deno'\n | 'bun'\n | 'cloudflare'\n | 'fastly'\n | 'edge-light'\n | 'other';\n\nlet detectedRuntime: Runtime | null = null;\n\n/**\n * Detect the current runtime environment.\n * This function checks for various runtime environments such as Node.js, Deno, Bun, Cloudflare Workers, Fastly, and Edge Light.\n * It returns a string representing the detected runtime and caches the result for future calls.\n * @returns The detected runtime environment as a string.\n */\nexport function detectRuntime(): Runtime {\n if (detectedRuntime) {\n return detectedRuntime;\n }\n\n const global = globalThis as any;\n\n if (typeof process !== 'undefined' && process.release?.name === 'node') {\n detectedRuntime = 'node';\n } else if (typeof global.Deno !== 'undefined') {\n detectedRuntime = 'deno';\n } else if (\n typeof navigator !== 'undefined' &&\n navigator.userAgent?.includes('Bun')\n ) {\n detectedRuntime = 'bun';\n } else if (\n typeof navigator !== 'undefined' &&\n navigator.userAgent?.includes('Cloudflare')\n ) {\n detectedRuntime = 'cloudflare';\n } else if (typeof global !== 'undefined' && 'fastly' in global) {\n detectedRuntime = 'fastly';\n } else if (typeof global !== 'undefined' && 'EdgeRuntime' in global) {\n detectedRuntime = 'edge-light';\n } else {\n detectedRuntime = 'other';\n }\n\n return detectedRuntime;\n}\n\nfunction getEnvironmentVariable(key: string): string | undefined {\n const runtime = detectRuntime();\n const global = globalThis as any;\n\n try {\n switch (runtime) {\n case 'node':\n case 'bun':\n case 'edge-light':\n return process.env[key];\n\n case 'deno':\n return global.Deno.env.get(key);\n\n case 'cloudflare':\n return global.env?.[key] ?? global[key];\n\n case 'fastly':\n return global[key];\n\n default:\n return process?.env?.[key] ?? global.env?.[key] ?? global[key];\n }\n } catch {\n return undefined;\n }\n}\n\n/**\n * Get an environment variable value, trying to access it in different runtimes.\n * @param key - The name of the environment variable.\n * @param defaultValue - The default value to return if the variable is not found.\n * @return The value of the environment variable or the default value.\n */\nexport function getEnv<T = string>(\n key: string,\n defaultValue?: T,\n): string | T | undefined {\n return getEnvironmentVariable(key) ?? defaultValue;\n}\n","import { AuthenticationResponse } from './authentication-response.interface';\nimport { Impersonator } from './impersonator.interface';\nimport { User } from './user.interface';\n\nexport interface AuthenticateWithSessionCookieOptions {\n sessionData: string;\n cookiePassword?: string;\n}\n\nexport interface AccessToken {\n sid: string;\n org_id?: string;\n role?: string;\n roles?: string[];\n permissions?: string[];\n entitlements?: string[];\n feature_flags?: string[];\n}\n\nexport type SessionCookieData = Pick<\n AuthenticationResponse,\n | 'accessToken'\n | 'authenticationMethod'\n | 'impersonator'\n | 'organizationId'\n | 'refreshToken'\n | 'user'\n>;\n\nexport enum AuthenticateWithSessionCookieFailureReason {\n INVALID_JWT = 'invalid_jwt',\n INVALID_SESSION_COOKIE = 'invalid_session_cookie',\n NO_SESSION_COOKIE_PROVIDED = 'no_session_cookie_provided',\n}\n\nexport type AuthenticateWithSessionCookieFailedResponse = {\n authenticated: false;\n reason: AuthenticateWithSessionCookieFailureReason;\n};\n\nexport type AuthenticateWithSessionCookieSuccessResponse = {\n authenticated: true;\n accessToken: string;\n authenticationMethod: AuthenticationResponse['authenticationMethod'];\n sessionId: string;\n organizationId?: string;\n role?: string;\n roles?: string[];\n permissions?: string[];\n entitlements?: string[];\n featureFlags?: string[];\n user: User;\n impersonator?: Impersonator;\n};\n","export interface RevokeSessionOptions {\n sessionId: string;\n}\n\nexport interface SerializedRevokeSessionOptions {\n session_id: string;\n}\n\nexport const serializeRevokeSessionOptions = (\n options: RevokeSessionOptions,\n): SerializedRevokeSessionOptions => ({\n session_id: options.sessionId,\n});\n","import {\n AuthenticateUserWithEmailVerificationCredentials,\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from '../interfaces/authenticate-with-email-verification-options.interface';\nimport { WithResolvedClientId } from '../interfaces';\n\nexport const serializeAuthenticateWithEmailVerificationOptions = (\n options: WithResolvedClientId<AuthenticateWithEmailVerificationOptions> &\n AuthenticateUserWithEmailVerificationCredentials,\n): SerializedAuthenticateWithEmailVerificationOptions => ({\n grant_type: 'urn:workos:oauth:grant-type:email-verification:code',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n pending_authentication_token: options.pendingAuthenticationToken,\n code: options.code,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n","import {\n AuthenticateUserWithOrganizationSelectionCredentials,\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from '../interfaces/authenticate-with-organization-selection.interface';\nimport { WithResolvedClientId } from '../interfaces';\n\nexport const serializeAuthenticateWithOrganizationSelectionOptions = (\n options: WithResolvedClientId<AuthenticateWithOrganizationSelectionOptions> &\n AuthenticateUserWithOrganizationSelectionCredentials,\n): SerializedAuthenticateWithOrganizationSelectionOptions => ({\n grant_type: 'urn:workos:oauth:grant-type:organization-selection',\n client_id: options.clientId,\n client_secret: options.clientSecret,\n pending_authentication_token: options.pendingAuthenticationToken,\n organization_id: options.organizationId,\n ip_address: options.ipAddress,\n user_agent: options.userAgent,\n});\n","import {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from '../interfaces/create-organization-membership-options.interface';\n\nexport const serializeCreateOrganizationMembershipOptions = (\n options: CreateOrganizationMembershipOptions,\n): SerializedCreateOrganizationMembershipOptions => ({\n organization_id: options.organizationId,\n user_id: options.userId,\n role_slug: options.roleSlug,\n role_slugs: options.roleSlugs,\n});\n","import { Identity, IdentityResponse } from '../interfaces/identity.interface';\n\nexport const deserializeIdentities = (\n identities: IdentityResponse[],\n): Identity[] => {\n return identities.map((identity) => {\n return {\n idpId: identity.idp_id,\n type: identity.type,\n provider: identity.provider,\n };\n });\n};\n","import {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from '../interfaces/list-invitations-options.interface';\n\nexport const serializeListInvitationsOptions = (\n options: ListInvitationsOptions,\n): SerializedListInvitationsOptions => ({\n email: options.email,\n organization_id: options.organizationId,\n limit: options.limit,\n before: options.before,\n after: options.after,\n order: options.order,\n});\n","import {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from '../interfaces/list-organization-memberships-options.interface';\n\nexport const serializeListOrganizationMembershipsOptions = (\n options: ListOrganizationMembershipsOptions,\n): SerializedListOrganizationMembershipsOptions => ({\n user_id: options.userId,\n organization_id: options.organizationId,\n statuses: options.statuses?.join(','),\n limit: options.limit,\n before: options.before,\n after: options.after,\n order: options.order,\n});\n","import { ListUsersOptions, SerializedListUsersOptions } from '../interfaces';\n\nexport const serializeListUsersOptions = (\n options: ListUsersOptions,\n): SerializedListUsersOptions => ({\n email: options.email,\n organization_id: options.organizationId,\n limit: options.limit,\n before: options.before,\n after: options.after,\n order: options.order,\n});\n","import {\n ResendInvitationOptions,\n SerializedResendInvitationOptions,\n} from '../interfaces/resend-invitation-options.interface';\n\nexport const serializeResendInvitationOptions = (\n options: ResendInvitationOptions,\n): SerializedResendInvitationOptions => ({\n locale: options.locale,\n});\n","import { AuthenticateWithSessionCookieSuccessResponse } from './authenticate-with-session-cookie.interface';\nimport { AuthenticationResponse } from './authentication-response.interface';\n\nexport enum RefreshSessionFailureReason {\n INVALID_SESSION_COOKIE = 'invalid_session_cookie',\n NO_SESSION_COOKIE_PROVIDED = 'no_session_cookie_provided',\n\n // API OauthErrors for refresh tokens\n INVALID_GRANT = 'invalid_grant',\n MFA_ENROLLMENT = 'mfa_enrollment',\n SSO_REQUIRED = 'sso_required',\n}\n\ntype RefreshSessionFailedResponse = {\n authenticated: false;\n reason: RefreshSessionFailureReason;\n};\n\ntype RefreshSessionSuccessResponse = Omit<\n AuthenticateWithSessionCookieSuccessResponse,\n // accessToken is available in the session object and with session\n // helpers isn't necessarily useful to return top level\n 'accessToken'\n> & {\n authenticated: true;\n session?: AuthenticationResponse;\n sealedSession?: string;\n};\n\nexport type RefreshSessionResponse =\n | RefreshSessionFailedResponse\n | RefreshSessionSuccessResponse;\n","import {} from '../interfaces';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from '../interfaces/send-invitation-options.interface';\n\nexport const serializeSendInvitationOptions = (\n options: SendInvitationOptions,\n): SerializedSendInvitationOptions => ({\n email: options.email,\n organization_id: options.organizationId,\n expires_in_days: options.expiresInDays,\n inviter_user_id: options.inviterUserId,\n role_slug: options.roleSlug,\n locale: options.locale,\n});\n","import {\n UpdateOrganizationMembershipOptions,\n SerializedUpdateOrganizationMembershipOptions,\n} from '../interfaces/update-organization-membership-options.interface';\n\nexport const serializeUpdateOrganizationMembershipOptions = (\n options: UpdateOrganizationMembershipOptions,\n): SerializedUpdateOrganizationMembershipOptions => ({\n role_slug: options.roleSlug,\n role_slugs: options.roleSlugs,\n});\n","let _josePromise: Promise<typeof import('jose')> | undefined;\n\n/**\n * Dynamically imports the jose library using import() to support Node.js 20.0-20.18.\n *\n * The jose library is ESM-only and cannot be loaded via require() in Node.js versions\n * before 20.19.0. This wrapper uses dynamic import() which works in both ESM and CJS\n * across all Node.js 20+ versions.\n *\n * This workaround can be removed when Node.js 20 reaches end-of-life (April 2026),\n * at which point we can bump to Node.js 22+ and use direct imports.\n *\n * @returns Promise that resolves to the jose module\n */\nexport function getJose() {\n return (_josePromise ??= import('jose'));\n}\n","import { OauthException } from '../common/exceptions/oauth.exception';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieSuccessResponse,\n AuthenticationResponse,\n RefreshSessionFailureReason,\n RefreshSessionResponse,\n SessionCookieData,\n} from './interfaces';\nimport { UserManagement } from './user-management';\nimport { unsealData } from '../common/crypto/seal';\nimport { getJose } from '../utils/jose';\n\ntype RefreshOptions = {\n cookiePassword?: string;\n organizationId?: string;\n};\n\nexport class CookieSession {\n private userManagement: UserManagement;\n private cookiePassword: string;\n private sessionData: string;\n\n constructor(\n userManagement: UserManagement,\n sessionData: string,\n cookiePassword: string,\n ) {\n if (!cookiePassword) {\n throw new Error('cookiePassword is required');\n }\n\n this.userManagement = userManagement;\n this.cookiePassword = cookiePassword;\n this.sessionData = sessionData;\n }\n\n /**\n * Authenticates a user with a session cookie.\n *\n * @returns An object indicating whether the authentication was successful or not. If successful, it will include the user's session data.\n */\n async authenticate(): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!this.sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n // unsealData returns {} for known seal errors (expired, bad hmac, etc.)\n // Unknown errors propagate - don't catch them as \"invalid session\"\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const { decodeJwt } = await getJose();\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n authenticationMethod: session.authenticationMethod,\n impersonator: session.impersonator,\n accessToken: session.accessToken,\n };\n }\n\n /**\n * Refreshes the user's session.\n *\n * @param options - Optional options for refreshing the session.\n * @param options.cookiePassword - The password to use for the new session cookie.\n * @param options.organizationId - The organization ID to use for the new session cookie.\n * @returns An object indicating whether the refresh was successful or not. If successful, it will include the new sealed session data.\n */\n async refresh(options: RefreshOptions = {}): Promise<RefreshSessionResponse> {\n const { decodeJwt } = await getJose();\n const session = await unsealData<SessionCookieData>(this.sessionData, {\n password: this.cookiePassword,\n });\n\n if (!session.refreshToken || !session.user) {\n return {\n authenticated: false,\n reason: RefreshSessionFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n session.accessToken,\n );\n\n try {\n const cookiePassword = options.cookiePassword ?? this.cookiePassword;\n\n const authenticationResponse =\n await this.userManagement.authenticateWithRefreshToken({\n clientId: this.userManagement.clientId as string,\n refreshToken: session.refreshToken,\n organizationId:\n options.organizationId ?? organizationIdFromAccessToken,\n session: {\n // We want to store the new sealed session in this class instance, so this always needs to be true\n sealSession: true,\n cookiePassword,\n },\n });\n\n // Update the password if a new one was provided\n if (options.cookiePassword) {\n this.cookiePassword = options.cookiePassword;\n }\n\n this.sessionData = authenticationResponse.sealedSession as string;\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(authenticationResponse.accessToken);\n\n // TODO: Returning `session` here means there's some duplicated data.\n // Slim down the return type in a future major version.\n return {\n authenticated: true,\n sealedSession: authenticationResponse.sealedSession,\n session: authenticationResponse as AuthenticationResponse,\n authenticationMethod: authenticationResponse.authenticationMethod,\n sessionId,\n organizationId,\n role,\n roles,\n permissions,\n entitlements,\n featureFlags,\n user: session.user,\n impersonator: session.impersonator,\n };\n } catch (error) {\n if (\n error instanceof OauthException &&\n // TODO: Add additional known errors and remove re-throw\n (error.error === RefreshSessionFailureReason.INVALID_GRANT ||\n error.error === RefreshSessionFailureReason.MFA_ENROLLMENT ||\n error.error === RefreshSessionFailureReason.SSO_REQUIRED)\n ) {\n return {\n authenticated: false,\n reason: error.error,\n };\n }\n\n throw error;\n }\n }\n\n /**\n * Gets the URL to redirect the user to for logging out.\n *\n * @returns The URL to redirect the user to for logging out.\n */\n async getLogoutUrl({\n returnTo,\n }: { returnTo?: string } = {}): Promise<string> {\n const authenticationResponse = await this.authenticate();\n\n if (!authenticationResponse.authenticated) {\n const { reason } = authenticationResponse;\n throw new Error(`Failed to extract session ID for logout URL: ${reason}`);\n }\n\n return this.userManagement.getLogoutUrl({\n sessionId: authenticationResponse.sessionId,\n returnTo,\n });\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const { jwtVerify } = await getJose();\n const jwks = await this.userManagement.getJWKS();\n if (!jwks) {\n throw new Error(\n 'Missing client ID. Did you provide it when initializing WorkOS?',\n );\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n // Only treat as invalid JWT if it's an actual JWT/JWS error from jose\n // Network errors, crypto failures, etc. should propagate\n if (\n e instanceof Error &&\n 'code' in e &&\n typeof e.code === 'string' &&\n (e.code.startsWith('ERR_JWT_') || e.code.startsWith('ERR_JWS_'))\n ) {\n return false;\n }\n throw e;\n }\n }\n}\n","import { sealData, unsealData } from '../common/crypto/seal';\nimport { PaginationOptions } from '../common/interfaces/pagination-options.interface';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { getEnv } from '../common/utils/env';\nimport { toQueryString } from '../common/utils/query-string';\nimport { Challenge, ChallengeResponse } from '../mfa/interfaces';\nimport { deserializeChallenge } from '../mfa/serializers';\nimport {\n FeatureFlag,\n FeatureFlagResponse,\n} from '../feature-flags/interfaces/feature-flag.interface';\nimport { deserializeFeatureFlag } from '../feature-flags/serializers';\nimport { WorkOS } from '../workos';\nimport {\n AuthenticateWithCodeAndVerifierOptions,\n AuthenticateWithCodeOptions,\n AuthenticateWithMagicAuthOptions,\n AuthenticateWithPasswordOptions,\n AuthenticateWithRefreshTokenOptions,\n AuthenticateWithSessionOptions,\n AuthenticateWithTotpOptions,\n AuthenticationResponse,\n AuthenticationResponseResponse,\n CreateMagicAuthOptions,\n CreatePasswordResetOptions,\n CreateUserOptions,\n EmailVerification,\n EmailVerificationResponse,\n EnrollAuthFactorOptions,\n ListAuthFactorsOptions,\n ListSessionsOptions,\n ListUsersOptions,\n ListUserFeatureFlagsOptions,\n LogoutURLOptions,\n MagicAuth,\n MagicAuthResponse,\n PasswordReset,\n PasswordResetResponse,\n ResetPasswordOptions,\n SendVerificationEmailOptions,\n SerializedAuthenticateWithCodeAndVerifierOptions,\n SerializedAuthenticateWithCodeOptions,\n SerializedAuthenticateWithMagicAuthOptions,\n SerializedAuthenticateWithPasswordOptions,\n SerializedAuthenticateWithRefreshTokenOptions,\n SerializedAuthenticateWithRefreshTokenPublicClientOptions,\n SerializedAuthenticateWithTotpOptions,\n SerializedCreateMagicAuthOptions,\n SerializedCreatePasswordResetOptions,\n SerializedCreateUserOptions,\n SerializedListSessionsOptions,\n SerializedListUsersOptions,\n SerializedResetPasswordOptions,\n SerializedVerifyEmailOptions,\n Session,\n SessionResponse,\n UpdateUserOptions,\n User,\n UserResponse,\n VerifyEmailOptions,\n} from './interfaces';\nimport {\n AuthenticateWithEmailVerificationOptions,\n SerializedAuthenticateWithEmailVerificationOptions,\n} from './interfaces/authenticate-with-email-verification-options.interface';\nimport {\n AuthenticateWithOrganizationSelectionOptions,\n SerializedAuthenticateWithOrganizationSelectionOptions,\n} from './interfaces/authenticate-with-organization-selection.interface';\nimport {\n AccessToken,\n AuthenticateWithSessionCookieFailedResponse,\n AuthenticateWithSessionCookieFailureReason,\n AuthenticateWithSessionCookieOptions,\n AuthenticateWithSessionCookieSuccessResponse,\n SessionCookieData,\n} from './interfaces/authenticate-with-session-cookie.interface';\nimport {\n PKCEAuthorizationURLResult,\n UserManagementAuthorizationURLOptions,\n} from './interfaces/authorization-url-options.interface';\nimport {\n CreateOrganizationMembershipOptions,\n SerializedCreateOrganizationMembershipOptions,\n} from './interfaces/create-organization-membership-options.interface';\nimport {\n Factor,\n FactorResponse,\n FactorWithSecrets,\n FactorWithSecretsResponse,\n} from './interfaces/factor.interface';\nimport { Identity, IdentityResponse } from './interfaces/identity.interface';\nimport {\n Invitation,\n InvitationResponse,\n} from './interfaces/invitation.interface';\nimport {\n ListInvitationsOptions,\n SerializedListInvitationsOptions,\n} from './interfaces/list-invitations-options.interface';\nimport {\n ListOrganizationMembershipsOptions,\n SerializedListOrganizationMembershipsOptions,\n} from './interfaces/list-organization-memberships-options.interface';\nimport {\n OrganizationMembership,\n OrganizationMembershipResponse,\n} from './interfaces/organization-membership.interface';\nimport {\n RevokeSessionOptions,\n SerializedRevokeSessionOptions,\n serializeRevokeSessionOptions,\n} from './interfaces/revoke-session-options.interface';\nimport {\n ResendInvitationOptions,\n SerializedResendInvitationOptions,\n} from './interfaces/resend-invitation-options.interface';\nimport {\n SendInvitationOptions,\n SerializedSendInvitationOptions,\n} from './interfaces/send-invitation-options.interface';\nimport { SessionHandlerOptions } from './interfaces/session-handler-options.interface';\nimport {\n SerializedUpdateOrganizationMembershipOptions,\n UpdateOrganizationMembershipOptions,\n} from './interfaces/update-organization-membership-options.interface';\nimport {\n deserializeAuthenticationResponse,\n deserializeEmailVerification,\n deserializeFactorWithSecrets,\n deserializeMagicAuth,\n deserializePasswordReset,\n deserializeSession,\n deserializeUser,\n serializeAuthenticateWithCodeAndVerifierOptions,\n serializeAuthenticateWithCodeOptions,\n serializeAuthenticateWithMagicAuthOptions,\n serializeAuthenticateWithPasswordOptions,\n serializeAuthenticateWithRefreshTokenOptions,\n serializeAuthenticateWithRefreshTokenPublicClientOptions,\n serializeAuthenticateWithTotpOptions,\n serializeCreateMagicAuthOptions,\n serializeCreatePasswordResetOptions,\n serializeCreateUserOptions,\n serializeEnrollAuthFactorOptions,\n serializeListSessionsOptions,\n serializeResetPasswordOptions,\n serializeUpdateUserOptions,\n} from './serializers';\nimport { serializeAuthenticateWithEmailVerificationOptions } from './serializers/authenticate-with-email-verification.serializer';\nimport { serializeAuthenticateWithOrganizationSelectionOptions } from './serializers/authenticate-with-organization-selection-options.serializer';\nimport { serializeCreateOrganizationMembershipOptions } from './serializers/create-organization-membership-options.serializer';\nimport { deserializeFactor } from './serializers/factor.serializer';\nimport { deserializeIdentities } from './serializers/identity.serializer';\nimport { deserializeInvitation } from './serializers/invitation.serializer';\nimport { serializeListInvitationsOptions } from './serializers/list-invitations-options.serializer';\nimport { serializeListOrganizationMembershipsOptions } from './serializers/list-organization-memberships-options.serializer';\nimport { serializeListUsersOptions } from './serializers/list-users-options.serializer';\nimport { serializeResendInvitationOptions } from './serializers/resend-invitation-options.serializer';\nimport { deserializeOrganizationMembership } from './serializers/organization-membership.serializer';\nimport { serializeSendInvitationOptions } from './serializers/send-invitation-options.serializer';\nimport { serializeUpdateOrganizationMembershipOptions } from './serializers/update-organization-membership-options.serializer';\nimport { CookieSession } from './session';\nimport { getJose } from '../utils/jose';\n\nexport class UserManagement {\n private _jwks:\n | ReturnType<typeof import('jose').createRemoteJWKSet>\n | undefined;\n public clientId: string | undefined;\n\n constructor(private readonly workos: WorkOS) {\n const { clientId } = workos.options;\n\n this.clientId = clientId;\n }\n\n /**\n * Resolve clientId from method options or fall back to constructor-provided value.\n * @throws TypeError if clientId is not available from either source\n */\n private resolveClientId(clientId?: string): string {\n const resolved = clientId ?? this.clientId;\n if (!resolved) {\n throw new TypeError(\n 'clientId is required. Provide it in method options or when initializing WorkOS.',\n );\n }\n return resolved;\n }\n\n async getJWKS(): Promise<\n ReturnType<typeof import('jose').createRemoteJWKSet> | undefined\n > {\n const { createRemoteJWKSet } = await getJose();\n if (!this.clientId) {\n return;\n }\n\n // Set the JWKS URL. This is used to verify if the JWT is still valid\n this._jwks ??= createRemoteJWKSet(new URL(this.getJwksUrl(this.clientId)), {\n cooldownDuration: 1000 * 60 * 5,\n });\n\n return this._jwks;\n }\n\n /**\n * Loads a sealed session using the provided session data and cookie password.\n *\n * @param options - The options for loading the sealed session.\n * @param options.sessionData - The sealed session data.\n * @param options.cookiePassword - The password used to encrypt the session data.\n * @returns The session class.\n */\n loadSealedSession(options: {\n sessionData: string;\n cookiePassword: string;\n }): CookieSession {\n return new CookieSession(this, options.sessionData, options.cookiePassword);\n }\n\n async getUser(userId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/${userId}`,\n );\n\n return deserializeUser(data);\n }\n\n async getUserByExternalId(externalId: string): Promise<User> {\n const { data } = await this.workos.get<UserResponse>(\n `/user_management/users/external_id/${externalId}`,\n );\n\n return deserializeUser(data);\n }\n\n async listUsers(\n options?: ListUsersOptions,\n ): Promise<AutoPaginatable<User, SerializedListUsersOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n options ? serializeListUsersOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<UserResponse, User>(\n this.workos,\n '/user_management/users',\n deserializeUser,\n params,\n ),\n options ? serializeListUsersOptions(options) : undefined,\n );\n }\n\n async createUser(payload: CreateUserOptions): Promise<User> {\n const { data } = await this.workos.post<\n UserResponse,\n SerializedCreateUserOptions\n >('/user_management/users', serializeCreateUserOptions(payload));\n\n return deserializeUser(data);\n }\n\n async authenticateWithMagicAuth(\n payload: AuthenticateWithMagicAuthOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithMagicAuthOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithMagicAuthOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithPassword(\n payload: AuthenticateWithPasswordOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithPasswordOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithPasswordOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n /**\n * Exchange an authorization code for tokens.\n *\n * Auto-detects public vs confidential client mode:\n * - If codeVerifier is provided: Uses PKCE flow (public client)\n * - If no codeVerifier: Uses client_secret from API key (confidential client)\n * - If both: Uses both client_secret AND codeVerifier (confidential client with PKCE)\n *\n * Using PKCE with confidential clients is recommended by OAuth 2.1 for defense\n * in depth and provides additional CSRF protection on the authorization flow.\n *\n * @throws Error if neither codeVerifier nor API key is available\n */\n async authenticateWithCode(\n payload: AuthenticateWithCodeOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, codeVerifier, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n // Validate codeVerifier is not an empty string (common mistake)\n if (codeVerifier !== undefined && codeVerifier.trim() === '') {\n throw new TypeError(\n 'codeVerifier cannot be an empty string. ' +\n 'Generate a valid PKCE pair using workos.pkce.generate().',\n );\n }\n\n const hasApiKey = !!this.workos.key;\n const hasPKCE = !!codeVerifier;\n\n if (!hasPKCE && !hasApiKey) {\n throw new TypeError(\n 'authenticateWithCode requires either a codeVerifier (for public clients) ' +\n 'or an API key configured on the WorkOS instance (for confidential clients).',\n );\n }\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n codeVerifier,\n clientSecret: hasApiKey ? this.workos.key : undefined,\n }),\n { skipApiKeyCheck: !hasApiKey },\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n /**\n * Exchange an authorization code for tokens using PKCE (public client flow).\n * Use this instead of authenticateWithCode() when the client cannot securely\n * store a client_secret (browser, mobile, CLI, desktop apps).\n *\n * @param payload.clientId - Your WorkOS client ID\n * @param payload.code - The authorization code from the OAuth callback\n * @param payload.codeVerifier - The PKCE code verifier used to generate the code challenge\n */\n async authenticateWithCodeAndVerifier(\n payload: AuthenticateWithCodeAndVerifierOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithCodeAndVerifierOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithCodeAndVerifierOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n }),\n { skipApiKeyCheck: true },\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n /**\n * Refresh an access token using a refresh token.\n * Automatically detects public client mode - if no API key is configured,\n * omits client_secret from the request.\n */\n async authenticateWithRefreshToken(\n payload: AuthenticateWithRefreshTokenOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n const isPublicClient = !this.workos.key;\n\n const body = isPublicClient\n ? serializeAuthenticateWithRefreshTokenPublicClientOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n })\n : serializeAuthenticateWithRefreshTokenOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n });\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n | SerializedAuthenticateWithRefreshTokenOptions\n | SerializedAuthenticateWithRefreshTokenPublicClientOptions\n >('/user_management/authenticate', body, {\n skipApiKeyCheck: isPublicClient,\n });\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithTotp(\n payload: AuthenticateWithTotpOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithTotpOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithTotpOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithEmailVerification(\n payload: AuthenticateWithEmailVerificationOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithEmailVerificationOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithEmailVerificationOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithOrganizationSelection(\n payload: AuthenticateWithOrganizationSelectionOptions,\n ): Promise<AuthenticationResponse> {\n const { session, clientId, ...remainingPayload } = payload;\n const resolvedClientId = this.resolveClientId(clientId);\n\n const { data } = await this.workos.post<\n AuthenticationResponseResponse,\n SerializedAuthenticateWithOrganizationSelectionOptions\n >(\n '/user_management/authenticate',\n serializeAuthenticateWithOrganizationSelectionOptions({\n ...remainingPayload,\n clientId: resolvedClientId,\n clientSecret: this.workos.key,\n }),\n );\n\n return this.prepareAuthenticationResponse({\n authenticationResponse: deserializeAuthenticationResponse(data),\n session,\n });\n }\n\n async authenticateWithSessionCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: AuthenticateWithSessionCookieOptions): Promise<\n | AuthenticateWithSessionCookieSuccessResponse\n | AuthenticateWithSessionCookieFailedResponse\n > {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const jwks = await this.getJWKS();\n\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n const { decodeJwt } = await getJose();\n\n if (!sessionData) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.NO_SESSION_COOKIE_PROVIDED,\n };\n }\n\n const session = await unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n\n if (!session.accessToken) {\n return {\n authenticated: false,\n reason:\n AuthenticateWithSessionCookieFailureReason.INVALID_SESSION_COOKIE,\n };\n }\n\n if (!(await this.isValidJwt(session.accessToken))) {\n return {\n authenticated: false,\n reason: AuthenticateWithSessionCookieFailureReason.INVALID_JWT,\n };\n }\n\n const {\n sid: sessionId,\n org_id: organizationId,\n role,\n roles,\n permissions,\n entitlements,\n feature_flags: featureFlags,\n } = decodeJwt<AccessToken>(session.accessToken);\n\n return {\n authenticated: true,\n sessionId,\n organizationId,\n role,\n roles,\n user: session.user,\n permissions,\n entitlements,\n featureFlags,\n accessToken: session.accessToken,\n authenticationMethod: session.authenticationMethod,\n };\n }\n\n private async isValidJwt(accessToken: string): Promise<boolean> {\n const jwks = await this.getJWKS();\n const { jwtVerify } = await getJose();\n if (!jwks) {\n throw new Error('Must provide clientId to initialize JWKS');\n }\n\n try {\n await jwtVerify(accessToken, jwks);\n return true;\n } catch (e) {\n // Only treat as invalid JWT if it's an actual JWT/JWS error from jose\n // Network errors, crypto failures, etc. should propagate\n if (\n e instanceof Error &&\n 'code' in e &&\n typeof e.code === 'string' &&\n (e.code.startsWith('ERR_JWT_') || e.code.startsWith('ERR_JWS_'))\n ) {\n return false;\n }\n throw e;\n }\n }\n\n private async prepareAuthenticationResponse({\n authenticationResponse,\n session,\n }: {\n authenticationResponse: AuthenticationResponse;\n session?: AuthenticateWithSessionOptions;\n }): Promise<AuthenticationResponse> {\n if (session?.sealSession) {\n if (!this.workos.key) {\n throw new Error(\n 'Session sealing requires server-side usage with an API key. ' +\n 'Public clients should store tokens directly ' +\n '(e.g., secure storage on mobile, keychain on desktop).',\n );\n }\n\n return {\n ...authenticationResponse,\n sealedSession: await this.sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword: session.cookiePassword,\n }),\n };\n }\n\n return authenticationResponse;\n }\n\n private async sealSessionDataFromAuthenticationResponse({\n authenticationResponse,\n cookiePassword,\n }: {\n authenticationResponse: AuthenticationResponse;\n cookiePassword?: string;\n }): Promise<string> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n const { decodeJwt } = await getJose();\n\n const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(\n authenticationResponse.accessToken,\n );\n\n const sessionData: SessionCookieData = {\n organizationId: organizationIdFromAccessToken,\n user: authenticationResponse.user,\n accessToken: authenticationResponse.accessToken,\n refreshToken: authenticationResponse.refreshToken,\n authenticationMethod: authenticationResponse.authenticationMethod,\n impersonator: authenticationResponse.impersonator,\n };\n\n return sealData(sessionData, {\n password: cookiePassword,\n });\n }\n\n async getSessionFromCookie({\n sessionData,\n cookiePassword = getEnv('WORKOS_COOKIE_PASSWORD'),\n }: SessionHandlerOptions): Promise<SessionCookieData | undefined> {\n if (!cookiePassword) {\n throw new Error('Cookie password is required');\n }\n\n if (sessionData) {\n return unsealData<SessionCookieData>(sessionData, {\n password: cookiePassword,\n });\n }\n\n return undefined;\n }\n\n async getEmailVerification(\n emailVerificationId: string,\n ): Promise<EmailVerification> {\n const { data } = await this.workos.get<EmailVerificationResponse>(\n `/user_management/email_verification/${emailVerificationId}`,\n );\n\n return deserializeEmailVerification(data);\n }\n\n async sendVerificationEmail({\n userId,\n }: SendVerificationEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<{ user: UserResponse }>(\n `/user_management/users/${userId}/email_verification/send`,\n {},\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async getMagicAuth(magicAuthId: string): Promise<MagicAuth> {\n const { data } = await this.workos.get<MagicAuthResponse>(\n `/user_management/magic_auth/${magicAuthId}`,\n );\n\n return deserializeMagicAuth(data);\n }\n\n async createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth> {\n const { data } = await this.workos.post<\n MagicAuthResponse,\n SerializedCreateMagicAuthOptions\n >(\n '/user_management/magic_auth',\n serializeCreateMagicAuthOptions({\n ...options,\n }),\n );\n\n return deserializeMagicAuth(data);\n }\n\n async verifyEmail({\n code,\n userId,\n }: VerifyEmailOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedVerifyEmailOptions\n >(`/user_management/users/${userId}/email_verification/confirm`, {\n code,\n });\n\n return { user: deserializeUser(data.user) };\n }\n\n async getPasswordReset(passwordResetId: string): Promise<PasswordReset> {\n const { data } = await this.workos.get<PasswordResetResponse>(\n `/user_management/password_reset/${passwordResetId}`,\n );\n\n return deserializePasswordReset(data);\n }\n\n async createPasswordReset(\n options: CreatePasswordResetOptions,\n ): Promise<PasswordReset> {\n const { data } = await this.workos.post<\n PasswordResetResponse,\n SerializedCreatePasswordResetOptions\n >(\n '/user_management/password_reset',\n serializeCreatePasswordResetOptions({\n ...options,\n }),\n );\n\n return deserializePasswordReset(data);\n }\n\n async resetPassword(payload: ResetPasswordOptions): Promise<{ user: User }> {\n const { data } = await this.workos.post<\n { user: UserResponse },\n SerializedResetPasswordOptions\n >(\n '/user_management/password_reset/confirm',\n serializeResetPasswordOptions(payload),\n );\n\n return { user: deserializeUser(data.user) };\n }\n\n async updateUser(payload: UpdateUserOptions): Promise<User> {\n const { data } = await this.workos.put<UserResponse>(\n `/user_management/users/${payload.userId}`,\n serializeUpdateUserOptions(payload),\n );\n\n return deserializeUser(data);\n }\n\n async enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{\n authenticationFactor: FactorWithSecrets;\n authenticationChallenge: Challenge;\n }> {\n const { data } = await this.workos.post<{\n authentication_factor: FactorWithSecretsResponse;\n authentication_challenge: ChallengeResponse;\n }>(\n `/user_management/users/${payload.userId}/auth_factors`,\n serializeEnrollAuthFactorOptions(payload),\n );\n\n return {\n authenticationFactor: deserializeFactorWithSecrets(\n data.authentication_factor,\n ),\n authenticationChallenge: deserializeChallenge(\n data.authentication_challenge,\n ),\n };\n }\n\n async listAuthFactors(\n options: ListAuthFactorsOptions,\n ): Promise<AutoPaginatable<Factor, PaginationOptions>> {\n const { userId, ...restOfOptions } = options;\n return new AutoPaginatable(\n await fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n restOfOptions,\n ),\n (params) =>\n fetchAndDeserialize<FactorResponse, Factor>(\n this.workos,\n `/user_management/users/${userId}/auth_factors`,\n deserializeFactor,\n params,\n ),\n restOfOptions,\n );\n }\n\n async listUserFeatureFlags(\n options: ListUserFeatureFlagsOptions,\n ): Promise<AutoPaginatable<FeatureFlag>> {\n const { userId, ...paginationOptions } = options;\n\n return new AutoPaginatable(\n await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n paginationOptions,\n ),\n (params) =>\n fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n `/user_management/users/${userId}/feature-flags`,\n deserializeFeatureFlag,\n params,\n ),\n paginationOptions,\n );\n }\n\n async listSessions(\n userId: string,\n options?: ListSessionsOptions,\n ): Promise<AutoPaginatable<Session, SerializedListSessionsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n options ? serializeListSessionsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<SessionResponse, Session>(\n this.workos,\n `/user_management/users/${userId}/sessions`,\n deserializeSession,\n params,\n ),\n options ? serializeListSessionsOptions(options) : undefined,\n );\n }\n\n async deleteUser(userId: string) {\n await this.workos.delete(`/user_management/users/${userId}`);\n }\n\n async getUserIdentities(userId: string): Promise<Identity[]> {\n if (!userId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'userId'.`);\n }\n\n const { data } = await this.workos.get<IdentityResponse[]>(\n `/user_management/users/${userId}/identities`,\n );\n\n return deserializeIdentities(data);\n }\n\n async getOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.get<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async listOrganizationMemberships(\n options: ListOrganizationMembershipsOptions,\n ): Promise<\n AutoPaginatable<\n OrganizationMembership,\n SerializedListOrganizationMembershipsOptions\n >\n > {\n const serializedOptions =\n serializeListOrganizationMembershipsOptions(options);\n\n return new AutoPaginatable(\n await fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n serializedOptions,\n ),\n (params) =>\n fetchAndDeserialize<\n OrganizationMembershipResponse,\n OrganizationMembership\n >(\n this.workos,\n '/user_management/organization_memberships',\n deserializeOrganizationMembership,\n params,\n ),\n serializedOptions,\n );\n }\n\n async createOrganizationMembership(\n options: CreateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.post<\n OrganizationMembershipResponse,\n SerializedCreateOrganizationMembershipOptions\n >(\n '/user_management/organization_memberships',\n serializeCreateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async updateOrganizationMembership(\n organizationMembershipId: string,\n options: UpdateOrganizationMembershipOptions,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<\n OrganizationMembershipResponse,\n SerializedUpdateOrganizationMembershipOptions\n >(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n serializeUpdateOrganizationMembershipOptions(options),\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async deleteOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<void> {\n await this.workos.delete(\n `/user_management/organization_memberships/${organizationMembershipId}`,\n );\n }\n\n async deactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/deactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async reactivateOrganizationMembership(\n organizationMembershipId: string,\n ): Promise<OrganizationMembership> {\n const { data } = await this.workos.put<OrganizationMembershipResponse>(\n `/user_management/organization_memberships/${organizationMembershipId}/reactivate`,\n {},\n );\n\n return deserializeOrganizationMembership(data);\n }\n\n async getInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/${invitationId}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async findInvitationByToken(invitationToken: string): Promise<Invitation> {\n const { data } = await this.workos.get<InvitationResponse>(\n `/user_management/invitations/by_token/${invitationToken}`,\n );\n\n return deserializeInvitation(data);\n }\n\n async listInvitations(\n options: ListInvitationsOptions,\n ): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n options ? serializeListInvitationsOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<InvitationResponse, Invitation>(\n this.workos,\n '/user_management/invitations',\n deserializeInvitation,\n params,\n ),\n options ? serializeListInvitationsOptions(options) : undefined,\n );\n }\n\n async sendInvitation(payload: SendInvitationOptions): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedSendInvitationOptions\n >(\n '/user_management/invitations',\n serializeSendInvitationOptions({\n ...payload,\n }),\n );\n\n return deserializeInvitation(data);\n }\n\n async acceptInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/accept`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeInvitation(invitationId: string): Promise<Invitation> {\n const { data } = await this.workos.post<InvitationResponse, any>(\n `/user_management/invitations/${invitationId}/revoke`,\n null,\n );\n\n return deserializeInvitation(data);\n }\n\n async resendInvitation(\n invitationId: string,\n options?: ResendInvitationOptions,\n ): Promise<Invitation> {\n const { data } = await this.workos.post<\n InvitationResponse,\n SerializedResendInvitationOptions\n >(\n `/user_management/invitations/${invitationId}/resend`,\n options ? serializeResendInvitationOptions(options) : {},\n );\n\n return deserializeInvitation(data);\n }\n\n async revokeSession(payload: RevokeSessionOptions): Promise<void> {\n await this.workos.post<void, SerializedRevokeSessionOptions>(\n '/user_management/sessions/revoke',\n serializeRevokeSessionOptions(payload),\n );\n }\n\n /**\n * Generate an OAuth 2.0 authorization URL.\n *\n * For public clients (browser, mobile, CLI), include PKCE parameters:\n * - Generate PKCE using workos.pkce.generate()\n * - Pass codeChallenge and codeChallengeMethod here\n * - Store codeVerifier and pass to authenticateWithCode() later\n *\n * Or use getAuthorizationUrlWithPKCE() which handles PKCE automatically.\n */\n getAuthorizationUrl(options: UserManagementAuthorizationURLOptions): string {\n const {\n claimNonce,\n connectionId,\n codeChallenge,\n codeChallengeMethod,\n clientId,\n domainHint,\n loginHint,\n organizationId,\n provider,\n providerQueryParams,\n providerScopes,\n prompt,\n redirectUri,\n state,\n screenHint,\n } = options;\n const resolvedClientId = this.resolveClientId(clientId);\n\n if (!provider && !connectionId && !organizationId) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`,\n );\n }\n\n if (provider !== 'authkit' && screenHint) {\n throw new TypeError(\n `'screenHint' is only supported for 'authkit' provider`,\n );\n }\n\n const query = toQueryString({\n claim_nonce: claimNonce,\n connection_id: connectionId,\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n organization_id: organizationId,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n prompt,\n client_id: resolvedClientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n screen_hint: screenHint,\n });\n\n return `${this.workos.baseURL}/user_management/authorize?${query}`;\n }\n\n /**\n * Generate an OAuth 2.0 authorization URL with automatic PKCE.\n *\n * This method generates PKCE parameters internally and returns them along with\n * the authorization URL. Use this for public clients (CLI apps, Electron, mobile)\n * that cannot securely store a client secret.\n *\n * @returns Object containing url, state, and codeVerifier\n *\n * @example\n * ```typescript\n * const { url, state, codeVerifier } = await workos.userManagement.getAuthorizationUrlWithPKCE({\n * provider: 'authkit',\n * clientId: 'client_123',\n * redirectUri: 'myapp://callback',\n * });\n *\n * // Store state and codeVerifier securely, then redirect user to url\n * // After callback, exchange the code:\n * const response = await workos.userManagement.authenticateWithCode({\n * code: authorizationCode,\n * codeVerifier,\n * clientId: 'client_123',\n * });\n * ```\n */\n async getAuthorizationUrlWithPKCE(\n options: Omit<\n UserManagementAuthorizationURLOptions,\n 'codeChallenge' | 'codeChallengeMethod' | 'state'\n >,\n ): Promise<PKCEAuthorizationURLResult> {\n const {\n clientId,\n connectionId,\n domainHint,\n loginHint,\n organizationId,\n provider,\n providerQueryParams,\n providerScopes,\n prompt,\n redirectUri,\n screenHint,\n } = options;\n const resolvedClientId = this.resolveClientId(clientId);\n\n if (!provider && !connectionId && !organizationId) {\n throw new TypeError(\n `Incomplete arguments. Need to specify either a 'connectionId', 'organizationId', or 'provider'.`,\n );\n }\n\n if (provider !== 'authkit' && screenHint) {\n throw new TypeError(\n `'screenHint' is only supported for 'authkit' provider`,\n );\n }\n\n // Generate PKCE parameters\n const pkce = await this.workos.pkce.generate();\n\n // Generate secure random state\n const state = this.workos.pkce.generateCodeVerifier(43);\n\n const query = toQueryString({\n connection_id: connectionId,\n code_challenge: pkce.codeChallenge,\n code_challenge_method: 'S256',\n organization_id: organizationId,\n domain_hint: domainHint,\n login_hint: loginHint,\n provider,\n provider_query_params: providerQueryParams,\n provider_scopes: providerScopes,\n prompt,\n client_id: resolvedClientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n state,\n screen_hint: screenHint,\n });\n\n const url = `${this.workos.baseURL}/user_management/authorize?${query}`;\n\n return { url, state, codeVerifier: pkce.codeVerifier };\n }\n\n getLogoutUrl(options: LogoutURLOptions): string {\n const { sessionId, returnTo } = options;\n\n if (!sessionId) {\n throw new TypeError(`Incomplete arguments. Need to specify 'sessionId'.`);\n }\n\n const url = new URL(\n '/user_management/sessions/logout',\n this.workos.baseURL,\n );\n\n url.searchParams.set('session_id', sessionId);\n if (returnTo) {\n url.searchParams.set('return_to', returnTo);\n }\n\n return url.toString();\n }\n\n getJwksUrl(clientId: string): string {\n if (!clientId) {\n throw new TypeError('clientId must be a valid clientId');\n }\n\n return `${this.workos.baseURL}/sso/jwks/${clientId}`;\n }\n}\n","export enum CheckOp {\n AllOf = 'all_of',\n AnyOf = 'any_of',\n}\n","import { Subject, ResourceInterface } from '../interfaces';\n\nexport function isSubject(resource: any): resource is Subject {\n return (\n Object.prototype.hasOwnProperty.call(resource, 'resourceType') &&\n Object.prototype.hasOwnProperty.call(resource, 'resourceId')\n );\n}\n\nexport function isResourceInterface(\n resource: unknown,\n): resource is ResourceInterface {\n return (\n !!resource &&\n typeof resource === 'object' &&\n 'getResouceType' in resource &&\n 'getResourceId' in resource\n );\n}\n","import {\n CheckBatchOptions,\n CheckOptions,\n CheckWarrantOptions,\n DecisionTreeNode,\n DecisionTreeNodeResponse,\n SerializedCheckBatchOptions,\n SerializedCheckOptions,\n SerializedCheckWarrantOptions,\n} from '../interfaces';\nimport { isSubject, isResourceInterface } from '../utils/interface-check';\n\nexport const serializeCheckOptions = (\n options: CheckOptions,\n): SerializedCheckOptions => ({\n op: options.op,\n checks: options.checks.map(serializeCheckWarrantOptions),\n debug: options.debug,\n});\n\nexport const serializeCheckBatchOptions = (\n options: CheckBatchOptions,\n): SerializedCheckBatchOptions => ({\n op: 'batch',\n checks: options.checks.map(serializeCheckWarrantOptions),\n debug: options.debug,\n});\n\nconst serializeCheckWarrantOptions = (\n warrant: CheckWarrantOptions,\n): SerializedCheckWarrantOptions => {\n return {\n resource_type: isResourceInterface(warrant.resource)\n ? warrant.resource.getResourceType()\n : warrant.resource.resourceType,\n resource_id: isResourceInterface(warrant.resource)\n ? warrant.resource.getResourceId()\n : warrant.resource.resourceId\n ? warrant.resource.resourceId\n : '',\n relation: warrant.relation,\n subject: isSubject(warrant.subject)\n ? {\n resource_type: warrant.subject.resourceType,\n resource_id: warrant.subject.resourceId,\n }\n : {\n resource_type: warrant.subject.getResourceType(),\n resource_id: warrant.subject.getResourceId(),\n },\n context: warrant.context ?? {},\n };\n};\n\nexport const deserializeDecisionTreeNode = (\n response: DecisionTreeNodeResponse,\n): DecisionTreeNode => {\n return {\n check: {\n resource: {\n resourceType: response.check.resource_type,\n resourceId: response.check.resource_id,\n },\n relation: response.check.relation,\n subject: {\n resourceType: response.check.subject.resource_type,\n resourceId: response.check.subject.resource_id,\n },\n context: response.check.context,\n },\n policy: response.policy,\n decision: response.decision,\n processingTime: response.processing_time,\n children: response.children.map(deserializeDecisionTreeNode),\n };\n};\n","import { ResourceInterface, ResourceOptions } from './resource.interface';\nimport { PolicyContext, SerializedSubject, Subject } from './warrant.interface';\nimport { CheckOp } from './check-op.enum';\nimport { PostOptions } from '../../common/interfaces';\nimport { deserializeDecisionTreeNode } from '../serializers/check-options.serializer';\nimport { Warning } from './warning.interface';\n\nconst CHECK_RESULT_AUTHORIZED = 'authorized';\n\nexport interface CheckWarrantOptions {\n resource: ResourceInterface | ResourceOptions;\n relation: string;\n subject: ResourceInterface | Subject;\n context?: PolicyContext;\n}\n\nexport interface SerializedCheckWarrantOptions {\n resource_type: string;\n resource_id: string;\n relation: string;\n subject: SerializedSubject;\n context: PolicyContext;\n}\n\nexport interface CheckOptions {\n op?: CheckOp;\n checks: CheckWarrantOptions[];\n debug?: boolean;\n}\n\nexport interface CheckBatchOptions {\n checks: CheckWarrantOptions[];\n debug?: boolean;\n}\n\nexport interface SerializedCheckOptions {\n op?: CheckOp;\n checks: SerializedCheckWarrantOptions[];\n debug?: boolean;\n}\n\nexport interface SerializedCheckBatchOptions {\n op: 'batch';\n checks: SerializedCheckWarrantOptions[];\n debug?: boolean;\n}\n\nexport interface CheckResultResponse {\n result: string;\n is_implicit: boolean;\n warrant_token: string;\n debug_info?: DebugInfoResponse;\n warnings?: Warning[];\n}\n\nexport interface DebugInfo {\n processingTime: number;\n decisionTree: DecisionTreeNode;\n}\n\nexport interface DecisionTreeNode {\n check: CheckWarrantOptions;\n policy?: string;\n decision: string;\n processingTime: number;\n children: DecisionTreeNode[];\n}\n\nexport interface DebugInfoResponse {\n processing_time: number;\n decision_tree: DecisionTreeNodeResponse;\n}\n\nexport interface DecisionTreeNodeResponse {\n check: SerializedCheckWarrantOptions;\n policy?: string;\n decision: string;\n processing_time: number;\n children: DecisionTreeNodeResponse[];\n}\n\nexport interface CheckResultInterface {\n result: string;\n isImplicit: boolean;\n warrantToken: string;\n debugInfo?: DebugInfo;\n warnings?: Warning[];\n}\n\nexport class CheckResult implements CheckResultInterface {\n public result: string;\n public isImplicit: boolean;\n public warrantToken: string;\n public debugInfo?: DebugInfo;\n public warnings?: Warning[];\n\n constructor(json: CheckResultResponse) {\n this.result = json.result;\n this.isImplicit = json.is_implicit;\n this.warrantToken = json.warrant_token;\n this.debugInfo = json.debug_info\n ? {\n processingTime: json.debug_info.processing_time,\n decisionTree: deserializeDecisionTreeNode(\n json.debug_info.decision_tree,\n ),\n }\n : undefined;\n this.warnings = json.warnings;\n }\n\n isAuthorized(): boolean {\n return this.result === CHECK_RESULT_AUTHORIZED;\n }\n}\n\nexport type CheckRequestOptions = Pick<PostOptions, 'warrantToken'>;\n","export enum ResourceOp {\n Create = 'create',\n Delete = 'delete',\n}\n","export enum WarrantOp {\n Create = 'create',\n Delete = 'delete',\n}\n","import {\n CreateResourceOptions,\n SerializedCreateResourceOptions,\n} from '../interfaces';\nimport { isResourceInterface } from '../utils/interface-check';\n\nexport const serializeCreateResourceOptions = (\n options: CreateResourceOptions,\n): SerializedCreateResourceOptions => ({\n resource_type: isResourceInterface(options.resource)\n ? options.resource.getResourceType()\n : options.resource.resourceType,\n resource_id: isResourceInterface(options.resource)\n ? options.resource.getResourceId()\n : options.resource.resourceId\n ? options.resource.resourceId\n : '',\n meta: options.meta,\n});\n","import {\n DeleteResourceOptions,\n SerializedDeleteResourceOptions,\n} from '../interfaces';\nimport { isResourceInterface } from '../utils/interface-check';\n\nexport const serializeDeleteResourceOptions = (\n options: DeleteResourceOptions,\n): SerializedDeleteResourceOptions => ({\n resource_type: isResourceInterface(options)\n ? options.getResourceType()\n : options.resourceType,\n resource_id: isResourceInterface(options)\n ? options.getResourceId()\n : options.resourceId\n ? options.resourceId\n : '',\n});\n","import {\n BatchWriteResourcesOptions,\n CreateResourceOptions,\n DeleteResourceOptions,\n ResourceOp,\n SerializedBatchWriteResourcesOptions,\n SerializedCreateResourceOptions,\n SerializedDeleteResourceOptions,\n} from '../interfaces';\nimport { serializeCreateResourceOptions } from './create-resource-options.serializer';\nimport { serializeDeleteResourceOptions } from './delete-resource-options.serializer';\n\nexport const serializeBatchWriteResourcesOptions = (\n options: BatchWriteResourcesOptions,\n): SerializedBatchWriteResourcesOptions => {\n let serializedResources:\n | SerializedCreateResourceOptions[]\n | SerializedDeleteResourceOptions[] = [];\n if (options.op === ResourceOp.Create) {\n const resources = options.resources as CreateResourceOptions[];\n serializedResources = resources.map((options: CreateResourceOptions) =>\n serializeCreateResourceOptions(options),\n );\n } else if (options.op === ResourceOp.Delete) {\n const resources = options.resources as DeleteResourceOptions[];\n serializedResources = resources.map((options: DeleteResourceOptions) =>\n serializeDeleteResourceOptions(options),\n );\n }\n\n return {\n op: options.op,\n resources: serializedResources,\n };\n};\n","import {\n ListResourcesOptions,\n SerializedListResourcesOptions,\n} from '../interfaces';\n\nexport const serializeListResourceOptions = (\n options: ListResourcesOptions,\n): SerializedListResourcesOptions => ({\n resource_type: options.resourceType,\n search: options.search,\n limit: options.limit,\n before: options.before,\n after: options.after,\n order: options.order,\n});\n","import {\n ListWarrantsOptions,\n SerializedListWarrantsOptions,\n} from '../interfaces';\n\nexport const serializeListWarrantsOptions = (\n options: ListWarrantsOptions,\n): SerializedListWarrantsOptions => ({\n resource_type: options.resourceType,\n resource_id: options.resourceId,\n relation: options.relation,\n subject_type: options.subjectType,\n subject_id: options.subjectId,\n subject_relation: options.subjectRelation,\n limit: options.limit,\n after: options.after,\n});\n","import { QueryOptions, SerializedQueryOptions } from '../interfaces';\n\nexport const serializeQueryOptions = (\n options: QueryOptions,\n): SerializedQueryOptions => ({\n q: options.q,\n context: JSON.stringify(options.context),\n limit: options.limit,\n before: options.before,\n after: options.after,\n order: options.order,\n});\n","import { QueryResult, QueryResultResponse } from '../interfaces';\nimport { Warning } from '../interfaces/warning.interface';\nimport { ListResponse } from '../../common/interfaces';\n\nexport interface QueryResultListResponse extends ListResponse<QueryResultResponse> {\n warnings?: Warning[];\n}\n\nexport const deserializeQueryResult = (\n queryResult: QueryResultResponse,\n): QueryResult => ({\n resourceType: queryResult.resource_type,\n resourceId: queryResult.resource_id,\n relation: queryResult.relation,\n warrant: {\n resourceType: queryResult.warrant.resource_type,\n resourceId: queryResult.warrant.resource_id,\n relation: queryResult.warrant.relation,\n subject: {\n resourceType: queryResult.warrant.subject.resource_type,\n resourceId: queryResult.warrant.subject.resource_id,\n relation: queryResult.warrant.subject.relation,\n },\n },\n isImplicit: queryResult.is_implicit,\n meta: queryResult.meta,\n});\n","import {\n BatchWriteResourcesResponse,\n Resource,\n ResourceResponse,\n} from '../interfaces';\n\nexport const deserializeResource = (response: ResourceResponse): Resource => ({\n resourceType: response.resource_type,\n resourceId: response.resource_id,\n meta: response.meta,\n});\n\nexport const deserializeBatchWriteResourcesResponse = (\n response: BatchWriteResourcesResponse,\n): Resource[] => {\n return response.data.map((resource) => deserializeResource(resource));\n};\n","import {\n WarrantToken,\n WarrantTokenResponse,\n} from '../interfaces/warrant-token.interface';\n\nexport const deserializeWarrantToken = (\n warrantToken: WarrantTokenResponse,\n): WarrantToken => ({\n warrantToken: warrantToken.warrant_token,\n});\n","import { Warrant, WarrantResponse } from '../interfaces';\n\nexport const deserializeWarrant = (warrant: WarrantResponse): Warrant => ({\n resourceType: warrant.resource_type,\n resourceId: warrant.resource_id,\n relation: warrant.relation,\n subject: {\n resourceType: warrant.subject.resource_type,\n resourceId: warrant.subject.resource_id,\n relation: warrant.subject.relation,\n },\n policy: warrant.policy,\n});\n","import {\n SerializedWriteWarrantOptions,\n WriteWarrantOptions,\n} from '../interfaces';\nimport { isSubject, isResourceInterface } from '../utils/interface-check';\n\nexport const serializeWriteWarrantOptions = (\n warrant: WriteWarrantOptions,\n): SerializedWriteWarrantOptions => ({\n op: warrant.op,\n resource_type: isResourceInterface(warrant.resource)\n ? warrant.resource.getResourceType()\n : warrant.resource.resourceType,\n resource_id: isResourceInterface(warrant.resource)\n ? warrant.resource.getResourceId()\n : warrant.resource.resourceId\n ? warrant.resource.resourceId\n : '',\n relation: warrant.relation,\n subject: isSubject(warrant.subject)\n ? {\n resource_type: warrant.subject.resourceType,\n resource_id: warrant.subject.resourceId,\n }\n : {\n resource_type: warrant.subject.getResourceType(),\n resource_id: warrant.subject.getResourceId(),\n },\n policy: warrant.policy,\n});\n","import { FGAList } from '../interfaces/list.interface';\nimport { ListResponse } from '../../common/interfaces';\n\nexport const deserializeFGAList = <T, U>(\n response: ListResponse<T> & { warnings?: any[] },\n deserializeFn: (data: T) => U,\n): FGAList<U> => ({\n object: 'list',\n data: response.data.map(deserializeFn),\n listMetadata: response.list_metadata,\n warnings: response.warnings,\n});\n","import { AutoPaginatable } from '../../common/utils/pagination';\nimport { FGAList } from '../interfaces/list.interface';\nimport { Warning } from '../interfaces/warning.interface';\nimport { PaginationOptions } from '../../common/interfaces';\n\nexport class FgaPaginatable<\n T,\n P extends PaginationOptions = PaginationOptions,\n> extends AutoPaginatable<T, P> {\n protected override list: FGAList<T>;\n\n constructor(\n list: FGAList<T>,\n apiCall: (params: PaginationOptions) => Promise<FGAList<T>>,\n options?: P,\n ) {\n super(list, apiCall, options);\n this.list = list;\n }\n\n get warnings(): Warning[] | undefined {\n return this.list.warnings;\n }\n}\n","import { WorkOS } from '../../workos';\nimport { FGAList } from '../interfaces/list.interface';\nimport { QueryRequestOptions } from '../interfaces';\nimport { PaginationOptions } from '../../common/interfaces';\nimport { ListResponse } from '../../common/interfaces';\nimport { deserializeFGAList } from '../serializers/list.serializer';\n\nexport const fetchAndDeserializeFGAList = async <T, U>(\n workos: WorkOS,\n endpoint: string,\n deserializeFn: (data: T) => U,\n options?: PaginationOptions,\n requestOptions?: QueryRequestOptions,\n): Promise<FGAList<U>> => {\n const { data: response } = await workos.get<\n ListResponse<T> & { warnings?: any[] }\n >(endpoint, {\n query: options,\n ...requestOptions,\n });\n\n return deserializeFGAList(response, deserializeFn);\n};\n","import { WorkOS } from '../workos';\nimport {\n Resource,\n CheckBatchOptions,\n CheckOptions,\n CheckRequestOptions,\n CheckResult,\n CheckResultResponse,\n CreateResourceOptions,\n DeleteResourceOptions,\n ListResourcesOptions,\n ListWarrantsRequestOptions,\n ListWarrantsOptions,\n QueryOptions,\n QueryRequestOptions,\n QueryResult,\n QueryResultResponse,\n ResourceInterface,\n ResourceOptions,\n ResourceResponse,\n UpdateResourceOptions,\n WriteWarrantOptions,\n Warrant,\n WarrantResponse,\n WarrantToken,\n WarrantTokenResponse,\n BatchWriteResourcesOptions,\n BatchWriteResourcesResponse,\n SerializedListWarrantsOptions,\n SerializedListResourcesOptions,\n SerializedQueryOptions,\n} from './interfaces';\nimport {\n deserializeBatchWriteResourcesResponse,\n deserializeResource,\n deserializeWarrant,\n deserializeWarrantToken,\n deserializeQueryResult,\n serializeBatchWriteResourcesOptions,\n serializeCheckBatchOptions,\n serializeCheckOptions,\n serializeCreateResourceOptions,\n serializeListResourceOptions,\n serializeListWarrantsOptions,\n serializeQueryOptions,\n serializeWriteWarrantOptions,\n} from './serializers';\nimport { isResourceInterface } from './utils/interface-check';\nimport { AutoPaginatable } from '../common/utils/pagination';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\nimport { FgaPaginatable } from './utils/fga-paginatable';\nimport { fetchAndDeserializeFGAList } from './utils/fetch-and-deserialize-list';\n\n/**\n * @deprecated The FGA module is deprecated. Use the Authorization module instead.\n * @see src/authorization/authorization.ts\n */\nexport class FGA {\n constructor(private readonly workos: WorkOS) {}\n\n async check(\n checkOptions: CheckOptions,\n options: CheckRequestOptions = {},\n ): Promise<CheckResult> {\n const { data } = await this.workos.post<CheckResultResponse>(\n `/fga/v1/check`,\n serializeCheckOptions(checkOptions),\n options,\n );\n return new CheckResult(data);\n }\n\n async checkBatch(\n checkOptions: CheckBatchOptions,\n options: CheckRequestOptions = {},\n ): Promise<CheckResult[]> {\n const { data } = await this.workos.post<CheckResultResponse[]>(\n `/fga/v1/check`,\n serializeCheckBatchOptions(checkOptions),\n options,\n );\n return data.map(\n (checkResult: CheckResultResponse) => new CheckResult(checkResult),\n );\n }\n\n async createResource(resource: CreateResourceOptions): Promise<Resource> {\n const { data } = await this.workos.post<ResourceResponse>(\n '/fga/v1/resources',\n serializeCreateResourceOptions(resource),\n );\n\n return deserializeResource(data);\n }\n\n async getResource(\n resource: ResourceInterface | ResourceOptions,\n ): Promise<Resource> {\n const resourceType = isResourceInterface(resource)\n ? resource.getResourceType()\n : resource.resourceType;\n const resourceId = isResourceInterface(resource)\n ? resource.getResourceId()\n : resource.resourceId;\n\n const { data } = await this.workos.get<ResourceResponse>(\n `/fga/v1/resources/${resourceType}/${resourceId}`,\n );\n\n return deserializeResource(data);\n }\n\n async listResources(\n options?: ListResourcesOptions,\n ): Promise<AutoPaginatable<Resource, SerializedListResourcesOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<ResourceResponse, Resource>(\n this.workos,\n '/fga/v1/resources',\n deserializeResource,\n options ? serializeListResourceOptions(options) : undefined,\n ),\n (params) =>\n fetchAndDeserialize<ResourceResponse, Resource>(\n this.workos,\n '/fga/v1/resources',\n deserializeResource,\n params,\n ),\n options ? serializeListResourceOptions(options) : undefined,\n );\n }\n\n async updateResource(options: UpdateResourceOptions): Promise<Resource> {\n const resourceType = isResourceInterface(options.resource)\n ? options.resource.getResourceType()\n : options.resource.resourceType;\n const resourceId = isResourceInterface(options.resource)\n ? options.resource.getResourceId()\n : options.resource.resourceId;\n\n const { data } = await this.workos.put<ResourceResponse>(\n `/fga/v1/resources/${resourceType}/${resourceId}`,\n {\n meta: options.meta,\n },\n );\n\n return deserializeResource(data);\n }\n\n async deleteResource(resource: DeleteResourceOptions): Promise<void> {\n const resourceType = isResourceInterface(resource)\n ? resource.getResourceType()\n : resource.resourceType;\n const resourceId = isResourceInterface(resource)\n ? resource.getResourceId()\n : resource.resourceId;\n\n await this.workos.delete(`/fga/v1/resources/${resourceType}/${resourceId}`);\n }\n\n async batchWriteResources(\n options: BatchWriteResourcesOptions,\n ): Promise<Resource[]> {\n const { data } = await this.workos.post<BatchWriteResourcesResponse>(\n '/fga/v1/resources/batch',\n serializeBatchWriteResourcesOptions(options),\n );\n return deserializeBatchWriteResourcesResponse(data);\n }\n\n async writeWarrant(options: WriteWarrantOptions): Promise<WarrantToken> {\n const { data } = await this.workos.post<WarrantTokenResponse>(\n '/fga/v1/warrants',\n serializeWriteWarrantOptions(options),\n );\n\n return deserializeWarrantToken(data);\n }\n\n async batchWriteWarrants(\n options: WriteWarrantOptions[],\n ): Promise<WarrantToken> {\n const { data: warrantToken } = await this.workos.post<WarrantTokenResponse>(\n '/fga/v1/warrants',\n options.map(serializeWriteWarrantOptions),\n );\n\n return deserializeWarrantToken(warrantToken);\n }\n\n async listWarrants(\n options?: ListWarrantsOptions,\n requestOptions?: ListWarrantsRequestOptions,\n ): Promise<AutoPaginatable<Warrant, SerializedListWarrantsOptions>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<WarrantResponse, Warrant>(\n this.workos,\n '/fga/v1/warrants',\n deserializeWarrant,\n options ? serializeListWarrantsOptions(options) : undefined,\n requestOptions,\n ),\n (params) =>\n fetchAndDeserialize<WarrantResponse, Warrant>(\n this.workos,\n '/fga/v1/warrants',\n deserializeWarrant,\n params,\n requestOptions,\n ),\n options ? serializeListWarrantsOptions(options) : undefined,\n );\n }\n\n async query(\n options: QueryOptions,\n requestOptions: QueryRequestOptions = {},\n ): Promise<FgaPaginatable<QueryResult, SerializedQueryOptions>> {\n return new FgaPaginatable<QueryResult, SerializedQueryOptions>(\n await fetchAndDeserializeFGAList<QueryResultResponse, QueryResult>(\n this.workos,\n '/fga/v1/query',\n deserializeQueryResult,\n serializeQueryOptions(options),\n requestOptions,\n ),\n (params) =>\n fetchAndDeserializeFGAList<QueryResultResponse, QueryResult>(\n this.workos,\n '/fga/v1/query',\n deserializeQueryResult,\n params,\n requestOptions,\n ),\n serializeQueryOptions(options),\n );\n }\n}\n","import { AutoPaginatable } from '../common/utils/pagination';\nimport { WorkOS } from '../workos';\nimport {\n AddFlagTargetOptions,\n FeatureFlag,\n FeatureFlagResponse,\n ListFeatureFlagsOptions,\n RemoveFlagTargetOptions,\n} from './interfaces';\nimport { deserializeFeatureFlag } from './serializers';\nimport { fetchAndDeserialize } from '../common/utils/fetch-and-deserialize';\n\nexport class FeatureFlags {\n constructor(private readonly workos: WorkOS) {}\n\n async listFeatureFlags(\n options?: ListFeatureFlagsOptions,\n ): Promise<AutoPaginatable<FeatureFlag>> {\n return new AutoPaginatable(\n await fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n '/feature-flags',\n deserializeFeatureFlag,\n options,\n ),\n (params) =>\n fetchAndDeserialize<FeatureFlagResponse, FeatureFlag>(\n this.workos,\n '/feature-flags',\n deserializeFeatureFlag,\n params,\n ),\n options,\n );\n }\n\n async getFeatureFlag(slug: string): Promise<FeatureFlag> {\n const { data } = await this.workos.get<FeatureFlagResponse>(\n `/feature-flags/${slug}`,\n );\n\n return deserializeFeatureFlag(data);\n }\n\n async enableFeatureFlag(slug: string): Promise<FeatureFlag> {\n const { data } = await this.workos.put<FeatureFlagResponse>(\n `/feature-flags/${slug}/enable`,\n {},\n );\n\n return deserializeFeatureFlag(data);\n }\n\n async disableFeatureFlag(slug: string): Promise<FeatureFlag> {\n const { data } = await this.workos.put<FeatureFlagResponse>(\n `/feature-flags/${slug}/disable`,\n {},\n );\n\n return deserializeFeatureFlag(data);\n }\n\n async addFlagTarget(options: AddFlagTargetOptions): Promise<void> {\n const { slug, targetId } = options;\n await this.workos.post(`/feature-flags/${slug}/targets/${targetId}`, {});\n }\n\n async removeFlagTarget(options: RemoveFlagTargetOptions): Promise<void> {\n const { slug, targetId } = options;\n await this.workos.delete(`/feature-flags/${slug}/targets/${targetId}`);\n }\n}\n","export type WidgetScope =\n | 'widgets:users-table:manage'\n | 'widgets:sso:manage'\n | 'widgets:domain-verification:manage'\n | 'widgets:dsync:manage'\n | 'widgets:api-keys:manage'\n | 'widgets:audit-log-streaming:manage';\nexport interface GetTokenOptions {\n organizationId: string;\n userId?: string;\n scopes?: WidgetScope[];\n}\n\nexport interface SerializedGetTokenOptions {\n organization_id: string;\n user_id?: string;\n scopes?: WidgetScope[];\n}\n\nexport const serializeGetTokenOptions = (\n options: GetTokenOptions,\n): SerializedGetTokenOptions => ({\n organization_id: options.organizationId,\n user_id: options.userId,\n scopes: options.scopes,\n});\n\nexport interface GetTokenResponse {\n token: string;\n}\n\nexport interface GetTokenResponseResponse {\n token: string;\n}\n\nexport const deserializeGetTokenResponse = (\n data: GetTokenResponseResponse,\n): GetTokenResponse => ({\n token: data.token,\n});\n","import { WorkOS } from '../workos';\nimport {\n deserializeGetTokenResponse,\n GetTokenOptions,\n GetTokenResponseResponse,\n SerializedGetTokenOptions,\n serializeGetTokenOptions,\n} from './interfaces/get-token';\n\nexport class Widgets {\n constructor(private readonly workos: WorkOS) {}\n\n async getToken(payload: GetTokenOptions): Promise<string> {\n const { data } = await this.workos.post<\n GetTokenResponseResponse,\n SerializedGetTokenOptions\n >('/widgets/token', serializeGetTokenOptions(payload));\n\n return deserializeGetTokenResponse(data).token;\n }\n}\n","import {\n EnvironmentRole,\n EnvironmentRoleResponse,\n} from '../interfaces/environment-role.interface';\n\nexport const deserializeEnvironmentRole = (\n role: EnvironmentRoleResponse,\n): EnvironmentRole => ({\n object: role.object,\n id: role.id,\n name: role.name,\n slug: role.slug,\n description: role.description,\n permissions: role.permissions,\n resourceTypeSlug: role.resource_type_slug,\n type: role.type,\n createdAt: role.created_at,\n updatedAt: role.updated_at,\n});\n","import {\n CreateEnvironmentRoleOptions,\n SerializedCreateEnvironmentRoleOptions,\n} from '../interfaces/create-environment-role-options.interface';\n\nexport const serializeCreateEnvironmentRoleOptions = (\n options: CreateEnvironmentRoleOptions,\n): SerializedCreateEnvironmentRoleOptions => ({\n slug: options.slug,\n name: options.name,\n description: options.description,\n resource_type_slug: options.resourceTypeSlug,\n});\n","import {\n UpdateEnvironmentRoleOptions,\n SerializedUpdateEnvironmentRoleOptions,\n} from '../interfaces/update-environment-role-options.interface';\n\nexport const serializeUpdateEnvironmentRoleOptions = (\n options: UpdateEnvironmentRoleOptions,\n): SerializedUpdateEnvironmentRoleOptions => ({\n name: options.name,\n description: options.description,\n});\n","import {\n CreateOrganizationRoleOptions,\n SerializedCreateOrganizationRoleOptions,\n} from '../interfaces/create-organization-role-options.interface';\n\nexport const serializeCreateOrganizationRoleOptions = (\n options: CreateOrganizationRoleOptions,\n): SerializedCreateOrganizationRoleOptions => ({\n slug: options.slug,\n name: options.name,\n description: options.description,\n});\n","import {\n UpdateOrganizationRoleOptions,\n SerializedUpdateOrganizationRoleOptions,\n} from '../interfaces/update-organization-role-options.interface';\n\nexport const serializeUpdateOrganizationRoleOptions = (\n options: UpdateOrganizationRoleOptions,\n): SerializedUpdateOrganizationRoleOptions => ({\n name: options.name,\n description: options.description,\n});\n","import {\n CreatePermissionOptions,\n SerializedCreatePermissionOptions,\n} from '../interfaces/create-permission-options.interface';\n\nexport const serializeCreatePermissionOptions = (\n options: CreatePermissionOptions,\n): SerializedCreatePermissionOptions => ({\n slug: options.slug,\n name: options.name,\n description: options.description,\n resource_type_slug: options.resourceTypeSlug,\n});\n","import {\n UpdatePermissionOptions,\n SerializedUpdatePermissionOptions,\n} from '../interfaces/update-permission-options.interface';\n\nexport const serializeUpdatePermissionOptions = (\n options: UpdatePermissionOptions,\n): SerializedUpdatePermissionOptions => ({\n name: options.name,\n description: options.description,\n});\n","import {\n AuthorizationResource,\n AuthorizationResourceResponse,\n} from '../interfaces/authorization-resource.interface';\n\nexport const deserializeAuthorizationResource = (\n resource: AuthorizationResourceResponse,\n): AuthorizationResource => ({\n object: resource.object,\n id: resource.id,\n externalId: resource.external_id,\n name: resource.name,\n description: resource.description,\n resourceTypeSlug: resource.resource_type_slug,\n organizationId: resource.organization_id,\n parentResourceId: resource.parent_resource_id,\n createdAt: resource.created_at,\n updatedAt: resource.updated_at,\n});\n","import {\n CreateAuthorizationResourceOptions,\n SerializedCreateAuthorizationResourceOptions,\n} from '../interfaces/authorization-resource.interface';\n\nexport const serializeCreateResourceOptions = (\n options: CreateAuthorizationResourceOptions,\n): SerializedCreateAuthorizationResourceOptions => ({\n organization_id: options.organizationId,\n resource_type_slug: options.resourceTypeSlug,\n external_id: options.externalId,\n name: options.name,\n ...(options.description !== undefined && {\n description: options.description,\n }),\n ...('parentResourceId' in options && {\n parent_resource_id: options.parentResourceId,\n }),\n ...('parentResourceExternalId' in options && {\n parent_resource_external_id: options.parentResourceExternalId,\n parent_resource_type_slug: options.parentResourceTypeSlug,\n }),\n});\n","import {\n UpdateAuthorizationResourceOptions,\n SerializedUpdateAuthorizationResourceOptions,\n} from '../interfaces/authorization-resource.interface';\n\nexport const serializeUpdateResourceOptions = (\n options: UpdateAuthorizationResourceOptions,\n): SerializedUpdateAuthorizationResourceOptions => ({\n ...(options.name !== undefined && { name: options.name }),\n ...(options.description !== undefined && {\n description: options.description,\n }),\n});\n","import { UpdateAuthorizationResourceByExternalIdOptions } from '../interfaces/update-authorization-resource-by-external-id-options.interface';\nimport { SerializedUpdateAuthorizationResourceOptions } from '../interfaces/authorization-resource.interface';\n\nexport const serializeUpdateResourceByExternalIdOptions = (\n options: UpdateAuthorizationResourceByExternalIdOptions,\n): SerializedUpdateAuthorizationResourceOptions => ({\n ...(options.name !== undefined && { name: options.name }),\n ...(options.description !== undefined && {\n description: options.description,\n }),\n});\n","import { serializePaginationOptions } from '../../common/serializers';\nimport {\n ListAuthorizationResourcesOptions,\n SerializedListAuthorizationResourcesOptions,\n} from '../interfaces/list-authorization-resources-options.interface';\n\nexport const serializeListAuthorizationResourcesOptions = (\n options: ListAuthorizationResourcesOptions,\n): SerializedListAuthorizationResourcesOptions => ({\n ...(options.organizationId && {\n organization_id: options.organizationId,\n }),\n ...(options.resourceTypeSlug && {\n resource_type_slug: options.resourceTypeSlug,\n }),\n ...(options.parentResourceId && {\n parent_resource_id: options.parentResourceId,\n }),\n ...(options.parentResourceTypeSlug && {\n parent_resource_type_slug: options.parentResourceTypeSlug,\n }),\n ...(options.parentExternalId && {\n parent_external_id: options.parentExternalId,\n }),\n ...(options.search && { search: options.search }),\n ...serializePaginationOptions(options),\n});\n","import {\n AuthorizationCheckOptions,\n SerializedAuthorizationCheckOptions,\n} from '../interfaces';\n\nexport const serializeAuthorizationCheckOptions = (\n options: AuthorizationCheckOptions,\n): SerializedAuthorizationCheckOptions => ({\n permission_slug: options.permissionSlug,\n ...('resourceId' in options && { resource_id: options.resourceId }),\n ...('resourceExternalId' in options && {\n resource_external_id: options.resourceExternalId,\n resource_type_slug: options.resourceTypeSlug,\n }),\n});\n","import { serializePaginationOptions } from '../../common/serializers';\nimport {\n ListResourcesForMembershipOptions,\n SerializedListResourcesForMembershipOptions,\n} from '../interfaces/list-resources-for-membership-options.interface';\n\nexport const serializeListResourcesForMembershipOptions = (\n options: ListResourcesForMembershipOptions,\n): SerializedListResourcesForMembershipOptions => ({\n permission_slug: options.permissionSlug,\n ...serializePaginationOptions(options),\n ...('parentResourceId' in options && {\n parent_resource_id: options.parentResourceId,\n }),\n ...('parentResourceExternalId' in options && {\n parent_resource_type_slug: options.parentResourceTypeSlug,\n parent_resource_external_id: options.parentResourceExternalId,\n }),\n});\n","import { serializePaginationOptions } from '../../common/serializers';\nimport { ListMembershipsForResourceByExternalIdOptions } from '../interfaces/list-memberships-for-resource-by-external-id-options.interface';\nimport { ListMembershipsForResourceOptions } from '../interfaces/list-memberships-for-resource-options.interface';\n\ntype ListMembershipsQueryOptions =\n | ListMembershipsForResourceOptions\n | ListMembershipsForResourceByExternalIdOptions;\n\nexport const serializeListMembershipsForResourceOptions = (\n options: ListMembershipsQueryOptions,\n): Record<string, string | number> => ({\n permission_slug: options.permissionSlug,\n ...(options.assignment && { assignment: options.assignment }),\n ...serializePaginationOptions(options),\n});\n","import {\n RoleAssignment,\n RoleAssignmentResponse,\n} from '../interfaces/role-assignment.interface';\n\nexport const deserializeRoleAssignment = (\n response: RoleAssignmentResponse,\n): RoleAssignment => ({\n object: response.object,\n id: response.id,\n role: response.role,\n resource: {\n id: response.resource.id,\n externalId: response.resource.external_id,\n resourceTypeSlug: response.resource.resource_type_slug,\n },\n createdAt: response.created_at,\n updatedAt: response.updated_at,\n});\n","import {\n AssignRoleOptions,\n SerializedAssignRoleOptions,\n} from '../interfaces/assign-role-options.interface';\n\nexport const serializeAssignRoleOptions = (\n options: AssignRoleOptions,\n): SerializedAssignRoleOptions => ({\n role_slug: options.roleSlug,\n ...('resourceId' in options && { resource_id: options.resourceId }),\n ...('resourceExternalId' in options && {\n resource_external_id: options.resourceExternalId,\n resource_type_slug: options.resourceTypeSlug,\n }),\n});\n","import {\n RemoveRoleOptions,\n SerializedRemoveRoleOptions,\n} from '../interfaces/remove-role-options.interface';\n\nexport const serializeRemoveRoleOptions = (\n options: RemoveRoleOptions,\n): SerializedRemoveRoleOptions => ({\n role_slug: options.roleSlug,\n ...('resourceId' in options && { resource_id: options.resourceId }),\n ...('resourceExternalId' in options && {\n resource_external_id: options.resourceExternalId,\n resource_type_slug: options.resourceTypeSlug,\n }),\n});\n","import { WorkOS } from '../workos';\nimport {\n Role,\n RoleList,\n OrganizationRoleResponse,\n ListOrganizationRolesResponse,\n} from '../roles/interfaces';\nimport {\n EnvironmentRole,\n EnvironmentRoleResponse,\n EnvironmentRoleList,\n EnvironmentRoleListResponse,\n CreateEnvironmentRoleOptions,\n UpdateEnvironmentRoleOptions,\n SetEnvironmentRolePermissionsOptions,\n AddEnvironmentRolePermissionOptions,\n OrganizationRole,\n CreateOrganizationRoleOptions,\n UpdateOrganizationRoleOptions,\n SetOrganizationRolePermissionsOptions,\n AddOrganizationRolePermissionOptions,\n RemoveOrganizationRolePermissionOptions,\n Permission,\n PermissionResponse,\n PermissionList,\n PermissionListResponse,\n CreatePermissionOptions,\n UpdatePermissionOptions,\n ListPermissionsOptions,\n AuthorizationResource,\n AuthorizationResourceResponse,\n AuthorizationResourceList,\n AuthorizationResourceListResponse,\n ListAuthorizationResourcesOptions,\n GetAuthorizationResourceByExternalIdOptions,\n UpdateAuthorizationResourceByExternalIdOptions,\n DeleteAuthorizationResourceByExternalIdOptions,\n DeleteAuthorizationResourceOptions,\n CreateAuthorizationResourceOptions,\n UpdateAuthorizationResourceOptions,\n AuthorizationCheckOptions,\n AuthorizationCheckResult,\n AssignRoleOptions,\n ListRoleAssignmentsOptions,\n RemoveRoleAssignmentOptions,\n RemoveRoleOptions,\n RoleAssignment,\n RoleAssignmentList,\n RoleAssignmentListResponse,\n RoleAssignmentResponse,\n ListMembershipsForResourceByExternalIdOptions,\n ListMembershipsForResourceOptions,\n ListResourcesForMembershipOptions,\n} from './interfaces';\nimport {\n deserializeEnvironmentRole,\n serializeCreateEnvironmentRoleOptions,\n serializeUpdateEnvironmentRoleOptions,\n deserializeRole,\n deserializeOrganizationRole,\n serializeCreateOrganizationRoleOptions,\n serializeUpdateOrganizationRoleOptions,\n deserializePermission,\n serializeCreatePermissionOptions,\n serializeUpdatePermissionOptions,\n deserializeAuthorizationResource,\n serializeCreateResourceOptions,\n serializeUpdateResourceOptions,\n serializeUpdateResourceByExternalIdOptions,\n serializeListAuthorizationResourcesOptions,\n serializeAuthorizationCheckOptions,\n deserializeRoleAssignment,\n serializeAssignRoleOptions,\n serializeRemoveRoleOptions,\n serializeListMembershipsForResourceOptions,\n serializeListResourcesForMembershipOptions,\n} from './serializers';\nimport {\n AuthorizationOrganizationMembershipList,\n AuthorizationOrganizationMembershipListResponse,\n} from '../user-management/interfaces/organization-membership.interface';\nimport { deserializeAuthorizationOrganizationMembership } from '../user-management/serializers/organization-membership.serializer';\n\nexport class Authorization {\n constructor(private readonly workos: WorkOS) {}\n\n async createEnvironmentRole(\n options: CreateEnvironmentRoleOptions,\n ): Promise<EnvironmentRole> {\n const { data } = await this.workos.post<EnvironmentRoleResponse>(\n '/authorization/roles',\n serializeCreateEnvironmentRoleOptions(options),\n );\n return deserializeEnvironmentRole(data);\n }\n\n async listEnvironmentRoles(): Promise<EnvironmentRoleList> {\n const { data } = await this.workos.get<EnvironmentRoleListResponse>(\n '/authorization/roles',\n );\n return {\n object: 'list',\n data: data.data.map(deserializeEnvironmentRole),\n };\n }\n\n async getEnvironmentRole(slug: string): Promise<EnvironmentRole> {\n const { data } = await this.workos.get<EnvironmentRoleResponse>(\n `/authorization/roles/${slug}`,\n );\n return deserializeEnvironmentRole(data);\n }\n\n async updateEnvironmentRole(\n slug: string,\n options: UpdateEnvironmentRoleOptions,\n ): Promise<EnvironmentRole> {\n const { data } = await this.workos.patch<EnvironmentRoleResponse>(\n `/authorization/roles/${slug}`,\n serializeUpdateEnvironmentRoleOptions(options),\n );\n return deserializeEnvironmentRole(data);\n }\n\n async setEnvironmentRolePermissions(\n slug: string,\n options: SetEnvironmentRolePermissionsOptions,\n ): Promise<EnvironmentRole> {\n const { data } = await this.workos.put<EnvironmentRoleResponse>(\n `/authorization/roles/${slug}/permissions`,\n { permissions: options.permissions },\n );\n return deserializeEnvironmentRole(data);\n }\n\n async addEnvironmentRolePermission(\n slug: string,\n options: AddEnvironmentRolePermissionOptions,\n ): Promise<EnvironmentRole> {\n const { data } = await this.workos.post<EnvironmentRoleResponse>(\n `/authorization/roles/${slug}/permissions`,\n { slug: options.permissionSlug },\n );\n return deserializeEnvironmentRole(data);\n }\n\n async createOrganizationRole(\n organizationId: string,\n options: CreateOrganizationRoleOptions,\n ): Promise<OrganizationRole> {\n const { data } = await this.workos.post<OrganizationRoleResponse>(\n `/authorization/organizations/${organizationId}/roles`,\n serializeCreateOrganizationRoleOptions(options),\n );\n return deserializeOrganizationRole(data);\n }\n\n async listOrganizationRoles(organizationId: string): Promise<RoleList> {\n const { data } = await this.workos.get<ListOrganizationRolesResponse>(\n `/authorization/organizations/${organizationId}/roles`,\n );\n return {\n object: 'list',\n data: data.data.map(deserializeRole),\n };\n }\n\n async getOrganizationRole(\n organizationId: string,\n slug: string,\n ): Promise<Role> {\n const { data } = await this.workos.get<OrganizationRoleResponse>(\n `/authorization/organizations/${organizationId}/roles/${slug}`,\n );\n return deserializeRole(data);\n }\n\n async updateOrganizationRole(\n organizationId: string,\n slug: string,\n options: UpdateOrganizationRoleOptions,\n ): Promise<OrganizationRole> {\n const { data } = await this.workos.patch<OrganizationRoleResponse>(\n `/authorization/organizations/${organizationId}/roles/${slug}`,\n serializeUpdateOrganizationRoleOptions(options),\n );\n return deserializeOrganizationRole(data);\n }\n\n async deleteOrganizationRole(\n organizationId: string,\n slug: string,\n ): Promise<void> {\n await this.workos.delete(\n `/authorization/organizations/${organizationId}/roles/${slug}`,\n );\n }\n\n async setOrganizationRolePermissions(\n organizationId: string,\n slug: string,\n options: SetOrganizationRolePermissionsOptions,\n ): Promise<OrganizationRole> {\n const { data } = await this.workos.put<OrganizationRoleResponse>(\n `/authorization/organizations/${organizationId}/roles/${slug}/permissions`,\n { permissions: options.permissions },\n );\n return deserializeOrganizationRole(data);\n }\n\n async addOrganizationRolePermission(\n organizationId: string,\n slug: string,\n options: AddOrganizationRolePermissionOptions,\n ): Promise<OrganizationRole> {\n const { data } = await this.workos.post<OrganizationRoleResponse>(\n `/authorization/organizations/${organizationId}/roles/${slug}/permissions`,\n { slug: options.permissionSlug },\n );\n return deserializeOrganizationRole(data);\n }\n\n async removeOrganizationRolePermission(\n organizationId: string,\n slug: string,\n options: RemoveOrganizationRolePermissionOptions,\n ): Promise<void> {\n await this.workos.delete(\n `/authorization/organizations/${organizationId}/roles/${slug}/permissions/${options.permissionSlug}`,\n );\n }\n\n async createPermission(\n options: CreatePermissionOptions,\n ): Promise<Permission> {\n const { data } = await this.workos.post<PermissionResponse>(\n '/authorization/permissions',\n serializeCreatePermissionOptions(options),\n );\n return deserializePermission(data);\n }\n\n async listPermissions(\n options?: ListPermissionsOptions,\n ): Promise<PermissionList> {\n const { data } = await this.workos.get<PermissionListResponse>(\n '/authorization/permissions',\n { query: options },\n );\n return {\n object: 'list',\n data: data.data.map(deserializePermission),\n listMetadata: {\n before: data.list_metadata.before,\n after: data.list_metadata.after,\n },\n };\n }\n\n async getPermission(slug: string): Promise<Permission> {\n const { data } = await this.workos.get<PermissionResponse>(\n `/authorization/permissions/${slug}`,\n );\n return deserializePermission(data);\n }\n\n async updatePermission(\n slug: string,\n options: UpdatePermissionOptions,\n ): Promise<Permission> {\n const { data } = await this.workos.patch<PermissionResponse>(\n `/authorization/permissions/${slug}`,\n serializeUpdatePermissionOptions(options),\n );\n return deserializePermission(data);\n }\n\n async deletePermission(slug: string): Promise<void> {\n await this.workos.delete(`/authorization/permissions/${slug}`);\n }\n\n async getResource(resourceId: string): Promise<AuthorizationResource> {\n const { data } = await this.workos.get<AuthorizationResourceResponse>(\n `/authorization/resources/${resourceId}`,\n );\n return deserializeAuthorizationResource(data);\n }\n\n async createResource(\n options: CreateAuthorizationResourceOptions,\n ): Promise<AuthorizationResource> {\n const { data } = await this.workos.post<AuthorizationResourceResponse>(\n '/authorization/resources',\n serializeCreateResourceOptions(options),\n );\n return deserializeAuthorizationResource(data);\n }\n\n async updateResource(\n options: UpdateAuthorizationResourceOptions,\n ): Promise<AuthorizationResource> {\n const { data } = await this.workos.patch<AuthorizationResourceResponse>(\n `/authorization/resources/${options.resourceId}`,\n serializeUpdateResourceOptions(options),\n );\n return deserializeAuthorizationResource(data);\n }\n\n async deleteResource(\n options: DeleteAuthorizationResourceOptions,\n ): Promise<void> {\n const { resourceId, cascadeDelete } = options;\n\n const query =\n cascadeDelete !== undefined\n ? { cascade_delete: cascadeDelete.toString() }\n : undefined;\n\n await this.workos.delete(`/authorization/resources/${resourceId}`, query);\n }\n\n async listResources(\n options: ListAuthorizationResourcesOptions = {},\n ): Promise<AuthorizationResourceList> {\n const { data } = await this.workos.get<AuthorizationResourceListResponse>(\n '/authorization/resources',\n { query: serializeListAuthorizationResourcesOptions(options) },\n );\n return {\n object: 'list',\n data: data.data.map(deserializeAuthorizationResource),\n listMetadata: {\n before: data.list_metadata.before,\n after: data.list_metadata.after,\n },\n };\n }\n\n async getResourceByExternalId(\n options: GetAuthorizationResourceByExternalIdOptions,\n ): Promise<AuthorizationResource> {\n const { organizationId, resourceTypeSlug, externalId } = options;\n const { data } = await this.workos.get<AuthorizationResourceResponse>(\n `/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}`,\n );\n return deserializeAuthorizationResource(data);\n }\n\n async updateResourceByExternalId(\n options: UpdateAuthorizationResourceByExternalIdOptions,\n ): Promise<AuthorizationResource> {\n const { organizationId, resourceTypeSlug, externalId } = options;\n const { data } = await this.workos.patch<AuthorizationResourceResponse>(\n `/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}`,\n serializeUpdateResourceByExternalIdOptions(options),\n );\n return deserializeAuthorizationResource(data);\n }\n async deleteResourceByExternalId(\n options: DeleteAuthorizationResourceByExternalIdOptions,\n ): Promise<void> {\n const { organizationId, resourceTypeSlug, externalId, cascadeDelete } =\n options;\n\n const query =\n cascadeDelete !== undefined\n ? { cascade_delete: cascadeDelete.toString() }\n : undefined;\n\n await this.workos.delete(\n `/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}`,\n query,\n );\n }\n\n async check(\n options: AuthorizationCheckOptions,\n ): Promise<AuthorizationCheckResult> {\n const { data } = await this.workos.post<AuthorizationCheckResult>(\n `/authorization/organization_memberships/${options.organizationMembershipId}/check`,\n serializeAuthorizationCheckOptions(options),\n );\n return data;\n }\n\n async listRoleAssignments(\n options: ListRoleAssignmentsOptions,\n ): Promise<RoleAssignmentList> {\n const { organizationMembershipId, ...queryOptions } = options;\n const { data } = await this.workos.get<RoleAssignmentListResponse>(\n `/authorization/organization_memberships/${organizationMembershipId}/role_assignments`,\n { query: queryOptions },\n );\n return {\n object: 'list',\n data: data.data.map(deserializeRoleAssignment),\n listMetadata: {\n before: data.list_metadata.before,\n after: data.list_metadata.after,\n },\n };\n }\n\n async assignRole(options: AssignRoleOptions): Promise<RoleAssignment> {\n const { data } = await this.workos.post<RoleAssignmentResponse>(\n `/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments`,\n serializeAssignRoleOptions(options),\n );\n return deserializeRoleAssignment(data);\n }\n\n async removeRole(options: RemoveRoleOptions): Promise<void> {\n await this.workos.deleteWithBody(\n `/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments`,\n serializeRemoveRoleOptions(options),\n );\n }\n\n async removeRoleAssignment(\n options: RemoveRoleAssignmentOptions,\n ): Promise<void> {\n await this.workos.delete(\n `/authorization/organization_memberships/${options.organizationMembershipId}/role_assignments/${options.roleAssignmentId}`,\n );\n }\n\n async listResourcesForMembership(\n options: ListResourcesForMembershipOptions,\n ): Promise<AuthorizationResourceList> {\n const { organizationMembershipId } = options;\n const { data } = await this.workos.get<AuthorizationResourceListResponse>(\n `/authorization/organization_memberships/${organizationMembershipId}/resources`,\n {\n query: serializeListResourcesForMembershipOptions(options),\n },\n );\n return {\n object: 'list',\n data: data.data.map(deserializeAuthorizationResource),\n listMetadata: {\n before: data.list_metadata.before,\n after: data.list_metadata.after,\n },\n };\n }\n\n async listMembershipsForResource(\n options: ListMembershipsForResourceOptions,\n ): Promise<AuthorizationOrganizationMembershipList> {\n const { resourceId } = options;\n const { data } =\n await this.workos.get<AuthorizationOrganizationMembershipListResponse>(\n `/authorization/resources/${resourceId}/organization_memberships`,\n {\n query: serializeListMembershipsForResourceOptions(options),\n },\n );\n return {\n object: 'list',\n data: data.data.map(deserializeAuthorizationOrganizationMembership),\n listMetadata: {\n before: data.list_metadata.before,\n after: data.list_metadata.after,\n },\n };\n }\n\n async listMembershipsForResourceByExternalId(\n options: ListMembershipsForResourceByExternalIdOptions,\n ): Promise<AuthorizationOrganizationMembershipList> {\n const { organizationId, resourceTypeSlug, externalId } = options;\n const { data } =\n await this.workos.get<AuthorizationOrganizationMembershipListResponse>(\n `/authorization/organizations/${organizationId}/resources/${resourceTypeSlug}/${externalId}/organization_memberships`,\n {\n query: serializeListMembershipsForResourceOptions(options),\n },\n );\n return {\n object: 'list',\n data: data.data.map(deserializeAuthorizationOrganizationMembership),\n listMetadata: {\n before: data.list_metadata.before,\n after: data.list_metadata.after,\n },\n };\n }\n}\n","/**\n * LEB128 (Little Endian Base 128) encoding for unsigned 32-bit integers.\n * Variable-length encoding: each byte stores 7 bits of data, bit 7 is continuation flag.\n */\n\nconst MAX_UINT32 = 0xffffffff;\nconst CONTINUATION_BIT = 0x80;\nconst DATA_BITS_MASK = 0x7f;\nconst DATA_BITS_PER_BYTE = 7;\nconst MAX_BYTES_FOR_UINT32 = 5;\n\n/**\n * Encodes an unsigned 32-bit integer into LEB128 format.\n *\n * @param value - Unsigned 32-bit integer (0 to 4,294,967,295)\n * @returns Encoded bytes (1-5 bytes depending on value)\n */\nexport function encodeUInt32(value: number): Uint8Array {\n validateUInt32(value);\n\n if (value === 0) {\n return new Uint8Array([0]);\n }\n\n const bytes: number[] = [];\n\n do {\n let byte = value & DATA_BITS_MASK;\n value >>>= DATA_BITS_PER_BYTE;\n\n if (value !== 0) {\n byte |= CONTINUATION_BIT;\n }\n\n bytes.push(byte);\n } while (value !== 0);\n\n return new Uint8Array(bytes);\n}\n\n/**\n * Decodes an unsigned 32-bit integer from LEB128 format.\n *\n * @param data - Buffer containing LEB128 encoded data\n * @param offset - Starting position in buffer (default: 0)\n * @returns Decoded value and index after last byte read\n */\nexport function decodeUInt32(\n data: Uint8Array,\n offset = 0,\n): { value: number; nextIndex: number } {\n validateOffset(data, offset);\n\n let result = 0;\n let shift = 0;\n let index = offset;\n let bytesRead = 0;\n\n while (index < data.length) {\n const byte = data[index++];\n bytesRead++;\n\n if (bytesRead > MAX_BYTES_FOR_UINT32) {\n throw new Error('LEB128 sequence exceeds maximum length for uint32');\n }\n\n result |= (byte & DATA_BITS_MASK) << shift;\n\n if (!hasContinuationBit(byte)) {\n return { value: result >>> 0, nextIndex: index };\n }\n\n shift += DATA_BITS_PER_BYTE;\n }\n\n throw new Error('Truncated LEB128 encoding');\n}\n\nfunction validateUInt32(value: number): void {\n if (!Number.isFinite(value)) {\n throw new Error('Value must be a finite number');\n }\n if (!Number.isInteger(value)) {\n throw new Error('Value must be an integer');\n }\n if (value < 0) {\n throw new Error('Value must be non-negative');\n }\n if (value > MAX_UINT32) {\n throw new Error(`Value must not exceed ${MAX_UINT32} (MAX_UINT32)`);\n }\n}\n\nfunction validateOffset(data: Uint8Array, offset: number): void {\n if (offset < 0 || offset >= data.length) {\n throw new Error(\n `Offset ${offset} is out of bounds (buffer length: ${data.length})`,\n );\n }\n}\n\nfunction hasContinuationBit(byte: number): boolean {\n return (byte & CONTINUATION_BIT) !== 0;\n}\n","/**\n * Cross-runtime compatible base64 encoding/decoding utilities\n * that work in both Node.js and browser environments\n */\n\n/**\n * Converts a base64 string to a Uint8Array\n */\nexport function base64ToUint8Array(base64: string): Uint8Array {\n // In browsers and modern Node.js\n if (typeof atob === 'function') {\n const binary = atob(base64);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n }\n // Node.js fallback using Buffer\n else if (typeof Buffer !== 'undefined') {\n return new Uint8Array(Buffer.from(base64, 'base64'));\n }\n // Fallback implementation if neither is available\n else {\n throw new Error('No base64 decoding implementation available');\n }\n}\n\n/**\n * Converts a Uint8Array to a base64 string\n */\nexport function uint8ArrayToBase64(bytes: Uint8Array): string {\n // In browsers and modern Node.js\n if (typeof btoa === 'function') {\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary);\n }\n // Node.js fallback using Buffer\n else if (typeof Buffer !== 'undefined') {\n return Buffer.from(bytes).toString('base64');\n }\n // Fallback implementation if neither is available\n else {\n throw new Error('No base64 encoding implementation available');\n }\n}\n","import { CreateDataKeyResponse } from '../interfaces/key/create-data-key.interface';\nimport { DecryptDataKeyResponse } from '../interfaces/key/decrypt-data-key.interface';\nimport { DataKey, DataKeyPair } from '../interfaces/key.interface';\n\nexport const deserializeCreateDataKeyResponse = (\n key: CreateDataKeyResponse,\n): DataKeyPair => ({\n context: key.context,\n dataKey: {\n key: key.data_key,\n id: key.id,\n },\n encryptedKeys: key.encrypted_keys,\n});\n\nexport const deserializeDecryptDataKeyResponse = (\n key: DecryptDataKeyResponse,\n): DataKey => ({\n key: key.data_key,\n id: key.id,\n});\n","import { List, ListResponse } from '../../common/interfaces';\nimport {\n ReadObjectMetadataResponse,\n ReadObjectResponse,\n UpdateObjectOptions,\n UpdateObjectEntity,\n ObjectMetadata,\n VaultObject,\n ObjectVersionResponse,\n ObjectVersion,\n CreateObjectOptions,\n CreateObjectEntity,\n ObjectDigestResponse,\n ObjectDigest,\n ListObjectVersionsResponse,\n} from '../interfaces';\n\nexport const deserializeObjectMetadata = (\n metadata: ReadObjectMetadataResponse,\n): ObjectMetadata => ({\n context: metadata.context,\n environmentId: metadata.environment_id,\n id: metadata.id,\n keyId: metadata.key_id,\n updatedAt: new Date(Date.parse(metadata.updated_at)),\n updatedBy: metadata.updated_by,\n versionId: metadata.version_id,\n});\n\nexport const deserializeObject = (object: ReadObjectResponse): VaultObject => ({\n id: object.id,\n name: object.name,\n ...(object.value !== undefined && { value: object.value }),\n metadata: deserializeObjectMetadata(object.metadata),\n});\n\nconst deserializeObjectDigest = (\n digest: ObjectDigestResponse,\n): ObjectDigest => ({\n id: digest.id,\n name: digest.name,\n updatedAt: new Date(Date.parse(digest.updated_at)),\n});\n\nexport const deserializeListObjects = (\n list: ListResponse<ObjectDigestResponse>,\n): List<ObjectDigest> => ({\n object: 'list',\n data: list.data.map(deserializeObjectDigest),\n listMetadata: {\n ...(list.list_metadata.after !== undefined && {\n after: list.list_metadata.after,\n }),\n ...(list.list_metadata.before !== undefined && {\n before: list.list_metadata.before,\n }),\n },\n});\n\nexport const desrializeListObjectVersions = (\n list: ListObjectVersionsResponse,\n): ObjectVersion[] => list.data.map(deserializeObjectVersion);\n\nconst deserializeObjectVersion = (\n version: ObjectVersionResponse,\n): ObjectVersion => ({\n createdAt: new Date(Date.parse(version.created_at)),\n currentVersion: version.current_version,\n id: version.id,\n});\n\nexport const serializeCreateObjectEntity = (\n options: CreateObjectOptions,\n): CreateObjectEntity => ({\n name: options.name,\n value: options.value,\n key_context: options.context,\n});\n\nexport const serializeUpdateObjectEntity = (\n options: UpdateObjectOptions,\n): UpdateObjectEntity => ({\n value: options.value,\n version_check: options.versionCheck,\n});\n","import { decodeUInt32, encodeUInt32 } from '../common/utils/leb128';\nimport { CryptoProvider } from '../common/crypto/crypto-provider';\nimport { List, ListResponse } from '../common/interfaces';\nimport { PaginationOptions } from '../index.worker';\nimport { base64ToUint8Array, uint8ArrayToBase64 } from '../common/utils/base64';\nimport type { WorkOS } from '../workos';\nimport {\n CreateDataKeyOptions,\n CreateDataKeyResponse,\n CreateObjectOptions,\n DataKey,\n DataKeyPair,\n DecryptDataKeyOptions,\n DecryptDataKeyResponse,\n DeleteObjectOptions,\n KeyContext,\n ListObjectVersionsResponse,\n ObjectDigest,\n ObjectDigestResponse,\n ObjectMetadata,\n ObjectVersion,\n ReadObjectMetadataResponse,\n ReadObjectOptions,\n ReadObjectResponse,\n UpdateObjectOptions,\n VaultObject,\n} from './interfaces';\nimport {\n deserializeCreateDataKeyResponse,\n deserializeDecryptDataKeyResponse,\n} from './serializers/vault-key.serializer';\nimport {\n deserializeListObjects,\n deserializeObject,\n deserializeObjectMetadata,\n desrializeListObjectVersions,\n serializeCreateObjectEntity,\n serializeUpdateObjectEntity,\n} from './serializers/vault-object.serializer';\n\ninterface Decoded {\n iv: Uint8Array;\n tag: Uint8Array;\n keys: string;\n ciphertext: Uint8Array;\n}\n\nexport class Vault {\n private cryptoProvider: CryptoProvider;\n\n constructor(private readonly workos: WorkOS) {\n this.cryptoProvider = workos.getCryptoProvider();\n }\n\n private decode(payload: string): Decoded {\n const inputData = base64ToUint8Array(payload);\n // Use 12 bytes for IV (standard for AES-GCM)\n const iv = new Uint8Array(inputData.subarray(0, 12));\n const tag = new Uint8Array(inputData.subarray(12, 28));\n const { value: keyLen, nextIndex } = decodeUInt32(inputData, 28);\n\n // Use subarray instead of slice and convert directly to base64\n const keysBuffer = inputData.subarray(nextIndex, nextIndex + keyLen);\n const keys = uint8ArrayToBase64(keysBuffer);\n\n const ciphertext = new Uint8Array(inputData.subarray(nextIndex + keyLen));\n\n return {\n iv,\n tag,\n keys,\n ciphertext,\n };\n }\n\n async createObject(options: CreateObjectOptions): Promise<ObjectMetadata> {\n const { data } = await this.workos.post<ReadObjectMetadataResponse>(\n `/vault/v1/kv`,\n serializeCreateObjectEntity(options),\n );\n return deserializeObjectMetadata(data);\n }\n\n async listObjects(\n options?: PaginationOptions | undefined,\n ): Promise<List<ObjectDigest>> {\n const url = new URL('/vault/v1/kv', this.workos.baseURL);\n if (options?.after) {\n url.searchParams.set('after', options.after);\n }\n if (options?.limit) {\n url.searchParams.set('limit', options.limit.toString());\n }\n\n const { data } = await this.workos.get<ListResponse<ObjectDigestResponse>>(\n url.toString(),\n );\n return deserializeListObjects(data);\n }\n\n async listObjectVersions(\n options: ReadObjectOptions,\n ): Promise<ObjectVersion[]> {\n const { data } = await this.workos.get<ListObjectVersionsResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/versions`,\n );\n return desrializeListObjectVersions(data);\n }\n\n async readObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n );\n return deserializeObject(data);\n }\n\n async readObjectByName(name: string): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/name/${encodeURIComponent(name)}`,\n );\n return deserializeObject(data);\n }\n\n async describeObject(options: ReadObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.get<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}/metadata`,\n );\n return deserializeObject(data);\n }\n\n async updateObject(options: UpdateObjectOptions): Promise<VaultObject> {\n const { data } = await this.workos.put<ReadObjectResponse>(\n `/vault/v1/kv/${encodeURIComponent(options.id)}`,\n serializeUpdateObjectEntity(options),\n );\n return deserializeObject(data);\n }\n\n async deleteObject(options: DeleteObjectOptions): Promise<void> {\n return this.workos.delete(`/vault/v1/kv/${encodeURIComponent(options.id)}`);\n }\n\n async createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair> {\n const { data } = await this.workos.post<CreateDataKeyResponse>(\n `/vault/v1/keys/data-key`,\n options,\n );\n return deserializeCreateDataKeyResponse(data);\n }\n\n async decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey> {\n const { data } = await this.workos.post<DecryptDataKeyResponse>(\n `/vault/v1/keys/decrypt`,\n options,\n );\n return deserializeDecryptDataKeyResponse(data);\n }\n\n async encrypt(\n data: string,\n context: KeyContext,\n associatedData?: string,\n ): Promise<string> {\n const keyPair = await this.createDataKey({\n context,\n });\n\n // Convert base64 key to Uint8Array\n const encoder = new TextEncoder();\n\n // Use our cross-runtime base64 utility\n const key = base64ToUint8Array(keyPair.dataKey.key);\n const keyBlob = base64ToUint8Array(keyPair.encryptedKeys);\n\n const prefixLenBuffer = encodeUInt32(keyBlob.length);\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n // Use a 12-byte IV for AES-GCM (industry standard)\n const iv = this.cryptoProvider.randomBytes(12);\n\n const {\n ciphertext,\n iv: resultIv,\n tag,\n } = await this.cryptoProvider.encrypt(\n encoder.encode(data),\n key,\n iv,\n aadBuffer,\n );\n\n // Concatenate all parts into a single array\n const resultArray = new Uint8Array(\n resultIv.length +\n tag.length +\n prefixLenBuffer.length +\n keyBlob.length +\n ciphertext.length,\n );\n\n let offset = 0;\n resultArray.set(resultIv, offset);\n offset += resultIv.length;\n\n resultArray.set(tag, offset);\n offset += tag.length;\n\n resultArray.set(new Uint8Array(prefixLenBuffer), offset);\n offset += prefixLenBuffer.length;\n\n resultArray.set(keyBlob, offset);\n offset += keyBlob.length;\n\n resultArray.set(ciphertext, offset);\n\n // Convert to base64 using our cross-runtime utility\n return uint8ArrayToBase64(resultArray);\n }\n\n async decrypt(\n encryptedData: string,\n associatedData?: string,\n ): Promise<string> {\n const decoded = this.decode(encryptedData);\n const dataKey = await this.decryptDataKey({ keys: decoded.keys });\n\n // Convert base64 key to Uint8Array using our cross-runtime utility\n const key = base64ToUint8Array(dataKey.key);\n\n const encoder = new TextEncoder();\n const aadBuffer = associatedData\n ? encoder.encode(associatedData)\n : undefined;\n\n const decrypted = await this.cryptoProvider.decrypt(\n decoded.ciphertext,\n key,\n decoded.iv,\n decoded.tag,\n aadBuffer,\n );\n\n return new TextDecoder().decode(decrypted);\n }\n}\n","import { RequestException } from '../interfaces/request-exception.interface';\n\nexport class ConflictException extends Error implements RequestException {\n readonly status = 409;\n readonly name = 'ConflictException';\n readonly requestID: string;\n\n constructor({\n error,\n message,\n requestID,\n }: {\n error?: string;\n message?: string;\n requestID: string;\n }) {\n super();\n\n this.requestID = requestID;\n\n if (message) {\n this.message = message;\n } else if (error) {\n this.message = `Error: ${error}`;\n } else {\n this.message = `An conflict has occurred on the server.`;\n }\n }\n}\n","import { detectRuntime } from './env';\n\n// Extend globalThis to include runtime-specific globals\ndeclare global {\n var Deno:\n | {\n version: {\n deno: string;\n };\n }\n | undefined;\n\n var Bun:\n | {\n version: string;\n }\n | undefined;\n}\n\nexport interface RuntimeInfo {\n name: string;\n version?: string;\n}\n\n/**\n * Get runtime information including name and version.\n * Safely extracts version information for different JavaScript runtimes.\n * @returns RuntimeInfo object with name and optional version\n */\nexport function getRuntimeInfo(): RuntimeInfo {\n const name = detectRuntime();\n let version: string | undefined;\n\n try {\n switch (name) {\n case 'node':\n // process.version includes 'v' prefix (e.g., \"v20.5.0\")\n version = typeof process !== 'undefined' ? process.version : undefined;\n break;\n\n case 'deno':\n // Deno.version.deno returns just version number (e.g., \"1.36.4\")\n version = globalThis.Deno?.version?.deno;\n break;\n\n case 'bun':\n version = globalThis.Bun?.version || extractBunVersionFromUserAgent();\n break;\n\n // These environments typically don't expose version info\n case 'cloudflare':\n case 'fastly':\n case 'edge-light':\n case 'other':\n default:\n version = undefined;\n break;\n }\n } catch {\n version = undefined;\n }\n\n return {\n name,\n version,\n };\n}\n\n/**\n * Extract Bun version from navigator.userAgent as fallback.\n * @returns Bun version string or undefined\n */\nfunction extractBunVersionFromUserAgent(): string | undefined {\n try {\n if (typeof navigator !== 'undefined' && navigator.userAgent) {\n const match = navigator.userAgent.match(/Bun\\/(\\d+\\.\\d+\\.\\d+)/);\n return match?.[1];\n }\n } catch {\n // Ignore errors\n }\n return undefined;\n}\n","","import {\n ApiKeyRequiredException,\n GenericServerException,\n NotFoundException,\n UnauthorizedException,\n UnprocessableEntityException,\n OauthException,\n RateLimitExceededException,\n} from './common/exceptions';\nimport { PKCE } from './pkce/pkce';\nimport {\n GetOptions,\n HttpClientResponseInterface,\n PatchOptions,\n PostOptions,\n PutOptions,\n WorkOSOptions,\n WorkOSResponseError,\n} from './common/interfaces';\nimport { ApiKeys } from './api-keys/api-keys';\nimport { DirectorySync } from './directory-sync/directory-sync';\nimport { Events } from './events/events';\nimport { Organizations } from './organizations/organizations';\nimport { OrganizationDomains } from './organization-domains/organization-domains';\nimport { Passwordless } from './passwordless/passwordless';\nimport { Pipes } from './pipes/pipes';\nimport { Portal } from './portal/portal';\nimport { SSO } from './sso/sso';\nimport { Webhooks } from './webhooks/webhooks';\nimport { Mfa } from './mfa/mfa';\nimport { AuditLogs } from './audit-logs/audit-logs';\nimport { UserManagement } from './user-management/user-management';\nimport { FGA } from './fga/fga';\nimport { BadRequestException } from './common/exceptions/bad-request.exception';\nimport { FeatureFlags } from './feature-flags/feature-flags';\n\nimport { HttpClient, HttpClientError } from './common/net/http-client';\nimport { SubtleCryptoProvider } from './common/crypto/subtle-crypto-provider';\nimport { FetchHttpClient } from './common/net/fetch-client';\nimport { Widgets } from './widgets/widgets';\nimport { Actions } from './actions/actions';\nimport { Authorization } from './authorization/authorization';\nimport { Vault } from './vault/vault';\nimport { ConflictException } from './common/exceptions/conflict.exception';\nimport { CryptoProvider } from './common/crypto/crypto-provider';\nimport { ParseError } from './common/exceptions/parse-error';\nimport { getEnv } from './common/utils/env';\nimport { getRuntimeInfo } from './common/utils/runtime-info';\nimport { version as VERSION } from '../package.json' with { type: 'json' };\n\nconst DEFAULT_HOSTNAME = 'api.workos.com';\n\nconst HEADER_AUTHORIZATION = 'Authorization';\nconst HEADER_IDEMPOTENCY_KEY = 'Idempotency-Key';\nconst HEADER_WARRANT_TOKEN = 'Warrant-Token';\n\nexport class WorkOS {\n readonly baseURL: string;\n readonly client: HttpClient;\n readonly clientId?: string;\n readonly key?: string;\n readonly options: WorkOSOptions;\n readonly pkce: PKCE;\n\n private readonly hasApiKey: boolean;\n\n readonly actions: Actions;\n readonly apiKeys = new ApiKeys(this);\n readonly auditLogs = new AuditLogs(this);\n readonly authorization = new Authorization(this);\n readonly directorySync = new DirectorySync(this);\n readonly events = new Events(this);\n readonly featureFlags = new FeatureFlags(this);\n readonly fga = new FGA(this);\n readonly mfa = new Mfa(this);\n readonly organizations = new Organizations(this);\n readonly organizationDomains = new OrganizationDomains(this);\n readonly passwordless = new Passwordless(this);\n readonly pipes = new Pipes(this);\n readonly portal = new Portal(this);\n readonly sso = new SSO(this);\n readonly userManagement: UserManagement;\n readonly vault = new Vault(this);\n readonly webhooks: Webhooks;\n readonly widgets = new Widgets(this);\n\n /**\n * Create a new WorkOS client.\n *\n * @param keyOrOptions - API key string, or options object\n * @param maybeOptions - Options when first argument is API key\n *\n * @example\n * // Server-side with API key (string)\n * const workos = new WorkOS('sk_...');\n *\n * @example\n * // Server-side with API key (object)\n * const workos = new WorkOS({ apiKey: 'sk_...', clientId: 'client_...' });\n *\n * @example\n * // PKCE/public client (no API key)\n * const workos = new WorkOS({ clientId: 'client_...' });\n */\n constructor(\n keyOrOptions?: string | WorkOSOptions,\n maybeOptions?: WorkOSOptions,\n ) {\n if (typeof keyOrOptions === 'object') {\n this.key = keyOrOptions.apiKey;\n this.options = keyOrOptions;\n } else {\n this.key = keyOrOptions;\n this.options = maybeOptions ?? {};\n }\n\n if (!this.key) {\n this.key = getEnv('WORKOS_API_KEY');\n }\n\n this.hasApiKey = !!this.key;\n\n if (this.options.https === undefined) {\n this.options.https = true;\n }\n\n this.clientId = this.options.clientId;\n if (!this.clientId) {\n this.clientId = getEnv('WORKOS_CLIENT_ID');\n }\n\n if (!this.hasApiKey && !this.clientId) {\n throw new Error(\n 'WorkOS requires either an API key or a clientId. ' +\n 'For server-side: new WorkOS(\"sk_...\") or new WorkOS({ apiKey: \"sk_...\" }). ' +\n 'For PKCE/public clients: new WorkOS({ clientId: \"client_...\" })',\n );\n }\n\n const protocol: string = this.options.https ? 'https' : 'http';\n const apiHostname: string = this.options.apiHostname || DEFAULT_HOSTNAME;\n const port: number | undefined = this.options.port;\n this.baseURL = `${protocol}://${apiHostname}`;\n\n if (port) {\n this.baseURL = this.baseURL + `:${port}`;\n }\n\n this.pkce = new PKCE();\n\n this.webhooks = this.createWebhookClient();\n this.actions = this.createActionsClient();\n\n // Must initialize UserManagement after baseURL is configured\n this.userManagement = new UserManagement(this);\n\n const userAgent = this.createUserAgent(this.options);\n\n this.client = this.createHttpClient(this.options, userAgent);\n }\n\n private createUserAgent(options: WorkOSOptions): string {\n let userAgent: string = `workos-node/${VERSION}`;\n\n const { name: runtimeName, version: runtimeVersion } = getRuntimeInfo();\n userAgent += ` (${runtimeName}${runtimeVersion ? `/${runtimeVersion}` : ''})`;\n\n if (options.appInfo) {\n const { name, version } = options.appInfo;\n userAgent += ` ${name}: ${version}`;\n }\n\n return userAgent;\n }\n\n createWebhookClient() {\n return new Webhooks(this.getCryptoProvider());\n }\n\n createActionsClient() {\n return new Actions(this.getCryptoProvider());\n }\n\n getCryptoProvider(): CryptoProvider {\n return new SubtleCryptoProvider();\n }\n\n createHttpClient(options: WorkOSOptions, userAgent: string) {\n const headers: Record<string, string> = {\n 'User-Agent': userAgent,\n };\n\n const configHeaders = options.config?.headers;\n if (\n configHeaders &&\n typeof configHeaders === 'object' &&\n !Array.isArray(configHeaders) &&\n !(configHeaders instanceof Headers)\n ) {\n Object.assign(headers, configHeaders);\n }\n\n if (this.key) {\n headers['Authorization'] = `Bearer ${this.key}`;\n }\n\n return new FetchHttpClient(this.baseURL, {\n ...options.config,\n timeout: options.timeout,\n headers,\n }) as HttpClient;\n }\n\n get version() {\n return VERSION;\n }\n\n /**\n * Require API key for methods that need it.\n * @param methodName - Name of the method requiring API key (for error message)\n * @throws ApiKeyRequiredException if no API key was provided\n */\n requireApiKey(methodName: string): void {\n if (!this.hasApiKey) {\n throw new ApiKeyRequiredException(methodName);\n }\n }\n\n async post<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PostOptions = {},\n ): Promise<{ data: Result }> {\n if (!options.skipApiKeyCheck) {\n this.requireApiKey(path);\n }\n\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.post<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async get<Result = any>(\n path: string,\n options: GetOptions = {},\n ): Promise<{ data: Result }> {\n if (!options.skipApiKeyCheck) {\n this.requireApiKey(path);\n }\n\n const requestHeaders: Record<string, string> = {};\n\n if (options.accessToken) {\n requestHeaders[HEADER_AUTHORIZATION] = `Bearer ${options.accessToken}`;\n }\n\n if (options.warrantToken) {\n requestHeaders[HEADER_WARRANT_TOKEN] = options.warrantToken;\n }\n\n let res: HttpClientResponseInterface;\n try {\n res = await this.client.get(path, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async put<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PutOptions = {},\n ): Promise<{ data: Result }> {\n if (!options.skipApiKeyCheck) {\n this.requireApiKey(path);\n }\n\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.put<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async patch<Result = any, Entity = any>(\n path: string,\n entity: Entity,\n options: PatchOptions = {},\n ): Promise<{ data: Result }> {\n if (!options.skipApiKeyCheck) {\n this.requireApiKey(path);\n }\n\n const requestHeaders: Record<string, string> = {};\n\n if (options.idempotencyKey) {\n requestHeaders[HEADER_IDEMPOTENCY_KEY] = options.idempotencyKey;\n }\n\n let res: HttpClientResponseInterface;\n\n try {\n res = await this.client.patch<Entity>(path, entity, {\n params: options.query,\n headers: requestHeaders,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n\n try {\n return { data: await res.toJSON() };\n } catch (error) {\n await this.handleParseError(error, res);\n throw error;\n }\n }\n\n async delete(path: string, query?: any): Promise<void> {\n this.requireApiKey(path);\n\n try {\n await this.client.delete(path, {\n params: query,\n });\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n }\n\n async deleteWithBody<Entity = any>(\n path: string,\n entity: Entity,\n ): Promise<void> {\n this.requireApiKey(path);\n\n try {\n await this.client.deleteWithBody(path, entity, {});\n } catch (error) {\n this.handleHttpError({ path, error });\n\n throw error;\n }\n }\n\n emitWarning(warning: string) {\n // tslint:disable-next-line:no-console\n console.warn(`WorkOS: ${warning}`);\n }\n\n private async handleParseError(\n error: unknown,\n res: HttpClientResponseInterface,\n ) {\n if (error instanceof SyntaxError) {\n const rawResponse = res.getRawResponse() as Response;\n const requestID = rawResponse.headers.get('X-Request-ID') ?? '';\n const rawStatus = rawResponse.status;\n const rawBody = await rawResponse.text();\n throw new ParseError({\n message: error.message,\n rawBody,\n rawStatus,\n requestID,\n });\n }\n }\n\n private handleHttpError({ path, error }: { path: string; error: unknown }) {\n if (!(error instanceof HttpClientError)) {\n throw new Error(`Unexpected error: ${error}`, { cause: error });\n }\n\n const { response } = error as HttpClientError<WorkOSResponseError>;\n\n if (response) {\n const { status, data, headers } = response;\n\n const requestID = headers['X-Request-ID'] ?? '';\n const {\n code,\n error_description: errorDescription,\n error,\n errors,\n message,\n } = data;\n\n switch (status) {\n case 401: {\n throw new UnauthorizedException(requestID);\n }\n case 409: {\n throw new ConflictException({ requestID, message, error });\n }\n case 422: {\n throw new UnprocessableEntityException({\n code,\n errors,\n message,\n requestID,\n });\n }\n case 404: {\n throw new NotFoundException({\n code,\n message,\n path,\n requestID,\n });\n }\n case 429: {\n const retryAfter = headers.get('Retry-After');\n\n throw new RateLimitExceededException(\n data.message,\n requestID,\n retryAfter ? Number(retryAfter) : null,\n );\n }\n default: {\n if (error || errorDescription) {\n throw new OauthException(\n status,\n requestID,\n error,\n errorDescription,\n data,\n );\n } else if (code && errors) {\n // Note: ideally this should be mapped directly with a `400` status code.\n // However, this would break existing logic for the `OauthException` exception.\n throw new BadRequestException({\n code,\n errors,\n message,\n requestID,\n });\n } else {\n throw new GenericServerException(\n status,\n data.message,\n data,\n requestID,\n );\n }\n }\n }\n }\n }\n}\n","// These are the only possible states to create an organization domain with\nexport enum DomainDataState {\n Verified = 'verified',\n Pending = 'pending',\n}\n\nexport interface DomainData {\n domain: string;\n state: DomainDataState;\n}\n","export enum OrganizationDomainState {\n Verified = 'verified',\n Pending = 'pending',\n Failed = 'failed',\n}\n\nexport enum OrganizationDomainVerificationStrategy {\n Dns = 'dns',\n Manual = 'manual',\n}\n\nexport interface OrganizationDomain {\n object: 'organization_domain';\n id: string;\n domain: string;\n organizationId: string;\n state: OrganizationDomainState;\n verificationToken?: string;\n verificationStrategy: OrganizationDomainVerificationStrategy;\n verificationPrefix?: string;\n createdAt: string;\n updatedAt: string;\n}\n\nexport interface OrganizationDomainResponse {\n object: 'organization_domain';\n id: string;\n domain: string;\n organization_id: string;\n state: OrganizationDomainState;\n verification_token?: string;\n verification_strategy: OrganizationDomainVerificationStrategy;\n verification_prefix?: string;\n created_at: string;\n updated_at: string;\n}\n","export enum GeneratePortalLinkIntent {\n AuditLogs = 'audit_logs',\n DomainVerification = 'domain_verification',\n DSync = 'dsync',\n LogStreams = 'log_streams',\n SSO = 'sso',\n CertificateRenewal = 'certificate_renewal',\n BringYourOwnKey = 'bring_your_own_key',\n}\n","export enum ConnectionType {\n ADFSSAML = 'ADFSSAML',\n AdpOidc = 'AdpOidc',\n AppleOAuth = 'AppleOAuth',\n Auth0SAML = 'Auth0SAML',\n AzureSAML = 'AzureSAML',\n CasSAML = 'CasSAML',\n ClassLinkSAML = 'ClassLinkSAML',\n CloudflareSAML = 'CloudflareSAML',\n CyberArkSAML = 'CyberArkSAML',\n DuoSAML = 'DuoSAML',\n GenericOIDC = 'GenericOIDC',\n GenericSAML = 'GenericSAML',\n GitHubOAuth = 'GitHubOAuth',\n GoogleOAuth = 'GoogleOAuth',\n GoogleSAML = 'GoogleSAML',\n JumpCloudSAML = 'JumpCloudSAML',\n KeycloakSAML = 'KeycloakSAML',\n LastPassSAML = 'LastPassSAML',\n LoginGovOidc = 'LoginGovOidc',\n MagicLink = 'MagicLink',\n MicrosoftOAuth = 'MicrosoftOAuth',\n MiniOrangeSAML = 'MiniOrangeSAML',\n NetIqSAML = 'NetIqSAML',\n OktaSAML = 'OktaSAML',\n OneLoginSAML = 'OneLoginSAML',\n OracleSAML = 'OracleSAML',\n PingFederateSAML = 'PingFederateSAML',\n PingOneSAML = 'PingOneSAML',\n RipplingSAML = 'RipplingSAML',\n SalesforceOAuth = 'SalesforceOAuth',\n SalesforceSAML = 'SalesforceSAML',\n ShibbolethGenericSAML = 'ShibbolethGenericSAML',\n ShibbolethSAML = 'ShibbolethSAML',\n SimpleSamlPhpSAML = 'SimpleSamlPhpSAML',\n VMwareSAML = 'VMwareSAML',\n}\n","import { WorkOS } from './workos';\nimport type { UserManagement } from './user-management/user-management';\nimport type { SSO } from './sso/sso';\nimport type { PKCE } from './pkce/pkce';\nimport type { WorkOSOptions } from './common/interfaces';\n\n/**\n * Method names available without API key - single source of truth.\n * Add new public methods here to expose them on PublicUserManagement.\n */\ntype PublicUserManagementMethods =\n | 'getAuthorizationUrl'\n | 'getAuthorizationUrlWithPKCE'\n | 'authenticateWithCode'\n | 'authenticateWithCodeAndVerifier'\n | 'authenticateWithRefreshToken'\n | 'getLogoutUrl'\n | 'getJwksUrl';\n\n/**\n * SSO method names available without API key.\n */\ntype PublicSSOMethods =\n | 'getAuthorizationUrl'\n | 'getAuthorizationUrlWithPKCE'\n | 'getProfileAndToken';\n\n/**\n * Subset of UserManagement methods available without an API key.\n * Used by public clients (browser, mobile, CLI, desktop apps).\n */\nexport type PublicUserManagement = Pick<\n UserManagement,\n PublicUserManagementMethods\n>;\n\n/**\n * Subset of SSO methods available without an API key.\n */\nexport type PublicSSO = Pick<SSO, PublicSSOMethods>;\n\n/**\n * WorkOS client for public/PKCE-only usage.\n * Returned when initialized with only clientId (no API key).\n *\n * For browser, mobile, CLI, and desktop applications that cannot\n * securely store an API key.\n */\nexport interface PublicWorkOS {\n readonly baseURL: string;\n readonly clientId: string;\n readonly pkce: PKCE;\n readonly userManagement: PublicUserManagement;\n readonly sso: PublicSSO;\n}\n\n/**\n * Options for creating a public client (PKCE-only, no API key).\n */\nexport interface PublicClientOptions extends Omit<WorkOSOptions, 'apiKey'> {\n clientId: string;\n /** Discriminant: ensures TypeScript selects PublicWorkOS overload when apiKey is absent */\n apiKey?: never;\n}\n\n/**\n * Options for creating a confidential client (with API key).\n */\nexport interface ConfidentialClientOptions extends WorkOSOptions {\n apiKey: string;\n}\n\n/**\n * Create a type-safe WorkOS client.\n *\n * Returns a narrowed `PublicWorkOS` type when only `clientId` is provided,\n * ensuring compile-time safety for public client usage. Returns the full\n * `WorkOS` type when an API key is provided.\n *\n * Unlike the `WorkOS` constructor, this factory does NOT read from\n * environment variables. Pass credentials explicitly for predictable types.\n *\n * @example\n * // Public client (browser, mobile, CLI) - returns PublicWorkOS\n * const workos = createWorkOS({ clientId: 'client_123' });\n * await workos.userManagement.getAuthorizationUrlWithPKCE({...}); // OK\n * workos.userManagement.listUsers(); // TypeScript error!\n *\n * @example\n * // Confidential client (server) - returns full WorkOS\n * const workos = createWorkOS({\n * apiKey: process.env.WORKOS_API_KEY!,\n * clientId: 'client_123'\n * });\n * await workos.userManagement.listUsers(); // OK\n */\nexport function createWorkOS(options: PublicClientOptions): PublicWorkOS;\nexport function createWorkOS(options: ConfidentialClientOptions): WorkOS;\nexport function createWorkOS(\n options: PublicClientOptions | ConfidentialClientOptions,\n): PublicWorkOS | WorkOS {\n return new WorkOS(options);\n}\n"],"x_google_ignoreList":[100,101],"mappings":";;;;;AAIA,IAAsB,iBAAtB,MAAqC;CACnC,UAAU,IAAI,aAAa;;;;;;;;;ACE7B,IAAa,uBAAb,cAA0C,eAAe;CACvD;CAEA,YAAY,cAA6B;AACvC,SAAO;AAKP,OAAK,eAAe,gBAAgB,OAAO;;CAG7C,qBAAqB,UAAkB,SAAyB;AAC9D,QAAM,IAAI,MACR,+DACD;;;CAIH,MAAM,0BACJ,SACA,QACiB;EACjB,MAAM,UAAU,IAAI,aAAa;EAEjC,MAAM,MAAM,MAAM,KAAK,aAAa,UAClC,OACA,QAAQ,OAAO,OAAO,EACtB;GACE,MAAM;GACN,MAAM,EAAE,MAAM,WAAW;GAC1B,EACD,OACA,CAAC,OAAO,CACT;EAED,MAAM,kBAAkB,MAAM,KAAK,aAAa,KAC9C,QACA,KACA,QAAQ,OAAO,QAAQ,CACxB;EAKD,MAAM,iBAAiB,IAAI,WAAW,gBAAgB;EACtD,MAAM,oBAAoB,IAAI,MAAM,eAAe,OAAO;AAE1D,OAAK,IAAI,IAAI,GAAG,IAAI,eAAe,QAAQ,IACzC,mBAAkB,KAAK,eAAe,eAAe;AAGvD,SAAO,kBAAkB,KAAK,GAAG;;;CAInC,MAAM,cAAc,SAAiB,SAAmC;EACtE,MAAM,UAAU,KAAK,QAAQ,OAAO,QAAQ;EAC5C,MAAM,UAAU,KAAK,QAAQ,OAAO,QAAQ;AAE5C,MAAI,QAAQ,WAAW,QAAQ,OAC7B,QAAO;EAGT,MAAM,YAAY;GAAE,MAAM;GAAQ,MAAM;GAAW;EACnD,MAAM,MAAO,MAAM,OAAO,OAAO,YAAY,WAAW,OAAO,CAC7D,QACA,SACD,CAAC;EACF,MAAM,OAAO,MAAM,OAAO,OAAO,KAAK,WAAW,KAAK,QAAQ;AAG9D,SAFc,MAAM,OAAO,OAAO,OAAO,WAAW,KAAK,MAAM,QAAQ;;CAKzE,MAAM,QACJ,WACA,KACA,IACA,KAKC;EACD,MAAM,WAAW,MAAM,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC;EAEjE,MAAM,YAAY,MAAM,KAAK,aAAa,UACxC,OACA,KACA,EAAE,MAAM,WAAW,EACnB,OACA,CAAC,UAAU,CACZ;EAED,MAAM,gBAA8B;GAClC,MAAM;GACN,IAAI;GACL;AAED,MAAI,IACF,eAAc,iBAAiB;EAGjC,MAAM,gBAAgB,MAAM,KAAK,aAAa,QAC5C,eACA,WACA,UACD;EAED,MAAM,iBAAiB,IAAI,WAAW,cAAc;EAIpD,MAAM,WAAW,eAAe,SADhB;EAEhB,MAAM,MAAM,eAAe,MAAM,SAAS;AAG1C,SAAO;GACL,YAHiB,eAAe,MAAM,GAAG,SAAS;GAIlD,IAAI;GACJ;GACD;;CAGH,MAAM,QACJ,YACA,KACA,IACA,KACA,KACqB;EAErB,MAAM,eAAe,IAAI,WAAW,WAAW,SAAS,IAAI,OAAO;AACnE,eAAa,IAAI,YAAY,EAAE;AAC/B,eAAa,IAAI,KAAK,WAAW,OAAO;EAExC,MAAM,YAAY,MAAM,KAAK,aAAa,UACxC,OACA,KACA,EAAE,MAAM,WAAW,EACnB,OACA,CAAC,UAAU,CACZ;EAED,MAAM,gBAA8B;GAClC,MAAM;GACF;GACL;AAED,MAAI,IACF,eAAc,iBAAiB;EAGjC,MAAM,gBAAgB,MAAM,KAAK,aAAa,QAC5C,eACA,WACA,aACD;AAED,SAAO,IAAI,WAAW,cAAc;;CAGtC,YAAY,QAA4B;EACtC,MAAM,QAAQ,IAAI,WAAW,OAAO;AACpC,SAAO,gBAAgB,MAAM;AAC7B,SAAO;;CAGT,aAAqB;AACnB,MACE,OAAO,WAAW,eAClB,OAAO,OAAO,eAAe,WAE7B,QAAO,OAAO,YAAY;EAI5B,MAAM,QAAQ,KAAK,YAAY,GAAG;AAElC,QAAM,KAAM,MAAM,KAAK,KAAQ;AAE/B,QAAM,KAAM,MAAM,KAAK,KAAQ;EAE/B,MAAM,MAAM,MAAM,KAAK,QAAQ,MAAM,eAAe,GAAG,CAAC,KAAK,GAAG;AAChE,SAAO,GAAG,IAAI,MAAM,GAAG,EAAE,CAAC,GAAG,IAAI,MAAM,GAAG,GAAG,CAAC,GAAG,IAAI,MACnD,IACA,GACD,CAAC,GAAG,IAAI,MAAM,IAAI,GAAG,CAAC,GAAG,IAAI,MAAM,GAAG;;;AAM3C,MAAM,iBAAiB,IAAI,MAAM,IAAI;AACrC,KAAK,IAAI,IAAI,GAAG,IAAI,eAAe,QAAQ,IACzC,gBAAe,KAAK,EAAE,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI;;;ACnMrD,IAAsB,aAAtB,MAAsB,WAA0C;CAC9D,qBAA8B;CAC9B,qBAA8B;CAC9B,qCAA8C;CAC9C,qBAA8B;EAAC;EAAK;EAAK;EAAK;EAAI;CAElD,YACE,SACA,SACA;AAFS,OAAA,UAAA;AACA,OAAA,UAAA;;;CAIX,gBAAwB;AACtB,QAAM,IAAI,MAAM,gCAAgC;;CAqClD,qBAAqB,WAA2B;AAC9C,MAAI,UAAU,QAAQ,IAAI,GAAG,GAC3B,QAAO,UAAU,QAAQ,QAAQ,IAAI,KAAK,eAAe,CAAC,GAAG;MAE7D,QAAQ,aAAa,IAAI,KAAK,eAAe;;CAIjD,OAAO,eACL,SACA,MACA,QACA;EACA,MAAM,cAAc,WAAW,eAAe,OAAO;AAErD,SADY,IAAI,IAAI,CAAC,MAAM,YAAY,CAAC,OAAO,QAAQ,CAAC,KAAK,IAAI,EAAE,QAAQ,CAChE,UAAU;;CAGvB,OAAO,eAAe,UAAgC;AACpD,MAAI,CAAC,SAAU,QAAO,KAAA;EAEtB,MAAM,oBAAyC,EAAE;AAEjD,SAAO,QAAQ,SAAS,CAAC,SAAS,CAAC,OAAO,WAAW;AACnD,OAAI,UAAU,QAAQ,UAAU,KAAA,KAAa,UAAU,GACrD,mBAAkB,SAAS;IAE7B;AAEF,SAAO,IAAI,gBAAgB,kBAAkB,CAAC,UAAU;;CAG1D,OAAO,qBAAqB,QAAyC;AACnE,MAAI,kBAAkB,gBACpB,QAAO,EACL,gBAAgB,mDACjB;;CAKL,OAAO,QAAQ,QAA0C;AACvD,MAAI,WAAW,QAAQ,kBAAkB,gBACvC,QAAO;AAGT,SAAO,KAAK,UAAU,OAAO;;CAG/B,OAAO,gBAAgB,MAAuB;AAC5C,SACE,KAAK,WAAW,QAAQ,IACxB,KAAK,WAAW,UAAU,IAC1B,KAAK,WAAW,qBAAqB;;CAIzC,2BAAmC,cAA8B;AAK/D,SAHE,KAAK,qCACL,KAAK,IAAI,KAAK,oBAAoB,aAAa,IAClC,KAAK,QAAQ,GAAG;;CAIjC,SAAS,iBACP,IAAI,SAAS,YACX,WAAW,SAAS,KAAK,2BAA2B,aAAa,CAAC,CACnE;;AAIL,IAAsB,qBAAtB,MAAgF;CAC9E;CACA;CAEA,YAAY,YAAoB,SAA0B;AACxD,OAAK,cAAc;AACnB,OAAK,WAAW;;CAGlB,gBAAwB;AACtB,SAAO,KAAK;;CAGd,aAA8B;AAC5B,SAAO,KAAK;;;AAShB,IAAa,kBAAb,cAAwC,MAAM;CAC5C,OAAwB;CACxB,UAA2B;CAC3B;CAEA,YAAY,EACV,SACA,YAIC;AACD,QAAM,QAAQ;AACd,OAAK,UAAU;AACf,OAAK,WAAW;;;;;ACrKpB,IAAa,aAAb,cAAgC,MAAkC;CAChE,OAAgB;CAChB,SAAkB;CAClB;CACA;CACA;CAEA,YAAY,EACV,SACA,SACA,WACA,aAMC;AACD,QAAM,QAAQ;AACd,OAAK,UAAU;AACf,OAAK,YAAY;AACjB,OAAK,YAAY;;;;;ACTrB,MAAM,wBAAwB;AAC9B,IAAa,kBAAb,cAAqC,WAA0C;CAC7E;CAEA,YACE,SACA,SACA,SACA;AACA,QAAM,SAAS,QAAQ;AAJd,OAAA,UAAA;AACA,OAAA,UAAA;AAMT,MAAI,CAAC,SAAS;AACZ,OAAI,CAAC,WAAW,MACd,OAAM,IAAI,MACR,kFACD;AAEH,aAAU,WAAW;;AAGvB,OAAK,WAAW,QAAQ,KAAK,WAAW;;;CAI1C,gBAAwB;AACtB,SAAO;;CAGT,MAAM,IACJ,MACA,SACsC;EACtC,MAAM,cAAc,WAAW,eAC7B,KAAK,SACL,MACA,QAAQ,OACT;AAED,MAAI,WAAW,gBAAgB,KAAK,CAClC,QAAO,MAAM,KAAK,sBAChB,aACA,OACA,MACA,QAAQ,QACT;MAED,QAAO,MAAM,KAAK,aAAa,aAAa,OAAO,MAAM,QAAQ,QAAQ;;CAI7E,MAAM,KACJ,MACA,QACA,SACsC;EACtC,MAAM,cAAc,WAAW,eAC7B,KAAK,SACL,MACA,QAAQ,OACT;AAED,MAAI,WAAW,gBAAgB,KAAK,CAClC,QAAO,MAAM,KAAK,sBAChB,aACA,QACA,WAAW,QAAQ,OAAO,EAC1B;GACE,GAAG,WAAW,qBAAqB,OAAO;GAC1C,GAAG,QAAQ;GACZ,CACF;MAED,QAAO,MAAM,KAAK,aAChB,aACA,QACA,WAAW,QAAQ,OAAO,EAC1B;GACE,GAAG,WAAW,qBAAqB,OAAO;GAC1C,GAAG,QAAQ;GACZ,CACF;;CAIL,MAAM,IACJ,MACA,QACA,SACsC;EACtC,MAAM,cAAc,WAAW,eAC7B,KAAK,SACL,MACA,QAAQ,OACT;AAED,MAAI,WAAW,gBAAgB,KAAK,CAClC,QAAO,MAAM,KAAK,sBAChB,aACA,OACA,WAAW,QAAQ,OAAO,EAC1B;GACE,GAAG,WAAW,qBAAqB,OAAO;GAC1C,GAAG,QAAQ;GACZ,CACF;MAED,QAAO,MAAM,KAAK,aAChB,aACA,OACA,WAAW,QAAQ,OAAO,EAC1B;GACE,GAAG,WAAW,qBAAqB,OAAO;GAC1C,GAAG,QAAQ;GACZ,CACF;;CAIL,MAAM,MACJ,MACA,QACA,SACsC;EACtC,MAAM,cAAc,WAAW,eAC7B,KAAK,SACL,MACA,QAAQ,OACT;AAED,MAAI,WAAW,gBAAgB,KAAK,CAClC,QAAO,MAAM,KAAK,sBAChB,aACA,SACA,WAAW,QAAQ,OAAO,EAC1B;GACE,GAAG,WAAW,qBAAqB,OAAO;GAC1C,GAAG,QAAQ;GACZ,CACF;MAED,QAAO,MAAM,KAAK,aAChB,aACA,SACA,WAAW,QAAQ,OAAO,EAC1B;GACE,GAAG,WAAW,qBAAqB,OAAO;GAC1C,GAAG,QAAQ;GACZ,CACF;;CAIL,MAAM,OACJ,MACA,SACsC;EACtC,MAAM,cAAc,WAAW,eAC7B,KAAK,SACL,MACA,QAAQ,OACT;AAED,MAAI,WAAW,gBAAgB,KAAK,CAClC,QAAO,MAAM,KAAK,sBAChB,aACA,UACA,MACA,QAAQ,QACT;MAED,QAAO,MAAM,KAAK,aAChB,aACA,UACA,MACA,QAAQ,QACT;;CAIL,MAAM,eACJ,MACA,QACA,SACsC;EACtC,MAAM,cAAc,WAAW,eAC7B,KAAK,SACL,MACA,QAAQ,OACT;AAED,MAAI,WAAW,gBAAgB,KAAK,CAClC,QAAO,MAAM,KAAK,sBAChB,aACA,UACA,WAAW,QAAQ,OAAO,EAC1B;GACE,GAAG,WAAW,qBAAqB,OAAO;GAC1C,GAAG,QAAQ;GACZ,CACF;MAED,QAAO,MAAM,KAAK,aAChB,aACA,UACA,WAAW,QAAQ,OAAO,EAC1B;GACE,GAAG,WAAW,qBAAqB,OAAO;GAC1C,GAAG,QAAQ;GACZ,CACF;;CAIL,MAAc,aACZ,KACA,QACA,MACA,SACsC;EAOtC,MAAM,cAAc,SAFlB,WAAW,UAAU,WAAW,SAAS,WAAW,UAEN,KAAK,KAAA;EAErD,MAAM,EAAE,cAAc,cAAe,KAAK,SAAS,WACjD,EAAE;EAGJ,MAAM,UAAU,KAAK,SAAS,WAAW;EACzC,MAAM,kBAAkB,IAAI,iBAAiB;EAC7C,MAAM,YAAY,iBAAiB;AACjC,oBAAiB,OAAO;KACvB,QAAQ;AAEX,MAAI;GACF,MAAM,MAAM,MAAM,KAAK,SAAS,KAAK;IACnC;IACA,SAAS;KACP,QAAQ;KACR,gBAAgB;KAChB,GAAG,KAAK,SAAS;KACjB,GAAG;KACH,cAAc,KAAK,sBAChB,aAAa,eAAe,UAAU,CACxC;KACF;IACD,MAAM;IACN,QAAQ,iBAAiB;IAC1B,CAAC;AAGF,OAAI,UACF,cAAa,UAAU;AAGzB,OAAI,CAAC,IAAI,IAAI;IACX,MAAM,YAAY,IAAI,QAAQ,IAAI,eAAe,IAAI;IACrD,MAAM,UAAU,MAAM,IAAI,MAAM;IAEhC,IAAI;AAEJ,QAAI;AACF,oBAAe,KAAK,MAAM,QAAQ;aAC3B,OAAO;AACd,SAAI,iBAAiB,YACnB,OAAM,IAAI,WAAW;MACnB,SAAS,MAAM;MACf;MACA;MACA,WAAW,IAAI;MAChB,CAAC;AAEJ,WAAM;;AAGR,UAAM,IAAI,gBAAgB;KACxB,SAAS,IAAI;KACb,UAAU;MACR,QAAQ,IAAI;MACZ,SAAS,IAAI;MACb,MAAM;MACP;KACF,CAAC;;AAEJ,UAAO,IAAI,wBAAwB,IAAI;WAChC,OAAO;AAEd,OAAI,UACF,cAAa,UAAU;AAIzB,OAAI,iBAAiB,SAAS,MAAM,SAAS,aAC3C,OAAM,IAAI,gBAAgB;IACxB,SAAS,yBAAyB,QAAQ;IAC1C,UAAU;KACR,QAAQ;KACR,SAAS,EAAE;KACX,MAAM,EAAE,OAAO,mBAAmB;KACnC;IACF,CAAC;AAGJ,SAAM;;;CAIV,MAAc,sBACZ,KACA,QACA,MACA,SACsC;EACtC,IAAI;EACJ,IAAI,gBAAgB;EAEpB,MAAM,cAAc,YAAkD;GACpE,IAAI,eAAoB;AAExB,OAAI;AACF,eAAW,MAAM,KAAK,aAAa,KAAK,QAAQ,MAAM,QAAQ;YACvD,GAAG;AACV,mBAAe;;AAGjB,OAAI,KAAK,mBAAmB,cAAc,cAAc,EAAE;AACxD;AACA,UAAM,KAAK,MAAM,cAAc;AAC/B,WAAO,aAAa;;AAGtB,OAAI,gBAAgB,KAClB,OAAM;AAGR,UAAO;;AAGT,SAAO,aAAa;;CAGtB,mBAA2B,cAAmB,cAA+B;AAC3E,MAAI,eAAe,KAAK,mBACtB,QAAO;AAGT,MAAI,gBAAgB,MAAM;AACxB,OAAI,wBAAwB,UAC1B,QAAO;AAGT,OACE,wBAAwB,mBACxB,KAAK,mBAAmB,SAAS,aAAa,SAAS,OAAO,CAE9D,QAAO;;AAIX,SAAO;;;AAKX,IAAa,0BAAb,MAAa,gCACH,mBAEV;CACE;CAEA,YAAY,KAAe;AACzB,QACE,IAAI,QACJ,wBAAwB,0BAA0B,IAAI,QAAQ,CAC/D;AACD,OAAK,OAAO;;CAGd,iBAA2B;AACzB,SAAO,KAAK;;CAGd,SAA8B;AAI5B,SAHoB,KAAK,KAAK,QAAQ,IAAI,eAAe,EACrB,SAAS,mBAAmB,GAExC,KAAK,KAAK,MAAM,GAAG;;CAG7C,OAAO,0BAA0B,SAAmC;EAGlE,MAAM,aAA8B,EAAE;AACtC,OAAK,MAAM,SAAS,OAAO,QAAQ,QAAQ,EAAE;AAC3C,OAAI,CAAC,MAAM,QAAQ,MAAM,IAAI,MAAM,WAAW,EAC5C,OAAM,IAAI,MACR,+JACD;AAGH,cAAW,MAAM,MAAM,MAAM;;AAG/B,SAAO;;;;;ACraX,IAAa,0BAAb,cAA6C,MAAM;CACjD,SAAkB;CAClB,OAAgB;CAChB;CAEA,YAAY,MAAc;AACxB,QACE,yBAAyB,KAAK,sMAG/B;AACD,OAAK,OAAO;;;;;ACThB,IAAa,yBAAb,cAA4C,MAAkC;CAC5E,OAAwB;CACxB,UAA2B;CAE3B,YACE,QACA,SACA,SACA,WACA;AACA,SAAO;AALE,OAAA,SAAA;AAEA,OAAA,UAAA;AACA,OAAA,YAAA;AAGT,MAAI,QACF,MAAK,UAAU;;;;;ACZrB,IAAa,sBAAb,cAAyC,MAAkC;CACzE,SAAkB;CAClB,OAAgB;CAChB,UAA2B;CAC3B;CACA;CACA;CAEA,YAAY,EACV,MACA,QACA,SACA,aAMC;AACD,SAAO;AAEP,OAAK,YAAY;AAEjB,MAAI,QACF,MAAK,UAAU;AAGjB,MAAI,KACF,MAAK,OAAO;AAGd,MAAI,OACF,MAAK,SAAS;;;;;AClCpB,IAAa,4BAAb,cAA+C,MAAM;CACnD,SAAkB;CAClB,OAAgB;CAChB,UACE;;;;ACFJ,IAAa,oBAAb,cAAuC,MAAkC;CACvE,SAAkB;CAClB,OAAgB;CAChB;CACA;CACA;CAEA,YAAY,EACV,MACA,SACA,MACA,aAMC;AACD,SAAO;AACP,OAAK,OAAO;AACZ,OAAK,UACH,WAAW,uBAAuB,KAAK;AACzC,OAAK,YAAY;;;;;ACtBrB,IAAa,iBAAb,cAAoC,MAAkC;CACpE,OAAgB;CAEhB,YACE,QACA,WACA,OACA,kBACA,SACA;AACA,SAAO;AANE,OAAA,SAAA;AACA,OAAA,YAAA;AACA,OAAA,QAAA;AACA,OAAA,mBAAA;AACA,OAAA,UAAA;AAGT,MAAI,SAAS,iBACX,MAAK,UAAU,UAAU,MAAM,uBAAuB;WAC7C,MACT,MAAK,UAAU,UAAU;MAEzB,MAAK,UAAU;;;;;ACZrB,IAAa,6BAAb,cAAgD,uBAAuB;CACrE,OAAgB;CAEhB,YACE,SACA,WAIA,YACA;AACA,QAAM,KAAK,SAAS,EAAE,EAAE,UAAU;AAFzB,OAAA,aAAA;;;;;ACfb,IAAa,iCAAb,cAAoD,MAAM;CACxD,OAAgB;CAEhB,YAAY,SAAiB;AAC3B,QAAM,WAAW,iCAAiC;;;;;ACFtD,IAAa,wBAAb,cAA2C,MAAkC;CAC3E,SAAkB;CAClB,OAAgB;CAChB;CAEA,YAAY,WAA4B;AACtC,SAAO;AADY,OAAA,YAAA;AAEnB,OAAK,UAAU;;;;;ACNnB,IAAa,+BAAb,cACU,MAEV;CACE,SAAkB;CAClB,OAAgB;CAChB,UAA2B;CAC3B;CACA;CAEA,YAAY,EACV,MACA,QACA,SACA,aAMC;AACD,SAAO;AAEP,OAAK,YAAY;AAEjB,MAAI,QACF,MAAK,UAAU;AAGjB,MAAI,KACF,MAAK,OAAO;AAGd,MAAI,QAAQ;AAGV,QAAK,UAAU,iBAFK,OAAO,WAAW,IAAI,gBAAgB,eAEd;AAE5C,QAAK,MAAM,EAAE,UAAU,OACrB,MAAK,UAAU,KAAK,QAAQ,OAAO,KAAK,KAAK,IAAI;;;;;;ACvCzD,IAAa,oBAAb,MAA+B;CAC7B;CAEA,YAAY,gBAAgC;AAC1C,OAAK,iBAAiB;;CAGxB,MAAM,aAAa,EACjB,SACA,WACA,QACA,YAAY,QAMO;EACnB,MAAM,CAAC,WAAW,iBAChB,KAAK,6BAA6B,UAAU;AAE9C,MAAI,CAAC,iBAAiB,OAAO,KAAK,cAAc,CAAC,WAAW,EAC1D,OAAM,IAAI,+BACR,kDACD;AAGH,MAAI,SAAS,WAAW,GAAG,GAAG,KAAK,KAAK,GAAG,UACzC,OAAM,IAAI,+BACR,uCACD;EAGH,MAAM,cAAc,MAAM,KAAK,iBAAiB,WAAW,SAAS,OAAO;AAC3E,MACG,MAAM,KAAK,eAAe,cAAc,aAAa,cAAc,KACpE,MAEA,OAAM,IAAI,+BACR,wEACD;AAEH,SAAO;;CAGT,6BAA6B,WAAqC;EAEhE,MAAM,CAAC,GAAG,MADQ,UACQ,MAAM,IAAI;AACpC,MAAI,OAAO,MAAM,eAAe,OAAO,OAAO,YAC5C,OAAM,IAAI,+BACR,iCACD;EAEH,MAAM,EAAE,GAAG,cAAc,EAAE,MAAM,IAAI;EACrC,MAAM,EAAE,GAAG,kBAAkB,GAAG,MAAM,IAAI;AAE1C,SAAO,CAAC,WAAW,cAAc;;CAGnC,MAAM,iBACJ,WACA,SACA,QACiB;AACjB,YAAU,KAAK,UAAU,QAAQ;EACjC,MAAM,gBAAgB,GAAG,UAAU,GAAG;AAEtC,SAAO,MAAM,KAAK,eAAe,0BAC/B,eACA,OACD;;;;;;;;;;;;;;AChEL,MAAa,eACX,WACA,UAAU,uCAAuC,UAAU,QACjD;AACV,OAAM,IAAI,UAAU,QAAQ;;;;ACX9B,MAAa,iCACX,wBACwB;CACxB,QAAQ,mBAAmB;CAC3B,IAAI,mBAAmB;CACvB,QAAQ,mBAAmB;CAC3B,gBAAgB,mBAAmB;CACnC,OAAO,mBAAmB;CAC1B,GAAI,mBAAmB,uBAAuB,KAAA,KAAa,EACzD,mBAAmB,mBAAmB,oBACvC;CACD,sBAAsB,mBAAmB;CACzC,GAAI,mBAAmB,wBAAwB,KAAA,KAAa,EAC1D,oBAAoB,mBAAmB,qBACxC;CACD,WAAW,mBAAmB;CAC9B,WAAW,mBAAmB;CAC/B;;;AChBD,MAAa,2BACX,kBACkB;CAClB,QAAQ,aAAa;CACrB,IAAI,aAAa;CACjB,MAAM,aAAa;CACnB,kCACE,aAAa;CACf,SAAS,aAAa,QAAQ,IAAI,8BAA8B;CAChE,GAAI,OAAO,aAAa,uBAAuB,cAC3C,KAAA,IACA,EAAE,kBAAkB,aAAa,oBAAoB;CACzD,WAAW,aAAa;CACxB,WAAW,aAAa;CACxB,YAAY,aAAa,eAAe;CACxC,UAAU,aAAa,YAAY,EAAE;CACtC;;;ACZD,MAAa,wCACX,aAE2C;CAC3C,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,MAAM,QAAQ;CACd,eAAe,QAAQ;CACvB,kBAAkB,QAAQ;CAC1B,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB;;;ACbD,MAAa,mDACX,aACsD;CACtD,YAAY;CACZ,WAAW,QAAQ;CACnB,MAAM,QAAQ;CACd,eAAe,QAAQ;CACvB,kBAAkB,QAAQ;CAC1B,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB;;;ACTD,MAAa,6CACX,aAEgD;CAChD,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,MAAM,QAAQ;CACd,OAAO,QAAQ;CACf,kBAAkB,QAAQ;CAC1B,yBAAyB,QAAQ;CACjC,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB;;;ACbD,MAAa,4CACX,aAE+C;CAC/C,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,OAAO,QAAQ;CACf,UAAU,QAAQ;CAClB,kBAAkB,QAAQ;CAC1B,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB;;;ACZD,MAAa,gDACX,aAEmD;CACnD,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,eAAe,QAAQ;CACvB,iBAAiB,QAAQ;CACzB,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB;;;ACZD,MAAa,4DACX,aAC+D;CAC/D,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,iBAAiB,QAAQ;CACzB,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB;;;ACRD,MAAa,wCACX,aAE2C;CAC3C,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,MAAM,QAAQ;CACd,6BAA6B,QAAQ;CACrC,8BAA8B,QAAQ;CACtC,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB;;;ACZD,MAAM,qCACJ,SAC4B;CAC5B,cAAc,IAAI;CAClB,gBAAgB,IAAI;CACpB,GAAI,IAAI,eAAe,KAAA,KAAa,EAAE,WAAW,IAAI,YAAY;CAClE;AAED,MAAa,kCACX,yBACyB;CACzB,OAAO,oBAAoB;CAC3B,GAAI,oBAAoB,UAAU,KAAA,KAAa,EAC7C,OAAO,oBAAoB,OAC5B;CACD,WAAW,oBAAoB;CAC/B,GAAI,oBAAoB,QAAQ,KAAA,KAAa,EAC3C,KAAK,kCAAkC,oBAAoB,IAAI,EAChE;CACD,QAAQ,oBAAoB;CAC5B,MAAM,oBAAoB;CAC1B,WAAW,oBAAoB;CAC/B,QAAQ,oBAAoB;CAC7B;;;AC5BD,MAAa,0BACX,gBAEA,cACI;CACE,aAAa,YAAY;CACzB,cAAc,YAAY;CAC1B,WAAW,YAAY;CACvB,QAAQ,YAAY;CACrB,GACD,KAAA;;;ACVN,MAAa,mBAAmB,UAA8B;CAC5D,QAAQ,KAAK;CACb,IAAI,KAAK;CACT,OAAO,KAAK;CACZ,eAAe,KAAK;CACpB,WAAW,KAAK;CAChB,mBAAmB,KAAK;CACxB,UAAU,KAAK;CACf,cAAc,KAAK;CACnB,QAAQ,KAAK;CACb,WAAW,KAAK;CAChB,WAAW,KAAK;CAChB,YAAY,KAAK,eAAe;CAChC,UAAU,KAAK,YAAY,EAAE;CAC9B;;;ACTD,MAAa,qCACX,2BAC2B;CAC3B,MAAM,EACJ,MACA,iBACA,cACA,eACA,uBACA,cACA,cACA,GAAG,SACD;AAEJ,QAAO;EACL,MAAM,gBAAgB,KAAK;EAC3B,gBAAgB;EAChB,aAAa;EACb,cAAc;EACd;EACA,sBAAsB;EACtB,aAAa,uBAAuB,aAAa;EACjD,GAAG;EACJ;;;;ACzBH,MAAa,mCACX,aACsC;CACtC,OAAO,QAAQ;CACf,kBAAkB,QAAQ;CAC3B;;;ACLD,MAAa,uCACX,aAC0C,EAC1C,OAAO,QAAQ,OAChB;;;ACFD,MAAa,gCACX,uBACuB;CACvB,QAAQ,kBAAkB;CAC1B,IAAI,kBAAkB;CACtB,QAAQ,kBAAkB;CAC1B,OAAO,kBAAkB;CACzB,WAAW,kBAAkB;CAC7B,MAAM,kBAAkB;CACxB,WAAW,kBAAkB;CAC7B,WAAW,kBAAkB;CAC9B;AAED,MAAa,qCACX,uBAC4B;CAC5B,QAAQ,kBAAkB;CAC1B,IAAI,kBAAkB;CACtB,QAAQ,kBAAkB;CAC1B,OAAO,kBAAkB;CACzB,WAAW,kBAAkB;CAC7B,WAAW,kBAAkB;CAC7B,WAAW,kBAAkB;CAC9B;;;ACzBD,MAAa,oCACX,aAC4C;CAC5C,MAAM,QAAQ;CACd,aAAa,QAAQ;CACrB,WAAW,QAAQ;CACnB,aAAa,QAAQ;CACtB;;;ACLD,MAAa,mBAAmB,SAA6B;AAC3D,QAAO;EACL,QAAQ,KAAK;EACb,MAAM,KAAK;EACZ;;AAGH,MAAa,8BACX,SACoB;AACpB,QAAO;EACL,QAAQ,KAAK;EACb,MAAM,KAAK;EACX,QAAQ,KAAK;EACb,QAAQ,KAAK;EACb,KAAK,KAAK;EACX;;;;ACZH,MAAaA,uBAAqB,YAAoC;CACpE,QAAQ,OAAO;CACf,IAAI,OAAO;CACX,WAAW,OAAO;CAClB,WAAW,OAAO;CAClB,MAAM,OAAO;CACb,MAAM,gBAAgB,OAAO,KAAK;CAClC,QAAQ,OAAO;CAChB;AAED,MAAaC,kCACX,YACuB;CACvB,QAAQ,OAAO;CACf,IAAI,OAAO;CACX,WAAW,OAAO;CAClB,WAAW,OAAO;CAClB,MAAM,OAAO;CACb,MAAM,2BAA2B,OAAO,KAAK;CAC7C,QAAQ,OAAO;CAChB;;;ACxBD,MAAa,yBACX,gBACgB;CAChB,QAAQ,WAAW;CACnB,IAAI,WAAW;CACf,OAAO,WAAW;CAClB,OAAO,WAAW;CAClB,YAAY,WAAW;CACvB,WAAW,WAAW;CACtB,WAAW,WAAW;CACtB,gBAAgB,WAAW;CAC3B,eAAe,WAAW;CAC1B,gBAAgB,WAAW;CAC3B,OAAO,WAAW;CAClB,qBAAqB,WAAW;CAChC,WAAW,WAAW;CACtB,WAAW,WAAW;CACvB;AAED,MAAa,8BACX,gBACqB;CACrB,QAAQ,WAAW;CACnB,IAAI,WAAW;CACf,OAAO,WAAW;CAClB,OAAO,WAAW;CAClB,YAAY,WAAW;CACvB,WAAW,WAAW;CACtB,WAAW,WAAW;CACtB,gBAAgB,WAAW;CAC3B,eAAe,WAAW;CAC1B,gBAAgB,WAAW;CAC3B,WAAW,WAAW;CACtB,WAAW,WAAW;CACvB;;;ACpCD,MAAa,gCACX,aACmC,EACnC,GAAG,SACJ;;;ACFD,MAAa,wBACX,eACe;CACf,QAAQ,UAAU;CAClB,IAAI,UAAU;CACd,QAAQ,UAAU;CAClB,OAAO,UAAU;CACjB,WAAW,UAAU;CACrB,MAAM,UAAU;CAChB,WAAW,UAAU;CACrB,WAAW,UAAU;CACtB;AAED,MAAa,6BACX,eACoB;CACpB,QAAQ,UAAU;CAClB,IAAI,UAAU;CACd,QAAQ,UAAU;CAClB,OAAO,UAAU;CACjB,WAAW,UAAU;CACrB,WAAW,UAAU;CACrB,WAAW,UAAU;CACtB;;;ACvBD,MAAa,4BACX,mBACmB;CACnB,QAAQ,cAAc;CACtB,IAAI,cAAc;CAClB,QAAQ,cAAc;CACtB,OAAO,cAAc;CACrB,oBAAoB,cAAc;CAClC,kBAAkB,cAAc;CAChC,WAAW,cAAc;CACzB,WAAW,cAAc;CAC1B;AAED,MAAa,iCACX,mBACwB;CACxB,QAAQ,cAAc;CACtB,IAAI,cAAc;CAClB,QAAQ,cAAc;CACtB,OAAO,cAAc;CACrB,WAAW,cAAc;CACzB,WAAW,cAAc;CAC1B;;;ACxBD,MAAa,iCACX,aACoC;CACpC,OAAO,QAAQ;CACf,cAAc,QAAQ;CACvB;;;ACRD,MAAa,sBAAsB,aAAuC;CACxE,QAAQ;CACR,IAAI,QAAQ;CACZ,QAAQ,QAAQ;CAChB,WAAW,QAAQ;CACnB,WAAW,QAAQ;CACnB,GAAI,QAAQ,oBAAoB,KAAA,KAAa,EAC3C,gBAAgB,QAAQ,iBACzB;CACD,GAAI,QAAQ,iBAAiB,KAAA,KAAa,EACxC,cAAc,QAAQ,cACvB;CACD,YAAY,QAAQ;CACpB,QAAQ,QAAQ;CAChB,WAAW,QAAQ;CACnB,SAAS,QAAQ;CACjB,WAAW,QAAQ;CACnB,WAAW,QAAQ;CACpB;;;AClBD,MAAa,8BACX,aACiC;CACjC,OAAO,QAAQ;CACf,UAAU,QAAQ;CAClB,eAAe,QAAQ;CACvB,oBAAoB,QAAQ;CAC5B,YAAY,QAAQ;CACpB,WAAW,QAAQ;CACnB,gBAAgB,QAAQ;CACxB,aAAa,QAAQ;CACrB,UAAU,QAAQ;CACnB;;;ACZD,MAAa,8BACX,aACiC;CACjC,OAAO,QAAQ;CACf,gBAAgB,QAAQ;CACxB,YAAY,QAAQ;CACpB,WAAW,QAAQ;CACnB,UAAU,QAAQ;CAClB,eAAe,QAAQ;CACvB,oBAAoB,QAAQ;CAC5B,aAAa,QAAQ;CACrB,QAAQ,QAAQ;CAChB,UAAU,QAAQ;CACnB;;;ACRD,MAAa,qCACX,4BAC4B;CAC5B,QAAQ,uBAAuB;CAC/B,IAAI,uBAAuB;CAC3B,QAAQ,uBAAuB;CAC/B,gBAAgB,uBAAuB;CACvC,kBAAkB,uBAAuB;CACzC,QAAQ,uBAAuB;CAC/B,kBAAkB,uBAAuB,qBAAqB;CAC9D,WAAW,uBAAuB;CAClC,WAAW,uBAAuB;CAClC,MAAM,uBAAuB;CAC7B,GAAI,uBAAuB,SAAS,EAAE,OAAO,uBAAuB,OAAO;CAC3E,kBAAkB,uBAAuB,qBAAqB,EAAE;CACjE;AAED,MAAa,kDACX,4BACyC;CACzC,QAAQ,uBAAuB;CAC/B,IAAI,uBAAuB;CAC3B,QAAQ,uBAAuB;CAC/B,gBAAgB,uBAAuB;CACvC,QAAQ,uBAAuB;CAC/B,kBAAkB,uBAAuB,qBAAqB;CAC9D,WAAW,uBAAuB;CAClC,WAAW,uBAAuB;CAClC,kBAAkB,uBAAuB,qBAAqB,EAAE;CACjE;;;ACvBD,MAAM,uBAAuB,aAAwC;AACnE,QAAO;EACL,QAAQ,SAAS;EACjB,OAAO,SAAS;EAChB,WAAW,SAAS;EACpB,UAAU,SAAS;EACpB;;AAGH,MAAa,qBACX,kBACkB;AAClB,SAAQ,cAAc,QAAtB;EACE,KAAK,mCACH,QAAO;GACL,IAAI,cAAc;GAClB,QAAQ,cAAc;GACtB,UAAU,oBAAoB,cAAc,UAAU;GACtD,YAAY,cAAc,aACtB,sBAAsB,cAAc,WAAW,GAC/C,KAAA;GAEJ,WAAW,cAAc;GACzB,WAAW,cAAc;GACzB,mBAAmB,cAAc;GAClC;EACH,KAAK,gCACH,QAAO;GACL,IAAI,cAAc;GAClB,QAAQ,cAAc;GACtB,MAAM,gBAAgB,cAAc,KAAK;GACzC,cAAc,cAAc,eACxB,wBAAwB,cAAc,aAAa,GACnD,KAAA;GACJ,wBAAwB,cAAc,0BAClC,kCACE,cAAc,wBACf,GACD,KAAA;GACJ,WAAW,cAAc;GACzB,WAAW,cAAc;GACzB,mBAAmB,cAAc;GACjC,QAAQ,cAAc;GACvB;;;;;AC7CP,IAAa,UAAb,MAAqB;CACnB;CAEA,YAAY,gBAAgC;AAC1C,OAAK,oBAAoB,IAAI,kBAAkB,eAAe;;CAGhE,IAAY,mBAAmB;AAC7B,SAAO,KAAK,kBAAkB,iBAAiB,KAAK,KAAK,kBAAkB;;CAG7E,IAAI,eAAe;AACjB,SAAO,KAAK,kBAAkB,aAAa,KAAK,KAAK,kBAAkB;;CAGzE,cACE,MAGA;AACA,UAAQ,MAAR;GACE,KAAK,iBACH,QAAO;GACT,KAAK,oBACH,QAAO;GACT,QACE,QAAO,YAAY,KAAK;;;CAI9B,MAAM,aACJ,MACA,QACA;EACA,IAAI;EACJ,MAAM,EAAE,SAAS,SAAS;AAE1B,MAAI,YAAY,UAAU,KAAK,aAC7B,gBAAe,KAAK;EAGtB,MAAM,kBAAmC;GACvC,WAAW,KAAK,KAAK;GACrB;GACA,GAAI,YAAY,UACd,KAAK,gBAAgB,EAAE,eAAe,cAAc;GACvD;AAYD,SAViB;GACf,QAAQ,KAAK,cAAc,KAAK;GAChC,SAAS;GACT,WAAW,MAAM,KAAK,iBACpB,gBAAgB,WAChB,iBACA,OACD;GACF;;CAKH,MAAM,gBAAgB,EACpB,SACA,WACA,QACA,YAAY,OAMa;EACzB,MAAM,UAAU;GAAE;GAAS;GAAW;GAAQ;GAAW;AACzD,QAAM,KAAK,aAAa,QAAQ;AAEhC,SAAO,kBAAkB,QAAyB;;;;;ACpFtD,MAAa,6BACX,oBACoB;CACpB,IAAI,eAAe;CACnB,OAAO,eAAe;CACtB,aAAa,eAAe;CAC5B,gBAAgB,eAAe;CAC/B,MAAM,eAAe;CACrB,WAAW,eAAe;CAC1B,WAAW,eAAe;CAC1B,eAAe,eAAe;CAC/B;AAED,MAAa,yCACX,oBACwD;CACxD,IAAI,eAAe;CACnB,OAAO,eAAe;CACtB,aAAa,eAAe;CAC5B,gBAAgB,eAAe;CAC/B,MAAM,eAAe;CACrB,WAAW,eAAe;CAC1B,WAAW,eAAe;CAC1B,eAAe,eAAe;CAC9B,oBAAoB,eAAe;CACpC;;;AClBD,MAAa,4BAGX,mBAGsC;CACtC,QAAQ,cAAc;CACtB,IAAI,cAAc;CAClB,aAAa,cAAc;CAC3B,gBAAgB,cAAc;CAC9B,eAAe,cAAc;CAC7B,kBAAkB,cAAc;CAChC,OAAO,cAAc;CACrB,WAAW,cAAc;CACzB,OAAO,cAAc;CACrB,UAAU,cAAc;CACxB,OAAO,cAAc;CACrB,GAAI,cAAc,SAAS,KAAA,KAAa,EAAE,MAAM,cAAc,MAAM;CACpE,GAAI,cAAc,UAAU,KAAA,KAAa,EAAE,OAAO,cAAc,OAAO;CACvE,WAAW,cAAc;CACzB,WAAW,cAAc;CAC1B;AAED,MAAa,sCAGX,6BACgD;CAChD,GAAG,yBAAyB,wBAAwB;CACpD,QAAQ,wBAAwB,OAAO,IAAI,0BAA0B;CACtE;AAED,MAAa,wCACX,mBACuD;CACvD,QAAQ;CACR,IAAI,cAAc;CAClB,aAAa,cAAc;CAC3B,gBAAgB,cAAc;CAC9B,eAAe,cAAc;CAC7B,kBAAkB,cAAc;CAChC,OAAO,cAAc;CACrB,WAAW,cAAc;CACzB,OAAO,cAAc;CACrB,UAAU,cAAc;CACxB,OAAO,cAAc;CACrB,GAAI,cAAc,SAAS,KAAA,KAAa,EAAE,MAAM,cAAc,MAAM;CACpE,GAAI,cAAc,UAAU,KAAA,KAAa,EAAE,OAAO,cAAc,OAAO;CACvE,WAAW,cAAc;CACzB,WAAW,cAAc;CACzB,oBAAoB,cAAc;CACnC;;;ACpDD,MAAa,wBACX,eACe;CACf,QAAQ,UAAU;CAClB,IAAI,UAAU;CACd,QAAQ,UAAU;CAClB,aAAa,UAAU;CACvB,MAAM,UAAU;CAChB,gBAAgB,UAAU;CAC1B,OAAO,0BAA0B,UAAU,MAAM;CACjD,MAAM,UAAU;CAChB,WAAW,UAAU;CACrB,WAAW,UAAU;CACtB;AAED,MAAa,6BACX,UACmB;AACnB,KAAI,UAAU,SACZ,QAAO;AAGT,KAAI,UAAU,WACZ,QAAO;AAGT,QAAO;;AAGT,MAAa,6BACX,eACoB;CACpB,QAAQ,UAAU;CAClB,IAAI,UAAU;CACd,aAAa,UAAU;CACvB,MAAM,UAAU;CAChB,OAAO,UAAU;CACjB,MAAM,UAAU;CAChB,gBAAgB,UAAU;CAC1B,SAAS,UAAU;CACnB,WAAW,UAAU;CACrB,WAAW,UAAU;CACtB;AAED,MAAa,oCACX,eACqD;CACrD,QAAQ,UAAU;CAClB,IAAI,UAAU;CACd,MAAM,UAAU;CAChB,OAAO,UAAU;CACjB,MAAM,UAAU;CAChB,gBAAgB,UAAU;CAC1B,WAAW,UAAU;CACrB,WAAW,UAAU;CACtB;;;AC3DD,MAAa,mCACX,aACsC;CACtC,iBAAiB,QAAQ;CACzB,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB;;;ACTD,MAAa,sCACX,aACyC;CACzC,MAAM,QAAQ;CACd,aAAa,QAAQ;CACrB,aAAa,QAAQ;CACrB,UAAU,QAAQ;CACnB;;;ACPD,MAAa,sCACX,aACyC;CACzC,MAAM,QAAQ;CACd,aAAa,QAAQ;CACrB,oBAAoB,QAAQ;CAC5B,aAAa,QAAQ;CACrB,UAAU,QAAQ;CACnB;;;ACXD,MAAa,yBACX,gBACgB;CAChB,QAAQ,WAAW;CACnB,IAAI,WAAW;CACf,GAAI,WAAW,oBAAoB,KAAA,KAAa,EAC9C,gBAAgB,WAAW,iBAC5B;CACD,MAAM,WAAW;CACjB,MAAM,WAAW;CACjB,OAAO,WAAW;CAClB,SAAS,WAAW;CACpB,WAAW,WAAW;CACtB,WAAW,WAAW;CACvB;;;ACXD,MAAa,mCACX,aACsC;CACtC,iBAAiB,QAAQ;CACzB,QAAQ,QAAQ;CAChB,iBAAiB,QAAQ;CACzB,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB;;;ACZD,MAAa,sBACX,aACmC;CACnC,IAAI,QAAQ;CACZ,OAAO,QAAQ;CACf,GAAI,QAAQ,oBAAoB,KAAA,KAAa,EAC3C,gBAAgB,QAAQ,iBACzB;CACD,cAAc,QAAQ;CACtB,gBAAgB,QAAQ;CACxB,OAAO,QAAQ;CACf,GAAI,QAAQ,eAAe,KAAA,KAAa,EAAE,WAAW,QAAQ,YAAY;CACzE,GAAI,QAAQ,cAAc,KAAA,KAAa,EAAE,UAAU,QAAQ,WAAW;CACtE,GAAI,QAAQ,SAAS,KAAA,KAAa,EAAE,MAAM,QAAQ,MAAM;CACxD,GAAI,QAAQ,UAAU,KAAA,KAAa,EAAE,OAAO,QAAQ,OAAO;CAC3D,GAAI,QAAQ,WAAW,KAAA,KAAa,EAAE,QAAQ,QAAQ,QAAQ;CAC9D,GAAI,QAAQ,sBAAsB,KAAA,KAAa,EAC7C,kBAAkB,QAAQ,mBAC3B;CACD,GAAI,QAAQ,mBAAmB,KAAA,KAAa,EAC1C,eAAe,QAAQ,gBACxB;CACF;;;ACpBD,MAAa,8BAGX,qBAC2C;CAC3C,aAAa,gBAAgB;CAC7B,SAAS,mBAAmB,gBAAgB,QAAQ;CACpD,aAAa,uBAAuB,gBAAgB,aAAa;CAClE;;;ACXD,MAAa,wBAAwB,UAAwC;CAC3E,QAAQ;CACR,MAAM,KAAK;CACX,aAAa,KAAK;CAClB,WAAW,KAAK;CAChB,WAAW,KAAK;CACjB;;;ACHD,MAAa,mDACX,0CAC8C;CAC9C,YAAY,qCAAqC;CACjD,QAAQ,qCAAqC;CAC7C,SAAS,qCAAqC;CAC9C,eAAe,qCAAqC;CACpD,WAAW,qCAAqC;CAChD,WAAW,qCAAqC;CAChD,QAAQ,qCAAqC;CAC7C,OAAO,qCAAqC;CAC7C;;;ACdD,SAAgB,kBAAkB,QAAkC;AAClE,QAAO;EACL,QAAQ,OAAO;EACf,IAAI,OAAO;EACX,OAAO,OAAO;EACd,MAAM,OAAO;EACb,iBAAiB,OAAO;EACxB,YAAY,OAAO;EACnB,aAAa,OAAO;EACpB,WAAW,OAAO;EAClB,WAAW,OAAO;EACnB;;;;ACLH,MAAaC,qBAAmB,UAA0C;CACxE,QAAQ,KAAK;CACb,IAAI,KAAK;CACT,MAAM,KAAK;CACX,MAAM,KAAK;CACX,aAAa,KAAK;CAClB,aAAa,KAAK;CAClB,kBAAkB,KAAK;CACvB,MAAM,KAAK;CACX,WAAW,KAAK;CAChB,WAAW,KAAK;CACjB;AAED,MAAa,+BACX,UACsB;CACtB,QAAQ,KAAK;CACb,IAAI,KAAK;CACT,MAAM,KAAK;CACX,MAAM,KAAK;CACX,aAAa,KAAK;CAClB,aAAa,KAAK;CAClB,kBAAkB,KAAK;CACvB,MAAM;CACN,WAAW,KAAK;CAChB,WAAW,KAAK;CACjB;AAED,MAAa,oCACX,WAC2B;CAC3B,QAAQ,MAAM;CACd,gBAAgB,MAAM;CACtB,MAAM,MAAM;CACZ,MAAM,MAAM;CACZ,aAAa,MAAM;CACnB,kBAAkB,MAAM;CACxB,aAAa,MAAM;CACnB,WAAW,MAAM;CACjB,WAAW,MAAM;CAClB;;;AC3CD,MAAa,yBACX,gBACgB;CAChB,QAAQ,WAAW;CACnB,IAAI,WAAW;CACf,MAAM,WAAW;CACjB,MAAM,WAAW;CACjB,aAAa,WAAW;CACxB,kBAAkB,WAAW;CAC7B,QAAQ,WAAW;CACnB,WAAW,WAAW;CACtB,WAAW,WAAW;CACvB;;;ACZD,MAAa,0BACX,iBACiB;CACjB,QAAQ,YAAY;CACpB,IAAI,YAAY;CAChB,MAAM,YAAY;CAClB,MAAM,YAAY;CAClB,aAAa,YAAY;CACzB,MAAM,YAAY;CAClB,SAAS,YAAY;CACrB,cAAc,YAAY;CAC1B,WAAW,YAAY;CACvB,WAAW,YAAY;CACxB;;;ACWD,MAAa,oBAAoB,UAAgC;CAC/D,MAAM,YAAuB;EAC3B,IAAI,MAAM;EACV,WAAW,MAAM;EACjB,SAAS,MAAM;EAChB;AAED,SAAQ,MAAM,OAAd;EACE,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK,+BACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,+BAA+B,MAAM,KAAK;GACjD;EACH,KAAK,qCACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,gDAAgD,MAAM,KAAK;GAClE;EACH,KAAK;EACL,KAAK;EACL,KAAK,qBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,sBAAsB,MAAM,KAAK;GACxC;EACH,KAAK,kBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,0BAA0B,MAAM,KAAK;GAC5C;EACH,KAAK,gBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,iCAAiC,MAAM,KAAK;GACnD;EACH,KAAK;EACL,KAAK,sBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,0BAA0B,MAAM,KAAK;GAC5C;EACH,KAAK,sBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,sCAAsC,MAAM,KAAK;GACxD;EACH,KAAK;EACL,KAAK,2BACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM;IACJ,aAAa,MAAM,KAAK;IACxB,MAAM,yBAAyB,MAAM,KAAK,KAAK;IAC/C,OAAO,0BAA0B,MAAM,KAAK,MAAM;IACnD;GACF;EACH,KAAK;EACL,KAAK,qBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,yBAAyB,MAAM,KAAK;GAC3C;EACH,KAAK,qBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,qCAAqC,MAAM,KAAK;GACvD;EACH,KAAK,6BACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,kCAAkC,MAAM,KAAK;GACpD;EACH,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK,oBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,2BAA2B,MAAM,KAAK;GAC7C;EACH,KAAK,qBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,0BAA0B,MAAM,KAAK;GAC5C;EACH,KAAK;EACL,KAAK,2BACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,8BAA8B,MAAM,KAAK;GAChD;EACH,KAAK;EACL,KAAK;EACL,KAAK,eACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,gBAAgB,MAAM,KAAK;GAClC;EACH,KAAK;EACL,KAAK;EACL,KAAK,kCACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,kCAAkC,MAAM,KAAK;GACpD;EACH,KAAK;EACL,KAAK;EACL,KAAK,eACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,qBAAqB,MAAM,KAAK;GACvC;EACH,KAAK;EACL,KAAK;EACL,KAAK,4BACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,iCAAiC,MAAM,KAAK;GACnD;EACH,KAAK;EACL,KAAK;EACL,KAAK,qBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,sBAAsB,MAAM,KAAK;GACxC;EACH,KAAK;EACL,KAAK,kBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,mBAAmB,MAAM,KAAK;GACrC;EACH,KAAK;EACL,KAAK;EACL,KAAK,uBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,wBAAwB,MAAM,KAAK;GAC1C;EACH,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK,8BACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,8BAA8B,MAAM,KAAK;GAChD;EACH,KAAK;EACL,KAAK,kBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,kBAAkB,MAAM,KAAK;GACpC;EACH,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK,oBACH,QAAO;GACL,GAAG;GACH,OAAO,MAAM;GACb,MAAM,uBAAuB,MAAM,KAAK;GACzC;;;;;AC/NP,MAAa,mBACX,MACA,kBACyB;CACzB,QAAQ;CACR,MAAM,KAAK,KAAK,IAAI,aAAa;CACjC,cAAc,KAAK;CACpB;;;ACPD,MAAa,8BACX,aACqC;CACrC,GAAI,QAAQ,UAAU,KAAA,KAAa,EAAE,OAAO,QAAQ,OAAO;CAC3D,GAAI,QAAQ,SAAS,EAAE,OAAO,QAAQ,OAAO;CAC7C,GAAI,QAAQ,UAAU,EAAE,QAAQ,QAAQ,QAAQ;CAChD,GAAI,QAAQ,SAAS,EAAE,OAAO,QAAQ,OAAO;CAC9C;;;ACJD,IAAa,WAAb,MAAsB;CACpB;CAEA,YAAY,gBAAgC;AAC1C,OAAK,oBAAoB,IAAI,kBAAkB,eAAe;;CAGhE,IAAI,eAAe;AACjB,SAAO,KAAK,kBAAkB,aAAa,KAAK,KAAK,kBAAkB;;CAGzE,IAAI,mBAAmB;AACrB,SAAO,KAAK,kBAAkB,iBAAiB,KAAK,KAAK,kBAAkB;;CAG7E,IAAI,+BAA+B;AACjC,SAAO,KAAK,kBAAkB,6BAA6B,KACzD,KAAK,kBACN;;CAGH,MAAM,eAAe,EACnB,SACA,WACA,QACA,YAAY,QAMK;EACjB,MAAM,UAAU;GAAE;GAAS;GAAW;GAAQ;GAAW;AACzD,QAAM,KAAK,aAAa,QAAQ;AAIhC,SAAO,iBAFgB,QAEgB;;;;;;;;;;;AC9B3C,IAAa,OAAb,MAAkB;;;;;;;CAOhB,qBAAqB,SAAiB,IAAY;AAChD,MAAI,SAAS,MAAM,SAAS,IAC1B,OAAM,IAAI,WACR,wDAAwD,SACzD;EAGH,MAAM,aAAa,KAAK,KAAM,SAAS,IAAK,EAAE;EAC9C,MAAM,cAAc,IAAI,WAAW,WAAW;AAC9C,SAAO,gBAAgB,YAAY;AAEnC,SAAO,KAAK,gBAAgB,YAAY,CAAC,MAAM,GAAG,OAAO;;;;;;;;CAS3D,MAAM,sBAAsB,UAAmC;EAE7D,MAAM,OADU,IAAI,aAAa,CACZ,OAAO,SAAS;EACrC,MAAM,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW,KAAK;AACxD,SAAO,KAAK,gBAAgB,IAAI,WAAW,KAAK,CAAC;;;;;;;CAQnD,MAAM,WAA8B;EAClC,MAAM,eAAe,KAAK,sBAAsB;AAEhD,SAAO;GAAE;GAAc,eADD,MAAM,KAAK,sBAAsB,aAAa;GAC9B,qBAAqB;GAAQ;;CAGrE,gBAAwB,QAA4B;AAElD,SADe,KAAK,OAAO,aAAa,GAAG,OAAO,CAAC,CACrC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,GAAG;;;;;ACrD5E,SAAgB,kCACd,UACwB;AACxB,QAAO,EACL,QAAQ,SAAS,UAAU,kBAAkB,SAAS,QAAQ,GAAG,MAClE;;;;ACHH,IAAa,UAAb,MAAqB;CACnB,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,eACJ,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,yBACA,QACD;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,aAAa,IAA2B;AAC5C,QAAM,KAAK,OAAO,OAAO,aAAa,KAAK;;;;;ACrB/C,IAAa,kBAAb,MAGE;CACA,SAAkB;CAClB;CAEA,YACE,MACA,SACA,SACA;AAHU,OAAA,OAAA;AACF,OAAA,UAAA;AAGR,OAAK,UAAU,WAAY,EAAE;;CAG/B,IAAI,OAAuB;AACzB,SAAO,KAAK,KAAK;;CAGnB,IAAI,eAAe;AACjB,SAAO,KAAK,KAAK;;CAGnB,OAAe,cACb,QACgC;EAChC,MAAM,SAAS,MAAM,KAAK,QAAQ;GAChC,GAAG,KAAK;GACR,OAAO;GACP,OAAO,OAAO;GACf,CAAC;AAEF,QAAM,OAAO;AAEb,MAAI,OAAO,aAAa,OAAO;AAE7B,SAAM,IAAI,SAAS,YAAY,WAAW,SAAS,IAAI,CAAC;AACxD,UAAO,KAAK,cAAc,EAAE,OAAO,OAAO,aAAa,OAAO,CAAC;;;;;;;CAQnE,MAAM,iBAA0C;AAC9C,MAAI,KAAK,QAAQ,MACf,QAAO,KAAK;EAGd,MAAM,UAA0B,EAAE;AAElC,aAAW,MAAM,QAAQ,KAAK,cAAc,EAC1C,OAAO,KAAK,QAAQ,OACrB,CAAC,CACA,SAAQ,KAAK,GAAG,KAAK;AAGvB,SAAO;;;;;ACnDX,MAAM,qBAAqB,YAAmD;AAC5E,QAAO;EACL,GAAG;EACH,OAAO,SAAS,SAAS;EAC1B;;AAGH,MAAa,sBAAsB,OACjC,QACA,UACA,eACA,SACA,mBACqB;CACrB,MAAM,EAAE,SAAS,MAAM,OAAO,IAAqB,UAAU;EAC3D,OAAO,kBAAkB,QAAQ;EACjC,GAAG;EACJ,CAAC;AAEF,QAAO,gBAAgB,MAAM,cAAc;;;;ACL7C,IAAa,gBAAb,MAA2B;CACzB,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,gBACJ,SACuE;AACvE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,gBACA,sBACA,UAAU,gCAAgC,QAAQ,GAAG,KAAA,EACtD,GACA,WACC,oBACE,KAAK,QACL,gBACA,sBACA,OACD,EACH,UAAU,gCAAgC,QAAQ,GAAG,KAAA,EACtD;;CAGH,MAAM,aAAa,IAAgC;EACjD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,KACjB;AAED,SAAO,qBAAqB,KAAK;;CAGnC,MAAM,gBAAgB,IAAY;AAChC,QAAM,KAAK,OAAO,OAAO,gBAAgB,KAAK;;CAGhD,MAAM,WACJ,SACsE;AACtE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,qBACA,2BACA,QACD,GACA,WACC,oBACE,KAAK,QACL,qBACA,2BACA,OACD,EACH,QACD;;CAGH,MAAM,UACJ,SAMA;AACA,SAAO,IAAI,gBACT,MAAM,oBAIJ,KAAK,QACL,oBACA,oCACA,QACD,GACA,WACC,oBAIE,KAAK,QACL,oBACA,oCACA,OACD,EACH,QACD;;CAGH,MAAM,QACJ,MACqD;EACrD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAEjC,oBAAoB,OAAO;AAE7B,SAAO,mCAAmC,KAAK;;CAGjD,MAAM,SAAS,OAAwC;EACrD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,qBAAqB,QACtB;AAED,SAAO,0BAA0B,KAAK;;;;;AC7H1C,MAAa,6BACX,aACgC;CAChC,QAAQ,QAAQ;CAChB,iBAAiB,QAAQ;CACzB,aAAa,QAAQ;CACrB,WAAW,QAAQ;CACnB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB;;;ACLD,IAAa,SAAb,MAAoB;CAClB,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,WAAW,SAAiD;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,WACA,EACE,OAAO,UAAU,0BAA0B,QAAQ,GAAG,KAAA,GACvD,CACF;AAED,SAAO,gBAAgB,MAAM,iBAAiB;;;;;ACflD,MAAa,mBAAmB,UAA0C;CACxE,QAAQ,KAAK;CACb,IAAI,KAAK;CACT,MAAM,KAAK;CACX,MAAM,KAAK;CACX,aAAa,KAAK;CAClB,aAAa,KAAK;CAClB,MAAM,KAAK;CACX,WAAW,KAAK;CAChB,WAAW,KAAK;CACjB;;;ACPD,SAAgB,yCACd,SAC2C;AAC3C,QAAO;EACL,MAAM,QAAQ;EACd,aAAa,QAAQ;EACtB;;;;ACNH,SAAgB,yBACd,QACe;AACf,QAAO;EACL,QAAQ,OAAO;EACf,IAAI,OAAO;EACX,OAAO,OAAO;EACd,MAAM,OAAO;EACb,iBAAiB,OAAO;EACxB,OAAO,OAAO;EACd,YAAY,OAAO;EACnB,aAAa,OAAO;EACpB,WAAW,OAAO;EAClB,WAAW,OAAO;EACnB;;;;ACsBH,IAAa,gBAAb,MAA2B;CACzB,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,kBACJ,SACkE;AAClE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,kBACA,yBACA,QACD,GACA,WACC,oBACE,KAAK,QACL,kBACA,yBACA,OACD,EACH,QACD;;CAGH,MAAM,mBACJ,SACA,iBAAmD,EAAE,EAC9B;EACvB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,kBACA,mCAAmC,QAAQ,EAC3C,eACD;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,mBAAmB,IAAY;AACnC,QAAM,KAAK,OAAO,OAAO,kBAAkB,KAAK;;CAGlD,MAAM,gBAAgB,IAAmC;EACvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,KACnB;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,4BAA4B,YAA2C;EAC3E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,8BAA8B,aAC/B;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,mBACJ,SACuB;EACvB,MAAM,EAAE,cAAc,gBAAgB,GAAG,YAAY;EAErD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,kBAClB,mCAAmC,QAAQ,CAC5C;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,sBACJ,SACmB;EACnB,MAAM,EAAE,mBAAmB;EAE3B,MAAM,EAAE,MAAM,aACZ,MAAM,KAAK,OAAO,IAChB,kBAAkB,eAAe,QAClC;AAEH,SAAO;GACL,QAAQ;GACR,MAAM,SAAS,KAAK,KAAK,SAAS,gBAAgB,KAAK,CAAC;GACzD;;CAGH,MAAM,6BACJ,SACuC;EACvC,MAAM,EAAE,gBAAgB,GAAG,sBAAsB;AAEjD,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,kBAAkB,eAAe,iBACjC,wBACA,kBACD,GACA,WACC,oBACE,KAAK,QACL,kBAAkB,eAAe,iBACjC,wBACA,OACD,EACH,kBACD;;CAGH,MAAM,wBACJ,SACkC;EAClC,MAAM,EAAE,gBAAgB,GAAG,sBAAsB;AAEjD,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,kBAAkB,eAAe,YACjC,mBACA,kBACD,GACA,WACC,oBACE,KAAK,QACL,kBAAkB,eAAe,YACjC,mBACA,OACD,EACH,kBACD;;CAGH,MAAM,yBACJ,SACA,iBAAyD,EAAE,EACnC;EACxB,MAAM,EAAE,mBAAmB;EAE3B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,kBAAkB,eAAe,YACjC,yCAAyC,QAAQ,EACjD,eACD;AAED,SAAO,yBAAyB,KAAK;;;;;ACpLzC,MAAa,4CACX,aAC+C;CAC/C,QAAQ,QAAQ;CAChB,iBAAiB,QAAQ;CAC1B;;;ACDD,IAAa,sBAAb,MAAiC;CAC/B,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,IAAI,IAAyC;EACjD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,yBAAyB,KAC1B;AAED,SAAO,8BAA8B,KAAK;;CAG5C,MAAM,OAAO,IAAyC;EACpD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,yBAAyB,GAAG,UAC5B,EAAE,CACH;AAED,SAAO,8BAA8B,KAAK;;CAG5C,MAAM,OACJ,SAC6B;EAC7B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,yBACA,yCAAyC,QAAQ,CAClD;AAED,SAAO,8BAA8B,KAAK;;CAG5C,MAAM,OAAO,IAA2B;AACtC,QAAM,KAAK,OAAO,OAAO,yBAAyB,KAAK;;;;;ACpC3D,MAAa,kCACX,yBACyB;CACzB,IAAI,oBAAoB;CACxB,OAAO,oBAAoB;CAC3B,WAAW,oBAAoB;CAC/B,MAAM,oBAAoB;CAC1B,QAAQ,oBAAoB;CAC7B;;;ACHD,IAAa,eAAb,MAA0B;CACxB,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,cAAc,EAClB,aACA,WACA,GAAG,WAC8D;EACjE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0B;GAC1B,GAAG;GACH,cAAc;GACd,YAAY;GACb,CAAC;AAEF,SAAO,+BAA+B,KAAK;;CAG7C,MAAM,YAAY,WAAiD;EACjE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,0BAA0B,UAAU,QACpC,EAAE,CACH;AACD,SAAO;;;;;AC9BX,SAAgB,uBACd,YACa;AACb,QAAO;EACL,QAAQ;EACR,aAAa,WAAW;EACxB,WAAW,WAAW,aAClB,IAAI,KAAK,KAAK,MAAM,WAAW,WAAW,CAAC,GAC3C;EACJ,QAAQ,WAAW;EACnB,eAAe,WAAW;EAC3B;;;;ACRH,SAAgB,+BACd,SACiC;AACjC,QAAO;EACL,SAAS,QAAQ;EACjB,iBAAiB,QAAQ;EAC1B;;AAGH,SAAgB,kCACd,UACwB;AACxB,KAAI,SAAS,OACX,QAAO;EACL,QAAQ;EACR,aAAa,uBAAuB,SAAS,aAAa;EAC3D;AAGH,QAAO;EACL,QAAQ;EACR,OAAO,SAAS;EACjB;;;;ACnBH,IAAa,QAAb,MAAmB;CACjB,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,eAAe,EACnB,UACA,GAAG,WAG+B;EAClC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,qBAAqB,SAAS,SAC9B,+BAA+B,QAAQ,CACxC;AAED,SAAO,kCAAkC,KAAK;;;;;ACtBlD,IAAa,SAAb,MAAoB;CAClB,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,aAAa,EACjB,QACA,cACA,WACA,cAM4B;EAC5B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAAK,yBAAyB;GAC/D;GACA;GACA,YAAY;GACZ,aAAa;GACd,CAAC;AAEF,SAAO;;;;;;;;;;;;ACXX,SAAgB,cAAc,SAA6C;CACzE,MAAM,SAAkC,EAAE;CAC1C,MAAM,aAAa,OAAO,KAAK,QAAQ,CAAC,MAAM,GAAG,MAAM,EAAE,cAAc,EAAE,CAAC;AAE1E,MAAK,MAAM,OAAO,YAAY;EAC5B,MAAM,QAAQ,QAAQ;AAEtB,MAAI,UAAU,KAAA,EACZ;AAGF,MAAI,MAAM,QAAQ,MAAM,CACtB,MAAK,MAAM,QAAQ,MACjB,QAAO,KAAK,CAAC,KAAK,OAAO,KAAK,CAAC,CAAC;WAEzB,OAAO,UAAU,YAAY,UAAU,MAAM;GACtD,MAAM,gBAAgB,OAAO,KAAK,MAAM,CAAC,MAAM,GAAG,MAChD,EAAE,cAAc,EAAE,CACnB;AACD,QAAK,MAAM,UAAU,eAAe;IAClC,MAAM,WAAW,MAAM;AACvB,QAAI,aAAa,KAAA,EACf,QAAO,KAAK,CAAC,GAAG,IAAI,GAAG,OAAO,IAAI,OAAO,SAAS,CAAC,CAAC;;QAIxD,QAAO,KAAK,CAAC,KAAK,OAAO,MAAM,CAAC,CAAC;;AAIrC,QAAO,OACJ,KAAK,CAAC,KAAK,WAAW;AAGrB,SAAO,GAFY,cAAc,IAAI,CAEhB,GADA,cAAc,MAAM;GAEzC,CACD,KAAK,IAAI;;AAGd,SAAS,cAAc,KAAqB;AAC1C,QAAO,mBAAmB,IAAI,CAC3B,QAAQ,QAAQ,IAAI,CACpB,QAAQ,WAAW,MAAM,MAAM,EAAE,WAAW,EAAE,CAAC,SAAS,GAAG,CAAC,aAAa,CAAC;;;;AC7B/E,IAAa,MAAb,MAAiB;CACf,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,gBACJ,SACwE;AACxE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,gBACA,uBACA,UAAU,gCAAgC,QAAQ,GAAG,KAAA,EACtD,GACA,WACC,oBACE,KAAK,QACL,gBACA,uBACA,OACD,EACH,UAAU,gCAAgC,QAAQ,GAAG,KAAA,EACtD;;CAEH,MAAM,iBAAiB,IAAY;AACjC,QAAM,KAAK,OAAO,OAAO,gBAAgB,KAAK;;CAGhD,oBAAoB,SAA6C;EAC/D,MAAM,EACJ,eACA,qBACA,YACA,UACA,YACA,WACA,cACA,UACA,qBACA,gBACA,aACA,UACE;AAEJ,MAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAC/B,OAAM,IAAI,UACR,8FACD;EAGH,MAAM,QAAQ,cAAc;GAC1B,gBAAgB;GAChB,uBAAuB;GACvB;GACA;GACA,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACD,CAAC;AAEF,SAAO,GAAG,KAAK,OAAO,QAAQ,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BjD,MAAM,4BACJ,SAIwC;EACxC,MAAM,EACJ,YACA,UACA,YACA,WACA,cACA,UACA,qBACA,gBACA,gBACE;AAEJ,MAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAC/B,OAAM,IAAI,UACR,8FACD;EAIH,MAAM,OAAO,MAAM,KAAK,OAAO,KAAK,UAAU;EAG9C,MAAM,QAAQ,KAAK,OAAO,KAAK,qBAAqB,GAAG;EAEvD,MAAM,QAAQ,cAAc;GAC1B,gBAAgB,KAAK;GACrB,uBAAuB;GACvB;GACA;GACA,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACD,CAAC;AAIF,SAAO;GAAE,KAFG,GAAG,KAAK,OAAO,QAAQ,iBAAiB;GAEtC;GAAO,cAAc,KAAK;GAAc;;CAGxD,MAAM,cAAc,IAAiC;EACnD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,KACjB;AAED,SAAO,sBAAsB,KAAK;;;;;;;;;;;;;;;CAgBpC,MAAM,mBAEJ,EACA,MACA,UACA,gBAGA;AAEA,MAAI,iBAAiB,KAAA,KAAa,aAAa,MAAM,KAAK,GACxD,OAAM,IAAI,UACR,mGAED;EAGH,MAAM,YAAY,CAAC,CAAC,KAAK,OAAO;EAChC,MAAM,UAAU,CAAC,CAAC;AAElB,MAAI,CAAC,WAAW,CAAC,UACf,OAAM,IAAI,UACR,qJAED;EAGH,MAAM,OAAO,IAAI,gBAAgB;GAC/B,WAAW;GACX,YAAY;GACZ;GACD,CAAC;AAIF,MAAI,QACF,MAAK,IAAI,iBAAiB,aAAa;AAEzC,MAAI,UACF,MAAK,IAAI,iBAAiB,KAAK,OAAO,IAAc;EAGtD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAEjC,cAAc,MAAM,EAAE,iBAAiB,CAAC,WAAW,CAAC;AAEtD,SAAO,2BAA2B,KAAK;;CAGzC,MAAM,WAAuE,EAC3E,eAC4D;EAC5D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAEjC,gBAAgB,EAChB,aACD,CAAC;AAEF,SAAO,mBAAmB,KAAK;;;;;ACtPnC,MAAa,wBACX,eACe;CACf,QAAQ,UAAU;CAClB,IAAI,UAAU;CACd,WAAW,UAAU;CACrB,WAAW,UAAU;CACrB,WAAW,UAAU;CACrB,MAAM,UAAU;CAChB,wBAAwB,UAAU;CACnC;;;ACVD,MAAa,kBAAkB,SAA2B,EACxD,aAAa,IAAI,cAClB;;;ACKD,MAAa,qBAAqB,YAAoC;CACpE,QAAQ,OAAO;CACf,IAAI,OAAO;CACX,WAAW,OAAO;CAClB,WAAW,OAAO;CAClB,MAAM,OAAO;CACb,GAAI,OAAO,MAAM,EAAE,KAAK,eAAe,OAAO,IAAI,EAAE,GAAG,EAAE;CACzD,GAAI,OAAO,OAAO,EAAE,MAAM,gBAAgB,OAAO,KAAK,EAAE,GAAG,EAAE;CAC9D;AAED,MAAa,gCACX,YACuB;CACvB,QAAQ,OAAO;CACf,IAAI,OAAO;CACX,WAAW,OAAO;CAClB,WAAW,OAAO;CAClB,MAAM,OAAO;CACb,GAAI,OAAO,MAAM,EAAE,KAAK,eAAe,OAAO,IAAI,EAAE,GAAG,EAAE;CACzD,GAAI,OAAO,OAAO,EAAE,MAAM,2BAA2B,OAAO,KAAK,EAAE,GAAG,EAAE;CACzE;;;AC1BD,MAAa,6BACX,oBACoB;CACpB,WAAW,qBAAqB,eAAe,UAAU;CACzD,OAAO,eAAe;CACvB;;;ACaD,IAAa,MAAb,MAAiB;CACf,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,aAAa,IAAY;AAC7B,QAAM,KAAK,OAAO,OAAO,iBAAiB,KAAK;;CAGjD,MAAM,UAAU,IAA6B;EAC3C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,iBAAiB,KAClB;AAED,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,aAAa,SAA0D;EAC3E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,wBACA;GACE,MAAM,QAAQ;GACd,UAAU;AACR,YAAQ,QAAQ,MAAhB;KACE,KAAK,MACH,QAAO,EACL,cAAc,QAAQ,aACvB;KACH,KAAK,OACH,QAAO;MACL,aAAa,QAAQ;MACrB,WAAW,QAAQ;MACpB;KACH,QACE,QAAO,EAAE;;OAEX;GACL,CACF;AAED,SAAO,6BAA6B,KAAK;;CAG3C,MAAM,gBAAgB,SAAqD;EACzE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,iBAAiB,QAAQ,uBAAuB,aAChD,EACE,cACE,iBAAiB,UAAU,QAAQ,cAAc,KAAA,GACpD,CACF;AAED,SAAO,qBAAqB,KAAK;;CAGnC,MAAM,gBACJ,SACyB;EACzB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,oBAAoB,QAAQ,0BAA0B,UACtD,EACE,MAAM,QAAQ,MACf,CACF;AAED,SAAO,0BAA0B,KAAK;;;;;AClF1C,MAAa,6BACX,oBACoB;CACpB,QAAQ,eAAe;CACvB,IAAI,eAAe;CACnB,OAAO,eAAe;CACtB,KAAK,eAAe;CACpB,WAAW,eAAe;CAC1B,WAAW,eAAe;CAC3B;;;ACND,MAAa,kCACX,aACqC;CACrC,SAAS,QAAQ;CACjB,aAAa,QAAQ;CACrB,WAAW,QAAQ;CACnB,iBAAiB,QAAQ;CACzB,WAAW,QAAQ,SAAS,aAAa;CACzC,aAAa,QAAQ,WAAW,aAAa;CAC7C,SAAS,QAAQ;CAClB;;;ACVD,MAAa,uCACX,WAC0C;CAC1C,QAAQ,MAAM;CACd,SAAS,MAAM;CACf,aAAa,MAAM,WAAW,aAAa;CAC3C,OAAO,MAAM;CACb,SAAS,MAAM;CACf,SAAS;EACP,UAAU,MAAM,QAAQ;EACxB,YAAY,MAAM,QAAQ;EAC3B;CACD,UAAU,MAAM;CACjB;;;ACZD,SAAS,kBACP,UACA;AACA,KAAI,CAAC,SACH,QAAO,EAAE;CAGX,MAAM,qBAA6C,EAAE;AAErD,QAAO,KAAK,SAAS,CAAC,SAAS,QAAQ;AACrC,qBAAmB,OAAO,EACxB,MAAM,SAAS,MAChB;GACD;AAEF,QAAO;;AAGT,MAAa,wCACX,YAC2C;CAC3C,OAAO,EACL,UAAU;EACR,MAAM;EACN,YAAY,kBAAkB,OAAO,OAAO,SAAS;EACtD,EACF;CACD,SAAS,OAAO,QAAQ,KAAK,WAAW;AACtC,SAAO;GACL,MAAM,OAAO;GACb,UAAU,OAAO,WACb;IACE,MAAM;IACN,YAAY,kBAAkB,OAAO,SAAS;IAC/C,GACD,KAAA;GACL;GACD;CACF,UAAU,OAAO,WACb;EACE,MAAM;EACN,YAAY,kBAAkB,OAAO,SAAS;EAC/C,GACD,KAAA;CACL;;;AChDD,SAAS,oBAAoB,UAEiB;AAC5C,KAAI,CAAC,YAAY,CAAC,SAAS,WACzB,QAAO,EAAE;CAGX,MAAM,uBAAkE,EAAE;AAE1E,QAAO,KAAK,SAAS,WAAW,CAAC,SAAS,QAAQ;AAChD,MAAI,SAAS,WACX,sBAAqB,OAAO,SAAS,WAAW,KAAK;GAEvD;AAEF,QAAO;;AAGT,MAAa,6BACX,oBACoB;CACpB,QAAQ,eAAe;CACvB,SAAS,eAAe;CACxB,SAAS,eAAe,QAAQ,KAAK,WAAW;AAC9C,SAAO;GACL,MAAM,OAAO;GACb,UAAU,OAAO,WACb,oBAAoB,OAAO,SAAS,GACpC,KAAA;GACL;GACD;CACF,OAAO,EACL,UAAU,oBAAoB,eAAe,OAAO,SAAS,EAC9D;CACD,UAAU,eAAe,WACrB,oBAAoB,eAAe,SAAS,GAC5C,KAAA;CACJ,WAAW,eAAe;CAC3B;;;AChBD,IAAa,YAAb,MAAuB;CACrB,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,YACJ,cACA,OACA,UAA6C,EAAE,EAChC;EAEf,MAAM,yBAA4D;GAChE,GAAG;GACH,gBACE,QAAQ,kBACR,eAAe,WAAW,OAAO,YAAY;GAChD;AAED,QAAM,KAAK,OAAO,KAChB,sBACA;GACE,OAAO,oCAAoC,MAAM;GACjD,iBAAiB;GAClB,EACD,uBACD;;CAGH,MAAM,aAAa,SAAyD;EAC1E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,uBACA,+BAA+B,QAAQ,CACxC;AAED,SAAO,0BAA0B,KAAK;;CAGxC,MAAM,UAAU,kBAAmD;EACjE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,uBAAuB,mBACxB;AAED,SAAO,0BAA0B,KAAK;;CAGxC,MAAM,aACJ,QACA,UAA8C,EAAE,EACvB;EACzB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,uBAAuB,OAAO,OAAO,WACrC,qCAAqC,OAAO,EAC5C,QACD;AAED,SAAO,0BAA0B,KAAK;;;;;AC7E1C,MAAM,iBAAiB,OAAO,UAAU;AACxC,MAAM,wBAAwB;AAG9B,SAAS,OAAO,OAAO,iBAAiB,iBAAiB;AACxD,KAAI,CAAC,MACJ,QAAO;AAGR,KAAI,MAAM,gBAAgB,gBACzB,QAAO;AAGR,QAAO,eAAe,KAAK,MAAM,KAAK;;AAGvC,SAAgB,aAAa,OAAO;AACnC,QAAO,OAAO,OAAO,YAAY,sBAAsB;;AAWxD,SAAgB,iBAAiB,OAAO;AACvC,KAAI,CAAC,aAAa,MAAM,CACvB,OAAM,IAAI,UAAU,kCAAkC,OAAO,MAAM,IAAI;;AAkFlE,IAAI,WAAW,YAAY,OAAO;AASzC,SAAS,aAAa,OAAO;AAC5B,KAAI,OAAO,UAAU,SACpB,OAAM,IAAI,UAAU,8BAA8B,OAAO,MAAM,IAAI;;AAI/C,IAAI,WAAW,aAAa;AAOlD,SAAS,kBAAkB,QAAQ;AAClC,QAAO,OAAO,WAAW,KAAK,IAAI,CAAC,WAAW,KAAK,IAAI,CAAC,QAAQ,OAAO,GAAG;;AAG3E,SAAS,kBAAkB,WAAW;CACrC,MAAM,SAAS,UAAU,WAAW,KAAK,IAAI,CAAC,WAAW,KAAK,IAAI;CAClE,MAAM,WAAW,IAAK,OAAO,SAAS,KAAM;AAC5C,QAAO,SAAS,IAAI,OAAO,QAAQ;;AAKpC,MAAM,iBAAiB;AAEvB,SAAgBC,qBAAmB,OAAO,EAAC,UAAU,UAAS,EAAE,EAAE;AACjE,kBAAiB,MAAM;CAEvB,IAAI,SAAS;AAEb,MAAK,IAAI,QAAQ,GAAG,QAAQ,MAAM,QAAQ,SAAS,gBAAgB;EAClE,MAAM,QAAQ,MAAM,SAAS,OAAO,QAAQ,eAAe;AAE3D,YAAU,WAAW,KAAK,OAAO,cAAc,MAAM,KAAA,GAAW,MAAM,CAAC;;AAGxE,QAAO,UAAU,kBAAkB,OAAO,GAAG;;AAG9C,SAAgBC,qBAAmB,cAAc;AAChD,cAAa,aAAa;AAC1B,QAAO,WAAW,KAAK,WAAW,KAAK,kBAAkB,aAAa,CAAC,GAAE,MAAK,EAAE,YAAY,EAAE,CAAC;;AAahG,MAAM,uBAAuB,MAAM,KAAK,EAAC,QAAQ,KAAI,GAAG,GAAG,UAAU,MAAM,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC;AAEzG,SAAgB,gBAAgB,OAAO;AACtC,kBAAiB,MAAM;CAGvB,IAAI,YAAY;AAGhB,MAAK,IAAI,QAAQ,GAAG,QAAQ,MAAM,QAAQ,QACzC,cAAa,qBAAqB,MAAM;AAGzC,QAAO;;;;AC5LR,SAAS,sBAAsB,MAAM;AACpC,KAAI;AACH,MAAI,OAAO,KAAK,EAAE;GACjB,IAAI,cAAc,KAAK,UAAU,KAAK;AACtC,OAAI,YAAa,QAAO;;SAElB;AACR,OAAM,MAAM,gCAAgC;;AAE7C,SAAS,UAAU,QAAQ;AAC1B,KAAI;AACH,SAAO,KAAK,MAAM,OAAO;UACjB,KAAK;AACb,QAAM,MAAM,wCAAwC,IAAI,QAAQ;;;AAGlE,SAAS,OAAO,KAAK;CACpB,IAAI,QAAQ,EAAE,EAAE,uBAAuB,IAAI,SAAS,EAAE,SAAS,UAAU,UAAU,QAAQ,OAAO,SAAS,YAAY,OAAO,SAAS,YAAY,CAAC,IAAI,OAAO,SAAS,WAAW,OAAO,SAAS,MAAM,GAAG,OAAO,SAAS,WAAW,KAAK,IAAI,MAAM,GAAG,CAAC,KAAK,KAAK,IAAI,MAAM,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC,KAAK,CAAC;AAC1S,KAAI,CAAC,MAAM,IAAI,CAAE,QAAO,CAAC;AACzB,QAAO,MAAM,SAAS;EACrB,IAAI,MAAM,MAAM,KAAK;AACrB,MAAI,MAAM,QAAQ,IAAI,EAAE;GACvB,IAAI,MAAM,IAAI;AACd,UAAO,OAAQ,KAAI,CAAC,MAAM,IAAI,KAAK,CAAE,QAAO,CAAC;AAC7C;;EAED,IAAI,QAAQ,QAAQ,eAAe,IAAI;AACvC,MAAI,UAAU,QAAQ,UAAU,OAAO,UAAW,QAAO,CAAC;EAC1D,IAAI,OAAO,QAAQ,QAAQ,IAAI,EAAE,IAAI,KAAK;AAC1C,SAAO,MAAM;GACZ,IAAI,MAAM,KAAK;AACf,OAAI,OAAO,OAAO,YAAY,QAAQ,yBAAyB,KAAK,IAAI,EAAE,eAAe,CAAC,EAAG,QAAO,CAAC;GACrG,IAAI,QAAQ,IAAI;AAChB,OAAI,UAAU,KAAK,KAAK,CAAC,MAAM,MAAM,CAAE,QAAO,CAAC;;;AAGjD,QAAO,CAAC;;AAET,MAAM,sBAAsB,IAAI,aAAa,EAAE,sBAAsB,IAAI,aAAa,EAAE,kBAAyC,OAAO,WAAW,cAAc,cAAc,OAAO,WAAW,UAAU,YAAY,cAAc,OAAO,WAAW,UAAU,SAAS;AAC1Q,SAAS,QAAQ,KAAK;AACrB,QAAO,kBAAkB,WAAW,WAAW,KAAK,EAAE,UAAU,aAAa,CAAC,GAAGC,qBAAmB,IAAI;;AAEzG,SAAS,QAAQ,KAAK;AACrB,QAAO,MAAM,eAAe,cAAc,IAAI,WAAW,IAAI,GAAG,KAAK,kBAAkB,IAAI,SAAS;EACnG,UAAU;EACV,aAAa,CAAC;EACd,CAAC,GAAGC,qBAAmB,KAAK,EAAE,SAAS,CAAC,GAAG,CAAC;;AAE9C,SAAS,QAAQ,KAAK;AACrB,QAAO,MAAM,eAAe,cAAc,IAAI,WAAW,IAAI,GAAG,KAAK,kBAAkB,IAAI,OAAO,GAAG,gBAAgB,IAAI;;AAE1H,MAAM,WAA2B,uBAAO,OAAO;CAC9C,YAA4B,uBAAO,OAAO;EACzC,WAAW;EACX,UAAU;EACV,YAAY;EACZ,mBAAmB;EACnB,CAAC;CACF,WAA2B,uBAAO,OAAO;EACxC,WAAW;EACX,UAAU;EACV,YAAY;EACZ,mBAAmB;EACnB,CAAC;CACF,KAAK;CACL,kBAAkB;CAClB,qBAAqB;CACrB,CAAC,EAQI,aAA6B,uBAAO,OAAO;CAChD,eAA+B,uBAAO,OAAO;EAC5C,SAAS;EACT,QAAQ;EACR,MAAM;EACN,CAAC;CACF,eAA+B,uBAAO,OAAO;EAC5C,SAAS;EACT,QAAQ;EACR,MAAM;EACN,CAAC;CACF,QAAwB,uBAAO,OAAO;EACrC,SAAS;EACT,QAAQ,KAAK;EACb,MAAM;EACN,CAAC;CACF,CAAC,EAA0B,YAAY;AACxC,SAAS,WAAW,MAAM;AACzB,QAAO,OAAO,gBAAgB,IAAI,WAAW,OAAO,EAAE,CAAC;;AAExD,eAAe,YAAY,UAAU,SAAS;AAC7C,KAAI,CAAC,YAAY,CAAC,SAAS,OAAQ,OAAM,MAAM,iBAAiB;AAChE,KAAI,CAAC,WAAW,OAAO,WAAW,SAAU,OAAM,MAAM,cAAc;CACtE,IAAI,YAAY,WAAW,QAAQ;AACnC,KAAI,CAAC,UAAW,OAAM,MAAM,wBAAwB,QAAQ,UAAU;CACtE,IAAI,SAAS,UAAU,SAAS,WAAW,KAAK,SAAS;EACxD,MAAM;EACN,MAAM,UAAU;EAChB,QAAQ,UAAU;EAClB,GAAG;EACH,MAAM,UAAU;EAChB,QAAQ,UAAU;EAClB,EAAE,SAAS,SAAS,CAAC,QAAQ,SAAS,GAAG,CAAC,WAAW,UAAU,EAAE,KAAK,QAAQ,OAAO,UAAU,SAAS,WAAW,UAAU,OAAO,GAAG,KAAK;AAC7I,KAAI,OAAO,YAAY,UAAU;AAChC,MAAI,SAAS,SAAS,QAAQ,kBAAmB,OAAM,MAAM,oCAAoC,QAAQ,oBAAoB,wBAAwB;EACrJ,IAAI,OAAO,QAAQ;AACnB,MAAI,CAAC,MAAM;AACV,OAAI,CAAC,QAAQ,SAAU,OAAM,MAAM,oCAAoC;AACvE,UAAO,QAAQ,WAAW,QAAQ,SAAS,CAAC;;EAE7C,IAAI,UAAU,MAAM,OAAO,OAAO,UAAU,OAAO,IAAI,OAAO,SAAS,EAAE,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,cAAc;GACpH,MAAM;GACN,MAAM,IAAI,OAAO,KAAK;GACtB,YAAY,QAAQ;GACpB,MAAM;GACN;AACD,SAAO;GACN,KAAK,MAAM,OAAO,OAAO,UAAU,aAAa,SAAS,IAAI,CAAC,GAAG,OAAO;GACxE;GACA;GACA;;AAEF,KAAI,SAAS,SAAS,UAAU,UAAU,EAAG,OAAM,MAAM,kCAAkC;AAC3F,QAAO;EACN,KAAK,MAAM,OAAO,OAAO,UAAU,OAAO,SAAS,OAAO,EAAE,IAAI,CAAC,GAAG,OAAO;EAC3E;EACA,MAAM;EACN;;AAEF,SAAS,iBAAiB,WAAW,KAAK,MAAM;AAC/C,QAAO;EACN,cAAc,gBAAgB;GAC7B,MAAM;GACN,SAAS,IAAI;GACb,QAAQ;GACR,GAAG;GACH,MAAM;GACN,IAAI,IAAI;GACR;EACD,IAAI;EACJ,OAAO,QAAQ,WAAW,IAAI,OAAO,KAAK,GAAG,KAAK,OAAO;EACzD;;AAEF,eAAe,QAAQ,UAAU,SAAS,MAAM;CAC/C,IAAI,MAAM,MAAM,YAAY,UAAU,QAAQ,EAAE,YAAY,MAAM,OAAO,OAAO,QAAQ,GAAG,iBAAiB,QAAQ,WAAW,KAAK,KAAK,CAAC;AAC1I,QAAO;EACN,WAAW,IAAI,WAAW,UAAU;EACpC;EACA;;AAEF,eAAe,QAAQ,UAAU,SAAS,MAAM;CAC/C,IAAI,MAAM,MAAM,YAAY,UAAU,QAAQ,EAAE,YAAY,MAAM,OAAO,OAAO,QAAQ,GAAG,iBAAiB,QAAQ,WAAW,KAAK,KAAK,CAAC;AAC1I,QAAO,IAAI,OAAO,UAAU;;AAE7B,eAAe,iBAAiB,UAAU,SAAS,MAAM;CACxD,IAAI,MAAM,MAAM,YAAY,UAAU,QAAQ;AAC9C,QAAO;EACN,QAAQ,QAAQ,MAAM,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,IAAI,OAAO,KAAK,CAAC,CAAC;EAC5E,MAAM,IAAI;EACV;;AAEF,SAAS,kBAAkB,UAAU;CACpC,IAAI,aAAa,OAAO,YAAY,YAAY,oBAAoB,aAAa;EAChF,YAAY;EACZ,WAAW;EACX,GAAG,YAAY,OAAO,YAAY,WAAW,YAAY,WAAW;EACpE,IAAI,SAAS;EACb,YAAY,SAAS;EACrB,WAAW,SAAS;EACpB,GAAG;EACH,IAAI,SAAS;EACb,YAAY,SAAS;EACrB,WAAW,SAAS;EACpB,GAAG,KAAK;AACT,KAAI,CAAC,cAAc,CAAC,WAAW,cAAc,WAAW,WAAW,WAAW,KAAK,CAAC,WAAW,aAAa,WAAW,UAAU,WAAW,EAAG,OAAM,MAAM,iBAAiB;AAC5K,QAAO;;AAER,eAAe,KAAK,QAAQ,UAAU,SAAS;CAC9C,IAAI,MAAM,KAAK,KAAK,IAAI,QAAQ,uBAAuB,IAAI,EAAE,KAAK,IAAI,YAAY,cAAc,kBAAkB,SAAS;AAC3H,KAAI,MAAM,CAAC,QAAQ,KAAK,GAAG,CAAE,OAAM,MAAM,sBAAsB;CAC/D,IAAI,EAAE,WAAW,QAAQ,MAAM,QAAQ,YAAY,QAAQ,aAAa,QAAQ,UAAU,uBAAuB,OAAO,CAAC,EAAE,aAAa,QAAQ,MAAM,MAAM,QAAQ,MAAM,IAAI,gBAAgB,YAAY,MAAM,KAAK,MAAM,IAAI,OAAO,MAAM,QAAQ,IAAI,GAAG,GAAG,MAAM,QAAQ,UAAU,GAAG,MAAM,YAAY,MAAM,MAAM,iBAAiB,WAAW,QAAQ,WAAW,cAAc;AACpX,QAAO,gBAAgB,MAAM,IAAI,OAAO,MAAM,IAAI;;AAEnD,eAAe,OAAO,QAAQ,UAAU,SAAS;CAChD,IAAI,MAAM,KAAK,KAAK,IAAI,QAAQ,uBAAuB,IAAI,QAAQ,OAAO,MAAM,IAAI;AACpF,KAAI,MAAM,WAAW,EAAG,OAAM,MAAM,wCAAwC;CAC5E,IAAI,CAAC,QAAQ,YAAY,gBAAgB,OAAO,cAAc,YAAY,UAAU,iBAAiB;AACrG,KAAI,WAAA,SAAsB,OAAM,MAAM,mBAAmB;AACzD,KAAI,YAAY;AACf,MAAI,CAAC,aAAa,KAAK,WAAW,CAAE,OAAM,MAAM,qBAAqB;AACrE,MAAI,OAAO,SAAS,YAAY,GAAG,IAAI,MAAM,QAAQ,mBAAmB,IAAK,OAAM,MAAM,eAAe;;CAEzG,IAAI;AACJ,KAAI,OAAO,YAAY,YAAY,oBAAoB,WAAY,QAAO;UACjE,OAAO,YAAY,YAAY,UAAU;EACjD,IAAI,gBAAgB,cAAc;AAClC,MAAI,OAAO,SAAS,gBAAgB,CAAC,KAAM,OAAM,MAAM,2BAA2B,cAAc;;AAEjG,QAAO,kBAAkB,KAAK;CAC9B,IAAI,MAAM,MAAM,YAAY,KAAK,WAAW;EAC3C,GAAG,QAAQ;EACX,MAAM;EACN,CAAC,EAAE,gBAAgB,SAAS,MAAM,aAAa,MAAM,iBAAiB,MAAM,QAAQ,MAAM,eAAe,MAAM;AAChH,KAAI,CAAC,MAAM,OAAO,OAAO,OAAO,QAAQ,IAAI,KAAK,QAAQ,cAAc,EAAE,IAAI,OAAO,cAAc,CAAC,CAAE,OAAM,MAAM,iBAAiB;CAClI,IAAI,kBAAkB,MAAM,QAAQ,KAAK,YAAY;EACpD,GAAG,QAAQ;EACX,MAAM;EACN,IAAI,QAAQ,MAAM;EAClB,EAAE,QAAQ,aAAa,CAAC;AACzB,SAAQ,QAAQ,UAAU,WAAW,gBAAgB;;;;AClNtD,MAAM,oBAAoB;AAC1B,MAAM,wBAAwB;AAU9B,SAAS,UAAU,MAGjB;CACA,MAAM,CAAC,qBAAqB,IAAI,wBAC9B,KAAK,MAAM,kBAAkB;AAG/B,QAAO;EAAE;EAAoB,cAD3B,wBAAwB,OAAO,OAAO,SAAS,sBAAsB,GAAG;EAC/B;;AAG7C,eAAsB,SACpB,MACA,EAAE,YACe;AAYjB,QAAO,GANM,MAAMC,KAAS,MALR;EAClB,IAAI;EACJ,QAAQ;EACT,EAE8C;EAC7C,GAAG;EACH,KAAK;EACL,QAAQ,KAAK;EACd,CAAC,GAEe,oBAAoB;;AAGvC,eAAsB,WACpB,eACA,EAAE,YACU;CACZ,MAAM,EAAE,oBAAoB,iBAAiB,UAAU,cAAc;CAErE,MAAM,cAAc,EAAE,GAAG,UAAU;CAEnC,IAAI;AACJ,KAAI;AACF,SACG,MAAMC,OAAW,oBAAoB,aAAa;GACjD,GAAG;GACH,KAAK;GACN,CAAC,IAAK,EAAE;UACJ,OAAO;AACd,MACE,iBAAiB,SACjB,6GAA6G,KAC3G,MAAM,QACP,CAED,QAAO,EAAE;AAEX,QAAM;;AAGR,KAAI,iBAAiB,EACnB,QAAO;UACE,iBAAiB,KAE1B,QADe,KACA,cAAc;AAG/B,QAAO;;;;ACnET,IAAI,kBAAkC;;;;;;;AAQtC,SAAgB,gBAAyB;AACvC,KAAI,gBACF,QAAO;CAGT,MAAM,SAAS;AAEf,KAAI,OAAO,YAAY,eAAe,QAAQ,SAAS,SAAS,OAC9D,mBAAkB;UACT,OAAO,OAAO,SAAS,YAChC,mBAAkB;UAElB,OAAO,cAAc,eACrB,UAAU,WAAW,SAAS,MAAM,CAEpC,mBAAkB;UAElB,OAAO,cAAc,eACrB,UAAU,WAAW,SAAS,aAAa,CAE3C,mBAAkB;UACT,OAAO,WAAW,eAAe,YAAY,OACtD,mBAAkB;UACT,OAAO,WAAW,eAAe,iBAAiB,OAC3D,mBAAkB;KAElB,mBAAkB;AAGpB,QAAO;;AAGT,SAAS,uBAAuB,KAAiC;CAC/D,MAAM,UAAU,eAAe;CAC/B,MAAM,SAAS;AAEf,KAAI;AACF,UAAQ,SAAR;GACE,KAAK;GACL,KAAK;GACL,KAAK,aACH,QAAO,QAAQ,IAAI;GAErB,KAAK,OACH,QAAO,OAAO,KAAK,IAAI,IAAI,IAAI;GAEjC,KAAK,aACH,QAAO,OAAO,MAAM,QAAQ,OAAO;GAErC,KAAK,SACH,QAAO,OAAO;GAEhB,QACE,QAAO,SAAS,MAAM,QAAQ,OAAO,MAAM,QAAQ,OAAO;;SAExD;AACN;;;;;;;;;AAUJ,SAAgB,OACd,KACA,cACwB;AACxB,QAAO,uBAAuB,IAAI,IAAI;;;;AC9DxC,IAAY,6CAAL,yBAAA,4CAAA;AACL,4CAAA,iBAAA;AACA,4CAAA,4BAAA;AACA,4CAAA,gCAAA;;KACD;;;ACzBD,MAAa,iCACX,aACoC,EACpC,YAAY,QAAQ,WACrB;;;ACLD,MAAa,qDACX,aAEwD;CACxD,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,8BAA8B,QAAQ;CACtC,MAAM,QAAQ;CACd,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB;;;ACXD,MAAa,yDACX,aAE4D;CAC5D,YAAY;CACZ,WAAW,QAAQ;CACnB,eAAe,QAAQ;CACvB,8BAA8B,QAAQ;CACtC,iBAAiB,QAAQ;CACzB,YAAY,QAAQ;CACpB,YAAY,QAAQ;CACrB;;;ACbD,MAAa,gDACX,aACmD;CACnD,iBAAiB,QAAQ;CACzB,SAAS,QAAQ;CACjB,WAAW,QAAQ;CACnB,YAAY,QAAQ;CACrB;;;ACVD,MAAa,yBACX,eACe;AACf,QAAO,WAAW,KAAK,aAAa;AAClC,SAAO;GACL,OAAO,SAAS;GAChB,MAAM,SAAS;GACf,UAAU,SAAS;GACpB;GACD;;;;ACNJ,MAAa,mCACX,aACsC;CACtC,OAAO,QAAQ;CACf,iBAAiB,QAAQ;CACzB,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB;;;ACTD,MAAa,+CACX,aACkD;CAClD,SAAS,QAAQ;CACjB,iBAAiB,QAAQ;CACzB,UAAU,QAAQ,UAAU,KAAK,IAAI;CACrC,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB;;;ACbD,MAAa,6BACX,aACgC;CAChC,OAAO,QAAQ;CACf,iBAAiB,QAAQ;CACzB,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB;;;ACND,MAAa,oCACX,aACuC,EACvC,QAAQ,QAAQ,QACjB;;;ACND,IAAY,8BAAL,yBAAA,6BAAA;AACL,6BAAA,4BAAA;AACA,6BAAA,gCAAA;AAGA,6BAAA,mBAAA;AACA,6BAAA,oBAAA;AACA,6BAAA,kBAAA;;KACD;;;ACLD,MAAa,kCACX,aACqC;CACrC,OAAO,QAAQ;CACf,iBAAiB,QAAQ;CACzB,iBAAiB,QAAQ;CACzB,iBAAiB,QAAQ;CACzB,WAAW,QAAQ;CACnB,QAAQ,QAAQ;CACjB;;;ACVD,MAAa,gDACX,aACmD;CACnD,WAAW,QAAQ;CACnB,YAAY,QAAQ;CACrB;;;ACVD,IAAI;;;;;;;;;;;;;AAcJ,SAAgB,UAAU;AACxB,QAAQ,iBAAiB,OAAO;;;;ACKlC,IAAa,gBAAb,MAA2B;CACzB;CACA;CACA;CAEA,YACE,gBACA,aACA,gBACA;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,6BAA6B;AAG/C,OAAK,iBAAiB;AACtB,OAAK,iBAAiB;AACtB,OAAK,cAAc;;;;;;;CAQrB,MAAM,eAGJ;AACA,MAAI,CAAC,KAAK,YACR,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;EAKH,MAAM,UAAU,MAAM,WAA8B,KAAK,aAAa,EACpE,UAAU,KAAK,gBAChB,CAAC;AAEF,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQ,2CAA2C;GACpD;EAGH,MAAM,EAAE,cAAc,MAAM,SAAS;EAErC,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd,sBAAsB,QAAQ;GAC9B,cAAc,QAAQ;GACtB,aAAa,QAAQ;GACtB;;;;;;;;;;CAWH,MAAM,QAAQ,UAA0B,EAAE,EAAmC;EAC3E,MAAM,EAAE,cAAc,MAAM,SAAS;EACrC,MAAM,UAAU,MAAM,WAA8B,KAAK,aAAa,EACpE,UAAU,KAAK,gBAChB,CAAC;AAEF,MAAI,CAAC,QAAQ,gBAAgB,CAAC,QAAQ,KACpC,QAAO;GACL,eAAe;GACf,QAAQ,4BAA4B;GACrC;EAGH,MAAM,EAAE,QAAQ,kCAAkC,UAChD,QAAQ,YACT;AAED,MAAI;GACF,MAAM,iBAAiB,QAAQ,kBAAkB,KAAK;GAEtD,MAAM,yBACJ,MAAM,KAAK,eAAe,6BAA6B;IACrD,UAAU,KAAK,eAAe;IAC9B,cAAc,QAAQ;IACtB,gBACE,QAAQ,kBAAkB;IAC5B,SAAS;KAEP,aAAa;KACb;KACD;IACF,CAAC;AAGJ,OAAI,QAAQ,eACV,MAAK,iBAAiB,QAAQ;AAGhC,QAAK,cAAc,uBAAuB;GAE1C,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,uBAAuB,YAAY;AAI9D,UAAO;IACL,eAAe;IACf,eAAe,uBAAuB;IACtC,SAAS;IACT,sBAAsB,uBAAuB;IAC7C;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,QAAQ;IACd,cAAc,QAAQ;IACvB;WACM,OAAO;AACd,OACE,iBAAiB,mBAEhB,MAAM,UAAU,4BAA4B,iBAC3C,MAAM,UAAU,4BAA4B,kBAC5C,MAAM,UAAU,4BAA4B,cAE9C,QAAO;IACL,eAAe;IACf,QAAQ,MAAM;IACf;AAGH,SAAM;;;;;;;;CASV,MAAM,aAAa,EACjB,aACyB,EAAE,EAAmB;EAC9C,MAAM,yBAAyB,MAAM,KAAK,cAAc;AAExD,MAAI,CAAC,uBAAuB,eAAe;GACzC,MAAM,EAAE,WAAW;AACnB,SAAM,IAAI,MAAM,gDAAgD,SAAS;;AAG3E,SAAO,KAAK,eAAe,aAAa;GACtC,WAAW,uBAAuB;GAClC;GACD,CAAC;;CAGJ,MAAc,WAAW,aAAuC;EAC9D,MAAM,EAAE,cAAc,MAAM,SAAS;EACrC,MAAM,OAAO,MAAM,KAAK,eAAe,SAAS;AAChD,MAAI,CAAC,KACH,OAAM,IAAI,MACR,kEACD;AAGH,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AAGV,OACE,aAAa,SACb,UAAU,KACV,OAAO,EAAE,SAAS,aACjB,EAAE,KAAK,WAAW,WAAW,IAAI,EAAE,KAAK,WAAW,WAAW,EAE/D,QAAO;AAET,SAAM;;;;;;AC5EZ,IAAa,iBAAb,MAA4B;CAC1B;CAGA;CAEA,YAAY,QAAiC;AAAhB,OAAA,SAAA;EAC3B,MAAM,EAAE,aAAa,OAAO;AAE5B,OAAK,WAAW;;;;;;CAOlB,gBAAwB,UAA2B;EACjD,MAAM,WAAW,YAAY,KAAK;AAClC,MAAI,CAAC,SACH,OAAM,IAAI,UACR,kFACD;AAEH,SAAO;;CAGT,MAAM,UAEJ;EACA,MAAM,EAAE,uBAAuB,MAAM,SAAS;AAC9C,MAAI,CAAC,KAAK,SACR;AAIF,OAAK,UAAU,mBAAmB,IAAI,IAAI,KAAK,WAAW,KAAK,SAAS,CAAC,EAAE,EACzE,kBAAkB,MAAO,KAAK,GAC/B,CAAC;AAEF,SAAO,KAAK;;;;;;;;;;CAWd,kBAAkB,SAGA;AAChB,SAAO,IAAI,cAAc,MAAM,QAAQ,aAAa,QAAQ,eAAe;;CAG7E,MAAM,QAAQ,QAA+B;EAC3C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,SAC3B;AAED,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,oBAAoB,YAAmC;EAC3D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,sCAAsC,aACvC;AAED,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,UACJ,SAC4D;AAC5D,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BACA,iBACA,UAAU,0BAA0B,QAAQ,GAAG,KAAA,EAChD,GACA,WACC,oBACE,KAAK,QACL,0BACA,iBACA,OACD,EACH,UAAU,0BAA0B,QAAQ,GAAG,KAAA,EAChD;;CAGH,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0B,2BAA2B,QAAQ,CAAC;AAEhE,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,0BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,0CAA0C;GACxC,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,yBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,yCAAyC;GACvC,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;;;;;;;;;;;;;;CAgBJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,cAAc,GAAG,qBAAqB;EACjE,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;AAGvD,MAAI,iBAAiB,KAAA,KAAa,aAAa,MAAM,KAAK,GACxD,OAAM,IAAI,UACR,mGAED;EAGH,MAAM,YAAY,CAAC,CAAC,KAAK,OAAO;AAGhC,MAAI,CAFY,CAAC,CAAC,gBAEF,CAAC,UACf,OAAM,IAAI,UACR,uJAED;EAGH,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,qCAAqC;GACnC,GAAG;GACH,UAAU;GACV;GACA,cAAc,YAAY,KAAK,OAAO,MAAM,KAAA;GAC7C,CAAC,EACF,EAAE,iBAAiB,CAAC,WAAW,CAChC;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;;;;;;;;;;CAYJ,MAAM,gCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,gDAAgD;GAC9C,GAAG;GACH,UAAU;GACX,CAAC,EACF,EAAE,iBAAiB,MAAM,CAC1B;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;;;;;;CAQJ,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EACvD,MAAM,iBAAiB,CAAC,KAAK,OAAO;EAEpC,MAAM,OAAO,iBACT,yDAAyD;GACvD,GAAG;GACH,UAAU;GACX,CAAC,GACF,6CAA6C;GAC3C,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC;EAEN,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCAAiC,MAAM,EACvC,iBAAiB,gBAClB,CAAC;AAEF,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,qBACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,qCAAqC;GACnC,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,kCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,kDAAkD;GAChD,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,sCACJ,SACiC;EACjC,MAAM,EAAE,SAAS,UAAU,GAAG,qBAAqB;EACnD,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;EAEvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,iCACA,sDAAsD;GACpD,GAAG;GACH,UAAU;GACV,cAAc,KAAK,OAAO;GAC3B,CAAC,CACH;AAED,SAAO,KAAK,8BAA8B;GACxC,wBAAwB,kCAAkC,KAAK;GAC/D;GACD,CAAC;;CAGJ,MAAM,8BAA8B,EAClC,aACA,iBAAiB,OAAO,yBAAyB,IAIjD;AACA,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAKhD,MAAI,CAFS,MAAM,KAAK,SAAS,CAG/B,OAAM,IAAI,MAAM,2CAA2C;EAG7D,MAAM,EAAE,cAAc,MAAM,SAAS;AAErC,MAAI,CAAC,YACH,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;EAGH,MAAM,UAAU,MAAM,WAA8B,aAAa,EAC/D,UAAU,gBACX,CAAC;AAEF,MAAI,CAAC,QAAQ,YACX,QAAO;GACL,eAAe;GACf,QACE,2CAA2C;GAC9C;AAGH,MAAI,CAAE,MAAM,KAAK,WAAW,QAAQ,YAAY,CAC9C,QAAO;GACL,eAAe;GACf,QAAQ,2CAA2C;GACpD;EAGH,MAAM,EACJ,KAAK,WACL,QAAQ,gBACR,MACA,OACA,aACA,cACA,eAAe,iBACb,UAAuB,QAAQ,YAAY;AAE/C,SAAO;GACL,eAAe;GACf;GACA;GACA;GACA;GACA,MAAM,QAAQ;GACd;GACA;GACA;GACA,aAAa,QAAQ;GACrB,sBAAsB,QAAQ;GAC/B;;CAGH,MAAc,WAAW,aAAuC;EAC9D,MAAM,OAAO,MAAM,KAAK,SAAS;EACjC,MAAM,EAAE,cAAc,MAAM,SAAS;AACrC,MAAI,CAAC,KACH,OAAM,IAAI,MAAM,2CAA2C;AAG7D,MAAI;AACF,SAAM,UAAU,aAAa,KAAK;AAClC,UAAO;WACA,GAAG;AAGV,OACE,aAAa,SACb,UAAU,KACV,OAAO,EAAE,SAAS,aACjB,EAAE,KAAK,WAAW,WAAW,IAAI,EAAE,KAAK,WAAW,WAAW,EAE/D,QAAO;AAET,SAAM;;;CAIV,MAAc,8BAA8B,EAC1C,wBACA,WAIkC;AAClC,MAAI,SAAS,aAAa;AACxB,OAAI,CAAC,KAAK,OAAO,IACf,OAAM,IAAI,MACR,iKAGD;AAGH,UAAO;IACL,GAAG;IACH,eAAe,MAAM,KAAK,0CAA0C;KAClE;KACA,gBAAgB,QAAQ;KACzB,CAAC;IACH;;AAGH,SAAO;;CAGT,MAAc,0CAA0C,EACtD,wBACA,kBAIkB;AAClB,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;EAGhD,MAAM,EAAE,cAAc,MAAM,SAAS;EAErC,MAAM,EAAE,QAAQ,kCAAkC,UAChD,uBAAuB,YACxB;AAWD,SAAO,SATgC;GACrC,gBAAgB;GAChB,MAAM,uBAAuB;GAC7B,aAAa,uBAAuB;GACpC,cAAc,uBAAuB;GACrC,sBAAsB,uBAAuB;GAC7C,cAAc,uBAAuB;GACtC,EAE4B,EAC3B,UAAU,gBACX,CAAC;;CAGJ,MAAM,qBAAqB,EACzB,aACA,iBAAiB,OAAO,yBAAyB,IACe;AAChE,MAAI,CAAC,eACH,OAAM,IAAI,MAAM,8BAA8B;AAGhD,MAAI,YACF,QAAO,WAA8B,aAAa,EAChD,UAAU,gBACX,CAAC;;CAMN,MAAM,qBACJ,qBAC4B;EAC5B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,uCAAuC,sBACxC;AAED,SAAO,6BAA6B,KAAK;;CAG3C,MAAM,sBAAsB,EAC1B,UACwD;EACxD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,0BAA0B,OAAO,2BACjC,EAAE,CACH;AAED,SAAO,EAAE,MAAM,gBAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,aAAa,aAAyC;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,+BAA+B,cAChC;AAED,SAAO,qBAAqB,KAAK;;CAGnC,MAAM,gBAAgB,SAAqD;EACzE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,+BACA,gCAAgC,EAC9B,GAAG,SACJ,CAAC,CACH;AAED,SAAO,qBAAqB,KAAK;;CAGnC,MAAM,YAAY,EAChB,MACA,UAC8C;EAC9C,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,0BAA0B,OAAO,8BAA8B,EAC/D,MACD,CAAC;AAEF,SAAO,EAAE,MAAM,gBAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,iBAAiB,iBAAiD;EACtE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,mCAAmC,kBACpC;AAED,SAAO,yBAAyB,KAAK;;CAGvC,MAAM,oBACJ,SACwB;EACxB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,mCACA,oCAAoC,EAClC,GAAG,SACJ,CAAC,CACH;AAED,SAAO,yBAAyB,KAAK;;CAGvC,MAAM,cAAc,SAAwD;EAC1E,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,2CACA,8BAA8B,QAAQ,CACvC;AAED,SAAO,EAAE,MAAM,gBAAgB,KAAK,KAAK,EAAE;;CAG7C,MAAM,WAAW,SAA2C;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,QAAQ,UAClC,2BAA2B,QAAQ,CACpC;AAED,SAAO,gBAAgB,KAAK;;CAG9B,MAAM,iBAAiB,SAGpB;EACD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,0BAA0B,QAAQ,OAAO,gBACzC,iCAAiC,QAAQ,CAC1C;AAED,SAAO;GACL,sBAAsBC,+BACpB,KAAK,sBACN;GACD,yBAAyB,qBACvB,KAAK,yBACN;GACF;;CAGH,MAAM,gBACJ,SACqD;EACrD,MAAM,EAAE,QAAQ,GAAG,kBAAkB;AACrC,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BAA0B,OAAO,gBACjCC,qBACA,cACD,GACA,WACC,oBACE,KAAK,QACL,0BAA0B,OAAO,gBACjCA,qBACA,OACD,EACH,cACD;;CAGH,MAAM,qBACJ,SACuC;EACvC,MAAM,EAAE,QAAQ,GAAG,sBAAsB;AAEzC,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BAA0B,OAAO,iBACjC,wBACA,kBACD,GACA,WACC,oBACE,KAAK,QACL,0BAA0B,OAAO,iBACjC,wBACA,OACD,EACH,kBACD;;CAGH,MAAM,aACJ,QACA,SACkE;AAClE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,0BAA0B,OAAO,YACjC,oBACA,UAAU,6BAA6B,QAAQ,GAAG,KAAA,EACnD,GACA,WACC,oBACE,KAAK,QACL,0BAA0B,OAAO,YACjC,oBACA,OACD,EACH,UAAU,6BAA6B,QAAQ,GAAG,KAAA,EACnD;;CAGH,MAAM,WAAW,QAAgB;AAC/B,QAAM,KAAK,OAAO,OAAO,0BAA0B,SAAS;;CAG9D,MAAM,kBAAkB,QAAqC;AAC3D,MAAI,CAAC,OACH,OAAM,IAAI,UAAU,kDAAkD;EAGxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,0BAA0B,OAAO,aAClC;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,0BACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,2BAC9C;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,4BACJ,SAMA;EACA,MAAM,oBACJ,4CAA4C,QAAQ;AAEtD,SAAO,IAAI,gBACT,MAAM,oBAIJ,KAAK,QACL,6CACA,mCACA,kBACD,GACA,WACC,oBAIE,KAAK,QACL,6CACA,mCACA,OACD,EACH,kBACD;;CAGH,MAAM,6BACJ,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,6CACA,6CAA6C,QAAQ,CACtD;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACA,SACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IAIjC,6CAA6C,4BAC7C,6CAA6C,QAAQ,CACtD;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,6BACJ,0BACe;AACf,QAAM,KAAK,OAAO,OAChB,6CAA6C,2BAC9C;;CAGH,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,iCACJ,0BACiC;EACjC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,6CAA6C,yBAAyB,cACtE,EAAE,CACH;AAED,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,cAAc,cAA2C;EAC7D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gCAAgC,eACjC;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,sBAAsB,iBAA8C;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,yCAAyC,kBAC1C;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,gBACJ,SACwE;AACxE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,gCACA,uBACA,UAAU,gCAAgC,QAAQ,GAAG,KAAA,EACtD,GACA,WACC,oBACE,KAAK,QACL,gCACA,uBACA,OACD,EACH,UAAU,gCAAgC,QAAQ,GAAG,KAAA,EACtD;;CAGH,MAAM,eAAe,SAAqD;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,gCACA,+BAA+B,EAC7B,GAAG,SACJ,CAAC,CACH;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,iBAAiB,cAA2C;EAChE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,aAAa,UAC7C,KACD;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,iBACJ,cACA,SACqB;EACrB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAIjC,gCAAgC,aAAa,UAC7C,UAAU,iCAAiC,QAAQ,GAAG,EAAE,CACzD;AAED,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,cAAc,SAA8C;AAChE,QAAM,KAAK,OAAO,KAChB,oCACA,8BAA8B,QAAQ,CACvC;;;;;;;;;;;;CAaH,oBAAoB,SAAwD;EAC1E,MAAM,EACJ,YACA,cACA,eACA,qBACA,UACA,YACA,WACA,gBACA,UACA,qBACA,gBACA,QACA,aACA,OACA,eACE;EACJ,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;AAEvD,MAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,eACjC,OAAM,IAAI,UACR,kGACD;AAGH,MAAI,aAAa,aAAa,WAC5B,OAAM,IAAI,UACR,wDACD;EAGH,MAAM,QAAQ,cAAc;GAC1B,aAAa;GACb,eAAe;GACf,gBAAgB;GAChB,uBAAuB;GACvB,iBAAiB;GACjB,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB;GACA,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACA,aAAa;GACd,CAAC;AAEF,SAAO,GAAG,KAAK,OAAO,QAAQ,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6B7D,MAAM,4BACJ,SAIqC;EACrC,MAAM,EACJ,UACA,cACA,YACA,WACA,gBACA,UACA,qBACA,gBACA,QACA,aACA,eACE;EACJ,MAAM,mBAAmB,KAAK,gBAAgB,SAAS;AAEvD,MAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,eACjC,OAAM,IAAI,UACR,kGACD;AAGH,MAAI,aAAa,aAAa,WAC5B,OAAM,IAAI,UACR,wDACD;EAIH,MAAM,OAAO,MAAM,KAAK,OAAO,KAAK,UAAU;EAG9C,MAAM,QAAQ,KAAK,OAAO,KAAK,qBAAqB,GAAG;EAEvD,MAAM,QAAQ,cAAc;GAC1B,eAAe;GACf,gBAAgB,KAAK;GACrB,uBAAuB;GACvB,iBAAiB;GACjB,aAAa;GACb,YAAY;GACZ;GACA,uBAAuB;GACvB,iBAAiB;GACjB;GACA,WAAW;GACX,cAAc;GACd,eAAe;GACf;GACA,aAAa;GACd,CAAC;AAIF,SAAO;GAAE,KAFG,GAAG,KAAK,OAAO,QAAQ,6BAA6B;GAElD;GAAO,cAAc,KAAK;GAAc;;CAGxD,aAAa,SAAmC;EAC9C,MAAM,EAAE,WAAW,aAAa;AAEhC,MAAI,CAAC,UACH,OAAM,IAAI,UAAU,qDAAqD;EAG3E,MAAM,MAAM,IAAI,IACd,oCACA,KAAK,OAAO,QACb;AAED,MAAI,aAAa,IAAI,cAAc,UAAU;AAC7C,MAAI,SACF,KAAI,aAAa,IAAI,aAAa,SAAS;AAG7C,SAAO,IAAI,UAAU;;CAGvB,WAAW,UAA0B;AACnC,MAAI,CAAC,SACH,OAAM,IAAI,UAAU,oCAAoC;AAG1D,SAAO,GAAG,KAAK,OAAO,QAAQ,YAAY;;;;;ACnvC9C,IAAY,UAAL,yBAAA,SAAA;AACL,SAAA,WAAA;AACA,SAAA,WAAA;;KACD;;;ACDD,SAAgB,UAAU,UAAoC;AAC5D,QACE,OAAO,UAAU,eAAe,KAAK,UAAU,eAAe,IAC9D,OAAO,UAAU,eAAe,KAAK,UAAU,aAAa;;AAIhE,SAAgB,oBACd,UAC+B;AAC/B,QACE,CAAC,CAAC,YACF,OAAO,aAAa,YACpB,oBAAoB,YACpB,mBAAmB;;;;ACJvB,MAAa,yBACX,aAC4B;CAC5B,IAAI,QAAQ;CACZ,QAAQ,QAAQ,OAAO,IAAI,6BAA6B;CACxD,OAAO,QAAQ;CAChB;AAED,MAAa,8BACX,aACiC;CACjC,IAAI;CACJ,QAAQ,QAAQ,OAAO,IAAI,6BAA6B;CACxD,OAAO,QAAQ;CAChB;AAED,MAAM,gCACJ,YACkC;AAClC,QAAO;EACL,eAAe,oBAAoB,QAAQ,SAAS,GAChD,QAAQ,SAAS,iBAAiB,GAClC,QAAQ,SAAS;EACrB,aAAa,oBAAoB,QAAQ,SAAS,GAC9C,QAAQ,SAAS,eAAe,GAChC,QAAQ,SAAS,aACf,QAAQ,SAAS,aACjB;EACN,UAAU,QAAQ;EAClB,SAAS,UAAU,QAAQ,QAAQ,GAC/B;GACE,eAAe,QAAQ,QAAQ;GAC/B,aAAa,QAAQ,QAAQ;GAC9B,GACD;GACE,eAAe,QAAQ,QAAQ,iBAAiB;GAChD,aAAa,QAAQ,QAAQ,eAAe;GAC7C;EACL,SAAS,QAAQ,WAAW,EAAE;EAC/B;;AAGH,MAAa,+BACX,aACqB;AACrB,QAAO;EACL,OAAO;GACL,UAAU;IACR,cAAc,SAAS,MAAM;IAC7B,YAAY,SAAS,MAAM;IAC5B;GACD,UAAU,SAAS,MAAM;GACzB,SAAS;IACP,cAAc,SAAS,MAAM,QAAQ;IACrC,YAAY,SAAS,MAAM,QAAQ;IACpC;GACD,SAAS,SAAS,MAAM;GACzB;EACD,QAAQ,SAAS;EACjB,UAAU,SAAS;EACnB,gBAAgB,SAAS;EACzB,UAAU,SAAS,SAAS,IAAI,4BAA4B;EAC7D;;;;ACnEH,MAAM,0BAA0B;AAkFhC,IAAa,cAAb,MAAyD;CACvD;CACA;CACA;CACA;CACA;CAEA,YAAY,MAA2B;AACrC,OAAK,SAAS,KAAK;AACnB,OAAK,aAAa,KAAK;AACvB,OAAK,eAAe,KAAK;AACzB,OAAK,YAAY,KAAK,aAClB;GACE,gBAAgB,KAAK,WAAW;GAChC,cAAc,4BACZ,KAAK,WAAW,cACjB;GACF,GACD,KAAA;AACJ,OAAK,WAAW,KAAK;;CAGvB,eAAwB;AACtB,SAAO,KAAK,WAAW;;;;;AChH3B,IAAY,aAAL,yBAAA,YAAA;AACL,YAAA,YAAA;AACA,YAAA,YAAA;;KACD;;;ACHD,IAAY,YAAL,yBAAA,WAAA;AACL,WAAA,YAAA;AACA,WAAA,YAAA;;KACD;;;ACGD,MAAaC,oCACX,aACqC;CACrC,eAAe,oBAAoB,QAAQ,SAAS,GAChD,QAAQ,SAAS,iBAAiB,GAClC,QAAQ,SAAS;CACrB,aAAa,oBAAoB,QAAQ,SAAS,GAC9C,QAAQ,SAAS,eAAe,GAChC,QAAQ,SAAS,aACf,QAAQ,SAAS,aACjB;CACN,MAAM,QAAQ;CACf;;;ACZD,MAAa,kCACX,aACqC;CACrC,eAAe,oBAAoB,QAAQ,GACvC,QAAQ,iBAAiB,GACzB,QAAQ;CACZ,aAAa,oBAAoB,QAAQ,GACrC,QAAQ,eAAe,GACvB,QAAQ,aACN,QAAQ,aACR;CACP;;;ACLD,MAAa,uCACX,YACyC;CACzC,IAAI,sBAEoC,EAAE;AAC1C,KAAI,QAAQ,OAAO,WAAW,OAE5B,uBADkB,QAAQ,UACM,KAAK,YACnCC,iCAA+B,QAAQ,CACxC;UACQ,QAAQ,OAAO,WAAW,OAEnC,uBADkB,QAAQ,UACM,KAAK,YACnC,+BAA+B,QAAQ,CACxC;AAGH,QAAO;EACL,IAAI,QAAQ;EACZ,WAAW;EACZ;;;;AC5BH,MAAa,gCACX,aACoC;CACpC,eAAe,QAAQ;CACvB,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB;;;ACTD,MAAa,gCACX,aACmC;CACnC,eAAe,QAAQ;CACvB,aAAa,QAAQ;CACrB,UAAU,QAAQ;CAClB,cAAc,QAAQ;CACtB,YAAY,QAAQ;CACpB,kBAAkB,QAAQ;CAC1B,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB;;;ACdD,MAAa,yBACX,aAC4B;CAC5B,GAAG,QAAQ;CACX,SAAS,KAAK,UAAU,QAAQ,QAAQ;CACxC,OAAO,QAAQ;CACf,QAAQ,QAAQ;CAChB,OAAO,QAAQ;CACf,OAAO,QAAQ;CAChB;;;ACHD,MAAa,0BACX,iBACiB;CACjB,cAAc,YAAY;CAC1B,YAAY,YAAY;CACxB,UAAU,YAAY;CACtB,SAAS;EACP,cAAc,YAAY,QAAQ;EAClC,YAAY,YAAY,QAAQ;EAChC,UAAU,YAAY,QAAQ;EAC9B,SAAS;GACP,cAAc,YAAY,QAAQ,QAAQ;GAC1C,YAAY,YAAY,QAAQ,QAAQ;GACxC,UAAU,YAAY,QAAQ,QAAQ;GACvC;EACF;CACD,YAAY,YAAY;CACxB,MAAM,YAAY;CACnB;;;ACpBD,MAAa,uBAAuB,cAA0C;CAC5E,cAAc,SAAS;CACvB,YAAY,SAAS;CACrB,MAAM,SAAS;CAChB;AAED,MAAa,0CACX,aACe;AACf,QAAO,SAAS,KAAK,KAAK,aAAa,oBAAoB,SAAS,CAAC;;;;ACVvE,MAAa,2BACX,kBACkB,EAClB,cAAc,aAAa,eAC5B;;;ACPD,MAAa,sBAAsB,aAAuC;CACxE,cAAc,QAAQ;CACtB,YAAY,QAAQ;CACpB,UAAU,QAAQ;CAClB,SAAS;EACP,cAAc,QAAQ,QAAQ;EAC9B,YAAY,QAAQ,QAAQ;EAC5B,UAAU,QAAQ,QAAQ;EAC3B;CACD,QAAQ,QAAQ;CACjB;;;ACND,MAAa,gCACX,aACmC;CACnC,IAAI,QAAQ;CACZ,eAAe,oBAAoB,QAAQ,SAAS,GAChD,QAAQ,SAAS,iBAAiB,GAClC,QAAQ,SAAS;CACrB,aAAa,oBAAoB,QAAQ,SAAS,GAC9C,QAAQ,SAAS,eAAe,GAChC,QAAQ,SAAS,aACf,QAAQ,SAAS,aACjB;CACN,UAAU,QAAQ;CAClB,SAAS,UAAU,QAAQ,QAAQ,GAC/B;EACE,eAAe,QAAQ,QAAQ;EAC/B,aAAa,QAAQ,QAAQ;EAC9B,GACD;EACE,eAAe,QAAQ,QAAQ,iBAAiB;EAChD,aAAa,QAAQ,QAAQ,eAAe;EAC7C;CACL,QAAQ,QAAQ;CACjB;;;AC1BD,MAAa,sBACX,UACA,mBACgB;CAChB,QAAQ;CACR,MAAM,SAAS,KAAK,IAAI,cAAc;CACtC,cAAc,SAAS;CACvB,UAAU,SAAS;CACpB;;;ACND,IAAa,iBAAb,cAGU,gBAAsB;CAC9B;CAEA,YACE,MACA,SACA,SACA;AACA,QAAM,MAAM,SAAS,QAAQ;AAC7B,OAAK,OAAO;;CAGd,IAAI,WAAkC;AACpC,SAAO,KAAK,KAAK;;;;;ACdrB,MAAa,6BAA6B,OACxC,QACA,UACA,eACA,SACA,mBACwB;CACxB,MAAM,EAAE,MAAM,aAAa,MAAM,OAAO,IAEtC,UAAU;EACV,OAAO;EACP,GAAG;EACJ,CAAC;AAEF,QAAO,mBAAmB,UAAU,cAAc;;;;;;;;ACoCpD,IAAa,MAAb,MAAiB;CACf,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,MACJ,cACA,UAA+B,EAAE,EACX;EACtB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,iBACA,sBAAsB,aAAa,EACnC,QACD;AACD,SAAO,IAAI,YAAY,KAAK;;CAG9B,MAAM,WACJ,cACA,UAA+B,EAAE,EACT;EACxB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,iBACA,2BAA2B,aAAa,EACxC,QACD;AACD,SAAO,KAAK,KACT,gBAAqC,IAAI,YAAY,YAAY,CACnE;;CAGH,MAAM,eAAe,UAAoD;EACvE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,qBACAC,iCAA+B,SAAS,CACzC;AAED,SAAO,oBAAoB,KAAK;;CAGlC,MAAM,YACJ,UACmB;EACnB,MAAM,eAAe,oBAAoB,SAAS,GAC9C,SAAS,iBAAiB,GAC1B,SAAS;EACb,MAAM,aAAa,oBAAoB,SAAS,GAC5C,SAAS,eAAe,GACxB,SAAS;EAEb,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,qBAAqB,aAAa,GAAG,aACtC;AAED,SAAO,oBAAoB,KAAK;;CAGlC,MAAM,cACJ,SACoE;AACpE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,qBACA,qBACA,UAAU,6BAA6B,QAAQ,GAAG,KAAA,EACnD,GACA,WACC,oBACE,KAAK,QACL,qBACA,qBACA,OACD,EACH,UAAU,6BAA6B,QAAQ,GAAG,KAAA,EACnD;;CAGH,MAAM,eAAe,SAAmD;EACtE,MAAM,eAAe,oBAAoB,QAAQ,SAAS,GACtD,QAAQ,SAAS,iBAAiB,GAClC,QAAQ,SAAS;EACrB,MAAM,aAAa,oBAAoB,QAAQ,SAAS,GACpD,QAAQ,SAAS,eAAe,GAChC,QAAQ,SAAS;EAErB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,qBAAqB,aAAa,GAAG,cACrC,EACE,MAAM,QAAQ,MACf,CACF;AAED,SAAO,oBAAoB,KAAK;;CAGlC,MAAM,eAAe,UAAgD;EACnE,MAAM,eAAe,oBAAoB,SAAS,GAC9C,SAAS,iBAAiB,GAC1B,SAAS;EACb,MAAM,aAAa,oBAAoB,SAAS,GAC5C,SAAS,eAAe,GACxB,SAAS;AAEb,QAAM,KAAK,OAAO,OAAO,qBAAqB,aAAa,GAAG,aAAa;;CAG7E,MAAM,oBACJ,SACqB;EACrB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,2BACA,oCAAoC,QAAQ,CAC7C;AACD,SAAO,uCAAuC,KAAK;;CAGrD,MAAM,aAAa,SAAqD;EACtE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,oBACA,6BAA6B,QAAQ,CACtC;AAED,SAAO,wBAAwB,KAAK;;CAGtC,MAAM,mBACJ,SACuB;EACvB,MAAM,EAAE,MAAM,iBAAiB,MAAM,KAAK,OAAO,KAC/C,oBACA,QAAQ,IAAI,6BAA6B,CAC1C;AAED,SAAO,wBAAwB,aAAa;;CAG9C,MAAM,aACJ,SACA,gBACkE;AAClE,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,oBACA,oBACA,UAAU,6BAA6B,QAAQ,GAAG,KAAA,GAClD,eACD,GACA,WACC,oBACE,KAAK,QACL,oBACA,oBACA,QACA,eACD,EACH,UAAU,6BAA6B,QAAQ,GAAG,KAAA,EACnD;;CAGH,MAAM,MACJ,SACA,iBAAsC,EAAE,EACsB;AAC9D,SAAO,IAAI,eACT,MAAM,2BACJ,KAAK,QACL,iBACA,wBACA,sBAAsB,QAAQ,EAC9B,eACD,GACA,WACC,2BACE,KAAK,QACL,iBACA,wBACA,QACA,eACD,EACH,sBAAsB,QAAQ,CAC/B;;;;;ACjOL,IAAa,eAAb,MAA0B;CACxB,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,iBACJ,SACuC;AACvC,SAAO,IAAI,gBACT,MAAM,oBACJ,KAAK,QACL,kBACA,wBACA,QACD,GACA,WACC,oBACE,KAAK,QACL,kBACA,wBACA,OACD,EACH,QACD;;CAGH,MAAM,eAAe,MAAoC;EACvD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,OACnB;AAED,SAAO,uBAAuB,KAAK;;CAGrC,MAAM,kBAAkB,MAAoC;EAC1D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,KAAK,UACvB,EAAE,CACH;AAED,SAAO,uBAAuB,KAAK;;CAGrC,MAAM,mBAAmB,MAAoC;EAC3D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,kBAAkB,KAAK,WACvB,EAAE,CACH;AAED,SAAO,uBAAuB,KAAK;;CAGrC,MAAM,cAAc,SAA8C;EAChE,MAAM,EAAE,MAAM,aAAa;AAC3B,QAAM,KAAK,OAAO,KAAK,kBAAkB,KAAK,WAAW,YAAY,EAAE,CAAC;;CAG1E,MAAM,iBAAiB,SAAiD;EACtE,MAAM,EAAE,MAAM,aAAa;AAC3B,QAAM,KAAK,OAAO,OAAO,kBAAkB,KAAK,WAAW,WAAW;;;;;AClD1E,MAAa,4BACX,aAC+B;CAC/B,iBAAiB,QAAQ;CACzB,SAAS,QAAQ;CACjB,QAAQ,QAAQ;CACjB;AAUD,MAAa,+BACX,UACsB,EACtB,OAAO,KAAK,OACb;;;AC9BD,IAAa,UAAb,MAAqB;CACnB,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,SAAS,SAA2C;EACxD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KAGjC,kBAAkB,yBAAyB,QAAQ,CAAC;AAEtD,SAAO,4BAA4B,KAAK,CAAC;;;;;ACb7C,MAAa,8BACX,UACqB;CACrB,QAAQ,KAAK;CACb,IAAI,KAAK;CACT,MAAM,KAAK;CACX,MAAM,KAAK;CACX,aAAa,KAAK;CAClB,aAAa,KAAK;CAClB,kBAAkB,KAAK;CACvB,MAAM,KAAK;CACX,WAAW,KAAK;CAChB,WAAW,KAAK;CACjB;;;ACbD,MAAa,yCACX,aAC4C;CAC5C,MAAM,QAAQ;CACd,MAAM,QAAQ;CACd,aAAa,QAAQ;CACrB,oBAAoB,QAAQ;CAC7B;;;ACPD,MAAa,yCACX,aAC4C;CAC5C,MAAM,QAAQ;CACd,aAAa,QAAQ;CACtB;;;ACLD,MAAa,0CACX,aAC6C;CAC7C,MAAM,QAAQ;CACd,MAAM,QAAQ;CACd,aAAa,QAAQ;CACtB;;;ACND,MAAa,0CACX,aAC6C;CAC7C,MAAM,QAAQ;CACd,aAAa,QAAQ;CACtB;;;ACLD,MAAa,oCACX,aACuC;CACvC,MAAM,QAAQ;CACd,MAAM,QAAQ;CACd,aAAa,QAAQ;CACrB,oBAAoB,QAAQ;CAC7B;;;ACPD,MAAa,oCACX,aACuC;CACvC,MAAM,QAAQ;CACd,aAAa,QAAQ;CACtB;;;ACLD,MAAa,oCACX,cAC2B;CAC3B,QAAQ,SAAS;CACjB,IAAI,SAAS;CACb,YAAY,SAAS;CACrB,MAAM,SAAS;CACf,aAAa,SAAS;CACtB,kBAAkB,SAAS;CAC3B,gBAAgB,SAAS;CACzB,kBAAkB,SAAS;CAC3B,WAAW,SAAS;CACpB,WAAW,SAAS;CACrB;;;ACbD,MAAa,kCACX,aACkD;CAClD,iBAAiB,QAAQ;CACzB,oBAAoB,QAAQ;CAC5B,aAAa,QAAQ;CACrB,MAAM,QAAQ;CACd,GAAI,QAAQ,gBAAgB,KAAA,KAAa,EACvC,aAAa,QAAQ,aACtB;CACD,GAAI,sBAAsB,WAAW,EACnC,oBAAoB,QAAQ,kBAC7B;CACD,GAAI,8BAA8B,WAAW;EAC3C,6BAA6B,QAAQ;EACrC,2BAA2B,QAAQ;EACpC;CACF;;;ACjBD,MAAa,kCACX,aACkD;CAClD,GAAI,QAAQ,SAAS,KAAA,KAAa,EAAE,MAAM,QAAQ,MAAM;CACxD,GAAI,QAAQ,gBAAgB,KAAA,KAAa,EACvC,aAAa,QAAQ,aACtB;CACF;;;ACTD,MAAa,8CACX,aACkD;CAClD,GAAI,QAAQ,SAAS,KAAA,KAAa,EAAE,MAAM,QAAQ,MAAM;CACxD,GAAI,QAAQ,gBAAgB,KAAA,KAAa,EACvC,aAAa,QAAQ,aACtB;CACF;;;ACJD,MAAa,8CACX,aACiD;CACjD,GAAI,QAAQ,kBAAkB,EAC5B,iBAAiB,QAAQ,gBAC1B;CACD,GAAI,QAAQ,oBAAoB,EAC9B,oBAAoB,QAAQ,kBAC7B;CACD,GAAI,QAAQ,oBAAoB,EAC9B,oBAAoB,QAAQ,kBAC7B;CACD,GAAI,QAAQ,0BAA0B,EACpC,2BAA2B,QAAQ,wBACpC;CACD,GAAI,QAAQ,oBAAoB,EAC9B,oBAAoB,QAAQ,kBAC7B;CACD,GAAI,QAAQ,UAAU,EAAE,QAAQ,QAAQ,QAAQ;CAChD,GAAG,2BAA2B,QAAQ;CACvC;;;ACrBD,MAAa,sCACX,aACyC;CACzC,iBAAiB,QAAQ;CACzB,GAAI,gBAAgB,WAAW,EAAE,aAAa,QAAQ,YAAY;CAClE,GAAI,wBAAwB,WAAW;EACrC,sBAAsB,QAAQ;EAC9B,oBAAoB,QAAQ;EAC7B;CACF;;;ACRD,MAAa,8CACX,aACiD;CACjD,iBAAiB,QAAQ;CACzB,GAAG,2BAA2B,QAAQ;CACtC,GAAI,sBAAsB,WAAW,EACnC,oBAAoB,QAAQ,kBAC7B;CACD,GAAI,8BAA8B,WAAW;EAC3C,2BAA2B,QAAQ;EACnC,6BAA6B,QAAQ;EACtC;CACF;;;ACVD,MAAa,8CACX,aACqC;CACrC,iBAAiB,QAAQ;CACzB,GAAI,QAAQ,cAAc,EAAE,YAAY,QAAQ,YAAY;CAC5D,GAAG,2BAA2B,QAAQ;CACvC;;;ACTD,MAAa,6BACX,cACoB;CACpB,QAAQ,SAAS;CACjB,IAAI,SAAS;CACb,MAAM,SAAS;CACf,UAAU;EACR,IAAI,SAAS,SAAS;EACtB,YAAY,SAAS,SAAS;EAC9B,kBAAkB,SAAS,SAAS;EACrC;CACD,WAAW,SAAS;CACpB,WAAW,SAAS;CACrB;;;ACbD,MAAa,8BACX,aACiC;CACjC,WAAW,QAAQ;CACnB,GAAI,gBAAgB,WAAW,EAAE,aAAa,QAAQ,YAAY;CAClE,GAAI,wBAAwB,WAAW;EACrC,sBAAsB,QAAQ;EAC9B,oBAAoB,QAAQ;EAC7B;CACF;;;ACTD,MAAa,8BACX,aACiC;CACjC,WAAW,QAAQ;CACnB,GAAI,gBAAgB,WAAW,EAAE,aAAa,QAAQ,YAAY;CAClE,GAAI,wBAAwB,WAAW;EACrC,sBAAsB,QAAQ;EAC9B,oBAAoB,QAAQ;EAC7B;CACF;;;ACqED,IAAa,gBAAb,MAA2B;CACzB,YAAY,QAAiC;AAAhB,OAAA,SAAA;;CAE7B,MAAM,sBACJ,SAC0B;EAC1B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,wBACA,sCAAsC,QAAQ,CAC/C;AACD,SAAO,2BAA2B,KAAK;;CAGzC,MAAM,uBAAqD;EACzD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,uBACD;AACD,SAAO;GACL,QAAQ;GACR,MAAM,KAAK,KAAK,IAAI,2BAA2B;GAChD;;CAGH,MAAM,mBAAmB,MAAwC;EAC/D,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,wBAAwB,OACzB;AACD,SAAO,2BAA2B,KAAK;;CAGzC,MAAM,sBACJ,MACA,SAC0B;EAC1B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,MACjC,wBAAwB,QACxB,sCAAsC,QAAQ,CAC/C;AACD,SAAO,2BAA2B,KAAK;;CAGzC,MAAM,8BACJ,MACA,SAC0B;EAC1B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,wBAAwB,KAAK,eAC7B,EAAE,aAAa,QAAQ,aAAa,CACrC;AACD,SAAO,2BAA2B,KAAK;;CAGzC,MAAM,6BACJ,MACA,SAC0B;EAC1B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,wBAAwB,KAAK,eAC7B,EAAE,MAAM,QAAQ,gBAAgB,CACjC;AACD,SAAO,2BAA2B,KAAK;;CAGzC,MAAM,uBACJ,gBACA,SAC2B;EAC3B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,eAAe,SAC/C,uCAAuC,QAAQ,CAChD;AACD,SAAO,4BAA4B,KAAK;;CAG1C,MAAM,sBAAsB,gBAA2C;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gCAAgC,eAAe,QAChD;AACD,SAAO;GACL,QAAQ;GACR,MAAM,KAAK,KAAK,IAAIC,kBAAgB;GACrC;;CAGH,MAAM,oBACJ,gBACA,MACe;EACf,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gCAAgC,eAAe,SAAS,OACzD;AACD,SAAOA,kBAAgB,KAAK;;CAG9B,MAAM,uBACJ,gBACA,MACA,SAC2B;EAC3B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,MACjC,gCAAgC,eAAe,SAAS,QACxD,uCAAuC,QAAQ,CAChD;AACD,SAAO,4BAA4B,KAAK;;CAG1C,MAAM,uBACJ,gBACA,MACe;AACf,QAAM,KAAK,OAAO,OAChB,gCAAgC,eAAe,SAAS,OACzD;;CAGH,MAAM,+BACJ,gBACA,MACA,SAC2B;EAC3B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gCAAgC,eAAe,SAAS,KAAK,eAC7D,EAAE,aAAa,QAAQ,aAAa,CACrC;AACD,SAAO,4BAA4B,KAAK;;CAG1C,MAAM,8BACJ,gBACA,MACA,SAC2B;EAC3B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gCAAgC,eAAe,SAAS,KAAK,eAC7D,EAAE,MAAM,QAAQ,gBAAgB,CACjC;AACD,SAAO,4BAA4B,KAAK;;CAG1C,MAAM,iCACJ,gBACA,MACA,SACe;AACf,QAAM,KAAK,OAAO,OAChB,gCAAgC,eAAe,SAAS,KAAK,eAAe,QAAQ,iBACrF;;CAGH,MAAM,iBACJ,SACqB;EACrB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,8BACA,iCAAiC,QAAQ,CAC1C;AACD,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,gBACJ,SACyB;EACzB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,8BACA,EAAE,OAAO,SAAS,CACnB;AACD,SAAO;GACL,QAAQ;GACR,MAAM,KAAK,KAAK,IAAI,sBAAsB;GAC1C,cAAc;IACZ,QAAQ,KAAK,cAAc;IAC3B,OAAO,KAAK,cAAc;IAC3B;GACF;;CAGH,MAAM,cAAc,MAAmC;EACrD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,8BAA8B,OAC/B;AACD,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,iBACJ,MACA,SACqB;EACrB,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,MACjC,8BAA8B,QAC9B,iCAAiC,QAAQ,CAC1C;AACD,SAAO,sBAAsB,KAAK;;CAGpC,MAAM,iBAAiB,MAA6B;AAClD,QAAM,KAAK,OAAO,OAAO,8BAA8B,OAAO;;CAGhE,MAAM,YAAY,YAAoD;EACpE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,4BAA4B,aAC7B;AACD,SAAO,iCAAiC,KAAK;;CAG/C,MAAM,eACJ,SACgC;EAChC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,4BACA,+BAA+B,QAAQ,CACxC;AACD,SAAO,iCAAiC,KAAK;;CAG/C,MAAM,eACJ,SACgC;EAChC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,MACjC,4BAA4B,QAAQ,cACpC,+BAA+B,QAAQ,CACxC;AACD,SAAO,iCAAiC,KAAK;;CAG/C,MAAM,eACJ,SACe;EACf,MAAM,EAAE,YAAY,kBAAkB;EAEtC,MAAM,QACJ,kBAAkB,KAAA,IACd,EAAE,gBAAgB,cAAc,UAAU,EAAE,GAC5C,KAAA;AAEN,QAAM,KAAK,OAAO,OAAO,4BAA4B,cAAc,MAAM;;CAG3E,MAAM,cACJ,UAA6C,EAAE,EACX;EACpC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,4BACA,EAAE,OAAO,2CAA2C,QAAQ,EAAE,CAC/D;AACD,SAAO;GACL,QAAQ;GACR,MAAM,KAAK,KAAK,IAAI,iCAAiC;GACrD,cAAc;IACZ,QAAQ,KAAK,cAAc;IAC3B,OAAO,KAAK,cAAc;IAC3B;GACF;;CAGH,MAAM,wBACJ,SACgC;EAChC,MAAM,EAAE,gBAAgB,kBAAkB,eAAe;EACzD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gCAAgC,eAAe,aAAa,iBAAiB,GAAG,aACjF;AACD,SAAO,iCAAiC,KAAK;;CAG/C,MAAM,2BACJ,SACgC;EAChC,MAAM,EAAE,gBAAgB,kBAAkB,eAAe;EACzD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,MACjC,gCAAgC,eAAe,aAAa,iBAAiB,GAAG,cAChF,2CAA2C,QAAQ,CACpD;AACD,SAAO,iCAAiC,KAAK;;CAE/C,MAAM,2BACJ,SACe;EACf,MAAM,EAAE,gBAAgB,kBAAkB,YAAY,kBACpD;EAEF,MAAM,QACJ,kBAAkB,KAAA,IACd,EAAE,gBAAgB,cAAc,UAAU,EAAE,GAC5C,KAAA;AAEN,QAAM,KAAK,OAAO,OAChB,gCAAgC,eAAe,aAAa,iBAAiB,GAAG,cAChF,MACD;;CAGH,MAAM,MACJ,SACmC;EACnC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,2CAA2C,QAAQ,yBAAyB,SAC5E,mCAAmC,QAAQ,CAC5C;AACD,SAAO;;CAGT,MAAM,oBACJ,SAC6B;EAC7B,MAAM,EAAE,0BAA0B,GAAG,iBAAiB;EACtD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,2CAA2C,yBAAyB,oBACpE,EAAE,OAAO,cAAc,CACxB;AACD,SAAO;GACL,QAAQ;GACR,MAAM,KAAK,KAAK,IAAI,0BAA0B;GAC9C,cAAc;IACZ,QAAQ,KAAK,cAAc;IAC3B,OAAO,KAAK,cAAc;IAC3B;GACF;;CAGH,MAAM,WAAW,SAAqD;EACpE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,2CAA2C,QAAQ,yBAAyB,oBAC5E,2BAA2B,QAAQ,CACpC;AACD,SAAO,0BAA0B,KAAK;;CAGxC,MAAM,WAAW,SAA2C;AAC1D,QAAM,KAAK,OAAO,eAChB,2CAA2C,QAAQ,yBAAyB,oBAC5E,2BAA2B,QAAQ,CACpC;;CAGH,MAAM,qBACJ,SACe;AACf,QAAM,KAAK,OAAO,OAChB,2CAA2C,QAAQ,yBAAyB,oBAAoB,QAAQ,mBACzG;;CAGH,MAAM,2BACJ,SACoC;EACpC,MAAM,EAAE,6BAA6B;EACrC,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,2CAA2C,yBAAyB,aACpE,EACE,OAAO,2CAA2C,QAAQ,EAC3D,CACF;AACD,SAAO;GACL,QAAQ;GACR,MAAM,KAAK,KAAK,IAAI,iCAAiC;GACrD,cAAc;IACZ,QAAQ,KAAK,cAAc;IAC3B,OAAO,KAAK,cAAc;IAC3B;GACF;;CAGH,MAAM,2BACJ,SACkD;EAClD,MAAM,EAAE,eAAe;EACvB,MAAM,EAAE,SACN,MAAM,KAAK,OAAO,IAChB,4BAA4B,WAAW,4BACvC,EACE,OAAO,2CAA2C,QAAQ,EAC3D,CACF;AACH,SAAO;GACL,QAAQ;GACR,MAAM,KAAK,KAAK,IAAI,+CAA+C;GACnE,cAAc;IACZ,QAAQ,KAAK,cAAc;IAC3B,OAAO,KAAK,cAAc;IAC3B;GACF;;CAGH,MAAM,uCACJ,SACkD;EAClD,MAAM,EAAE,gBAAgB,kBAAkB,eAAe;EACzD,MAAM,EAAE,SACN,MAAM,KAAK,OAAO,IAChB,gCAAgC,eAAe,aAAa,iBAAiB,GAAG,WAAW,4BAC3F,EACE,OAAO,2CAA2C,QAAQ,EAC3D,CACF;AACH,SAAO;GACL,QAAQ;GACR,MAAM,KAAK,KAAK,IAAI,+CAA+C;GACnE,cAAc;IACZ,QAAQ,KAAK,cAAc;IAC3B,OAAO,KAAK,cAAc;IAC3B;GACF;;;;;;;;;ACheL,MAAM,aAAa;AACnB,MAAM,mBAAmB;AACzB,MAAM,iBAAiB;AACvB,MAAM,qBAAqB;AAC3B,MAAM,uBAAuB;;;;;;;AAQ7B,SAAgB,aAAa,OAA2B;AACtD,gBAAe,MAAM;AAErB,KAAI,UAAU,EACZ,QAAO,IAAI,WAAW,CAAC,EAAE,CAAC;CAG5B,MAAM,QAAkB,EAAE;AAE1B,IAAG;EACD,IAAI,OAAO,QAAQ;AACnB,aAAW;AAEX,MAAI,UAAU,EACZ,SAAQ;AAGV,QAAM,KAAK,KAAK;UACT,UAAU;AAEnB,QAAO,IAAI,WAAW,MAAM;;;;;;;;;AAU9B,SAAgB,aACd,MACA,SAAS,GAC6B;AACtC,gBAAe,MAAM,OAAO;CAE5B,IAAI,SAAS;CACb,IAAI,QAAQ;CACZ,IAAI,QAAQ;CACZ,IAAI,YAAY;AAEhB,QAAO,QAAQ,KAAK,QAAQ;EAC1B,MAAM,OAAO,KAAK;AAClB;AAEA,MAAI,YAAY,qBACd,OAAM,IAAI,MAAM,oDAAoD;AAGtE,aAAW,OAAO,mBAAmB;AAErC,MAAI,CAAC,mBAAmB,KAAK,CAC3B,QAAO;GAAE,OAAO,WAAW;GAAG,WAAW;GAAO;AAGlD,WAAS;;AAGX,OAAM,IAAI,MAAM,4BAA4B;;AAG9C,SAAS,eAAe,OAAqB;AAC3C,KAAI,CAAC,OAAO,SAAS,MAAM,CACzB,OAAM,IAAI,MAAM,gCAAgC;AAElD,KAAI,CAAC,OAAO,UAAU,MAAM,CAC1B,OAAM,IAAI,MAAM,2BAA2B;AAE7C,KAAI,QAAQ,EACV,OAAM,IAAI,MAAM,6BAA6B;AAE/C,KAAI,QAAQ,WACV,OAAM,IAAI,MAAM,yBAAyB,WAAW,eAAe;;AAIvE,SAAS,eAAe,MAAkB,QAAsB;AAC9D,KAAI,SAAS,KAAK,UAAU,KAAK,OAC/B,OAAM,IAAI,MACR,UAAU,OAAO,oCAAoC,KAAK,OAAO,GAClE;;AAIL,SAAS,mBAAmB,MAAuB;AACjD,SAAQ,OAAO,sBAAsB;;;;;;;;;;;AC9FvC,SAAgB,mBAAmB,QAA4B;AAE7D,KAAI,OAAO,SAAS,YAAY;EAC9B,MAAM,SAAS,KAAK,OAAO;EAC3B,MAAM,QAAQ,IAAI,WAAW,OAAO,OAAO;AAC3C,OAAK,IAAI,IAAI,GAAG,IAAI,OAAO,QAAQ,IACjC,OAAM,KAAK,OAAO,WAAW,EAAE;AAEjC,SAAO;YAGA,OAAO,WAAW,YACzB,QAAO,IAAI,WAAW,OAAO,KAAK,QAAQ,SAAS,CAAC;KAIpD,OAAM,IAAI,MAAM,8CAA8C;;;;;AAOlE,SAAgB,mBAAmB,OAA2B;AAE5D,KAAI,OAAO,SAAS,YAAY;EAC9B,IAAI,SAAS;AACb,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,YAAY,IACpC,WAAU,OAAO,aAAa,MAAM,GAAG;AAEzC,SAAO,KAAK,OAAO;YAGZ,OAAO,WAAW,YACzB,QAAO,OAAO,KAAK,MAAM,CAAC,SAAS,SAAS;KAI5C,OAAM,IAAI,MAAM,8CAA8C;;;;AC1ClE,MAAa,oCACX,SACiB;CACjB,SAAS,IAAI;CACb,SAAS;EACP,KAAK,IAAI;EACT,IAAI,IAAI;EACT;CACD,eAAe,IAAI;CACpB;AAED,MAAa,qCACX,SACa;CACb,KAAK,IAAI;CACT,IAAI,IAAI;CACT;;;ACHD,MAAa,6BACX,cACoB;CACpB,SAAS,SAAS;CAClB,eAAe,SAAS;CACxB,IAAI,SAAS;CACb,OAAO,SAAS;CAChB,WAAW,IAAI,KAAK,KAAK,MAAM,SAAS,WAAW,CAAC;CACpD,WAAW,SAAS;CACpB,WAAW,SAAS;CACrB;AAED,MAAa,qBAAqB,YAA6C;CAC7E,IAAI,OAAO;CACX,MAAM,OAAO;CACb,GAAI,OAAO,UAAU,KAAA,KAAa,EAAE,OAAO,OAAO,OAAO;CACzD,UAAU,0BAA0B,OAAO,SAAS;CACrD;AAED,MAAM,2BACJ,YACkB;CAClB,IAAI,OAAO;CACX,MAAM,OAAO;CACb,WAAW,IAAI,KAAK,KAAK,MAAM,OAAO,WAAW,CAAC;CACnD;AAED,MAAa,0BACX,UACwB;CACxB,QAAQ;CACR,MAAM,KAAK,KAAK,IAAI,wBAAwB;CAC5C,cAAc;EACZ,GAAI,KAAK,cAAc,UAAU,KAAA,KAAa,EAC5C,OAAO,KAAK,cAAc,OAC3B;EACD,GAAI,KAAK,cAAc,WAAW,KAAA,KAAa,EAC7C,QAAQ,KAAK,cAAc,QAC5B;EACF;CACF;AAED,MAAa,gCACX,SACoB,KAAK,KAAK,IAAI,yBAAyB;AAE7D,MAAM,4BACJ,aACmB;CACnB,WAAW,IAAI,KAAK,KAAK,MAAM,QAAQ,WAAW,CAAC;CACnD,gBAAgB,QAAQ;CACxB,IAAI,QAAQ;CACb;AAED,MAAa,+BACX,aACwB;CACxB,MAAM,QAAQ;CACd,OAAO,QAAQ;CACf,aAAa,QAAQ;CACtB;AAED,MAAa,+BACX,aACwB;CACxB,OAAO,QAAQ;CACf,eAAe,QAAQ;CACxB;;;ACrCD,IAAa,QAAb,MAAmB;CACjB;CAEA,YAAY,QAAiC;AAAhB,OAAA,SAAA;AAC3B,OAAK,iBAAiB,OAAO,mBAAmB;;CAGlD,OAAe,SAA0B;EACvC,MAAM,YAAY,mBAAmB,QAAQ;EAE7C,MAAM,KAAK,IAAI,WAAW,UAAU,SAAS,GAAG,GAAG,CAAC;EACpD,MAAM,MAAM,IAAI,WAAW,UAAU,SAAS,IAAI,GAAG,CAAC;EACtD,MAAM,EAAE,OAAO,QAAQ,cAAc,aAAa,WAAW,GAAG;AAQhE,SAAO;GACL;GACA;GACA,MAPW,mBADM,UAAU,SAAS,WAAW,YAAY,OAAO,CACzB;GAQzC,YANiB,IAAI,WAAW,UAAU,SAAS,YAAY,OAAO,CAAC;GAOxE;;CAGH,MAAM,aAAa,SAAuD;EACxE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,gBACA,4BAA4B,QAAQ,CACrC;AACD,SAAO,0BAA0B,KAAK;;CAGxC,MAAM,YACJ,SAC6B;EAC7B,MAAM,MAAM,IAAI,IAAI,gBAAgB,KAAK,OAAO,QAAQ;AACxD,MAAI,SAAS,MACX,KAAI,aAAa,IAAI,SAAS,QAAQ,MAAM;AAE9C,MAAI,SAAS,MACX,KAAI,aAAa,IAAI,SAAS,QAAQ,MAAM,UAAU,CAAC;EAGzD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,IAAI,UAAU,CACf;AACD,SAAO,uBAAuB,KAAK;;CAGrC,MAAM,mBACJ,SAC0B;EAC1B,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,CAAC,WAChD;AACD,SAAO,6BAA6B,KAAK;;CAG3C,MAAM,WAAW,SAAkD;EACjE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,GAC/C;AACD,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,iBAAiB,MAAoC;EACzD,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,qBAAqB,mBAAmB,KAAK,GAC9C;AACD,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,eAAe,SAAkD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,CAAC,WAChD;AACD,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,aAAa,SAAoD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,IACjC,gBAAgB,mBAAmB,QAAQ,GAAG,IAC9C,4BAA4B,QAAQ,CACrC;AACD,SAAO,kBAAkB,KAAK;;CAGhC,MAAM,aAAa,SAA6C;AAC9D,SAAO,KAAK,OAAO,OAAO,gBAAgB,mBAAmB,QAAQ,GAAG,GAAG;;CAG7E,MAAM,cAAc,SAAqD;EACvE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,2BACA,QACD;AACD,SAAO,iCAAiC,KAAK;;CAG/C,MAAM,eAAe,SAAkD;EACrE,MAAM,EAAE,SAAS,MAAM,KAAK,OAAO,KACjC,0BACA,QACD;AACD,SAAO,kCAAkC,KAAK;;CAGhD,MAAM,QACJ,MACA,SACA,gBACiB;EACjB,MAAM,UAAU,MAAM,KAAK,cAAc,EACvC,SACD,CAAC;EAGF,MAAM,UAAU,IAAI,aAAa;EAGjC,MAAM,MAAM,mBAAmB,QAAQ,QAAQ,IAAI;EACnD,MAAM,UAAU,mBAAmB,QAAQ,cAAc;EAEzD,MAAM,kBAAkB,aAAa,QAAQ,OAAO;EACpD,MAAM,YAAY,iBACd,QAAQ,OAAO,eAAe,GAC9B,KAAA;EAGJ,MAAM,KAAK,KAAK,eAAe,YAAY,GAAG;EAE9C,MAAM,EACJ,YACA,IAAI,UACJ,QACE,MAAM,KAAK,eAAe,QAC5B,QAAQ,OAAO,KAAK,EACpB,KACA,IACA,UACD;EAGD,MAAM,cAAc,IAAI,WACtB,SAAS,SACP,IAAI,SACJ,gBAAgB,SAChB,QAAQ,SACR,WAAW,OACd;EAED,IAAI,SAAS;AACb,cAAY,IAAI,UAAU,OAAO;AACjC,YAAU,SAAS;AAEnB,cAAY,IAAI,KAAK,OAAO;AAC5B,YAAU,IAAI;AAEd,cAAY,IAAI,IAAI,WAAW,gBAAgB,EAAE,OAAO;AACxD,YAAU,gBAAgB;AAE1B,cAAY,IAAI,SAAS,OAAO;AAChC,YAAU,QAAQ;AAElB,cAAY,IAAI,YAAY,OAAO;AAGnC,SAAO,mBAAmB,YAAY;;CAGxC,MAAM,QACJ,eACA,gBACiB;EACjB,MAAM,UAAU,KAAK,OAAO,cAAc;EAI1C,MAAM,MAAM,oBAHI,MAAM,KAAK,eAAe,EAAE,MAAM,QAAQ,MAAM,CAAC,EAG1B,IAAI;EAE3C,MAAM,UAAU,IAAI,aAAa;EACjC,MAAM,YAAY,iBACd,QAAQ,OAAO,eAAe,GAC9B,KAAA;EAEJ,MAAM,YAAY,MAAM,KAAK,eAAe,QAC1C,QAAQ,YACR,KACA,QAAQ,IACR,QAAQ,KACR,UACD;AAED,SAAO,IAAI,aAAa,CAAC,OAAO,UAAU;;;;;AClP9C,IAAa,oBAAb,cAAuC,MAAkC;CACvE,SAAkB;CAClB,OAAgB;CAChB;CAEA,YAAY,EACV,OACA,SACA,aAKC;AACD,SAAO;AAEP,OAAK,YAAY;AAEjB,MAAI,QACF,MAAK,UAAU;WACN,MACT,MAAK,UAAU,UAAU;MAEzB,MAAK,UAAU;;;;;;;;;;ACIrB,SAAgB,iBAA8B;CAC5C,MAAM,OAAO,eAAe;CAC5B,IAAI;AAEJ,KAAI;AACF,UAAQ,MAAR;GACE,KAAK;AAEH,cAAU,OAAO,YAAY,cAAc,QAAQ,UAAU,KAAA;AAC7D;GAEF,KAAK;AAEH,cAAU,WAAW,MAAM,SAAS;AACpC;GAEF,KAAK;AACH,cAAU,WAAW,KAAK,WAAW,gCAAgC;AACrE;GAOF;AACE,cAAU,KAAA;AACV;;SAEE;AACN,YAAU,KAAA;;AAGZ,QAAO;EACL;EACA;EACD;;;;;;AAOH,SAAS,iCAAqD;AAC5D,KAAI;AACF,MAAI,OAAO,cAAc,eAAe,UAAU,UAEhD,QADc,UAAU,UAAU,MAAM,uBAAuB,GAChD;SAEX;;;;;;;AE5BV,MAAM,mBAAmB;AAEzB,MAAM,uBAAuB;AAC7B,MAAM,yBAAyB;AAC/B,MAAM,uBAAuB;AAE7B,IAAa,SAAb,MAAoB;CAClB;CACA;CACA;CACA;CACA;CACA;CAEA;CAEA;CACA,UAAmB,IAAI,QAAQ,KAAK;CACpC,YAAqB,IAAI,UAAU,KAAK;CACxC,gBAAyB,IAAI,cAAc,KAAK;CAChD,gBAAyB,IAAI,cAAc,KAAK;CAChD,SAAkB,IAAI,OAAO,KAAK;CAClC,eAAwB,IAAI,aAAa,KAAK;CAC9C,MAAe,IAAI,IAAI,KAAK;CAC5B,MAAe,IAAI,IAAI,KAAK;CAC5B,gBAAyB,IAAI,cAAc,KAAK;CAChD,sBAA+B,IAAI,oBAAoB,KAAK;CAC5D,eAAwB,IAAI,aAAa,KAAK;CAC9C,QAAiB,IAAI,MAAM,KAAK;CAChC,SAAkB,IAAI,OAAO,KAAK;CAClC,MAAe,IAAI,IAAI,KAAK;CAC5B;CACA,QAAiB,IAAI,MAAM,KAAK;CAChC;CACA,UAAmB,IAAI,QAAQ,KAAK;;;;;;;;;;;;;;;;;;;CAoBpC,YACE,cACA,cACA;AACA,MAAI,OAAO,iBAAiB,UAAU;AACpC,QAAK,MAAM,aAAa;AACxB,QAAK,UAAU;SACV;AACL,QAAK,MAAM;AACX,QAAK,UAAU,gBAAgB,EAAE;;AAGnC,MAAI,CAAC,KAAK,IACR,MAAK,MAAM,OAAO,iBAAiB;AAGrC,OAAK,YAAY,CAAC,CAAC,KAAK;AAExB,MAAI,KAAK,QAAQ,UAAU,KAAA,EACzB,MAAK,QAAQ,QAAQ;AAGvB,OAAK,WAAW,KAAK,QAAQ;AAC7B,MAAI,CAAC,KAAK,SACR,MAAK,WAAW,OAAO,mBAAmB;AAG5C,MAAI,CAAC,KAAK,aAAa,CAAC,KAAK,SAC3B,OAAM,IAAI,MACR,oMAGD;EAGH,MAAM,WAAmB,KAAK,QAAQ,QAAQ,UAAU;EACxD,MAAM,cAAsB,KAAK,QAAQ,eAAe;EACxD,MAAM,OAA2B,KAAK,QAAQ;AAC9C,OAAK,UAAU,GAAG,SAAS,KAAK;AAEhC,MAAI,KACF,MAAK,UAAU,KAAK,UAAU,IAAI;AAGpC,OAAK,OAAO,IAAI,MAAM;AAEtB,OAAK,WAAW,KAAK,qBAAqB;AAC1C,OAAK,UAAU,KAAK,qBAAqB;AAGzC,OAAK,iBAAiB,IAAI,eAAe,KAAK;EAE9C,MAAM,YAAY,KAAK,gBAAgB,KAAK,QAAQ;AAEpD,OAAK,SAAS,KAAK,iBAAiB,KAAK,SAAS,UAAU;;CAG9D,gBAAwB,SAAgC;EACtD,IAAI,YAAoB,eAAeC;EAEvC,MAAM,EAAE,MAAM,aAAa,SAAS,mBAAmB,gBAAgB;AACvE,eAAa,KAAK,cAAc,iBAAiB,IAAI,mBAAmB,GAAG;AAE3E,MAAI,QAAQ,SAAS;GACnB,MAAM,EAAE,MAAM,YAAY,QAAQ;AAClC,gBAAa,IAAI,KAAK,IAAI;;AAG5B,SAAO;;CAGT,sBAAsB;AACpB,SAAO,IAAI,SAAS,KAAK,mBAAmB,CAAC;;CAG/C,sBAAsB;AACpB,SAAO,IAAI,QAAQ,KAAK,mBAAmB,CAAC;;CAG9C,oBAAoC;AAClC,SAAO,IAAI,sBAAsB;;CAGnC,iBAAiB,SAAwB,WAAmB;EAC1D,MAAM,UAAkC,EACtC,cAAc,WACf;EAED,MAAM,gBAAgB,QAAQ,QAAQ;AACtC,MACE,iBACA,OAAO,kBAAkB,YACzB,CAAC,MAAM,QAAQ,cAAc,IAC7B,EAAE,yBAAyB,SAE3B,QAAO,OAAO,SAAS,cAAc;AAGvC,MAAI,KAAK,IACP,SAAQ,mBAAmB,UAAU,KAAK;AAG5C,SAAO,IAAI,gBAAgB,KAAK,SAAS;GACvC,GAAG,QAAQ;GACX,SAAS,QAAQ;GACjB;GACD,CAAC;;CAGJ,IAAI,UAAU;AACZ,SAAOA;;;;;;;CAQT,cAAc,YAA0B;AACtC,MAAI,CAAC,KAAK,UACR,OAAM,IAAI,wBAAwB,WAAW;;CAIjD,MAAM,KACJ,MACA,QACA,UAAuB,EAAE,EACE;AAC3B,MAAI,CAAC,QAAQ,gBACX,MAAK,cAAc,KAAK;EAG1B,MAAM,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;AAGnD,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAI;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,KAAa,MAAM,QAAQ;IACjD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AACrC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,UAAsB,EAAE,EACG;AAC3B,MAAI,CAAC,QAAQ,gBACX,MAAK,cAAc,KAAK;EAG1B,MAAM,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,YACV,gBAAe,wBAAwB,UAAU,QAAQ;AAG3D,MAAI,QAAQ,aACV,gBAAe,wBAAwB,QAAQ;EAGjD,IAAI;AACJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAI,MAAM;IAChC,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,IACJ,MACA,QACA,UAAsB,EAAE,EACG;AAC3B,MAAI,CAAC,QAAQ,gBACX,MAAK,cAAc,KAAK;EAG1B,MAAM,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;EAGnD,IAAI;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,IAAY,MAAM,QAAQ;IAChD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,MACJ,MACA,QACA,UAAwB,EAAE,EACC;AAC3B,MAAI,CAAC,QAAQ,gBACX,MAAK,cAAc,KAAK;EAG1B,MAAM,iBAAyC,EAAE;AAEjD,MAAI,QAAQ,eACV,gBAAe,0BAA0B,QAAQ;EAGnD,IAAI;AAEJ,MAAI;AACF,SAAM,MAAM,KAAK,OAAO,MAAc,MAAM,QAAQ;IAClD,QAAQ,QAAQ;IAChB,SAAS;IACV,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;AAGR,MAAI;AACF,UAAO,EAAE,MAAM,MAAM,IAAI,QAAQ,EAAE;WAC5B,OAAO;AACd,SAAM,KAAK,iBAAiB,OAAO,IAAI;AACvC,SAAM;;;CAIV,MAAM,OAAO,MAAc,OAA4B;AACrD,OAAK,cAAc,KAAK;AAExB,MAAI;AACF,SAAM,KAAK,OAAO,OAAO,MAAM,EAC7B,QAAQ,OACT,CAAC;WACK,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;;CAIV,MAAM,eACJ,MACA,QACe;AACf,OAAK,cAAc,KAAK;AAExB,MAAI;AACF,SAAM,KAAK,OAAO,eAAe,MAAM,QAAQ,EAAE,CAAC;WAC3C,OAAO;AACd,QAAK,gBAAgB;IAAE;IAAM;IAAO,CAAC;AAErC,SAAM;;;CAIV,YAAY,SAAiB;AAE3B,UAAQ,KAAK,WAAW,UAAU;;CAGpC,MAAc,iBACZ,OACA,KACA;AACA,MAAI,iBAAiB,aAAa;GAChC,MAAM,cAAc,IAAI,gBAAgB;GACxC,MAAM,YAAY,YAAY,QAAQ,IAAI,eAAe,IAAI;GAC7D,MAAM,YAAY,YAAY;GAC9B,MAAM,UAAU,MAAM,YAAY,MAAM;AACxC,SAAM,IAAI,WAAW;IACnB,SAAS,MAAM;IACf;IACA;IACA;IACD,CAAC;;;CAIN,gBAAwB,EAAE,MAAM,SAA2C;AACzE,MAAI,EAAE,iBAAiB,iBACrB,OAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE,OAAO,OAAO,CAAC;EAGjE,MAAM,EAAE,aAAa;AAErB,MAAI,UAAU;GACZ,MAAM,EAAE,QAAQ,MAAM,YAAY;GAElC,MAAM,YAAY,QAAQ,mBAAmB;GAC7C,MAAM,EACJ,MACA,mBAAmB,kBACnB,OACA,QACA,YACE;AAEJ,WAAQ,QAAR;IACE,KAAK,IACH,OAAM,IAAI,sBAAsB,UAAU;IAE5C,KAAK,IACH,OAAM,IAAI,kBAAkB;KAAE;KAAW;KAAS;KAAO,CAAC;IAE5D,KAAK,IACH,OAAM,IAAI,6BAA6B;KACrC;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,IACH,OAAM,IAAI,kBAAkB;KAC1B;KACA;KACA;KACA;KACD,CAAC;IAEJ,KAAK,KAAK;KACR,MAAM,aAAa,QAAQ,IAAI,cAAc;AAE7C,WAAM,IAAI,2BACR,KAAK,SACL,WACA,aAAa,OAAO,WAAW,GAAG,KACnC;;IAEH,QACE,KAAI,SAAS,iBACX,OAAM,IAAI,eACR,QACA,WACA,OACA,kBACA,KACD;aACQ,QAAQ,OAGjB,OAAM,IAAI,oBAAoB;KAC5B;KACA;KACA;KACA;KACD,CAAC;QAEF,OAAM,IAAI,uBACR,QACA,KAAK,SACL,MACA,UACD;;;;;;;ACvfb,IAAY,kBAAL,yBAAA,iBAAA;AACL,iBAAA,cAAA;AACA,iBAAA,aAAA;;KACD;;;ACJD,IAAY,0BAAL,yBAAA,yBAAA;AACL,yBAAA,cAAA;AACA,yBAAA,aAAA;AACA,yBAAA,YAAA;;KACD;AAED,IAAY,yCAAL,yBAAA,wCAAA;AACL,wCAAA,SAAA;AACA,wCAAA,YAAA;;KACD;;;ACTD,IAAY,2BAAL,yBAAA,0BAAA;AACL,0BAAA,eAAA;AACA,0BAAA,wBAAA;AACA,0BAAA,WAAA;AACA,0BAAA,gBAAA;AACA,0BAAA,SAAA;AACA,0BAAA,wBAAA;AACA,0BAAA,qBAAA;;KACD;;;ACRD,IAAY,iBAAL,yBAAA,gBAAA;AACL,gBAAA,cAAA;AACA,gBAAA,aAAA;AACA,gBAAA,gBAAA;AACA,gBAAA,eAAA;AACA,gBAAA,eAAA;AACA,gBAAA,aAAA;AACA,gBAAA,mBAAA;AACA,gBAAA,oBAAA;AACA,gBAAA,kBAAA;AACA,gBAAA,aAAA;AACA,gBAAA,iBAAA;AACA,gBAAA,iBAAA;AACA,gBAAA,iBAAA;AACA,gBAAA,iBAAA;AACA,gBAAA,gBAAA;AACA,gBAAA,mBAAA;AACA,gBAAA,kBAAA;AACA,gBAAA,kBAAA;AACA,gBAAA,kBAAA;AACA,gBAAA,eAAA;AACA,gBAAA,oBAAA;AACA,gBAAA,oBAAA;AACA,gBAAA,eAAA;AACA,gBAAA,cAAA;AACA,gBAAA,kBAAA;AACA,gBAAA,gBAAA;AACA,gBAAA,sBAAA;AACA,gBAAA,iBAAA;AACA,gBAAA,kBAAA;AACA,gBAAA,qBAAA;AACA,gBAAA,oBAAA;AACA,gBAAA,2BAAA;AACA,gBAAA,oBAAA;AACA,gBAAA,uBAAA;AACA,gBAAA,gBAAA;;KACD;;;AC8DD,SAAgB,aACd,SACuB;AACvB,QAAO,IAAI,OAAO,QAAQ"}