ai-database 0.0.0-development → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/.turbo/turbo-build.log +5 -0
  2. package/.turbo/turbo-test.log +102 -0
  3. package/README.md +402 -47
  4. package/TESTING.md +410 -0
  5. package/TEST_SUMMARY.md +250 -0
  6. package/TODO.md +128 -0
  7. package/dist/ai-promise-db.d.ts +370 -0
  8. package/dist/ai-promise-db.d.ts.map +1 -0
  9. package/dist/ai-promise-db.js +839 -0
  10. package/dist/ai-promise-db.js.map +1 -0
  11. package/dist/authorization.d.ts +531 -0
  12. package/dist/authorization.d.ts.map +1 -0
  13. package/dist/authorization.js +632 -0
  14. package/dist/authorization.js.map +1 -0
  15. package/dist/durable-clickhouse.d.ts +193 -0
  16. package/dist/durable-clickhouse.d.ts.map +1 -0
  17. package/dist/durable-clickhouse.js +422 -0
  18. package/dist/durable-clickhouse.js.map +1 -0
  19. package/dist/durable-promise.d.ts +182 -0
  20. package/dist/durable-promise.d.ts.map +1 -0
  21. package/dist/durable-promise.js +409 -0
  22. package/dist/durable-promise.js.map +1 -0
  23. package/dist/execution-queue.d.ts +239 -0
  24. package/dist/execution-queue.d.ts.map +1 -0
  25. package/dist/execution-queue.js +400 -0
  26. package/dist/execution-queue.js.map +1 -0
  27. package/dist/index.d.ts +54 -0
  28. package/dist/index.d.ts.map +1 -0
  29. package/dist/index.js +79 -0
  30. package/dist/index.js.map +1 -0
  31. package/dist/linguistic.d.ts +115 -0
  32. package/dist/linguistic.d.ts.map +1 -0
  33. package/dist/linguistic.js +379 -0
  34. package/dist/linguistic.js.map +1 -0
  35. package/dist/memory-provider.d.ts +304 -0
  36. package/dist/memory-provider.d.ts.map +1 -0
  37. package/dist/memory-provider.js +785 -0
  38. package/dist/memory-provider.js.map +1 -0
  39. package/dist/schema.d.ts +899 -0
  40. package/dist/schema.d.ts.map +1 -0
  41. package/dist/schema.js +1165 -0
  42. package/dist/schema.js.map +1 -0
  43. package/dist/tests.d.ts +107 -0
  44. package/dist/tests.d.ts.map +1 -0
  45. package/dist/tests.js +568 -0
  46. package/dist/tests.js.map +1 -0
  47. package/dist/types.d.ts +972 -0
  48. package/dist/types.d.ts.map +1 -0
  49. package/dist/types.js +126 -0
  50. package/dist/types.js.map +1 -0
  51. package/package.json +37 -23
  52. package/src/ai-promise-db.ts +1243 -0
  53. package/src/authorization.ts +1102 -0
  54. package/src/durable-clickhouse.ts +596 -0
  55. package/src/durable-promise.ts +582 -0
  56. package/src/execution-queue.ts +608 -0
  57. package/src/index.test.ts +868 -0
  58. package/src/index.ts +337 -0
  59. package/src/linguistic.ts +404 -0
  60. package/src/memory-provider.test.ts +1036 -0
  61. package/src/memory-provider.ts +1119 -0
  62. package/src/schema.test.ts +1254 -0
  63. package/src/schema.ts +2296 -0
  64. package/src/tests.ts +725 -0
  65. package/src/types.ts +1177 -0
  66. package/test/README.md +153 -0
  67. package/test/edge-cases.test.ts +646 -0
  68. package/test/provider-resolution.test.ts +402 -0
  69. package/tsconfig.json +9 -0
  70. package/vitest.config.ts +19 -0
  71. package/LICENSE +0 -21
  72. package/dist/types/database.d.ts +0 -46
  73. package/dist/types/document.d.ts +0 -15
  74. package/dist/types/index.d.ts +0 -5
  75. package/dist/types/mdxdb/embedding.d.ts +0 -7
  76. package/dist/types/mdxdb/types.d.ts +0 -59
  77. package/dist/types/synthetic.d.ts +0 -9
  78. package/dist/types/tools.d.ts +0 -10
  79. package/dist/types/vector.d.ts +0 -16
package/dist/authorization.js ADDED
@@ -0,0 +1,632 @@
1
+ /**
2
+ * Authorization Primitives (FGA/RBAC)
3
+ *
4
+ * Based on WorkOS FGA design - Fine-Grained Authorization that:
5
+ * - Extends RBAC with resource-scoped, hierarchical permissions
6
+ * - Uses Subjects, Resources, Roles, Permissions, Assignments
7
+ * - Supports automatic inheritance through resource hierarchy
8
+ * - Integrates with Noun/Verb for action authorization
9
+ *
10
+ * @see https://workos.com/docs/fga
11
+ * @packageDocumentation
12
+ */
13
+ /**
14
+ * Common SaaS resource hierarchies
15
+ */
16
+ export const StandardHierarchies = {
17
+ /** Organization → Workspace → Project → Resource */
18
+ saas: {
19
+ levels: [
20
+ { name: 'organization', description: 'Top-level organization' },
21
+ { name: 'workspace', description: 'Workspace within org', parentType: 'organization' },
22
+ { name: 'project', description: 'Project within workspace', parentType: 'workspace' },
23
+ { name: 'resource', description: 'Resource within project', parentType: 'project' },
24
+ ],
25
+ maxDepth: 4,
26
+ },
27
+ /** Organization → Team → Repository */
28
+ devtools: {
29
+ levels: [
30
+ { name: 'organization', description: 'Top-level organization' },
31
+ { name: 'team', description: 'Team within org', parentType: 'organization' },
32
+ { name: 'repository', description: 'Repository owned by team', parentType: 'team' },
33
+ ],
34
+ maxDepth: 3,
35
+ },
36
+ /** Account → Folder → Document */
37
+ documents: {
38
+ levels: [
39
+ { name: 'account', description: 'User account' },
40
+ { name: 'folder', description: 'Folder in account', parentType: 'account' },
41
+ { name: 'document', description: 'Document in folder', parentType: 'folder' },
42
+ ],
43
+ maxDepth: 3,
44
+ },
45
+ };
46
+ // =============================================================================
47
+ // Role Definitions
48
+ // =============================================================================
49
+ /**
50
+ * Standard permissions
51
+ *
52
+ * Beyond CRUD, we add `act` for domain-specific verbs (send, pay, publish, etc.)
53
+ *
54
+ * Permission levels:
55
+ * - read → view data (GET operations)
56
+ * - edit → modify data (PUT/PATCH operations)
57
+ * - act → perform actions/verbs (POST operations with side effects)
58
+ * - delete → remove (DELETE operations)
59
+ * - manage → all + role assignment
60
+ */
61
+ export const StandardPermissions = {
62
+ create: (resourceType) => ({
63
+ name: 'create',
64
+ description: `Create ${resourceType}`,
65
+ resourceType,
66
+ actions: ['create'],
67
+ inheritable: true,
68
+ }),
69
+ read: (resourceType) => ({
70
+ name: 'read',
71
+ description: `Read ${resourceType}`,
72
+ resourceType,
73
+ actions: ['read', 'get', 'list', 'search', 'view'],
74
+ inheritable: true,
75
+ }),
76
+ edit: (resourceType) => ({
77
+ name: 'edit',
78
+ description: `Edit ${resourceType}`,
79
+ resourceType,
80
+ actions: ['update', 'edit', 'modify', 'patch'],
81
+ inheritable: true,
82
+ }),
83
+ /**
84
+ * Act - perform domain-specific verbs/actions
85
+ *
86
+ * This is for state transitions and side effects:
87
+ * - invoice.send, invoice.pay, invoice.void
88
+ * - document.publish, document.archive
89
+ * - order.fulfill, order.refund
90
+ *
91
+ * Can be scoped: act:* (all), act:send, act:pay, etc.
92
+ */
93
+ act: (resourceType, verbs) => ({
94
+ name: 'act',
95
+ description: verbs
96
+ ? `Perform ${verbs.join(', ')} on ${resourceType}`
97
+ : `Perform actions on ${resourceType}`,
98
+ resourceType,
99
+ actions: verbs || ['*'], // '*' means all verbs
100
+ inheritable: true,
101
+ }),
102
+ delete: (resourceType) => ({
103
+ name: 'delete',
104
+ description: `Delete ${resourceType}`,
105
+ resourceType,
106
+ actions: ['delete', 'remove', 'destroy'],
107
+ inheritable: false, // Usually not inherited
108
+ }),
109
+ manage: (resourceType) => ({
110
+ name: 'manage',
111
+ description: `Full management of ${resourceType}`,
112
+ resourceType,
113
+ actions: ['*'], // All actions
114
+ inheritable: true,
115
+ }),
116
+ };
117
+ /**
118
+ * @deprecated Use StandardPermissions instead
119
+ */
120
+ export const CRUDPermissions = StandardPermissions;
121
+ // =============================================================================
122
+ // Verb-Scoped Permissions (e.g., invoice.pay, document.publish)
123
+ // =============================================================================
124
+ /**
125
+ * Create a verb-scoped permission
126
+ *
127
+ * @example
128
+ * ```ts
129
+ * // Single verb
130
+ * const canPay = verbPermission('invoice', 'pay')
131
+ * // { name: 'invoice.pay', actions: ['pay'], resourceType: 'invoice' }
132
+ *
133
+ * // Multiple verbs
134
+ * const canManagePayments = verbPermission('invoice', ['send', 'pay', 'void', 'refund'])
135
+ * ```
136
+ */
137
+ export function verbPermission(resourceType, verbs, options) {
138
+ const verbList = Array.isArray(verbs) ? verbs : [verbs];
139
+ const name = verbList.length === 1
140
+ ? `${resourceType}.${verbList[0]}`
141
+ : `${resourceType}.[${verbList.join(',')}]`;
142
+ return {
143
+ name,
144
+ description: options?.description || `Can ${verbList.join(', ')} ${resourceType}`,
145
+ resourceType,
146
+ actions: verbList,
147
+ inheritable: options?.inheritable ?? true,
148
+ };
149
+ }
150
+ /**
151
+ * Create permissions from a Noun's actions
152
+ *
153
+ * @example
154
+ * ```ts
155
+ * const invoicePerms = nounPermissions(InvoiceNoun)
156
+ * // Creates: invoice.create, invoice.send, invoice.pay, invoice.void, etc.
157
+ * ```
158
+ */
159
+ export function nounPermissions(noun) {
160
+ const resourceType = noun.singular;
161
+ const permissions = [];
162
+ // Standard CRUD
163
+ permissions.push(StandardPermissions.read(resourceType));
164
+ permissions.push(StandardPermissions.edit(resourceType));
165
+ permissions.push(StandardPermissions.delete(resourceType));
166
+ // Domain-specific verbs from noun.actions
167
+ if (noun.actions) {
168
+ for (const action of noun.actions) {
169
+ const verb = typeof action === 'string' ? action : action.action;
170
+ // Skip standard CRUD verbs (already covered)
171
+ if (['create', 'read', 'update', 'delete', 'get', 'list'].includes(verb))
172
+ continue;
173
+ permissions.push(verbPermission(resourceType, verb));
174
+ }
175
+ }
176
+ return permissions;
177
+ }
178
+ /**
179
+ * Permission pattern matching
180
+ *
181
+ * Checks if an action matches a permission pattern.
182
+ *
183
+ * @example
184
+ * ```ts
185
+ * matchesPermission('pay', ['*']) // true - wildcard
186
+ * matchesPermission('pay', ['pay']) // true - exact
187
+ * matchesPermission('pay', ['send', 'pay']) // true - in list
188
+ * matchesPermission('pay', ['send']) // false
189
+ * ```
190
+ */
191
+ export function matchesPermission(action, allowedActions) {
192
+ if (allowedActions.includes('*'))
193
+ return true;
194
+ if (allowedActions.includes(action))
195
+ return true;
196
+ // Check for prefix patterns like 'invoice.*' matching 'invoice.pay'
197
+ for (const pattern of allowedActions) {
198
+ if (pattern.endsWith('.*')) {
199
+ const prefix = pattern.slice(0, -2);
200
+ if (action.startsWith(prefix + '.'))
201
+ return true;
202
+ }
203
+ }
204
+ return false;
205
+ }
206
+ /**
207
+ * Create standard roles for a resource type
208
+ */
209
+ export function createStandardRoles(resourceType) {
210
+ return {
211
+ owner: {
212
+ id: `${resourceType}:owner`,
213
+ name: 'Owner',
214
+ description: `Full control of ${resourceType}, including deletion and transfer`,
215
+ resourceType,
216
+ permissions: [
217
+ CRUDPermissions.manage(resourceType),
218
+ {
219
+ name: 'transfer',
220
+ description: 'Transfer ownership',
221
+ resourceType,
222
+ actions: ['transfer'],
223
+ inheritable: false,
224
+ },
225
+ ],
226
+ },
227
+ admin: {
228
+ id: `${resourceType}:admin`,
229
+ name: 'Admin',
230
+ description: `Administrative access to ${resourceType}`,
231
+ resourceType,
232
+ permissions: [
233
+ StandardPermissions.create(resourceType),
234
+ StandardPermissions.read(resourceType),
235
+ StandardPermissions.edit(resourceType),
236
+ StandardPermissions.act(resourceType),
237
+ StandardPermissions.delete(resourceType),
238
+ ],
239
+ },
240
+ editor: {
241
+ id: `${resourceType}:editor`,
242
+ name: 'Editor',
243
+ description: `Can edit ${resourceType}`,
244
+ resourceType,
245
+ permissions: [
246
+ StandardPermissions.read(resourceType),
247
+ StandardPermissions.edit(resourceType),
248
+ StandardPermissions.act(resourceType),
249
+ ],
250
+ },
251
+ viewer: {
252
+ id: `${resourceType}:viewer`,
253
+ name: 'Viewer',
254
+ description: `Read-only access to ${resourceType}`,
255
+ resourceType,
256
+ permissions: [
257
+ StandardPermissions.read(resourceType),
258
+ ],
259
+ },
260
+ guest: {
261
+ id: `${resourceType}:guest`,
262
+ name: 'Guest',
263
+ description: `Limited access to ${resourceType}`,
264
+ resourceType,
265
+ permissions: [
266
+ {
267
+ name: 'view',
268
+ description: 'View basic info',
269
+ resourceType,
270
+ actions: ['get'],
271
+ inheritable: false,
272
+ },
273
+ ],
274
+ },
275
+ };
276
+ }
277
+ /**
278
+ * Add authorization to a Noun
279
+ */
280
+ export function authorizeNoun(noun, config) {
281
+ return {
282
+ ...noun,
283
+ authorization: config,
284
+ };
285
+ }
286
+ // =============================================================================
287
+ // Helper Functions
288
+ // =============================================================================
289
+ /**
290
+ * Parse subject string to Subject object
291
+ *
292
+ * @example
293
+ * ```ts
294
+ * parseSubject('user:123') // { type: 'user', id: '123' }
295
+ * parseSubject('group:admins') // { type: 'group', id: 'admins' }
296
+ * ```
297
+ */
298
+ export function parseSubject(str) {
299
+ const [type, id] = str.split(':');
300
+ if (!type || !id) {
301
+ throw new Error(`Invalid subject format: ${str}. Expected 'type:id'`);
302
+ }
303
+ return { type, id };
304
+ }
305
+ /**
306
+ * Format Subject as string
307
+ */
308
+ export function formatSubject(subject) {
309
+ return `${subject.type}:${subject.id}`;
310
+ }
311
+ /**
312
+ * Parse resource string to ResourceRef
313
+ *
314
+ * @example
315
+ * ```ts
316
+ * parseResource('workspace:456') // { type: 'workspace', id: '456' }
317
+ * ```
318
+ */
319
+ export function parseResource(str) {
320
+ const [type, id] = str.split(':');
321
+ if (!type || !id) {
322
+ throw new Error(`Invalid resource format: ${str}. Expected 'type:id'`);
323
+ }
324
+ return { type, id };
325
+ }
326
+ /**
327
+ * Format ResourceRef as string
328
+ */
329
+ export function formatResource(resource) {
330
+ return `${resource.type}:${resource.id}`;
331
+ }
332
+ /**
333
+ * Check if a subject matches another (for assignment matching)
334
+ */
335
+ export function subjectMatches(a, b) {
336
+ return a.type === b.type && a.id === b.id;
337
+ }
338
+ /**
339
+ * Check if a resource matches another
340
+ */
341
+ export function resourceMatches(a, b) {
342
+ return a.type === b.type && a.id === b.id;
343
+ }
344
+ // =============================================================================
345
+ // In-Memory Authorization Engine (for testing/development)
346
+ // =============================================================================
347
+ /**
348
+ * In-memory authorization engine
349
+ *
350
+ * Simple implementation for testing and development.
351
+ * For production, use WorkOS or a persistent provider.
352
+ */
353
+ export class InMemoryAuthorizationEngine {
354
+ resources = new Map();
355
+ assignments = new Map();
356
+ roles = new Map();
357
+ hierarchy;
358
+ constructor(config) {
359
+ this.hierarchy = config?.hierarchy || StandardHierarchies.saas;
360
+ if (config?.roles) {
361
+ for (const role of config.roles) {
362
+ this.roles.set(role.id, role);
363
+ }
364
+ }
365
+ }
366
+ // Resource management
367
+ async createResource(resource) {
368
+ const key = formatResource(resource);
369
+ this.resources.set(key, resource);
370
+ return resource;
371
+ }
372
+ async getResource(ref) {
373
+ return this.resources.get(formatResource(ref)) || null;
374
+ }
375
+ async deleteResource(ref) {
376
+ this.resources.delete(formatResource(ref));
377
+ }
378
+ async listResources(type, parentRef) {
379
+ const results = [];
380
+ for (const resource of this.resources.values()) {
381
+ if (resource.type !== type)
382
+ continue;
383
+ if (parentRef && (!resource.parent || !resourceMatches(resource.parent, parentRef)))
384
+ continue;
385
+ results.push(resource);
386
+ }
387
+ return results;
388
+ }
389
+ // Assignment management
390
+ async assign(input) {
391
+ const subject = typeof input.subject === 'string'
392
+ ? parseSubject(input.subject)
393
+ : input.subject;
394
+ const resource = typeof input.resource === 'string'
395
+ ? parseResource(input.resource)
396
+ : input.resource;
397
+ const assignment = {
398
+ id: `${formatSubject(subject)}:${input.role}:${formatResource(resource)}`,
399
+ subject,
400
+ role: input.role,
401
+ resource,
402
+ createdAt: new Date(),
403
+ expiresAt: input.expiresAt,
404
+ metadata: input.metadata,
405
+ };
406
+ this.assignments.set(assignment.id, assignment);
407
+ return assignment;
408
+ }
409
+ async unassign(assignmentId) {
410
+ this.assignments.delete(assignmentId);
411
+ }
412
+ async getAssignment(id) {
413
+ return this.assignments.get(id) || null;
414
+ }
415
+ async listAssignments(filter) {
416
+ const results = [];
417
+ for (const assignment of this.assignments.values()) {
418
+ if (filter.subject && !subjectMatches(assignment.subject, filter.subject))
419
+ continue;
420
+ if (filter.role && assignment.role !== filter.role)
421
+ continue;
422
+ if (filter.resource && !resourceMatches(assignment.resource, filter.resource))
423
+ continue;
424
+ results.push(assignment);
425
+ }
426
+ return results;
427
+ }
428
+ // Authorization checks
429
+ async check(request) {
430
+ const start = Date.now();
431
+ const subject = typeof request.subject === 'string'
432
+ ? parseSubject(request.subject)
433
+ : request.subject;
434
+ const resource = typeof request.resource === 'string'
435
+ ? parseResource(request.resource)
436
+ : request.resource;
437
+ // Check direct assignments
438
+ const assignments = await this.listAssignments({ subject });
439
+ for (const assignment of assignments) {
440
+ // Check if assignment is on this resource or a parent
441
+ if (this.resourceInScope(resource, assignment.resource)) {
442
+ const role = this.roles.get(assignment.role);
443
+ if (role && this.roleGrantsAction(role, request.action, resource.type)) {
444
+ return {
445
+ allowed: true,
446
+ reason: `Granted by role '${role.name}' on ${formatResource(assignment.resource)}`,
447
+ assignment,
448
+ latencyMs: Date.now() - start,
449
+ };
450
+ }
451
+ }
452
+ }
453
+ return {
454
+ allowed: false,
455
+ reason: 'No matching assignment found',
456
+ latencyMs: Date.now() - start,
457
+ };
458
+ }
459
+ async batchCheck(request) {
460
+ const start = Date.now();
461
+ const results = await Promise.all(request.checks.map(c => this.check(c)));
462
+ return {
463
+ results,
464
+ latencyMs: Date.now() - start,
465
+ };
466
+ }
467
+ // Discovery
468
+ async listSubjectsWithAccess(resource, action) {
469
+ const subjects = [];
470
+ const seen = new Set();
471
+ for (const assignment of this.assignments.values()) {
472
+ if (!this.resourceInScope(resource, assignment.resource))
473
+ continue;
474
+ const role = this.roles.get(assignment.role);
475
+ if (action && role && !this.roleGrantsAction(role, action, resource.type))
476
+ continue;
477
+ const key = formatSubject(assignment.subject);
478
+ if (!seen.has(key)) {
479
+ seen.add(key);
480
+ subjects.push(assignment.subject);
481
+ }
482
+ }
483
+ return subjects;
484
+ }
485
+ async listResourcesForSubject(subject, resourceType, action) {
486
+ const resources = [];
487
+ const assignments = await this.listAssignments({ subject });
488
+ for (const assignment of assignments) {
489
+ const role = this.roles.get(assignment.role);
490
+ if (!role)
491
+ continue;
492
+ if (action && !this.roleGrantsAction(role, action, resourceType))
493
+ continue;
494
+ // Find all resources of the type that are in scope
495
+ for (const resource of this.resources.values()) {
496
+ if (resource.type !== resourceType)
497
+ continue;
498
+ if (this.resourceInScope(resource, assignment.resource)) {
499
+ resources.push(resource);
500
+ }
501
+ }
502
+ }
503
+ return resources;
504
+ }
505
+ // Helpers
506
+ resourceInScope(target, scope) {
507
+ // Same resource
508
+ if (resourceMatches(target, scope))
509
+ return true;
510
+ // Check if scope is a parent of target
511
+ const targetResource = this.resources.get(formatResource(target));
512
+ if (!targetResource?.parent)
513
+ return false;
514
+ return this.resourceInScope(targetResource.parent, scope);
515
+ }
516
+ roleGrantsAction(role, action, resourceType) {
517
+ for (const permission of role.permissions) {
518
+ // Check resource type match (or inheritable)
519
+ if (permission.resourceType !== resourceType && !permission.inheritable)
520
+ continue;
521
+ // Check action match
522
+ if (permission.actions.includes(action) || permission.actions.includes('*')) {
523
+ return true;
524
+ }
525
+ }
526
+ // Check inherited roles
527
+ if (role.inherits) {
528
+ for (const inheritedRoleId of role.inherits) {
529
+ const inheritedRole = this.roles.get(inheritedRoleId);
530
+ if (inheritedRole && this.roleGrantsAction(inheritedRole, action, resourceType)) {
531
+ return true;
532
+ }
533
+ }
534
+ }
535
+ return false;
536
+ }
537
+ // Role management
538
+ registerRole(role) {
539
+ this.roles.set(role.id, role);
540
+ }
541
+ getRole(id) {
542
+ return this.roles.get(id);
543
+ }
544
+ }
545
+ /**
546
+ * Link business roles to authorization roles
547
+ */
548
+ export function linkBusinessRole(businessRole, authRoles) {
549
+ return {
550
+ ...businessRole,
551
+ authorizationRoles: [
552
+ ...(businessRole.authorizationRoles || []),
553
+ ...authRoles,
554
+ ],
555
+ };
556
+ }
557
+ // =============================================================================
558
+ // Noun Definition for Role (makes Role a first-class entity)
559
+ // =============================================================================
560
+ /**
561
+ * Role as a Noun - can be stored in ai-database
562
+ */
563
+ export const RoleNoun = {
564
+ singular: 'role',
565
+ plural: 'roles',
566
+ description: 'An authorization role with permissions',
567
+ properties: {
568
+ id: { type: 'string', description: 'Unique role identifier' },
569
+ name: { type: 'string', description: 'Display name' },
570
+ description: { type: 'string', optional: true, description: 'Role description' },
571
+ resourceType: { type: 'string', description: 'Resource type this role is scoped to' },
572
+ level: { type: 'string', optional: true, description: 'Role level (owner, admin, editor, viewer, guest)' },
573
+ },
574
+ relationships: {
575
+ permissions: { type: 'Permission[]', description: 'Permissions granted by this role' },
576
+ inherits: { type: 'Role[]', description: 'Parent roles inherited from' },
577
+ assignments: { type: 'Assignment[]', backref: 'role', description: 'Assignments using this role' },
578
+ },
579
+ actions: ['create', 'update', 'delete', 'assign', 'unassign'],
580
+ events: ['created', 'updated', 'deleted', 'assigned', 'unassigned'],
581
+ };
582
+ /**
583
+ * Assignment as a Noun
584
+ */
585
+ export const AssignmentNoun = {
586
+ singular: 'assignment',
587
+ plural: 'assignments',
588
+ description: 'A role assignment binding subject, role, and resource',
589
+ properties: {
590
+ id: { type: 'string', description: 'Unique assignment identifier' },
591
+ subjectType: { type: 'string', description: 'Subject type (user, group, service, agent)' },
592
+ subjectId: { type: 'string', description: 'Subject identifier' },
593
+ roleId: { type: 'string', description: 'Role identifier' },
594
+ resourceType: { type: 'string', description: 'Resource type' },
595
+ resourceId: { type: 'string', description: 'Resource identifier' },
596
+ expiresAt: { type: 'datetime', optional: true, description: 'Expiration timestamp' },
597
+ },
598
+ relationships: {
599
+ role: { type: 'Role', backref: 'assignments', description: 'The assigned role' },
600
+ },
601
+ actions: ['create', 'delete', 'extend', 'revoke'],
602
+ events: ['created', 'deleted', 'extended', 'revoked', 'expired'],
603
+ };
604
+ /**
605
+ * Permission as a Noun
606
+ */
607
+ export const PermissionNoun = {
608
+ singular: 'permission',
609
+ plural: 'permissions',
610
+ description: 'A permission granting actions on a resource type',
611
+ properties: {
612
+ name: { type: 'string', description: 'Permission name' },
613
+ description: { type: 'string', optional: true, description: 'Permission description' },
614
+ resourceType: { type: 'string', description: 'Resource type this applies to' },
615
+ actions: { type: 'string', array: true, description: 'Actions granted' },
616
+ inheritable: { type: 'boolean', optional: true, description: 'Whether permission flows to children' },
617
+ },
618
+ relationships: {
619
+ roles: { type: 'Role[]', backref: 'permissions', description: 'Roles that include this permission' },
620
+ },
621
+ actions: ['create', 'update', 'delete'],
622
+ events: ['created', 'updated', 'deleted'],
623
+ };
624
+ /**
625
+ * All authorization-related Nouns
626
+ */
627
+ export const AuthorizationNouns = {
628
+ Role: RoleNoun,
629
+ Assignment: AssignmentNoun,
630
+ Permission: PermissionNoun,
631
+ };
632
+ //# sourceMappingURL=authorization.js.map
package/dist/authorization.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"authorization.js","sourceRoot":"","sources":["../src/authorization.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAwRH;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,oDAAoD;IACpD,IAAI,EAAE;QACJ,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE,wBAAwB,EAAE;YAC/D,EAAE,IAAI,EAAE,WAAW,EAAE,WAAW,EAAE,sBAAsB,EAAE,UAAU,EAAE,cAAc,EAAE;YACtF,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,0BAA0B,EAAE,UAAU,EAAE,WAAW,EAAE;YACrF,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,yBAAyB,EAAE,UAAU,EAAE,SAAS,EAAE;SACpF;QACD,QAAQ,EAAE,CAAC;KACZ;IAED,uCAAuC;IACvC,QAAQ,EAAE;QACR,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE,wBAAwB,EAAE;YAC/D,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,EAAE,UAAU,EAAE,cAAc,EAAE;YAC5E,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,0BAA0B,EAAE,UAAU,EAAE,MAAM,EAAE;SACpF;QACD,QAAQ,EAAE,CAAC;KACZ;IAED,kCAAkC;IAClC,SAAS,EAAE;QACT,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE;YAChD,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE,UAAU,EAAE,SAAS,EAAE;YAC3E,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,oBAAoB,EAAE,UAAU,EAAE,QAAQ,EAAE;SAC9E;QACD,QAAQ,EAAE,CAAC;KACZ;CACmD,CAAA;AAEtD,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,MAAM,EAAE,CAAC,YAAoB,EAAc,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,UAAU,YAAY,EAAE;QACrC,YAAY;QACZ,OAAO,EAAE,CAAC,QAAQ,CAAC;QACnB,WAAW,EAAE,IAAI;KAClB,CAAC;IAEF,IAAI,EAAE,CAAC,YAAoB,EAAc,EAAE,CAAC,CAAC;QAC3C,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,QAAQ,YAAY,EAAE;QACnC,YAAY;QACZ,OAAO,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC;QAClD,WAAW,EAAE,IAAI;KAClB,CAAC;IAEF,IAAI,EAAE,CAAC,YAAoB,EAAc,EAAE,CAAC,CAAC;QAC3C,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,QAAQ,YAAY,EAAE;QACnC,YAAY;QACZ,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC;QAC9C,WAAW,EAAE,IAAI;KAClB,CAAC;IAEF;;;;;;;;;OASG;IACH,GAAG,EAAE,CAAC,YAAoB,EAAE,KAAgB,EAAc,EAAE,CAAC,CAAC;QAC5D,IAAI,EAAE,KAAK;QACX,WAAW,EAAE,KAAK;YAChB,CAAC,CAAC,WAAW,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,YAAY,EAAE;YAClD,CAAC,CAAC,sBAAsB,YAAY,EAAE;QACxC,YAAY;QACZ,OAAO,EAAE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAG,sBAAsB;QAChD,WAAW,EAAE,IAAI;KAClB,CAAC;IAEF,MAAM,EAAE,CAAC,YAAoB,EAAc,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,UAAU,YAAY,EAAE;QACrC,YAAY;QACZ,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC;QACxC,WAAW,EAAE,KAAK,EAAG,wBAAwB;KAC9C,CAAC;IAEF,MAAM,EAAE,CAAC,YAAoB,EAAc,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,sBAAsB,YAAY,EAAE;QACjD,YAAY;QACZ,OAAO,EAAE,CAAC,GAAG,CAAC,EAAG,cAAc;QAC/B,WAAW,EAAE,IAAI;KAClB,CAAC;CACH,CAAA;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,mBAAmB,CAAA;AAElD,gFAAgF;AAChF,gEAAgE;AAChE,gFAAgF;AAEhF;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,cAAc,CAC5B,YAAoB,EACpB,KAAwB,EACxB,OAAyD;IAEzD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;IACvD,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC;QAChC,CAAC,CAAC,GAAG,YAAY,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE;QAClC,CAAC,CAAC,GAAG,YAAY,KAAK,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAA;IAE7C,OAAO;QACL,IAAI;QACJ,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,YAAY,EAAE;QACjF,YAAY;QACZ,OAAO,EAAE,QAAQ;QACjB,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,IAAI;KAC1C,CAAA;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,IAAU;IACxC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAA;IAClC,MAAM,WAAW,GAAiB,EAAE,CAAA;IAEpC,gBAAgB;IAChB,WAAW,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAA;IACxD,WAAW,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAA;IACxD,WAAW,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IAE1D,0CAA0C;IAC1C,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAA;YAChE,6CAA6C;YAC7C,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAAE,SAAQ;YAElF,WAAW,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC,CAAA;QACtD,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAA;AACpB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAc,EAAE,cAAwB;IACxE,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAC7C,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAA;IAEhD,oEAAoE;IACpE,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACnC,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAA;QAClD,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,YAAoB;IACtD,OAAO;QACL,KAAK,EAAE;YACL,EAAE,EAAE,GAAG,YAAY,QAAQ;YAC3B,IAAI,EAAE,OAAO;YACb,WAAW,EAAE,mBAAmB,YAAY,mCAAmC;YAC/E,YAAY;YACZ,WAAW,EAAE;gBACX,eAAe,CAAC,MAAM,CAAC,YAAY,CAAC;gBACpC;oBACE,IAAI,EAAE,UAAU;oBAChB,WAAW,EAAE,oBAAoB;oBACjC,YAAY;oBACZ,OAAO,EAAE,CAAC,UAAU,CAAC;oBACrB,WAAW,EAAE,KAAK;iBACnB;aACF;SACF;QAED,KAAK,EAAE;YACL,EAAE,EAAE,GAAG,YAAY,QAAQ;YAC3B,IAAI,EAAE,OAAO;YACb,WAAW,EAAE,4BAA4B,YAAY,EAAE;YACvD,YAAY;YACZ,WAAW,EAAE;gBACX,mBAAmB,CAAC,MAAM,CAAC,YAAY,CAAC;gBACxC,mBAAmB,CAAC,IAAI,CAAC,YAAY,CAAC;gBACtC,mBAAmB,CAAC,IAAI,CAAC,YAAY,CAAC;gBACtC,mBAAmB,CAAC,GAAG,CAAC,YAAY,CAAC;gBACrC,mBAAmB,CAAC,MAAM,CAAC,YAAY,CAAC;aACzC;SACF;QAED,MAAM,EAAE;YACN,EAAE,EAAE,GAAG,YAAY,SAAS;YAC5B,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,YAAY,YAAY,EAAE;YACvC,YAAY;YACZ,WAAW,EAAE;gBACX,mBAAmB,CAAC,IAAI,CAAC,YAAY,CAAC;gBACtC,mBAAmB,CAAC,IAAI,CAAC,YAAY,CAAC;gBACtC,mBAAmB,CAAC,GAAG,CAAC,YAAY,CAAC;aACtC;SACF;QAED,MAAM,EAAE;YACN,EAAE,EAAE,GAAG,YAAY,SAAS;YAC5B,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,uBAAuB,YAAY,EAAE;YAClD,YAAY;YACZ,WAAW,EAAE;gBACX,mBAAmB,CAAC,IAAI,CAAC,YAAY,CAAC;aACvC;SACF;QAED,KAAK,EAAE;YACL,EAAE,EAAE,GAAG,YAAY,QAAQ;YAC3B,IAAI,EAAE,OAAO;YACb,WAAW,EAAE,qBAAqB,YAAY,EAAE;YAChD,YAAY;YACZ,WAAW,EAAE;gBACX;oBACE,IAAI,EAAE,MAAM;oBACZ,WAAW,EAAE,iBAAiB;oBAC9B,YAAY;oBACZ,OAAO,EAAE,CAAC,KAAK,CAAC;oBAChB,WAAW,EAAE,KAAK;iBACnB;aACF;SACF;KACF,CAAA;AACH,CAAC;AA+BD;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,IAAU,EACV,MAAuC;IAEvC,OAAO;QACL,GAAG,IAAI;QACP,aAAa,EAAE,MAAM;KACtB,CAAA;AACH,CAAC;AAqCD,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjC,IAAI,CAAC,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,sBAAsB,CAAC,CAAA;IACvE,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAA;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,OAAgB;IAC5C,OAAO,GAAG,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,EAAE,EAAE,CAAA;AACxC,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjC,IAAI,CAAC,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,sBAAsB,CAAC,CAAA;IACxE,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAA;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,QAAqB;IAClD,OAAO,GAAG,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAA;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,CAAU,EAAE,CAAU;IACnD,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAA;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,CAAc,EAAE,CAAc;IAC5D,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAA;AAC3C,CAAC;AAED,gFAAgF;AAChF,2DAA2D;AAC3D,gFAAgF;AAEhF;;;;;GAKG;AACH,MAAM,OAAO,2BAA2B;IAC9B,SAAS,GAAG,IAAI,GAAG,EAAoB,CAAA;IACvC,WAAW,GAAG,IAAI,GAAG,EAAsB,CAAA;IAC3C,KAAK,GAAG,IAAI,GAAG,EAAgB,CAAA;IAC/B,SAAS,CAAmB;IAEpC,YAAY,MAA0D;QACpE,IAAI,CAAC,SAAS,GAAG,MAAM,EAAE,SAAS,IAAI,mBAAmB,CAAC,IAAI,CAAA;QAC9D,IAAI,MAAM,EAAE,KAAK,EAAE,CAAC;YAClB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBAChC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,KAAK,CAAC,cAAc,CAAC,QAAkB;QACrC,MAAM,GAAG,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAA;QACpC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QACjC,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAgB;QAChC,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAA;IACxD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAgB;QACnC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAA;IAC5C,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,SAAuB;QACvD,MAAM,OAAO,GAAe,EAAE,CAAA;QAC9B,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;YAC/C,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAQ;YACpC,IAAI,SAAS,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;gBAAE,SAAQ;YAC7F,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACxB,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,wBAAwB;IACxB,KAAK,CAAC,MAAM,CAAC,KAAsB;QACjC,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ;YAC/C,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC;YAC7B,CAAC,CAAC,KAAK,CAAC,OAAO,CAAA;QACjB,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ;YACjD,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC;YAC/B,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAA;QAElB,MAAM,UAAU,GAAe;YAC7B,EAAE,EAAE,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,IAAI,cAAc,CAAC,QAAQ,CAAC,EAAE;YACzE,OAAO;YACP,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;SACzB,CAAA;QAED,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,EAAE,UAAU,CAAC,CAAA;QAC/C,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,YAAoB;QACjC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;IACvC,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAU;QAC5B,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,IAAI,CAAA;IACzC,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAIrB;QACC,MAAM,OAAO,GAAiB,EAAE,CAAA;QAChC,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YACnD,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC;gBAAE,SAAQ;YACnF,IAAI,MAAM,CAAC,IAAI,IAAI,UAAU,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI;gBAAE,SAAQ;YAC5D,IAAI,MAAM,CAAC,QAAQ,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC;gBAAE,SAAQ;YACvF,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QAC1B,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,uBAAuB;IACvB,KAAK,CAAC,KAAK,CAAC,OAA0B;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACxB,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ;YACjD,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC;YAC/B,CAAC,CAAC,OAAO,CAAC,OAAO,CAAA;QACnB,MAAM,QAAQ,GAAG,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ;YACnD,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC;YACjC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAA;QAEpB,2BAA2B;QAC3B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;QAE3D,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,sDAAsD;YACtD,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACxD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;gBAC5C,IAAI,IAAI,IAAI,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvE,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,MAAM,EAAE,oBAAoB,IAAI,CAAC,IAAI,QAAQ,cAAc,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;wBAClF,UAAU;wBACV,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;qBAC9B,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,8BAA8B;YACtC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC9B,CAAA;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAA+B;QAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACxB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QACzE,OAAO;YACL,OAAO;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC9B,CAAA;IACH,CAAC;IAED,YAAY;IACZ,KAAK,CAAC,sBAAsB,CAAC,QAAqB,EAAE,MAAe;QACjE,MAAM,QAAQ,GAAc,EAAE,CAAA;QAC9B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;QAE9B,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YACnD,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC;gBAAE,SAAQ;YAElE,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;YAC5C,IAAI,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC;gBAAE,SAAQ;YAEnF,MAAM,GAAG,GAAG,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;YAC7C,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACb,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;YACnC,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,OAAgB,EAChB,YAAoB,EACpB,MAAe;QAEf,MAAM,SAAS,GAAe,EAAE,CAAA;QAChC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;QAE3D,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;YAC5C,IAAI,CAAC,IAAI;gBAAE,SAAQ;YACnB,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC;gBAAE,SAAQ;YAE1E,mDAAmD;YACnD,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC/C,IAAI,QAAQ,CAAC,IAAI,KAAK,YAAY;oBAAE,SAAQ;gBAC5C,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACxD,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;gBAC1B,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,UAAU;IACF,eAAe,CAAC,MAAmB,EAAE,KAAkB;QAC7D,gBAAgB;QAChB,IAAI,eAAe,CAAC,MAAM,EAAE,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAE/C,uCAAuC;QACvC,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAA;QACjE,IAAI,CAAC,cAAc,EAAE,MAAM;YAAE,OAAO,KAAK,CAAA;QAEzC,OAAO,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAC3D,CAAC;IAEO,gBAAgB,CAAC,IAAU,EAAE,MAAc,EAAE,YAAoB;QACvE,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC1C,6CAA6C;YAC7C,IAAI,UAAU,CAAC,YAAY,KAAK,YAAY,IAAI,CAAC,UAAU,CAAC,WAAW;gBAAE,SAAQ;YAEjF,qBAAqB;YACrB,IAAI,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5E,OAAO,IAAI,CAAA;YACb,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,MAAM,eAAe,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC5C,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;gBACrD,IAAI,aAAa,IAAI,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,CAAC;oBAChF,OAAO,IAAI,CAAA;gBACb,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IAED,kBAAkB;IAClB,YAAY,CAAC,IAAU;QACrB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IAC/B,CAAC;IAED,OAAO,CAAC,EAAU;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAC3B,CAAC;CACF;AA4CD;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,YAA0B,EAC1B,SAAmB;IAEnB,OAAO;QACL,GAAG,YAAY;QACf,kBAAkB,EAAE;YAClB,GAAG,CAAC,YAAY,CAAC,kBAAkB,IAAI,EAAE,CAAC;YAC1C,GAAG,SAAS;SACb;KACF,CAAA;AACH,CAAC;AAED,gFAAgF;AAChF,6DAA6D;AAC7D,gFAAgF;AAEhF;;GAEG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAS;IAC5B,QAAQ,EAAE,MAAM;IAChB,MAAM,EAAE,OAAO;IACf,WAAW,EAAE,wCAAwC;IAErD,UAAU,EAAE;QACV,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wBAAwB,EAAE;QAC7D,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE;QACrD,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE;QAChF,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sCAAsC,EAAE;QACrF,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,kDAAkD,EAAE;KAC3G;IAED,aAAa,EAAE;QACb,WAAW,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE,kCAAkC,EAAE;QACtF,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6BAA6B,EAAE;QACxE,WAAW,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,6BAA6B,EAAE;KACnG;IAED,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC;IAC7D,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC;CACpE,CAAA;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAS;IAClC,QAAQ,EAAE,YAAY;IACtB,MAAM,EAAE,aAAa;IACrB,WAAW,EAAE,uDAAuD;IAEpE,UAAU,EAAE;QACV,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,8BAA8B,EAAE;QACnE,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;QAC1F,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,oBAAoB,EAAE;QAChE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;QAC1D,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;QAC9D,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;QAClE,SAAS,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,sBAAsB,EAAE;KACrF;IAED,aAAa,EAAE;QACb,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjF;IAED,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;IACjD,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,CAAC;CACjE,CAAA;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAS;IAClC,QAAQ,EAAE,YAAY;IACtB,MAAM,EAAE,aAAa;IACrB,WAAW,EAAE,kDAAkD;IAE/D,UAAU,EAAE;QACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;QACxD,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,wBAAwB,EAAE;QACtF,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,+BAA+B,EAAE;QAC9E,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,iBAAiB,EAAE;QACxE,WAAW,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,sCAAsC,EAAE;KACtG;IAED,aAAa,EAAE;QACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,oCAAoC,EAAE;KACrG;IAED,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;IACvC,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;CAC1C,CAAA;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE,cAAc;IAC1B,UAAU,EAAE,cAAc;CAC3B,CAAA"}