npm - gazetta - Versions diffs - 0.6.0 → 0.8.0 - Mend

gazetta 0.6.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (983) hide show

package/admin-dist/assets/index-CBeq0rRb.js +693 -0
package/admin-dist/assets/index-Dtg1dTZQ.css +1 -0
package/admin-dist/assets/rolldown-runtime-BYbx6iT9.js +1 -0
package/admin-dist/assets/{vendor-primevue-C0Q_YTCb.js → vendor-primevue-CBGHkaXv.js} +183 -39
package/admin-dist/assets/{vendor-react-BipDVGow.js → vendor-react-BdW_kNCG.js} +2 -2
package/admin-dist/assets/vendor-rjsf-lN2SztQt.js +33 -0
package/admin-dist/assets/vendor-tiptap-C36yDquB.js +141 -0
package/admin-dist/assets/vendor-vue-Bt5uR1VW.js +1 -0
package/admin-dist/assets/workbox-window.prod.es5-DGMtIXHc.js +2 -0
package/admin-dist/index.html +8 -8
package/admin-dist/sw.js +1 -0
package/dist/admin-api/archived-name-conflict.d.ts +31 -0
package/dist/admin-api/archived-name-conflict.d.ts.map +1 -0
package/dist/admin-api/archived-name-conflict.js +226 -0
package/dist/admin-api/archived-name-conflict.js.map +1 -0
package/dist/admin-api/cache-stats-logger.d.ts +83 -0
package/dist/admin-api/cache-stats-logger.d.ts.map +1 -0
package/dist/admin-api/cache-stats-logger.js +59 -0
package/dist/admin-api/cache-stats-logger.js.map +1 -0
package/dist/admin-api/error-response.d.ts +21 -0
package/dist/admin-api/error-response.d.ts.map +1 -0
package/dist/admin-api/error-response.js +12 -0
package/dist/admin-api/error-response.js.map +1 -0
package/dist/admin-api/hook-audit-emitter.d.ts +38 -0
package/dist/admin-api/hook-audit-emitter.d.ts.map +1 -0
package/dist/admin-api/hook-audit-emitter.js +21 -0
package/dist/admin-api/hook-audit-emitter.js.map +1 -0
package/dist/admin-api/index.d.ts +84 -2
package/dist/admin-api/index.d.ts.map +1 -1
package/dist/admin-api/index.js +257 -32
package/dist/admin-api/index.js.map +1 -1
package/dist/admin-api/middleware/audit.d.ts +25 -0
package/dist/admin-api/middleware/audit.d.ts.map +1 -0
package/dist/admin-api/middleware/audit.js +65 -0
package/dist/admin-api/middleware/audit.js.map +1 -0
package/dist/admin-api/middleware/capability.d.ts +8 -0
package/dist/admin-api/middleware/capability.d.ts.map +1 -0
package/dist/admin-api/middleware/capability.js +65 -0
package/dist/admin-api/middleware/capability.js.map +1 -0
package/dist/admin-api/middleware/principal.d.ts +18 -0
package/dist/admin-api/middleware/principal.d.ts.map +1 -0
package/dist/admin-api/middleware/principal.js +128 -0
package/dist/admin-api/middleware/principal.js.map +1 -0
package/dist/admin-api/routes/archive-review.d.ts +80 -0
package/dist/admin-api/routes/archive-review.d.ts.map +1 -0
package/dist/admin-api/routes/archive-review.js +70 -0
package/dist/admin-api/routes/archive-review.js.map +1 -0
package/dist/admin-api/routes/archive.d.ts +145 -0
package/dist/admin-api/routes/archive.d.ts.map +1 -0
package/dist/admin-api/routes/archive.js +540 -0
package/dist/admin-api/routes/archive.js.map +1 -0
package/dist/admin-api/routes/assets.d.ts +21 -0
package/dist/admin-api/routes/assets.d.ts.map +1 -0
package/dist/admin-api/routes/assets.js +586 -0
package/dist/admin-api/routes/assets.js.map +1 -0
package/dist/admin-api/routes/audit.d.ts +71 -0
package/dist/admin-api/routes/audit.d.ts.map +1 -0
package/dist/admin-api/routes/audit.js +178 -0
package/dist/admin-api/routes/audit.js.map +1 -0
package/dist/admin-api/routes/compare.d.ts.map +1 -1
package/dist/admin-api/routes/compare.js +3 -2
package/dist/admin-api/routes/compare.js.map +1 -1
package/dist/admin-api/routes/fields.d.ts.map +1 -1
package/dist/admin-api/routes/fields.js +2 -1
package/dist/admin-api/routes/fields.js.map +1 -1
package/dist/admin-api/routes/fragments.d.ts +13 -1
package/dist/admin-api/routes/fragments.d.ts.map +1 -1
package/dist/admin-api/routes/fragments.js +128 -67
package/dist/admin-api/routes/fragments.js.map +1 -1
package/dist/admin-api/routes/health.d.ts +60 -0
package/dist/admin-api/routes/health.d.ts.map +1 -0
package/dist/admin-api/routes/health.js +65 -0
package/dist/admin-api/routes/health.js.map +1 -0
package/dist/admin-api/routes/history.d.ts +2 -1
package/dist/admin-api/routes/history.d.ts.map +1 -1
package/dist/admin-api/routes/history.js +26 -4
package/dist/admin-api/routes/history.js.map +1 -1
package/dist/admin-api/routes/pages.d.ts +20 -1
package/dist/admin-api/routes/pages.d.ts.map +1 -1
package/dist/admin-api/routes/pages.js +158 -85
package/dist/admin-api/routes/pages.js.map +1 -1
package/dist/admin-api/routes/preview.d.ts.map +1 -1
package/dist/admin-api/routes/preview.js +56 -17
package/dist/admin-api/routes/preview.js.map +1 -1
package/dist/admin-api/routes/publish.d.ts +19 -1
package/dist/admin-api/routes/publish.d.ts.map +1 -1
package/dist/admin-api/routes/publish.js +548 -99
package/dist/admin-api/routes/publish.js.map +1 -1
package/dist/admin-api/routes/rename.d.ts +62 -0
package/dist/admin-api/routes/rename.d.ts.map +1 -0
package/dist/admin-api/routes/rename.js +366 -0
package/dist/admin-api/routes/rename.js.map +1 -0
package/dist/admin-api/routes/site.d.ts.map +1 -1
package/dist/admin-api/routes/site.js +6 -18
package/dist/admin-api/routes/site.js.map +1 -1
package/dist/admin-api/routes/system.d.ts +23 -0
package/dist/admin-api/routes/system.d.ts.map +1 -0
package/dist/admin-api/routes/system.js +115 -0
package/dist/admin-api/routes/system.js.map +1 -0
package/dist/admin-api/routes/templates.d.ts +11 -1
package/dist/admin-api/routes/templates.d.ts.map +1 -1
package/dist/admin-api/routes/templates.js +36 -3
package/dist/admin-api/routes/templates.js.map +1 -1
package/dist/admin-api/routes/validation.d.ts +47 -0
package/dist/admin-api/routes/validation.d.ts.map +1 -0
package/dist/admin-api/routes/validation.js +120 -0
package/dist/admin-api/routes/validation.js.map +1 -0
package/dist/admin-api/schemas/archive.d.ts +124 -0
package/dist/admin-api/schemas/archive.d.ts.map +1 -0
package/dist/admin-api/schemas/archive.js +93 -0
package/dist/admin-api/schemas/archive.js.map +1 -0
package/dist/admin-api/schemas/assets.d.ts +64 -0
package/dist/admin-api/schemas/assets.d.ts.map +1 -0
package/dist/admin-api/schemas/assets.js +59 -0
package/dist/admin-api/schemas/assets.js.map +1 -0
package/dist/admin-api/schemas/audit.d.ts +175 -0
package/dist/admin-api/schemas/audit.d.ts.map +1 -0
package/dist/admin-api/schemas/audit.js +91 -0
package/dist/admin-api/schemas/audit.js.map +1 -0
package/dist/admin-api/schemas/error.d.ts +94 -0
package/dist/admin-api/schemas/error.d.ts.map +1 -0
package/dist/admin-api/schemas/error.js +79 -0
package/dist/admin-api/schemas/error.js.map +1 -0
package/dist/admin-api/schemas/fragments.d.ts +2 -0
package/dist/admin-api/schemas/fragments.d.ts.map +1 -1
package/dist/admin-api/schemas/fragments.js +4 -0
package/dist/admin-api/schemas/fragments.js.map +1 -1
package/dist/admin-api/schemas/index.d.ts +10 -0
package/dist/admin-api/schemas/index.d.ts.map +1 -1
package/dist/admin-api/schemas/index.js +10 -0
package/dist/admin-api/schemas/index.js.map +1 -1
package/dist/admin-api/schemas/pages.d.ts +2 -0
package/dist/admin-api/schemas/pages.d.ts.map +1 -1
package/dist/admin-api/schemas/pages.js +11 -0
package/dist/admin-api/schemas/pages.js.map +1 -1
package/dist/admin-api/schemas/rename.d.ts +77 -0
package/dist/admin-api/schemas/rename.d.ts.map +1 -0
package/dist/admin-api/schemas/rename.js +75 -0
package/dist/admin-api/schemas/rename.js.map +1 -0
package/dist/admin-api/schemas/site.d.ts +3 -2
package/dist/admin-api/schemas/site.d.ts.map +1 -1
package/dist/admin-api/schemas/site.js +3 -2
package/dist/admin-api/schemas/site.js.map +1 -1
package/dist/admin-api/schemas/system.d.ts +28 -0
package/dist/admin-api/schemas/system.d.ts.map +1 -0
package/dist/admin-api/schemas/system.js +35 -0
package/dist/admin-api/schemas/system.js.map +1 -0
package/dist/admin-api/schemas/targets.d.ts +55 -0
package/dist/admin-api/schemas/targets.d.ts.map +1 -1
package/dist/admin-api/schemas/targets.js +46 -0
package/dist/admin-api/schemas/targets.js.map +1 -1
package/dist/admin-api/schemas/templates.d.ts +54 -0
package/dist/admin-api/schemas/templates.d.ts.map +1 -1
package/dist/admin-api/schemas/templates.js +21 -0
package/dist/admin-api/schemas/templates.js.map +1 -1
package/dist/admin-api/schemas/validation.d.ts +101 -0
package/dist/admin-api/schemas/validation.d.ts.map +1 -0
package/dist/admin-api/schemas/validation.js +57 -0
package/dist/admin-api/schemas/validation.js.map +1 -0
package/dist/admin-api/source-context.d.ts +66 -17
package/dist/admin-api/source-context.d.ts.map +1 -1
package/dist/admin-api/source-context.js +43 -8
package/dist/admin-api/source-context.js.map +1 -1
package/dist/ai/adapter-scaffold.d.ts +63 -0
package/dist/ai/adapter-scaffold.d.ts.map +1 -0
package/dist/ai/adapter-scaffold.js +89 -0
package/dist/ai/adapter-scaffold.js.map +1 -0
package/dist/ai/compose-prompt.d.ts +50 -0
package/dist/ai/compose-prompt.d.ts.map +1 -0
package/dist/ai/compose-prompt.js +49 -0
package/dist/ai/compose-prompt.js.map +1 -0
package/dist/ai/errors.d.ts +65 -0
package/dist/ai/errors.d.ts.map +1 -0
package/dist/ai/errors.js +59 -0
package/dist/ai/errors.js.map +1 -0
package/dist/ai/index.d.ts +17 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +16 -0
package/dist/ai/index.js.map +1 -0
package/dist/ai/provider.d.ts +76 -0
package/dist/ai/provider.d.ts.map +1 -0
package/dist/ai/provider.js +13 -0
package/dist/ai/provider.js.map +1 -0
package/dist/ai/refusal.d.ts +50 -0
package/dist/ai/refusal.d.ts.map +1 -0
package/dist/ai/refusal.js +100 -0
package/dist/ai/refusal.js.map +1 -0
package/dist/ai/vision-prep.d.ts +32 -0
package/dist/ai/vision-prep.d.ts.map +1 -0
package/dist/ai/vision-prep.js +113 -0
package/dist/ai/vision-prep.js.map +1 -0
package/dist/alt/adapter.d.ts +140 -0
package/dist/alt/adapter.d.ts.map +1 -0
package/dist/alt/adapter.js +7 -0
package/dist/alt/adapter.js.map +1 -0
package/dist/alt/anthropic.d.ts +63 -0
package/dist/alt/anthropic.d.ts.map +1 -0
package/dist/alt/anthropic.js +147 -0
package/dist/alt/anthropic.js.map +1 -0
package/dist/alt/config.d.ts +67 -0
package/dist/alt/config.d.ts.map +1 -0
package/dist/alt/config.js +41 -0
package/dist/alt/config.js.map +1 -0
package/dist/alt/factory.d.ts +19 -0
package/dist/alt/factory.d.ts.map +1 -0
package/dist/alt/factory.js +69 -0
package/dist/alt/factory.js.map +1 -0
package/dist/alt/null-adapter.d.ts +3 -0
package/dist/alt/null-adapter.d.ts.map +1 -0
package/dist/alt/null-adapter.js +43 -0
package/dist/alt/null-adapter.js.map +1 -0
package/dist/alt/ollama.d.ts +40 -0
package/dist/alt/ollama.d.ts.map +1 -0
package/dist/alt/ollama.js +139 -0
package/dist/alt/ollama.js.map +1 -0
package/dist/alt/openai.d.ts +46 -0
package/dist/alt/openai.d.ts.map +1 -0
package/dist/alt/openai.js +118 -0
package/dist/alt/openai.js.map +1 -0
package/dist/alt/prompt-policies.d.ts +79 -0
package/dist/alt/prompt-policies.d.ts.map +1 -0
package/dist/alt/prompt-policies.js +67 -0
package/dist/alt/prompt-policies.js.map +1 -0
package/dist/alt/route-handler.d.ts +56 -0
package/dist/alt/route-handler.d.ts.map +1 -0
package/dist/alt/route-handler.js +122 -0
package/dist/alt/route-handler.js.map +1 -0
package/dist/alt/suggester.d.ts +57 -0
package/dist/alt/suggester.d.ts.map +1 -0
package/dist/alt/suggester.js +133 -0
package/dist/alt/suggester.js.map +1 -0
package/dist/app.js +1 -1
package/dist/app.js.map +1 -1
package/dist/archive-aliases.d.ts +79 -0
package/dist/archive-aliases.d.ts.map +1 -0
package/dist/archive-aliases.js +60 -0
package/dist/archive-aliases.js.map +1 -0
package/dist/archive-helpers.d.ts +73 -0
package/dist/archive-helpers.d.ts.map +1 -0
package/dist/archive-helpers.js +94 -0
package/dist/archive-helpers.js.map +1 -0
package/dist/assets/analyze-audio.d.ts +3 -0
package/dist/assets/analyze-audio.d.ts.map +1 -0
package/dist/assets/analyze-audio.js +80 -0
package/dist/assets/analyze-audio.js.map +1 -0
package/dist/assets/analyze-image.d.ts +19 -0
package/dist/assets/analyze-image.d.ts.map +1 -0
package/dist/assets/analyze-image.js +123 -0
package/dist/assets/analyze-image.js.map +1 -0
package/dist/assets/analyze.d.ts +94 -0
package/dist/assets/analyze.d.ts.map +1 -0
package/dist/assets/analyze.js +45 -0
package/dist/assets/analyze.js.map +1 -0
package/dist/assets/asset-deps.d.ts +30 -0
package/dist/assets/asset-deps.d.ts.map +1 -0
package/dist/assets/asset-deps.js +42 -0
package/dist/assets/asset-deps.js.map +1 -0
package/dist/assets/asset-paths.d.ts +155 -0
package/dist/assets/asset-paths.d.ts.map +1 -0
package/dist/assets/asset-paths.js +197 -0
package/dist/assets/asset-paths.js.map +1 -0
package/dist/assets/delete.d.ts +75 -0
package/dist/assets/delete.d.ts.map +1 -0
package/dist/assets/delete.js +82 -0
package/dist/assets/delete.js.map +1 -0
package/dist/assets/errors.d.ts +241 -0
package/dist/assets/errors.d.ts.map +1 -0
package/dist/assets/errors.js +300 -0
package/dist/assets/errors.js.map +1 -0
package/dist/assets/find-refs.d.ts +37 -0
package/dist/assets/find-refs.d.ts.map +1 -0
package/dist/assets/find-refs.js +35 -0
package/dist/assets/find-refs.js.map +1 -0
package/dist/assets/hash.d.ts +13 -0
package/dist/assets/hash.d.ts.map +1 -0
package/dist/assets/hash.js +43 -0
package/dist/assets/hash.js.map +1 -0
package/dist/assets/image-metadata.d.ts +11 -0
package/dist/assets/image-metadata.d.ts.map +1 -0
package/dist/assets/image-metadata.js +31 -0
package/dist/assets/image-metadata.js.map +1 -0
package/dist/assets/ingest-locale.d.ts +86 -0
package/dist/assets/ingest-locale.d.ts.map +1 -0
package/dist/assets/ingest-locale.js +209 -0
package/dist/assets/ingest-locale.js.map +1 -0
package/dist/assets/ingest.d.ts +96 -0
package/dist/assets/ingest.d.ts.map +1 -0
package/dist/assets/ingest.js +308 -0
package/dist/assets/ingest.js.map +1 -0
package/dist/assets/kind-compat.d.ts +34 -0
package/dist/assets/kind-compat.d.ts.map +1 -0
package/dist/assets/kind-compat.js +33 -0
package/dist/assets/kind-compat.js.map +1 -0
package/dist/assets/list.d.ts +46 -0
package/dist/assets/list.d.ts.map +1 -0
package/dist/assets/list.js +102 -0
package/dist/assets/list.js.map +1 -0
package/dist/assets/manifest-default.d.ts +56 -0
package/dist/assets/manifest-default.d.ts.map +1 -0
package/dist/assets/manifest-default.js +120 -0
package/dist/assets/manifest-default.js.map +1 -0
package/dist/assets/manifest-filename.d.ts +52 -0
package/dist/assets/manifest-filename.d.ts.map +1 -0
package/dist/assets/manifest-filename.js +104 -0
package/dist/assets/manifest-filename.js.map +1 -0
package/dist/assets/manifest-locale.d.ts +60 -0
package/dist/assets/manifest-locale.d.ts.map +1 -0
package/dist/assets/manifest-locale.js +206 -0
package/dist/assets/manifest-locale.js.map +1 -0
package/dist/assets/manifest-merge.d.ts +66 -0
package/dist/assets/manifest-merge.d.ts.map +1 -0
package/dist/assets/manifest-merge.js +82 -0
package/dist/assets/manifest-merge.js.map +1 -0
package/dist/assets/manifest.d.ts +83 -0
package/dist/assets/manifest.d.ts.map +1 -0
package/dist/assets/manifest.js +93 -0
package/dist/assets/manifest.js.map +1 -0
package/dist/assets/mime-sniff.d.ts +18 -0
package/dist/assets/mime-sniff.d.ts.map +1 -0
package/dist/assets/mime-sniff.js +84 -0
package/dist/assets/mime-sniff.js.map +1 -0
package/dist/assets/preprocess-svg.d.ts +3 -0
package/dist/assets/preprocess-svg.d.ts.map +1 -0
package/dist/assets/preprocess-svg.js +49 -0
package/dist/assets/preprocess-svg.js.map +1 -0
package/dist/assets/preprocess.d.ts +62 -0
package/dist/assets/preprocess.d.ts.map +1 -0
package/dist/assets/preprocess.js +86 -0
package/dist/assets/preprocess.js.map +1 -0
package/dist/assets/publish-plan.d.ts +41 -0
package/dist/assets/publish-plan.d.ts.map +1 -0
package/dist/assets/publish-plan.js +49 -0
package/dist/assets/publish-plan.js.map +1 -0
package/dist/assets/publish.d.ts +33 -0
package/dist/assets/publish.d.ts.map +1 -0
package/dist/assets/publish.js +81 -0
package/dist/assets/publish.js.map +1 -0
package/dist/assets/refs.d.ts +37 -0
package/dist/assets/refs.d.ts.map +1 -0
package/dist/assets/refs.js +33 -0
package/dist/assets/refs.js.map +1 -0
package/dist/assets/remove-override.d.ts +42 -0
package/dist/assets/remove-override.d.ts.map +1 -0
package/dist/assets/remove-override.js +53 -0
package/dist/assets/remove-override.js.map +1 -0
package/dist/assets/rename.d.ts +43 -0
package/dist/assets/rename.d.ts.map +1 -0
package/dist/assets/rename.js +271 -0
package/dist/assets/rename.js.map +1 -0
package/dist/assets/replace.d.ts +37 -0
package/dist/assets/replace.d.ts.map +1 -0
package/dist/assets/replace.js +195 -0
package/dist/assets/replace.js.map +1 -0
package/dist/assets/resolve.d.ts +141 -0
package/dist/assets/resolve.d.ts.map +1 -0
package/dist/assets/resolve.js +381 -0
package/dist/assets/resolve.js.map +1 -0
package/dist/assets/rewrite-manifest-asset-ref.d.ts +44 -0
package/dist/assets/rewrite-manifest-asset-ref.d.ts.map +1 -0
package/dist/assets/rewrite-manifest-asset-ref.js +51 -0
package/dist/assets/rewrite-manifest-asset-ref.js.map +1 -0
package/dist/assets/scan-manifest-for-asset.d.ts +63 -0
package/dist/assets/scan-manifest-for-asset.d.ts.map +1 -0
package/dist/assets/scan-manifest-for-asset.js +105 -0
package/dist/assets/scan-manifest-for-asset.js.map +1 -0
package/dist/assets/serve-route.d.ts +45 -0
package/dist/assets/serve-route.d.ts.map +1 -0
package/dist/assets/serve-route.js +123 -0
package/dist/assets/serve-route.js.map +1 -0
package/dist/assets/svg-sanitize.d.ts +38 -0
package/dist/assets/svg-sanitize.d.ts.map +1 -0
package/dist/assets/svg-sanitize.js +209 -0
package/dist/assets/svg-sanitize.js.map +1 -0
package/dist/assets/update-metadata.d.ts +61 -0
package/dist/assets/update-metadata.d.ts.map +1 -0
package/dist/assets/update-metadata.js +82 -0
package/dist/assets/update-metadata.js.map +1 -0
package/dist/assets/url.d.ts +82 -0
package/dist/assets/url.d.ts.map +1 -0
package/dist/assets/url.js +103 -0
package/dist/assets/url.js.map +1 -0
package/dist/assets/validate.d.ts +74 -0
package/dist/assets/validate.d.ts.map +1 -0
package/dist/assets/validate.js +136 -0
package/dist/assets/validate.js.map +1 -0
package/dist/assets/variants.d.ts +23 -0
package/dist/assets/variants.d.ts.map +1 -0
package/dist/assets/variants.js +74 -0
package/dist/assets/variants.js.map +1 -0
package/dist/audit/config.d.ts +75 -0
package/dist/audit/config.d.ts.map +1 -0
package/dist/audit/config.js +91 -0
package/dist/audit/config.js.map +1 -0
package/dist/audit/context.d.ts +98 -0
package/dist/audit/context.d.ts.map +1 -0
package/dist/audit/context.js +51 -0
package/dist/audit/context.js.map +1 -0
package/dist/audit/errors.d.ts +73 -0
package/dist/audit/errors.d.ts.map +1 -0
package/dist/audit/errors.js +78 -0
package/dist/audit/errors.js.map +1 -0
package/dist/audit/index.d.ts +16 -0
package/dist/audit/index.d.ts.map +1 -0
package/dist/audit/index.js +10 -0
package/dist/audit/index.js.map +1 -0
package/dist/audit/provider.d.ts +73 -0
package/dist/audit/provider.d.ts.map +1 -0
package/dist/audit/provider.js +2 -0
package/dist/audit/provider.js.map +1 -0
package/dist/audit/providers/history.d.ts +66 -0
package/dist/audit/providers/history.d.ts.map +1 -0
package/dist/audit/providers/history.js +102 -0
package/dist/audit/providers/history.js.map +1 -0
package/dist/audit/pseudonymize.d.ts +26 -0
package/dist/audit/pseudonymize.d.ts.map +1 -0
package/dist/audit/pseudonymize.js +86 -0
package/dist/audit/pseudonymize.js.map +1 -0
package/dist/audit/recorder.d.ts +102 -0
package/dist/audit/recorder.d.ts.map +1 -0
package/dist/audit/recorder.js +55 -0
package/dist/audit/recorder.js.map +1 -0
package/dist/audit/retention.d.ts +83 -0
package/dist/audit/retention.d.ts.map +1 -0
package/dist/audit/retention.js +142 -0
package/dist/audit/retention.js.map +1 -0
package/dist/audit/source-ip.d.ts +32 -0
package/dist/audit/source-ip.d.ts.map +1 -0
package/dist/audit/source-ip.js +164 -0
package/dist/audit/source-ip.js.map +1 -0
package/dist/audit/types.d.ts +143 -0
package/dist/audit/types.d.ts.map +1 -0
package/dist/audit/types.js +33 -0
package/dist/audit/types.js.map +1 -0
package/dist/audit/user-agent.d.ts +28 -0
package/dist/audit/user-agent.d.ts.map +1 -0
package/dist/audit/user-agent.js +63 -0
package/dist/audit/user-agent.js.map +1 -0
package/dist/auth/capabilities.d.ts +28 -0
package/dist/auth/capabilities.d.ts.map +1 -0
package/dist/auth/capabilities.js +101 -0
package/dist/auth/capabilities.js.map +1 -0
package/dist/auth/config.d.ts +109 -0
package/dist/auth/config.d.ts.map +1 -0
package/dist/auth/config.js +221 -0
package/dist/auth/config.js.map +1 -0
package/dist/auth/errors.d.ts +72 -0
package/dist/auth/errors.d.ts.map +1 -0
package/dist/auth/errors.js +78 -0
package/dist/auth/errors.js.map +1 -0
package/dist/auth/factory.d.ts +43 -0
package/dist/auth/factory.d.ts.map +1 -0
package/dist/auth/factory.js +48 -0
package/dist/auth/factory.js.map +1 -0
package/dist/auth/index.d.ts +21 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +14 -0
package/dist/auth/index.js.map +1 -0
package/dist/auth/ip-match.d.ts +29 -0
package/dist/auth/ip-match.d.ts.map +1 -0
package/dist/auth/ip-match.js +162 -0
package/dist/auth/ip-match.js.map +1 -0
package/dist/auth/provider.d.ts +76 -0
package/dist/auth/provider.d.ts.map +1 -0
package/dist/auth/provider.js +2 -0
package/dist/auth/provider.js.map +1 -0
package/dist/auth/providers/aws-cognito.d.ts +55 -0
package/dist/auth/providers/aws-cognito.d.ts.map +1 -0
package/dist/auth/providers/aws-cognito.js +114 -0
package/dist/auth/providers/aws-cognito.js.map +1 -0
package/dist/auth/providers/azure-easy-auth.d.ts +7 -0
package/dist/auth/providers/azure-easy-auth.d.ts.map +1 -0
package/dist/auth/providers/azure-easy-auth.js +48 -0
package/dist/auth/providers/azure-easy-auth.js.map +1 -0
package/dist/auth/providers/cloudflare-access.d.ts +71 -0
package/dist/auth/providers/cloudflare-access.d.ts.map +1 -0
package/dist/auth/providers/cloudflare-access.js +120 -0
package/dist/auth/providers/cloudflare-access.js.map +1 -0
package/dist/auth/providers/forwarded-user.d.ts +31 -0
package/dist/auth/providers/forwarded-user.d.ts.map +1 -0
package/dist/auth/providers/forwarded-user.js +72 -0
package/dist/auth/providers/forwarded-user.js.map +1 -0
package/dist/auth/providers/none.d.ts +6 -0
package/dist/auth/providers/none.d.ts.map +1 -0
package/dist/auth/providers/none.js +19 -0
package/dist/auth/providers/none.js.map +1 -0
package/dist/auth/providers/tailscale.d.ts +7 -0
package/dist/auth/providers/tailscale.d.ts.map +1 -0
package/dist/auth/providers/tailscale.js +30 -0
package/dist/auth/providers/tailscale.js.map +1 -0
package/dist/auth/role-resolver.d.ts +38 -0
package/dist/auth/role-resolver.d.ts.map +1 -0
package/dist/auth/role-resolver.js +92 -0
package/dist/auth/role-resolver.js.map +1 -0
package/dist/auth/types.d.ts +150 -0
package/dist/auth/types.d.ts.map +1 -0
package/dist/auth/types.js +60 -0
package/dist/auth/types.js.map +1 -0
package/dist/cache/errors.d.ts +41 -0
package/dist/cache/errors.d.ts.map +1 -0
package/dist/cache/errors.js +44 -0
package/dist/cache/errors.js.map +1 -0
package/dist/cache/factories.d.ts +17 -0
package/dist/cache/factories.d.ts.map +1 -0
package/dist/cache/factories.js +17 -0
package/dist/cache/factories.js.map +1 -0
package/dist/cache/keys.d.ts +63 -0
package/dist/cache/keys.d.ts.map +1 -0
package/dist/cache/keys.js +145 -0
package/dist/cache/keys.js.map +1 -0
package/dist/cache/memory.d.ts +51 -0
package/dist/cache/memory.d.ts.map +1 -0
package/dist/cache/memory.js +204 -0
package/dist/cache/memory.js.map +1 -0
package/dist/cache/per-site.d.ts +22 -0
package/dist/cache/per-site.d.ts.map +1 -0
package/dist/cache/per-site.js +114 -0
package/dist/cache/per-site.js.map +1 -0
package/dist/cache/types.d.ts +142 -0
package/dist/cache/types.d.ts.map +1 -0
package/dist/cache/types.js +33 -0
package/dist/cache/types.js.map +1 -0
package/dist/cli/archive.d.ts +44 -0
package/dist/cli/archive.d.ts.map +1 -0
package/dist/cli/archive.js +310 -0
package/dist/cli/archive.js.map +1 -0
package/dist/cli/assets-cli.d.ts +58 -0
package/dist/cli/assets-cli.d.ts.map +1 -0
package/dist/cli/assets-cli.js +233 -0
package/dist/cli/assets-cli.js.map +1 -0
package/dist/cli/assets-display.d.ts +112 -0
package/dist/cli/assets-display.d.ts.map +1 -0
package/dist/cli/assets-display.js +106 -0
package/dist/cli/assets-display.js.map +1 -0
package/dist/cli/bootstrap.d.ts +15 -10
package/dist/cli/bootstrap.d.ts.map +1 -1
package/dist/cli/bootstrap.js +59 -24
package/dist/cli/bootstrap.js.map +1 -1
package/dist/cli/dev-template-watcher.d.ts +29 -0
package/dist/cli/dev-template-watcher.d.ts.map +1 -0
package/dist/cli/dev-template-watcher.js +38 -0
package/dist/cli/dev-template-watcher.js.map +1 -0
package/dist/cli/history.d.ts.map +1 -1
package/dist/cli/history.js +5 -3
package/dist/cli/history.js.map +1 -1
package/dist/cli/index.js +737 -374
package/dist/cli/index.js.map +1 -1
package/dist/cli/validate-flags.d.ts +29 -0
package/dist/cli/validate-flags.d.ts.map +1 -0
package/dist/cli/validate-flags.js +49 -0
package/dist/cli/validate-flags.js.map +1 -0
package/dist/compare.d.ts +1 -1
package/dist/compare.d.ts.map +1 -1
package/dist/compare.js +40 -35
package/dist/compare.js.map +1 -1
package/dist/component-ids.d.ts +25 -0
package/dist/component-ids.d.ts.map +1 -0
package/dist/component-ids.js +83 -0
package/dist/component-ids.js.map +1 -0
package/dist/config/define.d.ts +61 -0
package/dist/config/define.d.ts.map +1 -0
package/dist/config/define.js +64 -0
package/dist/config/define.js.map +1 -0
package/dist/config/errors.d.ts +32 -0
package/dist/config/errors.d.ts.map +1 -0
package/dist/config/errors.js +40 -0
package/dist/config/errors.js.map +1 -0
package/dist/config/index.d.ts +13 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +20 -0
package/dist/config/index.js.map +1 -0
package/dist/config/loader.d.ts +105 -0
package/dist/config/loader.d.ts.map +1 -0
package/dist/config/loader.js +265 -0
package/dist/config/loader.js.map +1 -0
package/dist/config/schemas.d.ts +89 -0
package/dist/config/schemas.d.ts.map +1 -0
package/dist/config/schemas.js +172 -0
package/dist/config/schemas.js.map +1 -0
package/dist/config/types.d.ts +32 -0
package/dist/config/types.d.ts.map +1 -0
package/dist/config/types.js +15 -0
package/dist/config/types.js.map +1 -0
package/dist/dep-sidecars.d.ts +127 -0
package/dist/dep-sidecars.d.ts.map +1 -0
package/dist/dep-sidecars.js +122 -0
package/dist/dep-sidecars.js.map +1 -0
package/dist/deploy/cloudflare-workers.d.ts +46 -0
package/dist/deploy/cloudflare-workers.d.ts.map +1 -0
package/dist/deploy/cloudflare-workers.js +213 -0
package/dist/deploy/cloudflare-workers.js.map +1 -0
package/dist/deploy/errors.d.ts +66 -0
package/dist/deploy/errors.d.ts.map +1 -0
package/dist/deploy/errors.js +82 -0
package/dist/deploy/errors.js.map +1 -0
package/dist/deploy/index.d.ts +9 -0
package/dist/deploy/index.d.ts.map +1 -0
package/dist/deploy/index.js +3 -0
package/dist/deploy/index.js.map +1 -0
package/dist/deploy/types.d.ts +162 -0
package/dist/deploy/types.d.ts.map +1 -0
package/dist/deploy/types.js +2 -0
package/dist/deploy/types.js.map +1 -0
package/dist/editor/AssetEmbeddedWidget.d.ts +3 -0
package/dist/editor/AssetEmbeddedWidget.d.ts.map +1 -0
package/dist/editor/AssetEmbeddedWidget.js +146 -0
package/dist/editor/AssetEmbeddedWidget.js.map +1 -0
package/dist/editor/mount.d.ts +12 -1
package/dist/editor/mount.d.ts.map +1 -1
package/dist/editor/mount.js +36 -5
package/dist/editor/mount.js.map +1 -1
package/dist/format.d.ts +44 -0
package/dist/format.d.ts.map +1 -0
package/dist/format.js +65 -0
package/dist/format.js.map +1 -0
package/dist/fragment-deps.d.ts +24 -0
package/dist/fragment-deps.d.ts.map +1 -0
package/dist/fragment-deps.js +20 -0
package/dist/fragment-deps.js.map +1 -0
package/dist/fragments/create.d.ts +70 -0
package/dist/fragments/create.d.ts.map +1 -0
package/dist/fragments/create.js +93 -0
package/dist/fragments/create.js.map +1 -0
package/dist/fragments/publish.d.ts +37 -0
package/dist/fragments/publish.d.ts.map +1 -0
package/dist/fragments/publish.js +52 -0
package/dist/fragments/publish.js.map +1 -0
package/dist/fragments/save.d.ts +81 -0
package/dist/fragments/save.d.ts.map +1 -0
package/dist/fragments/save.js +105 -0
package/dist/fragments/save.js.map +1 -0
package/dist/hash.d.ts +0 -6
package/dist/hash.d.ts.map +1 -1
package/dist/hash.js +0 -18
package/dist/hash.js.map +1 -1
package/dist/history-provider.d.ts.map +1 -1
package/dist/history-provider.js +30 -8
package/dist/history-provider.js.map +1 -1
package/dist/history-recorder.d.ts +10 -6
package/dist/history-recorder.d.ts.map +1 -1
package/dist/history-recorder.js +13 -5
package/dist/history-recorder.js.map +1 -1
package/dist/history-restorer.d.ts.map +1 -1
package/dist/history-restorer.js +34 -2
package/dist/history-restorer.js.map +1 -1
package/dist/history.d.ts +26 -8
package/dist/history.d.ts.map +1 -1
package/dist/hooks/audit-emitter.d.ts +73 -0
package/dist/hooks/audit-emitter.d.ts.map +1 -0
package/dist/hooks/audit-emitter.js +13 -0
package/dist/hooks/audit-emitter.js.map +1 -0
package/dist/hooks/context.d.ts +78 -0
package/dist/hooks/context.d.ts.map +1 -0
package/dist/hooks/context.js +56 -0
package/dist/hooks/context.js.map +1 -0
package/dist/hooks/contribution.d.ts +90 -0
package/dist/hooks/contribution.d.ts.map +1 -0
package/dist/hooks/contribution.js +2 -0
package/dist/hooks/contribution.js.map +1 -0
package/dist/hooks/dispatch.d.ts +30 -0
package/dist/hooks/dispatch.d.ts.map +1 -0
package/dist/hooks/dispatch.js +252 -0
package/dist/hooks/dispatch.js.map +1 -0
package/dist/hooks/errors.d.ts +100 -0
package/dist/hooks/errors.d.ts.map +1 -0
package/dist/hooks/errors.js +103 -0
package/dist/hooks/errors.js.map +1 -0
package/dist/hooks/index.d.ts +15 -0
package/dist/hooks/index.d.ts.map +1 -0
package/dist/hooks/index.js +6 -0
package/dist/hooks/index.js.map +1 -0
package/dist/hooks/registry.d.ts +53 -0
package/dist/hooks/registry.d.ts.map +1 -0
package/dist/hooks/registry.js +139 -0
package/dist/hooks/registry.js.map +1 -0
package/dist/hooks/storage.d.ts +43 -0
package/dist/hooks/storage.d.ts.map +1 -0
package/dist/hooks/storage.js +2 -0
package/dist/hooks/storage.js.map +1 -0
package/dist/hooks/types.d.ts +324 -0
package/dist/hooks/types.d.ts.map +1 -0
package/dist/hooks/types.js +2 -0
package/dist/hooks/types.js.map +1 -0
package/dist/index.d.ts +27 -9
package/dist/index.d.ts.map +1 -1
package/dist/index.js +50 -7
package/dist/index.js.map +1 -1
package/dist/locale.d.ts +25 -1
package/dist/locale.d.ts.map +1 -1
package/dist/locale.js +44 -2
package/dist/locale.js.map +1 -1
package/dist/manifest-save.d.ts +255 -0
package/dist/manifest-save.d.ts.map +1 -0
package/dist/manifest-save.js +260 -0
package/dist/manifest-save.js.map +1 -0
package/dist/manifest.d.ts +1 -2
package/dist/manifest.d.ts.map +1 -1
package/dist/manifest.js +43 -44
package/dist/manifest.js.map +1 -1
package/dist/node-floor.d.ts +3 -0
package/dist/node-floor.d.ts.map +1 -0
package/dist/node-floor.js +3 -0
package/dist/node-floor.js.map +1 -0
package/dist/pages/create.d.ts +103 -0
package/dist/pages/create.d.ts.map +1 -0
package/dist/pages/create.js +117 -0
package/dist/pages/create.js.map +1 -0
package/dist/pages/publish.d.ts +59 -0
package/dist/pages/publish.d.ts.map +1 -0
package/dist/pages/publish.js +78 -0
package/dist/pages/publish.js.map +1 -0
package/dist/pages/save.d.ts +97 -0
package/dist/pages/save.d.ts.map +1 -0
package/dist/pages/save.js +138 -0
package/dist/pages/save.js.map +1 -0
package/dist/providers/_atomic-write.d.ts +9 -0
package/dist/providers/_atomic-write.d.ts.map +1 -0
package/dist/providers/_atomic-write.js +72 -0
package/dist/providers/_atomic-write.js.map +1 -0
package/dist/providers/_rm-ignore-missing.d.ts +31 -0
package/dist/providers/_rm-ignore-missing.d.ts.map +1 -0
package/dist/providers/_rm-ignore-missing.js +12 -0
package/dist/providers/_rm-ignore-missing.js.map +1 -0
package/dist/providers/_stream-interop.d.ts +23 -0
package/dist/providers/_stream-interop.d.ts.map +1 -0
package/dist/providers/_stream-interop.js +21 -0
package/dist/providers/_stream-interop.js.map +1 -0
package/dist/providers/azure-blob.d.ts.map +1 -1
package/dist/providers/azure-blob.js +60 -0
package/dist/providers/azure-blob.js.map +1 -1
package/dist/providers/factories.d.ts +65 -0
package/dist/providers/factories.d.ts.map +1 -0
package/dist/providers/factories.js +189 -0
package/dist/providers/factories.js.map +1 -0
package/dist/providers/filesystem.d.ts +4 -0
package/dist/providers/filesystem.d.ts.map +1 -1
package/dist/providers/filesystem.js +63 -2
package/dist/providers/filesystem.js.map +1 -1
package/dist/providers/s3.d.ts.map +1 -1
package/dist/providers/s3.js +84 -1
package/dist/providers/s3.js.map +1 -1
package/dist/publish-item.d.ts +225 -0
package/dist/publish-item.d.ts.map +1 -0
package/dist/publish-item.js +210 -0
package/dist/publish-item.js.map +1 -0
package/dist/publish-rendered.d.ts +37 -17
package/dist/publish-rendered.d.ts.map +1 -1
package/dist/publish-rendered.js +144 -71
package/dist/publish-rendered.js.map +1 -1
package/dist/publish-renderers.d.ts +132 -0
package/dist/publish-renderers.d.ts.map +1 -0
package/dist/publish-renderers.js +240 -0
package/dist/publish-renderers.js.map +1 -0
package/dist/publish-run.d.ts +223 -0
package/dist/publish-run.d.ts.map +1 -0
package/dist/publish-run.js +307 -0
package/dist/publish-run.js.map +1 -0
package/dist/publish.d.ts +13 -12
package/dist/publish.d.ts.map +1 -1
package/dist/publish.js +24 -57
package/dist/publish.js.map +1 -1
package/dist/render-for-analysis.d.ts +24 -0
package/dist/render-for-analysis.d.ts.map +1 -0
package/dist/render-for-analysis.js +146 -0
package/dist/render-for-analysis.js.map +1 -0
package/dist/resolver.d.ts +12 -2
package/dist/resolver.d.ts.map +1 -1
package/dist/resolver.js +101 -32
package/dist/resolver.js.map +1 -1
package/dist/runtime/archive-marker.d.ts +62 -0
package/dist/runtime/archive-marker.d.ts.map +1 -0
package/dist/runtime/archive-marker.js +88 -0
package/dist/runtime/archive-marker.js.map +1 -0
package/dist/runtime/capability-gap-warnings.d.ts +42 -0
package/dist/runtime/capability-gap-warnings.d.ts.map +1 -0
package/dist/runtime/capability-gap-warnings.js +28 -0
package/dist/runtime/capability-gap-warnings.js.map +1 -0
package/dist/runtime/redirects-emit.d.ts +93 -0
package/dist/runtime/redirects-emit.d.ts.map +1 -0
package/dist/runtime/redirects-emit.js +89 -0
package/dist/runtime/redirects-emit.js.map +1 -0
package/dist/runtime/runtime-capabilities.d.ts +79 -0
package/dist/runtime/runtime-capabilities.d.ts.map +1 -0
package/dist/runtime/runtime-capabilities.js +60 -0
package/dist/runtime/runtime-capabilities.js.map +1 -0
package/dist/save-etag.d.ts +69 -0
package/dist/save-etag.d.ts.map +1 -0
package/dist/save-etag.js +118 -0
package/dist/save-etag.js.map +1 -0
package/dist/schema/dimensions.d.ts +78 -0
package/dist/schema/dimensions.d.ts.map +1 -0
package/dist/schema/dimensions.js +97 -0
package/dist/schema/dimensions.js.map +1 -0
package/dist/schema/helpers.d.ts +108 -0
package/dist/schema/helpers.d.ts.map +1 -0
package/dist/schema/helpers.js +133 -0
package/dist/schema/helpers.js.map +1 -0
package/dist/schema/index.d.ts +27 -0
package/dist/schema/index.d.ts.map +1 -0
package/dist/schema/index.js +25 -0
package/dist/schema/index.js.map +1 -0
package/dist/schema/types.d.ts +390 -0
package/dist/schema/types.d.ts.map +1 -0
package/dist/schema/types.js +25 -0
package/dist/schema/types.js.map +1 -0
package/dist/selector-chain.d.ts +63 -0
package/dist/selector-chain.d.ts.map +1 -0
package/dist/selector-chain.js +58 -0
package/dist/selector-chain.js.map +1 -0
package/dist/sidecars.d.ts +19 -18
package/dist/sidecars.d.ts.map +1 -1
package/dist/sidecars.js +70 -62
package/dist/sidecars.js.map +1 -1
package/dist/site-loader.d.ts +42 -4
package/dist/site-loader.d.ts.map +1 -1
package/dist/site-loader.js +27 -8
package/dist/site-loader.js.map +1 -1
package/dist/targets.d.ts +21 -12
package/dist/targets.d.ts.map +1 -1
package/dist/targets.js +27 -117
package/dist/targets.js.map +1 -1
package/dist/testing/admin-cache-contract.d.ts +52 -0
package/dist/testing/admin-cache-contract.d.ts.map +1 -0
package/dist/testing/admin-cache-contract.js +203 -0
package/dist/testing/admin-cache-contract.js.map +1 -0
package/dist/testing/index.d.ts +11 -0
package/dist/testing/index.d.ts.map +1 -0
package/dist/testing/index.js +11 -0
package/dist/testing/index.js.map +1 -0
package/dist/themes.d.ts +69 -0
package/dist/themes.d.ts.map +1 -0
package/dist/themes.js +85 -0
package/dist/themes.js.map +1 -0
package/dist/transforms/adapter.d.ts +115 -0
package/dist/transforms/adapter.d.ts.map +1 -0
package/dist/transforms/adapter.js +2 -0
package/dist/transforms/adapter.js.map +1 -0
package/dist/transforms/cloudflare.d.ts +17 -0
package/dist/transforms/cloudflare.d.ts.map +1 -0
package/dist/transforms/cloudflare.js +110 -0
package/dist/transforms/cloudflare.js.map +1 -0
package/dist/transforms/factories.d.ts +16 -0
package/dist/transforms/factories.d.ts.map +1 -0
package/dist/transforms/factories.js +18 -0
package/dist/transforms/factories.js.map +1 -0
package/dist/transforms/index.d.ts +17 -0
package/dist/transforms/index.d.ts.map +1 -0
package/dist/transforms/index.js +6 -0
package/dist/transforms/index.js.map +1 -0
package/dist/transforms/sharp.d.ts +17 -0
package/dist/transforms/sharp.d.ts.map +1 -0
package/dist/transforms/sharp.js +57 -0
package/dist/transforms/sharp.js.map +1 -0
package/dist/types.d.ts +485 -34
package/dist/types.d.ts.map +1 -1
package/dist/types.js +20 -1
package/dist/types.js.map +1 -1
package/dist/validation/alt-required-walker.d.ts +27 -0
package/dist/validation/alt-required-walker.d.ts.map +1 -0
package/dist/validation/alt-required-walker.js +108 -0
package/dist/validation/alt-required-walker.js.map +1 -0
package/dist/validation/default-registry.d.ts +12 -0
package/dist/validation/default-registry.d.ts.map +1 -0
package/dist/validation/default-registry.js +55 -0
package/dist/validation/default-registry.js.map +1 -0
package/dist/validation/publish-audit.d.ts +44 -0
package/dist/validation/publish-audit.d.ts.map +1 -0
package/dist/validation/publish-audit.js +64 -0
package/dist/validation/publish-audit.js.map +1 -0
package/dist/validation/registry.d.ts +23 -0
package/dist/validation/registry.d.ts.map +1 -0
package/dist/validation/registry.js +15 -0
package/dist/validation/registry.js.map +1 -0
package/dist/validation/save-delta.d.ts +46 -0
package/dist/validation/save-delta.d.ts.map +1 -0
package/dist/validation/save-delta.js +57 -0
package/dist/validation/save-delta.js.map +1 -0
package/dist/validation/scanner.d.ts +91 -0
package/dist/validation/scanner.d.ts.map +1 -0
package/dist/validation/scanner.js +327 -0
package/dist/validation/scanner.js.map +1 -0
package/dist/validation/template-impact.d.ts +52 -0
package/dist/validation/template-impact.d.ts.map +1 -0
package/dist/validation/template-impact.js +53 -0
package/dist/validation/template-impact.js.map +1 -0
package/dist/validation/types.d.ts +123 -0
package/dist/validation/types.d.ts.map +1 -0
package/dist/validation/types.js +7 -0
package/dist/validation/types.js.map +1 -0
package/dist/validation/validators/accessibility.d.ts +3 -0
package/dist/validation/validators/accessibility.d.ts.map +1 -0
package/dist/validation/validators/accessibility.js +106 -0
package/dist/validation/validators/accessibility.js.map +1 -0
package/dist/validation/validators/aliasof-points-to-archived.d.ts +40 -0
package/dist/validation/validators/aliasof-points-to-archived.d.ts.map +1 -0
package/dist/validation/validators/aliasof-points-to-archived.js +34 -0
package/dist/validation/validators/aliasof-points-to-archived.js.map +1 -0
package/dist/validation/validators/alt-required.d.ts +3 -0
package/dist/validation/validators/alt-required.d.ts.map +1 -0
package/dist/validation/validators/alt-required.js +118 -0
package/dist/validation/validators/alt-required.js.map +1 -0
package/dist/validation/validators/archive-not-supported-on-target.d.ts +3 -0
package/dist/validation/validators/archive-not-supported-on-target.d.ts.map +1 -0
package/dist/validation/validators/archive-not-supported-on-target.js +38 -0
package/dist/validation/validators/archive-not-supported-on-target.js.map +1 -0
package/dist/validation/validators/broken-links.d.ts +3 -0
package/dist/validation/validators/broken-links.d.ts.map +1 -0
package/dist/validation/validators/broken-links.js +190 -0
package/dist/validation/validators/broken-links.js.map +1 -0
package/dist/validation/validators/circular-alias.d.ts +36 -0
package/dist/validation/validators/circular-alias.d.ts.map +1 -0
package/dist/validation/validators/circular-alias.js +63 -0
package/dist/validation/validators/circular-alias.js.map +1 -0
package/dist/validation/validators/circular-fragment.d.ts +15 -0
package/dist/validation/validators/circular-fragment.d.ts.map +1 -0
package/dist/validation/validators/circular-fragment.js +97 -0
package/dist/validation/validators/circular-fragment.js.map +1 -0
package/dist/validation/validators/dangling-alias.d.ts +38 -0
package/dist/validation/validators/dangling-alias.d.ts.map +1 -0
package/dist/validation/validators/dangling-alias.js +31 -0
package/dist/validation/validators/dangling-alias.js.map +1 -0
package/dist/validation/validators/deploy-target-type-supported.d.ts +3 -0
package/dist/validation/validators/deploy-target-type-supported.d.ts.map +1 -0
package/dist/validation/validators/deploy-target-type-supported.js +32 -0
package/dist/validation/validators/deploy-target-type-supported.js.map +1 -0
package/dist/validation/validators/dynamic-route-conflict.d.ts +18 -0
package/dist/validation/validators/dynamic-route-conflict.d.ts.map +1 -0
package/dist/validation/validators/dynamic-route-conflict.js +80 -0
package/dist/validation/validators/dynamic-route-conflict.js.map +1 -0
package/dist/validation/validators/html-validity.d.ts +3 -0
package/dist/validation/validators/html-validity.d.ts.map +1 -0
package/dist/validation/validators/html-validity.js +89 -0
package/dist/validation/validators/html-validity.js.map +1 -0
package/dist/validation/validators/orphaned-locale-file.d.ts +21 -0
package/dist/validation/validators/orphaned-locale-file.d.ts.map +1 -0
package/dist/validation/validators/orphaned-locale-file.js +84 -0
package/dist/validation/validators/orphaned-locale-file.js.map +1 -0
package/dist/validation/validators/referenced-archived-without-alias.d.ts +3 -0
package/dist/validation/validators/referenced-archived-without-alias.d.ts.map +1 -0
package/dist/validation/validators/referenced-archived-without-alias.js +65 -0
package/dist/validation/validators/referenced-archived-without-alias.js.map +1 -0
package/dist/validation/validators/referenced-asset-exists.d.ts +13 -0
package/dist/validation/validators/referenced-asset-exists.d.ts.map +1 -0
package/dist/validation/validators/referenced-asset-exists.js +80 -0
package/dist/validation/validators/referenced-asset-exists.js.map +1 -0
package/dist/validation/validators/referenced-fragment-exists.d.ts +9 -0
package/dist/validation/validators/referenced-fragment-exists.d.ts.map +1 -0
package/dist/validation/validators/referenced-fragment-exists.js +52 -0
package/dist/validation/validators/referenced-fragment-exists.js.map +1 -0
package/dist/validation/validators/referenced-template-exists.d.ts +10 -0
package/dist/validation/validators/referenced-template-exists.d.ts.map +1 -0
package/dist/validation/validators/referenced-template-exists.js +74 -0
package/dist/validation/validators/referenced-template-exists.js.map +1 -0
package/dist/validation/validators/schema-conformance.d.ts +17 -0
package/dist/validation/validators/schema-conformance.d.ts.map +1 -0
package/dist/validation/validators/schema-conformance.js +94 -0
package/dist/validation/validators/schema-conformance.js.map +1 -0
package/dist/validation/validators/target-deploy-coverage.d.ts +3 -0
package/dist/validation/validators/target-deploy-coverage.d.ts.map +1 -0
package/dist/validation/validators/target-deploy-coverage.js +37 -0
package/dist/validation/validators/target-deploy-coverage.js.map +1 -0
package/dist/validation/validators/unused-fragment.d.ts +16 -0
package/dist/validation/validators/unused-fragment.d.ts.map +1 -0
package/dist/validation/validators/unused-fragment.js +86 -0
package/dist/validation/validators/unused-fragment.js.map +1 -0
package/package.json +69 -27
package/admin-dist/assets/index-B6pVot0Y.css +0 -1
package/admin-dist/assets/index-DniLwxJA.js +0 -609
package/admin-dist/assets/rolldown-runtime-COnpUsM8.js +0 -1
package/admin-dist/assets/vendor-rjsf-HKBAjOmQ.js +0 -32
package/admin-dist/assets/vendor-tiptap-IyO99U4R.js +0 -142
package/admin-dist/assets/vendor-vue-D3wBSmDf.js +0 -1
package/dist/providers/r2.d.ts +0 -8
package/dist/providers/r2.d.ts.map +0 -1
package/dist/providers/r2.js +0 -86
package/dist/providers/r2.js.map +0 -1
package/dist/publish-locale.d.ts +0 -44
package/dist/publish-locale.d.ts.map +0 -1
package/dist/publish-locale.js +0 -103
package/dist/publish-locale.js.map +0 -1
package/dist/source-sidecars.d.ts +0 -32
package/dist/source-sidecars.d.ts.map +0 -1
package/dist/source-sidecars.js +0 -98
package/dist/source-sidecars.js.map +0 -1

package/dist/auth/capabilities.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Test whether a principal's capability set grants the required
+ * capability. Implements wildcard expansion:
+ *
+ *   - `*` (root wildcard) grants everything (including
+ *     wildcard-exempt capabilities — admin role retains the
+ *     escape hatch)
+ *   - `<prefix>:*` grants every capability under that prefix
+ *     EXCEPT capabilities in `WILDCARD_EXEMPT_CAPABILITIES`
+ *   - exact match grants exactly that capability
+ *
+ * Plugin-supplied capabilities use scoped prefixes
+ * (`@my-org/search:rebuild-index`) and follow the same rules:
+ * `@my-org/search:*` grants `@my-org/search:rebuild-index`.
+ */
+export declare function capabilityGrants(granted: ReadonlyArray<string>, required: string): boolean;
+/**
+ * Expand a role name to its capability set. Built-in roles
+ * (`admin`, `editor`, `viewer`) resolve from `BUILT_IN_ROLES`;
+ * custom roles must be supplied via the `customRoles` map at
+ * resolution time (per `design-auth-rbac.md`'s "hybrid built-in
+ * + custom" model).
+ *
+ * Returns null when the role isn't recognized — caller decides
+ * whether to fail-closed (deny access) or fail-open (assign default).
+ */
+export declare function expandRole(roleName: string, customRoles?: Readonly<Record<string, ReadonlyArray<string>>>): ReadonlyArray<string> | null;
+//# sourceMappingURL=capabilities.d.ts.map

package/dist/auth/capabilities.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"capabilities.d.ts","sourceRoot":"","sources":["../../src/auth/capabilities.ts"],"names":[],"mappings":"AAgDA;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAe1F;AAED;;;;;;;;;GASG;AACH,wBAAgB,UAAU,CACxB,QAAQ,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,GAC5D,aAAa,CAAC,MAAM,CAAC,GAAG,IAAI,CAQ9B"}

package/dist/auth/capabilities.js ADDED Viewed

@@ -0,0 +1,101 @@
+/**
+ * Capability vocabulary helpers — the closed set of built-in
+ * capabilities and the matching logic for wildcard expansion.
+ *
+ * # Why these helpers live here
+ *
+ * Capabilities are strings, but the matching logic (does
+ * `read:*` grant `read:pages`? does `*` grant everything?) is
+ * load-bearing for every authorization check. Centralizing the
+ * matching logic in pure functions means:
+ *
+ *   - Middleware uses one function, not ad-hoc string compares
+ *   - Tests pin the wildcard semantics in one place
+ *   - Plugin-supplied capabilities (when plugin foundation ships)
+ *     extend via prefix conventions, not by changing matching code
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: matching only; doesn't read configs or extract principals.
+ *   - DIP: middleware depends on this helper, not on the BUILT_IN_ROLES
+ *     constant.
+ */
+import { BUILT_IN_ROLES } from './types.js';
+/**
+ * Privacy-sensitive capabilities that prefix wildcards do NOT
+ * grant. Per design-auth-rbac.md's "Audit-log read access is its
+ * own capability — viewers don't see audit by default", and the
+ * matching design-audit.md note that audit log is its own gate.
+ *
+ * These capabilities require either:
+ *   - explicit grant (the exact capability string in the granted
+ *     list), or
+ *   - root wildcard `*` (admin role)
+ *
+ * Prefix wildcards (`read:*`) DO NOT grant them. Built-in editor
+ * + viewer roles hold `read:*` — they get `read:pages`,
+ * `read:fragments`, `read:assets` but NOT `read:audit-log`.
+ * Operators wanting an "auditor" custom role declare
+ * `['read:*', 'read:audit-log']` explicitly.
+ *
+ * Plugin authors adding privacy-sensitive capabilities extend this
+ * set by exporting their own capability string in this set —
+ * future plugin foundation will likely move this to a registry.
+ * For v1 the set is closed to known built-ins.
+ */
+const WILDCARD_EXEMPT_CAPABILITIES = new Set(['read:audit-log']);
+/**
+ * Test whether a principal's capability set grants the required
+ * capability. Implements wildcard expansion:
+ *
+ *   - `*` (root wildcard) grants everything (including
+ *     wildcard-exempt capabilities — admin role retains the
+ *     escape hatch)
+ *   - `<prefix>:*` grants every capability under that prefix
+ *     EXCEPT capabilities in `WILDCARD_EXEMPT_CAPABILITIES`
+ *   - exact match grants exactly that capability
+ *
+ * Plugin-supplied capabilities use scoped prefixes
+ * (`@my-org/search:rebuild-index`) and follow the same rules:
+ * `@my-org/search:*` grants `@my-org/search:rebuild-index`.
+ */
+export function capabilityGrants(granted, required) {
+    if (required.length === 0)
+        return false;
+    const isExempt = WILDCARD_EXEMPT_CAPABILITIES.has(required);
+    for (const cap of granted) {
+        // Root wildcard always grants — admin retains the escape hatch
+        // even for wildcard-exempt capabilities.
+        if (cap === '*')
+            return true;
+        if (cap === required)
+            return true;
+        // Prefix wildcards skip wildcard-exempt capabilities.
+        if (!isExempt && cap.endsWith(':*')) {
+            const prefix = cap.slice(0, -1); // 'read:*' → 'read:'
+            if (required.startsWith(prefix))
+                return true;
+        }
+    }
+    return false;
+}
+/**
+ * Expand a role name to its capability set. Built-in roles
+ * (`admin`, `editor`, `viewer`) resolve from `BUILT_IN_ROLES`;
+ * custom roles must be supplied via the `customRoles` map at
+ * resolution time (per `design-auth-rbac.md`'s "hybrid built-in
+ * + custom" model).
+ *
+ * Returns null when the role isn't recognized — caller decides
+ * whether to fail-closed (deny access) or fail-open (assign default).
+ */
+export function expandRole(roleName, customRoles) {
+    if (customRoles && roleName in customRoles) {
+        return customRoles[roleName];
+    }
+    if (roleName in BUILT_IN_ROLES) {
+        return BUILT_IN_ROLES[roleName];
+    }
+    return null;
+}
+//# sourceMappingURL=capabilities.js.map

package/dist/auth/capabilities.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"capabilities.js","sourceRoot":"","sources":["../../src/auth/capabilities.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,OAAO,EAAE,cAAc,EAA0B,MAAM,YAAY,CAAA;AAEnE;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,4BAA4B,GAAwB,IAAI,GAAG,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAA;AAErF;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAA8B,EAAE,QAAgB;IAC/E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IACvC,MAAM,QAAQ,GAAG,4BAA4B,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IAC3D,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,+DAA+D;QAC/D,yCAAyC;QACzC,IAAI,GAAG,KAAK,GAAG;YAAE,OAAO,IAAI,CAAA;QAC5B,IAAI,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAA;QACjC,sDAAsD;QACtD,IAAI,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA,CAAC,qBAAqB;YACrD,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,OAAO,IAAI,CAAA;QAC9C,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,UAAU,CACxB,QAAgB,EAChB,WAA6D;IAE7D,IAAI,WAAW,IAAI,QAAQ,IAAI,WAAW,EAAE,CAAC;QAC3C,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAA;IAC9B,CAAC;IACD,IAAI,QAAQ,IAAI,cAAc,EAAE,CAAC;QAC/B,OAAO,cAAc,CAAC,QAAQ,CAAqC,CAAA;IACrE,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC"}

package/dist/auth/config.d.ts ADDED Viewed

@@ -0,0 +1,109 @@
+/**
+ * Zod schema for the `admin.auth` block in `site.config.ts`. This
+ * cut ships only the `none`-mode shape; subsequent cuts add Zod
+ * variants for `forwarded-user`, `cloudflare-access`, etc.
+ *
+ * # Why a discriminated union
+ *
+ * Each trust mode's configuration shape is genuinely different
+ * (`forwarded-user` has `trustedProxyCount`; `cloudflare-access`
+ * has `teamDomain`; `none` has no provider-specific fields). A
+ * discriminated union on `trust:` lets TypeScript narrow per
+ * mode automatically and gives operators IDE autocomplete for the
+ * fields their chosen mode accepts.
+ *
+ * # Defaults
+ *
+ * Operators who don't set `admin.auth` run in `none` mode. The
+ * site-loader treats absent `admin.auth` as `{ trust: 'none' }`.
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: schema validation only; doesn't construct providers.
+ *   - OCP: adding a trust mode appends one variant to the union;
+ *     existing variants unchanged.
+ */
+import { z } from 'zod';
+/**
+ * Top-level discriminated union. All v1 trust modes locked.
+ * Future plugin-supplied modes (per design-auth-rbac.md Q1's plugin
+ * promotion trigger) extend the union via the plugin contract — not
+ * by editing this file.
+ */
+export declare const AuthConfigSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    trust: z.ZodLiteral<"none">;
+    roles: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
+        capabilities: z.ZodReadonly<z.ZodArray<z.ZodString>>;
+    }, z.core.$strict>>>;
+    strict: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strict>, z.ZodObject<{
+    trust: z.ZodLiteral<"forwarded-user">;
+    trustedProxies: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    allowAnyOrigin: z.ZodOptional<z.ZodBoolean>;
+    roles: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
+        capabilities: z.ZodReadonly<z.ZodArray<z.ZodString>>;
+    }, z.core.$strict>>>;
+    roleMapping: z.ZodOptional<z.ZodObject<{
+        claim: z.ZodString;
+        map: z.ZodRecord<z.ZodString, z.ZodString>;
+        defaultRole: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    }, z.core.$strict>>;
+    strict: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strict>, z.ZodObject<{
+    trust: z.ZodLiteral<"cloudflare-access">;
+    teamDomain: z.ZodString;
+    audience: z.ZodOptional<z.ZodString>;
+    roles: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
+        capabilities: z.ZodReadonly<z.ZodArray<z.ZodString>>;
+    }, z.core.$strict>>>;
+    roleMapping: z.ZodOptional<z.ZodObject<{
+        claim: z.ZodString;
+        map: z.ZodRecord<z.ZodString, z.ZodString>;
+        defaultRole: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    }, z.core.$strict>>;
+    strict: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strict>, z.ZodObject<{
+    trust: z.ZodLiteral<"azure-easy-auth">;
+    roles: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
+        capabilities: z.ZodReadonly<z.ZodArray<z.ZodString>>;
+    }, z.core.$strict>>>;
+    roleMapping: z.ZodOptional<z.ZodObject<{
+        claim: z.ZodString;
+        map: z.ZodRecord<z.ZodString, z.ZodString>;
+        defaultRole: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    }, z.core.$strict>>;
+    strict: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strict>, z.ZodObject<{
+    trust: z.ZodLiteral<"aws-cognito">;
+    region: z.ZodString;
+    audience: z.ZodOptional<z.ZodString>;
+    roles: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
+        capabilities: z.ZodReadonly<z.ZodArray<z.ZodString>>;
+    }, z.core.$strict>>>;
+    roleMapping: z.ZodOptional<z.ZodObject<{
+        claim: z.ZodString;
+        map: z.ZodRecord<z.ZodString, z.ZodString>;
+        defaultRole: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    }, z.core.$strict>>;
+    strict: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strict>, z.ZodObject<{
+    trust: z.ZodLiteral<"tailscale">;
+    roles: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
+        capabilities: z.ZodReadonly<z.ZodArray<z.ZodString>>;
+    }, z.core.$strict>>>;
+    roleMapping: z.ZodOptional<z.ZodObject<{
+        claim: z.ZodString;
+        map: z.ZodRecord<z.ZodString, z.ZodString>;
+        defaultRole: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    }, z.core.$strict>>;
+    strict: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strict>], "trust">;
+export type AuthConfig = z.infer<typeof AuthConfigSchema>;
+/**
+ * Reserved-prefix check. Future plugin-supplied capabilities use
+ * plugin-scoped prefixes (e.g., `@my-org/...:`); custom roles MUST
+ * NOT redefine reserved built-in prefixes with conflicting
+ * semantics. The role-resolver enforces this at load time.
+ */
+export declare function isReservedPrefix(capability: string): boolean;
+//# sourceMappingURL=config.d.ts.map

package/dist/auth/config.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAkLvB;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAO3B,CAAA;AAEF,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AAEzD;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAM5D"}

package/dist/auth/config.js ADDED Viewed

@@ -0,0 +1,221 @@
+/**
+ * Zod schema for the `admin.auth` block in `site.config.ts`. This
+ * cut ships only the `none`-mode shape; subsequent cuts add Zod
+ * variants for `forwarded-user`, `cloudflare-access`, etc.
+ *
+ * # Why a discriminated union
+ *
+ * Each trust mode's configuration shape is genuinely different
+ * (`forwarded-user` has `trustedProxyCount`; `cloudflare-access`
+ * has `teamDomain`; `none` has no provider-specific fields). A
+ * discriminated union on `trust:` lets TypeScript narrow per
+ * mode automatically and gives operators IDE autocomplete for the
+ * fields their chosen mode accepts.
+ *
+ * # Defaults
+ *
+ * Operators who don't set `admin.auth` run in `none` mode. The
+ * site-loader treats absent `admin.auth` as `{ trust: 'none' }`.
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: schema validation only; doesn't construct providers.
+ *   - OCP: adding a trust mode appends one variant to the union;
+ *     existing variants unchanged.
+ */
+import { z } from 'zod';
+import { RESERVED_CAPABILITY_PREFIXES } from './types.js';
+/**
+ * Capability-shape regex. Either a wildcard (`'*'`) or
+ * `<prefix>:<rest>` where `rest` may itself be a wildcard.
+ * Plugin-supplied capabilities use scoped prefixes (e.g.,
+ * `@my-org/search:rebuild-index`); the schema accepts those too.
+ */
+const capabilityRegex = /^(\*|[a-zA-Z@][a-zA-Z0-9@/_-]*:[a-zA-Z*][a-zA-Z0-9_-]*)$/;
+const capabilitySchema = z.string().regex(capabilityRegex, 'Capability must be either "*" or "<prefix>:<rest>"');
+/**
+ * Custom role definition — operator-declared in `site.config.ts`.
+ * Built-in roles (`admin`, `editor`, `viewer`) are predefined and
+ * don't appear here; operators only declare custom roles.
+ */
+const roleSchema = z
+    .object({
+    capabilities: z.array(capabilitySchema).readonly(),
+})
+    .strict();
+const roleMappingSchema = z
+    .object({
+    /** Which JSON claim / header field carries the upstream group list. */
+    claim: z.string(),
+    /** Map from upstream group name to Gazetta role name. */
+    map: z.record(z.string(), z.string()),
+    /** Fallback role when no group matches. `null` denies access. */
+    defaultRole: z.string().nullable().optional(),
+})
+    .strict();
+/**
+ * `none` trust mode — the default. No provider-specific fields.
+ * Operators omitting `admin.auth` entirely fall back to this shape
+ * with all defaults.
+ */
+const noneAuthSchema = z
+    .object({
+    trust: z.literal('none'),
+    /** Custom role declarations (rare in `none` mode but allowed). */
+    roles: z.record(z.string(), roleSchema).optional(),
+    /** Strict mode — invalid roles fail boot vs. log warning. */
+    strict: z.boolean().optional(),
+})
+    .strict();
+/**
+ * `forwarded-user` trust mode — generic reverse-proxy mode. The
+ * upstream layer (oauth2-proxy, Authelia, Caddy with `forward_auth`,
+ * etc.) populates `X-Forwarded-User` and optionally
+ * `X-Forwarded-Email` / `X-Forwarded-Groups`.
+ *
+ * # Header-spoofing protection
+ *
+ * Operators MUST configure source-IP protection per
+ * `design-auth-rbac.md` Q1: either `trustedProxies` (whitelist of
+ * IPs/CIDRs that may set the headers) OR `allowAnyOrigin: true`
+ * (explicit opt-in for dev / private networks).
+ *
+ * Default: fail-closed. Without `trustedProxies` AND without
+ * `allowAnyOrigin`, the provider rejects every request — surfaces
+ * as 401 with a config-hint message. This matches Q4's
+ * "fail-closed" recommendation in the design's "Source-IP whitelist
+ * semantics" open question.
+ */
+const forwardedUserAuthSchema = z
+    .object({
+    trust: z.literal('forwarded-user'),
+    /**
+     * IPs or CIDR blocks that may set the forwarded headers. Each
+     * entry is an IP literal (`192.168.1.10`) or CIDR
+     * (`10.0.0.0/8`, `fd00::/8`). Empty array + missing
+     * `allowAnyOrigin` → all requests rejected.
+     */
+    trustedProxies: z.array(z.string()).optional(),
+    /**
+     * Explicit opt-out of source-IP protection. Use ONLY in dev or
+     * trusted private networks (Tailscale, internal VPNs).
+     * Production deployments behind a public load balancer MUST
+     * use `trustedProxies` instead.
+     */
+    allowAnyOrigin: z.boolean().optional(),
+    roles: z.record(z.string(), roleSchema).optional(),
+    roleMapping: roleMappingSchema.optional(),
+    strict: z.boolean().optional(),
+})
+    .strict()
+    .refine(cfg => cfg.allowAnyOrigin || (cfg.trustedProxies && cfg.trustedProxies.length > 0), {
+    message: 'forwarded-user trust mode requires trustedProxies (IP whitelist) OR allowAnyOrigin: true. Without either, every request is rejected — likely a misconfiguration. Set trustedProxies for production deployments behind a known proxy; set allowAnyOrigin: true only in dev or trusted private networks.',
+    path: ['trustedProxies'],
+});
+/**
+ * `cloudflare-access` trust mode — Cloudflare Zero Trust fronting
+ * the admin. The platform issues a signed JWT in
+ * `Cf-Access-Jwt-Assertion` (or `CF_Authorization` cookie); Gazetta
+ * verifies the signature against Cloudflare's published JWKS.
+ *
+ * # Why no source-IP check
+ *
+ * The signed JWT IS the trust. Source IP would be Cloudflare's edge
+ * regardless of the original client; verifying the signature is the
+ * security boundary.
+ *
+ * # `audience` claim verification
+ *
+ * Optional but strongly recommended. Cloudflare Access tokens carry
+ * an `aud` claim identifying the application; production deployments
+ * SHOULD set this to prevent token replay across other
+ * Access-protected apps in the same team.
+ */
+const cloudflareAccessAuthSchema = z
+    .object({
+    trust: z.literal('cloudflare-access'),
+    /**
+     * Cloudflare Zero Trust team domain (the part before
+     * `.cloudflareaccess.com`). Lowercase alphanumeric + hyphens.
+     */
+    teamDomain: z.string().regex(/^[a-z0-9][a-z0-9-]*$/, 'teamDomain must be lowercase alphanumeric + hyphens'),
+    /** Optional aud claim — recommended for production. */
+    audience: z.string().optional(),
+    roles: z.record(z.string(), roleSchema).optional(),
+    roleMapping: roleMappingSchema.optional(),
+    strict: z.boolean().optional(),
+})
+    .strict();
+/**
+ * `azure-easy-auth` trust mode — Azure App Service Easy Auth.
+ * Trust boundary is the App Service sandbox; Gazetta just decodes
+ * the X-MS-CLIENT-PRINCIPAL header. No provider-specific config
+ * fields — the platform handles auth.
+ */
+const azureEasyAuthSchema = z
+    .object({
+    trust: z.literal('azure-easy-auth'),
+    roles: z.record(z.string(), roleSchema).optional(),
+    roleMapping: roleMappingSchema.optional(),
+    strict: z.boolean().optional(),
+})
+    .strict();
+/**
+ * `aws-cognito` trust mode — AWS ALB + Cognito user pool. JWT
+ * verification against per-region public keys.
+ */
+const awsCognitoAuthSchema = z
+    .object({
+    trust: z.literal('aws-cognito'),
+    /** AWS region (e.g. "us-east-1"). Required for the JWKS URL. */
+    region: z.string().regex(/^[a-z]{2}-[a-z]+-\d+$/, 'region must be an AWS region like "us-east-1"'),
+    /** Optional aud claim — Cognito user-pool app client id. */
+    audience: z.string().optional(),
+    roles: z.record(z.string(), roleSchema).optional(),
+    roleMapping: roleMappingSchema.optional(),
+    strict: z.boolean().optional(),
+})
+    .strict();
+/**
+ * `tailscale` trust mode — Tailscale Funnel / serve. Trust comes
+ * from the tailnet itself (only authenticated members can reach
+ * the listener). No provider-specific config.
+ */
+const tailscaleAuthSchema = z
+    .object({
+    trust: z.literal('tailscale'),
+    roles: z.record(z.string(), roleSchema).optional(),
+    roleMapping: roleMappingSchema.optional(),
+    strict: z.boolean().optional(),
+})
+    .strict();
+/**
+ * Top-level discriminated union. All v1 trust modes locked.
+ * Future plugin-supplied modes (per design-auth-rbac.md Q1's plugin
+ * promotion trigger) extend the union via the plugin contract — not
+ * by editing this file.
+ */
+export const AuthConfigSchema = z.discriminatedUnion('trust', [
+    noneAuthSchema,
+    forwardedUserAuthSchema,
+    cloudflareAccessAuthSchema,
+    azureEasyAuthSchema,
+    awsCognitoAuthSchema,
+    tailscaleAuthSchema,
+]);
+/**
+ * Reserved-prefix check. Future plugin-supplied capabilities use
+ * plugin-scoped prefixes (e.g., `@my-org/...:`); custom roles MUST
+ * NOT redefine reserved built-in prefixes with conflicting
+ * semantics. The role-resolver enforces this at load time.
+ */
+export function isReservedPrefix(capability) {
+    if (capability === '*')
+        return true;
+    const colonIdx = capability.indexOf(':');
+    if (colonIdx <= 0)
+        return false;
+    const prefix = capability.slice(0, colonIdx);
+    return RESERVED_CAPABILITY_PREFIXES.includes(prefix);
+}
+//# sourceMappingURL=config.js.map

package/dist/auth/config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,4BAA4B,EAAE,MAAM,YAAY,CAAA;AAEzD;;;;;GAKG;AACH,MAAM,eAAe,GAAG,0DAA0D,CAAA;AAElF,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,eAAe,EAAE,oDAAoD,CAAC,CAAA;AAEhH;;;;GAIG;AACH,MAAM,UAAU,GAAG,CAAC;KACjB,MAAM,CAAC;IACN,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,QAAQ,EAAE;CACnD,CAAC;KACD,MAAM,EAAE,CAAA;AAEX,MAAM,iBAAiB,GAAG,CAAC;KACxB,MAAM,CAAC;IACN,uEAAuE;IACvE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,yDAAyD;IACzD,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;IACrC,iEAAiE;IACjE,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CAC9C,CAAC;KACD,MAAM,EAAE,CAAA;AAEX;;;;GAIG;AACH,MAAM,cAAc,GAAG,CAAC;KACrB,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACxB,kEAAkE;IAClE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC,QAAQ,EAAE;IAClD,6DAA6D;IAC7D,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC;KACD,MAAM,EAAE,CAAA;AAEX;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,uBAAuB,GAAG,CAAC;KAC9B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC;IAClC;;;;;OAKG;IACH,cAAc,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC9C;;;;;OAKG;IACH,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC,QAAQ,EAAE;IAClD,WAAW,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACzC,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC;KACD,MAAM,EAAE;KACR,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,cAAc,IAAI,CAAC,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE;IAC1F,OAAO,EACL,wSAAwS;IAC1S,IAAI,EAAE,CAAC,gBAAgB,CAAC;CACzB,CAAC,CAAA;AAEJ;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,0BAA0B,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC;IACrC;;;OAGG;IACH,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,sBAAsB,EAAE,qDAAqD,CAAC;IAC3G,uDAAuD;IACvD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC,QAAQ,EAAE;IAClD,WAAW,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACzC,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC;KACD,MAAM,EAAE,CAAA;AAEX;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC;IACnC,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC,QAAQ,EAAE;IAClD,WAAW,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACzC,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC;KACD,MAAM,EAAE,CAAA;AAEX;;;GAGG;AACH,MAAM,oBAAoB,GAAG,CAAC;KAC3B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC;IAC/B,gEAAgE;IAChE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,uBAAuB,EAAE,+CAA+C,CAAC;IAClG,4DAA4D;IAC5D,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC,QAAQ,EAAE;IAClD,WAAW,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACzC,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC;KACD,MAAM,EAAE,CAAA;AAEX;;;;GAIG;AACH,MAAM,mBAAmB,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IAC7B,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC,QAAQ,EAAE;IAClD,WAAW,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACzC,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC;KACD,MAAM,EAAE,CAAA;AAEX;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,kBAAkB,CAAC,OAAO,EAAE;IAC5D,cAAc;IACd,uBAAuB;IACvB,0BAA0B;IAC1B,mBAAmB;IACnB,oBAAoB;IACpB,mBAAmB;CACpB,CAAC,CAAA;AAIF;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAAkB;IACjD,IAAI,UAAU,KAAK,GAAG;QAAE,OAAO,IAAI,CAAA;IACnC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACxC,IAAI,QAAQ,IAAI,CAAC;QAAE,OAAO,KAAK,CAAA;IAC/B,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;IAC5C,OAAQ,4BAAkD,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;AAC7E,CAAC"}

package/dist/auth/errors.d.ts ADDED Viewed

@@ -0,0 +1,72 @@
+/**
+ * Auth-specific error taxonomy. Distinct from validation errors;
+ * downstream consumers (route handlers, audit recorder) catch these
+ * to map to the right HTTP status and audit outcome.
+ *
+ * # Why a dedicated taxonomy
+ *
+ * Per `design-plugins.md`'s Universal Provider Requirements, every
+ * provider surface has its own error taxonomy. Auth's errors split
+ * along three axes:
+ *
+ *   - Configuration errors (invalid `site.config.ts admin.auth`
+ *     block) — surface at boot, fail closed
+ *   - Authentication errors (the upstream provider couldn't extract
+ *     identity) — surface as 401
+ *   - Authorization errors (principal lacks the required capability)
+ *     — surface as 403
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: error classes own only error identity and HTTP-status
+ *     mapping. They don't carry rendering logic — route handlers
+ *     map to JSON via `error-response.ts`.
+ *   - LSP: every subclass extends `AuthError` so route handlers
+ *     can branch on the base class then narrow by instanceof.
+ */
+/** Base class for all auth-related errors. */
+export declare class AuthError extends Error {
+    readonly name: string;
+    /** HTTP status the route should return. Subclasses override. */
+    readonly httpStatus: number;
+    constructor(message: string);
+}
+/**
+ * Thrown at config-load time when `admin.auth` is malformed (unknown
+ * trust mode, role-mapping references unknown capabilities, etc.).
+ * Admin won't start.
+ */
+export declare class AuthConfigurationError extends AuthError {
+    readonly name = "AuthConfigurationError";
+    readonly httpStatus = 500;
+}
+/**
+ * Thrown when the upstream provider's expected header / claim is
+ * missing, malformed, or fails signature verification. Surfaces as
+ * 401 with `WWW-Authenticate` hint pointing back at the upstream.
+ */
+export declare class AuthenticationError extends AuthError {
+    readonly name = "AuthenticationError";
+    readonly httpStatus = 401;
+}
+/**
+ * Thrown when an authenticated principal lacks the capability the
+ * route requires. Surfaces as 403 with structured body listing
+ * `missing` capabilities and the principal's `role`.
+ */
+export declare class AuthorizationError extends AuthError {
+    readonly name = "AuthorizationError";
+    readonly httpStatus = 403;
+    /**
+     * Capabilities the principal would need to authorize this request.
+     * Surfaced in the 403 body so authenticated users see what they
+     * can't do — per design-auth-rbac.md "Failure mode": existence-
+     * leak risk doesn't justify 404-hide-existence semantics for
+     * already-authenticated users.
+     */
+    readonly missing: ReadonlyArray<string>;
+    /** Principal's role at decision time — surfaced in the 403 body. */
+    readonly role: string;
+    constructor(message: string, missing: ReadonlyArray<string>, role: string);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/auth/errors.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/auth/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,8CAA8C;AAC9C,qBAAa,SAAU,SAAQ,KAAK;IAClC,SAAkB,IAAI,EAAE,MAAM,CAAc;IAC5C,gEAAgE;IAChE,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAM;gBACrB,OAAO,EAAE,MAAM;CAG5B;AAED;;;;GAIG;AACH,qBAAa,sBAAuB,SAAQ,SAAS;IACnD,SAAkB,IAAI,4BAA2B;IACjD,SAAkB,UAAU,OAAM;CACnC;AAED;;;;GAIG;AACH,qBAAa,mBAAoB,SAAQ,SAAS;IAChD,SAAkB,IAAI,yBAAwB;IAC9C,SAAkB,UAAU,OAAM;CACnC;AAED;;;;GAIG;AACH,qBAAa,kBAAmB,SAAQ,SAAS;IAC/C,SAAkB,IAAI,wBAAuB;IAC7C,SAAkB,UAAU,OAAM;IAClC;;;;;;OAMG;IACH,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;IACvC,oEAAoE;IACpE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;gBACT,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM;CAK1E"}

package/dist/auth/errors.js ADDED Viewed

@@ -0,0 +1,78 @@
+/**
+ * Auth-specific error taxonomy. Distinct from validation errors;
+ * downstream consumers (route handlers, audit recorder) catch these
+ * to map to the right HTTP status and audit outcome.
+ *
+ * # Why a dedicated taxonomy
+ *
+ * Per `design-plugins.md`'s Universal Provider Requirements, every
+ * provider surface has its own error taxonomy. Auth's errors split
+ * along three axes:
+ *
+ *   - Configuration errors (invalid `site.config.ts admin.auth`
+ *     block) — surface at boot, fail closed
+ *   - Authentication errors (the upstream provider couldn't extract
+ *     identity) — surface as 401
+ *   - Authorization errors (principal lacks the required capability)
+ *     — surface as 403
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: error classes own only error identity and HTTP-status
+ *     mapping. They don't carry rendering logic — route handlers
+ *     map to JSON via `error-response.ts`.
+ *   - LSP: every subclass extends `AuthError` so route handlers
+ *     can branch on the base class then narrow by instanceof.
+ */
+/** Base class for all auth-related errors. */
+export class AuthError extends Error {
+    name = 'AuthError';
+    /** HTTP status the route should return. Subclasses override. */
+    httpStatus = 500;
+    constructor(message) {
+        super(message);
+    }
+}
+/**
+ * Thrown at config-load time when `admin.auth` is malformed (unknown
+ * trust mode, role-mapping references unknown capabilities, etc.).
+ * Admin won't start.
+ */
+export class AuthConfigurationError extends AuthError {
+    name = 'AuthConfigurationError';
+    httpStatus = 500;
+}
+/**
+ * Thrown when the upstream provider's expected header / claim is
+ * missing, malformed, or fails signature verification. Surfaces as
+ * 401 with `WWW-Authenticate` hint pointing back at the upstream.
+ */
+export class AuthenticationError extends AuthError {
+    name = 'AuthenticationError';
+    httpStatus = 401;
+}
+/**
+ * Thrown when an authenticated principal lacks the capability the
+ * route requires. Surfaces as 403 with structured body listing
+ * `missing` capabilities and the principal's `role`.
+ */
+export class AuthorizationError extends AuthError {
+    name = 'AuthorizationError';
+    httpStatus = 403;
+    /**
+     * Capabilities the principal would need to authorize this request.
+     * Surfaced in the 403 body so authenticated users see what they
+     * can't do — per design-auth-rbac.md "Failure mode": existence-
+     * leak risk doesn't justify 404-hide-existence semantics for
+     * already-authenticated users.
+     */
+    missing;
+    /** Principal's role at decision time — surfaced in the 403 body. */
+    role;
+    constructor(message, missing, role) {
+        super(message);
+        this.missing = missing;
+        this.role = role;
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/auth/errors.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/auth/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,8CAA8C;AAC9C,MAAM,OAAO,SAAU,SAAQ,KAAK;IAChB,IAAI,GAAW,WAAW,CAAA;IAC5C,gEAAgE;IACvD,UAAU,GAAW,GAAG,CAAA;IACjC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAA;IAChB,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,sBAAuB,SAAQ,SAAS;IACjC,IAAI,GAAG,wBAAwB,CAAA;IAC/B,UAAU,GAAG,GAAG,CAAA;CACnC;AAED;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,SAAS;IAC9B,IAAI,GAAG,qBAAqB,CAAA;IAC5B,UAAU,GAAG,GAAG,CAAA;CACnC;AAED;;;;GAIG;AACH,MAAM,OAAO,kBAAmB,SAAQ,SAAS;IAC7B,IAAI,GAAG,oBAAoB,CAAA;IAC3B,UAAU,GAAG,GAAG,CAAA;IAClC;;;;;;OAMG;IACM,OAAO,CAAuB;IACvC,oEAAoE;IAC3D,IAAI,CAAQ;IACrB,YAAY,OAAe,EAAE,OAA8B,EAAE,IAAY;QACvE,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;IAClB,CAAC;CACF"}