harper-kb 0.2.0

package/dist/core/triage.js

@@ -0,0 +1,136 @@
+/**
+ * Triage Queue Management
+ *
+ * Handles the intake queue for new knowledge submissions from webhooks
+ * and other sources. Items go through pending -> processing -> accepted/dismissed.
+ *
+ * All operations are scoped by kbId for multi-tenant isolation.
+ */
+import crypto from 'node:crypto';
+import { createEntry } from "./entries.js";
+/**
+ * Submit a new item to the triage queue.
+ *
+ * @param kbId - Knowledge base identifier
+ * @param source - Source identifier (e.g., "github-webhook", "slack-bot", "manual")
+ * @param summary - Brief summary of the knowledge to triage
+ * @param rawPayload - Original raw payload from the source
+ * @param sourceId - Optional deduplication key from the source system
+ * @returns The created triage item
+ */
+export async function submitTriage(kbId, source, summary, rawPayload, sourceId) {
+    const item = {
+        id: crypto.randomUUID(),
+        kbId,
+        source,
+        summary,
+        rawPayload: rawPayload || null,
+        status: 'pending',
+        sourceId: sourceId || undefined,
+    };
+    await databases.kb.TriageItem.put(item);
+    logger?.info?.(`Triage item submitted: ${item.id} from ${source}`);
+    return item;
+}
+/**
+ * Find a triage item by its source-specific ID for deduplication.
+ *
+ * @param kbId - Knowledge base identifier
+ * @param sourceId - The source-specific identifier
+ * @returns The matching triage item, or null if not found
+ */
+export async function findBySourceId(kbId, sourceId) {
+    for await (const item of databases.kb.TriageItem.search({
+        conditions: [
+            { attribute: 'kbId', comparator: 'equals', value: kbId },
+            { attribute: 'sourceId', comparator: 'equals', value: sourceId },
+        ],
+        limit: 1,
+    })) {
+        return item;
+    }
+    return null;
+}
+/**
+ * Process a triage item with the given action.
+ *
+ * - "accepted": Optionally creates a new knowledge entry from provided data
+ * - "dismissed": Marks the item as dismissed
+ * - "linked": Links the triage item to an existing knowledge entry
+ *
+ * @param id - Triage item ID
+ * @param action - Action to take
+ * @param processedBy - Who processed this item
+ * @param options - Additional options (entry data for accept, linked entry ID)
+ * @returns The updated triage item
+ * @throws Error if the triage item does not exist
+ */
+export async function processTriage(id, action, processedBy, options) {
+    const existing = await databases.kb.TriageItem.get(id);
+    if (!existing) {
+        throw new Error(`Triage item not found: ${id}`);
+    }
+    const item = existing;
+    const now = new Date();
+    // Update common fields
+    item.status = action;
+    item.action = action;
+    item.processedBy = processedBy;
+    item.processedAt = now;
+    // Handle action-specific logic
+    if (action === 'accepted' && options?.entryData) {
+        // Create a new knowledge entry from the triage data
+        const entryData = {
+            ...options.entryData,
+            kbId: item.kbId,
+            source: options.entryData.source || item.source,
+            addedBy: options.entryData.addedBy || processedBy,
+        };
+        const entry = await createEntry(entryData);
+        item.draftEntryId = entry.id;
+    }
+    else if (action === 'accepted' && options?.linkedEntryId) {
+        // Entry was created externally (e.g., web UI created it first) — link it
+        item.draftEntryId = options.linkedEntryId;
+    }
+    else if (action === 'linked' && options?.linkedEntryId) {
+        // Link to an existing knowledge entry
+        item.matchedEntryId = options.linkedEntryId;
+    }
+    // Store the updated triage item
+    await databases.kb.TriageItem.put(item);
+    logger?.info?.(`Triage item ${id} processed: ${action} by ${processedBy}`);
+    return item;
+}
+/**
+ * List pending triage items for a specific knowledge base.
+ *
+ * @param kbId - Knowledge base identifier
+ * @param limit - Maximum number of items to return (default 200)
+ * @returns Array of triage items with status "pending"
+ */
+export async function listPending(kbId, limit = 200) {
+    const results = [];
+    for await (const item of databases.kb.TriageItem.search({
+        conditions: [
+            { attribute: 'kbId', comparator: 'equals', value: kbId },
+            { attribute: 'status', comparator: 'equals', value: 'pending' },
+        ],
+        limit,
+    })) {
+        results.push(item);
+    }
+    return results;
+}
+/**
+ * Dismiss a triage item.
+ *
+ * Convenience method that calls processTriage with action "dismissed".
+ *
+ * @param id - Triage item ID
+ * @param processedBy - Who dismissed this item
+ */
+export async function dismissTriage(id, processedBy) {
+    await processTriage(id, 'dismissed', processedBy);
+}
+//# sourceMappingURL=triage.js.map

package/dist/core/triage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"triage.js","sourceRoot":"","sources":["../../src/core/triage.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3C;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CACjC,IAAY,EACZ,MAAc,EACd,OAAe,EACf,UAAoB,EACpB,QAAiB;IAEjB,MAAM,IAAI,GAAe;QACxB,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;QACvB,IAAI;QACJ,MAAM;QACN,OAAO;QACP,UAAU,EAAE,UAAU,IAAI,IAAI;QAC9B,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,QAAQ,IAAI,SAAS;KAC/B,CAAC;IAEF,MAAM,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,IAA0C,CAAC,CAAC;IAE9E,MAAM,EAAE,IAAI,EAAE,CAAC,0BAA0B,IAAI,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC,CAAC;IAEnE,OAAO,IAAI,CAAC;AACb,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAAY,EAAE,QAAgB;IAClE,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QACvD,UAAU,EAAE;YACX,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE;YACxD,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE;SAChE;QACD,KAAK,EAAE,CAAC;KACR,CAAC,EAAE,CAAC;QACJ,OAAO,IAA6B,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAClC,EAAU,EACV,MAAoB,EACpB,WAAmB,EACnB,OAA8B;IAE9B,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACvD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,IAAI,GAAG,QAAiC,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,uBAAuB;IACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACrB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IAC/B,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC;IAEvB,+BAA+B;IAC/B,IAAI,MAAM,KAAK,UAAU,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;QACjD,oDAAoD;QACpD,MAAM,SAAS,GAAwB;YACtC,GAAG,OAAO,CAAC,SAAS;YACpB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM;YAC/C,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,OAAO,IAAI,WAAW;SACjD,CAAC;QAEF,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,EAAE,CAAC;IAC9B,CAAC;SAAM,IAAI,MAAM,KAAK,UAAU,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;QAC5D,yEAAyE;QACzE,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;IAC3C,CAAC;SAAM,IAAI,MAAM,KAAK,QAAQ,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;QAC1D,sCAAsC;QACtC,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;IAC7C,CAAC;IAED,gCAAgC;IAChC,MAAM,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,IAA0C,CAAC,CAAC;IAE9E,MAAM,EAAE,IAAI,EAAE,CAAC,eAAe,EAAE,eAAe,MAAM,OAAO,WAAW,EAAE,CAAC,CAAC;IAE3E,OAAO,IAAI,CAAC;AACb,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAAY,EAAE,KAAK,GAAG,GAAG;IAC1D,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QACvD,UAAU,EAAE;YACX,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE;YACxD,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE;SAC/D;QACD,KAAK;KACL,CAAC,EAAE,CAAC;QACJ,OAAO,CAAC,IAAI,CAAC,IAA6B,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,OAAO,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAAU,EAAE,WAAmB;IAClE,MAAM,aAAa,CAAC,EAAE,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;AACnD,CAAC"}

package/dist/core/webhook-endpoints.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Webhook Endpoint Management
+ *
+ * CRUD operations for per-KB webhook endpoints. Each endpoint has a
+ * randomly generated secret that is embedded in the webhook URL and
+ * also serves as the HMAC signing key for GitHub payload verification.
+ *
+ * The secret is never stored in plaintext — only its SHA-256 hash is
+ * persisted as the record's primary key for O(1) lookup.
+ */
+import type { WebhookEndpoint } from '../types.ts';
+/**
+ * Hash a webhook secret to produce the record ID.
+ * SHA-256 is sufficient — these are high-entropy random tokens, not passwords.
+ */
+export declare function hashSecret(secret: string): string;
+/**
+ * Create a new webhook endpoint for a KB.
+ *
+ * Generates a random secret, stores the SHA-256 hash as the record ID,
+ * and returns both the record and the plaintext secret (shown once).
+ *
+ * @throws If the KB does not exist
+ */
+export declare function createWebhookEndpoint(kbId: string, provider: string, label?: string, createdBy?: string): Promise<{
+    endpoint: WebhookEndpoint;
+    secret: string;
+}>;
+/**
+ * Validate a webhook secret against a KB and provider.
+ *
+ * Hashes the secret, looks up the record, and verifies the kbId and
+ * provider match. Returns the record if valid, null otherwise.
+ */
+export declare function validateWebhookSecret(secret: string, kbId: string, provider: string): Promise<WebhookEndpoint | null>;
+/**
+ * List all webhook endpoints for a KB.
+ */
+export declare function listWebhookEndpoints(kbId: string): Promise<WebhookEndpoint[]>;
+/**
+ * Delete a webhook endpoint.
+ *
+ * @throws If the endpoint does not exist or belongs to a different KB
+ */
+export declare function deleteWebhookEndpoint(id: string, kbId: string): Promise<void>;
+//# sourceMappingURL=webhook-endpoints.d.ts.map

package/dist/core/webhook-endpoints.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhook-endpoints.d.ts","sourceRoot":"","sources":["../../src/core/webhook-endpoints.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD;;;GAGG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CAC1C,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,KAAK,CAAC,EAAE,MAAM,EACd,SAAS,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC;IAAE,QAAQ,EAAE,eAAe,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAqBxD;AAED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CAC1C,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,GACd,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CASjC;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAQnF;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAOnF"}

package/dist/core/webhook-endpoints.js

@@ -0,0 +1,85 @@
+/**
+ * Webhook Endpoint Management
+ *
+ * CRUD operations for per-KB webhook endpoints. Each endpoint has a
+ * randomly generated secret that is embedded in the webhook URL and
+ * also serves as the HMAC signing key for GitHub payload verification.
+ *
+ * The secret is never stored in plaintext — only its SHA-256 hash is
+ * persisted as the record's primary key for O(1) lookup.
+ */
+import crypto from 'node:crypto';
+/**
+ * Hash a webhook secret to produce the record ID.
+ * SHA-256 is sufficient — these are high-entropy random tokens, not passwords.
+ */
+export function hashSecret(secret) {
+    return crypto.createHash('sha256').update(secret).digest('hex');
+}
+/**
+ * Create a new webhook endpoint for a KB.
+ *
+ * Generates a random secret, stores the SHA-256 hash as the record ID,
+ * and returns both the record and the plaintext secret (shown once).
+ *
+ * @throws If the KB does not exist
+ */
+export async function createWebhookEndpoint(kbId, provider, label, createdBy) {
+    // Verify KB exists
+    const kb = await databases.kb.KnowledgeBase.get(kbId);
+    if (!kb) {
+        throw new Error(`Knowledge base "${kbId}" not found`);
+    }
+    const secret = crypto.randomBytes(32).toString('base64url');
+    const id = hashSecret(secret);
+    const endpoint = {
+        id,
+        kbId,
+        provider,
+        label: label || undefined,
+        createdBy: createdBy || undefined,
+    };
+    await databases.kb.WebhookEndpoint.put(endpoint);
+    return { endpoint, secret };
+}
+/**
+ * Validate a webhook secret against a KB and provider.
+ *
+ * Hashes the secret, looks up the record, and verifies the kbId and
+ * provider match. Returns the record if valid, null otherwise.
+ */
+export async function validateWebhookSecret(secret, kbId, provider) {
+    const id = hashSecret(secret);
+    const record = await databases.kb.WebhookEndpoint.get(id);
+    if (!record)
+        return null;
+    const endpoint = record;
+    if (endpoint.kbId !== kbId || endpoint.provider !== provider)
+        return null;
+    return endpoint;
+}
+/**
+ * List all webhook endpoints for a KB.
+ */
+export async function listWebhookEndpoints(kbId) {
+    const results = [];
+    for await (const item of databases.kb.WebhookEndpoint.search({
+        conditions: [{ attribute: 'kbId', comparator: 'equals', value: kbId }],
+    })) {
+        results.push(item);
+    }
+    return results;
+}
+/**
+ * Delete a webhook endpoint.
+ *
+ * @throws If the endpoint does not exist or belongs to a different KB
+ */
+export async function deleteWebhookEndpoint(id, kbId) {
+    const record = await databases.kb.WebhookEndpoint.get(id);
+    if (!record || record.kbId !== kbId) {
+        throw new Error('Webhook endpoint not found');
+    }
+    await databases.kb.WebhookEndpoint.delete(id);
+}
+//# sourceMappingURL=webhook-endpoints.js.map

package/dist/core/webhook-endpoints.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhook-endpoints.js","sourceRoot":"","sources":["../../src/core/webhook-endpoints.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AAGjC;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,MAAc;IACxC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAC1C,IAAY,EACZ,QAAgB,EAChB,KAAc,EACd,SAAkB;IAElB,mBAAmB;IACnB,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACtD,IAAI,CAAC,EAAE,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,mBAAmB,IAAI,aAAa,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,EAAE,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAE9B,MAAM,QAAQ,GAAoB;QACjC,EAAE;QACF,IAAI;QACJ,QAAQ;QACR,KAAK,EAAE,KAAK,IAAI,SAAS;QACzB,SAAS,EAAE,SAAS,IAAI,SAAS;KACjC,CAAC;IAEF,MAAM,SAAS,CAAC,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,QAA8C,CAAC,CAAC;IAEvF,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AAC7B,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAC1C,MAAc,EACd,IAAY,EACZ,QAAgB;IAEhB,MAAM,EAAE,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC1D,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,MAAM,QAAQ,GAAG,MAAoC,CAAC;IACtD,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,IAAI,QAAQ,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE1E,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAY;IACtD,MAAM,OAAO,GAAsB,EAAE,CAAC;IACtC,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,SAAS,CAAC,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC;QAC5D,UAAU,EAAE,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;KACtE,CAAC,EAAE,CAAC;QACJ,OAAO,CAAC,IAAI,CAAC,IAAkC,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,OAAO,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,EAAU,EAAE,IAAY;IACnE,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC1D,IAAI,CAAC,MAAM,IAAK,MAAqC,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,SAAS,CAAC,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAC/C,CAAC"}

package/dist/hooks.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Plugin Hooks
+ *
+ * Exposes extension points that the parent application (or other plugins)
+ * can wire into. Follows the same pattern as @harperfast/oauth's registerHooks.
+ *
+ * Usage from the parent app:
+ *
+ *   import { registerHooks } from 'harper-kb';
+ *   registerHooks({
+ *     onAccessCheck: async (caller, kbId) => {
+ *       // custom authorization logic
+ *       return { allow: true };
+ *     },
+ *   });
+ */
+import type { ValidatedCaller } from './oauth/validate.ts';
+export interface AccessCheckResult {
+    /** Whether to allow access */
+    allow: boolean;
+    /** Override the caller's scopes (e.g., downgrade to read-only) */
+    scopes?: string[];
+    /** Reason for denial (logged, not exposed to client) */
+    reason?: string;
+}
+export interface KnowledgeHooks {
+    /**
+     * Called after JWT validation, before the MCP request is processed.
+     * Return { allow: false } to deny access (results in 403).
+     * Return { allow: true, scopes: [...] } to override granted scopes.
+     * If not registered, all authenticated users are allowed.
+     */
+    onAccessCheck?: (caller: ValidatedCaller, kbId: string) => Promise<AccessCheckResult>;
+    /**
+     * URL path for login redirect.
+     *
+     * Single provider:    "/oauth/github/login"  — goes straight to that provider
+     * Multiple providers: "/login"               — goes to the app's provider-selection page
+     * Not set:            credential-only login (no SSO button)
+     *
+     * The plugin appends ?redirect=... so the login page knows where to return.
+     */
+    loginPath?: string;
+}
+/**
+ * Register hook callbacks for the knowledge base plugin.
+ *
+ * Can be called multiple times — later calls merge with (and override)
+ * previously registered hooks.
+ */
+export declare function registerHooks(newHooks: KnowledgeHooks): void;
+/**
+ * Run the onAccessCheck hook if registered.
+ *
+ * Returns null if no hook is registered (caller is allowed by default).
+ * Returns the AccessCheckResult otherwise.
+ */
+export declare function checkAccess(caller: ValidatedCaller, kbId: string): Promise<AccessCheckResult | null>;
+/**
+ * Get the configured login path (if any).
+ */
+export declare function getLoginPath(): string | null;
+/**
+ * Reset all hooks (for testing).
+ */
+export declare function _resetHooks(): void;
+//# sourceMappingURL=hooks.d.ts.map

package/dist/hooks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.d.ts","sourceRoot":"","sources":["../src/hooks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAM3D,MAAM,WAAW,iBAAiB;IACjC,8BAA8B;IAC9B,KAAK,EAAE,OAAO,CAAC;IACf,kEAAkE;IAClE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,wDAAwD;IACxD,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC9B;;;;;OAKG;IACH,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAEtF;;;;;;;;OAQG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACnB;AAQD;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAE5D;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAG1G;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,MAAM,GAAG,IAAI,CAE5C;AAED;;GAEG;AACH,wBAAgB,WAAW,IAAI,IAAI,CAElC"}

package/dist/hooks.js

@@ -0,0 +1,53 @@
+/**
+ * Plugin Hooks
+ *
+ * Exposes extension points that the parent application (or other plugins)
+ * can wire into. Follows the same pattern as @harperfast/oauth's registerHooks.
+ *
+ * Usage from the parent app:
+ *
+ *   import { registerHooks } from 'harper-kb';
+ *   registerHooks({
+ *     onAccessCheck: async (caller, kbId) => {
+ *       // custom authorization logic
+ *       return { allow: true };
+ *     },
+ *   });
+ */
+// ============================================================================
+// Hook Registry (module-level singleton)
+// ============================================================================
+let hooks = {};
+/**
+ * Register hook callbacks for the knowledge base plugin.
+ *
+ * Can be called multiple times — later calls merge with (and override)
+ * previously registered hooks.
+ */
+export function registerHooks(newHooks) {
+    hooks = { ...hooks, ...newHooks };
+}
+/**
+ * Run the onAccessCheck hook if registered.
+ *
+ * Returns null if no hook is registered (caller is allowed by default).
+ * Returns the AccessCheckResult otherwise.
+ */
+export async function checkAccess(caller, kbId) {
+    if (!hooks.onAccessCheck)
+        return null;
+    return hooks.onAccessCheck(caller, kbId);
+}
+/**
+ * Get the configured login path (if any).
+ */
+export function getLoginPath() {
+    return hooks.loginPath || null;
+}
+/**
+ * Reset all hooks (for testing).
+ */
+export function _resetHooks() {
+    hooks = {};
+}
+//# sourceMappingURL=hooks.js.map

package/dist/hooks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.js","sourceRoot":"","sources":["../src/hooks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAsCH,+EAA+E;AAC/E,yCAAyC;AACzC,+EAA+E;AAE/E,IAAI,KAAK,GAAmB,EAAE,CAAC;AAE/B;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,QAAwB;IACrD,KAAK,GAAG,EAAE,GAAG,KAAK,EAAE,GAAG,QAAQ,EAAE,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAuB,EAAE,IAAY;IACtE,IAAI,CAAC,KAAK,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IACtC,OAAO,KAAK,CAAC,aAAa,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC3B,OAAO,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IAC1B,KAAK,GAAG,EAAE,CAAC;AACZ,CAAC"}

package/dist/http-utils.d.ts

@@ -0,0 +1,38 @@
+/**
+ * HTTP Utilities for Harper's stream-based request/response handling.
+ *
+ * Shared by MCP middleware, OAuth middleware, and webhook middleware.
+ */
+import type { HarperRequest } from './types.ts';
+/**
+ * Read the request body as a string from Harper's stream-based body.
+ *
+ * Harper's request.body is a RequestBody wrapper with .on()/.pipe() methods,
+ * not a parsed object. We need to consume the stream to get the raw text.
+ *
+ * Enforces a maximum body size to prevent memory exhaustion from oversized requests.
+ */
+export declare function readBody(request: HarperRequest): Promise<string>;
+/**
+ * Build Web Standard Headers from Harper's Headers object.
+ *
+ * Harper's request.headers is a custom Headers class (iterable, with .get()),
+ * not a plain Record<string, string>.
+ */
+export declare function buildHeaders(request: HarperRequest): Headers;
+/**
+ * Build the base URL (origin) from a Harper request.
+ *
+ * Uses the request's protocol and host properties. Defaults to
+ * http://localhost:9926 if not available.
+ */
+export declare function getBaseUrl(request: HarperRequest): string;
+/**
+ * Parse an application/x-www-form-urlencoded body into a key-value map.
+ */
+export declare function parseFormBody(body: string): Record<string, string>;
+/**
+ * Get a header value from Harper's request, case-insensitive.
+ */
+export declare function getHeader(request: HarperRequest, name: string): string;
+//# sourceMappingURL=http-utils.d.ts.map

package/dist/http-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-utils.d.ts","sourceRoot":"","sources":["../src/http-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAKhD;;;;;;;GAOG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAwChE;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAsB5D;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,aAAa,GAAG,MAAM,CAIzD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAOlE;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CA2BtE"}

package/dist/http-utils.js

@@ -0,0 +1,133 @@
+/**
+ * HTTP Utilities for Harper's stream-based request/response handling.
+ *
+ * Shared by MCP middleware, OAuth middleware, and webhook middleware.
+ */
+/** Maximum request body size: 1 MB */
+const MAX_BODY_SIZE = 1_048_576;
+/**
+ * Read the request body as a string from Harper's stream-based body.
+ *
+ * Harper's request.body is a RequestBody wrapper with .on()/.pipe() methods,
+ * not a parsed object. We need to consume the stream to get the raw text.
+ *
+ * Enforces a maximum body size to prevent memory exhaustion from oversized requests.
+ */
+export function readBody(request) {
+    return new Promise((resolve, reject) => {
+        const body = request.body;
+        if (!body) {
+            resolve('');
+            return;
+        }
+        // If body is already a string (unlikely but handle it)
+        if (typeof body === 'string') {
+            resolve(body);
+            return;
+        }
+        // If body is a stream with .on(), read it
+        if (typeof body.on === 'function') {
+            const chunks = [];
+            let totalSize = 0;
+            body.on('data', (chunk) => {
+                totalSize += chunk.length;
+                if (totalSize > MAX_BODY_SIZE) {
+                    body.destroy?.();
+                    reject(new Error('Request body too large'));
+                    return;
+                }
+                chunks.push(Buffer.from(chunk));
+            });
+            body.on('end', () => resolve(Buffer.concat(chunks).toString('utf-8')));
+            body.on('error', reject);
+            return;
+        }
+        // If body is already an object (parsed), stringify it
+        if (typeof body === 'object') {
+            resolve(JSON.stringify(body));
+            return;
+        }
+        resolve(String(body));
+    });
+}
+/**
+ * Build Web Standard Headers from Harper's Headers object.
+ *
+ * Harper's request.headers is a custom Headers class (iterable, with .get()),
+ * not a plain Record<string, string>.
+ */
+export function buildHeaders(request) {
+    const headers = new Headers();
+    const src = request.headers;
+    if (!src)
+        return headers;
+    // Harper's Headers class is iterable with [key, value] pairs
+    if (typeof src[Symbol.iterator] === 'function') {
+        for (const [key, value] of src) {
+            if (value !== undefined) {
+                headers.set(key, Array.isArray(value) ? value.join(', ') : String(value));
+            }
+        }
+    }
+    else if (typeof src === 'object') {
+        // Fallback: plain object
+        for (const [key, value] of Object.entries(src)) {
+            if (value !== undefined) {
+                headers.set(key, Array.isArray(value) ? value.join(', ') : String(value));
+            }
+        }
+    }
+    return headers;
+}
+/**
+ * Build the base URL (origin) from a Harper request.
+ *
+ * Uses the request's protocol and host properties. Defaults to
+ * http://localhost:9926 if not available.
+ */
+export function getBaseUrl(request) {
+    const protocol = request.protocol || 'http';
+    const host = request.host || 'localhost:9926';
+    return `${protocol}://${host}`;
+}
+/**
+ * Parse an application/x-www-form-urlencoded body into a key-value map.
+ */
+export function parseFormBody(body) {
+    const params = new URLSearchParams(body);
+    const result = {};
+    for (const [key, value] of params) {
+        result[key] = value;
+    }
+    return result;
+}
+/**
+ * Get a header value from Harper's request, case-insensitive.
+ */
+export function getHeader(request, name) {
+    const headers = request.headers;
+    if (!headers)
+        return '';
+    // Try .get() method (Harper's Headers class)
+    if (typeof headers.get === 'function') {
+        const val = headers.get(name);
+        if (val !== undefined && val !== null)
+            return String(val);
+    }
+    // Try direct access (case-sensitive)
+    const direct = headers[name] ?? headers[name.toLowerCase()];
+    if (direct !== undefined) {
+        return Array.isArray(direct) ? direct[0] : String(direct);
+    }
+    // Fallback: iterate to find case-insensitive match
+    const lowerName = name.toLowerCase();
+    if (typeof headers[Symbol.iterator] === 'function') {
+        for (const [key, value] of headers) {
+            if (key.toLowerCase() === lowerName && value !== undefined) {
+                return Array.isArray(value) ? value[0] : String(value);
+            }
+        }
+    }
+    return '';
+}
+//# sourceMappingURL=http-utils.js.map

package/dist/http-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-utils.js","sourceRoot":"","sources":["../src/http-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,sCAAsC;AACtC,MAAM,aAAa,GAAG,SAAS,CAAC;AAEhC;;;;;;;GAOG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAsB;IAC9C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACtC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAW,CAAC;QACjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,OAAO,CAAC,EAAE,CAAC,CAAC;YACZ,OAAO;QACR,CAAC;QAED,uDAAuD;QACvD,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,CAAC;YACd,OAAO;QACR,CAAC;QAED,0CAA0C;QAC1C,IAAI,OAAO,IAAI,CAAC,EAAE,KAAK,UAAU,EAAE,CAAC;YACnC,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,IAAI,SAAS,GAAG,CAAC,CAAC;YAClB,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBACjC,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC;gBAC1B,IAAI,SAAS,GAAG,aAAa,EAAE,CAAC;oBAC/B,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;oBACjB,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;oBAC5C,OAAO;gBACR,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACjC,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACzB,OAAO;QACR,CAAC;QAED,sDAAsD;QACtD,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAC9B,OAAO;QACR,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,OAAsB;IAClD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAC9B,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,OAAO,CAAC;IAEzB,6DAA6D;IAC7D,IAAI,OAAQ,GAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,UAAU,EAAE,CAAC;QACzD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,GAAU,EAAE,CAAC;YACvC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3E,CAAC;QACF,CAAC;IACF,CAAC;SAAM,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,yBAAyB;QACzB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3E,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,OAAO,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,OAAsB;IAChD,MAAM,QAAQ,GAAI,OAAe,CAAC,QAAQ,IAAI,MAAM,CAAC;IACrD,MAAM,IAAI,GAAI,OAAe,CAAC,IAAI,IAAI,gBAAgB,CAAC;IACvD,OAAO,GAAG,QAAQ,MAAM,IAAI,EAAE,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY;IACzC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACrB,CAAC;IACD,OAAO,MAAM,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,OAAsB,EAAE,IAAY;IAC7D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAChC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAExB,6CAA6C;IAC7C,IAAI,OAAQ,OAAe,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;QAChD,MAAM,GAAG,GAAI,OAAe,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI;YAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3D,CAAC;IAED,qCAAqC;IACrC,MAAM,MAAM,GAAI,OAAe,CAAC,IAAI,CAAC,IAAK,OAAe,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAC9E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3D,CAAC;IAED,mDAAmD;IACnD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,OAAQ,OAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,UAAU,EAAE,CAAC;QAC7D,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAc,EAAE,CAAC;YAC3C,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBAC5D,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACxD,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,EAAE,CAAC;AACX,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,27 @@
+/**
+ * harper-kb — Harper Knowledge Base Plugin
+ *
+ * Sub-component plugin that provides a knowledge base with vector search,
+ * triage queue, and MCP server integration. Loaded by a parent application
+ * via `package:` in the parent's config.yaml.
+ *
+ * Harper calls handleApplication(scope) on each worker thread.
+ */
+import type { Scope } from './types.ts';
+export { createKnowledgeBase, getKnowledgeBase, updateKnowledgeBase, deleteKnowledgeBase, listKnowledgeBases, } from './core/knowledge-base.ts';
+export { createEntry, getEntry, updateEntry, deprecateEntry, linkSupersedes, linkSiblings, linkRelated, } from './core/entries.ts';
+export { search, filterByApplicability } from './core/search.ts';
+export { logEdit, getHistory } from './core/history.ts';
+export { listTags, syncTags } from './core/tags.ts';
+export { submitTriage, processTriage, listPending, dismissTriage, findBySourceId } from './core/triage.ts';
+export { generateEmbedding, initEmbeddingModel, dispose as disposeEmbeddings } from './core/embeddings.ts';
+export { createWebhookEndpoint, listWebhookEndpoints, deleteWebhookEndpoint } from './core/webhook-endpoints.ts';
+export { registerHooks } from './hooks.ts';
+export type { KnowledgeBase, KnowledgeBaseInput, KnowledgeBaseUpdate, KnowledgeEntry, KnowledgeEntryInput, KnowledgeEntryUpdate, KnowledgeEntryEdit, TriageItem, KnowledgeTag, QueryLog, ServiceKey, SearchParams, SearchResult, Reference, ApplicabilityScope, ApplicabilityContext, TriageAction, TriageProcessOptions, WebhookEndpoint, KnowledgePluginConfig, } from './types.ts';
+export type { KnowledgeHooks, AccessCheckResult } from './hooks.ts';
+export type { ValidatedCaller } from './oauth/validate.ts';
+/**
+ * Plugin entry point — called by Harper on each worker thread.
+ */
+export declare function handleApplication(scope: Scope): Promise<void>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAeH,OAAO,KAAK,EAAE,KAAK,EAAyB,MAAM,YAAY,CAAC;AAG/D,OAAO,EACN,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,mBAAmB,EACnB,kBAAkB,GAClB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACN,WAAW,EACX,QAAQ,EACR,WAAW,EACX,cAAc,EACd,cAAc,EACd,YAAY,EACZ,WAAW,GACX,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,MAAM,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACjE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAC3G,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC3G,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACjH,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAG3C,YAAY,EACX,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,kBAAkB,EAClB,oBAAoB,EACpB,YAAY,EACZ,oBAAoB,EACpB,eAAe,EACf,qBAAqB,GACrB,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AACpE,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CA2DnE"}