kavachos 0.0.3 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dist/a2a/index.d.ts +2341 -0
  2. package/dist/a2a/index.js +821 -0
  3. package/dist/a2a/index.js.map +1 -0
  4. package/dist/agent/index.d.ts +3 -3
  5. package/dist/agent/index.js +3 -2
  6. package/dist/audit/index.d.ts +2 -2
  7. package/dist/audit/index.js +2 -2
  8. package/dist/auth/index.d.ts +490 -92
  9. package/dist/auth/index.js +3 -2
  10. package/dist/chunk-3AZDFCQF.js +186 -0
  11. package/dist/chunk-3AZDFCQF.js.map +1 -0
  12. package/dist/{chunk-SJGSPIAD.js → chunk-4CANWZWP.js} +3 -3
  13. package/dist/{chunk-SJGSPIAD.js.map → chunk-4CANWZWP.js.map} +1 -1
  14. package/dist/{chunk-KL6XW4S4.js → chunk-62P5FJ34.js} +2375 -633
  15. package/dist/chunk-62P5FJ34.js.map +1 -0
  16. package/dist/chunk-ELGG2VW2.js +538 -0
  17. package/dist/chunk-ELGG2VW2.js.map +1 -0
  18. package/dist/{chunk-5DT4DN4Y.js → chunk-IS5FRKIS.js} +13 -13
  19. package/dist/chunk-IS5FRKIS.js.map +1 -0
  20. package/dist/{chunk-V66UUIA7.js → chunk-KNNJ4COO.js} +92 -3
  21. package/dist/chunk-KNNJ4COO.js.map +1 -0
  22. package/dist/{chunk-OVGNZ5OX.js → chunk-O7VQ2LQE.js} +6 -6
  23. package/dist/chunk-O7VQ2LQE.js.map +1 -0
  24. package/dist/index.d.ts +138 -5
  25. package/dist/index.js +564 -29
  26. package/dist/index.js.map +1 -1
  27. package/dist/mcp/index.d.ts +2 -2
  28. package/dist/mcp/index.js +11 -15
  29. package/dist/mcp/index.js.map +1 -1
  30. package/dist/permission/index.d.ts +3 -3
  31. package/dist/permission/index.js +3 -2
  32. package/dist/{types-Xk83hv4O.d.ts → types-BTui0HQU.d.ts} +1763 -98
  33. package/dist/vc/index.d.ts +800 -0
  34. package/dist/vc/index.js +5 -0
  35. package/dist/vc/index.js.map +1 -0
  36. package/package.json +17 -1
  37. package/dist/chunk-5DT4DN4Y.js.map +0 -1
  38. package/dist/chunk-KL6XW4S4.js.map +0 -1
  39. package/dist/chunk-OVGNZ5OX.js.map +0 -1
  40. package/dist/chunk-V66UUIA7.js.map +0 -1
  41. package/dist/{types-mwupB57A.d.ts → types-BuHrZcjE.d.ts} +2 -2
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/permission/engine.ts","../src/permission/templates.ts"],"names":["result"],"mappings":";;;;AAwBA,SAAS,aAAA,CAAc,SAAiB,QAAA,EAA2B;AAClE,EAAA,IAAI,OAAA,KAAY,KAAK,OAAO,IAAA;AAE5B,EAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA;AACtC,EAAA,MAAM,aAAA,GAAgB,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA;AAExC,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,YAAA,CAAa,QAAQ,CAAA,EAAA,EAAK;AAC7C,IAAA,MAAM,IAAA,GAAO,aAAa,CAAC,CAAA;AAC3B,IAAA,IAAI,IAAA,KAAS,KAAK,OAAO,IAAA;AACzB,IAAA,IAAI,IAAA,KAAS,aAAA,CAAc,CAAC,CAAA,EAAG,OAAO,KAAA;AAAA,EACvC;AAEA,EAAA,OAAO,YAAA,CAAa,WAAW,aAAA,CAAc,MAAA;AAC9C;AAKA,SAAS,WAAA,CAAY,gBAA0B,eAAA,EAAkC;AAChF,EAAA,OAAO,eAAe,QAAA,CAAS,eAAe,CAAA,IAAK,cAAA,CAAe,SAAS,GAAG,CAAA;AAC/E;AAKA,SAAS,UAAU,EAAA,EAA2B;AAC7C,EAAA,MAAM,KAAA,GAAQ,EAAA,CAAG,KAAA,CAAM,GAAG,CAAA;AAC1B,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAO,IAAA;AAC/B,EAAA,IAAI,MAAA,GAAS,CAAA;AACb,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACzB,IAAA,MAAM,GAAA,GAAM,QAAA,CAAS,IAAA,EAAM,EAAE,CAAA;AAC7B,IAAA,IAAI,MAAA,CAAO,MAAM,GAAG,CAAA,IAAK,MAAM,CAAA,IAAK,GAAA,GAAM,KAAK,OAAO,IAAA;AACtD,IAAA,MAAA,GAAU,UAAU,CAAA,GAAK,GAAA;AAAA,EAC1B;AACA,EAAA,OAAO,MAAA,KAAW,CAAA;AACnB;AAMA,SAAS,cAAA,CAAe,OAAe,EAAA,EAAqB;AAC3D,EAAA,MAAM,UAAA,GAAa,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA;AACpC,EAAA,IAAI,eAAe,EAAA,EAAI;AACtB,IAAA,OAAO,KAAA,KAAU,EAAA;AAAA,EAClB;AAEA,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,UAAU,CAAA;AACxC,EAAA,MAAM,YAAY,QAAA,CAAS,KAAA,CAAM,MAAM,UAAA,GAAa,CAAC,GAAG,EAAE,CAAA;AAC1D,EAAA,IAAI,MAAA,CAAO,MAAM,SAAS,CAAA,IAAK,YAAY,CAAA,IAAK,SAAA,GAAY,IAAI,OAAO,KAAA;AAEvE,EAAA,MAAM,QAAA,GAAW,UAAU,MAAM,CAAA;AACjC,EAAA,MAAM,KAAA,GAAQ,UAAU,EAAE,CAAA;AAC1B,EAAA,IAAI,QAAA,KAAa,IAAA,IAAQ,KAAA,KAAU,IAAA,EAAM,OAAO,KAAA;AAEhD,EAAA,MAAM,OAAO,SAAA,KAAc,CAAA,GAAI,IAAK,EAAC,IAAM,KAAK,SAAA,KAAgB,CAAA;AAChE,EAAA,OAAA,CAAQ,QAAA,GAAW,WAAW,KAAA,GAAQ,IAAA,CAAA;AACvC;AAKA,SAAS,WAAA,CAAY,WAAqB,EAAA,EAAqB;AAC9D,EAAA,OAAO,UAAU,IAAA,CAAK,CAAC,UAAU,cAAA,CAAe,KAAA,EAAO,EAAE,CAAC,CAAA;AAC3D;AAKA,SAAS,mBAAA,CACR,UACA,IAAA,EACsC;AACtC,EAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC/B,IAAA,MAAM,KAAA,GAAQ,IAAI,MAAA,CAAO,OAAO,CAAA;AAEhC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,IAAI,CAAA,EAAG;AAChD,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,CAAC,KAAA,CAAM,IAAA,CAAK,KAAK,CAAA,EAAG;AACpD,QAAA,OAAO;AAAA,UACN,KAAA,EAAO,KAAA;AAAA,UACP,QAAQ,CAAA,UAAA,EAAa,GAAG,CAAA,SAAA,EAAY,KAAK,6BAA6B,OAAO,CAAA,CAAA;AAAA,SAC9E;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACA,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACtB;AAKA,eAAe,cAAA,CACd,EAAA,EACA,OAAA,EACA,QAAA,EACA,eAAA,EACiD;AACjD,EAAA,MAAM,UAAA,GAAa,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,EAAA,GAAK,KAAK,GAAI,CAAA;AAEvD,EAAA,MAAM,OAAO,MAAM,EAAA,CACjB,QAAO,CACP,IAAA,CAAK,UAAU,CAAA,CACf,KAAA;AAAA,IACA,GAAA;AAAA,MACC,EAAA,CAAG,UAAA,CAAW,OAAA,EAAS,OAAO,CAAA;AAAA,MAC9B,EAAA,CAAG,UAAA,CAAW,QAAA,EAAU,QAAQ,CAAA;AAAA,MAChC,GAAA,CAAI,UAAA,CAAW,WAAA,EAAa,UAAU;AAAA;AACvC,GACD;AAED,EAAA,MAAM,UAAA,GAAa,KAAK,MAAA,CAAO,CAAC,KAAK,CAAA,KAAM,GAAA,GAAM,CAAA,CAAE,KAAA,EAAO,CAAC,CAAA;AAE3D,EAAA,IAAI,cAAc,eAAA,EAAiB;AAClC,IAAA,OAAO;AAAA,MACN,OAAA,EAAS,KAAA;AAAA,MACT,QAAQ,CAAA,qBAAA,EAAwB,UAAU,CAAA,CAAA,EAAI,eAAe,iCAAiC,QAAQ,CAAA,CAAA;AAAA,KACvG;AAAA,EACD;AAGA,EAAA,MAAM,aAAA,GAAgB,IAAI,IAAA,CAAK,IAAA,CAAK,MAAM,IAAA,CAAK,GAAA,EAAI,IAAK,CAAA,GAAI,EAAA,GAAK,GAAA,CAAK,CAAA,IAAK,CAAA,GAAI,KAAK,GAAA,CAAK,CAAA;AACzF,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,CAAY,OAAA,EAAQ,KAAM,aAAA,CAAc,OAAA,EAAS,CAAA;AAErF,EAAA,IAAI,QAAA,EAAU;AACb,IAAA,MAAM,GACJ,MAAA,CAAO,UAAU,EACjB,GAAA,CAAI,EAAE,OAAO,QAAA,CAAS,KAAA,GAAQ,CAAA,EAAG,EACjC,KAAA,CAAM,EAAA,CAAG,WAAW,EAAA,EAAI,QAAA,CAAS,EAAE,CAAC,CAAA;AAAA,EACvC,CAAA,MAAO;AACN,IAAA,MAAM,EAAA,CAAG,MAAA,CAAO,UAAU,CAAA,CAAE,MAAA,CAAO;AAAA,MAClC,IAAI,UAAA,EAAW;AAAA,MACf,OAAA;AAAA,MACA,QAAA;AAAA,MACA,WAAA,EAAa,aAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACP,CAAA;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AACxB;AAKO,SAAS,uBAAuB,MAAA,EAAgC;AACtE,EAAA,MAAM,EAAE,EAAA,EAAI,QAAA,EAAS,GAAI,MAAA;AAMzB,EAAA,eAAe,SAAA,CACd,OACA,OAAA,EAC2B;AAC3B,IAAA,MAAM,SAAA,GAAY,YAAY,GAAA,EAAI;AAClC,IAAA,MAAM,UAAU,UAAA,EAAW;AAG3B,IAAA,MAAM,kBAAA,GAAqB,MAAM,WAAA,CAAY,IAAA;AAAA,MAC5C,CAAC,CAAA,KAAM,aAAA,CAAc,CAAA,CAAE,QAAA,EAAU,OAAA,CAAQ,QAAQ,CAAA,IAAK,WAAA,CAAY,CAAA,CAAE,OAAA,EAAS,OAAA,CAAQ,MAAM;AAAA,KAC5F;AAEA,IAAA,IAAI,CAAC,kBAAA,EAAoB;AACxB,MAAA,MAAMA,OAAAA,GAA0B;AAAA,QAC/B,OAAA,EAAS,KAAA;AAAA,QACT,MAAA,EAAQ,+BAA+B,KAAA,CAAM,IAAI,gBAAgB,OAAA,CAAQ,MAAM,CAAA,MAAA,EAAS,OAAA,CAAQ,QAAQ,CAAA,CAAA,CAAA;AAAA,QACxG;AAAA,OACD;AACA,MAAA,IAAI,QAAA,EAAU;AACb,QAAA,MAAM,cAAc,EAAA,EAAI,KAAA,EAAO,OAAA,EAASA,OAAAA,EAAQ,WAAW,OAAO,CAAA;AAAA,MACnE;AACA,MAAA,OAAOA,OAAAA;AAAA,IACR;AAGA,IAAA,IAAI,mBAAmB,WAAA,EAAa;AACnC,MAAA,MAAM,mBAAmB,MAAM,mBAAA;AAAA,QAC9B,EAAA;AAAA,QACA,KAAA;AAAA,QACA,OAAA;AAAA,QACA,kBAAA,CAAmB;AAAA,OACpB;AACA,MAAA,IAAI,CAAC,iBAAiB,OAAA,EAAS;AAC9B,QAAA,MAAMA,OAAAA,GAA0B;AAAA,UAC/B,OAAA,EAAS,KAAA;AAAA,UACT,QAAQ,gBAAA,CAAiB,MAAA;AAAA,UACzB;AAAA,SACD;AACA,QAAA,IAAI,QAAA,EAAU;AACb,UAAA,MAAM,cAAc,EAAA,EAAI,KAAA,EAAO,OAAA,EAASA,OAAAA,EAAQ,WAAW,OAAO,CAAA;AAAA,QACnE;AACA,QAAA,OAAOA,OAAAA;AAAA,MACR;AAAA,IACD;AAEA,IAAA,MAAM,MAAA,GAA0B,EAAE,OAAA,EAAS,IAAA,EAAM,OAAA,EAAQ;AACzD,IAAA,IAAI,QAAA,EAAU;AACb,MAAA,MAAM,cAAc,EAAA,EAAI,KAAA,EAAO,OAAA,EAAS,MAAA,EAAQ,WAAW,OAAO,CAAA;AAAA,IACnE;AACA,IAAA,OAAO,MAAA;AAAA,EACR;AAEA,EAAA,OAAO,EAAE,SAAA,EAAU;AACpB;AAEA,eAAe,mBAAA,CACd,EAAA,EACA,KAAA,EACA,OAAA,EACA,WAAA,EACiD;AAEjD,EAAA,IAAI,YAAY,eAAA,EAAiB;AAChC,IAAA,MAAM,aAAa,MAAM,cAAA;AAAA,MACxB,EAAA;AAAA,MACA,KAAA,CAAM,EAAA;AAAA,MACN,OAAA,CAAQ,QAAA;AAAA,MACR,WAAA,CAAY;AAAA,KACb;AACA,IAAA,IAAI,CAAC,WAAW,OAAA,EAAS;AACxB,MAAA,OAAO,UAAA;AAAA,IACR;AAAA,EACD;AAGA,EAAA,IAAI,WAAA,CAAY,kBAAA,IAAsB,OAAA,CAAQ,SAAA,EAAW;AACxD,IAAA,MAAM,aAAA,GAAgB,mBAAA,CAAoB,WAAA,CAAY,kBAAA,EAAoB,QAAQ,SAAS,CAAA;AAC3F,IAAA,IAAI,CAAC,cAAc,KAAA,EAAO;AACzB,MAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,cAAc,MAAA,EAAO;AAAA,IACvD;AAAA,EACD;AAGA,EAAA,IAAI,YAAY,eAAA,EAAiB;AAChC,IAAA,OAAO;AAAA,MACN,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACT;AAAA,EACD;AAGA,EAAA,IAAI,YAAY,UAAA,EAAY;AAC3B,IAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,IAAA,MAAM,KAAA,GAAQ,IAAI,QAAA,EAAS;AAC3B,IAAA,MAAM,OAAA,GAAU,IAAI,UAAA,EAAW;AAC/B,IAAA,MAAM,cAAc,CAAA,EAAG,MAAA,CAAO,KAAK,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAA,EAAI,OAAO,OAAO,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAA;AAEzF,IAAA,IAAI,cAAc,WAAA,CAAY,UAAA,CAAW,SAAS,WAAA,GAAc,WAAA,CAAY,WAAW,GAAA,EAAK;AAC3F,MAAA,OAAO;AAAA,QACN,OAAA,EAAS,KAAA;AAAA,QACT,MAAA,EAAQ,kCAAkC,WAAA,CAAY,UAAA,CAAW,KAAK,CAAA,KAAA,EAAQ,WAAA,CAAY,WAAW,GAAG,CAAA;AAAA,OACzG;AAAA,IACD;AAAA,EACD;AAGA,EAAA,IAAI,WAAA,CAAY,WAAA,IAAe,WAAA,CAAY,WAAA,CAAY,SAAS,CAAA,EAAG;AAClE,IAAA,IAAI,CAAC,QAAQ,EAAA,EAAI;AAChB,MAAA,OAAO;AAAA,QACN,OAAA,EAAS,KAAA;AAAA,QACT,MAAA,EAAQ;AAAA,OACT;AAAA,IACD;AACA,IAAA,IAAI,CAAC,WAAA,CAAY,WAAA,CAAY,WAAA,EAAa,OAAA,CAAQ,EAAE,CAAA,EAAG;AACtD,MAAA,OAAO;AAAA,QACN,OAAA,EAAS,KAAA;AAAA,QACT,MAAA,EAAQ,CAAA,oBAAA,EAAuB,OAAA,CAAQ,EAAE,CAAA,2CAAA;AAAA,OAC1C;AAAA,IACD;AAAA,EACD;AAEA,EAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AACxB;AAEA,eAAe,cACd,EAAA,EACA,KAAA,EACA,OAAA,EACA,MAAA,EACA,WACA,OAAA,EACgB;AAChB,EAAA,MAAM,aAAa,IAAA,CAAK,KAAA,CAAM,WAAA,CAAY,GAAA,KAAQ,SAAS,CAAA;AAE3D,EAAA,MAAM,EAAA,CAAG,MAAA,CAAO,SAAS,CAAA,CAAE,MAAA,CAAO;AAAA,IACjC,EAAA,EAAI,OAAA;AAAA,IACJ,SAAS,KAAA,CAAM,EAAA;AAAA,IACf,QAAQ,KAAA,CAAM,OAAA;AAAA,IACd,QAAQ,OAAA,CAAQ,MAAA;AAAA,IAChB,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,UAAA,EAAY,OAAA,CAAQ,SAAA,IAAa,EAAC;AAAA,IAClC,MAAA,EAAQ,MAAA,CAAO,OAAA,GAAU,SAAA,GAAY,QAAA;AAAA,IACrC,MAAA,EAAQ,OAAO,MAAA,IAAU,IAAA;AAAA,IACzB,UAAA;AAAA,IACA,SAAA,sBAAe,IAAA,EAAK;AAAA,IACpB,EAAA,EAAI,OAAA,CAAQ,OAAA,EAAS,EAAA,IAAM,IAAA;AAAA,IAC3B,SAAA,EAAW,OAAA,CAAQ,OAAA,EAAS,SAAA,IAAa;AAAA,GACzC,CAAA;AACF;;;AC7TO,IAAM,mBAAA,GAAsB;AAAA;AAAA,EAElC,QAAA,EAAU,CAAC,EAAE,QAAA,EAAU,KAAK,OAAA,EAAS,CAAC,MAAM,CAAA,EAAG,CAAA;AAAA;AAAA,EAG/C,SAAA,EAAW,CAAC,EAAE,QAAA,EAAU,GAAA,EAAK,SAAS,CAAC,MAAA,EAAQ,OAAO,CAAA,EAAG,CAAA;AAAA;AAAA,EAGzD,KAAA,EAAO,CAAC,EAAE,QAAA,EAAU,KAAK,OAAA,EAAS,CAAC,GAAG,CAAA,EAAG,CAAA;AAAA;AAAA,EAGzC,QAAA,EAAU,CAAC,EAAE,QAAA,EAAU,OAAA,EAAS,SAAS,CAAC,MAAA,EAAQ,SAAS,CAAA,EAAG,CAAA;AAAA;AAAA,EAG9D,OAAA,EAAS,CAAC,EAAE,QAAA,EAAU,OAAA,EAAS,OAAA,EAAS,CAAC,MAAA,EAAQ,OAAA,EAAS,SAAS,CAAA,EAAG,CAAA;AAAA;AAAA,EAGtE,eAAA,EAAiB;AAAA,IAChB;AAAA,MACC,QAAA,EAAU,GAAA;AAAA,MACV,OAAA,EAAS,CAAC,MAAM,CAAA;AAAA,MAChB,WAAA,EAAa,EAAE,eAAA,EAAiB,GAAA;AAAI;AACrC,GACD;AAAA;AAAA,EAGA,gBAAA,EAAkB;AAAA,IACjB;AAAA,MACC,QAAA,EAAU,GAAA;AAAA,MACV,OAAA,EAAS,CAAC,GAAG,CAAA;AAAA,MACb,WAAA,EAAa,EAAE,eAAA,EAAiB,IAAA;AAAK;AACtC,GACD;AAAA;AAAA,EAGA,aAAA,EAAe;AAAA,IACd;AAAA,MACC,QAAA,EAAU,GAAA;AAAA,MACV,OAAA,EAAS,CAAC,MAAA,EAAQ,OAAA,EAAS,SAAS,CAAA;AAAA,MACpC,WAAA,EAAa,EAAE,UAAA,EAAY,EAAE,OAAO,OAAA,EAAS,GAAA,EAAK,SAAQ;AAAE;AAC7D;AAEF;AAQO,SAAS,sBAAsB,IAAA,EAA4C;AACjF,EAAA,OAAO,KAAK,KAAA,CAAM,IAAA,CAAK,UAAU,mBAAA,CAAoB,IAAI,CAAC,CAAC,CAAA;AAC5D","file":"chunk-OVGNZ5OX.js","sourcesContent":["import { randomUUID } from \"node:crypto\";\nimport { and, eq, gte } from \"drizzle-orm\";\nimport type { Database } from \"../db/database.js\";\nimport { auditLogs, rateLimits } from \"../db/schema.js\";\nimport type {\n\tAgentIdentity,\n\tAuthorizeRequest,\n\tAuthorizeResult,\n\tPermissionConstraints,\n} from \"../types.js\";\n\ninterface PermissionEngineConfig {\n\tdb: Database;\n\tauditAll: boolean;\n}\n\n/**\n * Match a resource pattern against a requested resource.\n *\n * Supports wildcards:\n * - \"mcp:github:*\" matches \"mcp:github:create_issue\"\n * - \"tool:*\" matches \"tool:file_read\"\n * - \"*\" matches everything\n */\nfunction matchResource(pattern: string, resource: string): boolean {\n\tif (pattern === \"*\") return true;\n\n\tconst patternParts = pattern.split(\":\");\n\tconst resourceParts = resource.split(\":\");\n\n\tfor (let i = 0; i < patternParts.length; i++) {\n\t\tconst part = patternParts[i];\n\t\tif (part === \"*\") return true;\n\t\tif (part !== resourceParts[i]) return false;\n\t}\n\n\treturn patternParts.length === resourceParts.length;\n}\n\n/**\n * Check if an action is allowed by a permission's actions list.\n */\nfunction matchAction(allowedActions: string[], requestedAction: string): boolean {\n\treturn allowedActions.includes(requestedAction) || allowedActions.includes(\"*\");\n}\n\n/**\n * Parse an IPv4 address into a 32-bit integer.\n */\nfunction parseIPv4(ip: string): number | null {\n\tconst parts = ip.split(\".\");\n\tif (parts.length !== 4) return null;\n\tlet result = 0;\n\tfor (const part of parts) {\n\t\tconst num = parseInt(part, 10);\n\t\tif (Number.isNaN(num) || num < 0 || num > 255) return null;\n\t\tresult = (result << 8) | num;\n\t}\n\treturn result >>> 0;\n}\n\n/**\n * Check whether an IP matches a CIDR range or exact IP entry.\n * Supports both \"10.0.0.1\" and \"10.0.0.0/8\" notation (IPv4 only).\n */\nfunction matchesIPEntry(entry: string, ip: string): boolean {\n\tconst slashIndex = entry.indexOf(\"/\");\n\tif (slashIndex === -1) {\n\t\treturn entry === ip;\n\t}\n\n\tconst cidrIp = entry.slice(0, slashIndex);\n\tconst prefixLen = parseInt(entry.slice(slashIndex + 1), 10);\n\tif (Number.isNaN(prefixLen) || prefixLen < 0 || prefixLen > 32) return false;\n\n\tconst entryNum = parseIPv4(cidrIp);\n\tconst ipNum = parseIPv4(ip);\n\tif (entryNum === null || ipNum === null) return false;\n\n\tconst mask = prefixLen === 0 ? 0 : (~0 << (32 - prefixLen)) >>> 0;\n\treturn (entryNum & mask) === (ipNum & mask);\n}\n\n/**\n * Check whether an IP is in the allowlist (exact IPs or CIDR ranges).\n */\nfunction isIPAllowed(allowlist: string[], ip: string): boolean {\n\treturn allowlist.some((entry) => matchesIPEntry(entry, ip));\n}\n\n/**\n * Validate argument patterns against the request arguments.\n */\nfunction validateArgPatterns(\n\tpatterns: string[],\n\targs: Record<string, unknown>,\n): { valid: boolean; reason?: string } {\n\tfor (const pattern of patterns) {\n\t\tconst regex = new RegExp(pattern);\n\t\t// Check all string arguments against the pattern\n\t\tfor (const [key, value] of Object.entries(args)) {\n\t\t\tif (typeof value === \"string\" && !regex.test(value)) {\n\t\t\t\treturn {\n\t\t\t\t\tvalid: false,\n\t\t\t\t\treason: `Argument \"${key}\" value \"${value}\" does not match pattern \"${pattern}\"`,\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\t}\n\treturn { valid: true };\n}\n\n/**\n * Check rate limits for an agent on a specific resource.\n */\nasync function checkRateLimit(\n\tdb: Database,\n\tagentId: string,\n\tresource: string,\n\tmaxCallsPerHour: number,\n): Promise<{ allowed: boolean; reason?: string }> {\n\tconst oneHourAgo = new Date(Date.now() - 60 * 60 * 1000);\n\n\tconst rows = await db\n\t\t.select()\n\t\t.from(rateLimits)\n\t\t.where(\n\t\t\tand(\n\t\t\t\teq(rateLimits.agentId, agentId),\n\t\t\t\teq(rateLimits.resource, resource),\n\t\t\t\tgte(rateLimits.windowStart, oneHourAgo),\n\t\t\t),\n\t\t);\n\n\tconst totalCalls = rows.reduce((sum, r) => sum + r.count, 0);\n\n\tif (totalCalls >= maxCallsPerHour) {\n\t\treturn {\n\t\t\tallowed: false,\n\t\t\treason: `Rate limit exceeded: ${totalCalls}/${maxCallsPerHour} calls per hour for resource \"${resource}\"`,\n\t\t};\n\t}\n\n\t// Increment counter\n\tconst currentWindow = new Date(Math.floor(Date.now() / (5 * 60 * 1000)) * (5 * 60 * 1000)); // 5-min windows\n\tconst existing = rows.find((r) => r.windowStart.getTime() === currentWindow.getTime());\n\n\tif (existing) {\n\t\tawait db\n\t\t\t.update(rateLimits)\n\t\t\t.set({ count: existing.count + 1 })\n\t\t\t.where(eq(rateLimits.id, existing.id));\n\t} else {\n\t\tawait db.insert(rateLimits).values({\n\t\t\tid: randomUUID(),\n\t\t\tagentId,\n\t\t\tresource,\n\t\t\twindowStart: currentWindow,\n\t\t\tcount: 1,\n\t\t});\n\t}\n\n\treturn { allowed: true };\n}\n\n/**\n * Create the permission/authorization engine.\n */\nexport function createPermissionEngine(config: PermissionEngineConfig) {\n\tconst { db, auditAll } = config;\n\n\t/**\n\t * Check if an agent is authorized to perform an action.\n\t * This is the core authorization function.\n\t */\n\tasync function authorize(\n\t\tagent: AgentIdentity,\n\t\trequest: AuthorizeRequest,\n\t): Promise<AuthorizeResult> {\n\t\tconst startTime = performance.now();\n\t\tconst auditId = randomUUID();\n\n\t\t// Find matching permission\n\t\tconst matchingPermission = agent.permissions.find(\n\t\t\t(p) => matchResource(p.resource, request.resource) && matchAction(p.actions, request.action),\n\t\t);\n\n\t\tif (!matchingPermission) {\n\t\t\tconst result: AuthorizeResult = {\n\t\t\t\tallowed: false,\n\t\t\t\treason: `No permission grants agent \"${agent.name}\" access to \"${request.action}\" on \"${request.resource}\"`,\n\t\t\t\tauditId,\n\t\t\t};\n\t\t\tif (auditAll) {\n\t\t\t\tawait writeAuditLog(db, agent, request, result, startTime, auditId);\n\t\t\t}\n\t\t\treturn result;\n\t\t}\n\n\t\t// Check constraints\n\t\tif (matchingPermission.constraints) {\n\t\t\tconst constraintResult = await evaluateConstraints(\n\t\t\t\tdb,\n\t\t\t\tagent,\n\t\t\t\trequest,\n\t\t\t\tmatchingPermission.constraints,\n\t\t\t);\n\t\t\tif (!constraintResult.allowed) {\n\t\t\t\tconst result: AuthorizeResult = {\n\t\t\t\t\tallowed: false,\n\t\t\t\t\treason: constraintResult.reason,\n\t\t\t\t\tauditId,\n\t\t\t\t};\n\t\t\t\tif (auditAll) {\n\t\t\t\t\tawait writeAuditLog(db, agent, request, result, startTime, auditId);\n\t\t\t\t}\n\t\t\t\treturn result;\n\t\t\t}\n\t\t}\n\n\t\tconst result: AuthorizeResult = { allowed: true, auditId };\n\t\tif (auditAll) {\n\t\t\tawait writeAuditLog(db, agent, request, result, startTime, auditId);\n\t\t}\n\t\treturn result;\n\t}\n\n\treturn { authorize };\n}\n\nasync function evaluateConstraints(\n\tdb: Database,\n\tagent: AgentIdentity,\n\trequest: AuthorizeRequest,\n\tconstraints: PermissionConstraints,\n): Promise<{ allowed: boolean; reason?: string }> {\n\t// Rate limit check\n\tif (constraints.maxCallsPerHour) {\n\t\tconst rateResult = await checkRateLimit(\n\t\t\tdb,\n\t\t\tagent.id,\n\t\t\trequest.resource,\n\t\t\tconstraints.maxCallsPerHour,\n\t\t);\n\t\tif (!rateResult.allowed) {\n\t\t\treturn rateResult;\n\t\t}\n\t}\n\n\t// Argument pattern check\n\tif (constraints.allowedArgPatterns && request.arguments) {\n\t\tconst patternResult = validateArgPatterns(constraints.allowedArgPatterns, request.arguments);\n\t\tif (!patternResult.valid) {\n\t\t\treturn { allowed: false, reason: patternResult.reason };\n\t\t}\n\t}\n\n\t// Human-in-the-loop check\n\tif (constraints.requireApproval) {\n\t\treturn {\n\t\t\tallowed: false,\n\t\t\treason: \"This action requires human approval before execution\",\n\t\t};\n\t}\n\n\t// Time window check\n\tif (constraints.timeWindow) {\n\t\tconst now = new Date();\n\t\tconst hours = now.getHours();\n\t\tconst minutes = now.getMinutes();\n\t\tconst currentTime = `${String(hours).padStart(2, \"0\")}:${String(minutes).padStart(2, \"0\")}`;\n\n\t\tif (currentTime < constraints.timeWindow.start || currentTime > constraints.timeWindow.end) {\n\t\t\treturn {\n\t\t\t\tallowed: false,\n\t\t\t\treason: `Action is only allowed between ${constraints.timeWindow.start} and ${constraints.timeWindow.end}`,\n\t\t\t};\n\t\t}\n\t}\n\n\t// IP allowlist check\n\tif (constraints.ipAllowlist && constraints.ipAllowlist.length > 0) {\n\t\tif (!request.ip) {\n\t\t\treturn {\n\t\t\t\tallowed: false,\n\t\t\t\treason: \"IP_NOT_ALLOWED: No IP address provided; resource requires an IP allowlist match\",\n\t\t\t};\n\t\t}\n\t\tif (!isIPAllowed(constraints.ipAllowlist, request.ip)) {\n\t\t\treturn {\n\t\t\t\tallowed: false,\n\t\t\t\treason: `IP_NOT_ALLOWED: IP \"${request.ip}\" is not in the allowlist for this resource`,\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { allowed: true };\n}\n\nasync function writeAuditLog(\n\tdb: Database,\n\tagent: AgentIdentity,\n\trequest: AuthorizeRequest,\n\tresult: AuthorizeResult,\n\tstartTime: number,\n\tauditId: string,\n): Promise<void> {\n\tconst durationMs = Math.round(performance.now() - startTime);\n\n\tawait db.insert(auditLogs).values({\n\t\tid: auditId,\n\t\tagentId: agent.id,\n\t\tuserId: agent.ownerId,\n\t\taction: request.action,\n\t\tresource: request.resource,\n\t\tparameters: request.arguments ?? {},\n\t\tresult: result.allowed ? \"allowed\" : \"denied\",\n\t\treason: result.reason ?? null,\n\t\tdurationMs,\n\t\ttimestamp: new Date(),\n\t\tip: request.context?.ip ?? null,\n\t\tuserAgent: request.context?.userAgent ?? null,\n\t});\n}\n","import type { Permission } from \"../types.js\";\n\n/**\n * Pre-built permission templates for common access patterns.\n * Use these as starting points when creating agents.\n */\nexport const permissionTemplates = {\n\t/** Read-only access to all resources */\n\treadonly: [{ resource: \"*\", actions: [\"read\"] }] satisfies Permission[],\n\n\t/** Read and write access to all resources */\n\treadwrite: [{ resource: \"*\", actions: [\"read\", \"write\"] }] satisfies Permission[],\n\n\t/** Full access to all resources and actions */\n\tadmin: [{ resource: \"*\", actions: [\"*\"] }] satisfies Permission[],\n\n\t/** Standard MCP tool access - read + execute */\n\tmcpBasic: [{ resource: \"mcp:*\", actions: [\"read\", \"execute\"] }] satisfies Permission[],\n\n\t/** MCP tool access with write - read + write + execute */\n\tmcpFull: [{ resource: \"mcp:*\", actions: [\"read\", \"write\", \"execute\"] }] satisfies Permission[],\n\n\t/** Rate-limited read access (100 calls/hour) */\n\trateLimitedRead: [\n\t\t{\n\t\t\tresource: \"*\",\n\t\t\tactions: [\"read\"],\n\t\t\tconstraints: { maxCallsPerHour: 100 },\n\t\t},\n\t] satisfies Permission[],\n\n\t/** Approval-required access (human-in-the-loop for everything) */\n\tapprovalRequired: [\n\t\t{\n\t\t\tresource: \"*\",\n\t\t\tactions: [\"*\"],\n\t\t\tconstraints: { requireApproval: true },\n\t\t},\n\t] satisfies Permission[],\n\n\t/** Business hours only access (9am-5pm) */\n\tbusinessHours: [\n\t\t{\n\t\t\tresource: \"*\",\n\t\t\tactions: [\"read\", \"write\", \"execute\"],\n\t\t\tconstraints: { timeWindow: { start: \"09:00\", end: \"17:00\" } },\n\t\t},\n\t] satisfies Permission[],\n} as const;\n\nexport type PermissionTemplateName = keyof typeof permissionTemplates;\n\n/**\n * Get a permission template by name.\n * Returns a fresh copy of the permissions array.\n */\nexport function getPermissionTemplate(name: PermissionTemplateName): Permission[] {\n\treturn JSON.parse(JSON.stringify(permissionTemplates[name])) as Permission[];\n}\n"]}
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/db/schema.ts"],"names":[],"mappings":";;;;AAAA,IAAA,cAAA,GAAA;AAAA,QAAA,CAAA,cAAA,EAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,SAAA,EAAA,MAAA,SAAA;AAAA,EAAA,MAAA,EAAA,MAAA,MAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,SAAA,EAAA,MAAA,SAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,SAAA,EAAA,MAAA,SAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,uBAAA,EAAA,MAAA,uBAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,QAAA,EAAA,MAAA,QAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,QAAA,EAAA,MAAA,QAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,KAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAKO,IAAM,KAAA,GAAQ,YAAY,cAAA,EAAgB;AAAA,EAChD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACtC,IAAA,EAAM,KAAK,MAAM,CAAA;AAAA,EACjB,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,MAAA,EAAO;AAAA,EAClC,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA;AAAA,EAC9B,gBAAA,EAAkB,KAAK,mBAAmB,CAAA;AAAA;AAAA,EAC1C,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA;AAAA,EAE5E,QAAQ,OAAA,CAAQ,QAAQ,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC7C,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,cAAc,OAAA,CAAQ,gBAAA,EAAkB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC7D,oBAAoB,OAAA,CAAQ,sBAAsB,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA;AAAA,EAEvE,gBAAA,EAAkB,IAAA,CAAK,oBAAoB,CAAA,CAAE,MAAA,EAAO;AAAA,EACpD,oBAAA,EAAsB,KAAK,wBAAwB,CAAA;AAAA,EACnD,wBAAA,EAA0B,KAAK,4BAA4B,CAAA;AAAA,EAC3D,aAAA,EAAe,KAAK,iBAAiB,CAAA;AAAA,EACrC,wBAAwB,OAAA,CAAQ,2BAAA,EAA6B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAClF,uBAAA,EAAyB,OAAA,CAAQ,6BAAA,EAA+B,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CACjF,OAAA,EAAQ,CACR,OAAA,CAAQ,KAAK,CAAA;AAAA;AAAA,EAEf,eAAA,EAAiB,IAAA,CAAK,mBAAmB,CAAA,CAAE,MAAA,EAAO;AAAA,EAClD,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA,EACjD,uBAAA,EAAyB,KAAK,2BAA2B,CAAA;AAAA,EACzD,cAAA,EAAgB,KAAK,kBAAkB,CAAA;AAAA,EACvC,uBAAuB,OAAA,CAAQ,0BAAA,EAA4B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAChF,sBAAA,EAAwB,OAAA,CAAQ,4BAAA,EAA8B,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAC/E,OAAA,EAAQ,CACR,OAAA,CAAQ,KAAK,CAAA;AAAA,EACf,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,OAAA,GAAU,YAAY,gBAAA,EAAkB;AAAA,EACpD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAAyB;AAAA,EACtE,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,WAAW,CAAA,EAAG,CAAA,CACtD,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAYM,IAAM,MAAA,GAAS,YAAY,eAAA,EAAiB;AAAA,EAClD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,UAAU,IAAA,CAAK,WAAW,EAAE,UAAA,CAAW,MAAM,QAAQ,EAAE,CAAA;AAAA;AAAA,EACvD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,YAAA,EAAc,WAAA,EAAa,SAAS,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7E,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,GAAG,CAAA,CAC/D,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACtC,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC1C,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACtD,cAAc,OAAA,CAAQ,gBAAA,EAAkB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC7D,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,WAAA,GAAc,YAAY,oBAAA,EAAsB;AAAA,EAC5D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACnC,OAAA,EAAS,IAAA,CAAK,SAAA,EAAW,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA;AAAA,EACrE,WAAA,EAAa,KAAK,aAAA,EAAe,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAAgC;AAAA,EACnF,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAaM,IAAM,gBAAA,GAAmB,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAA,EAAa,KAAK,eAAe,CAAA,CAC/B,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,SAAA,EAAW,KAAK,aAAa,CAAA,CAC3B,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAiC;AAAA,EAC9F,OAAO,OAAA,CAAQ,OAAO,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC3C,UAAU,OAAA,CAAQ,WAAW,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAClD,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,GAAG,CAAA,CAC/D,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAUM,IAAM,SAAA,GAAY,YAAY,mBAAA,EAAqB;AAAA,EACzD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACnC,UAAA,EAAY,KAAK,YAAA,EAAc,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAChF,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,SAAA,EAAW,QAAA,EAAU,cAAc,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChF,MAAA,EAAQ,KAAK,QAAQ,CAAA;AAAA;AAAA,EACrB,UAAA,EAAY,OAAA,CAAQ,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3C,UAAA,EAAY,QAAQ,aAAa,CAAA;AAAA,EACjC,EAAA,EAAI,KAAK,IAAI,CAAA;AAAA,EACb,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,SAAA,EAAW,QAAQ,WAAA,EAAa,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACxD,CAAC;AAKM,IAAM,UAAA,GAAa,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EACnC,WAAA,EAAa,QAAQ,cAAA,EAAgB,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EACpE,OAAO,OAAA,CAAQ,OAAO,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC;AAC5C,CAAC;AAKM,IAAM,UAAA,GAAa,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,UAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC5C,KAAA,EAAO,IAAA,CAAK,OAAA,EAAS,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACjE,YAAA,EAAc,OAAA,CAAQ,eAAA,EAAiB,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,IAAI,CAAA;AAAA,EAClF,YAAA,EAAc,QAAQ,gBAAgB,CAAA;AAAA,EACtC,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,UAAU,CAAA,EAAG,CAAA,CACrD,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,QAAA,GAAW,YAAY,iBAAA,EAAmB;AAAA,EACtD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,YAAA,GAAe,YAAY,sBAAA,EAAwB;AAAA,EAC/D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC7C,YAAA,EAAc,KAAK,eAAe,CAAA;AAAA;AAAA,EAClC,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,EAC9B,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAChF,UAAA,EAAY,IAAA,CAAK,aAAA,EAAe,EAAE,MAAM,MAAA,EAAQ,CAAA,CAC9C,OAAA,GACA,KAAA,EAAgB,CAChB,OAAA,CAAQ,CAAC,oBAAoB,CAAC,CAAA;AAAA,EAChC,aAAA,EAAe,IAAA,CAAK,gBAAA,EAAkB,EAAE,MAAM,MAAA,EAAQ,CAAA,CACpD,OAAA,GACA,KAAA,EAAgB,CAChB,OAAA,CAAQ,CAAC,MAAM,CAAC,CAAA;AAAA,EAClB,yBAAyB,IAAA,CAAK,4BAA4B,EACxD,OAAA,EAAQ,CACR,QAAQ,qBAAqB,CAAA;AAAA,EAC/B,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,MAAM,CAAC,QAAA,EAAU,cAAc,CAAA,EAAG,CAAA,CACrD,OAAA,EAAQ,CACR,QAAQ,cAAc,CAAA;AAAA,EACxB,QAAA,EAAU,OAAA,CAAQ,UAAA,EAAY,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAC1E,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,iBAAA,GAAoB,YAAY,4BAAA,EAA8B;AAAA,EAC1E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,aAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACnD,YAAA,EAAc,IAAA,CAAK,eAAe,CAAA,CAAE,MAAA,EAAO;AAAA,EAC3C,QAAA,EAAU,KAAK,WAAW,CAAA,CACxB,SAAQ,CACR,UAAA,CAAW,MAAM,YAAA,CAAa,QAAQ,CAAA;AAAA,EACxC,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA;AAAA,EACzB,oBAAA,EAAsB,QAAQ,yBAAA,EAA2B,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EACxF,uBAAuB,OAAA,CAAQ,0BAAA,EAA4B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAChF,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,uBAAA,GAA0B,YAAY,kCAAA,EAAoC;AAAA,EACtF,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,QAAA,EAAU,KAAK,WAAW,CAAA,CACxB,SAAQ,CACR,UAAA,CAAW,MAAM,YAAA,CAAa,QAAQ,CAAA;AAAA,EACxC,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC/B,aAAA,EAAe,KAAK,gBAAgB,CAAA;AAAA;AAAA,EACpC,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA;AAAA,EACjD,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA;AAAA,EACzB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,cAAA,GAAiB,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CAAE,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,SAAA,EAAW,CAAA;AAAA;AAAA,EAC7E,QAAQ,IAAA,CAAK,SAAS,EAAE,UAAA,CAAW,MAAM,MAAM,EAAE,CAAA;AAAA;AAAA,EACjD,UAAU,IAAA,CAAK,WAAW,EAAE,UAAA,CAAW,MAAM,QAAQ,EAAE,CAAA;AAAA;AAAA,EACvD,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAuB;AAAA,EAC1E,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAsB;AAAA,EACtF,QAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,MAAA,EAAQ,UAAA,EAAY,OAAA,EAAS,QAAQ,GAAG,CAAA,CACtE,OAAA,EAAQ,CACR,QAAQ,MAAM,CAAA;AAAA,EAChB,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,WAAA,EAAa,UAAU,GAAG,CAAA,CAClE,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAoBM,IAAM,UAAA,GAAa,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,WAAA,EAAa,KAAK,aAAa,CAAA;AAAA,EAC/B,OAAA,EAAS,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EACjC,SAAA,EAAW,IAAA,CAAK,WAAA,EAAa,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACzE,YAAA,EAAc,IAAA,CAAK,cAAA,EAAgB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAiB;AAAA,EAChF,gBAAA,EAAkB,IAAA,CAAK,mBAAA,EAAqB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAC1D,OAAA,EAAQ,CACR,KAAA,EAA+B;AAAA,EACjC,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA,EACzB,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,gBAAA,GAAmB,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC/B,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EACnC,SAAA,EAAW,KAAK,WAAA,EAAa,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC9E,QAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,SAAA,EAAW,UAAA,EAAY,QAAA,EAAU,SAAS,GAAG,CAAA,CAC3E,OAAA,EAAQ,CACR,QAAQ,SAAS,CAAA;AAAA,EACnB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,aAAa,OAAA,CAAQ,cAAA,EAAgB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC1D,WAAA,EAAa,KAAK,cAAc,CAAA;AAAA,EAChC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,WAAA,GAAc,YAAY,qBAAA,EAAuB;AAAA,EAC7D,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,UAAA,EAAW,CACX,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,KAAA,EAAO,OAAA,CAAQ,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,KAAA,EAAO,KAAK,OAAA,EAAS;AAAA,IACpB,MAAM,CAAC,WAAA,EAAa,SAAA,EAAW,UAAA,EAAY,WAAW,UAAU;AAAA,GAChE,EAAE,OAAA,EAAQ;AAAA,EACX,OAAA,EAAS,IAAA,CAAK,SAAA,EAAW,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAA+B;AAAA,EACpF,UAAA,EAAY,QAAQ,aAAA,EAAe,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AAC3D,CAAC;AAKM,IAAM,UAAA,GAAa,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACtC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,SAAA,GAAY,YAAY,mBAAA,EAAqB;AAAA,EACzD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,UAAU,OAAA,CAAQ,UAAU,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACjD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,WAAA,GAAc,YAAY,aAAA,EAAe;AAAA,EACrD,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,YAAW,CACX,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,OAAA,EAAS,OAAA,CAAQ,SAAA,EAAW,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EACxE,WAAA,EAAa,IAAA,CAAK,cAAA,EAAgB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAwB;AAAA,EACtF,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAUM,IAAM,aAAA,GAAgB,YAAY,sBAAA,EAAwB;AAAA,EAChE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAEM,IAAM,UAAA,GAAa,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,EAAE,OAAA,EAAQ,CAAE,QAAQ,QAAQ,CAAA;AAAA,EAC7C,QAAA,EAAU,QAAQ,WAAA,EAAa,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACvD,CAAC;AAEM,IAAM,cAAA,GAAiB,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,MAAM,IAAA,CAAK,MAAM,EAAE,OAAA,EAAQ,CAAE,QAAQ,QAAQ,CAAA;AAAA,EAC7C,SAAA,EAAW,KAAK,YAAY,CAAA,CAC1B,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,SAAA,EAAW,UAAA,EAAY,SAAS,GAAG,CAAA,CACjE,OAAA,EAAQ,CACR,QAAQ,SAAS,CAAA;AAAA,EACnB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAEM,IAAM,QAAA,GAAW,YAAY,kBAAA,EAAoB;AAAA,EACvD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA;AAC9D,CAAC;AAKM,IAAM,kBAAA,GAAqB,YAAY,4BAAA,EAA8B;AAAA,EAC3E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,cAAc,IAAA,CAAK,eAAe,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACrD,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACtC,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC/C,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,EAC9B,UAAA,EAAY,KAAK,YAAY,CAAA;AAAA;AAAA,EAC7B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,UAAA,EAAY,QAAQ,cAAA,EAAgB,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AAC5D,CAAC;AAKM,IAAM,cAAA,GAAiB,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC9B,UAAA,EAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EACxC,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,MAAA,EAAQ,MAAM,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACvD,QAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACxC,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC/C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,OAAA,GAAU,YAAY,iBAAA,EAAmB;AAAA,EACrD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EAClC,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,EACtC,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAC7E,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACtD,YAAY,OAAA,CAAQ,cAAA,EAAgB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACzD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,iBAAA,GAAoB,YAAY,2BAAA,EAA6B;AAAA,EACzE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC9C,MAAA,EAAQ,KAAK,SAAS,CAAA;AAAA;AAAA,EACtB,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,cAAA,EAAgB,gBAAgB,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACzE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,gBAAA,GAAmB,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,UAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC5C,YAAA,EAAc,IAAA,CAAK,eAAe,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC5C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,kBAAA,GAAqB,YAAY,4BAAA,EAA8B;AAAA,EAC3E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,UAAU,OAAA,CAAQ,UAAU,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACjD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,cAAA,GAAiB,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,WAAA,EAAa,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACzC,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC7B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,aAAA,GAAgB,YAAY,wBAAA,EAA0B;AAAA,EAClE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC/C,OAAA,EAAS,KAAK,SAAA,EAAW;AAAA,IACxB,IAAA,EAAM,CAAC,cAAA,EAAgB,gBAAA,EAAkB,cAAc,QAAQ;AAAA,GAC/D,EAAE,OAAA,EAAQ;AAAA,EACX,UAAA,EAAY,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACvC,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,YAAA,GAAe,YAAY,sBAAA,EAAwB;AAAA,EAC/D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,EAAA,EAAI,KAAK,IAAI,CAAA;AAAA,EACb,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,SAAA,EAAW,QAAQ,WAAA,EAAa,EAAE,MAAM,cAAA,EAAgB,EAAE,OAAA;AAC3D,CAAC;AAKM,IAAM,SAAA,GAAY,YAAY,mBAAA,EAAqB;AAAA,EACzD,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,UAAA,EAAW,CACX,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,KAAK,IAAA,CAAK,KAAK,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAClC,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,KAAA,EAAO,KAAK,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACzD,YAAA,EAAc,IAAA,CAAK,gBAAgB,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC7C,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC1C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,WAAA,GAAc,YAAY,qBAAA,EAAuB;AAAA,EAC7D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC7C,gBAAA,EAAkB,IAAA,CAAK,oBAAoB,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACrD,UAAA,EAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EACxC,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAChF,UAAA,EAAY,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAC5E,aAAA,EAAe,IAAA,CAAK,gBAAA,EAAkB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAClF,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACnE,yBAAyB,IAAA,CAAK,4BAA4B,EACxD,OAAA,EAAQ,CACR,QAAQ,oBAAoB,CAAA;AAAA,EAC9B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,aAAA,GAAgB,YAAY,wBAAA,EAA0B;AAAA,EAClE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC7C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,KAAA,EAAO,KAAK,OAAO,CAAA;AAAA,EACnB,aAAA,EAAe,KAAK,gBAAgB,CAAA;AAAA;AAAA,EACpC,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA,EACjD,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,iBAAA,GAAoB,YAAY,4BAAA,EAA8B;AAAA,EAC1E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC/C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,OAAA,EAAS,OAAA,CAAQ,SAAA,EAAW,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EACxE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,gBAAA,GAAmB,YAAY,2BAAA,EAA6B;AAAA,EACxE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA;AAAA,EAE1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAE/C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA;AAAA,EAEpD,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC","file":"chunk-V66UUIA7.js","sourcesContent":["import { integer, sqliteTable, text } from \"drizzle-orm/sqlite-core\";\n\n// ============================================================\n// Users (basic human identity - integrates with external auth)\n// ============================================================\nexport const users = sqliteTable(\"kavach_users\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull().unique(),\n\tname: text(\"name\"),\n\tusername: text(\"username\").unique(),\n\texternalId: text(\"external_id\"), // ID from external auth (better-auth, Auth.js, etc.)\n\texternalProvider: text(\"external_provider\"), // \"better-auth\", \"authjs\", \"clerk\", etc.\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\t// Admin ban fields (populated by admin module)\n\tbanned: integer(\"banned\").notNull().default(0),\n\tbanReason: text(\"ban_reason\"),\n\tbanExpiresAt: integer(\"ban_expires_at\", { mode: \"timestamp\" }),\n\tforcePasswordReset: integer(\"force_password_reset\").notNull().default(0),\n\t// Stripe integration fields (populated by kavach-stripe plugin)\n\tstripeCustomerId: text(\"stripe_customer_id\").unique(),\n\tstripeSubscriptionId: text(\"stripe_subscription_id\"),\n\tstripeSubscriptionStatus: text(\"stripe_subscription_status\"),\n\tstripePriceId: text(\"stripe_price_id\"),\n\tstripeCurrentPeriodEnd: integer(\"stripe_current_period_end\", { mode: \"timestamp\" }),\n\tstripeCancelAtPeriodEnd: integer(\"stripe_cancel_at_period_end\", { mode: \"boolean\" })\n\t\t.notNull()\n\t\t.default(false),\n\t// Polar integration fields (populated by kavach-polar plugin)\n\tpolarCustomerId: text(\"polar_customer_id\").unique(),\n\tpolarSubscriptionId: text(\"polar_subscription_id\"),\n\tpolarSubscriptionStatus: text(\"polar_subscription_status\"),\n\tpolarProductId: text(\"polar_product_id\"),\n\tpolarCurrentPeriodEnd: integer(\"polar_current_period_end\", { mode: \"timestamp\" }),\n\tpolarCancelAtPeriodEnd: integer(\"polar_cancel_at_period_end\", { mode: \"boolean\" })\n\t\t.notNull()\n\t\t.default(false),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Tenants (multi-tenant isolation — must come before agents)\n// ============================================================\nexport const tenants = sqliteTable(\"kavach_tenants\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tslug: text(\"slug\").notNull().unique(),\n\tsettings: text(\"settings\", { mode: \"json\" }).$type<TenantSettingsRow>(),\n\tstatus: text(\"status\", { enum: [\"active\", \"suspended\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface TenantSettingsRow {\n\tmaxAgents?: number;\n\tmaxDelegationDepth?: number;\n\tauditRetentionDays?: number;\n\tallowedAgentTypes?: string[];\n}\n\n// ============================================================\n// Agents (the core differentiator - AI agent identities)\n// ============================================================\nexport const agents = sqliteTable(\"kavach_agents\", {\n\tid: text(\"id\").primaryKey(),\n\townerId: text(\"owner_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\ttenantId: text(\"tenant_id\").references(() => tenants.id), // nullable, for multi-tenant scoping\n\tname: text(\"name\").notNull(),\n\ttype: text(\"type\", { enum: [\"autonomous\", \"delegated\", \"service\"] }).notNull(),\n\tstatus: text(\"status\", { enum: [\"active\", \"revoked\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\ttokenHash: text(\"token_hash\").notNull(), // hashed agent token\n\ttokenPrefix: text(\"token_prefix\").notNull(), // first 8 chars for identification\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }),\n\tlastActiveAt: integer(\"last_active_at\", { mode: \"timestamp\" }),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Permissions (scoped access control per agent)\n// ============================================================\nexport const permissions = sqliteTable(\"kavach_permissions\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tresource: text(\"resource\").notNull(), // e.g. \"mcp:github:*\", \"tool:file_read\"\n\tactions: text(\"actions\", { mode: \"json\" }).notNull().$type<string[]>(), // [\"read\", \"write\", \"execute\"]\n\tconstraints: text(\"constraints\", { mode: \"json\" }).$type<PermissionConstraintsRow>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface PermissionConstraintsRow {\n\tmaxCallsPerHour?: number;\n\tallowedArgPatterns?: string[];\n\trequireApproval?: boolean;\n\ttimeWindow?: { start: string; end: string };\n\tipAllowlist?: string[];\n}\n\n// ============================================================\n// Delegation Chains (agent-to-agent permission delegation)\n// ============================================================\nexport const delegationChains = sqliteTable(\"kavach_delegation_chains\", {\n\tid: text(\"id\").primaryKey(),\n\tfromAgentId: text(\"from_agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\ttoAgentId: text(\"to_agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<DelegationPermissionRow[]>(),\n\tdepth: integer(\"depth\").notNull().default(1),\n\tmaxDepth: integer(\"max_depth\").notNull().default(3),\n\tstatus: text(\"status\", { enum: [\"active\", \"revoked\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface DelegationPermissionRow {\n\tresource: string;\n\tactions: string[];\n}\n\n// ============================================================\n// Audit Logs (immutable record of every agent action)\n// ============================================================\nexport const auditLogs = sqliteTable(\"kavach_audit_logs\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\taction: text(\"action\").notNull(), // \"execute\", \"read\", \"write\", \"delete\"\n\tresource: text(\"resource\").notNull(), // \"mcp:github:create_issue\"\n\tparameters: text(\"parameters\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tresult: text(\"result\", { enum: [\"allowed\", \"denied\", \"rate_limited\"] }).notNull(),\n\treason: text(\"reason\"), // why denied/rate_limited\n\tdurationMs: integer(\"duration_ms\").notNull(),\n\ttokensCost: integer(\"tokens_cost\"),\n\tip: text(\"ip\"),\n\tuserAgent: text(\"user_agent\"),\n\ttimestamp: integer(\"timestamp\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Rate Limit Counters (track per-agent call rates)\n// ============================================================\nexport const rateLimits = sqliteTable(\"kavach_rate_limits\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tresource: text(\"resource\").notNull(),\n\twindowStart: integer(\"window_start\", { mode: \"timestamp\" }).notNull(),\n\tcount: integer(\"count\").notNull().default(0),\n});\n\n// ============================================================\n// MCP Servers (registered MCP servers)\n// ============================================================\nexport const mcpServers = sqliteTable(\"kavach_mcp_servers\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tendpoint: text(\"endpoint\").notNull().unique(),\n\ttools: text(\"tools\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tauthRequired: integer(\"auth_required\", { mode: \"boolean\" }).notNull().default(true),\n\trateLimitRpm: integer(\"rate_limit_rpm\"),\n\tstatus: text(\"status\", { enum: [\"active\", \"inactive\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Sessions (human user sessions managed by KavachOS)\n// ============================================================\nexport const sessions = sqliteTable(\"kavach_sessions\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Clients (for MCP OAuth 2.1 - dynamic client registration)\n// ============================================================\nexport const oauthClients = sqliteTable(\"kavach_oauth_clients\", {\n\tid: text(\"id\").primaryKey(),\n\tclientId: text(\"client_id\").notNull().unique(),\n\tclientSecret: text(\"client_secret\"), // null for public clients\n\tclientName: text(\"client_name\"),\n\tclientUri: text(\"client_uri\"),\n\tredirectUris: text(\"redirect_uris\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tgrantTypes: text(\"grant_types\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<string[]>()\n\t\t.default([\"authorization_code\"]),\n\tresponseTypes: text(\"response_types\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<string[]>()\n\t\t.default([\"code\"]),\n\ttokenEndpointAuthMethod: text(\"token_endpoint_auth_method\")\n\t\t.notNull()\n\t\t.default(\"client_secret_basic\"),\n\ttype: text(\"type\", { enum: [\"public\", \"confidential\"] })\n\t\t.notNull()\n\t\t.default(\"confidential\"),\n\tdisabled: integer(\"disabled\", { mode: \"boolean\" }).notNull().default(false),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Access Tokens (issued tokens for MCP auth)\n// ============================================================\nexport const oauthAccessTokens = sqliteTable(\"kavach_oauth_access_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\taccessToken: text(\"access_token\").notNull().unique(),\n\trefreshToken: text(\"refresh_token\").unique(),\n\tclientId: text(\"client_id\")\n\t\t.notNull()\n\t\t.references(() => oauthClients.clientId),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\tresource: text(\"resource\"), // RFC 8707 - audience binding\n\taccessTokenExpiresAt: integer(\"access_token_expires_at\", { mode: \"timestamp\" }).notNull(),\n\trefreshTokenExpiresAt: integer(\"refresh_token_expires_at\", { mode: \"timestamp\" }),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Authorization Codes (temporary codes for code exchange)\n// ============================================================\nexport const oauthAuthorizationCodes = sqliteTable(\"kavach_oauth_authorization_codes\", {\n\tid: text(\"id\").primaryKey(),\n\tcode: text(\"code\").notNull().unique(),\n\tclientId: text(\"client_id\")\n\t\t.notNull()\n\t\t.references(() => oauthClients.clientId),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tredirectUri: text(\"redirect_uri\").notNull(),\n\tscopes: text(\"scopes\").notNull(),\n\tcodeChallenge: text(\"code_challenge\"), // PKCE\n\tcodeChallengeMethod: text(\"code_challenge_method\"), // \"S256\"\n\tresource: text(\"resource\"), // RFC 8707\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Budget Policies (agent execution budget caps)\n// ============================================================\nexport const budgetPolicies = sqliteTable(\"kavach_budget_policies\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\").references(() => agents.id, { onDelete: \"cascade\" }), // nullable\n\tuserId: text(\"user_id\").references(() => users.id), // nullable\n\ttenantId: text(\"tenant_id\").references(() => tenants.id), // nullable\n\tlimits: text(\"limits\", { mode: \"json\" }).notNull().$type<BudgetLimitsRow>(),\n\tcurrentUsage: text(\"current_usage\", { mode: \"json\" }).notNull().$type<BudgetUsageRow>(),\n\taction: text(\"action\", { enum: [\"warn\", \"throttle\", \"block\", \"revoke\"] })\n\t\t.notNull()\n\t\t.default(\"warn\"),\n\tstatus: text(\"status\", { enum: [\"active\", \"triggered\", \"disabled\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface BudgetLimitsRow {\n\tmaxTokensCostPerDay?: number;\n\tmaxTokensCostPerMonth?: number;\n\tmaxCallsPerDay?: number;\n\tmaxCallsPerMonth?: number;\n}\n\ninterface BudgetUsageRow {\n\ttokensCostToday: number;\n\ttokensCostThisMonth: number;\n\tcallsToday: number;\n\tcallsThisMonth: number;\n\tlastUpdated: string;\n}\n\n// ============================================================\n// Agent Capability Cards (A2A discovery)\n// ============================================================\nexport const agentCards = sqliteTable(\"kavach_agent_cards\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tname: text(\"name\").notNull(),\n\tdescription: text(\"description\"),\n\tversion: text(\"version\").notNull(),\n\tprotocols: text(\"protocols\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tcapabilities: text(\"capabilities\", { mode: \"json\" }).notNull().$type<unknown[]>(),\n\tauthRequirements: text(\"auth_requirements\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<Record<string, unknown>>(),\n\tendpoint: text(\"endpoint\"),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Approval Requests (CIBA async approval flows)\n// ============================================================\nexport const approvalRequests = sqliteTable(\"kavach_approval_requests\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\taction: text(\"action\").notNull(),\n\tresource: text(\"resource\").notNull(),\n\targuments: text(\"arguments\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tstatus: text(\"status\", { enum: [\"pending\", \"approved\", \"denied\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"pending\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\trespondedAt: integer(\"responded_at\", { mode: \"timestamp\" }),\n\trespondedBy: text(\"responded_by\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Trust Scores (graduated autonomy scoring)\n// ============================================================\nexport const trustScores = sqliteTable(\"kavach_trust_scores\", {\n\tagentId: text(\"agent_id\")\n\t\t.primaryKey()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tscore: integer(\"score\").notNull(),\n\tlevel: text(\"level\", {\n\t\tenum: [\"untrusted\", \"limited\", \"standard\", \"trusted\", \"elevated\"],\n\t}).notNull(),\n\tfactors: text(\"factors\", { mode: \"json\" }).notNull().$type<Record<string, unknown>>(),\n\tcomputedAt: integer(\"computed_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Magic Links (passwordless email login)\n// ============================================================\nexport const magicLinks = sqliteTable(\"kavach_magic_links\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull(),\n\ttoken: text(\"token\").notNull().unique(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Email OTPs (one-time password login)\n// ============================================================\nexport const emailOtps = sqliteTable(\"kavach_email_otps\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull(),\n\tcodeHash: text(\"code_hash\").notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tattempts: integer(\"attempts\").notNull().default(0),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// TOTP (Two-Factor Authentication)\n// ============================================================\nexport const totpRecords = sqliteTable(\"kavach_totp\", {\n\tuserId: text(\"user_id\")\n\t\t.primaryKey()\n\t\t.references(() => users.id),\n\tsecret: text(\"secret\").notNull(), // base32-encoded TOTP secret\n\tenabled: integer(\"enabled\", { mode: \"boolean\" }).notNull().default(false),\n\tbackupCodes: text(\"backup_codes\", { mode: \"json\" }).notNull().$type<TotpBackupCode[]>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface TotpBackupCode {\n\thash: string;\n\tused: boolean;\n}\n\n// ============================================================\n// Organizations (multi-member org with RBAC)\n// ============================================================\nexport const organizations = sqliteTable(\"kavach_organizations\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tslug: text(\"slug\").notNull().unique(),\n\townerId: text(\"owner_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgMembers = sqliteTable(\"kavach_org_members\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\trole: text(\"role\").notNull().default(\"member\"),\n\tjoinedAt: integer(\"joined_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgInvitations = sqliteTable(\"kavach_org_invitations\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\temail: text(\"email\").notNull(),\n\trole: text(\"role\").notNull().default(\"member\"),\n\tinvitedBy: text(\"invited_by\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tstatus: text(\"status\", { enum: [\"pending\", \"accepted\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"pending\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgRoles = sqliteTable(\"kavach_org_roles\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\tname: text(\"name\").notNull(),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<string[]>(),\n});\n\n// ============================================================\n// Passkey Credentials (WebAuthn / FIDO2)\n// ============================================================\nexport const passkeyCredentials = sqliteTable(\"kavach_passkey_credentials\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tcredentialId: text(\"credential_id\").notNull().unique(),\n\tpublicKey: text(\"public_key\").notNull(), // base64url-encoded COSE key\n\tcounter: integer(\"counter\").notNull().default(0),\n\tdeviceName: text(\"device_name\"),\n\ttransports: text(\"transports\"), // JSON array, e.g. '[\"internal\",\"usb\"]'\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tlastUsedAt: integer(\"last_used_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// SSO Connections (SAML / OIDC enterprise SSO)\n// ============================================================\nexport const ssoConnections = sqliteTable(\"kavach_sso_connections\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\").notNull(),\n\tproviderId: text(\"provider_id\").notNull(),\n\ttype: text(\"type\", { enum: [\"saml\", \"oidc\"] }).notNull(),\n\tdomain: text(\"domain\").notNull().unique(),\n\tenabled: integer(\"enabled\").notNull().default(1),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// API Keys (static bearer tokens with permission scopes)\n// ============================================================\nexport const apiKeys = sqliteTable(\"kavach_api_keys\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tname: text(\"name\").notNull(),\n\tkeyHash: text(\"key_hash\").notNull(),\n\tkeyPrefix: text(\"key_prefix\").notNull(),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<string[]>(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }),\n\tlastUsedAt: integer(\"last_used_at\", { mode: \"timestamp\" }),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Passkey Challenges (WebAuthn challenge state — short-lived)\n// ============================================================\nexport const passkeyChallenges = sqliteTable(\"kavach_passkey_challenges\", {\n\tid: text(\"id\").primaryKey(),\n\tchallenge: text(\"challenge\").notNull().unique(),\n\tuserId: text(\"user_id\"), // null for discoverable credential flows\n\ttype: text(\"type\", { enum: [\"registration\", \"authentication\"] }).notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Username Accounts (username + password auth)\n// ============================================================\nexport const usernameAccounts = sqliteTable(\"kavach_username_accounts\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tusername: text(\"username\").notNull().unique(),\n\tpasswordHash: text(\"password_hash\").notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Phone Verifications (SMS OTP)\n// ============================================================\nexport const phoneVerifications = sqliteTable(\"kavach_phone_verifications\", {\n\tid: text(\"id\").primaryKey(),\n\tphoneNumber: text(\"phone_number\").notNull(),\n\tcodeHash: text(\"code_hash\").notNull(),\n\tattempts: integer(\"attempts\").notNull().default(0),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Trusted Devices (skip 2FA on known devices for a time window)\n// ============================================================\nexport const trustedDevices = sqliteTable(\"kavach_trusted_devices\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tfingerprint: text(\"fingerprint\").notNull(), // HMAC-SHA256 of stable request headers\n\tlabel: text(\"label\").notNull(), // human-readable, e.g. \"Mac\", \"iPhone\"\n\ttrustedAt: integer(\"trusted_at\", { mode: \"timestamp\" }).notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// One-Time Tokens (email verify, password reset, invitation, custom)\n// ============================================================\nexport const oneTimeTokens = sqliteTable(\"kavach_one_time_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\ttokenHash: text(\"token_hash\").notNull().unique(), // SHA-256 hex of the raw token\n\tpurpose: text(\"purpose\", {\n\t\tenum: [\"email-verify\", \"password-reset\", \"invitation\", \"custom\"],\n\t}).notNull(),\n\tidentifier: text(\"identifier\").notNull(), // email, userId, or any caller-supplied key\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Login History (last login method tracking per user)\n// ============================================================\nexport const loginHistory = sqliteTable(\"kavach_login_history\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tmethod: text(\"method\").notNull(), // LoginMethod — kept as text to support oauth:{provider} variants\n\tip: text(\"ip\"),\n\tuserAgent: text(\"user_agent\"),\n\ttimestamp: integer(\"timestamp\", { mode: \"timestamp_ms\" }).notNull(),\n});\n\n// ============================================================\n// Agent DIDs (W3C Decentralized Identifiers per agent)\n// ============================================================\nexport const agentDids = sqliteTable(\"kavach_agent_dids\", {\n\tagentId: text(\"agent_id\")\n\t\t.primaryKey()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tdid: text(\"did\").notNull().unique(),\n\tmethod: text(\"method\", { enum: [\"key\", \"web\"] }).notNull(),\n\tpublicKeyJwk: text(\"public_key_jwk\").notNull(), // JSON-serialised JWK (public key only)\n\tdidDocument: text(\"did_document\").notNull(), // JSON-serialised DID Document\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Clients (apps authenticating against KavachOS IdP)\n// ============================================================\nexport const oidcClients = sqliteTable(\"kavach_oidc_clients\", {\n\tid: text(\"id\").primaryKey(),\n\tclientId: text(\"client_id\").notNull().unique(),\n\tclientSecretHash: text(\"client_secret_hash\").notNull(), // SHA-256 hex of the raw secret\n\tclientName: text(\"client_name\").notNull(),\n\tredirectUris: text(\"redirect_uris\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tgrantTypes: text(\"grant_types\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tresponseTypes: text(\"response_types\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tscopes: text(\"scopes\", { mode: \"json\" }).notNull().$type<string[]>(),\n\ttokenEndpointAuthMethod: text(\"token_endpoint_auth_method\")\n\t\t.notNull()\n\t\t.default(\"client_secret_post\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Authorization Codes\n// ============================================================\nexport const oidcAuthCodes = sqliteTable(\"kavach_oidc_auth_codes\", {\n\tid: text(\"id\").primaryKey(),\n\tcodeHash: text(\"code_hash\").notNull().unique(), // SHA-256 hex of the raw code\n\tclientId: text(\"client_id\").notNull(),\n\tuserId: text(\"user_id\").notNull(),\n\tredirectUri: text(\"redirect_uri\").notNull(),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\tnonce: text(\"nonce\"),\n\tcodeChallenge: text(\"code_challenge\"), // PKCE S256\n\tcodeChallengeMethod: text(\"code_challenge_method\"),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Refresh Tokens\n// ============================================================\nexport const oidcRefreshTokens = sqliteTable(\"kavach_oidc_refresh_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\ttokenHash: text(\"token_hash\").notNull().unique(), // SHA-256 hex of the raw token\n\tclientId: text(\"client_id\").notNull(),\n\tuserId: text(\"user_id\").notNull(),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\trevoked: integer(\"revoked\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// JWT Session Refresh Tokens (general-purpose session plugin)\n// ============================================================\nexport const jwtRefreshTokens = sqliteTable(\"kavach_jwt_refresh_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\t/** SHA-256 hex of the raw refresh token. The raw token is never stored. */\n\ttokenHash: text(\"token_hash\").notNull().unique(),\n\t/** The user who owns this session. */\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\t/** True once the token has been used in a refresh or explicit revocation. */\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n"]}
@@ -301,8 +301,8 @@ declare const McpClientRegistrationSchema: z.ZodObject<{
301
301
  grant_types?: ("authorization_code" | "refresh_token")[] | undefined;
302
302
  response_types?: "code"[] | undefined;
303
303
  token_endpoint_auth_method?: "client_secret_basic" | "client_secret_post" | "none" | undefined;
304
- scope?: string | undefined;
305
304
  logo_uri?: string | undefined;
305
+ scope?: string | undefined;
306
306
  contacts?: string[] | undefined;
307
307
  tos_uri?: string | undefined;
308
308
  policy_uri?: string | undefined;
@@ -315,8 +315,8 @@ declare const McpClientRegistrationSchema: z.ZodObject<{
315
315
  grant_types?: ("authorization_code" | "refresh_token")[] | undefined;
316
316
  response_types?: "code"[] | undefined;
317
317
  token_endpoint_auth_method?: "client_secret_basic" | "client_secret_post" | "none" | undefined;
318
- scope?: string | undefined;
319
318
  logo_uri?: string | undefined;
319
+ scope?: string | undefined;
320
320
  contacts?: string[] | undefined;
321
321
  tos_uri?: string | undefined;
322
322
  policy_uri?: string | undefined;