kavachos 0.0.4 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/dist/a2a/index.d.ts +2340 -0
  2. package/dist/a2a/index.js +821 -0
  3. package/dist/a2a/index.js.map +1 -0
  4. package/dist/agent/index.d.ts +3 -4
  5. package/dist/agent/index.js +4 -3
  6. package/dist/audit/index.d.ts +2 -3
  7. package/dist/audit/index.js +3 -3
  8. package/dist/auth/index.d.ts +490 -93
  9. package/dist/auth/index.js +4 -3
  10. package/dist/{chunk-KL6XW4S4.js → chunk-FKVAXCNJ.js} +2375 -633
  11. package/dist/chunk-FKVAXCNJ.js.map +1 -0
  12. package/dist/{chunk-5DT4DN4Y.js → chunk-IKTOSJ4O.js} +13 -13
  13. package/dist/chunk-IKTOSJ4O.js.map +1 -0
  14. package/dist/{chunk-V66UUIA7.js → chunk-KDL6A76K.js} +93 -4
  15. package/dist/chunk-KDL6A76K.js.map +1 -0
  16. package/dist/chunk-NSBPE2FW.js +15 -0
  17. package/dist/{chunk-PZ5AY32C.js.map → chunk-NSBPE2FW.js.map} +1 -1
  18. package/dist/chunk-NSTER7KE.js +538 -0
  19. package/dist/chunk-NSTER7KE.js.map +1 -0
  20. package/dist/chunk-QCRHJMDX.js +186 -0
  21. package/dist/chunk-QCRHJMDX.js.map +1 -0
  22. package/dist/{chunk-OVGNZ5OX.js → chunk-VHKZARMM.js} +6 -6
  23. package/dist/chunk-VHKZARMM.js.map +1 -0
  24. package/dist/{chunk-SJGSPIAD.js → chunk-Y3OWAJHK.js} +3 -3
  25. package/dist/{chunk-SJGSPIAD.js.map → chunk-Y3OWAJHK.js.map} +1 -1
  26. package/dist/index.d.ts +138 -6
  27. package/dist/index.js +580 -35
  28. package/dist/index.js.map +1 -1
  29. package/dist/mcp/index.d.ts +2 -2
  30. package/dist/mcp/index.js +12 -16
  31. package/dist/mcp/index.js.map +1 -1
  32. package/dist/permission/index.d.ts +3 -4
  33. package/dist/permission/index.js +4 -3
  34. package/dist/{types-Xk83hv4O.d.ts → types-W8X0PXE7.d.ts} +1764 -99
  35. package/dist/vc/index.d.ts +800 -0
  36. package/dist/vc/index.js +5 -0
  37. package/dist/vc/index.js.map +1 -0
  38. package/package.json +17 -1
  39. package/dist/chunk-5DT4DN4Y.js.map +0 -1
  40. package/dist/chunk-KL6XW4S4.js.map +0 -1
  41. package/dist/chunk-OVGNZ5OX.js.map +0 -1
  42. package/dist/chunk-PZ5AY32C.js +0 -9
  43. package/dist/chunk-V66UUIA7.js.map +0 -1
  44. package/dist/{types-mwupB57A.d.ts → types-BuHrZcjE.d.ts} +2 -2
package/dist/{chunk-5DT4DN4Y.js → chunk-IKTOSJ4O.js} RENAMED
@@ -1,11 +1,11 @@
1
- import { agents, permissions } from './chunk-V66UUIA7.js';
2
- import { randomUUID, createHash, randomBytes } from 'crypto';
1
+ import { agents, permissions } from './chunk-KDL6A76K.js';
2
+ import { generateId, sha256, randomBytes, toBase64Url } from './chunk-QCRHJMDX.js';
3
3
  import { and, eq } from 'drizzle-orm';
4
4
 
5
- function generateAgentToken() {
5
+ async function generateAgentToken() {
6
6
  const tokenBytes = randomBytes(32);
7
- const token = `kv_${tokenBytes.toString("base64url")}`;
8
- const hash = createHash("sha256").update(token).digest("hex");
7
+ const token = `kv_${toBase64Url(tokenBytes)}`;
8
+ const hash = await sha256(token);
9
9
  const prefix = token.slice(0, 11);
10
10
  return { token, hash, prefix };
11
11
  }
@@ -34,8 +34,8 @@ function createAgentModule(config) {
34
34
  `User ${input.ownerId} has reached the maximum of ${maxPerUser} active agents.`
35
35
  );
36
36
  }
37
- const id = randomUUID();
38
- const { token, hash, prefix } = generateAgentToken();
37
+ const id = generateId();
38
+ const { token, hash, prefix } = await generateAgentToken();
39
39
  const now = /* @__PURE__ */ new Date();
40
40
  const expires = input.expiresAt ?? parseTokenExpiry(tokenExpiry);
41
41
  await db.insert(agents).values({
@@ -55,7 +55,7 @@ function createAgentModule(config) {
55
55
  if (input.permissions.length > 0) {
56
56
  await db.insert(permissions).values(
57
57
  input.permissions.map((p) => ({
58
- id: randomUUID(),
58
+ id: generateId(),
59
59
  agentId: id,
60
60
  resource: p.resource,
61
61
  actions: p.actions,
@@ -144,7 +144,7 @@ function createAgentModule(config) {
144
144
  if (input.permissions.length > 0) {
145
145
  await db.insert(permissions).values(
146
146
  input.permissions.map((p) => ({
147
- id: randomUUID(),
147
+ id: generateId(),
148
148
  agentId,
149
149
  resource: p.resource,
150
150
  actions: p.actions,
@@ -168,13 +168,13 @@ function createAgentModule(config) {
168
168
  if (!existing) throw new Error(`Agent ${agentId} not found.`);
169
169
  if (existing.status !== "active")
170
170
  throw new Error(`Cannot rotate token for ${existing.status} agent.`);
171
- const { token, hash, prefix } = generateAgentToken();
171
+ const { token, hash, prefix } = await generateAgentToken();
172
172
  const now = /* @__PURE__ */ new Date();
173
173
  await db.update(agents).set({ tokenHash: hash, tokenPrefix: prefix, updatedAt: now }).where(eq(agents.id, agentId));
174
174
  return { ...existing, token, updatedAt: now };
175
175
  }
176
176
  async function validateToken(token) {
177
- const hash = createHash("sha256").update(token).digest("hex");
177
+ const hash = await sha256(token);
178
178
  const rows = await db.select().from(agents).where(eq(agents.tokenHash, hash)).limit(1);
179
179
  const agent = rows[0];
180
180
  if (!agent) return null;
@@ -210,5 +210,5 @@ function toPermission(row) {
210
210
  }
211
211
 
212
212
  export { createAgentModule };
213
- //# sourceMappingURL=chunk-5DT4DN4Y.js.map
214
- //# sourceMappingURL=chunk-5DT4DN4Y.js.map
213
+ //# sourceMappingURL=chunk-IKTOSJ4O.js.map
214
+ //# sourceMappingURL=chunk-IKTOSJ4O.js.map
package/dist/chunk-IKTOSJ4O.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/agent/agent.ts"],"names":[],"mappings":";;;;AA0BA,eAAe,kBAAA,GAA+E;AAC7F,EAAA,MAAM,UAAA,GAAa,YAAY,EAAE,CAAA;AACjC,EAAA,MAAM,KAAA,GAAQ,CAAA,GAAA,EAAM,WAAA,CAAY,UAAU,CAAC,CAAA,CAAA;AAC3C,EAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,KAAK,CAAA;AAC/B,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAChC,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,MAAA,EAAO;AAC9B;AAEA,SAAS,iBAAiB,MAAA,EAAsB;AAC/C,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,iBAAiB,CAAA;AAC5C,EAAA,IAAI,CAAC,KAAA,EAAO;AACX,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,MAAM,CAAA,qCAAA,CAAuC,CAAA;AAAA,EAC9F;AACA,EAAA,MAAM,QAAQ,MAAA,CAAO,QAAA,CAAS,KAAA,CAAM,CAAC,GAAa,EAAE,CAAA;AACpD,EAAA,MAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AACpB,EAAA,MAAM,WAAA,GAAsC;AAAA,IAC3C,CAAA,EAAG,GAAA;AAAA,IACH,GAAG,EAAA,GAAK,GAAA;AAAA,IACR,CAAA,EAAG,KAAK,EAAA,GAAK,GAAA;AAAA,IACb,CAAA,EAAG,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA,GACnB;AACA,EAAA,OAAO,IAAI,IAAA,CAAK,GAAA,GAAM,SAAS,WAAA,CAAY,IAAc,KAAK,CAAA,CAAE,CAAA;AACjE;AAMO,SAAS,kBAAkB,MAAA,EAA2B;AAC5D,EAAA,MAAM,EAAE,EAAA,EAAI,UAAA,EAAY,WAAA,EAAY,GAAI,MAAA;AAExC,EAAA,eAAe,OAAO,KAAA,EAAqE;AAE1F,IAAA,MAAM,QAAA,GAAW,MAAM,EAAA,CACrB,MAAA,GACA,IAAA,CAAK,MAAM,EACX,KAAA,CAAM,GAAA,CAAI,GAAG,MAAA,CAAO,OAAA,EAAS,MAAM,OAAO,CAAA,EAAG,GAAG,MAAA,CAAO,MAAA,EAAQ,QAAQ,CAAC,CAAC,CAAA;AAE3E,IAAA,IAAI,QAAA,CAAS,UAAU,UAAA,EAAY;AAClC,MAAA,MAAM,IAAI,KAAA;AAAA,QACT,CAAA,KAAA,EAAQ,KAAA,CAAM,OAAO,CAAA,4BAAA,EAA+B,UAAU,CAAA,eAAA;AAAA,OAC/D;AAAA,IACD;AAEA,IAAA,MAAM,KAAK,UAAA,EAAW;AACtB,IAAA,MAAM,EAAE,KAAA,EAAO,IAAA,EAAM,MAAA,EAAO,GAAI,MAAM,kBAAA,EAAmB;AACzD,IAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,SAAA,IAAa,gBAAA,CAAiB,WAAW,CAAA;AAG/D,IAAA,MAAM,EAAA,CAAG,MAAA,CAAO,MAAM,CAAA,CAAE,MAAA,CAAO;AAAA,MAC9B,EAAA;AAAA,MACA,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,QAAA,EAAU,MAAM,QAAA,IAAY,IAAA;AAAA,MAC5B,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAA,EAAQ,QAAA;AAAA,MACR,SAAA,EAAW,IAAA;AAAA,MACX,WAAA,EAAa,MAAA;AAAA,MACb,SAAA,EAAW,OAAA;AAAA,MACX,QAAA,EAAU,KAAA,CAAM,QAAA,IAAY,EAAC;AAAA,MAC7B,SAAA,EAAW,GAAA;AAAA,MACX,SAAA,EAAW;AAAA,KACX,CAAA;AAGD,IAAA,IAAI,KAAA,CAAM,WAAA,CAAY,MAAA,GAAS,CAAA,EAAG;AACjC,MAAA,MAAM,EAAA,CAAG,MAAA,CAAO,WAAW,CAAA,CAAE,MAAA;AAAA,QAC5B,KAAA,CAAM,WAAA,CAAY,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,UAC7B,IAAI,UAAA,EAAW;AAAA,UACf,OAAA,EAAS,EAAA;AAAA,UACT,UAAU,CAAA,CAAE,QAAA;AAAA,UACZ,SAAS,CAAA,CAAE,OAAA;AAAA,UACX,WAAA,EAAa,EAAE,WAAA,IAAe,IAAA;AAAA,UAC9B,SAAA,EAAW;AAAA,SACZ,CAAE;AAAA,OACH;AAAA,IACD;AAEA,IAAA,OAAO;AAAA,MACN,EAAA;AAAA,MACA,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,UAAU,KAAA,CAAM,QAAA;AAAA,MAChB,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,KAAA;AAAA,MACA,aAAa,KAAA,CAAM,WAAA;AAAA,MACnB,MAAA,EAAQ,QAAA;AAAA,MACR,SAAA,EAAW,OAAA;AAAA,MACX,SAAA,EAAW,GAAA;AAAA,MACX,SAAA,EAAW;AAAA,KACZ;AAAA,EACD;AAEA,EAAA,eAAe,IAAI,OAAA,EAAgD;AAClE,IAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,MAAM,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,OAAO,EAAA,EAAI,OAAO,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AACjF,IAAA,MAAM,KAAA,GAAQ,KAAK,CAAC,CAAA;AACpB,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,WAAW,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,OAAA,EAAS,OAAO,CAAC,CAAA;AAExF,IAAA,OAAO;AAAA,MACN,IAAI,KAAA,CAAM,EAAA;AAAA,MACV,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,QAAA,EAAU,MAAM,QAAA,IAAY,MAAA;AAAA,MAC5B,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,KAAA,EAAO,EAAA;AAAA;AAAA,MACP,WAAA,EAAa,KAAA,CAAM,GAAA,CAAI,YAAY,CAAA;AAAA,MACnC,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM;AAAA,KAClB;AAAA,EACD;AAEA,EAAA,eAAe,KAAK,MAAA,EAAgD;AACnE,IAAA,IAAI,QAAQ,EAAA,CAAG,MAAA,GAAS,IAAA,CAAK,MAAM,EAAE,QAAA,EAAS;AAE9C,IAAA,MAAM,aAAa,EAAC;AACpB,IAAA,IAAI,MAAA,EAAQ,QAAQ,UAAA,CAAW,IAAA,CAAK,GAAG,MAAA,CAAO,OAAA,EAAS,MAAA,CAAO,MAAM,CAAC,CAAA;AACrE,IAAA,IAAI,MAAA,EAAQ,UAAU,UAAA,CAAW,IAAA,CAAK,GAAG,MAAA,CAAO,QAAA,EAAU,MAAA,CAAO,QAAQ,CAAC,CAAA;AAC1E,IAAA,IAAI,MAAA,EAAQ,QAAQ,UAAA,CAAW,IAAA,CAAK,GAAG,MAAA,CAAO,MAAA,EAAQ,MAAA,CAAO,MAAM,CAAC,CAAA;AACpE,IAAA,IAAI,MAAA,EAAQ,MAAM,UAAA,CAAW,IAAA,CAAK,GAAG,MAAA,CAAO,IAAA,EAAM,MAAA,CAAO,IAAI,CAAC,CAAA;AAE9D,IAAA,IAAI,UAAA,CAAW,SAAS,CAAA,EAAG;AAC1B,MAAA,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAA,CAAI,GAAG,UAAU,CAAC,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,OAAO,MAAM,KAAA;AAGnB,IAAA,MAAM,WAAW,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,EAAE,CAAA;AACrC,IAAA,MAAM,YAAA,uBAAmB,GAAA,EAA0B;AACnD,IAAA,KAAA,MAAW,MAAM,QAAA,EAAU;AAC1B,MAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,WAAW,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,OAAA,EAAS,EAAE,CAAC,CAAA;AACnF,MAAA,YAAA,CAAa,GAAA,CAAI,EAAA,EAAI,KAAA,CAAM,GAAA,CAAI,YAAY,CAAC,CAAA;AAAA,IAC7C;AAEA,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,CAAC,KAAA,MAAW;AAAA,MAC3B,IAAI,KAAA,CAAM,EAAA;AAAA,MACV,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,QAAA,EAAU,MAAM,QAAA,IAAY,MAAA;AAAA,MAC5B,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,KAAA,EAAO,EAAA;AAAA,MACP,aAAa,YAAA,CAAa,GAAA,CAAI,KAAA,CAAM,EAAE,KAAK,EAAC;AAAA,MAC5C,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM;AAAA,KAClB,CAAE,CAAA;AAAA,EACH;AAEA,EAAA,eAAe,MAAA,CAAO,SAAiB,KAAA,EAAiD;AACvF,IAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,OAAO,CAAA;AAClC,IAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,CAAA,MAAA,EAAS,OAAO,CAAA,WAAA,CAAa,CAAA;AAE5D,IAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAErB,IAAA,MAAM,EAAA,CACJ,MAAA,CAAO,MAAM,CAAA,CACb,GAAA,CAAI;AAAA,MACJ,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,QAAA,CAAS,IAAA;AAAA,MAC7B,SAAA,EAAW,KAAA,CAAM,SAAA,IAAa,QAAA,CAAS,SAAA;AAAA,MACvC,UAAU,KAAA,CAAM,QAAA;AAAA,MAChB,SAAA,EAAW;AAAA,KACX,CAAA,CACA,KAAA,CAAM,GAAG,MAAA,CAAO,EAAA,EAAI,OAAO,CAAC,CAAA;AAG9B,IAAA,IAAI,MAAM,WAAA,EAAa;AACtB,MAAA,MAAM,EAAA,CAAG,OAAO,WAAW,CAAA,CAAE,MAAM,EAAA,CAAG,WAAA,CAAY,OAAA,EAAS,OAAO,CAAC,CAAA;AACnE,MAAA,IAAI,KAAA,CAAM,WAAA,CAAY,MAAA,GAAS,CAAA,EAAG;AACjC,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,WAAW,CAAA,CAAE,MAAA;AAAA,UAC5B,KAAA,CAAM,WAAA,CAAY,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,YAC7B,IAAI,UAAA,EAAW;AAAA,YACf,OAAA;AAAA,YACA,UAAU,CAAA,CAAE,QAAA;AAAA,YACZ,SAAS,CAAA,CAAE,OAAA;AAAA,YACX,WAAA,EAAa,EAAE,WAAA,IAAe,IAAA;AAAA,YAC9B,SAAA,EAAW;AAAA,WACZ,CAAE;AAAA,SACH;AAAA,MACD;AAAA,IACD;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,GAAA,CAAI,OAAO,CAAA;AACjC,IAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,KAAA,CAAM,CAAA,MAAA,EAAS,OAAO,CAAA,0BAAA,CAA4B,CAAA;AAC1E,IAAA,OAAO,OAAA;AAAA,EACR;AAEA,EAAA,eAAe,OAAO,OAAA,EAAgC;AACrD,IAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,OAAO,CAAA;AAClC,IAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,CAAA,MAAA,EAAS,OAAO,CAAA,WAAA,CAAa,CAAA;AAE5D,IAAA,MAAM,GACJ,MAAA,CAAO,MAAM,EACb,GAAA,CAAI,EAAE,QAAQ,SAAA,EAAW,SAAA,sBAAe,IAAA,EAAK,EAAG,CAAA,CAChD,KAAA,CAAM,GAAG,MAAA,CAAO,EAAA,EAAI,OAAO,CAAC,CAAA;AAAA,EAC/B;AAEA,EAAA,eAAe,OAAO,OAAA,EAA6D;AAClF,IAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,OAAO,CAAA;AAClC,IAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,CAAA,MAAA,EAAS,OAAO,CAAA,WAAA,CAAa,CAAA;AAC5D,IAAA,IAAI,SAAS,MAAA,KAAW,QAAA;AACvB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,QAAA,CAAS,MAAM,CAAA,OAAA,CAAS,CAAA;AAEpE,IAAA,MAAM,EAAE,KAAA,EAAO,IAAA,EAAM,MAAA,EAAO,GAAI,MAAM,kBAAA,EAAmB;AACzD,IAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAErB,IAAA,MAAM,GACJ,MAAA,CAAO,MAAM,EACb,GAAA,CAAI,EAAE,WAAW,IAAA,EAAM,WAAA,EAAa,QAAQ,SAAA,EAAW,GAAA,EAAK,CAAA,CAC5D,KAAA,CAAM,GAAG,MAAA,CAAO,EAAA,EAAI,OAAO,CAAC,CAAA;AAE9B,IAAA,OAAO,EAAE,GAAG,QAAA,EAAU,KAAA,EAAO,WAAW,GAAA,EAAI;AAAA,EAC7C;AAMA,EAAA,eAAe,cAAc,KAAA,EAA8C;AAC1E,IAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,KAAK,CAAA;AAC/B,IAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,MAAM,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,OAAO,SAAA,EAAW,IAAI,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AACrF,IAAA,MAAM,KAAA,GAAQ,KAAK,CAAC,CAAA;AACpB,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAGnB,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,QAAA,EAAU,OAAO,IAAA;AAGtC,IAAA,IAAI,MAAM,SAAA,IAAa,KAAA,CAAM,SAAA,mBAAY,IAAI,MAAK,EAAG;AACpD,MAAA,MAAM,EAAA,CACJ,OAAO,MAAM,CAAA,CACb,IAAI,EAAE,MAAA,EAAQ,WAAW,SAAA,kBAAW,IAAI,MAAK,EAAG,EAChD,KAAA,CAAM,EAAA,CAAG,OAAO,EAAA,EAAI,KAAA,CAAM,EAAE,CAAC,CAAA;AAC/B,MAAA,OAAO,IAAA;AAAA,IACR;AAGA,IAAA,MAAM,GAAG,MAAA,CAAO,MAAM,EAAE,GAAA,CAAI,EAAE,8BAAc,IAAI,IAAA,EAAK,EAAG,EAAE,KAAA,CAAM,EAAA,CAAG,OAAO,EAAA,EAAI,KAAA,CAAM,EAAE,CAAC,CAAA;AAEvF,IAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,CAAG,MAAA,GAAS,IAAA,CAAK,WAAW,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,OAAA,EAAS,KAAA,CAAM,EAAE,CAAC,CAAA;AAEzF,IAAA,OAAO;AAAA,MACN,IAAI,KAAA,CAAM,EAAA;AAAA,MACV,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,QAAA,EAAU,MAAM,QAAA,IAAY,MAAA;AAAA,MAC5B,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,KAAA,EAAO,EAAA;AAAA,MACP,WAAA,EAAa,KAAA,CAAM,GAAA,CAAI,YAAY,CAAA;AAAA,MACnC,MAAA,EAAQ,QAAA;AAAA,MACR,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM;AAAA,KAClB;AAAA,EACD;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,GAAA,EAAK,MAAM,MAAA,EAAQ,MAAA,EAAQ,QAAQ,aAAA,EAAc;AACnE;AAEA,SAAS,aAAa,GAAA,EAIP;AACd,EAAA,OAAO;AAAA,IACN,UAAU,GAAA,CAAI,QAAA;AAAA,IACd,SAAS,GAAA,CAAI,OAAA;AAAA,IACb,WAAA,EAAc,IAAI,WAAA,IAA6C;AAAA,GAChE;AACD","file":"chunk-IKTOSJ4O.js","sourcesContent":["import { and, eq } from \"drizzle-orm\";\nimport { generateId, randomBytes, sha256, toBase64Url } from \"../crypto/web-crypto.js\";\nimport type { Database } from \"../db/database.js\";\nimport { agents, permissions } from \"../db/schema.js\";\nimport type {\n\tAgentFilter,\n\tAgentIdentity,\n\tCreateAgentInput,\n\tPermission,\n\tUpdateAgentInput,\n} from \"../types.js\";\n\ninterface AgentModuleConfig {\n\tdb: Database;\n\tmaxPerUser: number;\n\tdefaultPermissions: string[];\n\ttokenExpiry: string;\n}\n\n/**\n * Generate a secure agent token.\n * Returns { token, hash, prefix } where:\n * - token: the full token (given to the agent, never stored)\n * - hash: SHA-256 hash (stored in DB)\n * - prefix: first 8 chars (for identification in logs/UI)\n */\nasync function generateAgentToken(): Promise<{ token: string; hash: string; prefix: string }> {\n\tconst tokenBytes = randomBytes(32);\n\tconst token = `kv_${toBase64Url(tokenBytes)}`;\n\tconst hash = await sha256(token);\n\tconst prefix = token.slice(0, 11); // \"kv_\" + 8 chars\n\treturn { token, hash, prefix };\n}\n\nfunction parseTokenExpiry(expiry: string): Date {\n\tconst now = Date.now();\n\tconst match = expiry.match(/^(\\d+)([smhd])$/);\n\tif (!match) {\n\t\tthrow new Error(`Invalid token expiry format: ${expiry}. Use format like \"24h\", \"7d\", \"30m\".`);\n\t}\n\tconst value = Number.parseInt(match[1] as string, 10);\n\tconst unit = match[2];\n\tconst multipliers: Record<string, number> = {\n\t\ts: 1000,\n\t\tm: 60 * 1000,\n\t\th: 60 * 60 * 1000,\n\t\td: 24 * 60 * 60 * 1000,\n\t};\n\treturn new Date(now + value * (multipliers[unit as string] ?? 0));\n}\n\n/**\n * Create the agent identity module.\n * Handles CRUD operations for AI agent identities.\n */\nexport function createAgentModule(config: AgentModuleConfig) {\n\tconst { db, maxPerUser, tokenExpiry } = config;\n\n\tasync function create(input: CreateAgentInput): Promise<AgentIdentity & { token: string }> {\n\t\t// Check max agents per user\n\t\tconst existing = await db\n\t\t\t.select()\n\t\t\t.from(agents)\n\t\t\t.where(and(eq(agents.ownerId, input.ownerId), eq(agents.status, \"active\")));\n\n\t\tif (existing.length >= maxPerUser) {\n\t\t\tthrow new Error(\n\t\t\t\t`User ${input.ownerId} has reached the maximum of ${maxPerUser} active agents.`,\n\t\t\t);\n\t\t}\n\n\t\tconst id = generateId();\n\t\tconst { token, hash, prefix } = await generateAgentToken();\n\t\tconst now = new Date();\n\t\tconst expires = input.expiresAt ?? parseTokenExpiry(tokenExpiry);\n\n\t\t// Insert agent\n\t\tawait db.insert(agents).values({\n\t\t\tid,\n\t\t\townerId: input.ownerId,\n\t\t\ttenantId: input.tenantId ?? null,\n\t\t\tname: input.name,\n\t\t\ttype: input.type,\n\t\t\tstatus: \"active\",\n\t\t\ttokenHash: hash,\n\t\t\ttokenPrefix: prefix,\n\t\t\texpiresAt: expires,\n\t\t\tmetadata: input.metadata ?? {},\n\t\t\tcreatedAt: now,\n\t\t\tupdatedAt: now,\n\t\t});\n\n\t\t// Insert permissions\n\t\tif (input.permissions.length > 0) {\n\t\t\tawait db.insert(permissions).values(\n\t\t\t\tinput.permissions.map((p) => ({\n\t\t\t\t\tid: generateId(),\n\t\t\t\t\tagentId: id,\n\t\t\t\t\tresource: p.resource,\n\t\t\t\t\tactions: p.actions,\n\t\t\t\t\tconstraints: p.constraints ?? null,\n\t\t\t\t\tcreatedAt: now,\n\t\t\t\t})),\n\t\t\t);\n\t\t}\n\n\t\treturn {\n\t\t\tid,\n\t\t\townerId: input.ownerId,\n\t\t\ttenantId: input.tenantId,\n\t\t\tname: input.name,\n\t\t\ttype: input.type,\n\t\t\ttoken,\n\t\t\tpermissions: input.permissions,\n\t\t\tstatus: \"active\",\n\t\t\texpiresAt: expires,\n\t\t\tcreatedAt: now,\n\t\t\tupdatedAt: now,\n\t\t};\n\t}\n\n\tasync function get(agentId: string): Promise<AgentIdentity | null> {\n\t\tconst rows = await db.select().from(agents).where(eq(agents.id, agentId)).limit(1);\n\t\tconst agent = rows[0];\n\t\tif (!agent) return null;\n\n\t\tconst perms = await db.select().from(permissions).where(eq(permissions.agentId, agentId));\n\n\t\treturn {\n\t\t\tid: agent.id,\n\t\t\townerId: agent.ownerId,\n\t\t\ttenantId: agent.tenantId ?? undefined,\n\t\t\tname: agent.name,\n\t\t\ttype: agent.type as AgentIdentity[\"type\"],\n\t\t\ttoken: \"\", // never return token after creation\n\t\t\tpermissions: perms.map(toPermission),\n\t\t\tstatus: agent.status as AgentIdentity[\"status\"],\n\t\t\texpiresAt: agent.expiresAt,\n\t\t\tcreatedAt: agent.createdAt,\n\t\t\tupdatedAt: agent.updatedAt,\n\t\t};\n\t}\n\n\tasync function list(filter?: AgentFilter): Promise<AgentIdentity[]> {\n\t\tlet query = db.select().from(agents).$dynamic();\n\n\t\tconst conditions = [];\n\t\tif (filter?.userId) conditions.push(eq(agents.ownerId, filter.userId));\n\t\tif (filter?.tenantId) conditions.push(eq(agents.tenantId, filter.tenantId));\n\t\tif (filter?.status) conditions.push(eq(agents.status, filter.status));\n\t\tif (filter?.type) conditions.push(eq(agents.type, filter.type));\n\n\t\tif (conditions.length > 0) {\n\t\t\tquery = query.where(and(...conditions));\n\t\t}\n\n\t\tconst rows = await query;\n\n\t\t// Load permissions for all agents\n\t\tconst agentIds = rows.map((r) => r.id);\n\t\tconst permsByAgent = new Map<string, Permission[]>();\n\t\tfor (const id of agentIds) {\n\t\t\tconst perms = await db.select().from(permissions).where(eq(permissions.agentId, id));\n\t\t\tpermsByAgent.set(id, perms.map(toPermission));\n\t\t}\n\n\t\treturn rows.map((agent) => ({\n\t\t\tid: agent.id,\n\t\t\townerId: agent.ownerId,\n\t\t\ttenantId: agent.tenantId ?? undefined,\n\t\t\tname: agent.name,\n\t\t\ttype: agent.type as AgentIdentity[\"type\"],\n\t\t\ttoken: \"\",\n\t\t\tpermissions: permsByAgent.get(agent.id) ?? [],\n\t\t\tstatus: agent.status as AgentIdentity[\"status\"],\n\t\t\texpiresAt: agent.expiresAt,\n\t\t\tcreatedAt: agent.createdAt,\n\t\t\tupdatedAt: agent.updatedAt,\n\t\t}));\n\t}\n\n\tasync function update(agentId: string, input: UpdateAgentInput): Promise<AgentIdentity> {\n\t\tconst existing = await get(agentId);\n\t\tif (!existing) throw new Error(`Agent ${agentId} not found.`);\n\n\t\tconst now = new Date();\n\n\t\tawait db\n\t\t\t.update(agents)\n\t\t\t.set({\n\t\t\t\tname: input.name ?? existing.name,\n\t\t\t\texpiresAt: input.expiresAt ?? existing.expiresAt,\n\t\t\t\tmetadata: input.metadata,\n\t\t\t\tupdatedAt: now,\n\t\t\t})\n\t\t\t.where(eq(agents.id, agentId));\n\n\t\t// Replace permissions if provided\n\t\tif (input.permissions) {\n\t\t\tawait db.delete(permissions).where(eq(permissions.agentId, agentId));\n\t\t\tif (input.permissions.length > 0) {\n\t\t\t\tawait db.insert(permissions).values(\n\t\t\t\t\tinput.permissions.map((p) => ({\n\t\t\t\t\t\tid: generateId(),\n\t\t\t\t\t\tagentId,\n\t\t\t\t\t\tresource: p.resource,\n\t\t\t\t\t\tactions: p.actions,\n\t\t\t\t\t\tconstraints: p.constraints ?? null,\n\t\t\t\t\t\tcreatedAt: now,\n\t\t\t\t\t})),\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\tconst updated = await get(agentId);\n\t\tif (!updated) throw new Error(`Agent ${agentId} disappeared after update.`);\n\t\treturn updated;\n\t}\n\n\tasync function revoke(agentId: string): Promise<void> {\n\t\tconst existing = await get(agentId);\n\t\tif (!existing) throw new Error(`Agent ${agentId} not found.`);\n\n\t\tawait db\n\t\t\t.update(agents)\n\t\t\t.set({ status: \"revoked\", updatedAt: new Date() })\n\t\t\t.where(eq(agents.id, agentId));\n\t}\n\n\tasync function rotate(agentId: string): Promise<AgentIdentity & { token: string }> {\n\t\tconst existing = await get(agentId);\n\t\tif (!existing) throw new Error(`Agent ${agentId} not found.`);\n\t\tif (existing.status !== \"active\")\n\t\t\tthrow new Error(`Cannot rotate token for ${existing.status} agent.`);\n\n\t\tconst { token, hash, prefix } = await generateAgentToken();\n\t\tconst now = new Date();\n\n\t\tawait db\n\t\t\t.update(agents)\n\t\t\t.set({ tokenHash: hash, tokenPrefix: prefix, updatedAt: now })\n\t\t\t.where(eq(agents.id, agentId));\n\n\t\treturn { ...existing, token, updatedAt: now };\n\t}\n\n\t/**\n\t * Validate an agent token and return the agent identity.\n\t * Used internally by the authorization engine.\n\t */\n\tasync function validateToken(token: string): Promise<AgentIdentity | null> {\n\t\tconst hash = await sha256(token);\n\t\tconst rows = await db.select().from(agents).where(eq(agents.tokenHash, hash)).limit(1);\n\t\tconst agent = rows[0];\n\t\tif (!agent) return null;\n\n\t\t// Check status\n\t\tif (agent.status !== \"active\") return null;\n\n\t\t// Check expiry\n\t\tif (agent.expiresAt && agent.expiresAt < new Date()) {\n\t\t\tawait db\n\t\t\t\t.update(agents)\n\t\t\t\t.set({ status: \"expired\", updatedAt: new Date() })\n\t\t\t\t.where(eq(agents.id, agent.id));\n\t\t\treturn null;\n\t\t}\n\n\t\t// Update last active\n\t\tawait db.update(agents).set({ lastActiveAt: new Date() }).where(eq(agents.id, agent.id));\n\n\t\tconst perms = await db.select().from(permissions).where(eq(permissions.agentId, agent.id));\n\n\t\treturn {\n\t\t\tid: agent.id,\n\t\t\townerId: agent.ownerId,\n\t\t\ttenantId: agent.tenantId ?? undefined,\n\t\t\tname: agent.name,\n\t\t\ttype: agent.type as AgentIdentity[\"type\"],\n\t\t\ttoken: \"\",\n\t\t\tpermissions: perms.map(toPermission),\n\t\t\tstatus: \"active\",\n\t\t\texpiresAt: agent.expiresAt,\n\t\t\tcreatedAt: agent.createdAt,\n\t\t\tupdatedAt: agent.updatedAt,\n\t\t};\n\t}\n\n\treturn { create, get, list, update, revoke, rotate, validateToken };\n}\n\nfunction toPermission(row: {\n\tresource: string;\n\tactions: string[];\n\tconstraints: unknown;\n}): Permission {\n\treturn {\n\t\tresource: row.resource,\n\t\tactions: row.actions,\n\t\tconstraints: (row.constraints as Permission[\"constraints\"]) ?? undefined,\n\t};\n}\n"]}
package/dist/{chunk-V66UUIA7.js → chunk-KDL6A76K.js} RENAMED
@@ -1,4 +1,4 @@
1
- import { __export } from './chunk-PZ5AY32C.js';
1
+ import { __export } from './chunk-NSBPE2FW.js';
2
2
  import { sqliteTable, integer, text } from 'drizzle-orm/sqlite-core';
3
3
 
4
4
  // src/db/schema.ts
@@ -11,8 +11,12 @@ __export(schema_exports, {
11
11
  approvalRequests: () => approvalRequests,
12
12
  auditLogs: () => auditLogs,
13
13
  budgetPolicies: () => budgetPolicies,
14
+ costEvents: () => costEvents,
14
15
  delegationChains: () => delegationChains,
15
16
  emailOtps: () => emailOtps,
17
+ ephemeralSessions: () => ephemeralSessions,
18
+ federationInstances: () => federationInstances,
19
+ federationTokens: () => federationTokens,
16
20
  jwtRefreshTokens: () => jwtRefreshTokens,
17
21
  loginHistory: () => loginHistory,
18
22
  magicLinks: () => magicLinks,
@@ -33,8 +37,11 @@ __export(schema_exports, {
33
37
  permissions: () => permissions,
34
38
  phoneVerifications: () => phoneVerifications,
35
39
  rateLimits: () => rateLimits,
40
+ rebacRelationships: () => rebacRelationships,
41
+ rebacResources: () => rebacResources,
36
42
  sessions: () => sessions,
37
43
  ssoConnections: () => ssoConnections,
44
+ streamEvents: () => streamEvents,
38
45
  tenants: () => tenants,
39
46
  totpRecords: () => totpRecords,
40
47
  trustScores: () => trustScores,
@@ -57,6 +64,7 @@ var users = sqliteTable("kavach_users", {
57
64
  banReason: text("ban_reason"),
58
65
  banExpiresAt: integer("ban_expires_at", { mode: "timestamp" }),
59
66
  forcePasswordReset: integer("force_password_reset").notNull().default(0),
67
+ emailVerified: integer("email_verified").notNull().default(0),
60
68
  // Stripe integration fields (populated by kavach-stripe plugin)
61
69
  stripeCustomerId: text("stripe_customer_id").unique(),
62
70
  stripeSubscriptionId: text("stripe_subscription_id"),
@@ -463,6 +471,43 @@ var oidcRefreshTokens = sqliteTable("kavach_oidc_refresh_tokens", {
463
471
  expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
464
472
  createdAt: integer("created_at", { mode: "timestamp" }).notNull()
465
473
  });
474
+ var costEvents = sqliteTable("kavach_cost_events", {
475
+ id: text("id").primaryKey(),
476
+ agentId: text("agent_id").notNull().references(() => agents.id, { onDelete: "cascade" }),
477
+ tool: text("tool").notNull(),
478
+ // e.g. 'openai:gpt-4o', 'anthropic:claude-3-5-sonnet', 'mcp:github'
479
+ inputTokens: integer("input_tokens"),
480
+ outputTokens: integer("output_tokens"),
481
+ /** Cost stored as integer microdollars (costUsd × 1_000_000) to avoid float drift */
482
+ costMicros: integer("cost_micros").notNull(),
483
+ currency: text("currency").notNull().default("USD"),
484
+ metadata: text("metadata", { mode: "json" }).$type(),
485
+ delegationChainId: text("delegation_chain_id"),
486
+ // null when not part of a chain
487
+ recordedAt: integer("recorded_at", { mode: "timestamp" }).notNull()
488
+ });
489
+ var ephemeralSessions = sqliteTable("kavach_ephemeral_sessions", {
490
+ id: text("id").primaryKey(),
491
+ agentId: text("agent_id").notNull().references(() => agents.id, { onDelete: "cascade" }),
492
+ ownerId: text("owner_id").notNull().references(() => users.id),
493
+ tokenHash: text("token_hash").notNull().unique(),
494
+ expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
495
+ maxActions: integer("max_actions"),
496
+ // null = unlimited
497
+ actionsUsed: integer("actions_used").notNull().default(0),
498
+ status: text("status", { enum: ["active", "expired", "exhausted", "revoked"] }).notNull().default("active"),
499
+ auditGroupId: text("audit_group_id").notNull(),
500
+ createdAt: integer("created_at", { mode: "timestamp" }).notNull(),
501
+ updatedAt: integer("updated_at", { mode: "timestamp" }).notNull()
502
+ });
503
+ var streamEvents = sqliteTable("kavach_stream_events", {
504
+ id: text("id").primaryKey(),
505
+ type: text("type").notNull(),
506
+ timestamp: integer("timestamp", { mode: "timestamp" }).notNull(),
507
+ data: text("data", { mode: "json" }).notNull().$type(),
508
+ agentId: text("agent_id"),
509
+ userId: text("user_id")
510
+ });
466
511
  var jwtRefreshTokens = sqliteTable("kavach_jwt_refresh_tokens", {
467
512
  id: text("id").primaryKey(),
468
513
  /** SHA-256 hex of the raw refresh token. The raw token is never stored. */
@@ -474,7 +519,51 @@ var jwtRefreshTokens = sqliteTable("kavach_jwt_refresh_tokens", {
474
519
  expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
475
520
  createdAt: integer("created_at", { mode: "timestamp" }).notNull()
476
521
  });
522
+ var rebacResources = sqliteTable("kavach_rebac_resources", {
523
+ id: text("id").notNull().primaryKey(),
524
+ type: text("type").notNull(),
525
+ // 'org', 'workspace', 'project', 'document', etc.
526
+ parentId: text("parent_id"),
527
+ parentType: text("parent_type"),
528
+ createdAt: integer("created_at", { mode: "timestamp" }).notNull()
529
+ });
530
+ var rebacRelationships = sqliteTable("kavach_rebac_relationships", {
531
+ id: text("id").primaryKey(),
532
+ subjectType: text("subject_type").notNull(),
533
+ // 'user', 'agent', 'team', 'role'
534
+ subjectId: text("subject_id").notNull(),
535
+ relation: text("relation").notNull(),
536
+ // 'owner', 'editor', 'viewer', 'member', 'parent'
537
+ objectType: text("object_type").notNull(),
538
+ objectId: text("object_id").notNull(),
539
+ createdAt: integer("created_at", { mode: "timestamp" }).notNull()
540
+ });
541
+ var federationInstances = sqliteTable("kavach_federation_instances", {
542
+ id: text("id").primaryKey(),
543
+ instanceId: text("instance_id").notNull().unique(),
544
+ instanceUrl: text("instance_url").notNull(),
545
+ publicKeyJwk: text("public_key_jwk"),
546
+ // JSON-serialised JWK (public key only)
547
+ trustLevel: text("trust_level", { enum: ["full", "limited", "verify-only"] }).notNull().default("verify-only"),
548
+ discoveredAt: integer("discovered_at", { mode: "timestamp" }),
549
+ createdAt: integer("created_at", { mode: "timestamp" }).notNull(),
550
+ updatedAt: integer("updated_at", { mode: "timestamp" }).notNull()
551
+ });
552
+ var federationTokens = sqliteTable("kavach_federation_tokens", {
553
+ id: text("id").primaryKey(),
554
+ tokenJti: text("token_jti").notNull().unique(),
555
+ // JWT ID for dedup
556
+ agentId: text("agent_id").notNull(),
557
+ sourceInstanceId: text("source_instance_id").notNull(),
558
+ targetInstanceId: text("target_instance_id"),
559
+ direction: text("direction", { enum: ["issued", "received"] }).notNull(),
560
+ permissions: text("permissions", { mode: "json" }).notNull().$type(),
561
+ trustScore: integer("trust_score"),
562
+ // stored as integer 0-100
563
+ expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
564
+ createdAt: integer("created_at", { mode: "timestamp" }).notNull()
565
+ });
477
566
 
478
- export { agentCards, agentDids, agents, apiKeys, approvalRequests, auditLogs, budgetPolicies, delegationChains, emailOtps, jwtRefreshTokens, loginHistory, magicLinks, mcpServers, oauthAccessTokens, oauthAuthorizationCodes, oauthClients, oidcAuthCodes, oidcClients, oidcRefreshTokens, oneTimeTokens, orgInvitations, orgMembers, orgRoles, organizations, passkeyChallenges, passkeyCredentials, permissions, phoneVerifications, rateLimits, schema_exports, sessions, ssoConnections, tenants, totpRecords, trustScores, trustedDevices, usernameAccounts, users };
479
- //# sourceMappingURL=chunk-V66UUIA7.js.map
480
- //# sourceMappingURL=chunk-V66UUIA7.js.map
567
+ export { agentCards, agentDids, agents, apiKeys, approvalRequests, auditLogs, budgetPolicies, costEvents, delegationChains, emailOtps, ephemeralSessions, jwtRefreshTokens, loginHistory, magicLinks, mcpServers, oauthAccessTokens, oauthAuthorizationCodes, oauthClients, oidcAuthCodes, oidcClients, oidcRefreshTokens, oneTimeTokens, orgInvitations, orgMembers, orgRoles, organizations, passkeyChallenges, passkeyCredentials, permissions, phoneVerifications, rateLimits, rebacRelationships, rebacResources, schema_exports, sessions, ssoConnections, streamEvents, tenants, totpRecords, trustScores, trustedDevices, usernameAccounts, users };
568
+ //# sourceMappingURL=chunk-KDL6A76K.js.map
569
+ //# sourceMappingURL=chunk-KDL6A76K.js.map
package/dist/chunk-KDL6A76K.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/db/schema.ts"],"names":[],"mappings":";;;;AAAA,IAAA,cAAA,GAAA;AAAA,QAAA,CAAA,cAAA,EAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,SAAA,EAAA,MAAA,SAAA;AAAA,EAAA,MAAA,EAAA,MAAA,MAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,SAAA,EAAA,MAAA,SAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,SAAA,EAAA,MAAA,SAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,mBAAA,EAAA,MAAA,mBAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,uBAAA,EAAA,MAAA,uBAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,QAAA,EAAA,MAAA,QAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,QAAA,EAAA,MAAA,QAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,KAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAKO,IAAM,KAAA,GAAQ,YAAY,cAAA,EAAgB;AAAA,EAChD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACtC,IAAA,EAAM,KAAK,MAAM,CAAA;AAAA,EACjB,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,MAAA,EAAO;AAAA,EAClC,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA;AAAA,EAC9B,gBAAA,EAAkB,KAAK,mBAAmB,CAAA;AAAA;AAAA,EAC1C,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA;AAAA,EAE5E,QAAQ,OAAA,CAAQ,QAAQ,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC7C,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,cAAc,OAAA,CAAQ,gBAAA,EAAkB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC7D,oBAAoB,OAAA,CAAQ,sBAAsB,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACvE,eAAe,OAAA,CAAQ,gBAAgB,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA;AAAA,EAE5D,gBAAA,EAAkB,IAAA,CAAK,oBAAoB,CAAA,CAAE,MAAA,EAAO;AAAA,EACpD,oBAAA,EAAsB,KAAK,wBAAwB,CAAA;AAAA,EACnD,wBAAA,EAA0B,KAAK,4BAA4B,CAAA;AAAA,EAC3D,aAAA,EAAe,KAAK,iBAAiB,CAAA;AAAA,EACrC,wBAAwB,OAAA,CAAQ,2BAAA,EAA6B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAClF,uBAAA,EAAyB,OAAA,CAAQ,6BAAA,EAA+B,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CACjF,OAAA,EAAQ,CACR,OAAA,CAAQ,KAAK,CAAA;AAAA;AAAA,EAEf,eAAA,EAAiB,IAAA,CAAK,mBAAmB,CAAA,CAAE,MAAA,EAAO;AAAA,EAClD,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA,EACjD,uBAAA,EAAyB,KAAK,2BAA2B,CAAA;AAAA,EACzD,cAAA,EAAgB,KAAK,kBAAkB,CAAA;AAAA,EACvC,uBAAuB,OAAA,CAAQ,0BAAA,EAA4B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAChF,sBAAA,EAAwB,OAAA,CAAQ,4BAAA,EAA8B,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAC/E,OAAA,EAAQ,CACR,OAAA,CAAQ,KAAK,CAAA;AAAA,EACf,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,OAAA,GAAU,YAAY,gBAAA,EAAkB;AAAA,EACpD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAAyB;AAAA,EACtE,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,WAAW,CAAA,EAAG,CAAA,CACtD,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAYM,IAAM,MAAA,GAAS,YAAY,eAAA,EAAiB;AAAA,EAClD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,UAAU,IAAA,CAAK,WAAW,EAAE,UAAA,CAAW,MAAM,QAAQ,EAAE,CAAA;AAAA;AAAA,EACvD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,YAAA,EAAc,WAAA,EAAa,SAAS,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7E,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,GAAG,CAAA,CAC/D,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACtC,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC1C,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACtD,cAAc,OAAA,CAAQ,gBAAA,EAAkB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC7D,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,WAAA,GAAc,YAAY,oBAAA,EAAsB;AAAA,EAC5D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACnC,OAAA,EAAS,IAAA,CAAK,SAAA,EAAW,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA;AAAA,EACrE,WAAA,EAAa,KAAK,aAAA,EAAe,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAAgC;AAAA,EACnF,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAaM,IAAM,gBAAA,GAAmB,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAA,EAAa,KAAK,eAAe,CAAA,CAC/B,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,SAAA,EAAW,KAAK,aAAa,CAAA,CAC3B,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAiC;AAAA,EAC9F,OAAO,OAAA,CAAQ,OAAO,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC3C,UAAU,OAAA,CAAQ,WAAW,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAClD,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,GAAG,CAAA,CAC/D,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAUM,IAAM,SAAA,GAAY,YAAY,mBAAA,EAAqB;AAAA,EACzD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACnC,UAAA,EAAY,KAAK,YAAA,EAAc,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAChF,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,SAAA,EAAW,QAAA,EAAU,cAAc,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChF,MAAA,EAAQ,KAAK,QAAQ,CAAA;AAAA;AAAA,EACrB,UAAA,EAAY,OAAA,CAAQ,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3C,UAAA,EAAY,QAAQ,aAAa,CAAA;AAAA,EACjC,EAAA,EAAI,KAAK,IAAI,CAAA;AAAA,EACb,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,SAAA,EAAW,QAAQ,WAAA,EAAa,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACxD,CAAC;AAKM,IAAM,UAAA,GAAa,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EACnC,WAAA,EAAa,QAAQ,cAAA,EAAgB,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EACpE,OAAO,OAAA,CAAQ,OAAO,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC;AAC5C,CAAC;AAKM,IAAM,UAAA,GAAa,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,UAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC5C,KAAA,EAAO,IAAA,CAAK,OAAA,EAAS,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACjE,YAAA,EAAc,OAAA,CAAQ,eAAA,EAAiB,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,IAAI,CAAA;AAAA,EAClF,YAAA,EAAc,QAAQ,gBAAgB,CAAA;AAAA,EACtC,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,UAAU,CAAA,EAAG,CAAA,CACrD,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,QAAA,GAAW,YAAY,iBAAA,EAAmB;AAAA,EACtD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,YAAA,GAAe,YAAY,sBAAA,EAAwB;AAAA,EAC/D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC7C,YAAA,EAAc,KAAK,eAAe,CAAA;AAAA;AAAA,EAClC,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,EAC9B,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAChF,UAAA,EAAY,IAAA,CAAK,aAAA,EAAe,EAAE,MAAM,MAAA,EAAQ,CAAA,CAC9C,OAAA,GACA,KAAA,EAAgB,CAChB,OAAA,CAAQ,CAAC,oBAAoB,CAAC,CAAA;AAAA,EAChC,aAAA,EAAe,IAAA,CAAK,gBAAA,EAAkB,EAAE,MAAM,MAAA,EAAQ,CAAA,CACpD,OAAA,GACA,KAAA,EAAgB,CAChB,OAAA,CAAQ,CAAC,MAAM,CAAC,CAAA;AAAA,EAClB,yBAAyB,IAAA,CAAK,4BAA4B,EACxD,OAAA,EAAQ,CACR,QAAQ,qBAAqB,CAAA;AAAA,EAC/B,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,MAAM,CAAC,QAAA,EAAU,cAAc,CAAA,EAAG,CAAA,CACrD,OAAA,EAAQ,CACR,QAAQ,cAAc,CAAA;AAAA,EACxB,QAAA,EAAU,OAAA,CAAQ,UAAA,EAAY,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAC1E,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,iBAAA,GAAoB,YAAY,4BAAA,EAA8B;AAAA,EAC1E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,aAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACnD,YAAA,EAAc,IAAA,CAAK,eAAe,CAAA,CAAE,MAAA,EAAO;AAAA,EAC3C,QAAA,EAAU,KAAK,WAAW,CAAA,CACxB,SAAQ,CACR,UAAA,CAAW,MAAM,YAAA,CAAa,QAAQ,CAAA;AAAA,EACxC,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA;AAAA,EACzB,oBAAA,EAAsB,QAAQ,yBAAA,EAA2B,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EACxF,uBAAuB,OAAA,CAAQ,0BAAA,EAA4B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAChF,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,uBAAA,GAA0B,YAAY,kCAAA,EAAoC;AAAA,EACtF,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,QAAA,EAAU,KAAK,WAAW,CAAA,CACxB,SAAQ,CACR,UAAA,CAAW,MAAM,YAAA,CAAa,QAAQ,CAAA;AAAA,EACxC,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC/B,aAAA,EAAe,KAAK,gBAAgB,CAAA;AAAA;AAAA,EACpC,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA;AAAA,EACjD,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA;AAAA,EACzB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,cAAA,GAAiB,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CAAE,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,SAAA,EAAW,CAAA;AAAA;AAAA,EAC7E,QAAQ,IAAA,CAAK,SAAS,EAAE,UAAA,CAAW,MAAM,MAAM,EAAE,CAAA;AAAA;AAAA,EACjD,UAAU,IAAA,CAAK,WAAW,EAAE,UAAA,CAAW,MAAM,QAAQ,EAAE,CAAA;AAAA;AAAA,EACvD,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAuB;AAAA,EAC1E,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAsB;AAAA,EACtF,QAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,MAAA,EAAQ,UAAA,EAAY,OAAA,EAAS,QAAQ,GAAG,CAAA,CACtE,OAAA,EAAQ,CACR,QAAQ,MAAM,CAAA;AAAA,EAChB,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,WAAA,EAAa,UAAU,GAAG,CAAA,CAClE,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAoBM,IAAM,UAAA,GAAa,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,WAAA,EAAa,KAAK,aAAa,CAAA;AAAA,EAC/B,OAAA,EAAS,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EACjC,SAAA,EAAW,IAAA,CAAK,WAAA,EAAa,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACzE,YAAA,EAAc,IAAA,CAAK,cAAA,EAAgB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAiB;AAAA,EAChF,gBAAA,EAAkB,IAAA,CAAK,mBAAA,EAAqB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAC1D,OAAA,EAAQ,CACR,KAAA,EAA+B;AAAA,EACjC,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA,EACzB,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,gBAAA,GAAmB,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC/B,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EACnC,SAAA,EAAW,KAAK,WAAA,EAAa,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC9E,QAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,SAAA,EAAW,UAAA,EAAY,QAAA,EAAU,SAAS,GAAG,CAAA,CAC3E,OAAA,EAAQ,CACR,QAAQ,SAAS,CAAA;AAAA,EACnB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,aAAa,OAAA,CAAQ,cAAA,EAAgB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC1D,WAAA,EAAa,KAAK,cAAc,CAAA;AAAA,EAChC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,WAAA,GAAc,YAAY,qBAAA,EAAuB;AAAA,EAC7D,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,UAAA,EAAW,CACX,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,KAAA,EAAO,OAAA,CAAQ,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,KAAA,EAAO,KAAK,OAAA,EAAS;AAAA,IACpB,MAAM,CAAC,WAAA,EAAa,SAAA,EAAW,UAAA,EAAY,WAAW,UAAU;AAAA,GAChE,EAAE,OAAA,EAAQ;AAAA,EACX,OAAA,EAAS,IAAA,CAAK,SAAA,EAAW,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAA+B;AAAA,EACpF,UAAA,EAAY,QAAQ,aAAA,EAAe,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AAC3D,CAAC;AAKM,IAAM,UAAA,GAAa,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACtC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,SAAA,GAAY,YAAY,mBAAA,EAAqB;AAAA,EACzD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,UAAU,OAAA,CAAQ,UAAU,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACjD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,WAAA,GAAc,YAAY,aAAA,EAAe;AAAA,EACrD,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,YAAW,CACX,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,OAAA,EAAS,OAAA,CAAQ,SAAA,EAAW,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EACxE,WAAA,EAAa,IAAA,CAAK,cAAA,EAAgB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAwB;AAAA,EACtF,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAUM,IAAM,aAAA,GAAgB,YAAY,sBAAA,EAAwB;AAAA,EAChE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAEM,IAAM,UAAA,GAAa,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,EAAE,OAAA,EAAQ,CAAE,QAAQ,QAAQ,CAAA;AAAA,EAC7C,QAAA,EAAU,QAAQ,WAAA,EAAa,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACvD,CAAC;AAEM,IAAM,cAAA,GAAiB,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,MAAM,IAAA,CAAK,MAAM,EAAE,OAAA,EAAQ,CAAE,QAAQ,QAAQ,CAAA;AAAA,EAC7C,SAAA,EAAW,KAAK,YAAY,CAAA,CAC1B,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,SAAA,EAAW,UAAA,EAAY,SAAS,GAAG,CAAA,CACjE,OAAA,EAAQ,CACR,QAAQ,SAAS,CAAA;AAAA,EACnB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAEM,IAAM,QAAA,GAAW,YAAY,kBAAA,EAAoB;AAAA,EACvD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA;AAC9D,CAAC;AAKM,IAAM,kBAAA,GAAqB,YAAY,4BAAA,EAA8B;AAAA,EAC3E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,cAAc,IAAA,CAAK,eAAe,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACrD,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACtC,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC/C,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,EAC9B,UAAA,EAAY,KAAK,YAAY,CAAA;AAAA;AAAA,EAC7B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,UAAA,EAAY,QAAQ,cAAA,EAAgB,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AAC5D,CAAC;AAKM,IAAM,cAAA,GAAiB,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC9B,UAAA,EAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EACxC,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,MAAA,EAAQ,MAAM,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACvD,QAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACxC,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC/C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,OAAA,GAAU,YAAY,iBAAA,EAAmB;AAAA,EACrD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EAClC,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,EACtC,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAC7E,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACtD,YAAY,OAAA,CAAQ,cAAA,EAAgB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACzD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,iBAAA,GAAoB,YAAY,2BAAA,EAA6B;AAAA,EACzE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC9C,MAAA,EAAQ,KAAK,SAAS,CAAA;AAAA;AAAA,EACtB,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,cAAA,EAAgB,gBAAgB,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACzE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,gBAAA,GAAmB,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,UAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC5C,YAAA,EAAc,IAAA,CAAK,eAAe,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC5C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,kBAAA,GAAqB,YAAY,4BAAA,EAA8B;AAAA,EAC3E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,UAAU,OAAA,CAAQ,UAAU,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACjD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,cAAA,GAAiB,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,WAAA,EAAa,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACzC,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC7B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,aAAA,GAAgB,YAAY,wBAAA,EAA0B;AAAA,EAClE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC/C,OAAA,EAAS,KAAK,SAAA,EAAW;AAAA,IACxB,IAAA,EAAM,CAAC,cAAA,EAAgB,gBAAA,EAAkB,cAAc,QAAQ;AAAA,GAC/D,EAAE,OAAA,EAAQ;AAAA,EACX,UAAA,EAAY,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACvC,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,YAAA,GAAe,YAAY,sBAAA,EAAwB;AAAA,EAC/D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,EAAA,EAAI,KAAK,IAAI,CAAA;AAAA,EACb,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,SAAA,EAAW,QAAQ,WAAA,EAAa,EAAE,MAAM,cAAA,EAAgB,EAAE,OAAA;AAC3D,CAAC;AAKM,IAAM,SAAA,GAAY,YAAY,mBAAA,EAAqB;AAAA,EACzD,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,UAAA,EAAW,CACX,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,KAAK,IAAA,CAAK,KAAK,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAClC,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,KAAA,EAAO,KAAK,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACzD,YAAA,EAAc,IAAA,CAAK,gBAAgB,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC7C,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC1C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,WAAA,GAAc,YAAY,qBAAA,EAAuB;AAAA,EAC7D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC7C,gBAAA,EAAkB,IAAA,CAAK,oBAAoB,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACrD,UAAA,EAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EACxC,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAChF,UAAA,EAAY,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAC5E,aAAA,EAAe,IAAA,CAAK,gBAAA,EAAkB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAClF,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACnE,yBAAyB,IAAA,CAAK,4BAA4B,EACxD,OAAA,EAAQ,CACR,QAAQ,oBAAoB,CAAA;AAAA,EAC9B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,aAAA,GAAgB,YAAY,wBAAA,EAA0B;AAAA,EAClE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC7C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,KAAA,EAAO,KAAK,OAAO,CAAA;AAAA,EACnB,aAAA,EAAe,KAAK,gBAAgB,CAAA;AAAA;AAAA,EACpC,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA,EACjD,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,iBAAA,GAAoB,YAAY,4BAAA,EAA8B;AAAA,EAC1E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC/C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,OAAA,EAAS,OAAA,CAAQ,SAAA,EAAW,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EACxE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,UAAA,GAAa,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC3B,WAAA,EAAa,QAAQ,cAAc,CAAA;AAAA,EACnC,YAAA,EAAc,QAAQ,eAAe,CAAA;AAAA;AAAA,EAErC,UAAA,EAAY,OAAA,CAAQ,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3C,UAAU,IAAA,CAAK,UAAU,EAAE,OAAA,EAAQ,CAAE,QAAQ,KAAK,CAAA;AAAA,EAClD,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,iBAAA,EAAmB,KAAK,qBAAqB,CAAA;AAAA;AAAA,EAC7C,UAAA,EAAY,QAAQ,aAAA,EAAe,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AAC3D,CAAC;AAKM,IAAM,iBAAA,GAAoB,YAAY,2BAAA,EAA6B;AAAA,EACzE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC/C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,UAAA,EAAY,QAAQ,aAAa,CAAA;AAAA;AAAA,EACjC,aAAa,OAAA,CAAQ,cAAc,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACxD,QAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,QAAA,EAAU,SAAA,EAAW,WAAA,EAAa,SAAS,GAAG,CAAA,CAC5E,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA,CAAK,gBAAgB,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,YAAA,GAAe,YAAY,sBAAA,EAAwB;AAAA,EAC/D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,SAAA,EAAW,QAAQ,WAAA,EAAa,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAC/D,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAA+B;AAAA,EAC9E,OAAA,EAAS,KAAK,UAAU,CAAA;AAAA,EACxB,MAAA,EAAQ,KAAK,SAAS;AACvB,CAAC;AAKM,IAAM,gBAAA,GAAmB,YAAY,2BAAA,EAA6B;AAAA,EACxE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA;AAAA,EAE1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAE/C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA;AAAA,EAEpD,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,cAAA,GAAiB,YAAY,wBAAA,EAA0B;AAAA,EACnE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,OAAA,GAAU,UAAA,EAAW;AAAA,EACpC,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC3B,QAAA,EAAU,KAAK,WAAW,CAAA;AAAA,EAC1B,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,EAC9B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,kBAAA,GAAqB,YAAY,4BAAA,EAA8B;AAAA,EAC3E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC1C,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,EACtC,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACnC,UAAA,EAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EACxC,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,mBAAA,GAAsB,YAAY,6BAAA,EAA+B;AAAA,EAC7E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,YAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACjD,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,YAAA,EAAc,KAAK,gBAAgB,CAAA;AAAA;AAAA,EACnC,UAAA,EAAY,IAAA,CAAK,aAAA,EAAe,EAAE,MAAM,CAAC,MAAA,EAAQ,SAAA,EAAW,aAAa,GAAG,CAAA,CAC1E,OAAA,EAAQ,CACR,QAAQ,aAAa,CAAA;AAAA,EACvB,cAAc,OAAA,CAAQ,eAAA,EAAiB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC5D,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAKM,IAAM,gBAAA,GAAmB,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC7C,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EAClC,gBAAA,EAAkB,IAAA,CAAK,oBAAoB,CAAA,CAAE,OAAA,EAAQ;AAAA,EACrD,gBAAA,EAAkB,KAAK,oBAAoB,CAAA;AAAA,EAC3C,SAAA,EAAW,IAAA,CAAK,WAAA,EAAa,EAAE,IAAA,EAAM,CAAC,QAAA,EAAU,UAAU,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACvE,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAC7E,UAAA,EAAY,QAAQ,aAAa,CAAA;AAAA;AAAA,EACjC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA","file":"chunk-KDL6A76K.js","sourcesContent":["import { integer, sqliteTable, text } from \"drizzle-orm/sqlite-core\";\n\n// ============================================================\n// Users (basic human identity - integrates with external auth)\n// ============================================================\nexport const users = sqliteTable(\"kavach_users\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull().unique(),\n\tname: text(\"name\"),\n\tusername: text(\"username\").unique(),\n\texternalId: text(\"external_id\"), // ID from external auth (better-auth, Auth.js, etc.)\n\texternalProvider: text(\"external_provider\"), // \"better-auth\", \"authjs\", \"clerk\", etc.\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\t// Admin ban fields (populated by admin module)\n\tbanned: integer(\"banned\").notNull().default(0),\n\tbanReason: text(\"ban_reason\"),\n\tbanExpiresAt: integer(\"ban_expires_at\", { mode: \"timestamp\" }),\n\tforcePasswordReset: integer(\"force_password_reset\").notNull().default(0),\n\temailVerified: integer(\"email_verified\").notNull().default(0),\n\t// Stripe integration fields (populated by kavach-stripe plugin)\n\tstripeCustomerId: text(\"stripe_customer_id\").unique(),\n\tstripeSubscriptionId: text(\"stripe_subscription_id\"),\n\tstripeSubscriptionStatus: text(\"stripe_subscription_status\"),\n\tstripePriceId: text(\"stripe_price_id\"),\n\tstripeCurrentPeriodEnd: integer(\"stripe_current_period_end\", { mode: \"timestamp\" }),\n\tstripeCancelAtPeriodEnd: integer(\"stripe_cancel_at_period_end\", { mode: \"boolean\" })\n\t\t.notNull()\n\t\t.default(false),\n\t// Polar integration fields (populated by kavach-polar plugin)\n\tpolarCustomerId: text(\"polar_customer_id\").unique(),\n\tpolarSubscriptionId: text(\"polar_subscription_id\"),\n\tpolarSubscriptionStatus: text(\"polar_subscription_status\"),\n\tpolarProductId: text(\"polar_product_id\"),\n\tpolarCurrentPeriodEnd: integer(\"polar_current_period_end\", { mode: \"timestamp\" }),\n\tpolarCancelAtPeriodEnd: integer(\"polar_cancel_at_period_end\", { mode: \"boolean\" })\n\t\t.notNull()\n\t\t.default(false),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Tenants (multi-tenant isolation — must come before agents)\n// ============================================================\nexport const tenants = sqliteTable(\"kavach_tenants\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tslug: text(\"slug\").notNull().unique(),\n\tsettings: text(\"settings\", { mode: \"json\" }).$type<TenantSettingsRow>(),\n\tstatus: text(\"status\", { enum: [\"active\", \"suspended\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface TenantSettingsRow {\n\tmaxAgents?: number;\n\tmaxDelegationDepth?: number;\n\tauditRetentionDays?: number;\n\tallowedAgentTypes?: string[];\n}\n\n// ============================================================\n// Agents (the core differentiator - AI agent identities)\n// ============================================================\nexport const agents = sqliteTable(\"kavach_agents\", {\n\tid: text(\"id\").primaryKey(),\n\townerId: text(\"owner_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\ttenantId: text(\"tenant_id\").references(() => tenants.id), // nullable, for multi-tenant scoping\n\tname: text(\"name\").notNull(),\n\ttype: text(\"type\", { enum: [\"autonomous\", \"delegated\", \"service\"] }).notNull(),\n\tstatus: text(\"status\", { enum: [\"active\", \"revoked\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\ttokenHash: text(\"token_hash\").notNull(), // hashed agent token\n\ttokenPrefix: text(\"token_prefix\").notNull(), // first 8 chars for identification\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }),\n\tlastActiveAt: integer(\"last_active_at\", { mode: \"timestamp\" }),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Permissions (scoped access control per agent)\n// ============================================================\nexport const permissions = sqliteTable(\"kavach_permissions\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tresource: text(\"resource\").notNull(), // e.g. \"mcp:github:*\", \"tool:file_read\"\n\tactions: text(\"actions\", { mode: \"json\" }).notNull().$type<string[]>(), // [\"read\", \"write\", \"execute\"]\n\tconstraints: text(\"constraints\", { mode: \"json\" }).$type<PermissionConstraintsRow>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface PermissionConstraintsRow {\n\tmaxCallsPerHour?: number;\n\tallowedArgPatterns?: string[];\n\trequireApproval?: boolean;\n\ttimeWindow?: { start: string; end: string };\n\tipAllowlist?: string[];\n}\n\n// ============================================================\n// Delegation Chains (agent-to-agent permission delegation)\n// ============================================================\nexport const delegationChains = sqliteTable(\"kavach_delegation_chains\", {\n\tid: text(\"id\").primaryKey(),\n\tfromAgentId: text(\"from_agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\ttoAgentId: text(\"to_agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<DelegationPermissionRow[]>(),\n\tdepth: integer(\"depth\").notNull().default(1),\n\tmaxDepth: integer(\"max_depth\").notNull().default(3),\n\tstatus: text(\"status\", { enum: [\"active\", \"revoked\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface DelegationPermissionRow {\n\tresource: string;\n\tactions: string[];\n}\n\n// ============================================================\n// Audit Logs (immutable record of every agent action)\n// ============================================================\nexport const auditLogs = sqliteTable(\"kavach_audit_logs\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\taction: text(\"action\").notNull(), // \"execute\", \"read\", \"write\", \"delete\"\n\tresource: text(\"resource\").notNull(), // \"mcp:github:create_issue\"\n\tparameters: text(\"parameters\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tresult: text(\"result\", { enum: [\"allowed\", \"denied\", \"rate_limited\"] }).notNull(),\n\treason: text(\"reason\"), // why denied/rate_limited\n\tdurationMs: integer(\"duration_ms\").notNull(),\n\ttokensCost: integer(\"tokens_cost\"),\n\tip: text(\"ip\"),\n\tuserAgent: text(\"user_agent\"),\n\ttimestamp: integer(\"timestamp\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Rate Limit Counters (track per-agent call rates)\n// ============================================================\nexport const rateLimits = sqliteTable(\"kavach_rate_limits\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tresource: text(\"resource\").notNull(),\n\twindowStart: integer(\"window_start\", { mode: \"timestamp\" }).notNull(),\n\tcount: integer(\"count\").notNull().default(0),\n});\n\n// ============================================================\n// MCP Servers (registered MCP servers)\n// ============================================================\nexport const mcpServers = sqliteTable(\"kavach_mcp_servers\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tendpoint: text(\"endpoint\").notNull().unique(),\n\ttools: text(\"tools\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tauthRequired: integer(\"auth_required\", { mode: \"boolean\" }).notNull().default(true),\n\trateLimitRpm: integer(\"rate_limit_rpm\"),\n\tstatus: text(\"status\", { enum: [\"active\", \"inactive\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Sessions (human user sessions managed by KavachOS)\n// ============================================================\nexport const sessions = sqliteTable(\"kavach_sessions\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Clients (for MCP OAuth 2.1 - dynamic client registration)\n// ============================================================\nexport const oauthClients = sqliteTable(\"kavach_oauth_clients\", {\n\tid: text(\"id\").primaryKey(),\n\tclientId: text(\"client_id\").notNull().unique(),\n\tclientSecret: text(\"client_secret\"), // null for public clients\n\tclientName: text(\"client_name\"),\n\tclientUri: text(\"client_uri\"),\n\tredirectUris: text(\"redirect_uris\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tgrantTypes: text(\"grant_types\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<string[]>()\n\t\t.default([\"authorization_code\"]),\n\tresponseTypes: text(\"response_types\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<string[]>()\n\t\t.default([\"code\"]),\n\ttokenEndpointAuthMethod: text(\"token_endpoint_auth_method\")\n\t\t.notNull()\n\t\t.default(\"client_secret_basic\"),\n\ttype: text(\"type\", { enum: [\"public\", \"confidential\"] })\n\t\t.notNull()\n\t\t.default(\"confidential\"),\n\tdisabled: integer(\"disabled\", { mode: \"boolean\" }).notNull().default(false),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Access Tokens (issued tokens for MCP auth)\n// ============================================================\nexport const oauthAccessTokens = sqliteTable(\"kavach_oauth_access_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\taccessToken: text(\"access_token\").notNull().unique(),\n\trefreshToken: text(\"refresh_token\").unique(),\n\tclientId: text(\"client_id\")\n\t\t.notNull()\n\t\t.references(() => oauthClients.clientId),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\tresource: text(\"resource\"), // RFC 8707 - audience binding\n\taccessTokenExpiresAt: integer(\"access_token_expires_at\", { mode: \"timestamp\" }).notNull(),\n\trefreshTokenExpiresAt: integer(\"refresh_token_expires_at\", { mode: \"timestamp\" }),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Authorization Codes (temporary codes for code exchange)\n// ============================================================\nexport const oauthAuthorizationCodes = sqliteTable(\"kavach_oauth_authorization_codes\", {\n\tid: text(\"id\").primaryKey(),\n\tcode: text(\"code\").notNull().unique(),\n\tclientId: text(\"client_id\")\n\t\t.notNull()\n\t\t.references(() => oauthClients.clientId),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tredirectUri: text(\"redirect_uri\").notNull(),\n\tscopes: text(\"scopes\").notNull(),\n\tcodeChallenge: text(\"code_challenge\"), // PKCE\n\tcodeChallengeMethod: text(\"code_challenge_method\"), // \"S256\"\n\tresource: text(\"resource\"), // RFC 8707\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Budget Policies (agent execution budget caps)\n// ============================================================\nexport const budgetPolicies = sqliteTable(\"kavach_budget_policies\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\").references(() => agents.id, { onDelete: \"cascade\" }), // nullable\n\tuserId: text(\"user_id\").references(() => users.id), // nullable\n\ttenantId: text(\"tenant_id\").references(() => tenants.id), // nullable\n\tlimits: text(\"limits\", { mode: \"json\" }).notNull().$type<BudgetLimitsRow>(),\n\tcurrentUsage: text(\"current_usage\", { mode: \"json\" }).notNull().$type<BudgetUsageRow>(),\n\taction: text(\"action\", { enum: [\"warn\", \"throttle\", \"block\", \"revoke\"] })\n\t\t.notNull()\n\t\t.default(\"warn\"),\n\tstatus: text(\"status\", { enum: [\"active\", \"triggered\", \"disabled\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface BudgetLimitsRow {\n\tmaxTokensCostPerDay?: number;\n\tmaxTokensCostPerMonth?: number;\n\tmaxCallsPerDay?: number;\n\tmaxCallsPerMonth?: number;\n}\n\ninterface BudgetUsageRow {\n\ttokensCostToday: number;\n\ttokensCostThisMonth: number;\n\tcallsToday: number;\n\tcallsThisMonth: number;\n\tlastUpdated: string;\n}\n\n// ============================================================\n// Agent Capability Cards (A2A discovery)\n// ============================================================\nexport const agentCards = sqliteTable(\"kavach_agent_cards\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tname: text(\"name\").notNull(),\n\tdescription: text(\"description\"),\n\tversion: text(\"version\").notNull(),\n\tprotocols: text(\"protocols\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tcapabilities: text(\"capabilities\", { mode: \"json\" }).notNull().$type<unknown[]>(),\n\tauthRequirements: text(\"auth_requirements\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<Record<string, unknown>>(),\n\tendpoint: text(\"endpoint\"),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Approval Requests (CIBA async approval flows)\n// ============================================================\nexport const approvalRequests = sqliteTable(\"kavach_approval_requests\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\taction: text(\"action\").notNull(),\n\tresource: text(\"resource\").notNull(),\n\targuments: text(\"arguments\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tstatus: text(\"status\", { enum: [\"pending\", \"approved\", \"denied\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"pending\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\trespondedAt: integer(\"responded_at\", { mode: \"timestamp\" }),\n\trespondedBy: text(\"responded_by\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Trust Scores (graduated autonomy scoring)\n// ============================================================\nexport const trustScores = sqliteTable(\"kavach_trust_scores\", {\n\tagentId: text(\"agent_id\")\n\t\t.primaryKey()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tscore: integer(\"score\").notNull(),\n\tlevel: text(\"level\", {\n\t\tenum: [\"untrusted\", \"limited\", \"standard\", \"trusted\", \"elevated\"],\n\t}).notNull(),\n\tfactors: text(\"factors\", { mode: \"json\" }).notNull().$type<Record<string, unknown>>(),\n\tcomputedAt: integer(\"computed_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Magic Links (passwordless email login)\n// ============================================================\nexport const magicLinks = sqliteTable(\"kavach_magic_links\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull(),\n\ttoken: text(\"token\").notNull().unique(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Email OTPs (one-time password login)\n// ============================================================\nexport const emailOtps = sqliteTable(\"kavach_email_otps\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull(),\n\tcodeHash: text(\"code_hash\").notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tattempts: integer(\"attempts\").notNull().default(0),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// TOTP (Two-Factor Authentication)\n// ============================================================\nexport const totpRecords = sqliteTable(\"kavach_totp\", {\n\tuserId: text(\"user_id\")\n\t\t.primaryKey()\n\t\t.references(() => users.id),\n\tsecret: text(\"secret\").notNull(), // base32-encoded TOTP secret\n\tenabled: integer(\"enabled\", { mode: \"boolean\" }).notNull().default(false),\n\tbackupCodes: text(\"backup_codes\", { mode: \"json\" }).notNull().$type<TotpBackupCode[]>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface TotpBackupCode {\n\thash: string;\n\tused: boolean;\n}\n\n// ============================================================\n// Organizations (multi-member org with RBAC)\n// ============================================================\nexport const organizations = sqliteTable(\"kavach_organizations\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tslug: text(\"slug\").notNull().unique(),\n\townerId: text(\"owner_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgMembers = sqliteTable(\"kavach_org_members\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\trole: text(\"role\").notNull().default(\"member\"),\n\tjoinedAt: integer(\"joined_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgInvitations = sqliteTable(\"kavach_org_invitations\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\temail: text(\"email\").notNull(),\n\trole: text(\"role\").notNull().default(\"member\"),\n\tinvitedBy: text(\"invited_by\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tstatus: text(\"status\", { enum: [\"pending\", \"accepted\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"pending\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgRoles = sqliteTable(\"kavach_org_roles\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\tname: text(\"name\").notNull(),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<string[]>(),\n});\n\n// ============================================================\n// Passkey Credentials (WebAuthn / FIDO2)\n// ============================================================\nexport const passkeyCredentials = sqliteTable(\"kavach_passkey_credentials\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tcredentialId: text(\"credential_id\").notNull().unique(),\n\tpublicKey: text(\"public_key\").notNull(), // base64url-encoded COSE key\n\tcounter: integer(\"counter\").notNull().default(0),\n\tdeviceName: text(\"device_name\"),\n\ttransports: text(\"transports\"), // JSON array, e.g. '[\"internal\",\"usb\"]'\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tlastUsedAt: integer(\"last_used_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// SSO Connections (SAML / OIDC enterprise SSO)\n// ============================================================\nexport const ssoConnections = sqliteTable(\"kavach_sso_connections\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\").notNull(),\n\tproviderId: text(\"provider_id\").notNull(),\n\ttype: text(\"type\", { enum: [\"saml\", \"oidc\"] }).notNull(),\n\tdomain: text(\"domain\").notNull().unique(),\n\tenabled: integer(\"enabled\").notNull().default(1),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// API Keys (static bearer tokens with permission scopes)\n// ============================================================\nexport const apiKeys = sqliteTable(\"kavach_api_keys\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tname: text(\"name\").notNull(),\n\tkeyHash: text(\"key_hash\").notNull(),\n\tkeyPrefix: text(\"key_prefix\").notNull(),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<string[]>(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }),\n\tlastUsedAt: integer(\"last_used_at\", { mode: \"timestamp\" }),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Passkey Challenges (WebAuthn challenge state — short-lived)\n// ============================================================\nexport const passkeyChallenges = sqliteTable(\"kavach_passkey_challenges\", {\n\tid: text(\"id\").primaryKey(),\n\tchallenge: text(\"challenge\").notNull().unique(),\n\tuserId: text(\"user_id\"), // null for discoverable credential flows\n\ttype: text(\"type\", { enum: [\"registration\", \"authentication\"] }).notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Username Accounts (username + password auth)\n// ============================================================\nexport const usernameAccounts = sqliteTable(\"kavach_username_accounts\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tusername: text(\"username\").notNull().unique(),\n\tpasswordHash: text(\"password_hash\").notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Phone Verifications (SMS OTP)\n// ============================================================\nexport const phoneVerifications = sqliteTable(\"kavach_phone_verifications\", {\n\tid: text(\"id\").primaryKey(),\n\tphoneNumber: text(\"phone_number\").notNull(),\n\tcodeHash: text(\"code_hash\").notNull(),\n\tattempts: integer(\"attempts\").notNull().default(0),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Trusted Devices (skip 2FA on known devices for a time window)\n// ============================================================\nexport const trustedDevices = sqliteTable(\"kavach_trusted_devices\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tfingerprint: text(\"fingerprint\").notNull(), // HMAC-SHA256 of stable request headers\n\tlabel: text(\"label\").notNull(), // human-readable, e.g. \"Mac\", \"iPhone\"\n\ttrustedAt: integer(\"trusted_at\", { mode: \"timestamp\" }).notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// One-Time Tokens (email verify, password reset, invitation, custom)\n// ============================================================\nexport const oneTimeTokens = sqliteTable(\"kavach_one_time_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\ttokenHash: text(\"token_hash\").notNull().unique(), // SHA-256 hex of the raw token\n\tpurpose: text(\"purpose\", {\n\t\tenum: [\"email-verify\", \"password-reset\", \"invitation\", \"custom\"],\n\t}).notNull(),\n\tidentifier: text(\"identifier\").notNull(), // email, userId, or any caller-supplied key\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Login History (last login method tracking per user)\n// ============================================================\nexport const loginHistory = sqliteTable(\"kavach_login_history\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tmethod: text(\"method\").notNull(), // LoginMethod — kept as text to support oauth:{provider} variants\n\tip: text(\"ip\"),\n\tuserAgent: text(\"user_agent\"),\n\ttimestamp: integer(\"timestamp\", { mode: \"timestamp_ms\" }).notNull(),\n});\n\n// ============================================================\n// Agent DIDs (W3C Decentralized Identifiers per agent)\n// ============================================================\nexport const agentDids = sqliteTable(\"kavach_agent_dids\", {\n\tagentId: text(\"agent_id\")\n\t\t.primaryKey()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tdid: text(\"did\").notNull().unique(),\n\tmethod: text(\"method\", { enum: [\"key\", \"web\"] }).notNull(),\n\tpublicKeyJwk: text(\"public_key_jwk\").notNull(), // JSON-serialised JWK (public key only)\n\tdidDocument: text(\"did_document\").notNull(), // JSON-serialised DID Document\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Clients (apps authenticating against KavachOS IdP)\n// ============================================================\nexport const oidcClients = sqliteTable(\"kavach_oidc_clients\", {\n\tid: text(\"id\").primaryKey(),\n\tclientId: text(\"client_id\").notNull().unique(),\n\tclientSecretHash: text(\"client_secret_hash\").notNull(), // SHA-256 hex of the raw secret\n\tclientName: text(\"client_name\").notNull(),\n\tredirectUris: text(\"redirect_uris\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tgrantTypes: text(\"grant_types\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tresponseTypes: text(\"response_types\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tscopes: text(\"scopes\", { mode: \"json\" }).notNull().$type<string[]>(),\n\ttokenEndpointAuthMethod: text(\"token_endpoint_auth_method\")\n\t\t.notNull()\n\t\t.default(\"client_secret_post\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Authorization Codes\n// ============================================================\nexport const oidcAuthCodes = sqliteTable(\"kavach_oidc_auth_codes\", {\n\tid: text(\"id\").primaryKey(),\n\tcodeHash: text(\"code_hash\").notNull().unique(), // SHA-256 hex of the raw code\n\tclientId: text(\"client_id\").notNull(),\n\tuserId: text(\"user_id\").notNull(),\n\tredirectUri: text(\"redirect_uri\").notNull(),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\tnonce: text(\"nonce\"),\n\tcodeChallenge: text(\"code_challenge\"), // PKCE S256\n\tcodeChallengeMethod: text(\"code_challenge_method\"),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Refresh Tokens\n// ============================================================\nexport const oidcRefreshTokens = sqliteTable(\"kavach_oidc_refresh_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\ttokenHash: text(\"token_hash\").notNull().unique(), // SHA-256 hex of the raw token\n\tclientId: text(\"client_id\").notNull(),\n\tuserId: text(\"user_id\").notNull(),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\trevoked: integer(\"revoked\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Cost Events (per-agent cost attribution and observability)\n// ============================================================\nexport const costEvents = sqliteTable(\"kavach_cost_events\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\ttool: text(\"tool\").notNull(), // e.g. 'openai:gpt-4o', 'anthropic:claude-3-5-sonnet', 'mcp:github'\n\tinputTokens: integer(\"input_tokens\"),\n\toutputTokens: integer(\"output_tokens\"),\n\t/** Cost stored as integer microdollars (costUsd × 1_000_000) to avoid float drift */\n\tcostMicros: integer(\"cost_micros\").notNull(),\n\tcurrency: text(\"currency\").notNull().default(\"USD\"),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tdelegationChainId: text(\"delegation_chain_id\"), // null when not part of a chain\n\trecordedAt: integer(\"recorded_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Ephemeral Sessions (short-lived agent credentials for single-task use)\n// ============================================================\nexport const ephemeralSessions = sqliteTable(\"kavach_ephemeral_sessions\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\townerId: text(\"owner_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\ttokenHash: text(\"token_hash\").notNull().unique(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tmaxActions: integer(\"max_actions\"), // null = unlimited\n\tactionsUsed: integer(\"actions_used\").notNull().default(0),\n\tstatus: text(\"status\", { enum: [\"active\", \"expired\", \"exhausted\", \"revoked\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tauditGroupId: text(\"audit_group_id\").notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Stream Events (persisted SSE events for replay)\n// ============================================================\nexport const streamEvents = sqliteTable(\"kavach_stream_events\", {\n\tid: text(\"id\").primaryKey(),\n\ttype: text(\"type\").notNull(),\n\ttimestamp: integer(\"timestamp\", { mode: \"timestamp\" }).notNull(),\n\tdata: text(\"data\", { mode: \"json\" }).notNull().$type<Record<string, unknown>>(),\n\tagentId: text(\"agent_id\"),\n\tuserId: text(\"user_id\"),\n});\n\n// ============================================================\n// JWT Session Refresh Tokens (general-purpose session plugin)\n// ============================================================\nexport const jwtRefreshTokens = sqliteTable(\"kavach_jwt_refresh_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\t/** SHA-256 hex of the raw refresh token. The raw token is never stored. */\n\ttokenHash: text(\"token_hash\").notNull().unique(),\n\t/** The user who owns this session. */\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\t/** True once the token has been used in a refresh or explicit revocation. */\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// ReBAC Resources (relationship-based access control — resource hierarchy)\n// ============================================================\nexport const rebacResources = sqliteTable(\"kavach_rebac_resources\", {\n\tid: text(\"id\").notNull().primaryKey(),\n\ttype: text(\"type\").notNull(), // 'org', 'workspace', 'project', 'document', etc.\n\tparentId: text(\"parent_id\"),\n\tparentType: text(\"parent_type\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// ReBAC Relationships (subject-relation-object tuples, Zanzibar style)\n// ============================================================\nexport const rebacRelationships = sqliteTable(\"kavach_rebac_relationships\", {\n\tid: text(\"id\").primaryKey(),\n\tsubjectType: text(\"subject_type\").notNull(), // 'user', 'agent', 'team', 'role'\n\tsubjectId: text(\"subject_id\").notNull(),\n\trelation: text(\"relation\").notNull(), // 'owner', 'editor', 'viewer', 'member', 'parent'\n\tobjectType: text(\"object_type\").notNull(),\n\tobjectId: text(\"object_id\").notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Federation Instances (trusted remote KavachOS instances)\n// ============================================================\nexport const federationInstances = sqliteTable(\"kavach_federation_instances\", {\n\tid: text(\"id\").primaryKey(),\n\tinstanceId: text(\"instance_id\").notNull().unique(),\n\tinstanceUrl: text(\"instance_url\").notNull(),\n\tpublicKeyJwk: text(\"public_key_jwk\"), // JSON-serialised JWK (public key only)\n\ttrustLevel: text(\"trust_level\", { enum: [\"full\", \"limited\", \"verify-only\"] })\n\t\t.notNull()\n\t\t.default(\"verify-only\"),\n\tdiscoveredAt: integer(\"discovered_at\", { mode: \"timestamp\" }),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Federation Tokens (issued/received federation tokens for audit)\n// ============================================================\nexport const federationTokens = sqliteTable(\"kavach_federation_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\ttokenJti: text(\"token_jti\").notNull().unique(), // JWT ID for dedup\n\tagentId: text(\"agent_id\").notNull(),\n\tsourceInstanceId: text(\"source_instance_id\").notNull(),\n\ttargetInstanceId: text(\"target_instance_id\"),\n\tdirection: text(\"direction\", { enum: [\"issued\", \"received\"] }).notNull(),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<string[]>(),\n\ttrustScore: integer(\"trust_score\"), // stored as integer 0-100\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n"]}
package/dist/chunk-NSBPE2FW.js ADDED
@@ -0,0 +1,15 @@
1
+ var __defProp = Object.defineProperty;
2
+ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
3
+ get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
4
+ }) : x)(function(x) {
5
+ if (typeof require !== "undefined") return require.apply(this, arguments);
6
+ throw Error('Dynamic require of "' + x + '" is not supported');
7
+ });
8
+ var __export = (target, all) => {
9
+ for (var name in all)
10
+ __defProp(target, name, { get: all[name], enumerable: true });
11
+ };
12
+
13
+ export { __export, __require };
14
+ //# sourceMappingURL=chunk-NSBPE2FW.js.map
15
+ //# sourceMappingURL=chunk-NSBPE2FW.js.map
package/dist/{chunk-PZ5AY32C.js.map → chunk-NSBPE2FW.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"sources":[],"names":[],"mappings":"","file":"chunk-PZ5AY32C.js"}
1
+ {"version":3,"sources":[],"names":[],"mappings":"","file":"chunk-NSBPE2FW.js"}