kavachos 0.3.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. package/dist/a2a/index.d.ts +2 -2
  2. package/dist/agent/index.d.ts +3 -3
  3. package/dist/agent/index.js +4 -0
  4. package/dist/agent/index.js.map +1 -1
  5. package/dist/audit/index.d.ts +2 -2
  6. package/dist/audit/index.js +4 -0
  7. package/dist/audit/index.js.map +1 -1
  8. package/dist/auth/index.d.ts +34 -3
  9. package/dist/auth/index.js +91 -2
  10. package/dist/auth/index.js.map +1 -1
  11. package/dist/index.d.ts +33 -4
  12. package/dist/index.js +851 -67
  13. package/dist/index.js.map +1 -1
  14. package/dist/mcp/index.d.ts +2 -2
  15. package/dist/mcp/index.js +38 -1
  16. package/dist/mcp/index.js.map +1 -1
  17. package/dist/permission/index.d.ts +8 -3
  18. package/dist/permission/index.js +68 -59
  19. package/dist/permission/index.js.map +1 -1
  20. package/dist/standards/index.d.ts +139 -0
  21. package/dist/standards/index.js +72 -0
  22. package/dist/standards/index.js.map +1 -0
  23. package/dist/{types-BuHrZcjE.d.ts → types-BiUe9e8u.d.ts} +24 -0
  24. package/dist/{types-B02D3kZy.d.ts → types-RJPOU4un.d.ts} +114 -2
  25. package/dist/vc/index.d.ts +254 -65
  26. package/dist/vc/index.js +160 -12
  27. package/dist/vc/index.js.map +1 -1
  28. package/package.json +7 -1
package/dist/audit/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/db/schema.ts","../../src/audit/audit.ts"],"names":[],"mappings":";;;;AAKO,IAAM,KAAA,GAAQ,YAAY,cAAA,EAAgB;AAAA,EAChD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACtC,IAAA,EAAM,KAAK,MAAM,CAAA;AAAA,EACjB,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,MAAA,EAAO;AAAA,EAClC,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA;AAAA,EAC9B,gBAAA,EAAkB,KAAK,mBAAmB,CAAA;AAAA;AAAA,EAC1C,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA;AAAA,EAE5E,QAAQ,OAAA,CAAQ,QAAQ,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC7C,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,cAAc,OAAA,CAAQ,gBAAA,EAAkB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC7D,oBAAoB,OAAA,CAAQ,sBAAsB,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACvE,eAAe,OAAA,CAAQ,gBAAgB,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA;AAAA,EAE5D,gBAAA,EAAkB,IAAA,CAAK,oBAAoB,CAAA,CAAE,MAAA,EAAO;AAAA,EACpD,oBAAA,EAAsB,KAAK,wBAAwB,CAAA;AAAA,EACnD,wBAAA,EAA0B,KAAK,4BAA4B,CAAA;AAAA,EAC3D,aAAA,EAAe,KAAK,iBAAiB,CAAA;AAAA,EACrC,wBAAwB,OAAA,CAAQ,2BAAA,EAA6B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAClF,uBAAA,EAAyB,OAAA,CAAQ,6BAAA,EAA+B,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CACjF,OAAA,EAAQ,CACR,OAAA,CAAQ,KAAK,CAAA;AAAA;AAAA,EAEf,eAAA,EAAiB,IAAA,CAAK,mBAAmB,CAAA,CAAE,MAAA,EAAO;AAAA,EAClD,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA,EACjD,uBAAA,EAAyB,KAAK,2BAA2B,CAAA;AAAA,EACzD,cAAA,EAAgB,KAAK,kBAAkB,CAAA;AAAA,EACvC,uBAAuB,OAAA,CAAQ,0BAAA,EAA4B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAChF,sBAAA,EAAwB,OAAA,CAAQ,4BAAA,EAA8B,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAC/E,OAAA,EAAQ,CACR,OAAA,CAAQ,KAAK,CAAA;AAAA,EACf,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAKM,IAAM,OAAA,GAAU,YAAY,gBAAA,EAAkB;AAAA,EACpD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAAyB;AAAA,EACtE,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,WAAW,CAAA,EAAG,CAAA,CACtD,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAYM,IAAM,MAAA,GAAS,YAAY,eAAA,EAAiB;AAAA,EAClD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,UAAU,IAAA,CAAK,WAAW,EAAE,UAAA,CAAW,MAAM,QAAQ,EAAE,CAAA;AAAA;AAAA,EACvD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,YAAA,EAAc,WAAA,EAAa,SAAS,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7E,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,GAAG,CAAA,CAC/D,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACtC,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC1C,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACtD,cAAc,OAAA,CAAQ,gBAAA,EAAkB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC7D,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAK0B,YAAY,oBAAA,EAAsB;AAAA,EAC5D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACnC,OAAA,EAAS,IAAA,CAAK,SAAA,EAAW,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA;AAAA,EACrE,WAAA,EAAa,KAAK,aAAA,EAAe,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAAgC;AAAA,EACnF,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAa+B,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAA,EAAa,KAAK,eAAe,CAAA,CAC/B,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,SAAA,EAAW,KAAK,aAAa,CAAA,CAC3B,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAiC;AAAA,EAC9F,OAAO,OAAA,CAAQ,OAAO,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC3C,UAAU,OAAA,CAAQ,WAAW,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAClD,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,GAAG,CAAA,CAC/D,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAUM,IAAM,SAAA,GAAY,YAAY,mBAAA,EAAqB;AAAA,EACzD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACnC,UAAA,EAAY,KAAK,YAAA,EAAc,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAChF,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,SAAA,EAAW,QAAA,EAAU,cAAc,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChF,MAAA,EAAQ,KAAK,QAAQ,CAAA;AAAA;AAAA,EACrB,UAAA,EAAY,OAAA,CAAQ,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3C,UAAA,EAAY,QAAQ,aAAa,CAAA;AAAA,EACjC,EAAA,EAAI,KAAK,IAAI,CAAA;AAAA,EACb,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,SAAA,EAAW,QAAQ,WAAA,EAAa,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACxD,CAAC,CAAA;AAKyB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EACnC,WAAA,EAAa,QAAQ,cAAA,EAAgB,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EACpE,OAAO,OAAA,CAAQ,OAAO,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC;AAC5C,CAAC;AAKyB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,UAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC5C,KAAA,EAAO,IAAA,CAAK,OAAA,EAAS,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACjE,YAAA,EAAc,OAAA,CAAQ,eAAA,EAAiB,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,IAAI,CAAA;AAAA,EAClF,YAAA,EAAc,QAAQ,gBAAgB,CAAA;AAAA,EACtC,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,UAAU,CAAA,EAAG,CAAA,CACrD,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKuB,YAAY,iBAAA,EAAmB;AAAA,EACtD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,YAAA,GAAe,YAAY,sBAAA,EAAwB;AAAA,EAC/D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC7C,YAAA,EAAc,KAAK,eAAe,CAAA;AAAA;AAAA,EAClC,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,EAC9B,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAChF,UAAA,EAAY,IAAA,CAAK,aAAA,EAAe,EAAE,MAAM,MAAA,EAAQ,CAAA,CAC9C,OAAA,GACA,KAAA,EAAgB,CAChB,OAAA,CAAQ,CAAC,oBAAoB,CAAC,CAAA;AAAA,EAChC,aAAA,EAAe,IAAA,CAAK,gBAAA,EAAkB,EAAE,MAAM,MAAA,EAAQ,CAAA,CACpD,OAAA,GACA,KAAA,EAAgB,CAChB,OAAA,CAAQ,CAAC,MAAM,CAAC,CAAA;AAAA,EAClB,yBAAyB,IAAA,CAAK,4BAA4B,EACxD,OAAA,EAAQ,CACR,QAAQ,qBAAqB,CAAA;AAAA,EAC/B,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,MAAM,CAAC,QAAA,EAAU,cAAc,CAAA,EAAG,CAAA,CACrD,OAAA,EAAQ,CACR,QAAQ,cAAc,CAAA;AAAA,EACxB,QAAA,EAAU,OAAA,CAAQ,UAAA,EAAY,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAC1E,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAKgC,YAAY,4BAAA,EAA8B;AAAA,EAC1E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,aAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACnD,YAAA,EAAc,IAAA,CAAK,eAAe,CAAA,CAAE,MAAA,EAAO;AAAA,EAC3C,QAAA,EAAU,KAAK,WAAW,CAAA,CACxB,SAAQ,CACR,UAAA,CAAW,MAAM,YAAA,CAAa,QAAQ,CAAA;AAAA,EACxC,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA;AAAA,EACzB,oBAAA,EAAsB,QAAQ,yBAAA,EAA2B,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EACxF,uBAAuB,OAAA,CAAQ,0BAAA,EAA4B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAChF,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKsC,YAAY,kCAAA,EAAoC;AAAA,EACtF,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,QAAA,EAAU,KAAK,WAAW,CAAA,CACxB,SAAQ,CACR,UAAA,CAAW,MAAM,YAAA,CAAa,QAAQ,CAAA;AAAA,EACxC,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC/B,aAAA,EAAe,KAAK,gBAAgB,CAAA;AAAA;AAAA,EACpC,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA;AAAA,EACjD,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA;AAAA,EACzB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK6B,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CAAE,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,SAAA,EAAW,CAAA;AAAA;AAAA,EAC7E,QAAQ,IAAA,CAAK,SAAS,EAAE,UAAA,CAAW,MAAM,MAAM,EAAE,CAAA;AAAA;AAAA,EACjD,UAAU,IAAA,CAAK,WAAW,EAAE,UAAA,CAAW,MAAM,QAAQ,EAAE,CAAA;AAAA;AAAA,EACvD,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAuB;AAAA,EAC1E,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAsB;AAAA,EACtF,QAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,MAAA,EAAQ,UAAA,EAAY,OAAA,EAAS,QAAQ,GAAG,CAAA,CACtE,OAAA,EAAQ,CACR,QAAQ,MAAM,CAAA;AAAA,EAChB,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,WAAA,EAAa,UAAU,GAAG,CAAA,CAClE,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAoByB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,WAAA,EAAa,KAAK,aAAa,CAAA;AAAA,EAC/B,OAAA,EAAS,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EACjC,SAAA,EAAW,IAAA,CAAK,WAAA,EAAa,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACzE,YAAA,EAAc,IAAA,CAAK,cAAA,EAAgB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAiB;AAAA,EAChF,gBAAA,EAAkB,IAAA,CAAK,mBAAA,EAAqB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAC1D,OAAA,EAAQ,CACR,KAAA,EAA+B;AAAA,EACjC,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA,EACzB,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK+B,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC/B,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EACnC,SAAA,EAAW,KAAK,WAAA,EAAa,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC9E,QAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,SAAA,EAAW,UAAA,EAAY,QAAA,EAAU,SAAS,GAAG,CAAA,CAC3E,OAAA,EAAQ,CACR,QAAQ,SAAS,CAAA;AAAA,EACnB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,aAAa,OAAA,CAAQ,cAAA,EAAgB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC1D,WAAA,EAAa,KAAK,cAAc,CAAA;AAAA,EAChC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK0B,YAAY,qBAAA,EAAuB;AAAA,EAC7D,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,UAAA,EAAW,CACX,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,KAAA,EAAO,OAAA,CAAQ,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,KAAA,EAAO,KAAK,OAAA,EAAS;AAAA,IACpB,MAAM,CAAC,WAAA,EAAa,SAAA,EAAW,UAAA,EAAY,WAAW,UAAU;AAAA,GAChE,EAAE,OAAA,EAAQ;AAAA,EACX,OAAA,EAAS,IAAA,CAAK,SAAA,EAAW,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAA+B;AAAA,EACpF,UAAA,EAAY,QAAQ,aAAA,EAAe,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AAC3D,CAAC;AAKyB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACtC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKwB,YAAY,mBAAA,EAAqB;AAAA,EACzD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,UAAU,OAAA,CAAQ,UAAU,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACjD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK0B,YAAY,aAAA,EAAe;AAAA,EACrD,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,YAAW,CACX,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,OAAA,EAAS,OAAA,CAAQ,SAAA,EAAW,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EACxE,WAAA,EAAa,IAAA,CAAK,cAAA,EAAgB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAwB;AAAA,EACtF,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAUM,IAAM,aAAA,GAAgB,YAAY,sBAAA,EAAwB;AAAA,EAChE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAEyB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,EAAE,OAAA,EAAQ,CAAE,QAAQ,QAAQ,CAAA;AAAA,EAC7C,QAAA,EAAU,QAAQ,WAAA,EAAa,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACvD,CAAC;AAE6B,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,MAAM,IAAA,CAAK,MAAM,EAAE,OAAA,EAAQ,CAAE,QAAQ,QAAQ,CAAA;AAAA,EAC7C,SAAA,EAAW,KAAK,YAAY,CAAA,CAC1B,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,SAAA,EAAW,UAAA,EAAY,SAAS,GAAG,CAAA,CACjE,OAAA,EAAQ,CACR,QAAQ,SAAS,CAAA;AAAA,EACnB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAEuB,YAAY,kBAAA,EAAoB;AAAA,EACvD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA;AAC9D,CAAC;AAKiC,YAAY,4BAAA,EAA8B;AAAA,EAC3E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,cAAc,IAAA,CAAK,eAAe,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACrD,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACtC,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC/C,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,EAC9B,UAAA,EAAY,KAAK,YAAY,CAAA;AAAA;AAAA,EAC7B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,UAAA,EAAY,QAAQ,cAAA,EAAgB,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AAC5D,CAAC;AAK6B,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC9B,UAAA,EAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EACxC,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,MAAA,EAAQ,MAAM,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACvD,QAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACxC,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC/C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKsB,YAAY,iBAAA,EAAmB;AAAA,EACrD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EAClC,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,EACtC,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAC7E,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACtD,YAAY,OAAA,CAAQ,cAAA,EAAgB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACzD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKgC,YAAY,2BAAA,EAA6B;AAAA,EACzE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC9C,MAAA,EAAQ,KAAK,SAAS,CAAA;AAAA;AAAA,EACtB,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,cAAA,EAAgB,gBAAgB,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACzE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK+B,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,UAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC5C,YAAA,EAAc,IAAA,CAAK,eAAe,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC5C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKiC,YAAY,4BAAA,EAA8B;AAAA,EAC3E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,UAAU,OAAA,CAAQ,UAAU,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACjD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK6B,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,WAAA,EAAa,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACzC,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC7B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK4B,YAAY,wBAAA,EAA0B;AAAA,EAClE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC/C,OAAA,EAAS,KAAK,SAAA,EAAW;AAAA,IACxB,IAAA,EAAM,CAAC,cAAA,EAAgB,gBAAA,EAAkB,cAAc,QAAQ;AAAA,GAC/D,EAAE,OAAA,EAAQ;AAAA,EACX,UAAA,EAAY,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACvC,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK2B,YAAY,sBAAA,EAAwB;AAAA,EAC/D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,EAAA,EAAI,KAAK,IAAI,CAAA;AAAA,EACb,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,SAAA,EAAW,QAAQ,WAAA,EAAa,EAAE,MAAM,cAAA,EAAgB,EAAE,OAAA;AAC3D,CAAC;AAKwB,YAAY,mBAAA,EAAqB;AAAA,EACzD,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,UAAA,EAAW,CACX,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,KAAK,IAAA,CAAK,KAAK,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAClC,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,KAAA,EAAO,KAAK,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACzD,YAAA,EAAc,IAAA,CAAK,gBAAgB,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC7C,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC1C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK0B,YAAY,qBAAA,EAAuB;AAAA,EAC7D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC7C,gBAAA,EAAkB,IAAA,CAAK,oBAAoB,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACrD,UAAA,EAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EACxC,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAChF,UAAA,EAAY,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAC5E,aAAA,EAAe,IAAA,CAAK,gBAAA,EAAkB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAClF,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACnE,yBAAyB,IAAA,CAAK,4BAA4B,EACxD,OAAA,EAAQ,CACR,QAAQ,oBAAoB,CAAA;AAAA,EAC9B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK4B,YAAY,wBAAA,EAA0B;AAAA,EAClE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC7C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,KAAA,EAAO,KAAK,OAAO,CAAA;AAAA,EACnB,aAAA,EAAe,KAAK,gBAAgB,CAAA;AAAA;AAAA,EACpC,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA,EACjD,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKgC,YAAY,4BAAA,EAA8B;AAAA,EAC1E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC/C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,OAAA,EAAS,OAAA,CAAQ,SAAA,EAAW,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EACxE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKyB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC3B,WAAA,EAAa,QAAQ,cAAc,CAAA;AAAA,EACnC,YAAA,EAAc,QAAQ,eAAe,CAAA;AAAA;AAAA,EAErC,UAAA,EAAY,OAAA,CAAQ,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3C,UAAU,IAAA,CAAK,UAAU,EAAE,OAAA,EAAQ,CAAE,QAAQ,KAAK,CAAA;AAAA,EAClD,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,iBAAA,EAAmB,KAAK,qBAAqB,CAAA;AAAA;AAAA,EAC7C,UAAA,EAAY,QAAQ,aAAA,EAAe,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AAC3D,CAAC;AAKgC,YAAY,2BAAA,EAA6B;AAAA,EACzE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC/C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,UAAA,EAAY,QAAQ,aAAa,CAAA;AAAA;AAAA,EACjC,aAAa,OAAA,CAAQ,cAAc,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACxD,QAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,QAAA,EAAU,SAAA,EAAW,WAAA,EAAa,SAAS,GAAG,CAAA,CAC5E,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA,CAAK,gBAAgB,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK2B,YAAY,sBAAA,EAAwB;AAAA,EAC/D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,SAAA,EAAW,QAAQ,WAAA,EAAa,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAC/D,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAA+B;AAAA,EAC9E,OAAA,EAAS,KAAK,UAAU,CAAA;AAAA,EACxB,MAAA,EAAQ,KAAK,SAAS;AACvB,CAAC;AAK+B,YAAY,2BAAA,EAA6B;AAAA,EACxE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA;AAAA,EAE1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAE/C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA;AAAA,EAEpD,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK6B,YAAY,wBAAA,EAA0B;AAAA,EACnE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,OAAA,GAAU,UAAA,EAAW;AAAA,EACpC,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC3B,QAAA,EAAU,KAAK,WAAW,CAAA;AAAA,EAC1B,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,EAC9B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKiC,YAAY,4BAAA,EAA8B;AAAA,EAC3E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC1C,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,EACtC,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACnC,UAAA,EAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EACxC,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKkC,YAAY,6BAAA,EAA+B;AAAA,EAC7E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,YAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACjD,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,YAAA,EAAc,KAAK,gBAAgB,CAAA;AAAA;AAAA,EACnC,UAAA,EAAY,IAAA,CAAK,aAAA,EAAe,EAAE,MAAM,CAAC,MAAA,EAAQ,SAAA,EAAW,aAAa,GAAG,CAAA,CAC1E,OAAA,EAAQ,CACR,QAAQ,aAAa,CAAA;AAAA,EACvB,cAAc,OAAA,CAAQ,eAAA,EAAiB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC5D,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK+B,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC7C,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EAClC,gBAAA,EAAkB,IAAA,CAAK,oBAAoB,CAAA,CAAE,OAAA,EAAQ;AAAA,EACrD,gBAAA,EAAkB,KAAK,oBAAoB,CAAA;AAAA,EAC3C,SAAA,EAAW,IAAA,CAAK,WAAA,EAAa,EAAE,IAAA,EAAM,CAAC,QAAA,EAAU,UAAU,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACvE,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAC7E,UAAA,EAAY,QAAQ,aAAa,CAAA;AAAA;AAAA,EACjC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,oBAAA,GAAuB,YAAY,+BAAA,EAAiC;AAAA,EAChF,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA;AAAA,EAEpD,iBAAA,EAAmB,QAAQ,qBAAA,EAAuB,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA;AAAA,EAEjF,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC/C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAK4B,YAAY,uBAAA,EAAyB;AAAA,EACjE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CACxB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,oBAAA,CAAqB,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA;AAAA,EAEnE,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAE/C,MAAM,OAAA,CAAQ,MAAM,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACzC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;;;AC9xBM,SAAS,kBAAkB,MAAA,EAA2B;AAC5D,EAAA,MAAM,EAAE,IAAG,GAAI,MAAA;AAEf,EAAA,eAAe,MAAM,MAAA,EAA4C;AAChE,IAAA,MAAM,aAAa,EAAC;AAEpB,IAAA,IAAI,MAAA,CAAO,SAAS,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,OAAA,EAAS,MAAA,CAAO,OAAO,CAAC,CAAA;AACzE,IAAA,IAAI,MAAA,CAAO,QAAQ,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,MAAA,EAAQ,MAAA,CAAO,MAAM,CAAC,CAAA;AACtE,IAAA,IAAI,MAAA,CAAO,OAAO,UAAA,CAAW,IAAA,CAAK,IAAI,SAAA,CAAU,SAAA,EAAW,MAAA,CAAO,KAAK,CAAC,CAAA;AACxE,IAAA,IAAI,MAAA,CAAO,OAAO,UAAA,CAAW,IAAA,CAAK,IAAI,SAAA,CAAU,SAAA,EAAW,MAAA,CAAO,KAAK,CAAC,CAAA;AACxE,IAAA,IAAI,MAAA,CAAO,QAAQ,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,MAAA,EAAQ,MAAA,CAAO,MAAM,CAAC,CAAA;AAEtE,IAAA,IAAI,CAAA,GAAI,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,CAAQ,IAAA,CAAK,SAAA,CAAU,SAAS,CAAC,EAAE,QAAA,EAAS;AAEhF,IAAA,IAAI,UAAA,CAAW,SAAS,CAAA,EAAG;AAC1B,MAAA,CAAA,GAAI,CAAA,CAAE,KAAA,CAAM,GAAA,CAAI,GAAG,UAAU,CAAC,CAAA;AAAA,IAC/B;AAEA,IAAA,IAAI,OAAO,KAAA,EAAO;AACjB,MAAA,CAAA,GAAI,CAAA,CAAE,KAAA,CAAM,MAAA,CAAO,KAAK,CAAA;AAAA,IACzB;AACA,IAAA,IAAI,OAAO,MAAA,EAAQ;AAClB,MAAA,CAAA,GAAI,CAAA,CAAE,MAAA,CAAO,MAAA,CAAO,MAAM,CAAA;AAAA,IAC3B;AAEA,IAAA,MAAM,OAAO,MAAM,CAAA;AAEnB,IAAA,OAAO,IAAA,CACL,MAAA,CAAO,CAAC,GAAA,KAAQ;AAEhB,MAAA,IAAI,MAAA,CAAO,OAAA,IAAW,MAAA,CAAO,OAAA,CAAQ,SAAS,CAAA,EAAG;AAChD,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,QAAA,CAAS,GAAA,CAAI,MAAM,CAAA;AAAA,MAC1C;AACA,MAAA,OAAO,IAAA;AAAA,IACR,CAAC,CAAA,CACA,GAAA,CAAI,YAAY,CAAA;AAAA,EACnB;AAEA,EAAA,eAAe,WAAW,OAAA,EAA8C;AACvE,IAAA,MAAM,OAAA,GAAU,MAAM,KAAA,CAAM;AAAA,MAC3B,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,KAAA,EAAO;AAAA;AAAA,KACP,CAAA;AAED,IAAA,IAAI,OAAA,CAAQ,WAAW,MAAA,EAAQ;AAC9B,MAAA,OAAO,IAAA,CAAK,SAAA,CAAU,OAAA,EAAS,IAAA,EAAM,CAAC,CAAA;AAAA,IACvC;AAGA,IAAA,MAAM,OAAA,GAAU;AAAA,MACf,IAAA;AAAA,MACA,SAAA;AAAA,MACA,QAAA;AAAA,MACA,QAAA;AAAA,MACA,UAAA;AAAA,MACA,QAAA;AAAA,MACA,QAAA;AAAA,MACA,YAAA;AAAA,MACA,YAAA;AAAA,MACA;AAAA,KACD;AACA,IAAA,MAAM,OAAA,GAAU,CAAC,OAAA,CAAQ,IAAA,CAAK,GAAG,CAAC,CAAA;AAElC,IAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC5B,MAAA,OAAA,CAAQ,IAAA;AAAA,QACP;AAAA,UACC,KAAA,CAAM,EAAA;AAAA,UACN,KAAA,CAAM,OAAA;AAAA,UACN,KAAA,CAAM,MAAA;AAAA,UACN,KAAA,CAAM,MAAA;AAAA,UACN,KAAA,CAAM,QAAA;AAAA,UACN,KAAA,CAAM,MAAA;AAAA,UACN,CAAA,CAAA,EAAK,KAAA,CAA2C,MAAA,IAAU,EAAE,CAAA,CAAA,CAAA;AAAA,UAC5D,KAAA,CAAM,UAAA;AAAA,UACN,MAAM,UAAA,IAAc,EAAA;AAAA,UACpB,KAAA,CAAM,UAAU,WAAA;AAAY,SAC7B,CAAE,KAAK,GAAG;AAAA,OACX;AAAA,IACD;AAEA,IAAA,OAAO,OAAA,CAAQ,KAAK,IAAI,CAAA;AAAA,EACzB;AAMA,EAAA,eAAe,QAAQ,OAAA,EAAkE;AACxF,IAAA,MAAM,MAAA,GAAS,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,EAAI,GAAI,OAAA,CAAQ,aAAA,GAAgB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAGhF,IAAA,MAAM,WAAW,MAAM,EAAA,CACrB,OAAO,EAAE,EAAA,EAAI,UAAU,EAAA,EAAI,CAAA,CAC3B,IAAA,CAAK,SAAS,CAAA,CACd,KAAA,CAAM,GAAG,SAAA,CAAU,SAAA,EAAW,MAAM,CAAC,CAAA;AAEvC,IAAA,IAAI,QAAA,CAAS,WAAW,CAAA,EAAG;AAC1B,MAAA,OAAO,EAAE,SAAS,CAAA,EAAE;AAAA,IACrB;AAEA,IAAA,MAAM,EAAA,CAAG,OAAO,SAAS,CAAA,CAAE,MAAM,EAAA,CAAG,SAAA,CAAU,SAAA,EAAW,MAAM,CAAC,CAAA;AAEhE,IAAA,OAAO,EAAE,OAAA,EAAS,QAAA,CAAS,MAAA,EAAO;AAAA,EACnC;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,MAAA,EAAQ,UAAA,EAAY,OAAA,EAAQ;AAC7C;AAEA,SAAS,aAAa,GAAA,EAAgD;AACrE,EAAA,OAAO;AAAA,IACN,IAAI,GAAA,CAAI,EAAA;AAAA,IACR,SAAS,GAAA,CAAI,OAAA;AAAA,IACb,QAAQ,GAAA,CAAI,MAAA;AAAA,IACZ,QAAQ,GAAA,CAAI,MAAA;AAAA,IACZ,UAAU,GAAA,CAAI,QAAA;AAAA,IACd,UAAA,EAAa,GAAA,CAAI,UAAA,IAA0C,EAAC;AAAA,IAC5D,QAAQ,GAAA,CAAI,MAAA;AAAA,IACZ,MAAA,EAAQ,IAAI,MAAA,IAAU,MAAA;AAAA,IACtB,YAAY,GAAA,CAAI,UAAA;AAAA,IAChB,UAAA,EAAY,IAAI,UAAA,IAAc,MAAA;AAAA,IAC9B,WAAW,GAAA,CAAI;AAAA,GAChB;AACD","file":"index.js","sourcesContent":["import { integer, sqliteTable, text } from \"drizzle-orm/sqlite-core\";\n\n// ============================================================\n// Users (basic human identity - integrates with external auth)\n// ============================================================\nexport const users = sqliteTable(\"kavach_users\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull().unique(),\n\tname: text(\"name\"),\n\tusername: text(\"username\").unique(),\n\texternalId: text(\"external_id\"), // ID from external auth (better-auth, Auth.js, etc.)\n\texternalProvider: text(\"external_provider\"), // \"better-auth\", \"authjs\", \"clerk\", etc.\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\t// Admin ban fields (populated by admin module)\n\tbanned: integer(\"banned\").notNull().default(0),\n\tbanReason: text(\"ban_reason\"),\n\tbanExpiresAt: integer(\"ban_expires_at\", { mode: \"timestamp\" }),\n\tforcePasswordReset: integer(\"force_password_reset\").notNull().default(0),\n\temailVerified: integer(\"email_verified\").notNull().default(0),\n\t// Stripe integration fields (populated by kavach-stripe plugin)\n\tstripeCustomerId: text(\"stripe_customer_id\").unique(),\n\tstripeSubscriptionId: text(\"stripe_subscription_id\"),\n\tstripeSubscriptionStatus: text(\"stripe_subscription_status\"),\n\tstripePriceId: text(\"stripe_price_id\"),\n\tstripeCurrentPeriodEnd: integer(\"stripe_current_period_end\", { mode: \"timestamp\" }),\n\tstripeCancelAtPeriodEnd: integer(\"stripe_cancel_at_period_end\", { mode: \"boolean\" })\n\t\t.notNull()\n\t\t.default(false),\n\t// Polar integration fields (populated by kavach-polar plugin)\n\tpolarCustomerId: text(\"polar_customer_id\").unique(),\n\tpolarSubscriptionId: text(\"polar_subscription_id\"),\n\tpolarSubscriptionStatus: text(\"polar_subscription_status\"),\n\tpolarProductId: text(\"polar_product_id\"),\n\tpolarCurrentPeriodEnd: integer(\"polar_current_period_end\", { mode: \"timestamp\" }),\n\tpolarCancelAtPeriodEnd: integer(\"polar_cancel_at_period_end\", { mode: \"boolean\" })\n\t\t.notNull()\n\t\t.default(false),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Tenants (multi-tenant isolation — must come before agents)\n// ============================================================\nexport const tenants = sqliteTable(\"kavach_tenants\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tslug: text(\"slug\").notNull().unique(),\n\tsettings: text(\"settings\", { mode: \"json\" }).$type<TenantSettingsRow>(),\n\tstatus: text(\"status\", { enum: [\"active\", \"suspended\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface TenantSettingsRow {\n\tmaxAgents?: number;\n\tmaxDelegationDepth?: number;\n\tauditRetentionDays?: number;\n\tallowedAgentTypes?: string[];\n}\n\n// ============================================================\n// Agents (the core differentiator - AI agent identities)\n// ============================================================\nexport const agents = sqliteTable(\"kavach_agents\", {\n\tid: text(\"id\").primaryKey(),\n\townerId: text(\"owner_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\ttenantId: text(\"tenant_id\").references(() => tenants.id), // nullable, for multi-tenant scoping\n\tname: text(\"name\").notNull(),\n\ttype: text(\"type\", { enum: [\"autonomous\", \"delegated\", \"service\"] }).notNull(),\n\tstatus: text(\"status\", { enum: [\"active\", \"revoked\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\ttokenHash: text(\"token_hash\").notNull(), // hashed agent token\n\ttokenPrefix: text(\"token_prefix\").notNull(), // first 8 chars for identification\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }),\n\tlastActiveAt: integer(\"last_active_at\", { mode: \"timestamp\" }),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Permissions (scoped access control per agent)\n// ============================================================\nexport const permissions = sqliteTable(\"kavach_permissions\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tresource: text(\"resource\").notNull(), // e.g. \"mcp:github:*\", \"tool:file_read\"\n\tactions: text(\"actions\", { mode: \"json\" }).notNull().$type<string[]>(), // [\"read\", \"write\", \"execute\"]\n\tconstraints: text(\"constraints\", { mode: \"json\" }).$type<PermissionConstraintsRow>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface PermissionConstraintsRow {\n\tmaxCallsPerHour?: number;\n\tallowedArgPatterns?: string[];\n\trequireApproval?: boolean;\n\ttimeWindow?: { start: string; end: string };\n\tipAllowlist?: string[];\n}\n\n// ============================================================\n// Delegation Chains (agent-to-agent permission delegation)\n// ============================================================\nexport const delegationChains = sqliteTable(\"kavach_delegation_chains\", {\n\tid: text(\"id\").primaryKey(),\n\tfromAgentId: text(\"from_agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\ttoAgentId: text(\"to_agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<DelegationPermissionRow[]>(),\n\tdepth: integer(\"depth\").notNull().default(1),\n\tmaxDepth: integer(\"max_depth\").notNull().default(3),\n\tstatus: text(\"status\", { enum: [\"active\", \"revoked\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface DelegationPermissionRow {\n\tresource: string;\n\tactions: string[];\n}\n\n// ============================================================\n// Audit Logs (immutable record of every agent action)\n// ============================================================\nexport const auditLogs = sqliteTable(\"kavach_audit_logs\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\taction: text(\"action\").notNull(), // \"execute\", \"read\", \"write\", \"delete\"\n\tresource: text(\"resource\").notNull(), // \"mcp:github:create_issue\"\n\tparameters: text(\"parameters\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tresult: text(\"result\", { enum: [\"allowed\", \"denied\", \"rate_limited\"] }).notNull(),\n\treason: text(\"reason\"), // why denied/rate_limited\n\tdurationMs: integer(\"duration_ms\").notNull(),\n\ttokensCost: integer(\"tokens_cost\"),\n\tip: text(\"ip\"),\n\tuserAgent: text(\"user_agent\"),\n\ttimestamp: integer(\"timestamp\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Rate Limit Counters (track per-agent call rates)\n// ============================================================\nexport const rateLimits = sqliteTable(\"kavach_rate_limits\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tresource: text(\"resource\").notNull(),\n\twindowStart: integer(\"window_start\", { mode: \"timestamp\" }).notNull(),\n\tcount: integer(\"count\").notNull().default(0),\n});\n\n// ============================================================\n// MCP Servers (registered MCP servers)\n// ============================================================\nexport const mcpServers = sqliteTable(\"kavach_mcp_servers\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tendpoint: text(\"endpoint\").notNull().unique(),\n\ttools: text(\"tools\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tauthRequired: integer(\"auth_required\", { mode: \"boolean\" }).notNull().default(true),\n\trateLimitRpm: integer(\"rate_limit_rpm\"),\n\tstatus: text(\"status\", { enum: [\"active\", \"inactive\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Sessions (human user sessions managed by KavachOS)\n// ============================================================\nexport const sessions = sqliteTable(\"kavach_sessions\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Clients (for MCP OAuth 2.1 - dynamic client registration)\n// ============================================================\nexport const oauthClients = sqliteTable(\"kavach_oauth_clients\", {\n\tid: text(\"id\").primaryKey(),\n\tclientId: text(\"client_id\").notNull().unique(),\n\tclientSecret: text(\"client_secret\"), // null for public clients\n\tclientName: text(\"client_name\"),\n\tclientUri: text(\"client_uri\"),\n\tredirectUris: text(\"redirect_uris\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tgrantTypes: text(\"grant_types\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<string[]>()\n\t\t.default([\"authorization_code\"]),\n\tresponseTypes: text(\"response_types\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<string[]>()\n\t\t.default([\"code\"]),\n\ttokenEndpointAuthMethod: text(\"token_endpoint_auth_method\")\n\t\t.notNull()\n\t\t.default(\"client_secret_basic\"),\n\ttype: text(\"type\", { enum: [\"public\", \"confidential\"] })\n\t\t.notNull()\n\t\t.default(\"confidential\"),\n\tdisabled: integer(\"disabled\", { mode: \"boolean\" }).notNull().default(false),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Access Tokens (issued tokens for MCP auth)\n// ============================================================\nexport const oauthAccessTokens = sqliteTable(\"kavach_oauth_access_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\taccessToken: text(\"access_token\").notNull().unique(),\n\trefreshToken: text(\"refresh_token\").unique(),\n\tclientId: text(\"client_id\")\n\t\t.notNull()\n\t\t.references(() => oauthClients.clientId),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\tresource: text(\"resource\"), // RFC 8707 - audience binding\n\taccessTokenExpiresAt: integer(\"access_token_expires_at\", { mode: \"timestamp\" }).notNull(),\n\trefreshTokenExpiresAt: integer(\"refresh_token_expires_at\", { mode: \"timestamp\" }),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Authorization Codes (temporary codes for code exchange)\n// ============================================================\nexport const oauthAuthorizationCodes = sqliteTable(\"kavach_oauth_authorization_codes\", {\n\tid: text(\"id\").primaryKey(),\n\tcode: text(\"code\").notNull().unique(),\n\tclientId: text(\"client_id\")\n\t\t.notNull()\n\t\t.references(() => oauthClients.clientId),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tredirectUri: text(\"redirect_uri\").notNull(),\n\tscopes: text(\"scopes\").notNull(),\n\tcodeChallenge: text(\"code_challenge\"), // PKCE\n\tcodeChallengeMethod: text(\"code_challenge_method\"), // \"S256\"\n\tresource: text(\"resource\"), // RFC 8707\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Budget Policies (agent execution budget caps)\n// ============================================================\nexport const budgetPolicies = sqliteTable(\"kavach_budget_policies\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\").references(() => agents.id, { onDelete: \"cascade\" }), // nullable\n\tuserId: text(\"user_id\").references(() => users.id), // nullable\n\ttenantId: text(\"tenant_id\").references(() => tenants.id), // nullable\n\tlimits: text(\"limits\", { mode: \"json\" }).notNull().$type<BudgetLimitsRow>(),\n\tcurrentUsage: text(\"current_usage\", { mode: \"json\" }).notNull().$type<BudgetUsageRow>(),\n\taction: text(\"action\", { enum: [\"warn\", \"throttle\", \"block\", \"revoke\"] })\n\t\t.notNull()\n\t\t.default(\"warn\"),\n\tstatus: text(\"status\", { enum: [\"active\", \"triggered\", \"disabled\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface BudgetLimitsRow {\n\tmaxTokensCostPerDay?: number;\n\tmaxTokensCostPerMonth?: number;\n\tmaxCallsPerDay?: number;\n\tmaxCallsPerMonth?: number;\n}\n\ninterface BudgetUsageRow {\n\ttokensCostToday: number;\n\ttokensCostThisMonth: number;\n\tcallsToday: number;\n\tcallsThisMonth: number;\n\tlastUpdated: string;\n}\n\n// ============================================================\n// Agent Capability Cards (A2A discovery)\n// ============================================================\nexport const agentCards = sqliteTable(\"kavach_agent_cards\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tname: text(\"name\").notNull(),\n\tdescription: text(\"description\"),\n\tversion: text(\"version\").notNull(),\n\tprotocols: text(\"protocols\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tcapabilities: text(\"capabilities\", { mode: \"json\" }).notNull().$type<unknown[]>(),\n\tauthRequirements: text(\"auth_requirements\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<Record<string, unknown>>(),\n\tendpoint: text(\"endpoint\"),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Approval Requests (CIBA async approval flows)\n// ============================================================\nexport const approvalRequests = sqliteTable(\"kavach_approval_requests\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\taction: text(\"action\").notNull(),\n\tresource: text(\"resource\").notNull(),\n\targuments: text(\"arguments\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tstatus: text(\"status\", { enum: [\"pending\", \"approved\", \"denied\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"pending\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\trespondedAt: integer(\"responded_at\", { mode: \"timestamp\" }),\n\trespondedBy: text(\"responded_by\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Trust Scores (graduated autonomy scoring)\n// ============================================================\nexport const trustScores = sqliteTable(\"kavach_trust_scores\", {\n\tagentId: text(\"agent_id\")\n\t\t.primaryKey()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tscore: integer(\"score\").notNull(),\n\tlevel: text(\"level\", {\n\t\tenum: [\"untrusted\", \"limited\", \"standard\", \"trusted\", \"elevated\"],\n\t}).notNull(),\n\tfactors: text(\"factors\", { mode: \"json\" }).notNull().$type<Record<string, unknown>>(),\n\tcomputedAt: integer(\"computed_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Magic Links (passwordless email login)\n// ============================================================\nexport const magicLinks = sqliteTable(\"kavach_magic_links\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull(),\n\ttoken: text(\"token\").notNull().unique(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Email OTPs (one-time password login)\n// ============================================================\nexport const emailOtps = sqliteTable(\"kavach_email_otps\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull(),\n\tcodeHash: text(\"code_hash\").notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tattempts: integer(\"attempts\").notNull().default(0),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// TOTP (Two-Factor Authentication)\n// ============================================================\nexport const totpRecords = sqliteTable(\"kavach_totp\", {\n\tuserId: text(\"user_id\")\n\t\t.primaryKey()\n\t\t.references(() => users.id),\n\tsecret: text(\"secret\").notNull(), // base32-encoded TOTP secret\n\tenabled: integer(\"enabled\", { mode: \"boolean\" }).notNull().default(false),\n\tbackupCodes: text(\"backup_codes\", { mode: \"json\" }).notNull().$type<TotpBackupCode[]>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface TotpBackupCode {\n\thash: string;\n\tused: boolean;\n}\n\n// ============================================================\n// Organizations (multi-member org with RBAC)\n// ============================================================\nexport const organizations = sqliteTable(\"kavach_organizations\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tslug: text(\"slug\").notNull().unique(),\n\townerId: text(\"owner_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgMembers = sqliteTable(\"kavach_org_members\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\trole: text(\"role\").notNull().default(\"member\"),\n\tjoinedAt: integer(\"joined_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgInvitations = sqliteTable(\"kavach_org_invitations\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\temail: text(\"email\").notNull(),\n\trole: text(\"role\").notNull().default(\"member\"),\n\tinvitedBy: text(\"invited_by\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tstatus: text(\"status\", { enum: [\"pending\", \"accepted\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"pending\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgRoles = sqliteTable(\"kavach_org_roles\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\tname: text(\"name\").notNull(),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<string[]>(),\n});\n\n// ============================================================\n// Passkey Credentials (WebAuthn / FIDO2)\n// ============================================================\nexport const passkeyCredentials = sqliteTable(\"kavach_passkey_credentials\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tcredentialId: text(\"credential_id\").notNull().unique(),\n\tpublicKey: text(\"public_key\").notNull(), // base64url-encoded COSE key\n\tcounter: integer(\"counter\").notNull().default(0),\n\tdeviceName: text(\"device_name\"),\n\ttransports: text(\"transports\"), // JSON array, e.g. '[\"internal\",\"usb\"]'\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tlastUsedAt: integer(\"last_used_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// SSO Connections (SAML / OIDC enterprise SSO)\n// ============================================================\nexport const ssoConnections = sqliteTable(\"kavach_sso_connections\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\").notNull(),\n\tproviderId: text(\"provider_id\").notNull(),\n\ttype: text(\"type\", { enum: [\"saml\", \"oidc\"] }).notNull(),\n\tdomain: text(\"domain\").notNull().unique(),\n\tenabled: integer(\"enabled\").notNull().default(1),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// API Keys (static bearer tokens with permission scopes)\n// ============================================================\nexport const apiKeys = sqliteTable(\"kavach_api_keys\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tname: text(\"name\").notNull(),\n\tkeyHash: text(\"key_hash\").notNull(),\n\tkeyPrefix: text(\"key_prefix\").notNull(),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<string[]>(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }),\n\tlastUsedAt: integer(\"last_used_at\", { mode: \"timestamp\" }),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Passkey Challenges (WebAuthn challenge state — short-lived)\n// ============================================================\nexport const passkeyChallenges = sqliteTable(\"kavach_passkey_challenges\", {\n\tid: text(\"id\").primaryKey(),\n\tchallenge: text(\"challenge\").notNull().unique(),\n\tuserId: text(\"user_id\"), // null for discoverable credential flows\n\ttype: text(\"type\", { enum: [\"registration\", \"authentication\"] }).notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Username Accounts (username + password auth)\n// ============================================================\nexport const usernameAccounts = sqliteTable(\"kavach_username_accounts\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tusername: text(\"username\").notNull().unique(),\n\tpasswordHash: text(\"password_hash\").notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Phone Verifications (SMS OTP)\n// ============================================================\nexport const phoneVerifications = sqliteTable(\"kavach_phone_verifications\", {\n\tid: text(\"id\").primaryKey(),\n\tphoneNumber: text(\"phone_number\").notNull(),\n\tcodeHash: text(\"code_hash\").notNull(),\n\tattempts: integer(\"attempts\").notNull().default(0),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Trusted Devices (skip 2FA on known devices for a time window)\n// ============================================================\nexport const trustedDevices = sqliteTable(\"kavach_trusted_devices\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tfingerprint: text(\"fingerprint\").notNull(), // HMAC-SHA256 of stable request headers\n\tlabel: text(\"label\").notNull(), // human-readable, e.g. \"Mac\", \"iPhone\"\n\ttrustedAt: integer(\"trusted_at\", { mode: \"timestamp\" }).notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// One-Time Tokens (email verify, password reset, invitation, custom)\n// ============================================================\nexport const oneTimeTokens = sqliteTable(\"kavach_one_time_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\ttokenHash: text(\"token_hash\").notNull().unique(), // SHA-256 hex of the raw token\n\tpurpose: text(\"purpose\", {\n\t\tenum: [\"email-verify\", \"password-reset\", \"invitation\", \"custom\"],\n\t}).notNull(),\n\tidentifier: text(\"identifier\").notNull(), // email, userId, or any caller-supplied key\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Login History (last login method tracking per user)\n// ============================================================\nexport const loginHistory = sqliteTable(\"kavach_login_history\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tmethod: text(\"method\").notNull(), // LoginMethod — kept as text to support oauth:{provider} variants\n\tip: text(\"ip\"),\n\tuserAgent: text(\"user_agent\"),\n\ttimestamp: integer(\"timestamp\", { mode: \"timestamp_ms\" }).notNull(),\n});\n\n// ============================================================\n// Agent DIDs (W3C Decentralized Identifiers per agent)\n// ============================================================\nexport const agentDids = sqliteTable(\"kavach_agent_dids\", {\n\tagentId: text(\"agent_id\")\n\t\t.primaryKey()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tdid: text(\"did\").notNull().unique(),\n\tmethod: text(\"method\", { enum: [\"key\", \"web\"] }).notNull(),\n\tpublicKeyJwk: text(\"public_key_jwk\").notNull(), // JSON-serialised JWK (public key only)\n\tdidDocument: text(\"did_document\").notNull(), // JSON-serialised DID Document\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Clients (apps authenticating against KavachOS IdP)\n// ============================================================\nexport const oidcClients = sqliteTable(\"kavach_oidc_clients\", {\n\tid: text(\"id\").primaryKey(),\n\tclientId: text(\"client_id\").notNull().unique(),\n\tclientSecretHash: text(\"client_secret_hash\").notNull(), // SHA-256 hex of the raw secret\n\tclientName: text(\"client_name\").notNull(),\n\tredirectUris: text(\"redirect_uris\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tgrantTypes: text(\"grant_types\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tresponseTypes: text(\"response_types\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tscopes: text(\"scopes\", { mode: \"json\" }).notNull().$type<string[]>(),\n\ttokenEndpointAuthMethod: text(\"token_endpoint_auth_method\")\n\t\t.notNull()\n\t\t.default(\"client_secret_post\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Authorization Codes\n// ============================================================\nexport const oidcAuthCodes = sqliteTable(\"kavach_oidc_auth_codes\", {\n\tid: text(\"id\").primaryKey(),\n\tcodeHash: text(\"code_hash\").notNull().unique(), // SHA-256 hex of the raw code\n\tclientId: text(\"client_id\").notNull(),\n\tuserId: text(\"user_id\").notNull(),\n\tredirectUri: text(\"redirect_uri\").notNull(),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\tnonce: text(\"nonce\"),\n\tcodeChallenge: text(\"code_challenge\"), // PKCE S256\n\tcodeChallengeMethod: text(\"code_challenge_method\"),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Refresh Tokens\n// ============================================================\nexport const oidcRefreshTokens = sqliteTable(\"kavach_oidc_refresh_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\ttokenHash: text(\"token_hash\").notNull().unique(), // SHA-256 hex of the raw token\n\tclientId: text(\"client_id\").notNull(),\n\tuserId: text(\"user_id\").notNull(),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\trevoked: integer(\"revoked\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Cost Events (per-agent cost attribution and observability)\n// ============================================================\nexport const costEvents = sqliteTable(\"kavach_cost_events\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\ttool: text(\"tool\").notNull(), // e.g. 'openai:gpt-4o', 'anthropic:claude-3-5-sonnet', 'mcp:github'\n\tinputTokens: integer(\"input_tokens\"),\n\toutputTokens: integer(\"output_tokens\"),\n\t/** Cost stored as integer microdollars (costUsd × 1_000_000) to avoid float drift */\n\tcostMicros: integer(\"cost_micros\").notNull(),\n\tcurrency: text(\"currency\").notNull().default(\"USD\"),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tdelegationChainId: text(\"delegation_chain_id\"), // null when not part of a chain\n\trecordedAt: integer(\"recorded_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Ephemeral Sessions (short-lived agent credentials for single-task use)\n// ============================================================\nexport const ephemeralSessions = sqliteTable(\"kavach_ephemeral_sessions\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\townerId: text(\"owner_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\ttokenHash: text(\"token_hash\").notNull().unique(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tmaxActions: integer(\"max_actions\"), // null = unlimited\n\tactionsUsed: integer(\"actions_used\").notNull().default(0),\n\tstatus: text(\"status\", { enum: [\"active\", \"expired\", \"exhausted\", \"revoked\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tauditGroupId: text(\"audit_group_id\").notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Stream Events (persisted SSE events for replay)\n// ============================================================\nexport const streamEvents = sqliteTable(\"kavach_stream_events\", {\n\tid: text(\"id\").primaryKey(),\n\ttype: text(\"type\").notNull(),\n\ttimestamp: integer(\"timestamp\", { mode: \"timestamp\" }).notNull(),\n\tdata: text(\"data\", { mode: \"json\" }).notNull().$type<Record<string, unknown>>(),\n\tagentId: text(\"agent_id\"),\n\tuserId: text(\"user_id\"),\n});\n\n// ============================================================\n// JWT Session Refresh Tokens (general-purpose session plugin)\n// ============================================================\nexport const jwtRefreshTokens = sqliteTable(\"kavach_jwt_refresh_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\t/** SHA-256 hex of the raw refresh token. The raw token is never stored. */\n\ttokenHash: text(\"token_hash\").notNull().unique(),\n\t/** The user who owns this session. */\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\t/** True once the token has been used in a refresh or explicit revocation. */\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// ReBAC Resources (relationship-based access control — resource hierarchy)\n// ============================================================\nexport const rebacResources = sqliteTable(\"kavach_rebac_resources\", {\n\tid: text(\"id\").notNull().primaryKey(),\n\ttype: text(\"type\").notNull(), // 'org', 'workspace', 'project', 'document', etc.\n\tparentId: text(\"parent_id\"),\n\tparentType: text(\"parent_type\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// ReBAC Relationships (subject-relation-object tuples, Zanzibar style)\n// ============================================================\nexport const rebacRelationships = sqliteTable(\"kavach_rebac_relationships\", {\n\tid: text(\"id\").primaryKey(),\n\tsubjectType: text(\"subject_type\").notNull(), // 'user', 'agent', 'team', 'role'\n\tsubjectId: text(\"subject_id\").notNull(),\n\trelation: text(\"relation\").notNull(), // 'owner', 'editor', 'viewer', 'member', 'parent'\n\tobjectType: text(\"object_type\").notNull(),\n\tobjectId: text(\"object_id\").notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Federation Instances (trusted remote KavachOS instances)\n// ============================================================\nexport const federationInstances = sqliteTable(\"kavach_federation_instances\", {\n\tid: text(\"id\").primaryKey(),\n\tinstanceId: text(\"instance_id\").notNull().unique(),\n\tinstanceUrl: text(\"instance_url\").notNull(),\n\tpublicKeyJwk: text(\"public_key_jwk\"), // JSON-serialised JWK (public key only)\n\ttrustLevel: text(\"trust_level\", { enum: [\"full\", \"limited\", \"verify-only\"] })\n\t\t.notNull()\n\t\t.default(\"verify-only\"),\n\tdiscoveredAt: integer(\"discovered_at\", { mode: \"timestamp\" }),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Federation Tokens (issued/received federation tokens for audit)\n// ============================================================\nexport const federationTokens = sqliteTable(\"kavach_federation_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\ttokenJti: text(\"token_jti\").notNull().unique(), // JWT ID for dedup\n\tagentId: text(\"agent_id\").notNull(),\n\tsourceInstanceId: text(\"source_instance_id\").notNull(),\n\ttargetInstanceId: text(\"target_instance_id\"),\n\tdirection: text(\"direction\", { enum: [\"issued\", \"received\"] }).notNull(),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<string[]>(),\n\ttrustScore: integer(\"trust_score\"), // stored as integer 0-100\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Refresh Token Families (token rotation / reuse detection)\n// ============================================================\nexport const refreshTokenFamilies = sqliteTable(\"kavach_refresh_token_families\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\t/** Absolute session expiry — no rotation can extend beyond this date. */\n\tabsoluteExpiresAt: integer(\"absolute_expires_at\", { mode: \"timestamp\" }).notNull(),\n\t/** 0 = active, 1 = revoked (reuse detection or explicit logout). */\n\trevoked: integer(\"revoked\").notNull().default(0),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Refresh Tokens (individual one-time-use tokens per family)\n// ============================================================\nexport const refreshTokens = sqliteTable(\"kavach_refresh_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\tfamilyId: text(\"family_id\")\n\t\t.notNull()\n\t\t.references(() => refreshTokenFamilies.id, { onDelete: \"cascade\" }),\n\t/** SHA-256 hash of the opaque token — never store the raw token. */\n\ttokenHash: text(\"token_hash\").notNull().unique(),\n\t/** 0 = unused, 1 = already consumed (one-time use). */\n\tused: integer(\"used\").notNull().default(0),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n","import { and, desc, eq, gte, lt, lte } from \"drizzle-orm\";\nimport type { Database } from \"../db/database.js\";\nimport { auditLogs } from \"../db/schema.js\";\nimport type { AuditEntry, AuditExportOptions, AuditFilter } from \"../types.js\";\n\ninterface AuditModuleConfig {\n\tdb: Database;\n}\n\n/**\n * Create the audit log module.\n * Provides query and export capabilities for the immutable audit trail.\n */\nexport function createAuditModule(config: AuditModuleConfig) {\n\tconst { db } = config;\n\n\tasync function query(filter: AuditFilter): Promise<AuditEntry[]> {\n\t\tconst conditions = [];\n\n\t\tif (filter.agentId) conditions.push(eq(auditLogs.agentId, filter.agentId));\n\t\tif (filter.userId) conditions.push(eq(auditLogs.userId, filter.userId));\n\t\tif (filter.since) conditions.push(gte(auditLogs.timestamp, filter.since));\n\t\tif (filter.until) conditions.push(lte(auditLogs.timestamp, filter.until));\n\t\tif (filter.result) conditions.push(eq(auditLogs.result, filter.result));\n\n\t\tlet q = db.select().from(auditLogs).orderBy(desc(auditLogs.timestamp)).$dynamic();\n\n\t\tif (conditions.length > 0) {\n\t\t\tq = q.where(and(...conditions));\n\t\t}\n\n\t\tif (filter.limit) {\n\t\t\tq = q.limit(filter.limit);\n\t\t}\n\t\tif (filter.offset) {\n\t\t\tq = q.offset(filter.offset);\n\t\t}\n\n\t\tconst rows = await q;\n\n\t\treturn rows\n\t\t\t.filter((row) => {\n\t\t\t\t// Filter by actions if specified\n\t\t\t\tif (filter.actions && filter.actions.length > 0) {\n\t\t\t\t\treturn filter.actions.includes(row.action);\n\t\t\t\t}\n\t\t\t\treturn true;\n\t\t\t})\n\t\t\t.map(toAuditEntry);\n\t}\n\n\tasync function exportLogs(options: AuditExportOptions): Promise<string> {\n\t\tconst entries = await query({\n\t\t\tsince: options.since,\n\t\t\tuntil: options.until,\n\t\t\tlimit: 10000, // cap exports\n\t\t});\n\n\t\tif (options.format === \"json\") {\n\t\t\treturn JSON.stringify(entries, null, 2);\n\t\t}\n\n\t\t// CSV format\n\t\tconst headers = [\n\t\t\t\"id\",\n\t\t\t\"agentId\",\n\t\t\t\"userId\",\n\t\t\t\"action\",\n\t\t\t\"resource\",\n\t\t\t\"result\",\n\t\t\t\"reason\",\n\t\t\t\"durationMs\",\n\t\t\t\"tokensCost\",\n\t\t\t\"timestamp\",\n\t\t];\n\t\tconst csvRows = [headers.join(\",\")];\n\n\t\tfor (const entry of entries) {\n\t\t\tcsvRows.push(\n\t\t\t\t[\n\t\t\t\t\tentry.id,\n\t\t\t\t\tentry.agentId,\n\t\t\t\t\tentry.userId,\n\t\t\t\t\tentry.action,\n\t\t\t\t\tentry.resource,\n\t\t\t\t\tentry.result,\n\t\t\t\t\t`\"${(entry as AuditEntry & { reason?: string }).reason ?? \"\"}\"`,\n\t\t\t\t\tentry.durationMs,\n\t\t\t\t\tentry.tokensCost ?? \"\",\n\t\t\t\t\tentry.timestamp.toISOString(),\n\t\t\t\t].join(\",\"),\n\t\t\t);\n\t\t}\n\n\t\treturn csvRows.join(\"\\n\");\n\t}\n\n\t/**\n\t * Delete audit log entries older than the specified retention period.\n\t * Returns the count of deleted rows.\n\t */\n\tasync function cleanup(options: { retentionDays: number }): Promise<{ deleted: number }> {\n\t\tconst cutoff = new Date(Date.now() - options.retentionDays * 24 * 60 * 60 * 1000);\n\n\t\t// Count rows to be deleted before removing them\n\t\tconst toDelete = await db\n\t\t\t.select({ id: auditLogs.id })\n\t\t\t.from(auditLogs)\n\t\t\t.where(lt(auditLogs.timestamp, cutoff));\n\n\t\tif (toDelete.length === 0) {\n\t\t\treturn { deleted: 0 };\n\t\t}\n\n\t\tawait db.delete(auditLogs).where(lt(auditLogs.timestamp, cutoff));\n\n\t\treturn { deleted: toDelete.length };\n\t}\n\n\treturn { query, export: exportLogs, cleanup };\n}\n\nfunction toAuditEntry(row: typeof auditLogs.$inferSelect): AuditEntry {\n\treturn {\n\t\tid: row.id,\n\t\tagentId: row.agentId,\n\t\tuserId: row.userId,\n\t\taction: row.action,\n\t\tresource: row.resource,\n\t\tparameters: (row.parameters as Record<string, unknown>) ?? {},\n\t\tresult: row.result as AuditEntry[\"result\"],\n\t\treason: row.reason ?? undefined,\n\t\tdurationMs: row.durationMs,\n\t\ttokensCost: row.tokensCost ?? undefined,\n\t\ttimestamp: row.timestamp,\n\t};\n}\n"]}
1
+ {"version":3,"sources":["../../src/db/schema.ts","../../src/audit/audit.ts"],"names":[],"mappings":";;;;AAKO,IAAM,KAAA,GAAQ,YAAY,cAAA,EAAgB;AAAA,EAChD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACtC,IAAA,EAAM,KAAK,MAAM,CAAA;AAAA,EACjB,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,MAAA,EAAO;AAAA,EAClC,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA;AAAA,EAC9B,gBAAA,EAAkB,KAAK,mBAAmB,CAAA;AAAA;AAAA,EAC1C,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA;AAAA,EAE5E,QAAQ,OAAA,CAAQ,QAAQ,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC7C,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,cAAc,OAAA,CAAQ,gBAAA,EAAkB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC7D,oBAAoB,OAAA,CAAQ,sBAAsB,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACvE,eAAe,OAAA,CAAQ,gBAAgB,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA;AAAA,EAE5D,gBAAA,EAAkB,IAAA,CAAK,oBAAoB,CAAA,CAAE,MAAA,EAAO;AAAA,EACpD,oBAAA,EAAsB,KAAK,wBAAwB,CAAA;AAAA,EACnD,wBAAA,EAA0B,KAAK,4BAA4B,CAAA;AAAA,EAC3D,aAAA,EAAe,KAAK,iBAAiB,CAAA;AAAA,EACrC,wBAAwB,OAAA,CAAQ,2BAAA,EAA6B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAClF,uBAAA,EAAyB,OAAA,CAAQ,6BAAA,EAA+B,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CACjF,OAAA,EAAQ,CACR,OAAA,CAAQ,KAAK,CAAA;AAAA;AAAA,EAEf,eAAA,EAAiB,IAAA,CAAK,mBAAmB,CAAA,CAAE,MAAA,EAAO;AAAA,EAClD,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA,EACjD,uBAAA,EAAyB,KAAK,2BAA2B,CAAA;AAAA,EACzD,cAAA,EAAgB,KAAK,kBAAkB,CAAA;AAAA,EACvC,uBAAuB,OAAA,CAAQ,0BAAA,EAA4B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAChF,sBAAA,EAAwB,OAAA,CAAQ,4BAAA,EAA8B,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAC/E,OAAA,EAAQ,CACR,OAAA,CAAQ,KAAK,CAAA;AAAA,EACf,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAKM,IAAM,OAAA,GAAU,YAAY,gBAAA,EAAkB;AAAA,EACpD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAAyB;AAAA,EACtE,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,WAAW,CAAA,EAAG,CAAA,CACtD,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAYM,IAAM,MAAA,GAAS,YAAY,eAAA,EAAiB;AAAA,EAClD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,UAAU,IAAA,CAAK,WAAW,EAAE,UAAA,CAAW,MAAM,QAAQ,EAAE,CAAA;AAAA;AAAA,EACvD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,YAAA,EAAc,WAAA,EAAa,SAAS,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7E,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,GAAG,CAAA,CAC/D,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACtC,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC1C,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACtD,cAAc,OAAA,CAAQ,gBAAA,EAAkB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC7D,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAK0B,YAAY,oBAAA,EAAsB;AAAA,EAC5D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACnC,OAAA,EAAS,IAAA,CAAK,SAAA,EAAW,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA;AAAA,EACrE,WAAA,EAAa,KAAK,aAAA,EAAe,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAAgC;AAAA;AAAA,EAEnF,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA,EACzB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAa+B,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAA,EAAa,KAAK,eAAe,CAAA,CAC/B,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,SAAA,EAAW,KAAK,aAAa,CAAA,CAC3B,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAiC;AAAA,EAC9F,OAAO,OAAA,CAAQ,OAAO,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC3C,UAAU,OAAA,CAAQ,WAAW,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAClD,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,GAAG,CAAA,CAC/D,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAUM,IAAM,SAAA,GAAY,YAAY,mBAAA,EAAqB;AAAA,EACzD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAE,CAAA;AAAA,EAC5B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACnC,UAAA,EAAY,KAAK,YAAA,EAAc,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAChF,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,SAAA,EAAW,QAAA,EAAU,cAAc,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChF,MAAA,EAAQ,KAAK,QAAQ,CAAA;AAAA;AAAA,EACrB,UAAA,EAAY,OAAA,CAAQ,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3C,UAAA,EAAY,QAAQ,aAAa,CAAA;AAAA,EACjC,EAAA,EAAI,KAAK,IAAI,CAAA;AAAA,EACb,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA;AAAA,EAE5B,QAAA,EAAU,OAAA,CAAQ,WAAA,EAAa,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAC3E,SAAA,EAAW,QAAQ,WAAA,EAAa,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACxD,CAAC,CAAA;AAKyB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EACnC,WAAA,EAAa,QAAQ,cAAA,EAAgB,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EACpE,OAAO,OAAA,CAAQ,OAAO,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC;AAC5C,CAAC;AAKyB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,UAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC5C,KAAA,EAAO,IAAA,CAAK,OAAA,EAAS,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACjE,YAAA,EAAc,OAAA,CAAQ,eAAA,EAAiB,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,IAAI,CAAA;AAAA,EAClF,YAAA,EAAc,QAAQ,gBAAgB,CAAA;AAAA,EACtC,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,UAAU,CAAA,EAAG,CAAA,CACrD,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKuB,YAAY,iBAAA,EAAmB;AAAA,EACtD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,YAAA,GAAe,YAAY,sBAAA,EAAwB;AAAA,EAC/D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC7C,YAAA,EAAc,KAAK,eAAe,CAAA;AAAA;AAAA,EAClC,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,EAC9B,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAChF,UAAA,EAAY,IAAA,CAAK,aAAA,EAAe,EAAE,MAAM,MAAA,EAAQ,CAAA,CAC9C,OAAA,GACA,KAAA,EAAgB,CAChB,OAAA,CAAQ,CAAC,oBAAoB,CAAC,CAAA;AAAA,EAChC,aAAA,EAAe,IAAA,CAAK,gBAAA,EAAkB,EAAE,MAAM,MAAA,EAAQ,CAAA,CACpD,OAAA,GACA,KAAA,EAAgB,CAChB,OAAA,CAAQ,CAAC,MAAM,CAAC,CAAA;AAAA,EAClB,yBAAyB,IAAA,CAAK,4BAA4B,EACxD,OAAA,EAAQ,CACR,QAAQ,qBAAqB,CAAA;AAAA,EAC/B,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,MAAM,CAAC,QAAA,EAAU,cAAc,CAAA,EAAG,CAAA,CACrD,OAAA,EAAQ,CACR,QAAQ,cAAc,CAAA;AAAA,EACxB,QAAA,EAAU,OAAA,CAAQ,UAAA,EAAY,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAC1E,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAKgC,YAAY,4BAAA,EAA8B;AAAA,EAC1E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,aAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACnD,YAAA,EAAc,IAAA,CAAK,eAAe,CAAA,CAAE,MAAA,EAAO;AAAA,EAC3C,QAAA,EAAU,KAAK,WAAW,CAAA,CACxB,SAAQ,CACR,UAAA,CAAW,MAAM,YAAA,CAAa,QAAQ,CAAA;AAAA,EACxC,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA;AAAA,EACzB,oBAAA,EAAsB,QAAQ,yBAAA,EAA2B,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EACxF,uBAAuB,OAAA,CAAQ,0BAAA,EAA4B,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAChF,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKsC,YAAY,kCAAA,EAAoC;AAAA,EACtF,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,QAAA,EAAU,KAAK,WAAW,CAAA,CACxB,SAAQ,CACR,UAAA,CAAW,MAAM,YAAA,CAAa,QAAQ,CAAA;AAAA,EACxC,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC/B,aAAA,EAAe,KAAK,gBAAgB,CAAA;AAAA;AAAA,EACpC,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA;AAAA,EACjD,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA;AAAA,EACzB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK6B,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CAAE,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,SAAA,EAAW,CAAA;AAAA;AAAA,EAC7E,QAAQ,IAAA,CAAK,SAAS,EAAE,UAAA,CAAW,MAAM,MAAM,EAAE,CAAA;AAAA;AAAA,EACjD,UAAU,IAAA,CAAK,WAAW,EAAE,UAAA,CAAW,MAAM,QAAQ,EAAE,CAAA;AAAA;AAAA,EACvD,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAuB;AAAA,EAC1E,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAsB;AAAA,EACtF,QAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,MAAA,EAAQ,UAAA,EAAY,OAAA,EAAS,QAAQ,GAAG,CAAA,CACtE,OAAA,EAAQ,CACR,QAAQ,MAAM,CAAA;AAAA,EAChB,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,QAAA,EAAU,WAAA,EAAa,UAAU,GAAG,CAAA,CAClE,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAoByB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,WAAA,EAAa,KAAK,aAAa,CAAA;AAAA,EAC/B,OAAA,EAAS,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EACjC,SAAA,EAAW,IAAA,CAAK,WAAA,EAAa,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACzE,YAAA,EAAc,IAAA,CAAK,cAAA,EAAgB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAiB;AAAA,EAChF,gBAAA,EAAkB,IAAA,CAAK,mBAAA,EAAqB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAC1D,OAAA,EAAQ,CACR,KAAA,EAA+B;AAAA,EACjC,QAAA,EAAU,KAAK,UAAU,CAAA;AAAA,EACzB,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK+B,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC/B,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EACnC,SAAA,EAAW,KAAK,WAAA,EAAa,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC9E,QAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,SAAA,EAAW,UAAA,EAAY,QAAA,EAAU,SAAS,GAAG,CAAA,CAC3E,OAAA,EAAQ,CACR,QAAQ,SAAS,CAAA;AAAA,EACnB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,aAAa,OAAA,CAAQ,cAAA,EAAgB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC1D,WAAA,EAAa,KAAK,cAAc,CAAA;AAAA,EAChC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK0B,YAAY,qBAAA,EAAuB;AAAA,EAC7D,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,UAAA,EAAW,CACX,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,KAAA,EAAO,OAAA,CAAQ,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,KAAA,EAAO,KAAK,OAAA,EAAS;AAAA,IACpB,MAAM,CAAC,WAAA,EAAa,SAAA,EAAW,UAAA,EAAY,WAAW,UAAU;AAAA,GAChE,EAAE,OAAA,EAAQ;AAAA,EACX,OAAA,EAAS,IAAA,CAAK,SAAA,EAAW,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAA+B;AAAA,EACpF,UAAA,EAAY,QAAQ,aAAA,EAAe,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AAC3D,CAAC;AAKyB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,OAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACtC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKwB,YAAY,mBAAA,EAAqB;AAAA,EACzD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,UAAU,OAAA,CAAQ,UAAU,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACjD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK0B,YAAY,aAAA,EAAe;AAAA,EACrD,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,YAAW,CACX,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,OAAA,EAAS,OAAA,CAAQ,SAAA,EAAW,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EACxE,WAAA,EAAa,IAAA,CAAK,cAAA,EAAgB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAwB;AAAA,EACtF,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAUM,IAAM,aAAA,GAAgB,YAAY,sBAAA,EAAwB;AAAA,EAChE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACpC,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAEyB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAM,IAAA,CAAK,MAAM,EAAE,OAAA,EAAQ,CAAE,QAAQ,QAAQ,CAAA;AAAA,EAC7C,QAAA,EAAU,QAAQ,WAAA,EAAa,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACvD,CAAC;AAE6B,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7B,MAAM,IAAA,CAAK,MAAM,EAAE,OAAA,EAAQ,CAAE,QAAQ,QAAQ,CAAA;AAAA,EAC7C,SAAA,EAAW,KAAK,YAAY,CAAA,CAC1B,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,MAAM,CAAC,SAAA,EAAW,UAAA,EAAY,SAAS,GAAG,CAAA,CACjE,OAAA,EAAQ,CACR,QAAQ,SAAS,CAAA;AAAA,EACnB,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAEuB,YAAY,kBAAA,EAAoB;AAAA,EACvD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAClB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,aAAA,CAAc,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5D,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA;AAC9D,CAAC;AAKiC,YAAY,4BAAA,EAA8B;AAAA,EAC3E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,cAAc,IAAA,CAAK,eAAe,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACrD,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACtC,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC/C,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,EAC9B,UAAA,EAAY,KAAK,YAAY,CAAA;AAAA;AAAA,EAC7B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,UAAA,EAAY,QAAQ,cAAA,EAAgB,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AAC5D,CAAC;AAK6B,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC9B,UAAA,EAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EACxC,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,MAAA,EAAQ,MAAM,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACvD,QAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACxC,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC/C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKsB,YAAY,iBAAA,EAAmB;AAAA,EACrD,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,KAAK,SAAS,CAAA,CACpB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EAClC,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,EACtC,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAC7E,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACtD,YAAY,OAAA,CAAQ,cAAA,EAAgB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACzD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKgC,YAAY,2BAAA,EAA6B;AAAA,EACzE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC9C,MAAA,EAAQ,KAAK,SAAS,CAAA;AAAA;AAAA,EACtB,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,CAAC,cAAA,EAAgB,gBAAgB,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACzE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK+B,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,UAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC5C,YAAA,EAAc,IAAA,CAAK,eAAe,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC5C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKiC,YAAY,4BAAA,EAA8B;AAAA,EAC3E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,UAAU,OAAA,CAAQ,UAAU,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACjD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK6B,YAAY,wBAAA,EAA0B;AAAA,EACnE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,WAAA,EAAa,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACzC,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC7B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK4B,YAAY,wBAAA,EAA0B;AAAA,EAClE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC/C,OAAA,EAAS,KAAK,SAAA,EAAW;AAAA,IACxB,IAAA,EAAM,CAAC,cAAA,EAAgB,gBAAA,EAAkB,cAAc,QAAQ;AAAA,GAC/D,EAAE,OAAA,EAAQ;AAAA,EACX,UAAA,EAAY,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACvC,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK2B,YAAY,sBAAA,EAAwB;AAAA,EAC/D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACpD,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,EAAA,EAAI,KAAK,IAAI,CAAA;AAAA,EACb,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,EAC5B,SAAA,EAAW,QAAQ,WAAA,EAAa,EAAE,MAAM,cAAA,EAAgB,EAAE,OAAA;AAC3D,CAAC;AAKwB,YAAY,mBAAA,EAAqB;AAAA,EACzD,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,UAAA,EAAW,CACX,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,KAAK,IAAA,CAAK,KAAK,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAClC,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,KAAA,EAAO,KAAK,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACzD,YAAA,EAAc,IAAA,CAAK,gBAAgB,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC7C,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC1C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK0B,YAAY,qBAAA,EAAuB;AAAA,EAC7D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC7C,gBAAA,EAAkB,IAAA,CAAK,oBAAoB,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACrD,UAAA,EAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EACxC,YAAA,EAAc,IAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAChF,UAAA,EAAY,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAC5E,aAAA,EAAe,IAAA,CAAK,gBAAA,EAAkB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAClF,MAAA,EAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EACnE,yBAAyB,IAAA,CAAK,4BAA4B,EACxD,OAAA,EAAQ,CACR,QAAQ,oBAAoB,CAAA;AAAA,EAC9B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK4B,YAAY,wBAAA,EAA0B;AAAA,EAClE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC7C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,KAAA,EAAO,KAAK,OAAO,CAAA;AAAA,EACnB,aAAA,EAAe,KAAK,gBAAgB,CAAA;AAAA;AAAA,EACpC,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA,EACjD,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKgC,YAAY,4BAAA,EAA8B;AAAA,EAC1E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC/C,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,EAAQ;AAAA,EAChC,MAAA,EAAQ,IAAA,CAAK,QAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC/B,OAAA,EAAS,OAAA,CAAQ,SAAA,EAAW,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EACxE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKyB,YAAY,oBAAA,EAAsB;AAAA,EAC3D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC3B,WAAA,EAAa,QAAQ,cAAc,CAAA;AAAA,EACnC,YAAA,EAAc,QAAQ,eAAe,CAAA;AAAA;AAAA,EAErC,UAAA,EAAY,OAAA,CAAQ,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3C,UAAU,IAAA,CAAK,UAAU,EAAE,OAAA,EAAQ,CAAE,QAAQ,KAAK,CAAA;AAAA,EAClD,QAAA,EAAU,KAAK,UAAA,EAAY,EAAE,MAAM,MAAA,EAAQ,EAAE,KAAA,EAA+B;AAAA,EAC5E,iBAAA,EAAmB,KAAK,qBAAqB,CAAA;AAAA;AAAA,EAC7C,UAAA,EAAY,QAAQ,aAAA,EAAe,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AAC3D,CAAC;AAKgC,YAAY,2BAAA,EAA6B;AAAA,EACzE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CACtB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,MAAA,CAAO,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,EACrD,OAAA,EAAS,KAAK,UAAU,CAAA,CACtB,SAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAE,CAAA;AAAA,EAC3B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EAC/C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,UAAA,EAAY,QAAQ,aAAa,CAAA;AAAA;AAAA,EACjC,aAAa,OAAA,CAAQ,cAAc,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACxD,QAAQ,IAAA,CAAK,QAAA,EAAU,EAAE,IAAA,EAAM,CAAC,QAAA,EAAU,SAAA,EAAW,WAAA,EAAa,SAAS,GAAG,CAAA,CAC5E,OAAA,EAAQ,CACR,QAAQ,QAAQ,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA,CAAK,gBAAgB,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC7C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK2B,YAAY,sBAAA,EAAwB;AAAA,EAC/D,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC3B,SAAA,EAAW,QAAQ,WAAA,EAAa,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAC/D,IAAA,EAAM,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAA+B;AAAA,EAC9E,OAAA,EAAS,KAAK,UAAU,CAAA;AAAA,EACxB,MAAA,EAAQ,KAAK,SAAS;AACvB,CAAC;AAK+B,YAAY,2BAAA,EAA6B;AAAA,EACxE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA;AAAA,EAE1B,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAE/C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA;AAAA,EAEpD,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,EAClE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK6B,YAAY,wBAAA,EAA0B;AAAA,EACnE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,OAAA,GAAU,UAAA,EAAW;AAAA,EACpC,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC3B,QAAA,EAAU,KAAK,WAAW,CAAA;AAAA,EAC1B,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,EAC9B,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKiC,YAAY,4BAAA,EAA8B;AAAA,EAC3E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EAC1C,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,EACtC,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA;AAAA,EACnC,UAAA,EAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,EAAQ;AAAA,EACxC,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,EACpC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKkC,YAAY,6BAAA,EAA+B;AAAA,EAC7E,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,YAAY,IAAA,CAAK,aAAa,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA,EACjD,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,EAC1C,YAAA,EAAc,KAAK,gBAAgB,CAAA;AAAA;AAAA,EACnC,UAAA,EAAY,IAAA,CAAK,aAAA,EAAe,EAAE,MAAM,CAAC,MAAA,EAAQ,SAAA,EAAW,aAAa,GAAG,CAAA,CAC1E,OAAA,EAAQ,CACR,QAAQ,aAAa,CAAA;AAAA,EACvB,cAAc,OAAA,CAAQ,eAAA,EAAiB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC5D,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAK+B,YAAY,0BAAA,EAA4B;AAAA,EACvE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,UAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAC7C,OAAA,EAAS,IAAA,CAAK,UAAU,CAAA,CAAE,OAAA,EAAQ;AAAA,EAClC,gBAAA,EAAkB,IAAA,CAAK,oBAAoB,CAAA,CAAE,OAAA,EAAQ;AAAA,EACrD,gBAAA,EAAkB,KAAK,oBAAoB,CAAA;AAAA,EAC3C,SAAA,EAAW,IAAA,CAAK,WAAA,EAAa,EAAE,IAAA,EAAM,CAAC,QAAA,EAAU,UAAU,CAAA,EAAG,CAAA,CAAE,OAAA,EAAQ;AAAA,EACvE,WAAA,EAAa,IAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,EAC7E,UAAA,EAAY,QAAQ,aAAa,CAAA;AAAA;AAAA,EACjC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;AAKM,IAAM,oBAAA,GAAuB,YAAY,+BAAA,EAAiC;AAAA,EAChF,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACpB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA;AAAA,EAEpD,iBAAA,EAAmB,QAAQ,qBAAA,EAAuB,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA;AAAA,EAEjF,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EAC/C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC,CAAA;AAK4B,YAAY,uBAAA,EAAyB;AAAA,EACjE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1B,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CACxB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,oBAAA,CAAqB,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA;AAAA,EAEnE,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,GAAU,MAAA,EAAO;AAAA;AAAA,EAE/C,MAAM,OAAA,CAAQ,MAAM,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,EACzC,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA,EAAQ;AAAA,EAChE,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,MAAM,WAAA,EAAa,EAAE,OAAA;AACzD,CAAC;;;AClyBM,SAAS,kBAAkB,MAAA,EAA2B;AAC5D,EAAA,MAAM,EAAE,IAAG,GAAI,MAAA;AAEf,EAAA,eAAe,MAAM,MAAA,EAA4C;AAChE,IAAA,MAAM,aAAa,EAAC;AAEpB,IAAA,IAAI,MAAA,CAAO,SAAS,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,OAAA,EAAS,MAAA,CAAO,OAAO,CAAC,CAAA;AACzE,IAAA,IAAI,MAAA,CAAO,QAAQ,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,MAAA,EAAQ,MAAA,CAAO,MAAM,CAAC,CAAA;AACtE,IAAA,IAAI,MAAA,CAAO,OAAO,UAAA,CAAW,IAAA,CAAK,IAAI,SAAA,CAAU,SAAA,EAAW,MAAA,CAAO,KAAK,CAAC,CAAA;AACxE,IAAA,IAAI,MAAA,CAAO,OAAO,UAAA,CAAW,IAAA,CAAK,IAAI,SAAA,CAAU,SAAA,EAAW,MAAA,CAAO,KAAK,CAAC,CAAA;AACxE,IAAA,IAAI,MAAA,CAAO,QAAQ,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,MAAA,EAAQ,MAAA,CAAO,MAAM,CAAC,CAAA;AAEtE,IAAA,IAAI,CAAA,GAAI,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,SAAS,CAAA,CAAE,OAAA,CAAQ,IAAA,CAAK,SAAA,CAAU,SAAS,CAAC,EAAE,QAAA,EAAS;AAEhF,IAAA,IAAI,UAAA,CAAW,SAAS,CAAA,EAAG;AAC1B,MAAA,CAAA,GAAI,CAAA,CAAE,KAAA,CAAM,GAAA,CAAI,GAAG,UAAU,CAAC,CAAA;AAAA,IAC/B;AAEA,IAAA,IAAI,OAAO,KAAA,EAAO;AACjB,MAAA,CAAA,GAAI,CAAA,CAAE,KAAA,CAAM,MAAA,CAAO,KAAK,CAAA;AAAA,IACzB;AACA,IAAA,IAAI,OAAO,MAAA,EAAQ;AAClB,MAAA,CAAA,GAAI,CAAA,CAAE,MAAA,CAAO,MAAA,CAAO,MAAM,CAAA;AAAA,IAC3B;AAEA,IAAA,MAAM,OAAO,MAAM,CAAA;AAEnB,IAAA,OAAO,IAAA,CACL,MAAA,CAAO,CAAC,GAAA,KAAQ;AAEhB,MAAA,IAAI,MAAA,CAAO,OAAA,IAAW,MAAA,CAAO,OAAA,CAAQ,SAAS,CAAA,EAAG;AAChD,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,QAAA,CAAS,GAAA,CAAI,MAAM,CAAA;AAAA,MAC1C;AACA,MAAA,OAAO,IAAA;AAAA,IACR,CAAC,CAAA,CACA,GAAA,CAAI,YAAY,CAAA;AAAA,EACnB;AAEA,EAAA,eAAe,WAAW,OAAA,EAA8C;AACvE,IAAA,MAAM,OAAA,GAAU,MAAM,KAAA,CAAM;AAAA,MAC3B,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,KAAA,EAAO;AAAA;AAAA,KACP,CAAA;AAED,IAAA,IAAI,OAAA,CAAQ,WAAW,MAAA,EAAQ;AAC9B,MAAA,OAAO,IAAA,CAAK,SAAA,CAAU,OAAA,EAAS,IAAA,EAAM,CAAC,CAAA;AAAA,IACvC;AAGA,IAAA,MAAM,OAAA,GAAU;AAAA,MACf,IAAA;AAAA,MACA,SAAA;AAAA,MACA,QAAA;AAAA,MACA,QAAA;AAAA,MACA,UAAA;AAAA,MACA,QAAA;AAAA,MACA,QAAA;AAAA,MACA,YAAA;AAAA,MACA,YAAA;AAAA,MACA;AAAA,KACD;AACA,IAAA,MAAM,OAAA,GAAU,CAAC,OAAA,CAAQ,IAAA,CAAK,GAAG,CAAC,CAAA;AAElC,IAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC5B,MAAA,OAAA,CAAQ,IAAA;AAAA,QACP;AAAA,UACC,KAAA,CAAM,EAAA;AAAA,UACN,KAAA,CAAM,OAAA;AAAA,UACN,KAAA,CAAM,MAAA;AAAA,UACN,KAAA,CAAM,MAAA;AAAA,UACN,KAAA,CAAM,QAAA;AAAA,UACN,KAAA,CAAM,MAAA;AAAA,UACN,CAAA,CAAA,EAAK,KAAA,CAA2C,MAAA,IAAU,EAAE,CAAA,CAAA,CAAA;AAAA,UAC5D,KAAA,CAAM,UAAA;AAAA,UACN,MAAM,UAAA,IAAc,EAAA;AAAA,UACpB,KAAA,CAAM,UAAU,WAAA;AAAY,SAC7B,CAAE,KAAK,GAAG;AAAA,OACX;AAAA,IACD;AAEA,IAAA,OAAO,OAAA,CAAQ,KAAK,IAAI,CAAA;AAAA,EACzB;AAMA,EAAA,eAAe,QAAQ,OAAA,EAAkE;AACxF,IAAA,MAAM,MAAA,GAAS,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,EAAI,GAAI,OAAA,CAAQ,aAAA,GAAgB,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAGhF,IAAA,MAAM,WAAW,MAAM,EAAA,CACrB,OAAO,EAAE,EAAA,EAAI,UAAU,EAAA,EAAI,CAAA,CAC3B,IAAA,CAAK,SAAS,CAAA,CACd,KAAA,CAAM,GAAG,SAAA,CAAU,SAAA,EAAW,MAAM,CAAC,CAAA;AAEvC,IAAA,IAAI,QAAA,CAAS,WAAW,CAAA,EAAG;AAC1B,MAAA,OAAO,EAAE,SAAS,CAAA,EAAE;AAAA,IACrB;AAEA,IAAA,MAAM,EAAA,CAAG,OAAO,SAAS,CAAA,CAAE,MAAM,EAAA,CAAG,SAAA,CAAU,SAAA,EAAW,MAAM,CAAC,CAAA;AAEhE,IAAA,OAAO,EAAE,OAAA,EAAS,QAAA,CAAS,MAAA,EAAO;AAAA,EACnC;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,MAAA,EAAQ,UAAA,EAAY,OAAA,EAAQ;AAC7C;AAEA,SAAS,aAAa,GAAA,EAAgD;AACrE,EAAA,OAAO;AAAA,IACN,IAAI,GAAA,CAAI,EAAA;AAAA,IACR,SAAS,GAAA,CAAI,OAAA;AAAA,IACb,QAAQ,GAAA,CAAI,MAAA;AAAA,IACZ,QAAQ,GAAA,CAAI,MAAA;AAAA,IACZ,UAAU,GAAA,CAAI,QAAA;AAAA,IACd,UAAA,EAAa,GAAA,CAAI,UAAA,IAA0C,EAAC;AAAA,IAC5D,QAAQ,GAAA,CAAI,MAAA;AAAA,IACZ,MAAA,EAAQ,IAAI,MAAA,IAAU,MAAA;AAAA,IACtB,YAAY,GAAA,CAAI,UAAA;AAAA,IAChB,UAAA,EAAY,IAAI,UAAA,IAAc,MAAA;AAAA,IAC9B,WAAW,GAAA,CAAI;AAAA,GAChB;AACD","file":"index.js","sourcesContent":["import { integer, sqliteTable, text } from \"drizzle-orm/sqlite-core\";\n\n// ============================================================\n// Users (basic human identity - integrates with external auth)\n// ============================================================\nexport const users = sqliteTable(\"kavach_users\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull().unique(),\n\tname: text(\"name\"),\n\tusername: text(\"username\").unique(),\n\texternalId: text(\"external_id\"), // ID from external auth (better-auth, Auth.js, etc.)\n\texternalProvider: text(\"external_provider\"), // \"better-auth\", \"authjs\", \"clerk\", etc.\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\t// Admin ban fields (populated by admin module)\n\tbanned: integer(\"banned\").notNull().default(0),\n\tbanReason: text(\"ban_reason\"),\n\tbanExpiresAt: integer(\"ban_expires_at\", { mode: \"timestamp\" }),\n\tforcePasswordReset: integer(\"force_password_reset\").notNull().default(0),\n\temailVerified: integer(\"email_verified\").notNull().default(0),\n\t// Stripe integration fields (populated by kavach-stripe plugin)\n\tstripeCustomerId: text(\"stripe_customer_id\").unique(),\n\tstripeSubscriptionId: text(\"stripe_subscription_id\"),\n\tstripeSubscriptionStatus: text(\"stripe_subscription_status\"),\n\tstripePriceId: text(\"stripe_price_id\"),\n\tstripeCurrentPeriodEnd: integer(\"stripe_current_period_end\", { mode: \"timestamp\" }),\n\tstripeCancelAtPeriodEnd: integer(\"stripe_cancel_at_period_end\", { mode: \"boolean\" })\n\t\t.notNull()\n\t\t.default(false),\n\t// Polar integration fields (populated by kavach-polar plugin)\n\tpolarCustomerId: text(\"polar_customer_id\").unique(),\n\tpolarSubscriptionId: text(\"polar_subscription_id\"),\n\tpolarSubscriptionStatus: text(\"polar_subscription_status\"),\n\tpolarProductId: text(\"polar_product_id\"),\n\tpolarCurrentPeriodEnd: integer(\"polar_current_period_end\", { mode: \"timestamp\" }),\n\tpolarCancelAtPeriodEnd: integer(\"polar_cancel_at_period_end\", { mode: \"boolean\" })\n\t\t.notNull()\n\t\t.default(false),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Tenants (multi-tenant isolation — must come before agents)\n// ============================================================\nexport const tenants = sqliteTable(\"kavach_tenants\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tslug: text(\"slug\").notNull().unique(),\n\tsettings: text(\"settings\", { mode: \"json\" }).$type<TenantSettingsRow>(),\n\tstatus: text(\"status\", { enum: [\"active\", \"suspended\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface TenantSettingsRow {\n\tmaxAgents?: number;\n\tmaxDelegationDepth?: number;\n\tauditRetentionDays?: number;\n\tallowedAgentTypes?: string[];\n}\n\n// ============================================================\n// Agents (the core differentiator - AI agent identities)\n// ============================================================\nexport const agents = sqliteTable(\"kavach_agents\", {\n\tid: text(\"id\").primaryKey(),\n\townerId: text(\"owner_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\ttenantId: text(\"tenant_id\").references(() => tenants.id), // nullable, for multi-tenant scoping\n\tname: text(\"name\").notNull(),\n\ttype: text(\"type\", { enum: [\"autonomous\", \"delegated\", \"service\"] }).notNull(),\n\tstatus: text(\"status\", { enum: [\"active\", \"revoked\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\ttokenHash: text(\"token_hash\").notNull(), // hashed agent token\n\ttokenPrefix: text(\"token_prefix\").notNull(), // first 8 chars for identification\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }),\n\tlastActiveAt: integer(\"last_active_at\", { mode: \"timestamp\" }),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Permissions (scoped access control per agent)\n// ============================================================\nexport const permissions = sqliteTable(\"kavach_permissions\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tresource: text(\"resource\").notNull(), // e.g. \"mcp:github:*\", \"tool:file_read\"\n\tactions: text(\"actions\", { mode: \"json\" }).notNull().$type<string[]>(), // [\"read\", \"write\", \"execute\"]\n\tconstraints: text(\"constraints\", { mode: \"json\" }).$type<PermissionConstraintsRow>(),\n\t// When set, the policy engine consults the ReBAC graph for this permission.\n\trelation: text(\"relation\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface PermissionConstraintsRow {\n\tmaxCallsPerHour?: number;\n\tallowedArgPatterns?: string[];\n\trequireApproval?: boolean;\n\ttimeWindow?: { start: string; end: string };\n\tipAllowlist?: string[];\n}\n\n// ============================================================\n// Delegation Chains (agent-to-agent permission delegation)\n// ============================================================\nexport const delegationChains = sqliteTable(\"kavach_delegation_chains\", {\n\tid: text(\"id\").primaryKey(),\n\tfromAgentId: text(\"from_agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\ttoAgentId: text(\"to_agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<DelegationPermissionRow[]>(),\n\tdepth: integer(\"depth\").notNull().default(1),\n\tmaxDepth: integer(\"max_depth\").notNull().default(3),\n\tstatus: text(\"status\", { enum: [\"active\", \"revoked\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface DelegationPermissionRow {\n\tresource: string;\n\tactions: string[];\n}\n\n// ============================================================\n// Audit Logs (immutable record of every agent action)\n// ============================================================\nexport const auditLogs = sqliteTable(\"kavach_audit_logs\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\taction: text(\"action\").notNull(), // \"execute\", \"read\", \"write\", \"delete\"\n\tresource: text(\"resource\").notNull(), // \"mcp:github:create_issue\"\n\tparameters: text(\"parameters\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tresult: text(\"result\", { enum: [\"allowed\", \"denied\", \"rate_limited\"] }).notNull(),\n\treason: text(\"reason\"), // why denied/rate_limited\n\tdurationMs: integer(\"duration_ms\").notNull(),\n\ttokensCost: integer(\"tokens_cost\"),\n\tip: text(\"ip\"),\n\tuserAgent: text(\"user_agent\"),\n\t// True when this audit row corresponds to a policy-engine cache-hit evaluation.\n\tcacheHit: integer(\"cache_hit\", { mode: \"boolean\" }).notNull().default(false),\n\ttimestamp: integer(\"timestamp\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Rate Limit Counters (track per-agent call rates)\n// ============================================================\nexport const rateLimits = sqliteTable(\"kavach_rate_limits\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tresource: text(\"resource\").notNull(),\n\twindowStart: integer(\"window_start\", { mode: \"timestamp\" }).notNull(),\n\tcount: integer(\"count\").notNull().default(0),\n});\n\n// ============================================================\n// MCP Servers (registered MCP servers)\n// ============================================================\nexport const mcpServers = sqliteTable(\"kavach_mcp_servers\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tendpoint: text(\"endpoint\").notNull().unique(),\n\ttools: text(\"tools\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tauthRequired: integer(\"auth_required\", { mode: \"boolean\" }).notNull().default(true),\n\trateLimitRpm: integer(\"rate_limit_rpm\"),\n\tstatus: text(\"status\", { enum: [\"active\", \"inactive\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Sessions (human user sessions managed by KavachOS)\n// ============================================================\nexport const sessions = sqliteTable(\"kavach_sessions\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Clients (for MCP OAuth 2.1 - dynamic client registration)\n// ============================================================\nexport const oauthClients = sqliteTable(\"kavach_oauth_clients\", {\n\tid: text(\"id\").primaryKey(),\n\tclientId: text(\"client_id\").notNull().unique(),\n\tclientSecret: text(\"client_secret\"), // null for public clients\n\tclientName: text(\"client_name\"),\n\tclientUri: text(\"client_uri\"),\n\tredirectUris: text(\"redirect_uris\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tgrantTypes: text(\"grant_types\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<string[]>()\n\t\t.default([\"authorization_code\"]),\n\tresponseTypes: text(\"response_types\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<string[]>()\n\t\t.default([\"code\"]),\n\ttokenEndpointAuthMethod: text(\"token_endpoint_auth_method\")\n\t\t.notNull()\n\t\t.default(\"client_secret_basic\"),\n\ttype: text(\"type\", { enum: [\"public\", \"confidential\"] })\n\t\t.notNull()\n\t\t.default(\"confidential\"),\n\tdisabled: integer(\"disabled\", { mode: \"boolean\" }).notNull().default(false),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Access Tokens (issued tokens for MCP auth)\n// ============================================================\nexport const oauthAccessTokens = sqliteTable(\"kavach_oauth_access_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\taccessToken: text(\"access_token\").notNull().unique(),\n\trefreshToken: text(\"refresh_token\").unique(),\n\tclientId: text(\"client_id\")\n\t\t.notNull()\n\t\t.references(() => oauthClients.clientId),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\tresource: text(\"resource\"), // RFC 8707 - audience binding\n\taccessTokenExpiresAt: integer(\"access_token_expires_at\", { mode: \"timestamp\" }).notNull(),\n\trefreshTokenExpiresAt: integer(\"refresh_token_expires_at\", { mode: \"timestamp\" }),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OAuth Authorization Codes (temporary codes for code exchange)\n// ============================================================\nexport const oauthAuthorizationCodes = sqliteTable(\"kavach_oauth_authorization_codes\", {\n\tid: text(\"id\").primaryKey(),\n\tcode: text(\"code\").notNull().unique(),\n\tclientId: text(\"client_id\")\n\t\t.notNull()\n\t\t.references(() => oauthClients.clientId),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tredirectUri: text(\"redirect_uri\").notNull(),\n\tscopes: text(\"scopes\").notNull(),\n\tcodeChallenge: text(\"code_challenge\"), // PKCE\n\tcodeChallengeMethod: text(\"code_challenge_method\"), // \"S256\"\n\tresource: text(\"resource\"), // RFC 8707\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Budget Policies (agent execution budget caps)\n// ============================================================\nexport const budgetPolicies = sqliteTable(\"kavach_budget_policies\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\").references(() => agents.id, { onDelete: \"cascade\" }), // nullable\n\tuserId: text(\"user_id\").references(() => users.id), // nullable\n\ttenantId: text(\"tenant_id\").references(() => tenants.id), // nullable\n\tlimits: text(\"limits\", { mode: \"json\" }).notNull().$type<BudgetLimitsRow>(),\n\tcurrentUsage: text(\"current_usage\", { mode: \"json\" }).notNull().$type<BudgetUsageRow>(),\n\taction: text(\"action\", { enum: [\"warn\", \"throttle\", \"block\", \"revoke\"] })\n\t\t.notNull()\n\t\t.default(\"warn\"),\n\tstatus: text(\"status\", { enum: [\"active\", \"triggered\", \"disabled\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface BudgetLimitsRow {\n\tmaxTokensCostPerDay?: number;\n\tmaxTokensCostPerMonth?: number;\n\tmaxCallsPerDay?: number;\n\tmaxCallsPerMonth?: number;\n}\n\ninterface BudgetUsageRow {\n\ttokensCostToday: number;\n\ttokensCostThisMonth: number;\n\tcallsToday: number;\n\tcallsThisMonth: number;\n\tlastUpdated: string;\n}\n\n// ============================================================\n// Agent Capability Cards (A2A discovery)\n// ============================================================\nexport const agentCards = sqliteTable(\"kavach_agent_cards\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tname: text(\"name\").notNull(),\n\tdescription: text(\"description\"),\n\tversion: text(\"version\").notNull(),\n\tprotocols: text(\"protocols\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tcapabilities: text(\"capabilities\", { mode: \"json\" }).notNull().$type<unknown[]>(),\n\tauthRequirements: text(\"auth_requirements\", { mode: \"json\" })\n\t\t.notNull()\n\t\t.$type<Record<string, unknown>>(),\n\tendpoint: text(\"endpoint\"),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Approval Requests (CIBA async approval flows)\n// ============================================================\nexport const approvalRequests = sqliteTable(\"kavach_approval_requests\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\taction: text(\"action\").notNull(),\n\tresource: text(\"resource\").notNull(),\n\targuments: text(\"arguments\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tstatus: text(\"status\", { enum: [\"pending\", \"approved\", \"denied\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"pending\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\trespondedAt: integer(\"responded_at\", { mode: \"timestamp\" }),\n\trespondedBy: text(\"responded_by\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Trust Scores (graduated autonomy scoring)\n// ============================================================\nexport const trustScores = sqliteTable(\"kavach_trust_scores\", {\n\tagentId: text(\"agent_id\")\n\t\t.primaryKey()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tscore: integer(\"score\").notNull(),\n\tlevel: text(\"level\", {\n\t\tenum: [\"untrusted\", \"limited\", \"standard\", \"trusted\", \"elevated\"],\n\t}).notNull(),\n\tfactors: text(\"factors\", { mode: \"json\" }).notNull().$type<Record<string, unknown>>(),\n\tcomputedAt: integer(\"computed_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Magic Links (passwordless email login)\n// ============================================================\nexport const magicLinks = sqliteTable(\"kavach_magic_links\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull(),\n\ttoken: text(\"token\").notNull().unique(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Email OTPs (one-time password login)\n// ============================================================\nexport const emailOtps = sqliteTable(\"kavach_email_otps\", {\n\tid: text(\"id\").primaryKey(),\n\temail: text(\"email\").notNull(),\n\tcodeHash: text(\"code_hash\").notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tattempts: integer(\"attempts\").notNull().default(0),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// TOTP (Two-Factor Authentication)\n// ============================================================\nexport const totpRecords = sqliteTable(\"kavach_totp\", {\n\tuserId: text(\"user_id\")\n\t\t.primaryKey()\n\t\t.references(() => users.id),\n\tsecret: text(\"secret\").notNull(), // base32-encoded TOTP secret\n\tenabled: integer(\"enabled\", { mode: \"boolean\" }).notNull().default(false),\n\tbackupCodes: text(\"backup_codes\", { mode: \"json\" }).notNull().$type<TotpBackupCode[]>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\ninterface TotpBackupCode {\n\thash: string;\n\tused: boolean;\n}\n\n// ============================================================\n// Organizations (multi-member org with RBAC)\n// ============================================================\nexport const organizations = sqliteTable(\"kavach_organizations\", {\n\tid: text(\"id\").primaryKey(),\n\tname: text(\"name\").notNull(),\n\tslug: text(\"slug\").notNull().unique(),\n\townerId: text(\"owner_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgMembers = sqliteTable(\"kavach_org_members\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\trole: text(\"role\").notNull().default(\"member\"),\n\tjoinedAt: integer(\"joined_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgInvitations = sqliteTable(\"kavach_org_invitations\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\temail: text(\"email\").notNull(),\n\trole: text(\"role\").notNull().default(\"member\"),\n\tinvitedBy: text(\"invited_by\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tstatus: text(\"status\", { enum: [\"pending\", \"accepted\", \"expired\"] })\n\t\t.notNull()\n\t\t.default(\"pending\"),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\nexport const orgRoles = sqliteTable(\"kavach_org_roles\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\")\n\t\t.notNull()\n\t\t.references(() => organizations.id, { onDelete: \"cascade\" }),\n\tname: text(\"name\").notNull(),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<string[]>(),\n});\n\n// ============================================================\n// Passkey Credentials (WebAuthn / FIDO2)\n// ============================================================\nexport const passkeyCredentials = sqliteTable(\"kavach_passkey_credentials\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tcredentialId: text(\"credential_id\").notNull().unique(),\n\tpublicKey: text(\"public_key\").notNull(), // base64url-encoded COSE key\n\tcounter: integer(\"counter\").notNull().default(0),\n\tdeviceName: text(\"device_name\"),\n\ttransports: text(\"transports\"), // JSON array, e.g. '[\"internal\",\"usb\"]'\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tlastUsedAt: integer(\"last_used_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// SSO Connections (SAML / OIDC enterprise SSO)\n// ============================================================\nexport const ssoConnections = sqliteTable(\"kavach_sso_connections\", {\n\tid: text(\"id\").primaryKey(),\n\torgId: text(\"org_id\").notNull(),\n\tproviderId: text(\"provider_id\").notNull(),\n\ttype: text(\"type\", { enum: [\"saml\", \"oidc\"] }).notNull(),\n\tdomain: text(\"domain\").notNull().unique(),\n\tenabled: integer(\"enabled\").notNull().default(1),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// API Keys (static bearer tokens with permission scopes)\n// ============================================================\nexport const apiKeys = sqliteTable(\"kavach_api_keys\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\tname: text(\"name\").notNull(),\n\tkeyHash: text(\"key_hash\").notNull(),\n\tkeyPrefix: text(\"key_prefix\").notNull(),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<string[]>(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }),\n\tlastUsedAt: integer(\"last_used_at\", { mode: \"timestamp\" }),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Passkey Challenges (WebAuthn challenge state — short-lived)\n// ============================================================\nexport const passkeyChallenges = sqliteTable(\"kavach_passkey_challenges\", {\n\tid: text(\"id\").primaryKey(),\n\tchallenge: text(\"challenge\").notNull().unique(),\n\tuserId: text(\"user_id\"), // null for discoverable credential flows\n\ttype: text(\"type\", { enum: [\"registration\", \"authentication\"] }).notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Username Accounts (username + password auth)\n// ============================================================\nexport const usernameAccounts = sqliteTable(\"kavach_username_accounts\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tusername: text(\"username\").notNull().unique(),\n\tpasswordHash: text(\"password_hash\").notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Phone Verifications (SMS OTP)\n// ============================================================\nexport const phoneVerifications = sqliteTable(\"kavach_phone_verifications\", {\n\tid: text(\"id\").primaryKey(),\n\tphoneNumber: text(\"phone_number\").notNull(),\n\tcodeHash: text(\"code_hash\").notNull(),\n\tattempts: integer(\"attempts\").notNull().default(0),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Trusted Devices (skip 2FA on known devices for a time window)\n// ============================================================\nexport const trustedDevices = sqliteTable(\"kavach_trusted_devices\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tfingerprint: text(\"fingerprint\").notNull(), // HMAC-SHA256 of stable request headers\n\tlabel: text(\"label\").notNull(), // human-readable, e.g. \"Mac\", \"iPhone\"\n\ttrustedAt: integer(\"trusted_at\", { mode: \"timestamp\" }).notNull(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// One-Time Tokens (email verify, password reset, invitation, custom)\n// ============================================================\nexport const oneTimeTokens = sqliteTable(\"kavach_one_time_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\ttokenHash: text(\"token_hash\").notNull().unique(), // SHA-256 hex of the raw token\n\tpurpose: text(\"purpose\", {\n\t\tenum: [\"email-verify\", \"password-reset\", \"invitation\", \"custom\"],\n\t}).notNull(),\n\tidentifier: text(\"identifier\").notNull(), // email, userId, or any caller-supplied key\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Login History (last login method tracking per user)\n// ============================================================\nexport const loginHistory = sqliteTable(\"kavach_login_history\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\tmethod: text(\"method\").notNull(), // LoginMethod — kept as text to support oauth:{provider} variants\n\tip: text(\"ip\"),\n\tuserAgent: text(\"user_agent\"),\n\ttimestamp: integer(\"timestamp\", { mode: \"timestamp_ms\" }).notNull(),\n});\n\n// ============================================================\n// Agent DIDs (W3C Decentralized Identifiers per agent)\n// ============================================================\nexport const agentDids = sqliteTable(\"kavach_agent_dids\", {\n\tagentId: text(\"agent_id\")\n\t\t.primaryKey()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\tdid: text(\"did\").notNull().unique(),\n\tmethod: text(\"method\", { enum: [\"key\", \"web\"] }).notNull(),\n\tpublicKeyJwk: text(\"public_key_jwk\").notNull(), // JSON-serialised JWK (public key only)\n\tdidDocument: text(\"did_document\").notNull(), // JSON-serialised DID Document\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Clients (apps authenticating against KavachOS IdP)\n// ============================================================\nexport const oidcClients = sqliteTable(\"kavach_oidc_clients\", {\n\tid: text(\"id\").primaryKey(),\n\tclientId: text(\"client_id\").notNull().unique(),\n\tclientSecretHash: text(\"client_secret_hash\").notNull(), // SHA-256 hex of the raw secret\n\tclientName: text(\"client_name\").notNull(),\n\tredirectUris: text(\"redirect_uris\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tgrantTypes: text(\"grant_types\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tresponseTypes: text(\"response_types\", { mode: \"json\" }).notNull().$type<string[]>(),\n\tscopes: text(\"scopes\", { mode: \"json\" }).notNull().$type<string[]>(),\n\ttokenEndpointAuthMethod: text(\"token_endpoint_auth_method\")\n\t\t.notNull()\n\t\t.default(\"client_secret_post\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Authorization Codes\n// ============================================================\nexport const oidcAuthCodes = sqliteTable(\"kavach_oidc_auth_codes\", {\n\tid: text(\"id\").primaryKey(),\n\tcodeHash: text(\"code_hash\").notNull().unique(), // SHA-256 hex of the raw code\n\tclientId: text(\"client_id\").notNull(),\n\tuserId: text(\"user_id\").notNull(),\n\tredirectUri: text(\"redirect_uri\").notNull(),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\tnonce: text(\"nonce\"),\n\tcodeChallenge: text(\"code_challenge\"), // PKCE S256\n\tcodeChallengeMethod: text(\"code_challenge_method\"),\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// OIDC Provider — Refresh Tokens\n// ============================================================\nexport const oidcRefreshTokens = sqliteTable(\"kavach_oidc_refresh_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\ttokenHash: text(\"token_hash\").notNull().unique(), // SHA-256 hex of the raw token\n\tclientId: text(\"client_id\").notNull(),\n\tuserId: text(\"user_id\").notNull(),\n\tscopes: text(\"scopes\").notNull(), // space-separated\n\trevoked: integer(\"revoked\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Cost Events (per-agent cost attribution and observability)\n// ============================================================\nexport const costEvents = sqliteTable(\"kavach_cost_events\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\ttool: text(\"tool\").notNull(), // e.g. 'openai:gpt-4o', 'anthropic:claude-3-5-sonnet', 'mcp:github'\n\tinputTokens: integer(\"input_tokens\"),\n\toutputTokens: integer(\"output_tokens\"),\n\t/** Cost stored as integer microdollars (costUsd × 1_000_000) to avoid float drift */\n\tcostMicros: integer(\"cost_micros\").notNull(),\n\tcurrency: text(\"currency\").notNull().default(\"USD\"),\n\tmetadata: text(\"metadata\", { mode: \"json\" }).$type<Record<string, unknown>>(),\n\tdelegationChainId: text(\"delegation_chain_id\"), // null when not part of a chain\n\trecordedAt: integer(\"recorded_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Ephemeral Sessions (short-lived agent credentials for single-task use)\n// ============================================================\nexport const ephemeralSessions = sqliteTable(\"kavach_ephemeral_sessions\", {\n\tid: text(\"id\").primaryKey(),\n\tagentId: text(\"agent_id\")\n\t\t.notNull()\n\t\t.references(() => agents.id, { onDelete: \"cascade\" }),\n\townerId: text(\"owner_id\")\n\t\t.notNull()\n\t\t.references(() => users.id),\n\ttokenHash: text(\"token_hash\").notNull().unique(),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tmaxActions: integer(\"max_actions\"), // null = unlimited\n\tactionsUsed: integer(\"actions_used\").notNull().default(0),\n\tstatus: text(\"status\", { enum: [\"active\", \"expired\", \"exhausted\", \"revoked\"] })\n\t\t.notNull()\n\t\t.default(\"active\"),\n\tauditGroupId: text(\"audit_group_id\").notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Stream Events (persisted SSE events for replay)\n// ============================================================\nexport const streamEvents = sqliteTable(\"kavach_stream_events\", {\n\tid: text(\"id\").primaryKey(),\n\ttype: text(\"type\").notNull(),\n\ttimestamp: integer(\"timestamp\", { mode: \"timestamp\" }).notNull(),\n\tdata: text(\"data\", { mode: \"json\" }).notNull().$type<Record<string, unknown>>(),\n\tagentId: text(\"agent_id\"),\n\tuserId: text(\"user_id\"),\n});\n\n// ============================================================\n// JWT Session Refresh Tokens (general-purpose session plugin)\n// ============================================================\nexport const jwtRefreshTokens = sqliteTable(\"kavach_jwt_refresh_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\t/** SHA-256 hex of the raw refresh token. The raw token is never stored. */\n\ttokenHash: text(\"token_hash\").notNull().unique(),\n\t/** The user who owns this session. */\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\t/** True once the token has been used in a refresh or explicit revocation. */\n\tused: integer(\"used\", { mode: \"boolean\" }).notNull().default(false),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// ReBAC Resources (relationship-based access control — resource hierarchy)\n// ============================================================\nexport const rebacResources = sqliteTable(\"kavach_rebac_resources\", {\n\tid: text(\"id\").notNull().primaryKey(),\n\ttype: text(\"type\").notNull(), // 'org', 'workspace', 'project', 'document', etc.\n\tparentId: text(\"parent_id\"),\n\tparentType: text(\"parent_type\"),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// ReBAC Relationships (subject-relation-object tuples, Zanzibar style)\n// ============================================================\nexport const rebacRelationships = sqliteTable(\"kavach_rebac_relationships\", {\n\tid: text(\"id\").primaryKey(),\n\tsubjectType: text(\"subject_type\").notNull(), // 'user', 'agent', 'team', 'role'\n\tsubjectId: text(\"subject_id\").notNull(),\n\trelation: text(\"relation\").notNull(), // 'owner', 'editor', 'viewer', 'member', 'parent'\n\tobjectType: text(\"object_type\").notNull(),\n\tobjectId: text(\"object_id\").notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Federation Instances (trusted remote KavachOS instances)\n// ============================================================\nexport const federationInstances = sqliteTable(\"kavach_federation_instances\", {\n\tid: text(\"id\").primaryKey(),\n\tinstanceId: text(\"instance_id\").notNull().unique(),\n\tinstanceUrl: text(\"instance_url\").notNull(),\n\tpublicKeyJwk: text(\"public_key_jwk\"), // JSON-serialised JWK (public key only)\n\ttrustLevel: text(\"trust_level\", { enum: [\"full\", \"limited\", \"verify-only\"] })\n\t\t.notNull()\n\t\t.default(\"verify-only\"),\n\tdiscoveredAt: integer(\"discovered_at\", { mode: \"timestamp\" }),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n\tupdatedAt: integer(\"updated_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Federation Tokens (issued/received federation tokens for audit)\n// ============================================================\nexport const federationTokens = sqliteTable(\"kavach_federation_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\ttokenJti: text(\"token_jti\").notNull().unique(), // JWT ID for dedup\n\tagentId: text(\"agent_id\").notNull(),\n\tsourceInstanceId: text(\"source_instance_id\").notNull(),\n\ttargetInstanceId: text(\"target_instance_id\"),\n\tdirection: text(\"direction\", { enum: [\"issued\", \"received\"] }).notNull(),\n\tpermissions: text(\"permissions\", { mode: \"json\" }).notNull().$type<string[]>(),\n\ttrustScore: integer(\"trust_score\"), // stored as integer 0-100\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Refresh Token Families (token rotation / reuse detection)\n// ============================================================\nexport const refreshTokenFamilies = sqliteTable(\"kavach_refresh_token_families\", {\n\tid: text(\"id\").primaryKey(),\n\tuserId: text(\"user_id\")\n\t\t.notNull()\n\t\t.references(() => users.id, { onDelete: \"cascade\" }),\n\t/** Absolute session expiry — no rotation can extend beyond this date. */\n\tabsoluteExpiresAt: integer(\"absolute_expires_at\", { mode: \"timestamp\" }).notNull(),\n\t/** 0 = active, 1 = revoked (reuse detection or explicit logout). */\n\trevoked: integer(\"revoked\").notNull().default(0),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n\n// ============================================================\n// Refresh Tokens (individual one-time-use tokens per family)\n// ============================================================\nexport const refreshTokens = sqliteTable(\"kavach_refresh_tokens\", {\n\tid: text(\"id\").primaryKey(),\n\tfamilyId: text(\"family_id\")\n\t\t.notNull()\n\t\t.references(() => refreshTokenFamilies.id, { onDelete: \"cascade\" }),\n\t/** SHA-256 hash of the opaque token — never store the raw token. */\n\ttokenHash: text(\"token_hash\").notNull().unique(),\n\t/** 0 = unused, 1 = already consumed (one-time use). */\n\tused: integer(\"used\").notNull().default(0),\n\texpiresAt: integer(\"expires_at\", { mode: \"timestamp\" }).notNull(),\n\tcreatedAt: integer(\"created_at\", { mode: \"timestamp\" }).notNull(),\n});\n","import { and, desc, eq, gte, lt, lte } from \"drizzle-orm\";\nimport type { Database } from \"../db/database.js\";\nimport { auditLogs } from \"../db/schema.js\";\nimport type { AuditEntry, AuditExportOptions, AuditFilter } from \"../types.js\";\n\ninterface AuditModuleConfig {\n\tdb: Database;\n}\n\n/**\n * Create the audit log module.\n * Provides query and export capabilities for the immutable audit trail.\n */\nexport function createAuditModule(config: AuditModuleConfig) {\n\tconst { db } = config;\n\n\tasync function query(filter: AuditFilter): Promise<AuditEntry[]> {\n\t\tconst conditions = [];\n\n\t\tif (filter.agentId) conditions.push(eq(auditLogs.agentId, filter.agentId));\n\t\tif (filter.userId) conditions.push(eq(auditLogs.userId, filter.userId));\n\t\tif (filter.since) conditions.push(gte(auditLogs.timestamp, filter.since));\n\t\tif (filter.until) conditions.push(lte(auditLogs.timestamp, filter.until));\n\t\tif (filter.result) conditions.push(eq(auditLogs.result, filter.result));\n\n\t\tlet q = db.select().from(auditLogs).orderBy(desc(auditLogs.timestamp)).$dynamic();\n\n\t\tif (conditions.length > 0) {\n\t\t\tq = q.where(and(...conditions));\n\t\t}\n\n\t\tif (filter.limit) {\n\t\t\tq = q.limit(filter.limit);\n\t\t}\n\t\tif (filter.offset) {\n\t\t\tq = q.offset(filter.offset);\n\t\t}\n\n\t\tconst rows = await q;\n\n\t\treturn rows\n\t\t\t.filter((row) => {\n\t\t\t\t// Filter by actions if specified\n\t\t\t\tif (filter.actions && filter.actions.length > 0) {\n\t\t\t\t\treturn filter.actions.includes(row.action);\n\t\t\t\t}\n\t\t\t\treturn true;\n\t\t\t})\n\t\t\t.map(toAuditEntry);\n\t}\n\n\tasync function exportLogs(options: AuditExportOptions): Promise<string> {\n\t\tconst entries = await query({\n\t\t\tsince: options.since,\n\t\t\tuntil: options.until,\n\t\t\tlimit: 10000, // cap exports\n\t\t});\n\n\t\tif (options.format === \"json\") {\n\t\t\treturn JSON.stringify(entries, null, 2);\n\t\t}\n\n\t\t// CSV format\n\t\tconst headers = [\n\t\t\t\"id\",\n\t\t\t\"agentId\",\n\t\t\t\"userId\",\n\t\t\t\"action\",\n\t\t\t\"resource\",\n\t\t\t\"result\",\n\t\t\t\"reason\",\n\t\t\t\"durationMs\",\n\t\t\t\"tokensCost\",\n\t\t\t\"timestamp\",\n\t\t];\n\t\tconst csvRows = [headers.join(\",\")];\n\n\t\tfor (const entry of entries) {\n\t\t\tcsvRows.push(\n\t\t\t\t[\n\t\t\t\t\tentry.id,\n\t\t\t\t\tentry.agentId,\n\t\t\t\t\tentry.userId,\n\t\t\t\t\tentry.action,\n\t\t\t\t\tentry.resource,\n\t\t\t\t\tentry.result,\n\t\t\t\t\t`\"${(entry as AuditEntry & { reason?: string }).reason ?? \"\"}\"`,\n\t\t\t\t\tentry.durationMs,\n\t\t\t\t\tentry.tokensCost ?? \"\",\n\t\t\t\t\tentry.timestamp.toISOString(),\n\t\t\t\t].join(\",\"),\n\t\t\t);\n\t\t}\n\n\t\treturn csvRows.join(\"\\n\");\n\t}\n\n\t/**\n\t * Delete audit log entries older than the specified retention period.\n\t * Returns the count of deleted rows.\n\t */\n\tasync function cleanup(options: { retentionDays: number }): Promise<{ deleted: number }> {\n\t\tconst cutoff = new Date(Date.now() - options.retentionDays * 24 * 60 * 60 * 1000);\n\n\t\t// Count rows to be deleted before removing them\n\t\tconst toDelete = await db\n\t\t\t.select({ id: auditLogs.id })\n\t\t\t.from(auditLogs)\n\t\t\t.where(lt(auditLogs.timestamp, cutoff));\n\n\t\tif (toDelete.length === 0) {\n\t\t\treturn { deleted: 0 };\n\t\t}\n\n\t\tawait db.delete(auditLogs).where(lt(auditLogs.timestamp, cutoff));\n\n\t\treturn { deleted: toDelete.length };\n\t}\n\n\treturn { query, export: exportLogs, cleanup };\n}\n\nfunction toAuditEntry(row: typeof auditLogs.$inferSelect): AuditEntry {\n\treturn {\n\t\tid: row.id,\n\t\tagentId: row.agentId,\n\t\tuserId: row.userId,\n\t\taction: row.action,\n\t\tresource: row.resource,\n\t\tparameters: (row.parameters as Record<string, unknown>) ?? {},\n\t\tresult: row.result as AuditEntry[\"result\"],\n\t\treason: row.reason ?? undefined,\n\t\tdurationMs: row.durationMs,\n\t\ttokensCost: row.tokensCost ?? undefined,\n\t\ttimestamp: row.timestamp,\n\t};\n}\n"]}
package/dist/auth/index.d.ts CHANGED
@@ -1,7 +1,8 @@
1
1
  import { z } from 'zod';
2
- import { a1 as AuthAdapter, o as ResolvedUser, J as KavachPlugin, D as Database, Q as AdminConfig, p as SessionManager, _ as ApiKeyManagerConfig, a6 as EmailOtpConfig, P as Permission, aa as MagicLinkConfig, af as OrgConfig, ak as PasskeyConfig, H as PluginEndpoint, aB as TotpConfig } from '../types-B02D3kZy.js';
3
- export { u as AdminModule, X as AdminUser, Z as ApiKey, v as ApiKeyManagerModule, a2 as CaptchaConfig, G as CaptchaModule, a3 as CaptchaVerifyResult, a4 as CreateTokenInput, E as EmailOtpModule, a7 as EmailVerificationConfig, y as EmailVerificationModule, r as MagicLinkModule, ac as OidcProvider, ad as OneTimeTokenConfig, z as OneTimeTokenModule, ae as OneTimeTokenPurpose, ag as OrgInvitation, ah as OrgMember, O as OrgModule, ai as OrgRole, aj as Organization, al as PasskeyCredential, s as PasskeyModule, am as PasswordResetConfig, x as PasswordResetModule, ao as PhoneAuthConfig, F as PhoneAuthModule, ar as RevokeTokensResult, as as SSO_ERROR, at as SamlProvider, aw as SsoAuditEvent, ax as SsoConfig, ay as SsoConnection, az as SsoError, t as SsoModule, T as TotpModule, aC as TotpSetup, aD as UsernameAuthConfig, w as UsernameAuthModule, aE as ValidateTokenResult, bq as WebhookConfig, br as WebhookEvent, W as WebhookModule, aO as createAdminModule, aP as createApiKeyManagerModule, aR as createCaptchaModule, aU as createEmailOtpModule, aV as createEmailVerificationModule, aW as createMagicLinkModule, aX as createOneTimeTokenModule, aY as createOrgModule, aZ as createPasskeyModule, a_ as createPasswordResetModule, a$ as createPhoneAuthModule, b2 as createSsoModule, b3 as createTotpModule, b4 as createUsernameAuthModule, bs as createWebhookModule } from '../types-B02D3kZy.js';
4
- import { R as Result } from '../types-BuHrZcjE.js';
2
+ import { a5 as AuthAdapter, o as ResolvedUser, X as KavachPlugin, D as Database, _ as AdminConfig, p as SessionManager, a2 as ApiKeyManagerConfig, aa as EmailOtpConfig, P as Permission, ae as MagicLinkConfig, aj as OrgConfig, ao as PasskeyConfig, N as PluginEndpoint, aF as TotpConfig } from '../types-RJPOU4un.js';
3
+ export { u as AdminModule, $ as AdminUser, a1 as ApiKey, v as ApiKeyManagerModule, a6 as CaptchaConfig, G as CaptchaModule, a7 as CaptchaVerifyResult, a8 as CreateTokenInput, E as EmailOtpModule, ab as EmailVerificationConfig, y as EmailVerificationModule, r as MagicLinkModule, ag as OidcProvider, ah as OneTimeTokenConfig, z as OneTimeTokenModule, ai as OneTimeTokenPurpose, ak as OrgInvitation, al as OrgMember, O as OrgModule, am as OrgRole, an as Organization, ap as PasskeyCredential, s as PasskeyModule, aq as PasswordResetConfig, x as PasswordResetModule, as as PhoneAuthConfig, F as PhoneAuthModule, av as RevokeTokensResult, aw as SSO_ERROR, ax as SamlProvider, aA as SsoAuditEvent, aB as SsoConfig, aC as SsoConnection, aD as SsoError, t as SsoModule, T as TotpModule, aG as TotpSetup, aH as UsernameAuthConfig, w as UsernameAuthModule, aI as ValidateTokenResult, bu as WebhookConfig, bv as WebhookEvent, W as WebhookModule, aS as createAdminModule, aT as createApiKeyManagerModule, aV as createCaptchaModule, aY as createEmailOtpModule, aZ as createEmailVerificationModule, a_ as createMagicLinkModule, a$ as createOneTimeTokenModule, b0 as createOrgModule, b1 as createPasskeyModule, b2 as createPasswordResetModule, b3 as createPhoneAuthModule, b6 as createSsoModule, b7 as createTotpModule, b8 as createUsernameAuthModule, bw as createWebhookModule } from '../types-RJPOU4un.js';
4
+ import { R as Result } from '../types-BiUe9e8u.js';
5
+ import { AgentType, TrustTier } from '../standards/index.js';
5
6
  import * as jose from 'jose';
6
7
  import 'drizzle-orm/sqlite-core';
7
8
  import '../redirect/index.js';
@@ -1041,12 +1042,42 @@ interface JwtSessionConfig {
1041
1042
  email?: string;
1042
1043
  name?: string;
1043
1044
  }) => Record<string, unknown>;
1045
+ /**
1046
+ * Emit IETF agentic JWT claims on issued access tokens.
1047
+ *
1048
+ * When true, `agent_id`, `agent_type`, and `trust_tier` are included
1049
+ * in the token payload if the corresponding values are present on
1050
+ * `SessionUser.agenticContext`. Claims not present in the context are
1051
+ * omitted rather than fabricated. Off by default.
1052
+ *
1053
+ * @default false
1054
+ */
1055
+ emitAgenticJwtClaims?: boolean;
1056
+ }
1057
+ /**
1058
+ * Optional agentic context carried alongside a session user.
1059
+ *
1060
+ * Used when `JwtSessionConfig.emitAgenticJwtClaims` is true to populate
1061
+ * draft-goswami-agentic-jwt-00 claims on the issued access token.
1062
+ */
1063
+ interface AgenticSessionContext {
1064
+ /** Stable agent identifier (populates `agent_id`). */
1065
+ agentId?: string;
1066
+ /** Operational mode (populates `agent_type`). */
1067
+ agentType?: AgentType;
1068
+ /** Trust tier band at issuance (populates `trust_tier`). */
1069
+ trustTier?: TrustTier;
1044
1070
  }
1045
1071
  interface SessionUser {
1046
1072
  id: string;
1047
1073
  email?: string;
1048
1074
  name?: string;
1049
1075
  image?: string;
1076
+ /**
1077
+ * Optional agentic context. Only used when
1078
+ * `JwtSessionConfig.emitAgenticJwtClaims` is true.
1079
+ */
1080
+ agenticContext?: AgenticSessionContext;
1050
1081
  }
1051
1082
  interface SessionTokens {
1052
1083
  accessToken: string;
package/dist/auth/index.js CHANGED
@@ -161,6 +161,8 @@ var permissions = sqliteTable("kavach_permissions", {
161
161
  actions: text("actions", { mode: "json" }).notNull().$type(),
162
162
  // ["read", "write", "execute"]
163
163
  constraints: text("constraints", { mode: "json" }).$type(),
164
+ // When set, the policy engine consults the ReBAC graph for this permission.
165
+ relation: text("relation"),
164
166
  createdAt: integer("created_at", { mode: "timestamp" }).notNull()
165
167
  });
166
168
  var delegationChains = sqliteTable("kavach_delegation_chains", {
@@ -190,6 +192,8 @@ var auditLogs = sqliteTable("kavach_audit_logs", {
190
192
  tokensCost: integer("tokens_cost"),
191
193
  ip: text("ip"),
192
194
  userAgent: text("user_agent"),
195
+ // True when this audit row corresponds to a policy-engine cache-hit evaluation.
196
+ cacheHit: integer("cache_hit", { mode: "boolean" }).notNull().default(false),
193
197
  timestamp: integer("timestamp", { mode: "timestamp" }).notNull()
194
198
  });
195
199
  sqliteTable("kavach_rate_limits", {
@@ -4164,6 +4168,77 @@ var HibpApiError = class extends Error {
4164
4168
  this.name = "HibpApiError";
4165
4169
  }
4166
4170
  };
4171
+
4172
+ // src/standards/claims.ts
4173
+ var AGENTIC_JWT_CLAIMS = {
4174
+ /**
4175
+ * Stable identifier of the agent making the call.
4176
+ *
4177
+ * @see draft-goswami-agentic-jwt-00 §3.1
4178
+ */
4179
+ AGENT_ID: "agent_id",
4180
+ /**
4181
+ * Operational mode of the agent: `autonomous`, `delegated`, or `supervised`.
4182
+ *
4183
+ * @see draft-goswami-agentic-jwt-00 §3.2
4184
+ */
4185
+ AGENT_TYPE: "agent_type",
4186
+ /**
4187
+ * Subject principal the agent is acting on behalf of (human user or upstream agent).
4188
+ *
4189
+ * @see draft-goswami-agentic-jwt-00 §3.3
4190
+ */
4191
+ ON_BEHALF_OF: "on_behalf_of",
4192
+ /**
4193
+ * Actor claim per RFC 8693. Identifies the current actor in an
4194
+ * impersonation or delegation chain.
4195
+ *
4196
+ * @see draft-goswami-agentic-jwt-00 §3.4
4197
+ * @see RFC 8693
4198
+ */
4199
+ ACT: "act",
4200
+ /**
4201
+ * Authorized future actors for delegation chains (RFC 8693 `may_act`).
4202
+ *
4203
+ * @see draft-goswami-agentic-jwt-00 §3.5
4204
+ * @see RFC 8693
4205
+ */
4206
+ MAY_ACT: "may_act",
4207
+ /**
4208
+ * Trust score band at token issuance (e.g. `standard`, `elevated`).
4209
+ *
4210
+ * @see draft-goswami-agentic-jwt-00 §3.6
4211
+ */
4212
+ TRUST_TIER: "trust_tier",
4213
+ /**
4214
+ * Correlation id for tracing this token back to an entry in the audit log.
4215
+ *
4216
+ * @see draft-goswami-agentic-jwt-00 §3.7
4217
+ */
4218
+ AUDIT_REF: "audit_ref",
4219
+ /**
4220
+ * Per-tool budget or rate constraints encoded as a structured object.
4221
+ *
4222
+ * @see draft-goswami-agentic-jwt-00 §3.8
4223
+ */
4224
+ TOOL_CONSTRAINTS: "tool_constraints",
4225
+ /**
4226
+ * Workload Identity Token (WIT). Present only when three-layer cryptographic
4227
+ * binding is active (draft-liu §4.2). Absent in standard issuance paths.
4228
+ *
4229
+ * @see draft-liu-agent-operation-authorization-01 §4.2
4230
+ * TODO(v3): populate from WIT issuance when three-layer binding is implemented.
4231
+ */
4232
+ WORKLOAD_BINDING: "wit",
4233
+ /**
4234
+ * The scoped operation this token authorizes (e.g. `read:documents`).
4235
+ *
4236
+ * @see draft-liu-agent-operation-authorization-01 §4.3
4237
+ */
4238
+ OPERATION: "operation"
4239
+ };
4240
+
4241
+ // src/auth/jwt-session.ts
4167
4242
  var configSchema = z.object({
4168
4243
  secret: z.union([z.string().min(1), z.instanceof(Object)]),
4169
4244
  algorithm: z.string().optional(),
@@ -4244,6 +4319,18 @@ function createJwtSessionModule(config, db) {
4244
4319
  });
4245
4320
  Object.assign(claimsFromUser, extra);
4246
4321
  }
4322
+ if (config.emitAgenticJwtClaims === true && user.agenticContext !== void 0) {
4323
+ const ac = user.agenticContext;
4324
+ if (ac.agentId !== void 0) {
4325
+ claimsFromUser[AGENTIC_JWT_CLAIMS.AGENT_ID] = ac.agentId;
4326
+ }
4327
+ if (ac.agentType !== void 0) {
4328
+ claimsFromUser[AGENTIC_JWT_CLAIMS.AGENT_TYPE] = ac.agentType;
4329
+ }
4330
+ if (ac.trustTier !== void 0) {
4331
+ claimsFromUser[AGENTIC_JWT_CLAIMS.TRUST_TIER] = ac.trustTier;
4332
+ }
4333
+ }
4247
4334
  let builder = new SignJWT({
4248
4335
  sub: user.id,
4249
4336
  ...user.email !== void 0 ? { email: user.email } : {},
@@ -5274,7 +5361,8 @@ var AUTHORIZATION_URL2 = "https://discord.com/api/oauth2/authorize";
5274
5361
  var TOKEN_URL2 = "https://discord.com/api/oauth2/token";
5275
5362
  var USER_INFO_URL = "https://discord.com/api/users/@me";
5276
5363
  var CDN_BASE = "https://cdn.discordapp.com";
5277
- var DEFAULT_SCOPES2 = ["identify", "email"];
5364
+ var DEFAULT_DISCORD_SCOPES = ["identify", "email"];
5365
+ var DEFAULT_SCOPES2 = DEFAULT_DISCORD_SCOPES;
5278
5366
  function createDiscordProvider(config) {
5279
5367
  const scopes = mergeScopes2(DEFAULT_SCOPES2, config.scopes);
5280
5368
  async function getAuthorizationUrl(state, codeVerifier, redirectUri) {
@@ -5875,7 +5963,8 @@ function mergeScopes7(defaults, extras) {
5875
5963
  var AUTHORIZATION_URL8 = "https://slack.com/oauth/v2/authorize";
5876
5964
  var TOKEN_URL8 = "https://slack.com/api/oauth.v2.access";
5877
5965
  var USER_INFO_URL6 = "https://slack.com/api/openid.connect.userInfo";
5878
- var DEFAULT_SCOPES8 = ["openid", "profile", "email"];
5966
+ var DEFAULT_SLACK_SCOPES = ["openid", "profile", "email"];
5967
+ var DEFAULT_SCOPES8 = DEFAULT_SLACK_SCOPES;
5879
5968
  function createSlackProvider(config) {
5880
5969
  const scopes = mergeScopes8(DEFAULT_SCOPES8, config.scopes);
5881
5970
  async function getAuthorizationUrl(state, codeVerifier, redirectUri) {