mates-fullstack 1.0.0-beta.1

package/dist/jwt.js

@@ -0,0 +1,261 @@
+/**
+ * mates-fullstack — jwt.ts
+ *
+ * Zero-dependency JWT implementation using Node.js built-in crypto.
+ * Supports HS256 (HMAC-SHA256) — the right choice for tokens you
+ * both sign and verify yourself.
+ *
+ * For asymmetric algorithms (RS256, ES256) or third-party JWKS verification
+ * (Google, Auth0, GitHub), use the `jose` package instead.
+ *
+ * Usage in server/main.ts or server/helpers/auth.ts:
+ *
+ *   import { jwt } from "mates-fullstack";
+ *
+ *   const tokens = jwt(process.env.JWT_SECRET!);
+ *
+ *   // Sign
+ *   const token = await tokens.sign({ sub: "user_123", role: "admin" });
+ *
+ *   // Verify
+ *   const payload = await tokens.verify(token);
+ *   if (!payload) throw new AuthError("Invalid token");
+ *
+ *   // Decode without verifying (e.g. to read sub before re-validating)
+ *   const claims = jwt.decode(token);
+ *
+ * API:
+ *   jwt(secret, options?)     → bound instance for sign/verify/refresh
+ *   jwt.decode(token)         → decode payload without verifying
+ *   jwt.isExpired(token)      → check expiry without verifying signature
+ *
+ * Bound instance:
+ *   .sign(payload, options?)  → Promise<string>
+ *   .verify(token)            → Promise<JwtPayload | null>
+ *   .refresh(token, options?) → Promise<string | null>  (rotate with same claims)
+ *   .decode(token)            → JwtPayload | null       (no signature check)
+ */
+import crypto from "node:crypto";
+// ─── Static helpers ───────────────────────────────────────────────────────────
+/**
+ * Decode a JWT without verifying the signature.
+ * Safe to call on untrusted tokens — never throws.
+ */
+function decodeToken(token) {
+    try {
+        const parts = token.split(".");
+        if (parts.length !== 3)
+            return null;
+        const payloadB64 = parts[1]
+            .replace(/-/g, "+")
+            .replace(/_/g, "/");
+        const json = Buffer.from(payloadB64, "base64").toString("utf-8");
+        return JSON.parse(json);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Check if a token is expired without verifying the signature.
+ * Returns true if expired or malformed.
+ */
+function isTokenExpired(token, clockSkewSeconds = 0) {
+    const payload = decodeToken(token);
+    if (!payload)
+        return true;
+    if (!payload.exp)
+        return false; // no expiry = never expires
+    return payload.exp < Math.floor(Date.now() / 1000) - clockSkewSeconds;
+}
+// ─── jwt() factory ────────────────────────────────────────────────────────────
+/**
+ * Create a bound JWT instance for signing and verifying tokens.
+ *
+ * @param secret  - The secret key string. Use a long random string in production.
+ *                  Minimum 32 characters recommended.
+ * @param defaults - Default options applied to all sign() calls.
+ *
+ * @example
+ * const tokens = jwt(process.env.JWT_SECRET!);
+ * const tokens = jwt(process.env.JWT_SECRET!, { expiresIn: "7d" });
+ */
+export function jwt(secret, defaults = {}) {
+    if (!secret || secret.length < 8) {
+        throw new Error("[mates-fullstack] jwt: secret must be at least 8 characters. " +
+            "Use a long random string in production (32+ characters recommended).");
+    }
+    const secretKey = Buffer.from(secret, "utf-8");
+    // ── Internal sign ──────────────────────────────────────────────────────────
+    function _sign(payload, options = {}) {
+        const merged = { ...defaults, ...options };
+        const now = Math.floor(Date.now() / 1000);
+        // Build claims — strip reserved fields from user payload to avoid conflicts
+        const { iat: _iat, exp: _exp, nbf: _nbf, iss: _iss, aud: _aud, jti: _jti, ...userClaims } = payload;
+        const claims = {
+            ...userClaims,
+            iat: now,
+        };
+        // Expiry — omit exp claim entirely when expiresIn is false
+        if (merged.expiresIn !== false) {
+            const expiresIn = merged.expiresIn ?? "1h";
+            claims.exp = now + _parseDuration(expiresIn);
+        }
+        // Not-before
+        if (merged.notBefore !== undefined) {
+            claims.nbf = now + _parseDuration(merged.notBefore);
+        }
+        // Issuer / audience
+        if (merged.issuer)
+            claims.iss = merged.issuer;
+        if (merged.audience)
+            claims.aud = merged.audience;
+        // JWT ID
+        if (merged.includeJti) {
+            claims.jti = crypto.randomUUID();
+        }
+        const header = _base64url(JSON.stringify({ alg: "HS256", typ: "JWT" }));
+        const body = _base64url(JSON.stringify(claims));
+        const signingInput = `${header}.${body}`;
+        const signature = crypto
+            .createHmac("sha256", secretKey)
+            .update(signingInput)
+            .digest("base64url");
+        return `${signingInput}.${signature}`;
+    }
+    // ── Internal verify ────────────────────────────────────────────────────────
+    function _verify(token, options = {}) {
+        try {
+            const parts = token.split(".");
+            if (parts.length !== 3)
+                return null;
+            const [header, payload, signature] = parts;
+            // Recompute expected signature
+            const expected = crypto
+                .createHmac("sha256", secretKey)
+                .update(`${header}.${payload}`)
+                .digest("base64url");
+            // Timing-safe comparison — prevents timing-based attacks
+            const sigBuf = Buffer.from(signature);
+            const expBuf = Buffer.from(expected);
+            if (sigBuf.length !== expBuf.length)
+                return null;
+            if (!crypto.timingSafeEqual(sigBuf, expBuf))
+                return null;
+            // Decode payload
+            const claims = JSON.parse(Buffer.from(payload.replace(/-/g, "+").replace(/_/g, "/"), "base64").toString("utf-8"));
+            const now = Math.floor(Date.now() / 1000);
+            const skew = options.clockSkew ?? 0;
+            // Check expiry
+            if (claims.exp !== undefined && claims.exp < now - skew) {
+                return null; // expired
+            }
+            // Check not-before
+            if (claims.nbf !== undefined && claims.nbf > now + skew) {
+                return null; // not yet valid
+            }
+            // Check issuer
+            if (options.issuer && claims.iss !== options.issuer) {
+                return null;
+            }
+            // Check audience
+            if (options.audience) {
+                const aud = Array.isArray(claims.aud)
+                    ? claims.aud
+                    : claims.aud ? [claims.aud] : [];
+                if (!aud.includes(options.audience))
+                    return null;
+            }
+            return claims;
+        }
+        catch {
+            return null;
+        }
+    }
+    // ── Public instance ────────────────────────────────────────────────────────
+    return {
+        async sign(payload, options) {
+            return _sign(payload, options);
+        },
+        async verify(token, options) {
+            return _verify(token, options);
+        },
+        async refresh(token, options) {
+            const payload = _verify(token, options);
+            if (!payload)
+                return null;
+            // Strip timing claims — sign() will set fresh ones
+            const { iat: _iat, exp: _exp, nbf: _nbf, jti: _jti, ...claims } = payload;
+            return _sign(claims, options);
+        },
+        decode(token) {
+            return decodeToken(token);
+        },
+    };
+}
+// ─── Static methods on jwt ────────────────────────────────────────────────────
+/**
+ * Decode a JWT without verifying the signature.
+ * Static — no secret needed.
+ *
+ * @example
+ * const claims = jwt.decode(token);
+ * console.log(claims?.sub);
+ */
+jwt.decode = decodeToken;
+/**
+ * Check if a token is expired without verifying the signature.
+ * Static — no secret needed.
+ *
+ * @example
+ * if (jwt.isExpired(token)) { ... }
+ * if (jwt.isExpired(token, 30)) { ... } // 30 second clock skew tolerance
+ */
+jwt.isExpired = isTokenExpired;
+// ─── Duration parser ──────────────────────────────────────────────────────────
+/**
+ * Parse a duration string or number into seconds.
+ *
+ * Supported formats:
+ *   30         → 30 seconds
+ *   "30"       → 30 seconds
+ *   "30s"      → 30 seconds
+ *   "15m"      → 900 seconds
+ *   "1h"       → 3600 seconds
+ *   "7d"       → 604800 seconds
+ *   "2w"       → 1209600 seconds
+ *
+ * Throws on unrecognized formats.
+ */
+function _parseDuration(value) {
+    if (typeof value === "number")
+        return value;
+    const str = String(value).trim();
+    // Pure number string
+    if (/^\d+$/.test(str))
+        return parseInt(str, 10);
+    const match = str.match(/^(\d+(?:\.\d+)?)\s*(s|m|h|d|w)$/i);
+    if (!match) {
+        throw new Error(`[mates-fullstack] jwt: invalid duration "${value}". ` +
+            `Use a number (seconds) or a string like "15m", "1h", "7d", "2w".`);
+    }
+    const amount = parseFloat(match[1]);
+    const unit = match[2].toLowerCase();
+    const multipliers = {
+        s: 1,
+        m: 60,
+        h: 3600,
+        d: 86400,
+        w: 604800,
+    };
+    return Math.floor(amount * multipliers[unit]);
+}
+// ─── base64url helper ─────────────────────────────────────────────────────────
+function _base64url(str) {
+    return Buffer.from(str, "utf-8")
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=/g, "");
+}
+//# sourceMappingURL=jwt.js.map

package/dist/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AAyHjC,iFAAiF;AAEjF;;;GAGG;AACH,SAAS,WAAW,CAAC,KAAa;IAChC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEpC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC;aACxB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;aAClB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAEtB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjE,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAe,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CAAC,KAAa,EAAE,gBAAgB,GAAG,CAAC;IACzD,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC,OAAO,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC,CAAC,4BAA4B;IAC5D,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,gBAAgB,CAAC;AACxE,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,GAAG,CACjB,MAAc,EACd,WAA2B,EAAE;IAE7B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,+DAA+D;YAC/D,sEAAsE,CACvE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE/C,8EAA8E;IAE9E,SAAS,KAAK,CAAC,OAAmB,EAAE,UAA0B,EAAE;QAC9D,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE,GAAG,OAAO,EAAE,CAAC;QAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,4EAA4E;QAC5E,MAAM,EACJ,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAC/B,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAC/B,GAAG,UAAU,EACd,GAAG,OAAO,CAAC;QAEZ,MAAM,MAAM,GAAe;YACzB,GAAG,UAAU;YACb,GAAG,EAAE,GAAG;SACT,CAAC;QAEF,2DAA2D;QAC3D,IAAI,MAAM,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC;YAC3C,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;QAC/C,CAAC;QAED,aAAa;QACb,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACtD,CAAC;QAED,oBAAoB;QACpB,IAAI,MAAM,CAAC,MAAM;YAAE,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9C,IAAI,MAAM,CAAC,QAAQ;YAAE,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC;QAElD,SAAS;QACT,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACnC,CAAC;QAED,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QACxE,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;QAEzC,MAAM,SAAS,GAAG,MAAM;aACrB,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC;aAC/B,MAAM,CAAC,YAAY,CAAC;aACpB,MAAM,CAAC,WAAW,CAAC,CAAC;QAEvB,OAAO,GAAG,YAAY,IAAI,SAAS,EAAE,CAAC;IACxC,CAAC;IAED,8EAA8E;IAE9E,SAAS,OAAO,CACd,KAAa,EACb,UAA4B,EAAE;QAE9B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YAEpC,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;YAE3C,+BAA+B;YAC/B,MAAM,QAAQ,GAAG,MAAM;iBACpB,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC;iBAC/B,MAAM,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC;iBAC9B,MAAM,CAAC,WAAW,CAAC,CAAC;YAEvB,yDAAyD;YACzD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC;YACjD,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC;gBAAE,OAAO,IAAI,CAAC;YAEzD,iBAAiB;YACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CACvB,MAAM,CAAC,IAAI,CACT,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAC7C,QAAQ,CACT,CAAC,QAAQ,CAAC,OAAO,CAAC,CACN,CAAC;YAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC;YAEpC,eAAe;YACf,IAAI,MAAM,CAAC,GAAG,KAAK,SAAS,IAAI,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,IAAI,EAAE,CAAC;gBACxD,OAAO,IAAI,CAAC,CAAC,UAAU;YACzB,CAAC;YAED,mBAAmB;YACnB,IAAI,MAAM,CAAC,GAAG,KAAK,SAAS,IAAI,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,IAAI,EAAE,CAAC;gBACxD,OAAO,IAAI,CAAC,CAAC,gBAAgB;YAC/B,CAAC;YAED,eAAe;YACf,IAAI,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,GAAG,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;gBACpD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,iBAAiB;YACjB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC;oBACnC,CAAC,CAAC,MAAM,CAAC,GAAG;oBACZ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;oBAAE,OAAO,IAAI,CAAC;YACnD,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,8EAA8E;IAE9E,OAAO;QACL,KAAK,CAAC,IAAI,CACR,OAAmB,EACnB,OAAwB;YAExB,OAAO,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACjC,CAAC;QAED,KAAK,CAAC,MAAM,CACV,KAAa,EACb,OAA0B;YAE1B,OAAO,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACjC,CAAC;QAED,KAAK,CAAC,OAAO,CACX,KAAa,EACb,OAA2C;YAE3C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACxC,IAAI,CAAC,OAAO;gBAAE,OAAO,IAAI,CAAC;YAE1B,mDAAmD;YACnD,MAAM,EACJ,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAC1C,GAAG,MAAM,EACV,GAAG,OAAO,CAAC;YAEZ,OAAO,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,CAAC,KAAa;YAClB,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC;KACF,CAAC;AACJ,CAAC;AAED,iFAAiF;AAEjF;;;;;;;GAOG;AACH,GAAG,CAAC,MAAM,GAAG,WAAW,CAAC;AAEzB;;;;;;;GAOG;AACH,GAAG,CAAC,SAAS,GAAG,cAAc,CAAC;AAE/B,iFAAiF;AAEjF;;;;;;;;;;;;;GAaG;AACH,SAAS,cAAc,CAAC,KAAsB;IAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAE5C,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;IAEjC,qBAAqB;IACrB,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAEhD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,4CAA4C,KAAK,KAAK;YACtD,kEAAkE,CACnE,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAEpC,MAAM,WAAW,GAA2B;QAC1C,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,EAAE;QACL,CAAC,EAAE,IAAI;QACP,CAAC,EAAE,KAAK;QACR,CAAC,EAAE,MAAM;KACV,CAAC;IAEF,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,iFAAiF;AAEjF,SAAS,UAAU,CAAC,GAAW;IAC7B,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;SAC7B,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AACvB,CAAC"}

package/dist/log.d.ts

@@ -0,0 +1,44 @@
+/**
+ * mates-fullstack — log.ts
+ *
+ * Minimal internal logger for the mates-fullstack server process.
+ *
+ * Rules:
+ *   - dev mode  → messages printed to console (devex)
+ *   - prod mode → complete silence from the framework
+ *
+ * This module only runs in Node.js (server-side). It reads process.env.NODE_ENV
+ * which the CLI sets before anything else imports.
+ *
+ * For client + server isomorphic isDev() use `isDev` from "mates" directly.
+ * It is also re-exported from "mates-fullstack" for convenience.
+ *
+ * User code controls production logging via onResponse / onResponse hooks.
+ */
+/**
+ * Returns true when running in development mode.
+ *
+ * Server-side (Node.js): reads process.env.NODE_ENV set by the CLI.
+ *
+ * For isomorphic usage (browser + server), import isDev from "mates" instead —
+ * it checks import.meta.env.NODE_ENV in the browser (statically replaced at
+ * build time by esbuild) and process.env.NODE_ENV on the server.
+ */
+export declare function isDev(): boolean;
+/** Log an informational message. Dev only. */
+export declare function devLog(msg: string, ...args: unknown[]): void;
+/** Log a warning. Dev only. */
+export declare function devWarn(msg: string, ...args: unknown[]): void;
+/** Log an error. Dev only. */
+export declare function devError(msg: string, ...args: unknown[]): void;
+/**
+ * Log a fatal error that is about to terminate the process.
+ * Always printed regardless of NODE_ENV — the process is dying anyway.
+ */
+export declare function fatalError(msg: string, ...args: unknown[]): void;
+/**
+ * Log a startup message (port, paths, etc.).
+ * Dev only — production processes should not emit startup noise.
+ */
+export declare function startupLog(msg: string): void;
+//# sourceMappingURL=log.d.ts.map

package/dist/log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.d.ts","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH;;;;;;;;GAQG;AACH,wBAAgB,KAAK,IAAI,OAAO,CAE/B;AAID,8CAA8C;AAC9C,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAG5D;AAED,+BAA+B;AAC/B,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAG7D;AAED,8BAA8B;AAC9B,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAG9D;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAEhE;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAG5C"}

package/dist/log.js

@@ -0,0 +1,66 @@
+/**
+ * mates-fullstack — log.ts
+ *
+ * Minimal internal logger for the mates-fullstack server process.
+ *
+ * Rules:
+ *   - dev mode  → messages printed to console (devex)
+ *   - prod mode → complete silence from the framework
+ *
+ * This module only runs in Node.js (server-side). It reads process.env.NODE_ENV
+ * which the CLI sets before anything else imports.
+ *
+ * For client + server isomorphic isDev() use `isDev` from "mates" directly.
+ * It is also re-exported from "mates-fullstack" for convenience.
+ *
+ * User code controls production logging via onResponse / onResponse hooks.
+ */
+// ─── isDev ────────────────────────────────────────────────────────────────────
+/**
+ * Returns true when running in development mode.
+ *
+ * Server-side (Node.js): reads process.env.NODE_ENV set by the CLI.
+ *
+ * For isomorphic usage (browser + server), import isDev from "mates" instead —
+ * it checks import.meta.env.NODE_ENV in the browser (statically replaced at
+ * build time by esbuild) and process.env.NODE_ENV on the server.
+ */
+export function isDev() {
+    return process.env.NODE_ENV !== "production";
+}
+// ─── Internal logging helpers ─────────────────────────────────────────────────
+/** Log an informational message. Dev only. */
+export function devLog(msg, ...args) {
+    if (!isDev())
+        return;
+    console.log(`[mates] ${msg}`, ...args);
+}
+/** Log a warning. Dev only. */
+export function devWarn(msg, ...args) {
+    if (!isDev())
+        return;
+    console.warn(`[mates] ${msg}`, ...args);
+}
+/** Log an error. Dev only. */
+export function devError(msg, ...args) {
+    if (!isDev())
+        return;
+    console.error(`[mates] ${msg}`, ...args);
+}
+/**
+ * Log a fatal error that is about to terminate the process.
+ * Always printed regardless of NODE_ENV — the process is dying anyway.
+ */
+export function fatalError(msg, ...args) {
+    console.error(`[mates] ${msg}`, ...args);
+}
+/**
+ * Log a startup message (port, paths, etc.).
+ * Dev only — production processes should not emit startup noise.
+ */
+export function startupLog(msg) {
+    if (!isDev())
+        return;
+    console.log(`[mates] ${msg}`);
+}
+//# sourceMappingURL=log.js.map

package/dist/log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.js","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,iFAAiF;AAEjF;;;;;;;;GAQG;AACH,MAAM,UAAU,KAAK;IACnB,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;AAC/C,CAAC;AAED,iFAAiF;AAEjF,8CAA8C;AAC9C,MAAM,UAAU,MAAM,CAAC,GAAW,EAAE,GAAG,IAAe;IACpD,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO;IACrB,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,+BAA+B;AAC/B,MAAM,UAAU,OAAO,CAAC,GAAW,EAAE,GAAG,IAAe;IACrD,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO;IACrB,OAAO,CAAC,IAAI,CAAC,WAAW,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,8BAA8B;AAC9B,MAAM,UAAU,QAAQ,CAAC,GAAW,EAAE,GAAG,IAAe;IACtD,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO;IACrB,OAAO,CAAC,KAAK,CAAC,WAAW,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,GAAW,EAAE,GAAG,IAAe;IACxD,OAAO,CAAC,KAAK,CAAC,WAAW,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO;IACrB,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC;AAChC,CAAC"}

package/dist/logger.d.ts

@@ -0,0 +1,76 @@
+/**
+ * mates-ssr — logger.ts
+ *
+ * Structured logger for production deployments.
+ *
+ * In development: pretty-prints with colors and timestamps.
+ * In production: outputs newline-delimited JSON (NDJSON) for
+ * CloudWatch, Datadog, Loki, and other log aggregators.
+ *
+ * Log levels: debug < info < warn < error
+ * Default level: "info" in production, "debug" in development.
+ *
+ * Request IDs: every log within a request carries the same request_id
+ * for tracing a request through the logs.
+ *
+ * Usage:
+ *   import { logger } from "mates-ssr";
+ *   logger.info("User logged in", { userId: auth.sub });
+ *   logger.error("DB query failed", { query, error: err.message });
+ *
+ * Request-scoped (carries request_id automatically):
+ *   const log = logger.withRequest(req);
+ *   log.info("Processing upload", { filename });
+ */
+export type LogLevel = "debug" | "info" | "warn" | "error";
+export type LogFormat = "pretty" | "json";
+export interface LogEntry {
+    ts: string;
+    level: LogLevel;
+    msg: string;
+    request_id?: string;
+    [key: string]: unknown;
+}
+export interface LoggerConfig {
+    /**
+     * Minimum log level to output.
+     * @default "debug" in dev, "info" in production
+     */
+    level?: LogLevel;
+    /**
+     * Output format.
+     * @default "pretty" in dev, "json" in production
+     */
+    format?: LogFormat;
+    /**
+     * Service name — included in every log entry (useful in multi-service setups).
+     */
+    service?: string;
+}
+export declare function configureLogger(config: LoggerConfig): void;
+export interface Logger {
+    debug(msg: string, fields?: Record<string, unknown>): void;
+    info(msg: string, fields?: Record<string, unknown>): void;
+    warn(msg: string, fields?: Record<string, unknown>): void;
+    error(msg: string, fields?: Record<string, unknown>): void;
+    /** Create a child logger that includes request_id on every entry */
+    withRequest(requestId: string): Logger;
+    /** Create a child logger with additional default fields */
+    withFields(fields: Record<string, unknown>): Logger;
+}
+/** The global logger instance. Use this throughout your app. */
+export declare const logger: Logger;
+/**
+ * Generate a short random request ID for tracing.
+ * 8 hex chars — enough to correlate logs within a request, low collision risk.
+ */
+export declare function generateRequestId(): string;
+/**
+ * Log an incoming request. Call at the start of request handling.
+ */
+export declare function logRequest(req: Request, requestId: string, clientIp: string): void;
+/**
+ * Log an outgoing response. Call just before sending.
+ */
+export declare function logResponse(req: Request, res: Response, requestId: string, startTime: number): void;
+//# sourceMappingURL=logger.d.ts.map

package/dist/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAC3D,MAAM,MAAM,SAAS,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE1C,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,QAAQ,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,YAAY;IAC3B;;;OAGG;IACH,KAAK,CAAC,EAAE,QAAQ,CAAC;IACjB;;;OAGG;IACH,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AA2BD,wBAAgB,eAAe,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAI1D;AAsDD,MAAM,WAAW,MAAM;IACrB,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC3D,IAAI,CAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC3D,IAAI,CAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC3D,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC3D,oEAAoE;IACpE,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IACvC,2DAA2D;IAC3D,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC;CACrD;AAgBD,gEAAgE;AAChE,eAAO,MAAM,MAAM,QAAe,CAAC;AAInC;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAI1C;AAED;;GAEG;AACH,wBAAgB,UAAU,CACxB,GAAG,EAAE,OAAO,EACZ,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,GACf,IAAI,CAQN;AAED;;GAEG;AACH,wBAAgB,WAAW,CACzB,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,IAAI,CAaN"}

package/dist/logger.js

@@ -0,0 +1,138 @@
+/**
+ * mates-ssr — logger.ts
+ *
+ * Structured logger for production deployments.
+ *
+ * In development: pretty-prints with colors and timestamps.
+ * In production: outputs newline-delimited JSON (NDJSON) for
+ * CloudWatch, Datadog, Loki, and other log aggregators.
+ *
+ * Log levels: debug < info < warn < error
+ * Default level: "info" in production, "debug" in development.
+ *
+ * Request IDs: every log within a request carries the same request_id
+ * for tracing a request through the logs.
+ *
+ * Usage:
+ *   import { logger } from "mates-ssr";
+ *   logger.info("User logged in", { userId: auth.sub });
+ *   logger.error("DB query failed", { query, error: err.message });
+ *
+ * Request-scoped (carries request_id automatically):
+ *   const log = logger.withRequest(req);
+ *   log.info("Processing upload", { filename });
+ */
+const LEVELS = {
+    debug: 0,
+    info: 1,
+    warn: 2,
+    error: 3,
+};
+const LEVEL_COLORS = {
+    debug: "\x1b[90m", // gray
+    info: "\x1b[36m", // cyan
+    warn: "\x1b[33m", // yellow
+    error: "\x1b[31m", // red
+};
+const RESET = "\x1b[0m";
+const BOLD = "\x1b[1m";
+const isProd = process.env.NODE_ENV === "production";
+// ─── Module-level config ──────────────────────────────────────────────────────
+let _minLevel = isProd ? "info" : "debug";
+let _format = isProd ? "json" : "pretty";
+let _service = "mates-ssr";
+export function configureLogger(config) {
+    if (config.level)
+        _minLevel = config.level;
+    if (config.format)
+        _format = config.format;
+    if (config.service)
+        _service = config.service;
+}
+// ─── Core write ───────────────────────────────────────────────────────────────
+function write(level, msg, fields, requestId) {
+    if (LEVELS[level] < LEVELS[_minLevel])
+        return;
+    const entry = {
+        ts: new Date().toISOString(),
+        level,
+        msg,
+        ...(requestId && { request_id: requestId }),
+        ...(_service && { service: _service }),
+        ...(fields ?? {}),
+    };
+    if (_format === "json") {
+        // NDJSON — one JSON object per line
+        // CloudWatch, Datadog, Loki all parse this automatically
+        process.stdout.write(JSON.stringify(entry) + "\n");
+        return;
+    }
+    // Pretty format for development
+    const color = LEVEL_COLORS[level];
+    const ts = entry.ts.replace("T", " ").replace("Z", "").slice(0, 23);
+    const lvl = level.toUpperCase().padEnd(5);
+    const rid = requestId ? ` \x1b[90m[${requestId.slice(0, 8)}]\x1b[0m` : "";
+    // Format extra fields
+    const extra = fields && Object.keys(fields).length > 0
+        ? " " + Object.entries(fields)
+            .map(([k, v]) => `\x1b[90m${k}=\x1b[0m${JSON.stringify(v)}`)
+            .join(" ")
+        : "";
+    if (level === "error") {
+        process.stderr.write(`  ${color}${BOLD}${lvl}${RESET} \x1b[90m${ts}${RESET}${rid} ${msg}${extra}\n`);
+    }
+    else {
+        process.stdout.write(`  ${color}${lvl}${RESET} \x1b[90m${ts}${RESET}${rid} ${msg}${extra}\n`);
+    }
+}
+function makeLogger(requestId, defaultFields) {
+    return {
+        debug: (msg, fields) => write("debug", msg, { ...defaultFields, ...fields }, requestId),
+        info: (msg, fields) => write("info", msg, { ...defaultFields, ...fields }, requestId),
+        warn: (msg, fields) => write("warn", msg, { ...defaultFields, ...fields }, requestId),
+        error: (msg, fields) => write("error", msg, { ...defaultFields, ...fields }, requestId),
+        withRequest: (rid) => makeLogger(rid, defaultFields),
+        withFields: (fields) => makeLogger(requestId, { ...defaultFields, ...fields }),
+    };
+}
+/** The global logger instance. Use this throughout your app. */
+export const logger = makeLogger();
+// ─── Request logging middleware ───────────────────────────────────────────────
+/**
+ * Generate a short random request ID for tracing.
+ * 8 hex chars — enough to correlate logs within a request, low collision risk.
+ */
+export function generateRequestId() {
+    const bytes = new Uint8Array(8);
+    crypto.getRandomValues(bytes);
+    return Array.from(bytes).map(b => b.toString(16).padStart(2, "0")).join("").slice(0, 12);
+}
+/**
+ * Log an incoming request. Call at the start of request handling.
+ */
+export function logRequest(req, requestId, clientIp) {
+    const url = new URL(req.url);
+    logger.withRequest(requestId).info("→ request", {
+        method: req.method,
+        path: url.pathname,
+        ip: clientIp,
+        ua: req.headers.get("user-agent")?.slice(0, 80) ?? undefined,
+    });
+}
+/**
+ * Log an outgoing response. Call just before sending.
+ */
+export function logResponse(req, res, requestId, startTime) {
+    const url = new URL(req.url);
+    const ms = (performance.now() - startTime).toFixed(1);
+    const lvl = res.status >= 500 ? "error"
+        : res.status >= 400 ? "warn"
+            : "info";
+    logger.withRequest(requestId)[lvl]("← response", {
+        method: req.method,
+        path: url.pathname,
+        status: res.status,
+        ms: Number(ms),
+    });
+}
+//# sourceMappingURL=logger.js.map

package/dist/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AA8BH,MAAM,MAAM,GAA6B;IACvC,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,CAAC;IACP,IAAI,EAAE,CAAC;IACP,KAAK,EAAE,CAAC;CACT,CAAC;AAEF,MAAM,YAAY,GAA6B;IAC7C,KAAK,EAAE,UAAU,EAAE,OAAO;IAC1B,IAAI,EAAG,UAAU,EAAE,OAAO;IAC1B,IAAI,EAAG,UAAU,EAAE,SAAS;IAC5B,KAAK,EAAE,UAAU,EAAE,MAAM;CAC1B,CAAC;AAEF,MAAM,KAAK,GAAG,SAAS,CAAC;AACxB,MAAM,IAAI,GAAI,SAAS,CAAC;AAExB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;AAErD,iFAAiF;AAEjF,IAAI,SAAS,GAAa,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;AACpD,IAAI,OAAO,GAAe,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;AACrD,IAAI,QAAQ,GAAc,WAAW,CAAC;AAEtC,MAAM,UAAU,eAAe,CAAC,MAAoB;IAClD,IAAI,MAAM,CAAC,KAAK;QAAI,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC;IAC7C,IAAI,MAAM,CAAC,MAAM;QAAG,OAAO,GAAK,MAAM,CAAC,MAAM,CAAC;IAC9C,IAAI,MAAM,CAAC,OAAO;QAAE,QAAQ,GAAI,MAAM,CAAC,OAAO,CAAC;AACjD,CAAC;AAED,iFAAiF;AAEjF,SAAS,KAAK,CACZ,KAAe,EACf,GAAW,EACX,MAAgC,EAChC,SAAkB;IAElB,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC;QAAE,OAAO;IAE9C,MAAM,KAAK,GAAa;QACtB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,KAAK;QACL,GAAG;QACH,GAAG,CAAC,SAAS,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;QAC3C,GAAG,CAAC,QAAQ,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;QACtC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;KAClB,CAAC;IAEF,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACvB,oCAAoC;QACpC,yDAAyD;QACzD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;QACnD,OAAO;IACT,CAAC;IAED,gCAAgC;IAChC,MAAM,KAAK,GAAI,YAAY,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,EAAE,GAAO,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACxE,MAAM,GAAG,GAAM,KAAK,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAM,SAAS,CAAC,CAAC,CAAC,aAAa,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE7E,sBAAsB;IACtB,MAAM,KAAK,GAAG,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC;QACpD,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;aACzB,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,WAAW,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;aAC3D,IAAI,CAAC,GAAG,CAAC;QACd,CAAC,CAAC,EAAE,CAAC;IAEP,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,KAAK,GAAG,IAAI,GAAG,GAAG,GAAG,KAAK,YAAY,EAAE,GAAG,KAAK,GAAG,GAAG,IAAI,GAAG,GAAG,KAAK,IAAI,CAC/E,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,KAAK,GAAG,GAAG,GAAG,KAAK,YAAY,EAAE,GAAG,KAAK,GAAG,GAAG,IAAI,GAAG,GAAG,KAAK,IAAI,CACxE,CAAC;IACJ,CAAC;AACH,CAAC;AAeD,SAAS,UAAU,CACjB,SAAkB,EAClB,aAAuC;IAEvC,OAAO;QACL,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,GAAG,aAAa,EAAE,GAAG,MAAM,EAAE,EAAE,SAAS,CAAC;QACvF,IAAI,EAAG,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,EAAG,GAAG,EAAE,EAAE,GAAG,aAAa,EAAE,GAAG,MAAM,EAAE,EAAE,SAAS,CAAC;QACvF,IAAI,EAAG,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,EAAG,GAAG,EAAE,EAAE,GAAG,aAAa,EAAE,GAAG,MAAM,EAAE,EAAE,SAAS,CAAC;QACvF,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,GAAG,aAAa,EAAE,GAAG,MAAM,EAAE,EAAE,SAAS,CAAC;QACvF,WAAW,EAAE,CAAC,GAAG,EAAK,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,aAAa,CAAC;QACvD,UAAU,EAAG,CAAC,MAAM,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS,EAAE,EAAE,GAAG,aAAa,EAAE,GAAG,MAAM,EAAE,CAAC;KAChF,CAAC;AACJ,CAAC;AAED,gEAAgE;AAChE,MAAM,CAAC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;AAEnC,iFAAiF;AAEjF;;;GAGG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAChC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC3F,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CACxB,GAAY,EACZ,SAAiB,EACjB,QAAgB;IAEhB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE;QAC9C,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,IAAI,EAAE,GAAG,CAAC,QAAQ;QAClB,EAAE,EAAE,QAAQ;QACZ,EAAE,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,SAAS;KAC7D,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CACzB,GAAY,EACZ,GAAa,EACb,SAAiB,EACjB,SAAiB;IAEjB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,MAAM,EAAE,GAAI,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACvD,MAAM,GAAG,GAAa,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,OAAO;QAC/C,CAAC,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM;YAC5B,CAAC,CAAC,MAAM,CAAC;IAEX,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE;QAC/C,MAAM,EAAG,GAAG,CAAC,MAAM;QACnB,IAAI,EAAK,GAAG,CAAC,QAAQ;QACrB,MAAM,EAAG,GAAG,CAAC,MAAM;QACnB,EAAE,EAAO,MAAM,CAAC,EAAE,CAAC;KACpB,CAAC,CAAC;AACL,CAAC"}