palaryn 0.1.0

package/dist/src/mcp/server.js

@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+"use strict";
+/**
+ * Palaryn MCP Server — standalone entry point for Claude Code and other MCP clients.
+ *
+ * Usage:
+ *   node dist/mcp/server.js
+ *   claude mcp add palaryn -- node /path/to/dist/mcp/server.js
+ *
+ * Environment variables:
+ *   PALARYN_MCP_WORKSPACE  — Workspace ID (default: 'ws-claude-code')
+ *   PALARYN_MCP_ACTOR      — Actor ID (default: 'claude-code')
+ *   PALARYN_MCP_PLATFORM   — Platform identifier (default: 'claude_code')
+ *   POLICY_PACK_PATH       — Path to policy pack YAML (default: './policy-packs/default.yaml')
+ *
+ * All logging goes to stderr — stdout is reserved for MCP JSON-RPC messages.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startMCPServer = startMCPServer;
+const bridge_1 = require("./bridge");
+const workspace = process.env.PALARYN_MCP_WORKSPACE || 'ws-claude-code';
+const actorId = process.env.PALARYN_MCP_ACTOR || 'claude-code';
+const platform = process.env.PALARYN_MCP_PLATFORM || 'claude_code';
+const bridgeConfig = {
+    workspace_id: workspace,
+    actor: { type: 'agent', id: actorId, display: actorId },
+    source: { platform },
+};
+let shuttingDown = false;
+async function startMCPServer() {
+    const bridge = await (0, bridge_1.startMCPBridge)(undefined, bridgeConfig);
+    process.stderr.write(`Palaryn MCP server started (workspace=${workspace}, actor=${actorId}, platform=${platform})\n`);
+    const shutdown = async () => {
+        if (shuttingDown)
+            return;
+        shuttingDown = true;
+        process.stderr.write('Palaryn MCP server shutting down\n');
+        await bridge.close();
+        process.exit(0);
+    };
+    process.on('SIGINT', shutdown);
+    process.on('SIGTERM', shutdown);
+}
+// Direct execution (node dist/src/mcp/server.js)
+if (require.main === module) {
+    startMCPServer().catch((err) => {
+        process.stderr.write(`Palaryn MCP server fatal error: ${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=server.js.map

package/dist/src/mcp/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/mcp/server.ts"],"names":[],"mappings":";;AAEA;;;;;;;;;;;;;;GAcG;;AAgBH,wCAcC;AA5BD,qCAA2D;AAE3D,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,gBAAgB,CAAC;AACxE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,aAAa,CAAC;AAC/D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,aAAa,CAAC;AAEnE,MAAM,YAAY,GAAoB;IACpC,YAAY,EAAE,SAAS;IACvB,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE;IACvD,MAAM,EAAE,EAAE,QAAQ,EAAE;CACrB,CAAC;AAEF,IAAI,YAAY,GAAG,KAAK,CAAC;AAElB,KAAK,UAAU,cAAc;IAClC,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAc,EAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,SAAS,WAAW,OAAO,cAAc,QAAQ,KAAK,CAAC,CAAC;IAEtH,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,IAAI,YAAY;YAAE,OAAO;QACzB,YAAY,GAAG,IAAI,CAAC;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAC3D,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC;AAED,iDAAiD;AACjD,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,cAAc,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9G,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/src/metrics/collector.d.ts

@@ -0,0 +1,106 @@
+export declare class GatewayMetrics {
+    private registry;
+    private requestsTotal;
+    private policyDecisionsTotal;
+    private dlpDetectionsTotal;
+    private budgetBlockedTotal;
+    private rateLimitBlockedTotal;
+    private idempotencyHitsTotal;
+    private executorErrorsTotal;
+    private costUsdTotal;
+    private tokenUsageTotal;
+    private llmCostUsdTotal;
+    private llmTokensTotal;
+    private llmRequestsTotal;
+    private llmLatencySeconds;
+    private cacheHitsTotal;
+    private cacheMissesTotal;
+    private storageWriteFailuresTotal;
+    private dlpTruncatedTotal;
+    private requestDuration;
+    private costPerRequest;
+    private activeApprovals;
+    constructor();
+    /**
+     * Record a completed request with its status, tool info, and duration.
+     */
+    recordRequest(status: string, toolName: string, capability: string, durationSeconds: number): void;
+    /**
+     * Record a policy engine decision.
+     */
+    recordPolicyDecision(decision: string, ruleId: string): void;
+    /**
+     * Record a DLP detection event.
+     */
+    recordDLPDetection(detectionType: string, severity: string): void;
+    /**
+     * Record a budget block event.
+     */
+    recordBudgetBlock(reasonType: string): void;
+    /**
+     * Record a rate limit block event.
+     */
+    recordRateLimitBlock(blockedBy: string): void;
+    /**
+     * Record an idempotency cache hit.
+     */
+    recordIdempotencyHit(): void;
+    /**
+     * Record an executor error.
+     */
+    recordExecutorError(toolName: string, errorType: string): void;
+    /**
+     * Set the current count of active (pending) approvals.
+     */
+    setActiveApprovals(count: number): void;
+    /**
+     * Record a cost observation.
+     */
+    recordCost(costUsd: number, source: string, toolName: string): void;
+    /**
+     * Record token usage.
+     */
+    recordTokenUsage(type: string, toolName: string, tokens: number): void;
+    /**
+     * Record LLM-specific usage metrics (model, provider, tokens, cost, latency).
+     */
+    recordLLMUsage(params: {
+        model: string;
+        provider: string;
+        inputTokens?: number;
+        outputTokens?: number;
+        costUsd?: number;
+        durationSeconds: number;
+        status: string;
+    }): void;
+    /**
+     * Record a cache hit for a specific store.
+     */
+    recordCacheHit(store: string): void;
+    /**
+     * Record a cache miss for a specific store.
+     */
+    recordCacheMiss(store: string): void;
+    /**
+     * Record a storage write failure.
+     */
+    recordStorageWriteFailure(store: string, backend: string): void;
+    /**
+     * Record a DLP scan truncation event.
+     */
+    recordDLPTruncation(): void;
+    /**
+     * Get serialized Prometheus metrics for the /metrics endpoint.
+     */
+    getMetrics(): Promise<string>;
+    /**
+     * Get the content type header for Prometheus metrics responses.
+     */
+    getContentType(): string;
+    /**
+     * Reset all metrics in the registry. Used during graceful shutdown
+     * to flush metric state before the process exits.
+     */
+    reset(): void;
+}
+//# sourceMappingURL=collector.d.ts.map

package/dist/src/metrics/collector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"collector.d.ts","sourceRoot":"","sources":["../../../src/metrics/collector.ts"],"names":[],"mappings":"AAEA,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAsB;IAGtC,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,oBAAoB,CAAqB;IACjD,OAAO,CAAC,kBAAkB,CAAqB;IAC/C,OAAO,CAAC,kBAAkB,CAAqB;IAC/C,OAAO,CAAC,qBAAqB,CAAqB;IAClD,OAAO,CAAC,oBAAoB,CAAqB;IACjD,OAAO,CAAC,mBAAmB,CAAqB;IAGhD,OAAO,CAAC,YAAY,CAAqB;IACzC,OAAO,CAAC,eAAe,CAAqB;IAG5C,OAAO,CAAC,eAAe,CAAqB;IAC5C,OAAO,CAAC,cAAc,CAAqB;IAC3C,OAAO,CAAC,gBAAgB,CAAqB;IAC7C,OAAO,CAAC,iBAAiB,CAAuB;IAGhD,OAAO,CAAC,cAAc,CAAqB;IAC3C,OAAO,CAAC,gBAAgB,CAAqB;IAC7C,OAAO,CAAC,yBAAyB,CAAqB;IACtD,OAAO,CAAC,iBAAiB,CAAqB;IAG9C,OAAO,CAAC,eAAe,CAAuB;IAC9C,OAAO,CAAC,cAAc,CAAuB;IAG7C,OAAO,CAAC,eAAe,CAAmB;;IA4K1C;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,IAAI;IAKlG;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAI5D;;OAEG;IACH,kBAAkB,CAAC,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;IAIjE;;OAEG;IACH,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAI3C;;OAEG;IACH,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAI7C;;OAEG;IACH,oBAAoB,IAAI,IAAI;IAI5B;;OAEG;IACH,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAI9D;;OAEG;IACH,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIvC;;OAEG;IACH,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;IAKnE;;OAEG;IACH,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAItE;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE;QACrB,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,eAAe,EAAE,MAAM,CAAC;QACxB,MAAM,EAAE,MAAM,CAAC;KAChB,GAAG,IAAI;IAiBR;;OAEG;IACH,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAInC;;OAEG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIpC;;OAEG;IACH,yBAAyB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAI/D;;OAEG;IACH,mBAAmB,IAAI,IAAI;IAI3B;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC;IAInC;;OAEG;IACH,cAAc,IAAI,MAAM;IAIxB;;;OAGG;IACH,KAAK,IAAI,IAAI;CAGd"}

package/dist/src/metrics/collector.js

@@ -0,0 +1,311 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GatewayMetrics = void 0;
+const promClient = __importStar(require("prom-client"));
+class GatewayMetrics {
+    constructor() {
+        this.registry = new promClient.Registry();
+        // Enable default metrics (process CPU, memory, etc.) with palaryn_ prefix
+        promClient.collectDefaultMetrics({
+            register: this.registry,
+            prefix: 'palaryn_',
+        });
+        // palaryn_requests_total
+        this.requestsTotal = new promClient.Counter({
+            name: 'palaryn_requests_total',
+            help: 'Total number of tool call requests processed by the gateway',
+            labelNames: ['status', 'tool_name', 'capability'],
+            registers: [this.registry],
+        });
+        // palaryn_request_duration_seconds
+        this.requestDuration = new promClient.Histogram({
+            name: 'palaryn_request_duration_seconds',
+            help: 'Duration of tool call request processing in seconds',
+            labelNames: ['status', 'tool_name'],
+            buckets: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10],
+            registers: [this.registry],
+        });
+        // palaryn_policy_decisions_total
+        this.policyDecisionsTotal = new promClient.Counter({
+            name: 'palaryn_policy_decisions_total',
+            help: 'Total number of policy decisions made',
+            labelNames: ['decision', 'rule_id'],
+            registers: [this.registry],
+        });
+        // palaryn_dlp_detections_total
+        this.dlpDetectionsTotal = new promClient.Counter({
+            name: 'palaryn_dlp_detections_total',
+            help: 'Total number of DLP detections',
+            labelNames: ['detection_type', 'severity'],
+            registers: [this.registry],
+        });
+        // palaryn_budget_blocked_total
+        this.budgetBlockedTotal = new promClient.Counter({
+            name: 'palaryn_budget_blocked_total',
+            help: 'Total number of requests blocked due to budget limits',
+            labelNames: ['reason_type'],
+            registers: [this.registry],
+        });
+        // palaryn_rate_limit_blocked_total
+        this.rateLimitBlockedTotal = new promClient.Counter({
+            name: 'palaryn_rate_limit_blocked_total',
+            help: 'Total number of requests blocked due to rate limiting',
+            labelNames: ['blocked_by'],
+            registers: [this.registry],
+        });
+        // palaryn_idempotency_hits_total
+        this.idempotencyHitsTotal = new promClient.Counter({
+            name: 'palaryn_idempotency_hits_total',
+            help: 'Total number of idempotency cache hits (deduplicated requests)',
+            registers: [this.registry],
+        });
+        // palaryn_active_approvals
+        this.activeApprovals = new promClient.Gauge({
+            name: 'palaryn_active_approvals',
+            help: 'Current number of pending approval requests',
+            registers: [this.registry],
+        });
+        // palaryn_executor_errors_total
+        this.executorErrorsTotal = new promClient.Counter({
+            name: 'palaryn_executor_errors_total',
+            help: 'Total number of executor errors during tool execution',
+            labelNames: ['tool_name', 'error_type'],
+            registers: [this.registry],
+        });
+        // palaryn_cost_usd_total
+        this.costUsdTotal = new promClient.Counter({
+            name: 'palaryn_cost_usd_total',
+            help: 'Total cost in USD tracked by the gateway',
+            labelNames: ['source', 'tool_name'],
+            registers: [this.registry],
+        });
+        // palaryn_token_usage_total
+        this.tokenUsageTotal = new promClient.Counter({
+            name: 'palaryn_token_usage_total',
+            help: 'Total token usage tracked by the gateway',
+            labelNames: ['type', 'tool_name'],
+            registers: [this.registry],
+        });
+        // palaryn_cost_per_request_usd
+        this.costPerRequest = new promClient.Histogram({
+            name: 'palaryn_cost_per_request_usd',
+            help: 'Cost per request in USD',
+            labelNames: ['tool_name'],
+            buckets: [0.0001, 0.001, 0.005, 0.01, 0.05, 0.1, 0.5, 1, 5, 10],
+            registers: [this.registry],
+        });
+        // palaryn_llm_cost_usd_total
+        this.llmCostUsdTotal = new promClient.Counter({
+            name: 'palaryn_llm_cost_usd_total',
+            help: 'Total LLM cost in USD by model and provider',
+            labelNames: ['model', 'provider'],
+            registers: [this.registry],
+        });
+        // palaryn_llm_tokens_total
+        this.llmTokensTotal = new promClient.Counter({
+            name: 'palaryn_llm_tokens_total',
+            help: 'Total LLM tokens by type, model, and provider',
+            labelNames: ['type', 'model', 'provider'],
+            registers: [this.registry],
+        });
+        // palaryn_llm_requests_total
+        this.llmRequestsTotal = new promClient.Counter({
+            name: 'palaryn_llm_requests_total',
+            help: 'Total LLM requests by model, provider, and status',
+            labelNames: ['model', 'provider', 'status'],
+            registers: [this.registry],
+        });
+        // palaryn_llm_latency_seconds
+        this.llmLatencySeconds = new promClient.Histogram({
+            name: 'palaryn_llm_latency_seconds',
+            help: 'LLM request latency in seconds by model and provider',
+            labelNames: ['model', 'provider'],
+            buckets: [0.1, 0.25, 0.5, 1, 2.5, 5, 10, 30, 60],
+            registers: [this.registry],
+        });
+        // palaryn_cache_hits_total
+        this.cacheHitsTotal = new promClient.Counter({
+            name: 'palaryn_cache_hits_total',
+            help: 'Total cache hits by store type',
+            labelNames: ['store'],
+            registers: [this.registry],
+        });
+        // palaryn_cache_misses_total
+        this.cacheMissesTotal = new promClient.Counter({
+            name: 'palaryn_cache_misses_total',
+            help: 'Total cache misses by store type',
+            labelNames: ['store'],
+            registers: [this.registry],
+        });
+        // palaryn_storage_write_failures_total
+        this.storageWriteFailuresTotal = new promClient.Counter({
+            name: 'palaryn_storage_write_failures_total',
+            help: 'Total storage write failures by store and backend',
+            labelNames: ['store', 'backend'],
+            registers: [this.registry],
+        });
+        // palaryn_dlp_truncated_total
+        this.dlpTruncatedTotal = new promClient.Counter({
+            name: 'palaryn_dlp_truncated_total',
+            help: 'Total number of DLP scans that were truncated due to response size limits',
+            registers: [this.registry],
+        });
+    }
+    /**
+     * Record a completed request with its status, tool info, and duration.
+     */
+    recordRequest(status, toolName, capability, durationSeconds) {
+        this.requestsTotal.inc({ status, tool_name: toolName, capability });
+        this.requestDuration.observe({ status, tool_name: toolName }, durationSeconds);
+    }
+    /**
+     * Record a policy engine decision.
+     */
+    recordPolicyDecision(decision, ruleId) {
+        this.policyDecisionsTotal.inc({ decision, rule_id: ruleId });
+    }
+    /**
+     * Record a DLP detection event.
+     */
+    recordDLPDetection(detectionType, severity) {
+        this.dlpDetectionsTotal.inc({ detection_type: detectionType, severity });
+    }
+    /**
+     * Record a budget block event.
+     */
+    recordBudgetBlock(reasonType) {
+        this.budgetBlockedTotal.inc({ reason_type: reasonType });
+    }
+    /**
+     * Record a rate limit block event.
+     */
+    recordRateLimitBlock(blockedBy) {
+        this.rateLimitBlockedTotal.inc({ blocked_by: blockedBy });
+    }
+    /**
+     * Record an idempotency cache hit.
+     */
+    recordIdempotencyHit() {
+        this.idempotencyHitsTotal.inc();
+    }
+    /**
+     * Record an executor error.
+     */
+    recordExecutorError(toolName, errorType) {
+        this.executorErrorsTotal.inc({ tool_name: toolName, error_type: errorType });
+    }
+    /**
+     * Set the current count of active (pending) approvals.
+     */
+    setActiveApprovals(count) {
+        this.activeApprovals.set(count);
+    }
+    /**
+     * Record a cost observation.
+     */
+    recordCost(costUsd, source, toolName) {
+        this.costUsdTotal.inc({ source, tool_name: toolName }, costUsd);
+        this.costPerRequest.observe({ tool_name: toolName }, costUsd);
+    }
+    /**
+     * Record token usage.
+     */
+    recordTokenUsage(type, toolName, tokens) {
+        this.tokenUsageTotal.inc({ type, tool_name: toolName }, tokens);
+    }
+    /**
+     * Record LLM-specific usage metrics (model, provider, tokens, cost, latency).
+     */
+    recordLLMUsage(params) {
+        const { model, provider, inputTokens, outputTokens, costUsd, durationSeconds, status } = params;
+        this.llmRequestsTotal.inc({ model, provider, status });
+        this.llmLatencySeconds.observe({ model, provider }, durationSeconds);
+        if (costUsd !== undefined && costUsd > 0) {
+            this.llmCostUsdTotal.inc({ model, provider }, costUsd);
+        }
+        if (inputTokens !== undefined) {
+            this.llmTokensTotal.inc({ type: 'input', model, provider }, inputTokens);
+        }
+        if (outputTokens !== undefined) {
+            this.llmTokensTotal.inc({ type: 'output', model, provider }, outputTokens);
+        }
+    }
+    /**
+     * Record a cache hit for a specific store.
+     */
+    recordCacheHit(store) {
+        this.cacheHitsTotal.inc({ store });
+    }
+    /**
+     * Record a cache miss for a specific store.
+     */
+    recordCacheMiss(store) {
+        this.cacheMissesTotal.inc({ store });
+    }
+    /**
+     * Record a storage write failure.
+     */
+    recordStorageWriteFailure(store, backend) {
+        this.storageWriteFailuresTotal.inc({ store, backend });
+    }
+    /**
+     * Record a DLP scan truncation event.
+     */
+    recordDLPTruncation() {
+        this.dlpTruncatedTotal.inc();
+    }
+    /**
+     * Get serialized Prometheus metrics for the /metrics endpoint.
+     */
+    async getMetrics() {
+        return this.registry.metrics();
+    }
+    /**
+     * Get the content type header for Prometheus metrics responses.
+     */
+    getContentType() {
+        return this.registry.contentType;
+    }
+    /**
+     * Reset all metrics in the registry. Used during graceful shutdown
+     * to flush metric state before the process exits.
+     */
+    reset() {
+        this.registry.resetMetrics();
+    }
+}
+exports.GatewayMetrics = GatewayMetrics;
+//# sourceMappingURL=collector.js.map

package/dist/src/metrics/collector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"collector.js","sourceRoot":"","sources":["../../../src/metrics/collector.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA0C;AAE1C,MAAa,cAAc;IAmCzB;QACE,IAAI,CAAC,QAAQ,GAAG,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;QAE1C,0EAA0E;QAC1E,UAAU,CAAC,qBAAqB,CAAC;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;QAEH,yBAAyB;QACzB,IAAI,CAAC,aAAa,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAC1C,IAAI,EAAE,wBAAwB;YAC9B,IAAI,EAAE,6DAA6D;YACnE,UAAU,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,YAAY,CAAC;YACjD,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,mCAAmC;QACnC,IAAI,CAAC,eAAe,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC;YAC9C,IAAI,EAAE,kCAAkC;YACxC,IAAI,EAAE,qDAAqD;YAC3D,UAAU,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC;YACnC,OAAO,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;YAClE,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,iCAAiC;QACjC,IAAI,CAAC,oBAAoB,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YACjD,IAAI,EAAE,gCAAgC;YACtC,IAAI,EAAE,uCAAuC;YAC7C,UAAU,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC;YACnC,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC,kBAAkB,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAC/C,IAAI,EAAE,8BAA8B;YACpC,IAAI,EAAE,gCAAgC;YACtC,UAAU,EAAE,CAAC,gBAAgB,EAAE,UAAU,CAAC;YAC1C,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC,kBAAkB,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAC/C,IAAI,EAAE,8BAA8B;YACpC,IAAI,EAAE,uDAAuD;YAC7D,UAAU,EAAE,CAAC,aAAa,CAAC;YAC3B,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,mCAAmC;QACnC,IAAI,CAAC,qBAAqB,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAClD,IAAI,EAAE,kCAAkC;YACxC,IAAI,EAAE,uDAAuD;YAC7D,UAAU,EAAE,CAAC,YAAY,CAAC;YAC1B,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,iCAAiC;QACjC,IAAI,CAAC,oBAAoB,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YACjD,IAAI,EAAE,gCAAgC;YACtC,IAAI,EAAE,gEAAgE;YACtE,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,2BAA2B;QAC3B,IAAI,CAAC,eAAe,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC;YAC1C,IAAI,EAAE,0BAA0B;YAChC,IAAI,EAAE,6CAA6C;YACnD,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,gCAAgC;QAChC,IAAI,CAAC,mBAAmB,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAChD,IAAI,EAAE,+BAA+B;YACrC,IAAI,EAAE,uDAAuD;YAC7D,UAAU,EAAE,CAAC,WAAW,EAAE,YAAY,CAAC;YACvC,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,yBAAyB;QACzB,IAAI,CAAC,YAAY,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YACzC,IAAI,EAAE,wBAAwB;YAC9B,IAAI,EAAE,0CAA0C;YAChD,UAAU,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC;YACnC,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,4BAA4B;QAC5B,IAAI,CAAC,eAAe,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAC5C,IAAI,EAAE,2BAA2B;YACjC,IAAI,EAAE,0CAA0C;YAChD,UAAU,EAAE,CAAC,MAAM,EAAE,WAAW,CAAC;YACjC,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC,cAAc,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC;YAC7C,IAAI,EAAE,8BAA8B;YACpC,IAAI,EAAE,yBAAyB;YAC/B,UAAU,EAAE,CAAC,WAAW,CAAC;YACzB,OAAO,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/D,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,6BAA6B;QAC7B,IAAI,CAAC,eAAe,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAC5C,IAAI,EAAE,4BAA4B;YAClC,IAAI,EAAE,6CAA6C;YACnD,UAAU,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC;YACjC,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,2BAA2B;QAC3B,IAAI,CAAC,cAAc,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAC3C,IAAI,EAAE,0BAA0B;YAChC,IAAI,EAAE,+CAA+C;YACrD,UAAU,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC;YACzC,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAC7C,IAAI,EAAE,4BAA4B;YAClC,IAAI,EAAE,mDAAmD;YACzD,UAAU,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC;YAC3C,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,8BAA8B;QAC9B,IAAI,CAAC,iBAAiB,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC;YAChD,IAAI,EAAE,6BAA6B;YACnC,IAAI,EAAE,sDAAsD;YAC5D,UAAU,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC;YACjC,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC;YAChD,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,2BAA2B;QAC3B,IAAI,CAAC,cAAc,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAC3C,IAAI,EAAE,0BAA0B;YAChC,IAAI,EAAE,gCAAgC;YACtC,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAC7C,IAAI,EAAE,4BAA4B;YAClC,IAAI,EAAE,kCAAkC;YACxC,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,uCAAuC;QACvC,IAAI,CAAC,yBAAyB,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YACtD,IAAI,EAAE,sCAAsC;YAC5C,IAAI,EAAE,mDAAmD;YACzD,UAAU,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC;YAChC,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;QAEH,8BAA8B;QAC9B,IAAI,CAAC,iBAAiB,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;YAC9C,IAAI,EAAE,6BAA6B;YACnC,IAAI,EAAE,2EAA2E;YACjF,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,MAAc,EAAE,QAAgB,EAAE,UAAkB,EAAE,eAAuB;QACzF,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC;QACpE,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,eAAe,CAAC,CAAC;IACjF,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,QAAgB,EAAE,MAAc;QACnD,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,aAAqB,EAAE,QAAgB;QACxD,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE,cAAc,EAAE,aAAa,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,UAAkB;QAClC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,SAAiB;QACpC,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,QAAgB,EAAE,SAAiB;QACrD,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,KAAa;QAC9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,OAAe,EAAE,MAAc,EAAE,QAAgB;QAC1D,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;QAChE,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;IAChE,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,IAAY,EAAE,QAAgB,EAAE,MAAc;QAC7D,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAQd;QACC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;QAEhG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,eAAe,CAAC,CAAC;QAErE,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,WAAW,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,YAAY,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,KAAa;QAC1B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,KAAa;QAC3B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,yBAAyB,CAAC,KAAa,EAAE,OAAe;QACtD,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;IACnC,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC;IAC/B,CAAC;CACF;AAlWD,wCAkWC"}

package/dist/src/metrics/index.d.ts

@@ -0,0 +1,2 @@
+export { GatewayMetrics } from './collector';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/metrics/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/metrics/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC"}

package/dist/src/metrics/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GatewayMetrics = void 0;
+var collector_1 = require("./collector");
+Object.defineProperty(exports, "GatewayMetrics", { enumerable: true, get: function () { return collector_1.GatewayMetrics; } });
+//# sourceMappingURL=index.js.map

package/dist/src/metrics/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/metrics/index.ts"],"names":[],"mappings":";;;AAAA,yCAA6C;AAApC,2GAAA,cAAc,OAAA"}

package/dist/src/middleware/auth.d.ts

@@ -0,0 +1,77 @@
+import { Request, Response, NextFunction } from 'express';
+import { AuthConfig, Permission, ProxyConfig, RBACConfig } from '../types/config';
+import { UserApiKeyStore } from '../storage/interfaces';
+interface BruteForceEntry {
+    count: number;
+    firstAttempt: number;
+    lockedUntil: number;
+}
+export declare const failedAuthAttempts: Map<string, BruteForceEntry>;
+export declare function stopBruteForceCleanup(): void;
+export interface AuthContext {
+    workspace_id: string;
+    actor_id: string;
+    roles: string[];
+    permissions: Permission[];
+    auth_method: 'api_key' | 'jwt' | 'session' | 'none';
+    api_key_id?: string;
+    user_id?: string;
+    api_key_tags?: string[];
+}
+/**
+ * AuthenticatedRequest is kept for documentation/typing purposes.
+ * Note: Express Request is augmented via src/types/express.d.ts to include
+ * auth, workspace_id, sessionUser, sessionData, cookies, and api_key_description.
+ */
+export type AuthenticatedRequest = Request & {
+    auth: AuthContext;
+};
+/**
+ * Resolve a set of role names into a flat Permission[] array using the RBAC config.
+ */
+export declare function resolvePermissions(roles: string[], rbacConfig?: RBACConfig): Permission[];
+/**
+ * Check whether a given set of permissions satisfies a required permission.
+ * - `admin:full` always satisfies any permission.
+ * - `tool:execute` satisfies any `tool:execute:*` check.
+ */
+export declare function hasPermission(permissions: Permission[], required: Permission): boolean;
+/** SHA-256 hash a key with a salt */
+export declare function hashKeyWithSalt(key: string, salt: string): string;
+/** Generate a 16-byte random salt as hex string */
+export declare function generateSalt(): string;
+/**
+ * Compute the hash for a token given a stored key_hash value.
+ * Supports salted format "salt:hash" and legacy unsalted plain hex format.
+ * Returns true if the token matches the stored hash.
+ */
+export declare function verifySaasKeyHash(token: string, storedKeyHash: string): boolean;
+/**
+ * Create a salted key hash for storage. Returns "salt:hash" format.
+ */
+export declare function createSaltedKeyHash(key: string): string;
+export declare function createAuthMiddleware(config: AuthConfig, userApiKeyStore?: UserApiKeyStore): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+/**
+ * Per-route RBAC middleware. Checks that the authenticated user has the
+ * required permission. Must be placed AFTER the auth middleware.
+ *
+ * When RBAC is not enabled in the config, all requests pass through.
+ */
+export interface ProxyAuthResult {
+    authenticated: boolean;
+    workspace_id?: string;
+    actor_id?: string;
+    api_key?: string;
+    error?: string;
+}
+/**
+ * Parse proxy auth from an HTTP request's Proxy-Authorization header.
+ * Format: `Proxy-Authorization: Basic base64(workspace_id:api_key)`
+ *
+ * Falls back to sidecar defaults (env vars) if no header is present.
+ * Also checks X-Palaryn-Workspace and X-Palaryn-Actor headers as overrides.
+ */
+export declare function parseProxyAuth(headers: Record<string, string | string[] | undefined>, proxyConfig: ProxyConfig, authConfig: AuthConfig): ProxyAuthResult;
+export declare function createRBACMiddleware(config: AuthConfig, requiredPermission: Permission): (req: Request, res: Response, next: NextFunction) => void;
+export {};
+//# sourceMappingURL=auth.d.ts.map

package/dist/src/middleware/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/middleware/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAI1D,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAQxD,UAAU,eAAe;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAOD,eAAO,MAAM,kBAAkB,8BAAqC,CAAC;AAoBrE,wBAAgB,qBAAqB,IAAI,IAAI,CAK5C;AAkFD,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,WAAW,EAAE,SAAS,GAAG,KAAK,GAAG,SAAS,GAAG,MAAM,CAAC;IACpD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;;;GAIG;AACH,MAAM,MAAM,oBAAoB,GAAG,OAAO,GAAG;IAAE,IAAI,EAAE,WAAW,CAAA;CAAE,CAAC;AAMnE;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,UAAU,CAAC,EAAE,UAAU,GAAG,UAAU,EAAE,CAezF;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,UAAU,EAAE,EAAE,QAAQ,EAAE,UAAU,GAAG,OAAO,CAStF;AAgHD,qCAAqC;AACrC,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEjE;AAED,mDAAmD;AACnD,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAmDD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAmB/E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAIvD;AAoBD,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,UAAU,EAAE,eAAe,CAAC,EAAE,eAAe,IAO1E,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,OAAO,CAAC,IAAI,CAAC,CAsM9E;AAMD;;;;;GAKG;AAKH,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,OAAO,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,EACtD,WAAW,EAAE,WAAW,EACxB,UAAU,EAAE,UAAU,GACrB,eAAe,CAyFjB;AAMD,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,UAAU,EAAE,kBAAkB,EAAE,UAAU,IAC7E,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,IAAI,CAkE/D"}