npm - paygate-mcp - Versions diffs - 9.8.0 → 9.9.0 - Mend

paygate-mcp 9.8.0 → 9.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/README.md +6 -3
package/dist/index.d.ts +6 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +7 -1
package/dist/index.js.map +1 -1
package/dist/ip-access.d.ts +116 -0
package/dist/ip-access.d.ts.map +1 -0
package/dist/ip-access.js +341 -0
package/dist/ip-access.js.map +1 -0
package/dist/request-signing.d.ts +112 -0
package/dist/request-signing.d.ts.map +1 -0
package/dist/request-signing.js +288 -0
package/dist/request-signing.js.map +1 -0
package/dist/server.d.ts +9 -0
package/dist/server.d.ts.map +1 -1
package/dist/server.js +303 -0
package/dist/server.js.map +1 -1
package/dist/tenant-isolation.d.ts +168 -0
package/dist/tenant-isolation.d.ts.map +1 -0
package/dist/tenant-isolation.js +389 -0
package/dist/tenant-isolation.js.map +1 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -11,7 +11,7 @@ Monetize any MCP server with one command. Add API key auth, per-tool pricing, ra
 - [Quick Start](#quick-start)
 - [What It Does](#what-it-does)
 - [Usage](#usage) — Local stdio, remote HTTP, multi-server, client SDK
-- [API Reference](#api-reference) — All 172+ endpoints
+- [API Reference](#api-reference) — All 178+ endpoints
 - [CLI Options](#cli-options)
 - [Deployment](#deployment) — Docker, docker-compose, systemd, PM2
 - [Load Testing](#load-testing) — k6 benchmarking for production
@@ -66,7 +66,7 @@ Agent → PayGate (auth + billing) → Your MCP Server (stdio or HTTP)
 - **SSE Streaming** — Full MCP Streamable HTTP transport (POST SSE, GET notifications, DELETE sessions)
 - **Audit Log** — Structured audit trail with retention policies, query API, CSV/JSON export
 - **Registry/Discovery** — Agent-discoverable pricing via `/.well-known/mcp-payment`, `/pricing`, and `/.well-known/mcp.json` identity card
-- **OpenAPI 3.1 + Interactive Docs** — Auto-generated spec at `/openapi.json`, Swagger UI at `/docs` — all 172+ endpoints documented
+- **OpenAPI 3.1 + Interactive Docs** — Auto-generated spec at `/openapi.json`, Swagger UI at `/docs` — all 178+ endpoints documented
 - **Public Endpoint Rate Limiting** — Configurable per-IP rate limit (default 300/min) on `/health`, `/info`, `/pricing`, `/docs`, `/openapi.json`, `/.well-known/*`, `/robots.txt`, `/` — 429 with Retry-After header
 - **Robots.txt + HEAD Support** — Standard `/robots.txt` (allow public, disallow admin/keys), HEAD method on all public endpoints for uptime monitoring
 - **Prometheus Metrics** — `/metrics` endpoint with counters, gauges, and uptime in standard text format
@@ -171,6 +171,9 @@ Agent → PayGate (auth + billing) → Your MCP Server (stdio or HTTP)
 - **Request Deduplication** — Idempotency layer preventing duplicate billing from agent retries — `X-Idempotency-Key` header with auto-generation fallback (SHA-256), in-flight request coalescing, configurable TTL window, LRU eviction, credits-saved tracking, manage via `GET/POST/DELETE /admin/dedup`
 - **Priority Queue** — Tiered request prioritization (critical/high/normal/low/background) with fair scheduling — per-key priority assignment, configurable max wait times per tier, starvation prevention via automatic promotion, max queue depth limiting, manage via `GET/POST /admin/priority-queue`
 - **Cost Allocation Tags** — Per-request cost attribution via `X-Cost-Tags` header (JSON) for enterprise chargeback — aggregated reports by any tag dimension, cross-tabulation, CSV export, required tag enforcement per key, cardinality limits, manage via `GET/POST/DELETE /admin/cost-tags`
+- **IP Access Control** — Fine-grained IP-based access control with CIDR notation support — global allow/deny lists, per-key IP binding, automatic blocking after configurable violation thresholds, X-Forwarded-For/X-Real-IP trusted proxy depth, IPv6-mapped IPv4 normalization, manage via `GET/POST/DELETE /admin/ip-access`
+- **Request Signing (HMAC-SHA256)** — Cryptographic request authentication with replay protection — `X-Signature: t=<ts>,n=<nonce>,s=<sig>` header, timestamp tolerance with nonce dedup, per-key signing secrets with rotation, timing-safe comparison, manage via `GET/POST/DELETE /admin/signing`
+- **Multi-Tenant Isolation** — Full tenant isolation for platform operators — per-tenant rate limits, credit pools, usage tracking, API key binding, tenant suspension/activation, cross-tenant reporting, configurable limits (10K tenants, 1K keys/tenant), manage via `GET/POST/DELETE /admin/tenants`
 - **Anomaly Detection** — `GET /admin/anomalies` identifies unusual patterns: keys with high denial rates, rapid credit depletion, low remaining credits, with severity ratings and detailed descriptions
 - **Usage Forecasting** — `GET /admin/forecast` predicts future credit consumption with per-key depletion estimates, calls remaining, at-risk key identification, system-wide consumption aggregates, and per-tool cost breakdown
 - **Compliance Report** — `GET /admin/compliance` generates compliance-ready report with key governance (expiry coverage), access control (ACL/IP/spending limit coverage), audit trail completeness, weighted overall score, and actionable recommendations
@@ -484,7 +487,7 @@ A real-time admin UI for managing keys, viewing usage, and monitoring tool calls
 | `/.well-known/mcp-payment` | GET | None | Server payment metadata (SEP-2007) |
 | `/.well-known/mcp.json` | GET | None | MCP Server Identity card (discovery) |
 | `/pricing` | GET | None | Full per-tool pricing breakdown |
-| `/openapi.json` | GET | None | OpenAPI 3.1 spec (all 172+ endpoints) |
+| `/openapi.json` | GET | None | OpenAPI 3.1 spec (all 178+ endpoints) |
 | `/docs` | GET | None | Interactive API docs (Swagger UI) |
 | `/robots.txt` | GET | None | Crawler directives (allow public, disallow admin/keys) |
 | `/portal` | GET | None | Self-service API key portal (browser UI, auth via X-API-Key prompt) |

package/dist/index.d.ts CHANGED Viewed

@@ -101,6 +101,12 @@ export { PriorityQueue, PRIORITY_ORDER, TIER_VALUES } from './priority-queue';
 export type { PriorityTier, PriorityQueueConfig, PriorityQueueStats, QueuedRequest } from './priority-queue';
 export { CostAllocator } from './cost-tags';
 export type { CostTagConfig, CostTagStats, ChargebackReport, ChargebackRow, CrossTabReport, CrossTabRow, CostTagEntry } from './cost-tags';
+export { IpAccessController } from './ip-access';
+export type { IpAccessConfig, IpCheckResult, AutoBlockEntry, IpAccessStats } from './ip-access';
+export { RequestSigner } from './request-signing';
+export type { SigningConfig, SigningSecret, SignatureVerifyResult, SigningStats } from './request-signing';
+export { TenantManager } from './tenant-isolation';
+export type { TenantConfig, TenantRecord, TenantUsageReport, TenantStats, TenantCreateParams } from './tenant-isolation';
 export type { PayGateConfig, JsonRpcRequest, JsonRpcResponse, JsonRpcError, ToolCallParams, ToolInfo, ToolPricing, ServerBackendConfig, ApiKeyRecord, UsageEvent, UsageSummary, GateDecision, QuotaConfig, BatchToolCall, BatchGateResult, WebhookFilterRule, KeyListQuery, KeyListResult, } from './types';
 export { DEFAULT_CONFIG } from './types';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3F,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AACpG,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,YAAY,EAAE,iBAAiB,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,YAAY,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AACrG,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9F,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AACvD,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,cAAc,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AACxG,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,YAAY,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,YAAY,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAC9C,YAAY,EAAE,eAAe,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC1F,YAAY,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,YAAY,EAAE,eAAe,EAAE,UAAU,EAAE,aAAa,EAAE,WAAW,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC/H,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC/E,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AACtC,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC7E,YAAY,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACzE,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACvD,YAAY,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAC9E,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AACnE,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACrG,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC5E,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,YAAY,EAAE,aAAa,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACpH,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,YAAY,EAAE,cAAc,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC7E,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACtG,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,YAAY,EAAE,oBAAoB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC3F,OAAO,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAC/E,YAAY,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACvJ,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACjE,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,eAAe,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9I,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,YAAY,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACrH,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,YAAY,EAAE,SAAS,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAChF,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,YAAY,EAAE,SAAS,EAAE,qBAAqB,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAChG,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,gBAAgB,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjH,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAChG,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,YAAY,EAAE,aAAa,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACpK,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAC1H,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAC9C,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAChF,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC9E,YAAY,EAAE,YAAY,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAC7G,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,gBAAgB,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;~~AAE3I~~,YAAY,EACV,aAAa,EACb,cAAc,EACd,eAAe,EACf,YAAY,EACZ,cAAc,EACd,QAAQ,EACR,WAAW,EACX,mBAAmB,EACnB,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,aAAa,EACb,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,aAAa,GACd,MAAM,SAAS,CAAC;AAEjB,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3F,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AACpG,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,YAAY,EAAE,iBAAiB,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,YAAY,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AACrG,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9F,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AACvD,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,cAAc,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AACxG,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,YAAY,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,YAAY,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAC9C,YAAY,EAAE,eAAe,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC1F,YAAY,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,YAAY,EAAE,eAAe,EAAE,UAAU,EAAE,aAAa,EAAE,WAAW,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC/H,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC/E,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AACtC,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC7E,YAAY,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACzE,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACvD,YAAY,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvE,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAC9E,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AACnE,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACrG,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC5E,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,YAAY,EAAE,aAAa,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACpH,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,YAAY,EAAE,cAAc,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC7E,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACtG,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,YAAY,EAAE,oBAAoB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC3F,OAAO,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAC/E,YAAY,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACvJ,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACjE,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,eAAe,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9I,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,YAAY,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACrH,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,YAAY,EAAE,SAAS,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAChF,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,YAAY,EAAE,SAAS,EAAE,qBAAqB,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAChG,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,gBAAgB,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjH,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAChG,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,YAAY,EAAE,aAAa,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACpK,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAC1H,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAC9C,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAChF,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC9E,YAAY,EAAE,YAAY,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAC7G,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,gBAAgB,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3I,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAChG,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,qBAAqB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC3G,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEzH,YAAY,EACV,aAAa,EACb,cAAc,EACd,eAAe,EACf,YAAY,EACZ,cAAc,EACd,QAAQ,EACR,WAAW,EACX,mBAAmB,EACnB,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,aAAa,EACb,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,aAAa,GACd,MAAM,SAAS,CAAC;AAEjB,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC"}

package/dist/index.js CHANGED Viewed

@@ -17,7 +17,7 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.parseLogFormat = exports.parseLogLevel = exports.Logger = exports.KeyGroupManager = exports.PluginManager = exports.VALID_ROLES = exports.ROLE_HIERARCHY = exports.AdminKeyManager = exports.TokenRevocationList = exports.ScopedTokenManager = exports.formatDiagnostics = exports.validateConfig = exports.PayGateError = exports.PayGateClient = exports.RedisSync = exports.RedisSubscriber = exports.parseRedisUrl = exports.RedisClient = exports.TeamManager = exports.AlertEngine = exports.AnalyticsEngine = exports.getPortalHtml = exports.getDashboardHtml = exports.MetricsCollector = exports.ToolRegistry = exports.CreditLedger = exports.maskKeyForAudit = exports.AuditLogger = exports.writeSseKeepAlive = exports.writeSseEvent = exports.writeSseHeaders = exports.SessionManager = exports.OAuthProvider = exports.QuotaTracker = exports.WebhookRouter = exports.WebhookEmitter = exports.BackupManager = exports.StripeCheckout = exports.StripeWebhookHandler = exports.RateLimiter = exports.UsageMeter = exports.KeyStore = exports.MultiServerRouter = exports.HttpMcpProxy = exports.McpProxy = exports.Gate = exports.resolveClientIp = exports.getRequestId = exports.generateRequestId = exports.PayGateServer = void 0;
-exports.DEFAULT_CONFIG = exports.CostAllocator = exports.TIER_VALUES = exports.PRIORITY_ORDER = exports.PriorityQueue = exports.RequestDeduplicator = exports.AdaptiveRateLimiter = exports.RetryPolicy = exports.TransformPipeline = exports.CanaryRouter = exports.ToolSchemaValidator = exports.UsagePlanManager = exports.ToolAliasManager = exports.TrafficMirror = exports.ConcurrencyLimiter = exports.BUILT_IN_RULES = exports.ContentGuardrails = exports.complianceReportToCsv = exports.generateComplianceReport = exports.CircuitBreaker = exports.ResponseCache = exports.VALID_LOG_FORMATS = exports.VALID_LOG_LEVELS = void 0;
+exports.DEFAULT_CONFIG = exports.TenantManager = exports.RequestSigner = exports.IpAccessController = exports.CostAllocator = exports.TIER_VALUES = exports.PRIORITY_ORDER = exports.PriorityQueue = exports.RequestDeduplicator = exports.AdaptiveRateLimiter = exports.RetryPolicy = exports.TransformPipeline = exports.CanaryRouter = exports.ToolSchemaValidator = exports.UsagePlanManager = exports.ToolAliasManager = exports.TrafficMirror = exports.ConcurrencyLimiter = exports.BUILT_IN_RULES = exports.ContentGuardrails = exports.complianceReportToCsv = exports.generateComplianceReport = exports.CircuitBreaker = exports.ResponseCache = exports.VALID_LOG_FORMATS = exports.VALID_LOG_LEVELS = void 0;
 var server_1 = require("./server");
 Object.defineProperty(exports, "PayGateServer", { enumerable: true, get: function () { return server_1.PayGateServer; } });
 Object.defineProperty(exports, "generateRequestId", { enumerable: true, get: function () { return server_1.generateRequestId; } });
@@ -140,6 +140,12 @@ Object.defineProperty(exports, "PRIORITY_ORDER", { enumerable: true, get: functi
 Object.defineProperty(exports, "TIER_VALUES", { enumerable: true, get: function () { return priority_queue_1.TIER_VALUES; } });
 var cost_tags_1 = require("./cost-tags");
 Object.defineProperty(exports, "CostAllocator", { enumerable: true, get: function () { return cost_tags_1.CostAllocator; } });
+var ip_access_1 = require("./ip-access");
+Object.defineProperty(exports, "IpAccessController", { enumerable: true, get: function () { return ip_access_1.IpAccessController; } });
+var request_signing_1 = require("./request-signing");
+Object.defineProperty(exports, "RequestSigner", { enumerable: true, get: function () { return request_signing_1.RequestSigner; } });
+var tenant_isolation_1 = require("./tenant-isolation");
+Object.defineProperty(exports, "TenantManager", { enumerable: true, get: function () { return tenant_isolation_1.TenantManager; } });
 var types_1 = require("./types");
 Object.defineProperty(exports, "DEFAULT_CONFIG", { enumerable: true, get: function () { return types_1.DEFAULT_CONFIG; } });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;AAEH,mCAA2F;AAAlF,uGAAA,aAAa,OAAA;AAAE,2GAAA,iBAAiB,OAAA;AAAE,sGAAA,YAAY,OAAA;AAAE,yGAAA,eAAe,OAAA;AACxE,+BAA8B;AAArB,4FAAA,IAAI,OAAA;AACb,iCAAmC;AAA1B,iGAAA,QAAQ,OAAA;AACjB,2CAA4C;AAAnC,0GAAA,YAAY,OAAA;AACrB,mCAA6C;AAApC,2GAAA,iBAAiB,OAAA;AAC1B,iCAAmC;AAA1B,iGAAA,QAAQ,OAAA;AACjB,iCAAqC;AAA5B,mGAAA,UAAU,OAAA;AACnB,+CAA6C;AAApC,2GAAA,WAAW,OAAA;AACpB,mCAAgD;AAAvC,8GAAA,oBAAoB,OAAA;AAC7B,qDAAmD;AAA1C,iHAAA,cAAc,OAAA;AAEvB,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AAEtB,qCAA2C;AAAlC,yGAAA,cAAc,OAAA;AAEvB,mDAAiD;AAAxC,+GAAA,aAAa,OAAA;AACtB,iCAAuC;AAA9B,qGAAA,YAAY,OAAA;AACrB,iCAAwC;AAA/B,sGAAA,aAAa,OAAA;AAEtB,qCAA8F;AAArF,yGAAA,cAAc,OAAA;AAAE,0GAAA,eAAe,OAAA;AAAE,wGAAA,aAAa,OAAA;AAAE,4GAAA,iBAAiB,OAAA;AAC1E,iCAAuD;AAA9C,oGAAA,WAAW,OAAA;AAAE,wGAAA,eAAe,OAAA;AAErC,iDAA+C;AAAtC,6GAAA,YAAY,OAAA;AAErB,uCAA0C;AAAjC,wGAAA,YAAY,OAAA;AACrB,qCAA6C;AAApC,2GAAA,gBAAgB,OAAA;AAIzB,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AACzB,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AACtB,yCAA8C;AAArC,4GAAA,eAAe,OAAA;AAExB,mCAAuC;AAA9B,qGAAA,WAAW,OAAA;AAEpB,iCAAsC;AAA7B,oGAAA,WAAW,OAAA;AAEpB,+CAA6E;AAApE,2GAAA,WAAW,OAAA;AAAE,6GAAA,aAAa,OAAA;AAAE,+GAAA,eAAe,OAAA;AAEpD,2CAAyC;AAAhC,uGAAA,SAAS,OAAA;AAElB,mCAAuD;AAA9C,uGAAA,aAAa,OAAA;AAAE,sGAAA,YAAY,OAAA;AAEpC,uDAAuE;AAA9D,kHAAA,cAAc,OAAA;AAAE,qHAAA,iBAAiB,OAAA;AAE1C,mCAAmE;AAA1D,4GAAA,kBAAkB,OAAA;AAAE,6GAAA,mBAAmB,OAAA;AAEhD,2CAA4E;AAAnE,6GAAA,eAAe,OAAA;AAAE,4GAAA,cAAc,OAAA;AAAE,yGAAA,WAAW,OAAA;AAErD,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AAEtB,mCAA2C;AAAlC,yGAAA,eAAe,OAAA;AAExB,mCAAsG;AAA7F,gGAAA,MAAM,OAAA;AAAE,uGAAA,aAAa,OAAA;AAAE,wGAAA,cAAc,OAAA;AAAE,0GAAA,gBAAgB,OAAA;AAAE,2GAAA,iBAAiB,OAAA;AAEnF,mDAAiD;AAAxC,+GAAA,aAAa,OAAA;AAEtB,qDAAmD;AAA1C,iHAAA,cAAc,OAAA;AAEvB,2CAA+E;AAAtE,sHAAA,wBAAwB,OAAA;AAAE,mHAAA,qBAAqB,OAAA;AAExD,2CAAiE;AAAxD,+GAAA,iBAAiB,OAAA;AAAE,4GAAA,cAAc,OAAA;AAE1C,6DAA2D;AAAlD,yHAAA,kBAAkB,OAAA;AAE3B,mDAAiD;AAAxC,+GAAA,aAAa,OAAA;AAEtB,+CAAkD;AAAzC,gHAAA,gBAAgB,OAAA;AAEzB,6CAAiD;AAAxC,+GAAA,gBAAgB,OAAA;AAEzB,uDAAyD;AAAhD,uHAAA,mBAAmB,OAAA;AAE5B,iDAA+C;AAAtC,6GAAA,YAAY,OAAA;AAErB,2CAAiD;AAAxC,+GAAA,iBAAiB,OAAA;AAE1B,+CAA6C;AAApC,2GAAA,WAAW,OAAA;AAEpB,iEAA8D;AAArD,4HAAA,mBAAmB,OAAA;AAE5B,iCAA8C;AAArC,4GAAA,mBAAmB,OAAA;AAE5B,mDAA8E;AAArE,+GAAA,aAAa,OAAA;AAAE,gHAAA,cAAc,OAAA;AAAE,6GAAA,WAAW,OAAA;AAEnD,yCAA4C;AAAnC,0GAAA,aAAa,OAAA;AAwBtB,iCAAyC;AAAhC,uGAAA,cAAc,OAAA"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;AAEH,mCAA2F;AAAlF,uGAAA,aAAa,OAAA;AAAE,2GAAA,iBAAiB,OAAA;AAAE,sGAAA,YAAY,OAAA;AAAE,yGAAA,eAAe,OAAA;AACxE,+BAA8B;AAArB,4FAAA,IAAI,OAAA;AACb,iCAAmC;AAA1B,iGAAA,QAAQ,OAAA;AACjB,2CAA4C;AAAnC,0GAAA,YAAY,OAAA;AACrB,mCAA6C;AAApC,2GAAA,iBAAiB,OAAA;AAC1B,iCAAmC;AAA1B,iGAAA,QAAQ,OAAA;AACjB,iCAAqC;AAA5B,mGAAA,UAAU,OAAA;AACnB,+CAA6C;AAApC,2GAAA,WAAW,OAAA;AACpB,mCAAgD;AAAvC,8GAAA,oBAAoB,OAAA;AAC7B,qDAAmD;AAA1C,iHAAA,cAAc,OAAA;AAEvB,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AAEtB,qCAA2C;AAAlC,yGAAA,cAAc,OAAA;AAEvB,mDAAiD;AAAxC,+GAAA,aAAa,OAAA;AACtB,iCAAuC;AAA9B,qGAAA,YAAY,OAAA;AACrB,iCAAwC;AAA/B,sGAAA,aAAa,OAAA;AAEtB,qCAA8F;AAArF,yGAAA,cAAc,OAAA;AAAE,0GAAA,eAAe,OAAA;AAAE,wGAAA,aAAa,OAAA;AAAE,4GAAA,iBAAiB,OAAA;AAC1E,iCAAuD;AAA9C,oGAAA,WAAW,OAAA;AAAE,wGAAA,eAAe,OAAA;AAErC,iDAA+C;AAAtC,6GAAA,YAAY,OAAA;AAErB,uCAA0C;AAAjC,wGAAA,YAAY,OAAA;AACrB,qCAA6C;AAApC,2GAAA,gBAAgB,OAAA;AAIzB,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AACzB,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AACtB,yCAA8C;AAArC,4GAAA,eAAe,OAAA;AAExB,mCAAuC;AAA9B,qGAAA,WAAW,OAAA;AAEpB,iCAAsC;AAA7B,oGAAA,WAAW,OAAA;AAEpB,+CAA6E;AAApE,2GAAA,WAAW,OAAA;AAAE,6GAAA,aAAa,OAAA;AAAE,+GAAA,eAAe,OAAA;AAEpD,2CAAyC;AAAhC,uGAAA,SAAS,OAAA;AAElB,mCAAuD;AAA9C,uGAAA,aAAa,OAAA;AAAE,sGAAA,YAAY,OAAA;AAEpC,uDAAuE;AAA9D,kHAAA,cAAc,OAAA;AAAE,qHAAA,iBAAiB,OAAA;AAE1C,mCAAmE;AAA1D,4GAAA,kBAAkB,OAAA;AAAE,6GAAA,mBAAmB,OAAA;AAEhD,2CAA4E;AAAnE,6GAAA,eAAe,OAAA;AAAE,4GAAA,cAAc,OAAA;AAAE,yGAAA,WAAW,OAAA;AAErD,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AAEtB,mCAA2C;AAAlC,yGAAA,eAAe,OAAA;AAExB,mCAAsG;AAA7F,gGAAA,MAAM,OAAA;AAAE,uGAAA,aAAa,OAAA;AAAE,wGAAA,cAAc,OAAA;AAAE,0GAAA,gBAAgB,OAAA;AAAE,2GAAA,iBAAiB,OAAA;AAEnF,mDAAiD;AAAxC,+GAAA,aAAa,OAAA;AAEtB,qDAAmD;AAA1C,iHAAA,cAAc,OAAA;AAEvB,2CAA+E;AAAtE,sHAAA,wBAAwB,OAAA;AAAE,mHAAA,qBAAqB,OAAA;AAExD,2CAAiE;AAAxD,+GAAA,iBAAiB,OAAA;AAAE,4GAAA,cAAc,OAAA;AAE1C,6DAA2D;AAAlD,yHAAA,kBAAkB,OAAA;AAE3B,mDAAiD;AAAxC,+GAAA,aAAa,OAAA;AAEtB,+CAAkD;AAAzC,gHAAA,gBAAgB,OAAA;AAEzB,6CAAiD;AAAxC,+GAAA,gBAAgB,OAAA;AAEzB,uDAAyD;AAAhD,uHAAA,mBAAmB,OAAA;AAE5B,iDAA+C;AAAtC,6GAAA,YAAY,OAAA;AAErB,2CAAiD;AAAxC,+GAAA,iBAAiB,OAAA;AAE1B,+CAA6C;AAApC,2GAAA,WAAW,OAAA;AAEpB,iEAA8D;AAArD,4HAAA,mBAAmB,OAAA;AAE5B,iCAA8C;AAArC,4GAAA,mBAAmB,OAAA;AAE5B,mDAA8E;AAArE,+GAAA,aAAa,OAAA;AAAE,gHAAA,cAAc,OAAA;AAAE,6GAAA,WAAW,OAAA;AAEnD,yCAA4C;AAAnC,0GAAA,aAAa,OAAA;AAEtB,yCAAiD;AAAxC,+GAAA,kBAAkB,OAAA;AAE3B,qDAAkD;AAAzC,gHAAA,aAAa,OAAA;AAEtB,uDAAmD;AAA1C,iHAAA,aAAa,OAAA;AAwBtB,iCAAyC;AAAhC,uGAAA,cAAc,OAAA"}

package/dist/ip-access.d.ts ADDED Viewed

@@ -0,0 +1,116 @@
+/**
+ * IpAccessController — IP-based access control for PayGate.
+ *
+ * Provides allow/deny lists with CIDR notation support, per-key IP
+ * restrictions, and automatic blocking of abusive IPs. Operates
+ * entirely in-process with zero external dependencies.
+ *
+ * Features:
+ *   - Global allow/deny lists with CIDR notation (IPv4 and IPv6)
+ *   - Per-key IP restrictions (bind keys to specific IPs/CIDRs)
+ *   - Automatic IP blocking based on configurable thresholds
+ *   - X-Forwarded-For / X-Real-IP header support with trust depth
+ *   - Stats: blocked requests, auto-blocked IPs, per-key violations
+ *
+ * CIDR parsing is done inline — no external libraries.
+ */
+export interface IpAccessConfig {
+    /** Enable IP access control. Default false (disabled until configured). */
+    enabled: boolean;
+    /** Global allow list. If non-empty, only these IPs/CIDRs are allowed. */
+    allowList: string[];
+    /** Global deny list. Checked before allow list. */
+    denyList: string[];
+    /** Auto-block IPs after this many denied requests in the window. 0 = disabled. Default 0. */
+    autoBlockThreshold: number;
+    /** Window in ms for auto-block counting. Default 300_000 (5 min). */
+    autoBlockWindowMs: number;
+    /** Duration in ms for auto-blocks. Default 3_600_000 (1 hour). */
+    autoBlockDurationMs: number;
+    /** Max trusted proxy depth for X-Forwarded-For. Default 1. */
+    trustedProxyDepth: number;
+    /** Max entries in per-key IP map. Default 10_000. */
+    maxKeyEntries: number;
+}
+export interface IpCheckResult {
+    allowed: boolean;
+    reason?: string;
+    rule?: string;
+}
+export interface AutoBlockEntry {
+    ip: string;
+    blockedAt: number;
+    expiresAt: number;
+    violations: number;
+    reason: string;
+}
+export interface IpAccessStats {
+    enabled: boolean;
+    config: IpAccessConfig;
+    globalAllowCount: number;
+    globalDenyCount: number;
+    perKeyBindings: number;
+    autoBlockedIps: number;
+    totalChecks: number;
+    totalBlocked: number;
+    totalAllowed: number;
+}
+export declare class IpAccessController {
+    private config;
+    private keyBindings;
+    private autoBlocked;
+    private violations;
+    private totalChecks;
+    private totalBlocked;
+    private totalAllowed;
+    constructor(config?: Partial<IpAccessConfig>);
+    /**
+     * Check whether an IP is allowed access.
+     * Optionally checks per-key bindings if apiKey is provided.
+     */
+    check(ip: string, apiKey?: string): IpCheckResult;
+    /**
+     * Bind an API key to specific IP addresses/CIDRs.
+     * Only requests from these IPs will be allowed for this key.
+     */
+    bindKey(apiKey: string, ips: string[]): void;
+    /**
+     * Remove IP binding for a key.
+     */
+    unbindKey(apiKey: string): boolean;
+    /**
+     * Get IP binding for a key.
+     */
+    getKeyBinding(apiKey: string): string[] | undefined;
+    /**
+     * Manually block an IP for a duration.
+     */
+    blockIp(ip: string, durationMs?: number, reason?: string): void;
+    /**
+     * Unblock an IP.
+     */
+    unblockIp(ip: string): boolean;
+    /**
+     * Get all auto-blocked IPs.
+     */
+    getBlocked(): AutoBlockEntry[];
+    /**
+     * Update configuration at runtime.
+     */
+    configure(updates: Partial<IpAccessConfig>): IpAccessConfig;
+    /**
+     * Extract client IP from request headers, respecting trusted proxy depth.
+     */
+    resolveClientIp(remoteAddress: string, headers: Record<string, string | string[] | undefined>): string;
+    /**
+     * Get statistics.
+     */
+    stats(): IpAccessStats;
+    /**
+     * Clear all state (blocks, bindings, violations).
+     */
+    clear(): void;
+    private trackViolation;
+    private pruneExpiredBlocks;
+}
+//# sourceMappingURL=ip-access.d.ts.map

package/dist/ip-access.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ip-access.d.ts","sourceRoot":"","sources":["../src/ip-access.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH,MAAM,WAAW,cAAc;IAC7B,2EAA2E;IAC3E,OAAO,EAAE,OAAO,CAAC;IACjB,yEAAyE;IACzE,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,mDAAmD;IACnD,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,6FAA6F;IAC7F,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qEAAqE;IACrE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kEAAkE;IAClE,mBAAmB,EAAE,MAAM,CAAC;IAC5B,8DAA8D;IAC9D,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qDAAqD;IACrD,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,cAAc,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;CACtB;AAwFD,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAiB;IAG/B,OAAO,CAAC,WAAW,CAA+B;IAGlD,OAAO,CAAC,WAAW,CAAqC;IAGxD,OAAO,CAAC,UAAU,CAAuC;IAGzD,OAAO,CAAC,WAAW,CAAK;IACxB,OAAO,CAAC,YAAY,CAAK;IACzB,OAAO,CAAC,YAAY,CAAK;gBAEb,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC;IAI5C;;;OAGG;IACH,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,aAAa;IAqEjD;;;OAGG;IACH,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI;IAO5C;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAIlC;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS;IAInD;;OAEG;IACH,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI;IAY/D;;OAEG;IACH,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAI9B;;OAEG;IACH,UAAU,IAAI,cAAc,EAAE;IAK9B;;OAEG;IACH,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,cAAc;IAY3D;;OAEG;IACH,eAAe,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,MAAM;IAmBtG;;OAEG;IACH,KAAK,IAAI,aAAa;IAetB;;OAEG;IACH,KAAK,IAAI,IAAI;IAQb,OAAO,CAAC,cAAc;IAqCtB,OAAO,CAAC,kBAAkB;CAM3B"}

package/dist/ip-access.js ADDED Viewed

@@ -0,0 +1,341 @@
+"use strict";
+/**
+ * IpAccessController — IP-based access control for PayGate.
+ *
+ * Provides allow/deny lists with CIDR notation support, per-key IP
+ * restrictions, and automatic blocking of abusive IPs. Operates
+ * entirely in-process with zero external dependencies.
+ *
+ * Features:
+ *   - Global allow/deny lists with CIDR notation (IPv4 and IPv6)
+ *   - Per-key IP restrictions (bind keys to specific IPs/CIDRs)
+ *   - Automatic IP blocking based on configurable thresholds
+ *   - X-Forwarded-For / X-Real-IP header support with trust depth
+ *   - Stats: blocked requests, auto-blocked IPs, per-key violations
+ *
+ * CIDR parsing is done inline — no external libraries.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IpAccessController = void 0;
+// ─── Default config ─────────────────────────────────────────────────────────
+const DEFAULT_IP_ACCESS_CONFIG = {
+    enabled: false,
+    allowList: [],
+    denyList: [],
+    autoBlockThreshold: 0,
+    autoBlockWindowMs: 300_000,
+    autoBlockDurationMs: 3_600_000,
+    trustedProxyDepth: 1,
+    maxKeyEntries: 10_000,
+};
+// ─── CIDR Helpers ───────────────────────────────────────────────────────────
+/** Parse IPv4 address to 32-bit number. Returns null if invalid. */
+function parseIpv4(ip) {
+    const parts = ip.split('.');
+    if (parts.length !== 4)
+        return null;
+    let result = 0;
+    for (const part of parts) {
+        const n = parseInt(part, 10);
+        if (isNaN(n) || n < 0 || n > 255 || String(n) !== part)
+            return null;
+        result = (result << 8) | n;
+    }
+    return result >>> 0; // unsigned
+}
+/** Parse IPv4 CIDR notation (e.g., "10.0.0.0/8"). */
+function parseIpv4Cidr(cidr) {
+    const slash = cidr.indexOf('/');
+    if (slash === -1) {
+        // Single IP — treat as /32
+        const ip = parseIpv4(cidr);
+        if (ip === null)
+            return null;
+        return { ip, mask: 0xFFFFFFFF >>> 0 };
+    }
+    const ipStr = cidr.slice(0, slash);
+    const prefix = parseInt(cidr.slice(slash + 1), 10);
+    if (isNaN(prefix) || prefix < 0 || prefix > 32)
+        return null;
+    const ip = parseIpv4(ipStr);
+    if (ip === null)
+        return null;
+    const mask = prefix === 0 ? 0 : ((0xFFFFFFFF << (32 - prefix)) >>> 0);
+    return { ip, mask };
+}
+/** Check if an IPv4 address matches a CIDR range. */
+function ipv4MatchesCidr(ip, cidr) {
+    return (ip & cidr.mask) === (cidr.ip & cidr.mask);
+}
+/** Normalize an IP address: strip IPv6-mapped IPv4 prefix, trim whitespace. */
+function normalizeIp(ip) {
+    let cleaned = ip.trim();
+    // IPv6-mapped IPv4: ::ffff:192.168.1.1 → 192.168.1.1
+    if (cleaned.startsWith('::ffff:')) {
+        cleaned = cleaned.slice(7);
+    }
+    return cleaned;
+}
+/** Check if an IP matches a pattern (single IP or CIDR). */
+function ipMatchesPattern(ip, pattern) {
+    const normalizedIp = normalizeIp(ip);
+    const normalizedPattern = normalizeIp(pattern);
+    // Simple exact match
+    if (normalizedIp === normalizedPattern)
+        return true;
+    // CIDR match (IPv4 only for now)
+    const cidr = parseIpv4Cidr(normalizedPattern);
+    if (cidr === null)
+        return false;
+    const ipNum = parseIpv4(normalizedIp);
+    if (ipNum === null)
+        return false;
+    return ipv4MatchesCidr(ipNum, cidr);
+}
+// ─── IpAccessController Class ───────────────────────────────────────────────
+class IpAccessController {
+    config;
+    // Per-key IP bindings: apiKey → list of allowed IPs/CIDRs
+    keyBindings = new Map();
+    // Auto-blocked IPs
+    autoBlocked = new Map();
+    // Violation tracking for auto-block
+    violations = new Map();
+    // Stats
+    totalChecks = 0;
+    totalBlocked = 0;
+    totalAllowed = 0;
+    constructor(config) {
+        this.config = { ...DEFAULT_IP_ACCESS_CONFIG, ...config };
+    }
+    /**
+     * Check whether an IP is allowed access.
+     * Optionally checks per-key bindings if apiKey is provided.
+     */
+    check(ip, apiKey) {
+        this.totalChecks++;
+        if (!this.config.enabled) {
+            this.totalAllowed++;
+            return { allowed: true };
+        }
+        const normalizedIp = normalizeIp(ip);
+        // 1. Check auto-blocked
+        const autoBlock = this.autoBlocked.get(normalizedIp);
+        if (autoBlock) {
+            if (Date.now() < autoBlock.expiresAt) {
+                this.totalBlocked++;
+                return { allowed: false, reason: 'auto-blocked', rule: `auto-block (${autoBlock.violations} violations)` };
+            }
+            // Expired — remove
+            this.autoBlocked.delete(normalizedIp);
+        }
+        // 2. Check global deny list
+        for (const pattern of this.config.denyList) {
+            if (ipMatchesPattern(normalizedIp, pattern)) {
+                this.totalBlocked++;
+                this.trackViolation(normalizedIp, 'deny-list');
+                return { allowed: false, reason: 'denied', rule: `deny:${pattern}` };
+            }
+        }
+        // 3. Check global allow list (if non-empty, acts as whitelist)
+        if (this.config.allowList.length > 0) {
+            let globalAllowed = false;
+            for (const pattern of this.config.allowList) {
+                if (ipMatchesPattern(normalizedIp, pattern)) {
+                    globalAllowed = true;
+                    break;
+                }
+            }
+            if (!globalAllowed) {
+                this.totalBlocked++;
+                this.trackViolation(normalizedIp, 'not-in-allow-list');
+                return { allowed: false, reason: 'not-allowed', rule: 'global-allow-list' };
+            }
+        }
+        // 4. Check per-key IP binding
+        if (apiKey) {
+            const keyIps = this.keyBindings.get(apiKey);
+            if (keyIps && keyIps.length > 0) {
+                let keyAllowed = false;
+                for (const pattern of keyIps) {
+                    if (ipMatchesPattern(normalizedIp, pattern)) {
+                        keyAllowed = true;
+                        break;
+                    }
+                }
+                if (!keyAllowed) {
+                    this.totalBlocked++;
+                    this.trackViolation(normalizedIp, `key-binding:${apiKey.slice(0, 8)}`);
+                    return { allowed: false, reason: 'key-ip-mismatch', rule: `key:${apiKey.slice(0, 8)}...` };
+                }
+            }
+        }
+        this.totalAllowed++;
+        return { allowed: true };
+    }
+    /**
+     * Bind an API key to specific IP addresses/CIDRs.
+     * Only requests from these IPs will be allowed for this key.
+     */
+    bindKey(apiKey, ips) {
+        if (this.keyBindings.size >= this.config.maxKeyEntries && !this.keyBindings.has(apiKey)) {
+            throw new Error(`Max key bindings reached (${this.config.maxKeyEntries})`);
+        }
+        this.keyBindings.set(apiKey, ips.map(normalizeIp));
+    }
+    /**
+     * Remove IP binding for a key.
+     */
+    unbindKey(apiKey) {
+        return this.keyBindings.delete(apiKey);
+    }
+    /**
+     * Get IP binding for a key.
+     */
+    getKeyBinding(apiKey) {
+        return this.keyBindings.get(apiKey);
+    }
+    /**
+     * Manually block an IP for a duration.
+     */
+    blockIp(ip, durationMs, reason) {
+        const normalizedIp = normalizeIp(ip);
+        const duration = durationMs ?? this.config.autoBlockDurationMs;
+        this.autoBlocked.set(normalizedIp, {
+            ip: normalizedIp,
+            blockedAt: Date.now(),
+            expiresAt: Date.now() + duration,
+            violations: 0,
+            reason: reason ?? 'manual-block',
+        });
+    }
+    /**
+     * Unblock an IP.
+     */
+    unblockIp(ip) {
+        return this.autoBlocked.delete(normalizeIp(ip));
+    }
+    /**
+     * Get all auto-blocked IPs.
+     */
+    getBlocked() {
+        this.pruneExpiredBlocks();
+        return Array.from(this.autoBlocked.values());
+    }
+    /**
+     * Update configuration at runtime.
+     */
+    configure(updates) {
+        if (updates.enabled !== undefined)
+            this.config.enabled = updates.enabled;
+        if (updates.allowList !== undefined)
+            this.config.allowList = updates.allowList;
+        if (updates.denyList !== undefined)
+            this.config.denyList = updates.denyList;
+        if (updates.autoBlockThreshold !== undefined)
+            this.config.autoBlockThreshold = Math.max(0, updates.autoBlockThreshold);
+        if (updates.autoBlockWindowMs !== undefined)
+            this.config.autoBlockWindowMs = Math.max(1000, updates.autoBlockWindowMs);
+        if (updates.autoBlockDurationMs !== undefined)
+            this.config.autoBlockDurationMs = Math.max(1000, updates.autoBlockDurationMs);
+        if (updates.trustedProxyDepth !== undefined)
+            this.config.trustedProxyDepth = Math.max(0, Math.min(10, updates.trustedProxyDepth));
+        if (updates.maxKeyEntries !== undefined)
+            this.config.maxKeyEntries = Math.max(100, updates.maxKeyEntries);
+        return { ...this.config };
+    }
+    /**
+     * Extract client IP from request headers, respecting trusted proxy depth.
+     */
+    resolveClientIp(remoteAddress, headers) {
+        const xff = headers['x-forwarded-for'];
+        if (xff) {
+            const xffStr = Array.isArray(xff) ? xff[0] : xff;
+            const ips = xffStr.split(',').map(s => s.trim()).filter(Boolean);
+            if (ips.length > 0) {
+                // Take the IP at position (length - trustedProxyDepth)
+                const idx = Math.max(0, ips.length - this.config.trustedProxyDepth);
+                return normalizeIp(ips[idx]);
+            }
+        }
+        const realIp = headers['x-real-ip'];
+        if (realIp) {
+            const val = Array.isArray(realIp) ? realIp[0] : realIp;
+            return normalizeIp(val);
+        }
+        return normalizeIp(remoteAddress || '127.0.0.1');
+    }
+    /**
+     * Get statistics.
+     */
+    stats() {
+        this.pruneExpiredBlocks();
+        return {
+            enabled: this.config.enabled,
+            config: { ...this.config },
+            globalAllowCount: this.config.allowList.length,
+            globalDenyCount: this.config.denyList.length,
+            perKeyBindings: this.keyBindings.size,
+            autoBlockedIps: this.autoBlocked.size,
+            totalChecks: this.totalChecks,
+            totalBlocked: this.totalBlocked,
+            totalAllowed: this.totalAllowed,
+        };
+    }
+    /**
+     * Clear all state (blocks, bindings, violations).
+     */
+    clear() {
+        this.keyBindings.clear();
+        this.autoBlocked.clear();
+        this.violations.clear();
+    }
+    // ─── Private ───────────────────────────────────────────────────────────────
+    trackViolation(ip, reason) {
+        if (this.config.autoBlockThreshold <= 0)
+            return;
+        const now = Date.now();
+        const tracker = this.violations.get(ip);
+        if (tracker) {
+            if (now - tracker.firstSeen > this.config.autoBlockWindowMs) {
+                // Window expired, reset
+                tracker.count = 1;
+                tracker.firstSeen = now;
+            }
+            else {
+                tracker.count++;
+                if (tracker.count >= this.config.autoBlockThreshold) {
+                    // Auto-block
+                    this.autoBlocked.set(ip, {
+                        ip,
+                        blockedAt: now,
+                        expiresAt: now + this.config.autoBlockDurationMs,
+                        violations: tracker.count,
+                        reason: `auto-blocked after ${tracker.count} violations (${reason})`,
+                    });
+                    this.violations.delete(ip);
+                }
+            }
+        }
+        else {
+            this.violations.set(ip, { count: 1, firstSeen: now });
+        }
+        // Evict old violation entries (simple cap)
+        if (this.violations.size > 50_000) {
+            const cutoff = now - this.config.autoBlockWindowMs;
+            for (const [key, val] of this.violations) {
+                if (val.firstSeen < cutoff)
+                    this.violations.delete(key);
+            }
+        }
+    }
+    pruneExpiredBlocks() {
+        const now = Date.now();
+        for (const [ip, entry] of this.autoBlocked) {
+            if (now >= entry.expiresAt)
+                this.autoBlocked.delete(ip);
+        }
+    }
+}
+exports.IpAccessController = IpAccessController;
+//# sourceMappingURL=ip-access.js.map

package/dist/ip-access.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ip-access.js","sourceRoot":"","sources":["../src/ip-access.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAsDH,+EAA+E;AAE/E,MAAM,wBAAwB,GAAmB;IAC/C,OAAO,EAAE,KAAK;IACd,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,kBAAkB,EAAE,CAAC;IACrB,iBAAiB,EAAE,OAAO;IAC1B,mBAAmB,EAAE,SAAS;IAC9B,iBAAiB,EAAE,CAAC;IACpB,aAAa,EAAE,MAAM;CACtB,CAAC;AAEF,+EAA+E;AAE/E,oEAAoE;AACpE,SAAS,SAAS,CAAC,EAAU;IAC3B,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7B,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QACpE,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,MAAM,KAAK,CAAC,CAAC,CAAC,WAAW;AAClC,CAAC;AAED,qDAAqD;AACrD,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;QACjB,2BAA2B;QAC3B,MAAM,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAC3B,IAAI,EAAE,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAC7B,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,KAAK,CAAC,EAAE,CAAC;IACxC,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnD,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,EAAE;QAAE,OAAO,IAAI,CAAC;IAC5D,MAAM,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAC5B,IAAI,EAAE,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACtE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC;AAED,qDAAqD;AACrD,SAAS,eAAe,CAAC,EAAU,EAAE,IAAkC;IACrE,OAAO,CAAC,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;AACpD,CAAC;AAED,+EAA+E;AAC/E,SAAS,WAAW,CAAC,EAAU;IAC7B,IAAI,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC;IACxB,qDAAqD;IACrD,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,4DAA4D;AAC5D,SAAS,gBAAgB,CAAC,EAAU,EAAE,OAAe;IACnD,MAAM,YAAY,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IACrC,MAAM,iBAAiB,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAE/C,qBAAqB;IACrB,IAAI,YAAY,KAAK,iBAAiB;QAAE,OAAO,IAAI,CAAC;IAEpD,iCAAiC;IACjC,MAAM,IAAI,GAAG,aAAa,CAAC,iBAAiB,CAAC,CAAC;IAC9C,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAEhC,MAAM,KAAK,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAEjC,OAAO,eAAe,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;AACtC,CAAC;AAED,+EAA+E;AAE/E,MAAa,kBAAkB;IACrB,MAAM,CAAiB;IAE/B,0DAA0D;IAClD,WAAW,GAAG,IAAI,GAAG,EAAoB,CAAC;IAElD,mBAAmB;IACX,WAAW,GAAG,IAAI,GAAG,EAA0B,CAAC;IAExD,oCAAoC;IAC5B,UAAU,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEzD,QAAQ;IACA,WAAW,GAAG,CAAC,CAAC;IAChB,YAAY,GAAG,CAAC,CAAC;IACjB,YAAY,GAAG,CAAC,CAAC;IAEzB,YAAY,MAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,wBAAwB,EAAE,GAAG,MAAM,EAAE,CAAC;IAC3D,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,EAAU,EAAE,MAAe;QAC/B,IAAI,CAAC,WAAW,EAAE,CAAC;QAEnB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,YAAY,EAAE,CAAC;YACpB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,MAAM,YAAY,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAErC,wBAAwB;QACxB,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACrD,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;gBACrC,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,eAAe,SAAS,CAAC,UAAU,cAAc,EAAE,CAAC;YAC7G,CAAC;YACD,mBAAmB;YACnB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QACxC,CAAC;QAED,4BAA4B;QAC5B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC3C,IAAI,gBAAgB,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,CAAC;gBAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpB,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;gBAC/C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,OAAO,EAAE,EAAE,CAAC;YACvE,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrC,IAAI,aAAa,GAAG,KAAK,CAAC;YAC1B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC5C,IAAI,gBAAgB,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,CAAC;oBAC5C,aAAa,GAAG,IAAI,CAAC;oBACrB,MAAM;gBACR,CAAC;YACH,CAAC;YACD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpB,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,mBAAmB,CAAC,CAAC;gBACvD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC;YAC9E,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,IAAI,UAAU,GAAG,KAAK,CAAC;gBACvB,KAAK,MAAM,OAAO,IAAI,MAAM,EAAE,CAAC;oBAC7B,IAAI,gBAAgB,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,CAAC;wBAC5C,UAAU,GAAG,IAAI,CAAC;wBAClB,MAAM;oBACR,CAAC;gBACH,CAAC;gBACD,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,IAAI,CAAC,YAAY,EAAE,CAAC;oBACpB,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,eAAe,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;oBACvE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,IAAI,EAAE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;gBAC7F,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,OAAO,CAAC,MAAc,EAAE,GAAa;QACnC,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACxF,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,MAAc;QACtB,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,MAAc;QAC1B,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,EAAU,EAAE,UAAmB,EAAE,MAAe;QACtD,MAAM,YAAY,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;QAC/D,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,EAAE;YACjC,EAAE,EAAE,YAAY;YAChB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ;YAChC,UAAU,EAAE,CAAC;YACb,MAAM,EAAE,MAAM,IAAI,cAAc;SACjC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,EAAU;QAClB,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,OAAgC;QACxC,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QACzE,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAC/E,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAC5E,IAAI,OAAO,CAAC,kBAAkB,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,CAAC,kBAAkB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACvH,IAAI,OAAO,CAAC,iBAAiB,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACvH,IAAI,OAAO,CAAC,mBAAmB,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,CAAC,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC7H,IAAI,OAAO,CAAC,iBAAiB,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC;QAClI,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;QAC1G,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,aAAqB,EAAE,OAAsD;QAC3F,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACvC,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YACjD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACjE,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACnB,uDAAuD;gBACvD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;gBACpE,OAAO,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;QACpC,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACvD,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;QACD,OAAO,WAAW,CAAC,aAAa,IAAI,WAAW,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC1B,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,MAAM,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE;YAC1B,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM;YAC9C,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;YAC5C,cAAc,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;YACrC,cAAc,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;YACrC,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;IAC1B,CAAC;IAED,8EAA8E;IAEtE,cAAc,CAAC,EAAU,EAAE,MAAc;QAC/C,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,CAAC;YAAE,OAAO;QAEhD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACxC,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,GAAG,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBAC5D,wBAAwB;gBACxB,OAAO,CAAC,KAAK,GAAG,CAAC,CAAC;gBAClB,OAAO,CAAC,SAAS,GAAG,GAAG,CAAC;YAC1B,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,EAAE,CAAC;gBAChB,IAAI,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;oBACpD,aAAa;oBACb,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,EAAE;wBACvB,EAAE;wBACF,SAAS,EAAE,GAAG;wBACd,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB;wBAChD,UAAU,EAAE,OAAO,CAAC,KAAK;wBACzB,MAAM,EAAE,sBAAsB,OAAO,CAAC,KAAK,gBAAgB,MAAM,GAAG;qBACrE,CAAC,CAAC;oBACH,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,GAAG,MAAM,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC;YACnD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACzC,IAAI,GAAG,CAAC,SAAS,GAAG,MAAM;oBAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;IACH,CAAC;IAEO,kBAAkB;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3C,IAAI,GAAG,IAAI,KAAK,CAAC,SAAS;gBAAE,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;CACF;AAlQD,gDAkQC"}