pepr 0.52.3-nightly.0 → 0.52.3-nightly.10

package/src/cli/build/build.helpers.ts

@@ -113,15 +113,9 @@ export function checkIronBankImage(registry: string, image: string, peprVersion:
  * @param imagePullSecret
  * @returns boolean
  */
-export function validImagePullSecret(imagePullSecretName: string): void {
-  if (imagePullSecretName) {
-    const error = "Invalid imagePullSecret. Please provide a valid name as defined in RFC 1123.";
-    if (sanitizeResourceName(imagePullSecretName) !== imagePullSecretName) {
-      // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names
-      console.error(error);
-      process.exit(1);
-    }
-  }
+export function validImagePullSecret(imagePullSecretName: string): boolean {
+  // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names
+  return sanitizeResourceName(imagePullSecretName) === imagePullSecretName;
 }
 
 /**

package/src/cli/build/buildModule.ts

@@ -11,7 +11,7 @@ import { PeprConfig, Reloader } from "../types";
 import { BuildContext } from "esbuild";
 import { loadModule } from "./loadModule";
 
-type BuildModuleReturn = {
+export type BuildModuleReturn = {
   ctx: BuildContext<BuildOptions>;
   path: string;
   cfg: PeprConfig;

package/src/cli/build/index.ts

@@ -15,6 +15,7 @@ import {
   generateYamlAndWriteToDisk,
 } from "./build.helpers";
 import { buildModule } from "./buildModule";
+import Log from "../../lib/telemetry/logger";
 
 export default function (program: Command): void {
   program
@@ -53,7 +54,7 @@ export default function (program: Command): void {
     .option("-o, --output <directory>", "Set output directory.", "dist")
     .addOption(
       new Option(
-        "-r, --registry <GitHub|Iron Bank>",
+        "-r, --registry <registry>",
         "Container registry: Choose container registry for deployment manifests. Conflicts with --custom-image and --registry-info.",
       )
         .conflicts(["customImage", "registryInfo"])
@@ -99,8 +100,7 @@ export default function (program: Command): void {
       }
 
       if (opts.registryInfo !== undefined) {
-        console.info(`Including ${cfg.pepr.includedFiles.length} files in controller image.`);
-        // for journey test to make sure the image is built
+        Log.info(`Including ${cfg.pepr.includedFiles.length} files in controller image.`);
 
         // only actually build/push if there are files to include
         await handleCustomImageBuild(
@@ -113,7 +113,7 @@ export default function (program: Command): void {
 
       // If building without embedding, exit after building
       if (!opts.embed) {
-        console.info(`Module built successfully at ${path}`);
+        Log.info(`Module built successfully at ${path}`);
         return;
       }
 
@@ -136,7 +136,11 @@ export default function (program: Command): void {
       if (image !== "") assets.image = image;
 
       // Ensure imagePullSecret is valid
-      validImagePullSecret(opts.withPullSecret);
+      if (!validImagePullSecret(opts.withPullSecret)) {
+        throw new Error(
+          "Invalid imagePullSecret. Please provide a valid name as defined in RFC 1123.",
+        );
+      }
 
       handleValidCapabilityNames(assets.capabilities);
       await generateYamlAndWriteToDisk({

package/src/cli/deploy/buildAndDeploy.ts

@@ -0,0 +1,48 @@
+import { Assets } from "../../lib/assets/assets";
+import { deployWebhook } from "../../lib/assets/deploy";
+import { loadCapabilities } from "../../lib/assets/loader";
+import { namespaceDeploymentsReady } from "../../lib/deploymentChecks";
+import { namespaceComplianceValidator, validateCapabilityNames } from "../../lib/helpers";
+import { CapabilityExport } from "../../lib/types";
+import { buildModule } from "../build/buildModule";
+
+export async function buildAndDeployModule(image: string, force: boolean): Promise<void> {
+  const builtModule = await buildModule("dist");
+  if (!builtModule) {
+    return;
+  }
+
+  // Generate a secret for the module
+  const webhook = new Assets(
+    { ...builtModule.cfg.pepr, description: builtModule.cfg.description },
+    builtModule.path,
+    [],
+  );
+  webhook.image = image ?? webhook.image;
+  const capabilities = await loadCapabilities(webhook.path);
+  for (const capability of capabilities) {
+    validateNamespaces(capability, webhook);
+  }
+  try {
+    await webhook.deploy(deployWebhook, force, builtModule.cfg.pepr.webhookTimeout ?? 10);
+
+    // wait for capabilities to be loaded and test names
+    validateCapabilityNames(webhook.capabilities);
+
+    // Wait for the pepr-system resources to be fully up
+    await namespaceDeploymentsReady();
+    console.info(`Module deployed successfully`);
+  } catch (e) {
+    console.error(`Error deploying module:`, e);
+    process.exit(1);
+  }
+}
+export function validateNamespaces(capability: CapabilityExport, webhook: Assets): void {
+  namespaceComplianceValidator(capability, webhook.alwaysIgnore?.namespaces);
+  namespaceComplianceValidator(
+    capability,
+    webhook.config.admission?.alwaysIgnore?.namespaces,
+    false,
+  );
+  namespaceComplianceValidator(capability, webhook.config.watch?.alwaysIgnore?.namespaces, true);
+}

package/src/cli/deploy/imagePullSecret.ts

@@ -0,0 +1,68 @@
+import { ImagePullSecret } from "../../lib/types";
+import { sanitizeName } from "../init/utils";
+
+export interface ImagePullSecretDetails {
+  pullSecret?: string;
+  dockerServer?: string;
+  dockerUsername?: string;
+  dockerEmail?: string;
+  dockerPassword?: string;
+}
+
+export function validateImagePullSecretDetails(details: ImagePullSecretDetails): {
+  valid: boolean;
+  error?: string;
+} {
+  if (!details.pullSecret) {
+    return { valid: true };
+  }
+
+  // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names
+  if (details.pullSecret !== sanitizeName(details.pullSecret)) {
+    return {
+      valid: false,
+      error: `Invalid --pullSecret. Must be valid name as defined in RFC 1123.`,
+    };
+  }
+
+  const missing: string[] = [];
+  if (!details.dockerEmail) {
+    missing.push("--docker-email");
+  }
+  if (!details.dockerServer) {
+    missing.push("--docker-server");
+  }
+  if (!details.dockerUsername) {
+    missing.push("--docker-username");
+  }
+  if (!details.dockerPassword) {
+    missing.push("--docker-password");
+  }
+
+  if (missing.length > 0) {
+    return {
+      valid: false,
+      error: `Error: Must provide ${missing.join(", ")} when providing --pull-secret`,
+    };
+  }
+
+  return { valid: true };
+}
+
+type ValidatedImagePullSecretDetails = Required<ImagePullSecretDetails>;
+
+export function generateImagePullSecret(details: ValidatedImagePullSecretDetails): ImagePullSecret {
+  const auth = Buffer.from(`${details.dockerUsername}:${details.dockerPassword}`).toString(
+    "base64",
+  );
+  return {
+    auths: {
+      [details.dockerServer]: {
+        username: details.dockerUsername,
+        password: details.dockerPassword,
+        email: details.dockerEmail,
+        auth,
+      },
+    },
+  };
+}

package/src/cli/deploy/index.ts

@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+import { Command } from "commander";
+import { deployImagePullSecret } from "../../lib/assets/deploy";
+import { validateImagePullSecretDetails, generateImagePullSecret } from "./imagePullSecret";
+import { getUserConfirmation } from "./userConfirmation";
+import { buildAndDeployModule } from "./buildAndDeploy";
+
+export default function (program: Command): void {
+  program
+    .command("deploy")
+    .description("Deploy a Pepr Module")
+    .option("-E, --docker-email <email>", "Email for Docker registry.")
+    .option("-P, --docker-password <password>", "Password for Docker registry.")
+    .option("-S, --docker-server <server>", "Docker server address.")
+    .option("-U, --docker-username <username>", "Docker registry username.")
+    .option("-f, --force", "Force deploy the module, override manager field.")
+    .option("-i, --image <image>", "Override the image tag.")
+    .option("-p, --pull-secret <name>", "Deploy imagePullSecret for Controller private registry.")
+    .option("-y, --yes", "Skip confirmation prompts.")
+    .action(async opts => {
+      const valResp = validateImagePullSecretDetails(opts);
+      if (!valResp.valid) {
+        console.error(valResp.error);
+        process.exit(1);
+      }
+
+      if (opts.pullSecret) {
+        await deployImagePullSecret(generateImagePullSecret(opts), opts.pullSecret);
+        return;
+      }
+
+      if (!(await getUserConfirmation(opts))) {
+        process.exit(0);
+      }
+
+      await buildAndDeployModule(opts.image, opts.force);
+    });
+}

package/src/cli/deploy/userConfirmation.ts

@@ -0,0 +1,16 @@
+import prompt from "prompts";
+
+export async function getUserConfirmation(opts: { yes: boolean }): Promise<boolean> {
+  if (opts.yes) {
+    return true;
+  }
+
+  // Prompt the user to confirm
+  const confirmation = await prompt({
+    type: "confirm",
+    name: "yes",
+    message: "This will remove and redeploy the module. Continue?",
+  });
+
+  return confirmation.yes ? true : false;
+}

package/src/cli/init/createProjectFiles.ts

@@ -0,0 +1,45 @@
+import { resolve } from "path/posix";
+import {
+  peprPackageJSON,
+  gitignore,
+  eslint,
+  prettier,
+  readme,
+  tsConfig,
+  peprTSTemplate,
+  snippet,
+  codeSettings,
+  samplesYaml,
+  helloPepr,
+} from "./templates";
+import { write } from "./utils";
+
+export async function createProjectFiles(
+  dirName: string,
+  packageJSON: peprPackageJSON,
+): Promise<void> {
+  const files = [
+    { path: gitignore.path, data: gitignore.data },
+    { path: eslint.path, data: eslint.data },
+    { path: prettier.path, data: prettier.data },
+    { path: packageJSON.path, data: packageJSON.data },
+    { path: readme.path, data: readme.data },
+    { path: tsConfig.path, data: tsConfig.data },
+    { path: peprTSTemplate.path, data: peprTSTemplate.data },
+  ];
+
+  const nestedFiles = [
+    { dir: ".vscode", path: snippet.path, data: snippet.data },
+    { dir: ".vscode", path: codeSettings.path, data: codeSettings.data },
+    { dir: "capabilities", path: samplesYaml.path, data: samplesYaml.data },
+    { dir: "capabilities", path: helloPepr.path, data: helloPepr.data },
+  ];
+
+  for (const file of files) {
+    await write(resolve(dirName, file.path), file.data);
+  }
+
+  for (const file of nestedFiles) {
+    await write(resolve(dirName, file.dir, file.path), file.data);
+  }
+}

package/src/cli/init/doPostInitActions.ts

@@ -0,0 +1,23 @@
+import { execSync } from "child_process";
+
+export const doPostInitActions = (dirName: string): void => {
+  // run npm install from the new directory
+  process.chdir(dirName);
+  execSync("npm install", {
+    stdio: "inherit",
+  });
+
+  // setup git
+  execSync("git init --initial-branch=main", {
+    stdio: "inherit",
+  });
+
+  // try to open vscode
+  try {
+    execSync("code .", {
+      stdio: "inherit",
+    });
+  } catch {
+    console.warn("VSCode was not found, IDE will not automatically open.");
+  }
+};

package/src/cli/init/index.ts

@@ -1,35 +1,23 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
-import { execSync } from "child_process";
-import { resolve } from "path";
-
 import { Command } from "commander";
-import {
-  codeSettings,
-  eslint,
-  peprTSTemplate,
-  genPkgJSON,
-  gitignore,
-  helloPepr,
-  peprPackageJSON,
-  prettier,
-  readme,
-  samplesYaml,
-  snippet,
-  tsConfig,
-} from "./templates";
-import { createDir, sanitizeName, write } from "./utils";
+import { peprTSTemplate, genPkgJSON } from "./templates";
+import { sanitizeName } from "./utils";
 import { confirm, PromptOptions, walkthrough } from "./walkthrough";
 import { ErrorList } from "../../lib/errors";
 import { UUID_LENGTH_LIMIT } from "./enums";
 import { Option } from "commander";
+import { setupProjectStructure } from "./setupProjectStructure";
+import { doPostInitActions } from "./doPostInitActions";
+import { createProjectFiles } from "./createProjectFiles";
+import { v4 as uuidv4 } from "uuid";
+import Log from "../../lib/telemetry/logger";
 
-export default function (program: Command): void {
+export default function (): Command {
   let response = {} as PromptOptions;
 
-  program
-    .command("init")
+  return new Command("init")
     .description("Initialize a new Pepr Module")
     .option("-d, --description <string>", "Explain the purpose of the new module.")
     .addOption(
@@ -41,6 +29,10 @@ export default function (program: Command): void {
       "-u, --uuid <string>",
       "Unique identifier for your module with a max length of 36 characters.",
       (uuid: string): string => {
+        if (typeof uuid === "undefined" || uuid === "") {
+          uuid = uuidv4();
+          Log.warn(`The UUID was empty. Generated new UUID: '${uuid}'`);
+        }
         if (uuid.length > UUID_LENGTH_LIMIT) {
           throw new Error("The UUID must be 36 characters or fewer.");
         }
@@ -59,7 +51,7 @@ export default function (program: Command): void {
       const confirmed = await confirm(dirName, packageJSON, peprTSTemplate.path, opts.yes);
 
       if (confirmed) {
-        console.log("Creating new Pepr module...");
+        Log.info("Creating new Pepr module...");
 
         try {
           await setupProjectStructure(dirName);
@@ -69,69 +61,11 @@ export default function (program: Command): void {
             doPostInitActions(dirName);
           }
 
-          console.log(`New Pepr module created at ${dirName}`);
-          console.log(`Open VSCode or your editor of choice in ${dirName} to get started!`);
-        } catch (e) {
-          if (e instanceof Error) {
-            console.error(`Error creating Pepr module:`, e);
-          }
-          process.exit(1);
+          Log.info(`New Pepr module created at ${dirName}`);
+          Log.info(`Open VSCode or your editor of choice in ${dirName} to get started!`);
+        } catch (error) {
+          throw new Error(`Error creating Pepr module:`, { cause: error });
         }
       }
     });
 }
-
-async function setupProjectStructure(dirName: string): Promise<void> {
-  await createDir(dirName);
-  await createDir(resolve(dirName, ".vscode"));
-  await createDir(resolve(dirName, "capabilities"));
-}
-
-async function createProjectFiles(dirName: string, packageJSON: peprPackageJSON): Promise<void> {
-  const files = [
-    { path: gitignore.path, data: gitignore.data },
-    { path: eslint.path, data: eslint.data },
-    { path: prettier.path, data: prettier.data },
-    { path: packageJSON.path, data: packageJSON.data },
-    { path: readme.path, data: readme.data },
-    { path: tsConfig.path, data: tsConfig.data },
-    { path: peprTSTemplate.path, data: peprTSTemplate.data },
-  ];
-
-  const nestedFiles = [
-    { dir: ".vscode", path: snippet.path, data: snippet.data },
-    { dir: ".vscode", path: codeSettings.path, data: codeSettings.data },
-    { dir: "capabilities", path: samplesYaml.path, data: samplesYaml.data },
-    { dir: "capabilities", path: helloPepr.path, data: helloPepr.data },
-  ];
-
-  for (const file of files) {
-    await write(resolve(dirName, file.path), file.data);
-  }
-
-  for (const file of nestedFiles) {
-    await write(resolve(dirName, file.dir, file.path), file.data);
-  }
-}
-
-const doPostInitActions = (dirName: string): void => {
-  // run npm install from the new directory
-  process.chdir(dirName);
-  execSync("npm install", {
-    stdio: "inherit",
-  });
-
-  // setup git
-  execSync("git init --initial-branch=main", {
-    stdio: "inherit",
-  });
-
-  // try to open vscode
-  try {
-    execSync("code .", {
-      stdio: "inherit",
-    });
-  } catch {
-    console.warn("VSCode was not found, IDE will not automatically open.");
-  }
-};

package/src/cli/init/setupProjectStructure.ts

@@ -0,0 +1,8 @@
+import { createDir } from "./utils";
+import { resolve } from "path";
+
+export async function setupProjectStructure(dirName: string): Promise<void> {
+  await createDir(dirName);
+  await createDir(resolve(dirName, ".vscode"));
+  await createDir(resolve(dirName, "capabilities"));
+}

package/src/cli/init/templates.ts

@@ -3,7 +3,6 @@
 
 import { dumpYaml } from "@kubernetes/client-node";
 import { inspect } from "util";
-import { v4 as uuidv4 } from "uuid";
 import { readFileSync } from "fs";
 import path from "path";
 
@@ -50,8 +49,7 @@ export type peprPackageJSON = {
 };
 
 export function genPkgJSON(opts: InitOptions): peprPackageJSON {
-  // Generate a random UUID for the module based on the module name if it is not provided
-  const uuid = !opts.uuid ? uuidv4() : opts.uuid;
+  const uuid = opts.uuid;
   // Generate a name for the module based on the module name
   const name = sanitizeName(opts.name);
   // Make typescript a dev dependency
@@ -91,7 +89,7 @@ export function genPkgJSON(opts: InitOptions): peprPackageJSON {
       env: {},
     },
     scripts: {
-      "k3d-setup": scripts["test:journey:k3d"],
+      "k3d-setup": scripts["cluster:k3d"],
     },
     dependencies: {
       pepr: version,

package/src/cli/init/walkthrough.ts

@@ -33,6 +33,9 @@ async function setUUID(uuid?: string): Promise<Answers<string>> {
     name: "uuid",
     message: "Enter a unique identifier for the new Pepr module.\n",
     validate: (val: string) => {
+      if (typeof val === "undefined" || val === "") {
+        return "The UUID must be at least 1 character long";
+      }
       return (
         val.length <= UUID_LENGTH_LIMIT ||
         `The UUID must be ${UUID_LENGTH_LIMIT} characters or fewer.`

package/src/cli.ts

@@ -30,6 +30,7 @@ program
   .version(version)
   .description(`Pepr (v${version}) - Type safe K8s middleware for humans`)
   .addCommand(crd())
+  .addCommand(init())
   .action(() => {
     if (program.args.length < 1) {
       console.log(banner);
@@ -41,7 +42,6 @@ program
     }
   });
 
-init(program);
 build(program);
 deploy(program);
 dev(program);

package/src/lib/assets/k8sObjects.ts

@@ -85,9 +85,9 @@ export function getWatcher(
           serviceAccountName: name,
           securityContext: {
             runAsUser: image.includes("private") ? 1000 : 65532,
-            runAsGroup: 65532,
+            runAsGroup: image.includes("private") ? 1000 : 65532,
             runAsNonRoot: true,
-            fsGroup: 65532,
+            fsGroup: image.includes("private") ? 1000 : 65532,
           },
           containers: [
             {
@@ -128,7 +128,7 @@ export function getWatcher(
               },
               securityContext: {
                 runAsUser: image.includes("private") ? 1000 : 65532,
-                runAsGroup: 65532,
+                runAsGroup: image.includes("private") ? 1000 : 65532,
                 runAsNonRoot: true,
                 allowPrivilegeEscalation: false,
                 capabilities: {
@@ -228,9 +228,9 @@ export function getDeployment(
           serviceAccountName: name,
           securityContext: {
             runAsUser: image.includes("private") ? 1000 : 65532,
-            runAsGroup: 65532,
+            runAsGroup: image.includes("private") ? 1000 : 65532,
             runAsNonRoot: true,
-            fsGroup: 65532,
+            fsGroup: image.includes("private") ? 1000 : 65532,
           },
           containers: [
             {
@@ -272,7 +272,7 @@ export function getDeployment(
               env: genEnv(config),
               securityContext: {
                 runAsUser: image.includes("private") ? 1000 : 65532,
-                runAsGroup: 65532,
+                runAsGroup: image.includes("private") ? 1000 : 65532,
                 runAsNonRoot: true,
                 allowPrivilegeEscalation: false,
                 capabilities: {

package/src/lib/assets/yaml/overridesFile.ts

@@ -60,9 +60,9 @@ export async function overridesFile(
       },
       securityContext: {
         runAsUser: image.includes("private") ? 1000 : 65532,
-        runAsGroup: 65532,
+        runAsGroup: image.includes("private") ? 1000 : 65532,
         runAsNonRoot: true,
-        fsGroup: 65532,
+        fsGroup: image.includes("private") ? 1000 : 65532,
       },
       readinessProbe: {
         httpGet: {
@@ -92,7 +92,7 @@ export async function overridesFile(
       },
       containerSecurityContext: {
         runAsUser: image.includes("private") ? 1000 : 65532,
-        runAsGroup: 65532,
+        runAsGroup: image.includes("private") ? 1000 : 65532,
         runAsNonRoot: true,
         allowPrivilegeEscalation: false,
         capabilities: {
@@ -128,9 +128,9 @@ export async function overridesFile(
       },
       securityContext: {
         runAsUser: image.includes("private") ? 1000 : 65532,
-        runAsGroup: 65532,
+        runAsGroup: image.includes("private") ? 1000 : 65532,
         runAsNonRoot: true,
-        fsGroup: 65532,
+        fsGroup: image.includes("private") ? 1000 : 65532,
       },
       readinessProbe: {
         httpGet: {
@@ -160,7 +160,7 @@ export async function overridesFile(
       },
       containerSecurityContext: {
         runAsUser: image.includes("private") ? 1000 : 65532,
-        runAsGroup: 65532,
+        runAsGroup: image.includes("private") ? 1000 : 65532,
         runAsNonRoot: true,
         allowPrivilegeEscalation: false,
         capabilities: {

package/src/lib/controller/index.ts

@@ -50,6 +50,7 @@ export class Controller {
     const { beforeHook, afterHook, onReady } = hooks;
     this.#config = config;
     this.#capabilities = capabilities;
+    Log.info({ config }, "Controller configuration");
 
     // Initialize the Pepr store for each capability
     new StoreController(capabilities, `pepr-${config.uuid}-store`, () => {

package/dist/cli/deploy.d.ts

@@ -1,21 +0,0 @@
-import { CapabilityExport } from "../lib/types";
-import { Assets } from "../lib/assets/assets";
-import { Command } from "commander";
-interface ImagePullSecretDetails {
-    pullSecret?: string;
-    dockerServer?: string;
-    dockerUsername?: string;
-    dockerEmail?: string;
-    dockerPassword?: string;
-}
-export declare function validateImagePullSecretDetails(details: ImagePullSecretDetails): {
-    valid: boolean;
-    error?: string;
-};
-export declare function getUserConfirmation(opts: {
-    yes: boolean;
-}): Promise<boolean>;
-export default function (program: Command): void;
-export declare function validateNamespaces(capability: CapabilityExport, webhook: Assets): void;
-export {};
-//# sourceMappingURL=deploy.d.ts.map

package/dist/cli/deploy.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../src/cli/deploy.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAE9C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AASpC,UAAU,sBAAsB;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,wBAAgB,8BAA8B,CAAC,OAAO,EAAE,sBAAsB,GAAG;IAC/E,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAmCA;AAoBD,wBAAsB,mBAAmB,CAAC,IAAI,EAAE;IAAE,GAAG,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAalF;AAkCD,MAAM,CAAC,OAAO,WAAW,OAAO,EAAE,OAAO,GAAG,IAAI,CA8B/C;AAED,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAQtF"}