rehydra 0.3.3 → 0.4.0

package/dist/proxy/providers/types.js

@@ -0,0 +1,6 @@
+/**
+ * LLM Content Provider Interface
+ * Abstracts LLM-specific request/response formats for the proxy middleware.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/proxy/providers/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/proxy/providers/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/dist/proxy/proxy-server.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Rehydra Proxy Server
+ * Standalone HTTP server that proxies LLM API requests with
+ * automatic PII anonymization and rehydration.
+ */
+import { type Server } from "node:http";
+import type { RehydraProxyConfig } from "./types.js";
+/**
+ * Configuration for the standalone proxy server
+ */
+export interface RehydraProxyServerConfig extends RehydraProxyConfig {
+    /** Port to listen on */
+    port: number;
+    /** Host to bind to (default: "127.0.0.1") */
+    host?: string;
+}
+/**
+ * A running Rehydra proxy server
+ */
+export interface RehydraProxyServer {
+    /** The underlying HTTP server */
+    server: Server;
+    /** The port the server is listening on */
+    port: number;
+    /** The host the server is bound to */
+    host: string;
+    /** Gracefully close the server */
+    close(): Promise<void>;
+}
+/**
+ * Creates and starts a standalone HTTP proxy server that anonymizes
+ * LLM API requests and rehydrates responses.
+ *
+ * @example
+ * ```typescript
+ * const proxy = await createRehydraProxyServer({
+ *   port: 8080,
+ *   upstream: 'https://api.openai.com',
+ *   keyProvider: new ConfigKeyProvider(process.env.PII_KEY!),
+ *   piiStorageProvider: new SQLitePIIStorageProvider('proxy.db'),
+ * });
+ *
+ * console.log(`Proxy running on http://${proxy.host}:${proxy.port}`);
+ *
+ * // Point your OpenAI client at the proxy:
+ * const openai = new OpenAI({ baseURL: `http://localhost:${proxy.port}/v1` });
+ *
+ * // Stop the server
+ * await proxy.close();
+ * ```
+ */
+export declare function createRehydraProxyServer(config: RehydraProxyServerConfig): Promise<RehydraProxyServer>;
+//# sourceMappingURL=proxy-server.d.ts.map

package/dist/proxy/proxy-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-server.d.ts","sourceRoot":"","sources":["../../src/proxy/proxy-server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAgB,KAAK,MAAM,EAA6C,MAAM,WAAW,CAAC;AAEjG,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAErD;;GAEG;AACH,MAAM,WAAW,wBAAyB,SAAQ,kBAAkB;IAClE,wBAAwB;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,6CAA6C;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iCAAiC;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,sCAAsC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,kCAAkC;IAClC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,wBAAwB,CAC5C,MAAM,EAAE,wBAAwB,GAC/B,OAAO,CAAC,kBAAkB,CAAC,CAwC7B"}

package/dist/proxy/proxy-server.js

@@ -0,0 +1,146 @@
+/**
+ * Rehydra Proxy Server
+ * Standalone HTTP server that proxies LLM API requests with
+ * automatic PII anonymization and rehydration.
+ */
+import { createServer } from "node:http";
+import { createRehydraProxy } from "./rehydra-proxy.js";
+/**
+ * Creates and starts a standalone HTTP proxy server that anonymizes
+ * LLM API requests and rehydrates responses.
+ *
+ * @example
+ * ```typescript
+ * const proxy = await createRehydraProxyServer({
+ *   port: 8080,
+ *   upstream: 'https://api.openai.com',
+ *   keyProvider: new ConfigKeyProvider(process.env.PII_KEY!),
+ *   piiStorageProvider: new SQLitePIIStorageProvider('proxy.db'),
+ * });
+ *
+ * console.log(`Proxy running on http://${proxy.host}:${proxy.port}`);
+ *
+ * // Point your OpenAI client at the proxy:
+ * const openai = new OpenAI({ baseURL: `http://localhost:${proxy.port}/v1` });
+ *
+ * // Stop the server
+ * await proxy.close();
+ * ```
+ */
+export async function createRehydraProxyServer(config) {
+    const host = config.host ?? "127.0.0.1";
+    const proxy = createRehydraProxy(config);
+    const server = createServer((req, res) => {
+        void (async () => {
+            try {
+                const webRequest = incomingMessageToRequest(req, host, config.port);
+                const webResponse = await proxy(webRequest);
+                await writeResponse(res, webResponse);
+            }
+            catch (error) {
+                res.writeHead(502, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({
+                    error: "proxy_error",
+                    message: error instanceof Error ? error.message : "Unknown proxy error",
+                }));
+            }
+        })();
+    });
+    await new Promise((resolve, reject) => {
+        server.on("error", reject);
+        server.listen(config.port, host, () => {
+            resolve();
+        });
+    });
+    return {
+        server,
+        port: config.port,
+        host,
+        async close() {
+            return new Promise((resolve, reject) => {
+                server.close((err) => {
+                    if (err !== undefined)
+                        reject(err);
+                    else
+                        resolve();
+                });
+            });
+        },
+    };
+}
+/**
+ * Convert a Node.js IncomingMessage to a Web API Request
+ */
+function incomingMessageToRequest(req, host, port) {
+    const url = `http://${host}:${port}${req.url ?? "/"}`;
+    const headers = new Headers();
+    for (const [key, value] of Object.entries(req.headers)) {
+        if (value !== undefined) {
+            if (Array.isArray(value)) {
+                for (const v of value) {
+                    headers.append(key, v);
+                }
+            }
+            else {
+                headers.set(key, value);
+            }
+        }
+    }
+    const method = req.method ?? "GET";
+    const hasBody = method !== "GET" && method !== "HEAD";
+    return new Request(url, {
+        method,
+        headers,
+        body: hasBody ? nodeStreamToReadableStream(req) : undefined,
+        // @ts-expect-error - duplex is needed for streaming request bodies
+        duplex: hasBody ? "half" : undefined,
+    });
+}
+/**
+ * Convert a Node.js Readable stream to a Web API ReadableStream
+ */
+function nodeStreamToReadableStream(nodeStream) {
+    return new ReadableStream({
+        start(controller) {
+            nodeStream.on("data", (chunk) => {
+                controller.enqueue(new Uint8Array(chunk));
+            });
+            nodeStream.on("end", () => {
+                controller.close();
+            });
+            nodeStream.on("error", (err) => {
+                controller.error(err);
+            });
+        },
+    });
+}
+/**
+ * Write a Web API Response to a Node.js ServerResponse
+ */
+async function writeResponse(res, webResponse) {
+    // Copy status and headers
+    const headers = {};
+    webResponse.headers.forEach((value, key) => {
+        headers[key] = value;
+    });
+    res.writeHead(webResponse.status, headers);
+    if (webResponse.body === null) {
+        res.end();
+        return;
+    }
+    // Stream the response body
+    const reader = webResponse.body.getReader();
+    try {
+        for (;;) {
+            const { done, value } = await reader.read();
+            if (done)
+                break;
+            res.write(value);
+        }
+    }
+    finally {
+        reader.releaseLock();
+        res.end();
+    }
+}
+//# sourceMappingURL=proxy-server.js.map

package/dist/proxy/proxy-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-server.js","sourceRoot":"","sources":["../../src/proxy/proxy-server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAA0D,MAAM,WAAW,CAAC;AACjG,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AA2BxD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,MAAgC;IAEhC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,WAAW,CAAC;IACxC,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAEzC,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;QACxE,KAAK,CAAC,KAAK,IAAmB,EAAE;YAC9B,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,wBAAwB,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;gBACpE,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,CAAC;gBAC5C,MAAM,aAAa,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;YACxC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;oBACrB,KAAK,EAAE,aAAa;oBACpB,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB;iBACxE,CAAC,CAAC,CAAC;YACN,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC3B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE;YACpC,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,MAAM;QACN,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,IAAI;QACJ,KAAK,CAAC,KAAK;YACT,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACnB,IAAI,GAAG,KAAK,SAAS;wBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;wBAC9B,OAAO,EAAE,CAAC;gBACjB,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAC/B,GAAoB,EACpB,IAAY,EACZ,IAAY;IAEZ,MAAM,GAAG,GAAG,UAAU,IAAI,IAAI,IAAI,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;IACtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAE9B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QACvD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;oBACtB,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC;IACnC,MAAM,OAAO,GAAG,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,CAAC;IAEtD,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE;QACtB,MAAM;QACN,OAAO;QACP,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;QAC3D,mEAAmE;QACnE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;KACrC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CAAC,UAA2B;IAC7D,OAAO,IAAI,cAAc,CAAC;QACxB,KAAK,CAAC,UAAU;YACd,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBACtC,UAAU,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;YAC5C,CAAC,CAAC,CAAC;YACH,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACxB,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,CAAC,CAAC,CAAC;YACH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;gBACpC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC,CAAC,CAAC;QACL,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAmB,EACnB,WAAqB;IAErB,0BAA0B;IAC1B,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACzC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE3C,IAAI,WAAW,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;QAC9B,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO;IACT,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;IAC5C,IAAI,CAAC;QACH,SAAS,CAAC;YACR,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,IAAI;gBAAE,MAAM;YAChB,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,WAAW,EAAE,CAAC;QACrB,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/proxy/rehydra-fetch.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Rehydra Fetch Wrapper
+ * Wraps the native fetch to anonymize outgoing LLM requests
+ * and rehydrate incoming LLM responses.
+ */
+import type { RehydraFetchConfig } from "./types.js";
+/**
+ * Creates a fetch-compatible function that automatically:
+ * 1. Anonymizes text in outgoing LLM API requests
+ * 2. Rehydrates text in incoming LLM API responses
+ *
+ * PII never leaves your infrastructure.
+ *
+ * @example
+ * ```typescript
+ * import OpenAI from 'openai';
+ * import { createRehydraFetch, InMemoryKeyProvider, InMemoryPIIStorageProvider } from 'rehydra';
+ *
+ * const rehydraFetch = createRehydraFetch({
+ *   keyProvider: new InMemoryKeyProvider(),
+ *   piiStorageProvider: new InMemoryPIIStorageProvider(),
+ * });
+ *
+ * const openai = new OpenAI({ fetch: rehydraFetch });
+ *
+ * // PII is automatically anonymized before being sent to OpenAI
+ * const response = await openai.chat.completions.create({
+ *   model: 'gpt-4',
+ *   messages: [{ role: 'user', content: 'Email john@example.com about the meeting' }],
+ * });
+ * // Response is automatically rehydrated — contains original PII
+ * ```
+ */
+export declare function createRehydraFetch(config: RehydraFetchConfig): typeof globalThis.fetch;
+//# sourceMappingURL=rehydra-fetch.d.ts.map

package/dist/proxy/rehydra-fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rehydra-fetch.d.ts","sourceRoot":"","sources":["../../src/proxy/rehydra-fetch.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAUH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAQrD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,kBAAkB,GACzB,OAAO,UAAU,CAAC,KAAK,CA0FzB"}

package/dist/proxy/rehydra-fetch.js

@@ -0,0 +1,217 @@
+/**
+ * Rehydra Fetch Wrapper
+ * Wraps the native fetch to anonymize outgoing LLM requests
+ * and rehydrate incoming LLM responses.
+ */
+import { createAnonymizer } from "../core/anonymizer.js";
+import { decryptPIIMap } from "../crypto/index.js";
+import { rehydrate } from "../pipeline/tagger.js";
+import { AnonymizerSessionImpl } from "../storage/session.js";
+import { SSEParser, isSSEDone, serializeSSEEvent } from "./sse-parser.js";
+import { detectProvider } from "./providers/index.js";
+let sessionCounter = 0;
+function defaultGetSessionId() {
+    return `rehydra-proxy-${Date.now()}-${++sessionCounter}`;
+}
+/**
+ * Creates a fetch-compatible function that automatically:
+ * 1. Anonymizes text in outgoing LLM API requests
+ * 2. Rehydrates text in incoming LLM API responses
+ *
+ * PII never leaves your infrastructure.
+ *
+ * @example
+ * ```typescript
+ * import OpenAI from 'openai';
+ * import { createRehydraFetch, InMemoryKeyProvider, InMemoryPIIStorageProvider } from 'rehydra';
+ *
+ * const rehydraFetch = createRehydraFetch({
+ *   keyProvider: new InMemoryKeyProvider(),
+ *   piiStorageProvider: new InMemoryPIIStorageProvider(),
+ * });
+ *
+ * const openai = new OpenAI({ fetch: rehydraFetch });
+ *
+ * // PII is automatically anonymized before being sent to OpenAI
+ * const response = await openai.chat.completions.create({
+ *   model: 'gpt-4',
+ *   messages: [{ role: 'user', content: 'Email john@example.com about the meeting' }],
+ * });
+ * // Response is automatically rehydrated — contains original PII
+ * ```
+ */
+export function createRehydraFetch(config) {
+    const anonymizer = createAnonymizer({
+        ...config.anonymizer,
+        keyProvider: config.keyProvider,
+        piiStorageProvider: config.piiStorageProvider,
+    });
+    let initialized = false;
+    const getSessionId = config.getSessionId ?? defaultGetSessionId;
+    const handleStreaming = config.handleStreaming !== false;
+    async function ensureInitialized() {
+        if (!initialized) {
+            await anonymizer.initialize();
+            initialized = true;
+        }
+    }
+    return async (input, init) => {
+        await ensureInitialized();
+        const request = new Request(input, init);
+        // Only intercept POST requests with JSON bodies (LLM API calls)
+        if (request.method !== "POST") {
+            return fetch(request);
+        }
+        const contentType = request.headers.get("content-type");
+        if (contentType === null || !contentType.includes("application/json")) {
+            return fetch(request);
+        }
+        // Detect the LLM provider
+        const provider = detectProvider(request.url, request.headers, config.provider);
+        // Parse request body
+        const body = await request.json();
+        // Get session ID for PII map persistence
+        const sessionId = await getSessionId(request);
+        // Create a session for this request
+        const session = new AnonymizerSessionImpl(anonymizer, sessionId, config.piiStorageProvider, config.keyProvider);
+        // Extract and anonymize text from the request
+        const texts = provider.extractRequestText(body);
+        const anonymizedTexts = [];
+        for (const text of texts) {
+            const result = await session.anonymize(text, config.locale, config.policy);
+            anonymizedTexts.push(result.anonymizedText);
+        }
+        // Rebuild the request body with anonymized text
+        const anonymizedBody = provider.rebuildRequestBody(body, anonymizedTexts);
+        // Forward the anonymized request
+        const upstreamRequest = new Request(request, {
+            body: JSON.stringify(anonymizedBody),
+        });
+        const response = await fetch(upstreamRequest);
+        // Determine if the response is a streaming SSE response
+        const responseContentType = response.headers.get("content-type");
+        const isSSE = handleStreaming &&
+            provider.isStreamingRequest(body) &&
+            responseContentType !== null &&
+            responseContentType.includes("text/event-stream");
+        if (isSSE && response.body !== null) {
+            return rehydrateSSEResponse(response, session, provider, config);
+        }
+        return rehydrateJSONResponse(response, session, provider);
+    };
+}
+/**
+ * Rehydrate a non-streaming JSON response.
+ */
+async function rehydrateJSONResponse(response, session, provider) {
+    const body = await response.json();
+    // Extract response text and rehydrate
+    const responseTexts = provider.extractResponseText(body);
+    const rehydratedTexts = [];
+    for (const text of responseTexts) {
+        const rehydrated = await session.rehydrate(text);
+        rehydratedTexts.push(rehydrated);
+    }
+    // Rebuild response body
+    const rehydratedBody = provider.rebuildResponseBody(body, rehydratedTexts);
+    return new Response(JSON.stringify(rehydratedBody), {
+        status: response.status,
+        statusText: response.statusText,
+        headers: response.headers,
+    });
+}
+/**
+ * Rehydrate a streaming SSE response.
+ * Returns a new Response with a transformed body stream.
+ */
+function rehydrateSSEResponse(response, session, provider, config) {
+    const sseParser = new SSEParser();
+    const decoder = new TextDecoder();
+    const encoder = new TextEncoder();
+    // Buffer for incomplete PII tags that span SSE chunks
+    let tagBuffer = "";
+    // We load the PII map once, lazily
+    let piiMapPromise = null;
+    function getPiiMap() {
+        if (piiMapPromise === null) {
+            piiMapPromise = (async () => {
+                const stored = await config.piiStorageProvider.load(session.sessionId);
+                if (stored === null)
+                    return new Map();
+                const key = await config.keyProvider.getKey();
+                return decryptPIIMap(stored.piiMap, key);
+            })();
+        }
+        return piiMapPromise;
+    }
+    const transformStream = new TransformStream({
+        async transform(chunk, controller) {
+            const text = decoder.decode(chunk, { stream: true });
+            const events = sseParser.parse(text);
+            for (const event of events) {
+                if (isSSEDone(event.data)) {
+                    controller.enqueue(encoder.encode(serializeSSEEvent(event)));
+                    continue;
+                }
+                let parsed;
+                try {
+                    parsed = JSON.parse(event.data);
+                }
+                catch {
+                    // Not JSON — pass through as-is
+                    controller.enqueue(encoder.encode(serializeSSEEvent(event)));
+                    continue;
+                }
+                const delta = provider.extractSSEDelta(parsed);
+                if (delta === null) {
+                    controller.enqueue(encoder.encode(serializeSSEEvent(event)));
+                    continue;
+                }
+                // Handle incomplete PII tags spanning chunks
+                const fullText = tagBuffer + delta;
+                const incompleteTagIdx = fullText.lastIndexOf("<PII");
+                const lastCloseIdx = fullText.lastIndexOf("/>");
+                let textToRehydrate;
+                if (incompleteTagIdx !== -1 &&
+                    (lastCloseIdx === -1 || lastCloseIdx < incompleteTagIdx)) {
+                    textToRehydrate = fullText.slice(0, incompleteTagIdx);
+                    tagBuffer = fullText.slice(incompleteTagIdx);
+                }
+                else {
+                    textToRehydrate = fullText;
+                    tagBuffer = "";
+                }
+                if (textToRehydrate.length > 0) {
+                    const piiMap = await getPiiMap();
+                    const rehydrated = rehydrate(textToRehydrate, piiMap);
+                    const rebuilt = provider.rebuildSSEDelta(parsed, rehydrated);
+                    controller.enqueue(encoder.encode(serializeSSEEvent({
+                        event: event.event,
+                        data: JSON.stringify(rebuilt),
+                    })));
+                }
+            }
+        },
+        async flush(controller) {
+            const events = sseParser.flush();
+            for (const event of events) {
+                controller.enqueue(encoder.encode(serializeSSEEvent(event)));
+            }
+            if (tagBuffer.length > 0) {
+                const piiMap = await getPiiMap();
+                const rehydrated = rehydrate(tagBuffer, piiMap);
+                if (rehydrated.length > 0) {
+                    controller.enqueue(encoder.encode(`data: ${JSON.stringify({ content: rehydrated })}\n\n`));
+                }
+                tagBuffer = "";
+            }
+        },
+    });
+    const transformedBody = response.body.pipeThrough(transformStream);
+    return new Response(transformedBody, {
+        status: response.status,
+        statusText: response.statusText,
+        headers: response.headers,
+    });
+}
+//# sourceMappingURL=rehydra-fetch.js.map

package/dist/proxy/rehydra-fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rehydra-fetch.js","sourceRoot":"","sources":["../../src/proxy/rehydra-fetch.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAItD,IAAI,cAAc,GAAG,CAAC,CAAC;AAEvB,SAAS,mBAAmB;IAC1B,OAAO,iBAAiB,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;AAC3D,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAA0B;IAE1B,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAClC,GAAG,MAAM,CAAC,UAAU;QACpB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;KAC9C,CAAC,CAAC;IACH,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,mBAAmB,CAAC;IAChE,MAAM,eAAe,GAAG,MAAM,CAAC,eAAe,KAAK,KAAK,CAAC;IAEzD,KAAK,UAAU,iBAAiB;QAC9B,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,UAAU,CAAC,UAAU,EAAE,CAAC;YAC9B,WAAW,GAAG,IAAI,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,EACV,KAAwB,EACxB,IAAkB,EACC,EAAE;QACrB,MAAM,iBAAiB,EAAE,CAAC;QAE1B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAEzC,gEAAgE;QAChE,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACxD,IAAI,WAAW,KAAK,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACtE,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QAED,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,cAAc,CAC7B,OAAO,CAAC,GAAG,EACX,OAAO,CAAC,OAAO,EACf,MAAM,CAAC,QAAQ,CAChB,CAAC;QAEF,qBAAqB;QACrB,MAAM,IAAI,GAAY,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAE3C,yCAAyC;QACzC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE9C,oCAAoC;QACpC,MAAM,OAAO,GAAG,IAAI,qBAAqB,CACvC,UAAU,EACV,SAAS,EACT,MAAM,CAAC,kBAAkB,EACzB,MAAM,CAAC,WAAW,CACnB,CAAC;QAEF,8CAA8C;QAC9C,MAAM,KAAK,GAAG,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,eAAe,GAAa,EAAE,CAAC;QAErC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;YAC3E,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAC9C,CAAC;QAED,gDAAgD;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,kBAAkB,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;QAE1E,iCAAiC;QACjC,MAAM,eAAe,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE;YAC3C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;SACrC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,eAAe,CAAC,CAAC;QAE9C,wDAAwD;QACxD,MAAM,mBAAmB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACjE,MAAM,KAAK,GACT,eAAe;YACf,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC;YACjC,mBAAmB,KAAK,IAAI;YAC5B,mBAAmB,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAEpD,IAAI,KAAK,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACpC,OAAO,oBAAoB,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,qBAAqB,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC5D,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,QAAkB,EAClB,OAA8B,EAC9B,QAA4B;IAE5B,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAE5C,sCAAsC;IACtC,MAAM,aAAa,GAAG,QAAQ,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACzD,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACjD,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAED,wBAAwB;IACxB,MAAM,cAAc,GAAG,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;IAE3E,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,EAAE;QAClD,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,OAAO,EAAE,QAAQ,CAAC,OAAO;KAC1B,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,QAAkB,EAClB,OAA8B,EAC9B,QAA4B,EAC5B,MAA0B;IAE1B,MAAM,SAAS,GAAG,IAAI,SAAS,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAElC,sDAAsD;IACtD,IAAI,SAAS,GAAG,EAAE,CAAC;IAEnB,mCAAmC;IACnC,IAAI,aAAa,GAA8B,IAAI,CAAC;IAEpD,SAAS,SAAS;QAChB,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;YAC3B,aAAa,GAAG,CAAC,KAAK,IAAwB,EAAE;gBAC9C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBACvE,IAAI,MAAM,KAAK,IAAI;oBAAE,OAAO,IAAI,GAAG,EAAE,CAAC;gBACtC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;gBAC9C,OAAO,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAC3C,CAAC,CAAC,EAAE,CAAC;QACP,CAAC;QACD,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,MAAM,eAAe,GAAG,IAAI,eAAe,CAAyB;QAClE,KAAK,CAAC,SAAS,CACb,KAAiB,EACjB,UAAwD;YAExD,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAErC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1B,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC7D,SAAS;gBACX,CAAC;gBAED,IAAI,MAAe,CAAC;gBACpB,IAAI,CAAC;oBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAClC,CAAC;gBAAC,MAAM,CAAC;oBACP,gCAAgC;oBAChC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC7D,SAAS;gBACX,CAAC;gBAED,MAAM,KAAK,GAAG,QAAQ,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;gBAC/C,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;oBACnB,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC7D,SAAS;gBACX,CAAC;gBAED,6CAA6C;gBAC7C,MAAM,QAAQ,GAAG,SAAS,GAAG,KAAK,CAAC;gBACnC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;gBACtD,MAAM,YAAY,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;gBAEhD,IAAI,eAAuB,CAAC;gBAC5B,IACE,gBAAgB,KAAK,CAAC,CAAC;oBACvB,CAAC,YAAY,KAAK,CAAC,CAAC,IAAI,YAAY,GAAG,gBAAgB,CAAC,EACxD,CAAC;oBACD,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;oBACtD,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;gBAC/C,CAAC;qBAAM,CAAC;oBACN,eAAe,GAAG,QAAQ,CAAC;oBAC3B,SAAS,GAAG,EAAE,CAAC;gBACjB,CAAC;gBAED,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC/B,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,SAAS,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;oBACtD,MAAM,OAAO,GAAG,QAAQ,CAAC,eAAe,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;oBAC7D,UAAU,CAAC,OAAO,CAChB,OAAO,CAAC,MAAM,CACZ,iBAAiB,CAAC;wBAChB,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;qBAC9B,CAAC,CACH,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,CAAC,KAAK,CACT,UAAwD;YAExD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,CAAC;YACjC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC/D,CAAC;YAED,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;gBAChD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1B,UAAU,CAAC,OAAO,CAChB,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,MAAM,CAAC,CACvE,CAAC;gBACJ,CAAC;gBACD,SAAS,GAAG,EAAE,CAAC;YACjB,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,QAAQ,CAAC,IAAK,CAAC,WAAW,CAAC,eAAe,CAAC,CAAC;IAEpE,OAAO,IAAI,QAAQ,CAAC,eAAe,EAAE;QACnC,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,OAAO,EAAE,QAAQ,CAAC,OAAO;KAC1B,CAAC,CAAC;AACL,CAAC"}

package/dist/proxy/rehydra-proxy.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Rehydra Proxy Middleware
+ * Generic (Request → Response) proxy that anonymizes LLM requests
+ * and rehydrates responses. Uses standard Web APIs — no framework dependency.
+ */
+import type { RehydraProxyConfig } from "./types.js";
+/**
+ * Creates a proxy middleware function that forwards requests to an upstream
+ * LLM API, anonymizing requests and rehydrating responses.
+ *
+ * Returns a standard `(Request) => Promise<Response>` function that works
+ * with any framework supporting Web Request/Response APIs.
+ *
+ * @example
+ * ```typescript
+ * // Hono
+ * import { Hono } from 'hono';
+ * const app = new Hono();
+ * const proxy = createRehydraProxy({
+ *   upstream: 'https://api.openai.com',
+ *   keyProvider: new ConfigKeyProvider(process.env.PII_KEY!),
+ *   piiStorageProvider: new SQLitePIIStorageProvider('proxy.db'),
+ * });
+ * app.post('/v1/*', (c) => proxy(c.req.raw));
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Bun.serve
+ * const proxy = createRehydraProxy({ upstream: 'https://api.openai.com', ... });
+ * Bun.serve({
+ *   fetch(req) {
+ *     if (new URL(req.url).pathname.startsWith('/v1/')) return proxy(req);
+ *     return new Response('Not Found', { status: 404 });
+ *   },
+ * });
+ * ```
+ */
+export declare function createRehydraProxy(config: RehydraProxyConfig): (request: Request) => Promise<Response>;
+//# sourceMappingURL=rehydra-proxy.d.ts.map

package/dist/proxy/rehydra-proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rehydra-proxy.d.ts","sourceRoot":"","sources":["../../src/proxy/rehydra-proxy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAWrD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,kBAAkB,GACzB,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAwCzC"}

package/dist/proxy/rehydra-proxy.js

@@ -0,0 +1,82 @@
+/**
+ * Rehydra Proxy Middleware
+ * Generic (Request → Response) proxy that anonymizes LLM requests
+ * and rehydrates responses. Uses standard Web APIs — no framework dependency.
+ */
+import { createRehydraFetch } from "./rehydra-fetch.js";
+const DEFAULT_FORWARD_HEADERS = [
+    "authorization",
+    "content-type",
+    "x-api-key",
+    "anthropic-version",
+    "openai-organization",
+    "openai-project",
+];
+/**
+ * Creates a proxy middleware function that forwards requests to an upstream
+ * LLM API, anonymizing requests and rehydrating responses.
+ *
+ * Returns a standard `(Request) => Promise<Response>` function that works
+ * with any framework supporting Web Request/Response APIs.
+ *
+ * @example
+ * ```typescript
+ * // Hono
+ * import { Hono } from 'hono';
+ * const app = new Hono();
+ * const proxy = createRehydraProxy({
+ *   upstream: 'https://api.openai.com',
+ *   keyProvider: new ConfigKeyProvider(process.env.PII_KEY!),
+ *   piiStorageProvider: new SQLitePIIStorageProvider('proxy.db'),
+ * });
+ * app.post('/v1/*', (c) => proxy(c.req.raw));
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Bun.serve
+ * const proxy = createRehydraProxy({ upstream: 'https://api.openai.com', ... });
+ * Bun.serve({
+ *   fetch(req) {
+ *     if (new URL(req.url).pathname.startsWith('/v1/')) return proxy(req);
+ *     return new Response('Not Found', { status: 404 });
+ *   },
+ * });
+ * ```
+ */
+export function createRehydraProxy(config) {
+    const forwardHeaders = config.forwardHeaders ?? DEFAULT_FORWARD_HEADERS;
+    const upstream = config.upstream.replace(/\/$/, ""); // Remove trailing slash
+    // Create the underlying Rehydra fetch wrapper
+    const rehydraFetch = createRehydraFetch(config);
+    return async (request) => {
+        // Build upstream URL
+        const requestUrl = new URL(request.url);
+        let pathname = requestUrl.pathname;
+        // Strip prefix if configured
+        if (config.stripPrefix !== undefined && config.stripPrefix !== "" && pathname.startsWith(config.stripPrefix)) {
+            pathname = pathname.slice(config.stripPrefix.length);
+            if (!pathname.startsWith("/")) {
+                pathname = "/" + pathname;
+            }
+        }
+        const upstreamUrl = upstream + pathname + requestUrl.search;
+        // Filter headers to forward
+        const headers = new Headers();
+        for (const name of forwardHeaders) {
+            const value = request.headers.get(name);
+            if (value !== null) {
+                headers.set(name, value);
+            }
+        }
+        // Forward via rehydraFetch (which handles anonymization/rehydration)
+        return rehydraFetch(upstreamUrl, {
+            method: request.method,
+            headers,
+            body: request.body,
+            // @ts-expect-error - duplex is needed for streaming request bodies
+            duplex: "half",
+        });
+    };
+}
+//# sourceMappingURL=rehydra-proxy.js.map

package/dist/proxy/rehydra-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rehydra-proxy.js","sourceRoot":"","sources":["../../src/proxy/rehydra-proxy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAGxD,MAAM,uBAAuB,GAAG;IAC9B,eAAe;IACf,cAAc;IACd,WAAW;IACX,mBAAmB;IACnB,qBAAqB;IACrB,gBAAgB;CACjB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAA0B;IAE1B,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,uBAAuB,CAAC;IACxE,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;IAE7E,8CAA8C;IAC9C,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAEhD,OAAO,KAAK,EAAE,OAAgB,EAAqB,EAAE;QACnD,qBAAqB;QACrB,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;QAEnC,6BAA6B;QAC7B,IAAI,MAAM,CAAC,WAAW,KAAK,SAAS,IAAI,MAAM,CAAC,WAAW,KAAK,EAAE,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7G,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,QAAQ,GAAG,GAAG,GAAG,QAAQ,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC;QAE5D,4BAA4B;QAC5B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACxC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,qEAAqE;QACrE,OAAO,YAAY,CAAC,WAAW,EAAE;YAC/B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO;YACP,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,mEAAmE;YACnE,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC"}