securepool 1.0.0

package/SETUP.md

@@ -0,0 +1,388 @@
+# SecurePool - Local Setup Guide
+
+## Quick Start (One Command)
+
+```bash
+cd securepool
+npm run setup
+```
+
+This interactive script handles everything:
+- Checks prerequisites (Node.js, MongoDB, OpenSSL)
+- Installs dependencies
+- Generates RSA keys for JWT
+- Sets up MongoDB (with or without authentication)
+- Configures email for OTP (optional)
+- Creates `.env` file
+- Builds all packages
+- Verifies the setup
+
+After setup, start the servers:
+
+```bash
+# Terminal 1 - Backend
+npm run start:backend
+
+# Terminal 2 - Frontend
+npm run start:frontend
+```
+
+Open:
+- Frontend: http://localhost:5173
+- API Docs: http://localhost:5001/docs
+- Health Check: http://localhost:5001/health
+
+---
+
+## Manual Setup (Step by Step)
+
+If you prefer manual setup, follow the steps below.
+
+### Prerequisites
+
+| Tool | Version | Install |
+|------|---------|---------|
+| Node.js | 20+ | `brew install node` |
+| MongoDB | 6+ | `brew install mongodb-community` |
+| OpenSSL | any | Pre-installed on macOS |
+
+---
+
+### Step 1: Clone & Install
+
+```bash
+cd securepool
+npm install
+```
+
+---
+
+## Step 2: Start MongoDB
+
+**Option A: Without authentication (simple)**
+
+```bash
+mongod --dbpath ~/mongodb-data
+```
+
+**Option B: With authentication (production-like)**
+
+```bash
+# Start MongoDB with auth
+mongod --dbpath ~/mongodb-data --auth
+```
+
+Then in a new terminal, create the database user:
+
+```bash
+mongosh
+```
+
+```js
+use securepool
+
+db.createUser({
+  user: "securepool-user",
+  pwd: "SecurePool@123",
+  roles: [{ role: "readWrite", db: "securepool" }]
+})
+
+exit
+```
+
+Verify it works:
+
+```bash
+mongosh "mongodb://securepool-user:SecurePool%40123@localhost:27017/securepool?authSource=securepool"
+```
+
+---
+
+## Step 3: Generate RSA Keys (for JWT)
+
+```bash
+cd securepool
+openssl genrsa -out private.pem 2048
+openssl rsa -in private.pem -pubout -out public.pem
+```
+
+---
+
+## Step 4: Create `.env` File
+
+Create a `.env` file in the `securepool/` root:
+
+```env
+# Database
+DB_TYPE=mongo
+DB_URL=mongodb://localhost:27017/securepool
+
+# If using auth (Step 2 Option B):
+# DB_URL=mongodb://securepool-user:SecurePool%40123@localhost:27017/securepool?authSource=securepool
+
+# JWT (paths to RSA key files)
+JWT_PRIVATE_KEY_PATH=./private.pem
+JWT_PUBLIC_KEY_PATH=./public.pem
+
+# Email (Gmail SMTP - optional, needed for OTP emails)
+EMAIL_HOST=smtp.gmail.com
+EMAIL_PORT=587
+EMAIL_SECURE=false
+EMAIL_USER=your-email@gmail.com
+EMAIL_PASS=your-gmail-app-password
+EMAIL_FROM=your-email@gmail.com
+
+# Server
+PORT=5001
+
+# Security
+RATE_LIMIT_ENABLED=true
+CORS_ORIGINS=*
+```
+
+### Gmail App Password (required for email OTP)
+
+1. Go to https://myaccount.google.com/apppasswords
+2. Sign in (2FA must be enabled)
+3. Create app password for "Mail"
+4. Copy the 16-character password into `EMAIL_PASS`
+
+If you skip email setup, OTP features won't send emails (but the rest works fine).
+
+---
+
+## Step 5: Build All Packages
+
+```bash
+npm run build
+```
+
+This builds all 6 packages using Turborepo:
+- `@securepool/core`
+- `@securepool/application`
+- `@securepool/infrastructure`
+- `@securepool/persistence`
+- `@securepool/api`
+- `@securepool/react-sdk`
+
+---
+
+## Step 6: Start Backend
+
+```bash
+cd apps/demo-backend
+npx ts-node src/index.ts
+```
+
+You should see:
+
+```
+SecurePool API running on port 5001
+```
+
+Verify:
+
+```bash
+curl http://localhost:5001/health
+# → {"status":"ok"}
+```
+
+### API Documentation (Swagger UI)
+
+Open in your browser:
+
+```
+http://localhost:5001/docs
+```
+
+This gives you an interactive API explorer where you can:
+
+- See all endpoints with request/response schemas
+- Try any API live by clicking "Try it out"
+- Authenticate by clicking the **Authorize** button (top right) and pasting your JWT access token
+- View the raw OpenAPI spec at `http://localhost:5001/docs.json`
+
+**How to use authenticated endpoints in Swagger:**
+
+1. First call `POST /auth/login` with your email + password
+2. Copy the `accessToken` from the response
+3. Click the **Authorize** button (lock icon at top)
+4. Paste the token and click "Authorize"
+5. Now all authenticated endpoints (Sessions, Change Password) will work
+```
+
+---
+
+## Step 7: Start Frontend
+
+Open a **new terminal**:
+
+```bash
+cd apps/demo-frontend
+npx vite
+```
+
+Opens at http://localhost:5173
+
+---
+
+## Step 8: Test the Full Flow
+
+### Register a new user
+
+1. Open http://localhost:5173/signup
+2. Enter email and password (min 8 chars)
+3. Check your email for the 6-digit OTP
+4. Enter OTP on the verification page
+5. You're logged in and redirected to the dashboard
+
+### Login with password
+
+1. Go to http://localhost:5173/login
+2. Enter email and password
+
+### Login with OTP
+
+1. Go to http://localhost:5173/otp-login
+2. Enter your email
+3. Check email for OTP code
+4. Enter the code
+
+### Forgot password
+
+1. Go to http://localhost:5173/forgot-password
+2. Enter your email
+3. Check email for OTP
+4. Enter OTP, then set new password
+
+### Change password
+
+1. Login and go to dashboard
+2. Click your avatar (top right)
+3. Click "Change password"
+4. Enter old password and new password
+
+### Switch accounts
+
+1. Login with one account
+2. Click avatar → "Add another account"
+3. Login with a different email
+4. Click avatar → click any stored account to switch
+
+---
+
+## API Endpoints
+
+| Method | Endpoint | Auth | Description |
+|--------|----------|------|-------------|
+| GET | `/health` | No | Health check |
+| POST | `/auth/register` | No | Register + send OTP |
+| POST | `/auth/verify-email` | No | Verify OTP + create user |
+| POST | `/auth/login` | No | Login with password |
+| POST | `/auth/otp/request` | No | Request OTP for login |
+| POST | `/auth/otp/verify` | No | Verify OTP + login |
+| POST | `/auth/refresh` | No | Refresh token |
+| POST | `/auth/google` | No | Google SSO login |
+| POST | `/auth/forgot-password` | No | Send password reset OTP |
+| POST | `/auth/reset-password` | No | Reset password with OTP |
+| POST | `/auth/change-password` | Yes | Change password (old + new) |
+| GET | `/sessions` | Yes | List active sessions |
+| DELETE | `/sessions/:id` | Yes | Revoke a session |
+| DELETE | `/sessions` | Yes | Revoke all sessions |
+
+All `/auth/*` routes require the `x-tenant-id` header.
+
+Authenticated routes require: `Authorization: Bearer <access_token>`
+
+### Example: Register + Login via curl
+
+```bash
+# Register
+curl -X POST http://localhost:5001/auth/register \
+  -H "Content-Type: application/json" \
+  -H "x-tenant-id: default" \
+  -d '{"email":"test@example.com","password":"MyPass@1234"}'
+
+# Login
+curl -X POST http://localhost:5001/auth/login \
+  -H "Content-Type: application/json" \
+  -H "x-tenant-id: default" \
+  -d '{"email":"test@example.com","password":"MyPass@1234"}'
+```
+
+---
+
+## Project Structure
+
+```
+securepool/
+├── packages/                    # NPM library packages
+│   ├── core/                    # Entities, enums (zero dependencies)
+│   ├── application/             # Interfaces, AuthService, business logic
+│   ├── infrastructure/          # JWT, bcrypt, OTP, email (nodemailer)
+│   ├── persistence/             # MongoDB (mongoose) + PostgreSQL (prisma)
+│   ├── api/                     # Express routes, middleware, createSecurePool()
+│   └── react-sdk/               # SecurePoolProvider, useAuth, UI components
+│
+├── apps/                        # Runnable applications
+│   ├── demo-backend/            # Express server using @securepool/api
+│   └── demo-frontend/           # React app using @securepool/react-sdk
+│
+├── package.json                 # Monorepo root (npm workspaces)
+├── tsconfig.base.json           # Shared TypeScript config
+├── turbo.json                   # Turborepo build pipeline
+├── .env                         # Environment variables (not in git)
+├── private.pem                  # JWT private key (not in git)
+└── public.pem                   # JWT public key (not in git)
+```
+
+---
+
+## Common Issues
+
+### Port 5001 already in use
+
+```bash
+lsof -ti:5001 | xargs kill -9
+```
+
+### Port 5000 used by AirPlay (macOS)
+
+We use port 5001 to avoid this. Or disable AirPlay Receiver in System Settings.
+
+### MongoDB connection failed
+
+Make sure MongoDB is running:
+
+```bash
+mongosh --eval "db.runCommand({ ping: 1 })"
+```
+
+### OTP email not received
+
+- Check `EMAIL_USER` and `EMAIL_PASS` in `.env`
+- Gmail requires an App Password (not your regular password)
+- Enable 2FA on your Google account first
+
+### Build errors after changing code
+
+Rebuild all packages:
+
+```bash
+npm run build
+```
+
+Then restart the backend.
+
+---
+
+## Useful Commands
+
+| Command | Description |
+|---------|-------------|
+| `npm run build` | Build all packages |
+| `npm run clean` | Clean all dist folders |
+| `npx turbo run build --filter=@securepool/api` | Build single package |
+| `cd apps/demo-backend && npx ts-node src/index.ts` | Start backend |
+| `cd apps/demo-frontend && npx vite` | Start frontend |
+| `lsof -ti:5001 \| xargs kill -9` | Kill process on port |

package/apps/demo-backend/Dockerfile

@@ -0,0 +1,33 @@
+FROM node:20-alpine AS builder
+
+WORKDIR /app
+
+# Copy monorepo root files
+COPY package.json package-lock.json tsconfig.base.json turbo.json ./
+
+# Copy all packages and the backend app
+COPY packages/ packages/
+COPY apps/demo-backend/ apps/demo-backend/
+
+# Install dependencies
+RUN npm ci
+
+# Build all packages
+RUN npx turbo run build --filter=@securepool/*
+
+# Build the backend app
+RUN cd apps/demo-backend && npx tsc
+
+# ---- Production stage ----
+FROM node:20-alpine
+
+WORKDIR /app
+
+COPY --from=builder /app/package.json /app/package-lock.json ./
+COPY --from=builder /app/packages/ packages/
+COPY --from=builder /app/apps/demo-backend/ apps/demo-backend/
+COPY --from=builder /app/node_modules/ node_modules/
+
+EXPOSE 5001
+
+CMD ["node", "apps/demo-backend/dist/index.js"]

package/apps/demo-backend/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "demo-backend",
+  "version": "1.0.0",
+  "private": true,
+  "scripts": {
+    "dev": "ts-node-dev --respawn src/index.ts",
+    "build": "tsc",
+    "start": "node dist/index.js"
+  },
+  "dependencies": {
+    "@securepool/api": "1.0.0",
+    "dotenv": "^16.4.5"
+  },
+  "devDependencies": {
+    "typescript": "^5.5.0",
+    "ts-node-dev": "^2.0.0",
+    "@types/node": "^20.14.0"
+  }
+}

package/apps/demo-backend/src/index.ts

@@ -0,0 +1,71 @@
+import dotenv from "dotenv";
+import path from "path";
+import fs from "fs";
+import { createSecurePool } from "@securepool/api";
+
+// Load .env (local dev: from monorepo root, production: from process.env)
+dotenv.config({ path: path.resolve(__dirname, "../../../.env") });
+dotenv.config(); // also check current dir
+
+function getJwtKeys(): { privateKey: string; publicKey: string } {
+  // Option 1: Keys passed directly as env vars (production)
+  if (process.env.JWT_PRIVATE_KEY && process.env.JWT_PUBLIC_KEY) {
+    return {
+      privateKey: process.env.JWT_PRIVATE_KEY.replace(/\\n/g, "\n"),
+      publicKey: process.env.JWT_PUBLIC_KEY.replace(/\\n/g, "\n"),
+    };
+  }
+
+  // Option 2: Keys from file paths (local dev)
+  const root = path.resolve(__dirname, "../../..");
+  const privateKeyPath = path.resolve(root, process.env.JWT_PRIVATE_KEY_PATH || "./private.pem");
+  const publicKeyPath = path.resolve(root, process.env.JWT_PUBLIC_KEY_PATH || "./public.pem");
+
+  if (fs.existsSync(privateKeyPath) && fs.existsSync(publicKeyPath)) {
+    return {
+      privateKey: fs.readFileSync(privateKeyPath, "utf-8"),
+      publicKey: fs.readFileSync(publicKeyPath, "utf-8"),
+    };
+  }
+
+  console.error("JWT keys not found. Set JWT_PRIVATE_KEY/JWT_PUBLIC_KEY env vars or provide .pem files.");
+  process.exit(1);
+}
+
+async function main() {
+  const { privateKey, publicKey } = getJwtKeys();
+  const port = parseInt(process.env.PORT || "5001", 10);
+
+  const { app } = await createSecurePool({
+    database: {
+      type: (process.env.DB_TYPE as "mongo" | "postgres") || "mongo",
+      url: process.env.DB_URL || "mongodb://localhost:27017/securepool",
+    },
+    jwt: {
+      privateKey,
+      publicKey,
+    },
+    email: process.env.EMAIL_USER ? {
+      host: process.env.EMAIL_HOST || "smtp.gmail.com",
+      port: parseInt(process.env.EMAIL_PORT || "587", 10),
+      secure: process.env.EMAIL_SECURE === "true",
+      user: process.env.EMAIL_USER,
+      pass: process.env.EMAIL_PASS || "",
+      from: process.env.EMAIL_FROM || process.env.EMAIL_USER,
+    } : undefined,
+    security: {
+      enableRateLimit: process.env.RATE_LIMIT_ENABLED !== "false",
+      corsOrigins: process.env.CORS_ORIGINS || "*",
+    },
+  });
+
+  app.listen(port, () => {
+    console.log(`SecurePool API running on port ${port}`);
+    console.log(`Api Docs: http://localhost:${port}/docs`);
+  });
+}
+
+main().catch((err) => {
+  console.error("Failed to start SecurePool:", err);
+  process.exit(1);
+});

package/apps/demo-backend/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "rootDir": "src",
+    "outDir": "dist"
+  },
+  "include": ["src"]
+}

package/apps/demo-frontend/.env.example

@@ -0,0 +1,2 @@
+VITE_API_URL=https://your-backend-url.railway.app
+VITE_TENANT_ID=default

package/apps/demo-frontend/README.md

@@ -0,0 +1,73 @@
+# React + TypeScript + Vite
+
+This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
+
+Currently, two official plugins are available:
+
+- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Oxc](https://oxc.rs)
+- [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc) uses [SWC](https://swc.rs/)
+
+## React Compiler
+
+The React Compiler is not enabled on this template because of its impact on dev & build performances. To add it, see [this documentation](https://react.dev/learn/react-compiler/installation).
+
+## Expanding the ESLint configuration
+
+If you are developing a production application, we recommend updating the configuration to enable type-aware lint rules:
+
+```js
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      // Other configs...
+
+      // Remove tseslint.configs.recommended and replace with this
+      tseslint.configs.recommendedTypeChecked,
+      // Alternatively, use this for stricter rules
+      tseslint.configs.strictTypeChecked,
+      // Optionally, add this for stylistic rules
+      tseslint.configs.stylisticTypeChecked,
+
+      // Other configs...
+    ],
+    languageOptions: {
+      parserOptions: {
+        project: ['./tsconfig.node.json', './tsconfig.app.json'],
+        tsconfigRootDir: import.meta.dirname,
+      },
+      // other options...
+    },
+  },
+])
+```
+
+You can also install [eslint-plugin-react-x](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-x) and [eslint-plugin-react-dom](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-dom) for React-specific lint rules:
+
+```js
+// eslint.config.js
+import reactX from 'eslint-plugin-react-x'
+import reactDom from 'eslint-plugin-react-dom'
+
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      // Other configs...
+      // Enable lint rules for React
+      reactX.configs['recommended-typescript'],
+      // Enable lint rules for React DOM
+      reactDom.configs.recommended,
+    ],
+    languageOptions: {
+      parserOptions: {
+        project: ['./tsconfig.node.json', './tsconfig.app.json'],
+        tsconfigRootDir: import.meta.dirname,
+      },
+      // other options...
+    },
+  },
+])
+```

package/apps/demo-frontend/eslint.config.js

@@ -0,0 +1,23 @@
+import js from '@eslint/js'
+import globals from 'globals'
+import reactHooks from 'eslint-plugin-react-hooks'
+import reactRefresh from 'eslint-plugin-react-refresh'
+import tseslint from 'typescript-eslint'
+import { defineConfig, globalIgnores } from 'eslint/config'
+
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      js.configs.recommended,
+      tseslint.configs.recommended,
+      reactHooks.configs.flat.recommended,
+      reactRefresh.configs.vite,
+    ],
+    languageOptions: {
+      ecmaVersion: 2020,
+      globals: globals.browser,
+    },
+  },
+])

package/apps/demo-frontend/index.html

@@ -0,0 +1,13 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>demo-frontend</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>

package/apps/demo-frontend/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "demo-frontend",
+  "private": true,
+  "version": "0.0.0",
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc -b && vite build",
+    "preview": "vite preview"
+  },
+  "dependencies": {
+    "react": "^19.2.4",
+    "react-dom": "^19.2.4",
+    "react-router-dom": "^7.6.0",
+    "@securepool/react-sdk": "1.0.0"
+  },
+  "devDependencies": {
+    "@types/react": "^19.2.14",
+    "@types/react-dom": "^19.2.3",
+    "@vitejs/plugin-react": "^6.0.1",
+    "typescript": "~5.9.3",
+    "vite": "^8.0.1"
+  }
+}

package/apps/demo-frontend/public/favicon.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="48" height="46" fill="none" viewBox="0 0 48 46"><path fill="#863bff" d="M25.946 44.938c-.664.845-2.021.375-2.021-.698V33.937a2.26 2.26 0 0 0-2.262-2.262H10.287c-.92 0-1.456-1.04-.92-1.788l7.48-10.471c1.07-1.497 0-3.578-1.842-3.578H1.237c-.92 0-1.456-1.04-.92-1.788L10.013.474c.214-.297.556-.474.92-.474h28.894c.92 0 1.456 1.04.92 1.788l-7.48 10.471c-1.07 1.498 0 3.579 1.842 3.579h11.377c.943 0 1.473 1.088.89 1.83L25.947 44.94z" style="fill:#863bff;fill:color(display-p3 .5252 .23 1);fill-opacity:1"/><mask id="a" width="48" height="46" x="0" y="0" maskUnits="userSpaceOnUse" style="mask-type:alpha"><path fill="#000" d="M25.842 44.938c-.664.844-2.021.375-2.021-.698V33.937a2.26 2.26 0 0 0-2.262-2.262H10.183c-.92 0-1.456-1.04-.92-1.788l7.48-10.471c1.07-1.498 0-3.579-1.842-3.579H1.133c-.92 0-1.456-1.04-.92-1.787L9.91.473c.214-.297.556-.474.92-.474h28.894c.92 0 1.456 1.04.92 1.788l-7.48 10.471c-1.07 1.498 0 3.578 1.842 3.578h11.377c.943 0 1.473 1.088.89 1.832L25.843 44.94z" style="fill:#000;fill-opacity:1"/></mask><g mask="url(#a)"><g filter="url(#b)"><ellipse cx="5.508" cy="14.704" fill="#ede6ff" rx="5.508" ry="14.704" style="fill:#ede6ff;fill:color(display-p3 .9275 .9033 1);fill-opacity:1" transform="matrix(.00324 1 1 -.00324 -4.47 31.516)"/></g><g filter="url(#c)"><ellipse cx="10.399" cy="29.851" fill="#ede6ff" rx="10.399" ry="29.851" style="fill:#ede6ff;fill:color(display-p3 .9275 .9033 1);fill-opacity:1" transform="matrix(.00324 1 1 -.00324 -39.328 7.883)"/></g><g filter="url(#d)"><ellipse cx="5.508" cy="30.487" fill="#7e14ff" rx="5.508" ry="30.487" style="fill:#7e14ff;fill:color(display-p3 .4922 .0767 1);fill-opacity:1" transform="rotate(89.814 -25.913 -14.639)scale(1 -1)"/></g><g filter="url(#e)"><ellipse cx="5.508" cy="30.599" fill="#7e14ff" rx="5.508" ry="30.599" style="fill:#7e14ff;fill:color(display-p3 .4922 .0767 1);fill-opacity:1" transform="rotate(89.814 -32.644 -3.334)scale(1 -1)"/></g><g filter="url(#f)"><ellipse cx="5.508" cy="30.599" fill="#7e14ff" rx="5.508" ry="30.599" style="fill:#7e14ff;fill:color(display-p3 .4922 .0767 1);fill-opacity:1" transform="matrix(.00324 1 1 -.00324 -34.34 30.47)"/></g><g filter="url(#g)"><ellipse cx="14.072" cy="22.078" fill="#ede6ff" rx="14.072" ry="22.078" style="fill:#ede6ff;fill:color(display-p3 .9275 .9033 1);fill-opacity:1" transform="rotate(93.35 24.506 48.493)scale(-1 1)"/></g><g filter="url(#h)"><ellipse cx="3.47" cy="21.501" fill="#7e14ff" rx="3.47" ry="21.501" style="fill:#7e14ff;fill:color(display-p3 .4922 .0767 1);fill-opacity:1" transform="rotate(89.009 28.708 47.59)scale(-1 1)"/></g><g filter="url(#i)"><ellipse cx="3.47" cy="21.501" fill="#7e14ff" rx="3.47" ry="21.501" style="fill:#7e14ff;fill:color(display-p3 .4922 .0767 1);fill-opacity:1" transform="rotate(89.009 28.708 47.59)scale(-1 1)"/></g><g filter="url(#j)"><ellipse cx=".387" cy="8.972" fill="#7e14ff" rx="4.407" ry="29.108" style="fill:#7e14ff;fill:color(display-p3 .4922 .0767 1);fill-opacity:1" transform="rotate(39.51 .387 8.972)"/></g><g filter="url(#k)"><ellipse cx="47.523" cy="-6.092" fill="#7e14ff" rx="4.407" ry="29.108" style="fill:#7e14ff;fill:color(display-p3 .4922 .0767 1);fill-opacity:1" transform="rotate(37.892 47.523 -6.092)"/></g><g filter="url(#l)"><ellipse cx="41.412" cy="6.333" fill="#47bfff" rx="5.971" ry="9.665" style="fill:#47bfff;fill:color(display-p3 .2799 .748 1);fill-opacity:1" transform="rotate(37.892 41.412 6.333)"/></g><g filter="url(#m)"><ellipse cx="-1.879" cy="38.332" fill="#7e14ff" rx="4.407" ry="29.108" style="fill:#7e14ff;fill:color(display-p3 .4922 .0767 1);fill-opacity:1" transform="rotate(37.892 -1.88 38.332)"/></g><g filter="url(#n)"><ellipse cx="-1.879" cy="38.332" fill="#7e14ff" rx="4.407" ry="29.108" style="fill:#7e14ff;fill:color(display-p3 .4922 .0767 1);fill-opacity:1" transform="rotate(37.892 -1.88 38.332)"/></g><g filter="url(#o)"><ellipse cx="35.651" cy="29.907" fill="#7e14ff" rx="4.407" ry="29.108" style="fill:#7e14ff;fill:color(display-p3 .4922 .0767 1);fill-opacity:1" transform="rotate(37.892 35.651 29.907)"/></g><g filter="url(#p)"><ellipse cx="38.418" cy="32.4" fill="#47bfff" rx="5.971" ry="15.297" style="fill:#47bfff;fill:color(display-p3 .2799 .748 1);fill-opacity:1" transform="rotate(37.892 38.418 32.4)"/></g></g><defs><filter id="b" width="60.045" height="41.654" x="-19.77" y="16.149" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="7.659"/></filter><filter id="c" width="90.34" height="51.437" x="-54.613" y="-7.533" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="7.659"/></filter><filter id="d" width="79.355" height="29.4" x="-49.64" y="2.03" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter><filter id="e" width="79.579" height="29.4" x="-45.045" y="20.029" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter><filter id="f" width="79.579" height="29.4" x="-43.513" y="21.178" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter><filter id="g" width="74.749" height="58.852" x="15.756" y="-17.901" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="7.659"/></filter><filter id="h" width="61.377" height="25.362" x="23.548" y="2.284" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter><filter id="i" width="61.377" height="25.362" x="23.548" y="2.284" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter><filter id="j" width="56.045" height="63.649" x="-27.636" y="-22.853" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter><filter id="k" width="54.814" height="64.646" x="20.116" y="-38.415" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter><filter id="l" width="33.541" height="35.313" x="24.641" y="-11.323" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter><filter id="m" width="54.814" height="64.646" x="-29.286" y="6.009" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter><filter id="n" width="54.814" height="64.646" x="-29.286" y="6.009" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter><filter id="o" width="54.814" height="64.646" x="8.244" y="-2.416" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter><filter id="p" width="39.409" height="43.623" x="18.713" y="10.588" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17158" stdDeviation="4.596"/></filter></defs></svg>