stratal 0.0.19 → 0.0.20

package/dist/rate-limiter/index.d.mts

@@ -0,0 +1,420 @@
+import { Cn as ModuleContext, Dr as Container, En as OnInitialize, Tn as OnException, V as RouterContext, d as ApplicationError, gn as AsyncModuleOptions, jn as ExceptionHandler, o as HttpException, on as Middleware, sn as Next, vn as DynamicModule } from "../index-D0US0X14.mjs";
+import { t as Constructor } from "../types-cySNS_lp.mjs";
+import { t as Macroable } from "../index-7-hU3GTV.mjs";
+import { t as StratalEnv } from "../env-D1rcZ8_r.mjs";
+import { t as CacheService } from "../cache.service-DsnKuNyO.mjs";
+
+//#region src/rate-limiter/errors.d.ts
+/**
+ * Thrown when a request exceeds a configured rate limit.
+ *
+ * HTTP Status: 429 Too Many Requests
+ * Error Code:  4290
+ *
+ * The {@link ExceptionHandler} renders the body via content negotiation
+ * (HTML for HTML clients, JSON for everything else). Standard rate-limit
+ * headers (`Retry-After`, `X-RateLimit-*`) are injected by the
+ * `respond()` callback registered via `RateLimiterModule.onException`.
+ */
+declare class TooManyRequestsError extends HttpException {
+  readonly info: {
+    retryAfter: number;
+    limit: number;
+    resetAt: number;
+  };
+  constructor(info: {
+    retryAfter: number;
+    limit: number;
+    resetAt: number;
+  });
+}
+/**
+ * Thrown when `RateLimiterRegistry.handle(name, ...)` is invoked for a
+ * name that was never registered via `.for()`.
+ *
+ * Most likely cause: a typo in `router.throttle('foo')` or `@RateLimit('foo')`,
+ * or the module that registers the limiter is missing from imports.
+ */
+declare class RateLimiterNotDefinedError extends ApplicationError {
+  readonly limiterName: string;
+  constructor(limiterName: string);
+}
+/**
+ * Thrown by `RateLimiterStoreFactory.create()` (during the module's eager
+ * `onInitialize` validation) when the user imported `RateLimiterModule`
+ * without calling `.forRoot({ store: ... })`. There is no implicit default
+ * store — the user must pick one.
+ */
+declare class RateLimiterNotConfiguredError extends HttpException {
+  constructor();
+}
+/**
+ * Thrown when a throttled route fires but `RateLimiterModule` was never
+ * imported in the user's AppModule (so the registry token is unbound).
+ *
+ * Distinct from {@link RateLimiterNotConfiguredError}, which fires when
+ * the module IS imported but `forRoot` was not called.
+ */
+declare class RateLimiterModuleNotImportedError extends ApplicationError {
+  readonly limiterName: string;
+  constructor(limiterName: string);
+}
+//#endregion
+//#region src/rate-limiter/limit.d.ts
+/**
+ * Standard rate-limit response headers passed to custom response handlers.
+ * Keys are canonical HTTP header names; values are the stringified counts.
+ */
+interface RateLimitHeaders {
+  'Retry-After': string;
+  'X-RateLimit-Limit': string;
+  'X-RateLimit-Remaining': string;
+  'X-RateLimit-Reset': string;
+}
+/**
+ * Custom response handler invoked when a limit is exceeded and the user
+ * supplied `.response()` on the {@link Limit}. Receives the request context
+ * and the precomputed standard headers (which the handler can spread, drop,
+ * or override).
+ */
+type RateLimitResponseHandler = (ctx: RouterContext, headers: RateLimitHeaders) => Response | Promise<Response>;
+/**
+ * A single rate limit window.
+ *
+ * Build via the static factories (`perSecond`, `perMinute`, `perMinutes`,
+ * `perHour`, `perDay`, `none`). Chain `.by(key)` to scope per-actor and
+ * `.response(handler)` to override the default 429 response.
+ *
+ * Returned (singly or as an array) by limiter resolvers registered via
+ * `RateLimiterRegistry.for()`.
+ *
+ * @example
+ * ```typescript
+ * Limit.perMinute(60).by(ctx.header('cf-connecting-ip') ?? 'global')
+ * Limit.perHour(100).by(userId)
+ * Limit.none()                                // bypass
+ * ```
+ */
+declare class Limit {
+  readonly windowSeconds: number;
+  readonly max: number;
+  readonly disabled: boolean;
+  private _key?;
+  private _customResponse?;
+  private constructor();
+  static perSecond(max: number): Limit;
+  static perSeconds(seconds: number, max: number): Limit;
+  static perMinute(max: number): Limit;
+  static perMinutes(minutes: number, max: number): Limit;
+  static perHour(max: number): Limit;
+  static perDay(max: number): Limit;
+  /** Bypass the limiter entirely for this request. */
+  static none(): Limit;
+  /** Scope this limit to a specific actor (user id, IP, tenant, etc.). */
+  by(key: string | number): this;
+  /**
+   * Override the default 429 response. The handler receives the standard
+   * `RateLimitHeaders` so it can spread them onto its own Response or omit
+   * them as it sees fit.
+   */
+  response(handler: RateLimitResponseHandler): this;
+  get key(): string | undefined;
+  get customResponse(): RateLimitResponseHandler | undefined;
+}
+//#endregion
+//#region src/rate-limiter/stores/rate-limiter-store.interface.d.ts
+/**
+ * Result of a single hit against the rate limiter (registry-internal).
+ *
+ * The store no longer participates in the increment — it's a typed KV.
+ * `RateLimiterRegistry.handle()` produces this value as it runs the
+ * get-modify-set sequence.
+ */
+interface RateLimitHit {
+  /** Counter value AFTER the increment (1 on first hit). */
+  count: number;
+  /** Absolute reset timestamp in milliseconds since epoch. */
+  resetAt: number;
+}
+/**
+ * Pluggable backend for rate-limit storage — a typed key-value store with TTL.
+ *
+ * The framework ships `KvRateLimiterStore` (Cloudflare KV) and
+ * `InMemoryRateLimiterStore` (tests). Users can register a custom
+ * implementation through `RateLimiterModule.forRoot({ store: { useClass: ... } })`.
+ *
+ * The increment logic lives in `RateLimiterRegistry`; the store only persists
+ * arbitrary values keyed by string. Same shape consumed by the better-auth
+ * bridge in `@stratal/framework/auth`, which stores its own `RateLimit`
+ * records here under a separate key namespace.
+ */
+interface IRateLimiterStore {
+  /**
+   * Read the value at `key`. Returns `null` when missing or expired.
+   * Implementations are responsible for honouring TTL (lazy or active).
+   */
+  get<T = unknown>(key: string): Promise<T | null>;
+  /**
+   * Write `value` at `key` with `ttlSeconds` TTL. Overwrites any existing
+   * value. The TTL resets on every write — callers compute the remaining
+   * window themselves and pass it explicitly.
+   */
+  set<T = unknown>(key: string, value: T, ttlSeconds: number): Promise<void>;
+  /**
+   * Remove `key`. No-op when missing.
+   */
+  delete(key: string): Promise<void>;
+}
+//#endregion
+//#region src/rate-limiter/rate-limiter-registry.d.ts
+/**
+ * Resolver function registered via {@link RateLimiterRegistry.for}. Receives
+ * the request context and returns the limit (or limits) that apply to this
+ * request. Return `Limit.none()` to bypass for the current request.
+ */
+type LimitResolver = (ctx: RouterContext) => Limit | Limit[] | Promise<Limit | Limit[]>;
+/**
+ * Central registry of named rate limiters and the request-time enforcement
+ * pipeline. Resolved as a singleton; consumed by `ThrottleMiddleware`.
+ *
+ * Register limiters in a module's `onInitialize` hook:
+ * ```typescript
+ * @Module({})
+ * export class RateLimitsModule implements OnInitialize {
+ *   onInitialize({ container }: ModuleContext): void {
+ *     const limiter = container.resolve<RateLimiterRegistry>(RATE_LIMITER_TOKENS.Registry)
+ *     limiter.for('api', (ctx) => Limit.perMinute(60).by(ctx.header('cf-connecting-ip') ?? '*'))
+ *   }
+ * }
+ * ```
+ *
+ * Extensible via `Macroable`: adapter packages (e.g. `@stratal/framework/auth`)
+ * can attach extra registration methods such as `forPath()` for better-auth
+ * `customRules` interop.
+ */
+declare class RateLimiterRegistry extends Macroable {
+  private readonly store;
+  private readonly resolvers;
+  constructor(store: IRateLimiterStore);
+  /**
+   * Register a named limiter. Names must be unique; calling `for()` again
+   * with the same name overwrites the previous resolver (matches Laravel
+   * `RateLimiter::for` semantics — last definition wins).
+   */
+  for(name: string, resolver: LimitResolver): void;
+  has(name: string): boolean;
+  /**
+   * Enforce the named limiter for the current request. Called by
+   * `ThrottleMiddleware` (the per-name class produced by
+   * `createThrottleMiddleware`). Resolves the limiter, increments the store
+   * for each non-bypassed limit, sets `X-RateLimit-*` headers on success, and
+   * either invokes the limit's custom `.response()` or throws
+   * {@link TooManyRequestsError} when a limit is exceeded.
+   */
+  handle(name: string, ctx: RouterContext, next: Next): Promise<Response | void>;
+  /**
+   * Get-modify-set increment over the typed KV store. Not atomic across
+   * concurrent edge requests on KV — see `KvRateLimiterStore`'s caveat.
+   */
+  private hit;
+  private makeKey;
+  private makeHeaders;
+}
+//#endregion
+//#region src/rate-limiter/stores/store-factory.d.ts
+/**
+ * Configuration for `RateLimiterModule.forRoot()`. Picks the backing store.
+ *
+ * - `'kv'`: Cloudflare KV. `binding` names the KVNamespace on `StratalEnv`.
+ * - `'memory'`: in-process Map. Tests / single-isolate only.
+ * - `{ useClass }`: any class implementing `IRateLimiterStore`. Resolved
+ *   from the DI container (so the class can declare its own `@inject` deps,
+ *   e.g. a Durable Object namespace from `StratalEnv`).
+ */
+type RateLimiterModuleOptions = {
+  store: 'kv';
+  binding: keyof StratalEnv;
+} | {
+  store: 'memory';
+} | {
+  store: {
+    useClass: Constructor<IRateLimiterStore>;
+  };
+};
+declare class RateLimiterStoreFactory {
+  private readonly env;
+  private readonly cache;
+  private readonly container;
+  private readonly options?;
+  constructor(env: StratalEnv, cache: CacheService, container: Container, options?: RateLimiterModuleOptions | undefined);
+  create(): IRateLimiterStore;
+}
+//#endregion
+//#region src/rate-limiter/rate-limiter.module.d.ts
+/**
+ * Rate limiter module — opt-in, NOT registered automatically by Application.
+ *
+ * Usage:
+ * ```typescript
+ * @Module({
+ *   imports: [RateLimiterModule.forRoot({ store: 'kv', binding: 'RATE_LIMITS' })],
+ * })
+ * export class AppModule {}
+ * ```
+ *
+ * Define limiters in any module's `onInitialize` hook by resolving
+ * `RATE_LIMITER_TOKENS.Registry` from the container. Apply them with
+ * `router.throttle('name')` or `@RateLimit('name')`.
+ *
+ * The module:
+ *  - eagerly validates the store at app boot (`onInitialize` resolves the
+ *    factory and calls `create()`); a missing `forRoot` surfaces
+ *    `RateLimiterNotConfiguredError` before any request is served.
+ *  - registers a `respond()` callback on the `ExceptionHandler` (via
+ *    `onException`) that injects `Retry-After` and `X-RateLimit-*` headers
+ *    on every {@link TooManyRequestsError} response, regardless of whether
+ *    the body was rendered as JSON, HTML, or via Inertia.
+ */
+declare class RateLimiterModule implements OnInitialize, OnException {
+  /**
+   * Configure the rate limiter with a store choice.
+   *
+   * @param options - `{ store: 'kv', binding }` | `{ store: 'memory' }` | `{ store: { useClass } }`
+   */
+  static forRoot(options: RateLimiterModuleOptions): DynamicModule;
+  /**
+   * Async configuration. Use when store options depend on other services
+   * (e.g. ConfigService).
+   */
+  static forRootAsync(options: AsyncModuleOptions<RateLimiterModuleOptions>): DynamicModule;
+  /**
+   * Eagerly resolve the store so a missing `forRoot()` fails at boot,
+   * not on the first throttled request. Also registers a per-app marker
+   * value so ThrottleMiddleware can distinguish "module imported into this
+   * app" from "module class loaded somewhere in the process" (the latter is
+   * indistinguishable at the DI layer because @Module's `registry()` call
+   * binds providers globally at decoration time).
+   */
+  onInitialize({
+    container
+  }: ModuleContext): void;
+  /**
+   * Inject `Retry-After` + `X-RateLimit-*` headers on every 429 response.
+   * The body itself is rendered by `ExceptionHandler.defaultRender` —
+   * content-negotiated, so HTML clients (browsers, Inertia) and JSON
+   * clients both get the right shape.
+   */
+  onException(handler: ExceptionHandler): void;
+}
+//#endregion
+//#region src/rate-limiter/rate-limiter.tokens.d.ts
+declare const RATE_LIMITER_TOKENS: {
+  readonly Registry: symbol;
+  readonly Store: symbol;
+  readonly StoreFactory: symbol;
+  readonly Options: symbol;
+  /**
+   * Per-app marker registered by RateLimiterModule.onInitialize. Used by
+   * ThrottleMiddleware to detect "module not imported" — the @Module
+   * decorator globally registers providers via tsyringe's registry(),
+   * so the Registry/Store tokens are globally bound the moment the module
+   * file is loaded. The only way to confirm the module was actually wired
+   * into the *user's* AppModule is to look for an artifact registered
+   * inside the user's app container (not the root container).
+   */
+  readonly ModuleMarker: symbol;
+};
+type RateLimiterToken = (typeof RATE_LIMITER_TOKENS)[keyof typeof RATE_LIMITER_TOKENS];
+//#endregion
+//#region src/rate-limiter/throttle.middleware.d.ts
+/**
+ * Memoized factory that produces a Stratal `Middleware` class bound to a
+ * named limiter. Calling twice with the same name returns the *same* class
+ * — important for `Router.middleware` deduplication via class identity.
+ *
+ * Detection of "module not imported" works against a per-app marker
+ * registered by `RateLimiterModule.onInitialize` (NOT via inject decorator,
+ * because tsyringe would still try to construct Registry — whose Store
+ * inject would explode with a less-actionable tsyringe wrapping). We hold
+ * the user's container, then check `isRegistered(marker, recursive=true)`
+ * at request time before resolving Registry.
+ */
+declare function createThrottleMiddleware(name: string): Constructor<Middleware>;
+//#endregion
+//#region src/rate-limiter/decorators/rate-limit.decorator.d.ts
+/**
+ * Apply a named rate limiter to a controller class or a single route method.
+ *
+ * Stacks: multiple `@RateLimit` decorators on the same target push onto
+ * the metadata array — every named limiter is enforced. Class-level limits
+ * run before method-level limits in the resulting middleware chain.
+ *
+ * The named limiter must be registered separately via
+ * `RateLimiterRegistry.for('name', resolver)` (typically inside a
+ * module's `onInitialize` hook) and the user must import
+ * `RateLimiterModule.forRoot({ store: ... })` in their AppModule.
+ *
+ * @example
+ * ```typescript
+ * @Controller('/api/v1/users')
+ * @RateLimit('api')
+ * export class UsersController {
+ *   @Get('/')
+ *   list(ctx: RouterContext) { ... }
+ *
+ *   @Post('/')
+ *   @RateLimit('writes')           // stacks with class-level 'api'
+ *   create(ctx: RouterContext) { ... }
+ * }
+ * ```
+ */
+declare function RateLimit(name: string): ClassDecorator & MethodDecorator;
+/**
+ * Read the rate-limit names attached to a class or method via `@RateLimit`.
+ * Returns an empty array when no decorator was applied.
+ *
+ * @param target - For class metadata, pass the controller constructor.
+ *   For method metadata, pass `Controller.prototype` and the method name.
+ */
+declare function getRateLimits(target: object, propertyKey?: string): string[];
+//#endregion
+//#region src/rate-limiter/stores/kv-store.d.ts
+/**
+ * Cloudflare KV-backed typed KV store.
+ *
+ * KV's minimum `expirationTtl` is 60 seconds; sub-60s windows are still
+ * enforced by the registry's algorithm via the persisted `resetAt`, but
+ * the key itself may live in KV longer than the logical window.
+ *
+ * KV has no native atomic increment, so concurrent writes from different
+ * edge locations may undercount under high contention. That's an inherent
+ * KV tradeoff — pick `{ useClass: MyDurableObjectStore }` for strict
+ * accuracy across edges.
+ */
+declare class KvRateLimiterStore implements IRateLimiterStore {
+  private readonly cache;
+  constructor(cache: CacheService);
+  get<T>(key: string): Promise<T | null>;
+  set<T>(key: string, value: T, ttlSeconds: number): Promise<void>;
+  delete(key: string): Promise<void>;
+}
+//#endregion
+//#region src/rate-limiter/stores/memory-store.d.ts
+/**
+ * In-process Map-backed typed KV store.
+ *
+ * Suitable for tests and single-isolate scenarios. Not safe across
+ * Cloudflare Worker isolates — entries reset whenever a fresh isolate
+ * spins up. Use `KvRateLimiterStore` (or a custom Durable Object store)
+ * for production. Expiry is lazy: stale entries are dropped on the next
+ * `get`.
+ */
+declare class InMemoryRateLimiterStore implements IRateLimiterStore {
+  private readonly entries;
+  get<T>(key: string): Promise<T | null>;
+  set<T>(key: string, value: T, ttlSeconds: number): Promise<void>;
+  delete(key: string): Promise<void>;
+}
+//#endregion
+export { type IRateLimiterStore, InMemoryRateLimiterStore, KvRateLimiterStore, Limit, type LimitResolver, RATE_LIMITER_TOKENS, RateLimit, type RateLimitHeaders, type RateLimitHit, type RateLimitResponseHandler, RateLimiterModule, RateLimiterModuleNotImportedError, type RateLimiterModuleOptions, RateLimiterNotConfiguredError, RateLimiterNotDefinedError, RateLimiterRegistry, RateLimiterStoreFactory, type RateLimiterToken, TooManyRequestsError, createThrottleMiddleware, getRateLimits };
+//# sourceMappingURL=index.d.mts.map

package/dist/rate-limiter/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/rate-limiter/errors.ts","../../src/rate-limiter/limit.ts","../../src/rate-limiter/stores/rate-limiter-store.interface.ts","../../src/rate-limiter/rate-limiter-registry.ts","../../src/rate-limiter/stores/store-factory.ts","../../src/rate-limiter/rate-limiter.module.ts","../../src/rate-limiter/rate-limiter.tokens.ts","../../src/rate-limiter/throttle.middleware.ts","../../src/rate-limiter/decorators/rate-limit.decorator.ts","../../src/rate-limiter/stores/kv-store.ts","../../src/rate-limiter/stores/memory-store.ts"],"mappings":";;;;;;;;;;;;;AAcA;;;;;cAAa,oBAAA,SAA6B,aAAA;EAAA,SAEtB,IAAA;IAAQ,UAAA;IAAoB,KAAA;IAAe,OAAA;EAAA;cAA3C,IAAA;IAAQ,UAAA;IAAoB,KAAA;IAAe,OAAA;EAAA;AAAA;;;;;;;;cAclD,0BAAA,SAAmC,gBAAA;EAAA,SAClB,WAAA;cAAA,WAAA;AAAA;;;;AA6B9B;;;cAda,6BAAA,SAAsC,aAAA;EAAA,WAAA,CAAA;AAAA;;;;;;;;cActC,iCAAA,SAA0C,gBAAA;EAAA,SACzB,WAAA;cAAA,WAAA;AAAA;;;;;;;UCvDb,gBAAA;EACf,aAAA;EACA,mBAAA;EACA,uBAAA;EACA,mBAAA;AAAA;;;;;;;KASU,wBAAA,IACV,GAAA,EAAK,aAAA,EACL,OAAA,EAAS,gBAAA,KACN,QAAA,GAAW,OAAA,CAAQ,QAAA;;;;;;ADQxB;;;;;;;;;;AAgBA;;cCLa,KAAA;EAAA,SAKO,aAAA;EAAA,SACA,GAAA;EAAA,SACA,QAAA;EAAA,QANV,IAAA;EAAA,QACA,eAAA;EAAA,QAED,WAAA,CAAA;EAAA,OAMA,SAAA,CAAU,GAAA,WAAc,KAAA;EAAA,OAIxB,UAAA,CAAW,OAAA,UAAiB,GAAA,WAAc,KAAA;EAAA,OAI1C,SAAA,CAAU,GAAA,WAAc,KAAA;EAAA,OAIxB,UAAA,CAAW,OAAA,UAAiB,GAAA,WAAc,KAAA;EAAA,OAI1C,OAAA,CAAQ,GAAA,WAAc,KAAA;EAAA,OAItB,MAAA,CAAO,GAAA,WAAc,KAAA;;SAKrB,IAAA,CAAA,GAAQ,KAAA;;EAKf,EAAA,CAAG,GAAA;EA3E4B;;;;;EAqF/B,QAAA,CAAS,OAAA,EAAS,wBAAA;EAAA,IAKd,GAAA,CAAA;EAAA,IAIA,cAAA,CAAA,GAAkB,wBAAA;AAAA;;;;;;;;;;UC7FP,YAAA;EFOiB;EELhC,KAAA;EFKqD;EEHrD,OAAA;AAAA;;;;;;;;;;;AFmBF;;UEJiB,iBAAA;EFI+C;;;;EEC9D,GAAA,cAAiB,GAAA,WAAc,OAAA,CAAQ,CAAA;EFAQ;;AAejD;;;EERE,GAAA,cAAiB,GAAA,UAAa,KAAA,EAAO,CAAA,EAAG,UAAA,WAAqB,OAAA;;AFsB/D;;EEjBE,MAAA,CAAO,GAAA,WAAc,OAAA;AAAA;;;;;AF7BvB;;;KGCY,aAAA,IACV,GAAA,EAAK,aAAA,KACF,KAAA,GAAQ,KAAA,KAAU,OAAA,CAAQ,KAAA,GAAQ,KAAA;;;;;;;;;;;;;AHavC;;;;;;;cGoBa,mBAAA,SAA4B,SAAA;EAAA,iBAIe,KAAA;EAAA,iBAHrC,SAAA;cAGqC,KAAA,EAAO,iBAAA;EHRpB;;;;AAc3C;EGIE,GAAA,CAAI,IAAA,UAAc,QAAA,EAAU,aAAA;EAI5B,GAAA,CAAI,IAAA;EHRiE;;;;;;;;EGoB/D,MAAA,CAAO,IAAA,UAAc,GAAA,EAAK,aAAA,EAAe,IAAA,EAAM,IAAA,GAAO,OAAA,CAAQ,QAAA;;AF1EtE;;;UE4IgB,GAAA;EAAA,QAgBN,OAAA;EAAA,QAKA,WAAA;AAAA;;;;;AHzJV;;;;;;;KISY,wBAAA;EACN,KAAA;EAAa,OAAA,QAAe,UAAA;AAAA;EAC5B,KAAA;AAAA;EACA,KAAA;IAAS,QAAA,EAAU,WAAA,CAAY,iBAAA;EAAA;AAAA;AAAA,cAOxB,uBAAA;EAAA,iBAEyC,GAAA;EAAA,iBACE,KAAA;EAAA,iBACV,SAAA;EAAA,iBAEzB,OAAA;cAJiC,GAAA,EAAK,UAAA,EACH,KAAA,EAAO,YAAA,EACjB,SAAA,EAAW,SAAA,EAEpC,OAAA,GAAU,wBAAA;EAG7B,MAAA,CAAA,GAAU,iBAAA;AAAA;;;;;;;AJ5BZ;;;;;;;;;;;;;;;;AAgBA;;;;cKgBa,iBAAA,YAA6B,YAAA,EAAc,WAAA;ELf1B;;;;;EAAA,OKqBrB,OAAA,CAAQ,OAAA,EAAS,wBAAA,GAA2B,aAAA;ELNV;;;;EAAA,OKmBlC,YAAA,CAAa,OAAA,EAAS,kBAAA,CAAmB,wBAAA,IAA4B,aAAA;ELL/B;;;;;;;;EK0B7C,YAAA,CAAA;IAAe;EAAA,GAAa,aAAA;;;;AJhF9B;;;EI2FE,WAAA,CAAY,OAAA,EAAS,gBAAA;AAAA;;;cCjGV,mBAAA;EAAA;;;;;;ANcb;;;;;;;;;KMGY,gBAAA,WAA2B,mBAAA,eAAkC,mBAAA;;;;;;;;ANHzE;;;;;;;iBOUgB,wBAAA,CAAyB,IAAA,WAAe,WAAA,CAAY,UAAA;;;;;;;;;;APVpE;;;;;;;;;;;;;;;;AAgBA;;;iBQAgB,SAAA,CAAU,IAAA,WAAe,cAAA,GAAiB,eAAA;;;;;;;ARgB1D;iBQGgB,aAAA,CAAc,MAAA,UAAgB,WAAA;;;;;;;;ARnC9C;;;;;;;cSCa,kBAAA,YAA8B,iBAAA;EAAA,iBACZ,KAAA;cAAA,KAAA,EAAO,YAAA;EAE9B,GAAA,GAAA,CAAO,GAAA,WAAc,OAAA,CAAQ,CAAA;EAI7B,GAAA,GAAA,CAAO,GAAA,UAAa,KAAA,EAAO,CAAA,EAAG,UAAA,WAAqB,OAAA;EAKnD,MAAA,CAAO,GAAA,WAAc,OAAA;AAAA;;;;;;;;;ATb7B;;;cUEa,wBAAA,YAAoC,iBAAA;EAAA,iBAC9B,OAAA;EAEjB,GAAA,GAAA,CAAO,GAAA,WAAc,OAAA,CAAQ,CAAA;EAU7B,GAAA,GAAA,CAAO,GAAA,UAAa,KAAA,EAAO,CAAA,EAAG,UAAA,WAAqB,OAAA;EAKnD,MAAA,CAAO,GAAA,WAAc,OAAA;AAAA"}