vaspera 2.5.0

package/dist/enterprise/auth/oidc.test.js

@@ -0,0 +1,435 @@
+/**
+ * Tests for OIDC Single Sign-On
+ */
+import { describe, it, expect, beforeEach, vi } from "vitest";
+import { OIDCClient, SCIMClient, createOIDCClient, createSCIMClient, } from "./oidc.js";
+// Mock fetch
+const mockFetch = vi.fn();
+global.fetch = mockFetch;
+describe("OIDCClient", () => {
+    let config;
+    let client;
+    beforeEach(() => {
+        mockFetch.mockReset();
+        config = {
+            provider: "okta",
+            clientId: "test-client-id",
+            clientSecret: "test-client-secret",
+            issuerUrl: "https://company.okta.com",
+            redirectUri: "https://app.example.com/callback",
+        };
+        client = new OIDCClient(config);
+    });
+    describe("constructor", () => {
+        it("creates client with provided config", () => {
+            expect(client).toBeInstanceOf(OIDCClient);
+        });
+        it("merges provider-specific defaults", () => {
+            const oktaClient = new OIDCClient({ ...config, provider: "okta" });
+            expect(oktaClient).toBeInstanceOf(OIDCClient);
+        });
+        it("uses default scopes when not provided", () => {
+            const clientWithoutScopes = new OIDCClient({
+                ...config,
+                scopes: undefined,
+            });
+            expect(clientWithoutScopes).toBeInstanceOf(OIDCClient);
+        });
+        it("supports custom provider", () => {
+            const customClient = new OIDCClient({
+                ...config,
+                provider: "custom",
+                endpoints: {
+                    authorization: "https://custom.auth.com/authorize",
+                    token: "https://custom.auth.com/token",
+                },
+            });
+            expect(customClient).toBeInstanceOf(OIDCClient);
+        });
+    });
+    describe("discover", () => {
+        it("fetches OIDC discovery document", async () => {
+            const discoveryDoc = {
+                authorization_endpoint: "https://company.okta.com/authorize",
+                token_endpoint: "https://company.okta.com/token",
+                userinfo_endpoint: "https://company.okta.com/userinfo",
+                jwks_uri: "https://company.okta.com/jwks",
+            };
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => discoveryDoc,
+            });
+            const result = await client.discover();
+            expect(mockFetch).toHaveBeenCalledWith("https://company.okta.com/.well-known/openid-configuration");
+            expect(result).toEqual(discoveryDoc);
+        });
+        it("caches discovery document", async () => {
+            const discoveryDoc = {
+                authorization_endpoint: "https://company.okta.com/authorize",
+            };
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => discoveryDoc,
+            });
+            await client.discover();
+            await client.discover();
+            // Should only fetch once
+            expect(mockFetch).toHaveBeenCalledTimes(1);
+        });
+        it("throws on discovery failure", async () => {
+            mockFetch.mockResolvedValueOnce({
+                ok: false,
+                status: 404,
+                statusText: "Not Found",
+            });
+            await expect(client.discover()).rejects.toThrow("OIDC discovery failed: 404 Not Found");
+        });
+    });
+    describe("getAuthorizationUrl", () => {
+        beforeEach(() => {
+            mockFetch.mockResolvedValue({
+                ok: true,
+                json: async () => ({
+                    authorization_endpoint: "https://company.okta.com/authorize",
+                }),
+            });
+        });
+        it("generates authorization URL with PKCE", async () => {
+            const { url, state } = await client.getAuthorizationUrl();
+            expect(url).toContain("https://company.okta.com/authorize");
+            expect(url).toContain("response_type=code");
+            expect(url).toContain(`client_id=${config.clientId}`);
+            expect(url).toContain("code_challenge=");
+            expect(url).toContain("code_challenge_method=S256");
+            expect(state.codeVerifier).toBeDefined();
+            expect(state.state).toBeDefined();
+            expect(state.nonce).toBeDefined();
+        });
+        it("includes redirect URI", async () => {
+            const { url } = await client.getAuthorizationUrl();
+            expect(url).toContain(encodeURIComponent(config.redirectUri));
+        });
+        it("includes scopes", async () => {
+            const { url } = await client.getAuthorizationUrl();
+            expect(url).toContain("scope=");
+            expect(url).toContain("openid");
+        });
+    });
+    describe("exchangeCode", () => {
+        // Helper to create ID token with specific nonce
+        const createMockIdToken = (nonce) => {
+            const header = Buffer.from(JSON.stringify({ alg: "HS256", typ: "JWT" })).toString("base64url");
+            const payload = Buffer.from(JSON.stringify({
+                sub: "user123",
+                email: "user@example.com",
+                name: "Test User",
+                nonce,
+                iss: "https://company.okta.com",
+                aud: "test-client-id",
+                exp: 9999999999,
+            })).toString("base64url");
+            return `${header}.${payload}.SIGNATURE`;
+        };
+        beforeEach(() => {
+            // First call for discovery
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => ({
+                    authorization_endpoint: "https://company.okta.com/authorize",
+                    token_endpoint: "https://company.okta.com/token",
+                }),
+            });
+        });
+        it("exchanges code for tokens", async () => {
+            // Get auth URL first to store state
+            const { state } = await client.getAuthorizationUrl();
+            // Create ID token with the actual nonce from auth state
+            const mockIdToken = createMockIdToken(state.nonce);
+            // Mock token exchange
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => ({
+                    access_token: "access-token-123",
+                    id_token: mockIdToken,
+                    token_type: "Bearer",
+                    expires_in: 3600,
+                }),
+            });
+            const result = await client.exchangeCode("auth-code-123", state.state);
+            expect(result.tokens.accessToken).toBe("access-token-123");
+            expect(result.tokens.tokenType).toBe("Bearer");
+            expect(result.user.email).toBe("user@example.com");
+        });
+        it("throws on invalid state", async () => {
+            await expect(client.exchangeCode("code", "invalid-state")).rejects.toThrow("Invalid or expired authorization state");
+        });
+        it("throws on expired state", async () => {
+            const { state } = await client.getAuthorizationUrl();
+            // Manually expire the state
+            state.expiresAt = Date.now() - 1000;
+            // Need to update the stored state - this is a bit of a hack
+            // In real tests, we'd mock the time
+            await expect(client.exchangeCode("code", state.state)).rejects.toThrow();
+        });
+    });
+    describe("getUserInfo", () => {
+        it("parses ID token claims", async () => {
+            const mockIdToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyMTIzIiwiZW1haWwiOiJ1c2VyQGV4YW1wbGUuY29tIiwibmFtZSI6IlRlc3QgVXNlciIsImdpdmVuX25hbWUiOiJUZXN0IiwiZmFtaWx5X25hbWUiOiJVc2VyIn0.SIGNATURE";
+            const tokens = {
+                accessToken: "access",
+                idToken: mockIdToken,
+                tokenType: "Bearer",
+                expiresIn: 3600,
+            };
+            const user = await client.getUserInfo(tokens);
+            expect(user.id).toBe("user123");
+            expect(user.email).toBe("user@example.com");
+            expect(user.name).toBe("Test User");
+            expect(user.givenName).toBe("Test");
+            expect(user.familyName).toBe("User");
+        });
+        it("maps roles from claims", async () => {
+            const clientWithRoleMapping = new OIDCClient({
+                ...config,
+                roleMapping: {
+                    rolesClaim: "groups",
+                    mappings: {
+                        "security-admins": "admin",
+                        auditors: "auditor",
+                    },
+                    defaultRole: "viewer",
+                },
+            });
+            const mockIdToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyMTIzIiwiZW1haWwiOiJ1c2VyQGV4YW1wbGUuY29tIiwiZ3JvdXBzIjpbInNlY3VyaXR5LWFkbWlucyJdfQ.SIGNATURE";
+            const tokens = {
+                accessToken: "access",
+                idToken: mockIdToken,
+                tokenType: "Bearer",
+                expiresIn: 3600,
+            };
+            const user = await clientWithRoleMapping.getUserInfo(tokens);
+            expect(user.role).toBe("admin");
+        });
+        it("uses default role when no mapping matches", async () => {
+            const clientWithRoleMapping = new OIDCClient({
+                ...config,
+                roleMapping: {
+                    rolesClaim: "groups",
+                    mappings: {},
+                    defaultRole: "viewer",
+                },
+            });
+            const mockIdToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyMTIzIiwiZW1haWwiOiJ1c2VyQGV4YW1wbGUuY29tIiwiZ3JvdXBzIjpbInVua25vd24tZ3JvdXAiXX0.SIGNATURE";
+            const tokens = {
+                accessToken: "access",
+                idToken: mockIdToken,
+                tokenType: "Bearer",
+                expiresIn: 3600,
+            };
+            const user = await clientWithRoleMapping.getUserInfo(tokens);
+            expect(user.role).toBe("viewer");
+        });
+        it("validates nonce when provided", async () => {
+            const mockIdToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyMTIzIiwiZW1haWwiOiJ1c2VyQGV4YW1wbGUuY29tIiwibm9uY2UiOiJ3cm9uZy1ub25jZSJ9.SIGNATURE";
+            const tokens = {
+                accessToken: "access",
+                idToken: mockIdToken,
+                tokenType: "Bearer",
+                expiresIn: 3600,
+            };
+            await expect(client.getUserInfo(tokens, "expected-nonce")).rejects.toThrow("ID token nonce mismatch");
+        });
+    });
+    describe("refreshTokens", () => {
+        beforeEach(() => {
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => ({
+                    token_endpoint: "https://company.okta.com/token",
+                }),
+            });
+        });
+        it("refreshes tokens successfully", async () => {
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => ({
+                    access_token: "new-access-token",
+                    id_token: "new-id-token",
+                    token_type: "Bearer",
+                    expires_in: 3600,
+                }),
+            });
+            const tokens = await client.refreshTokens("refresh-token-123");
+            expect(tokens.accessToken).toBe("new-access-token");
+        });
+        it("throws on refresh failure", async () => {
+            // The beforeEach already sets up the discovery mock
+            // This mock is for the actual token refresh call
+            mockFetch.mockResolvedValueOnce({
+                ok: false,
+            });
+            await expect(client.refreshTokens("invalid-refresh")).rejects.toThrow("Token refresh failed");
+        });
+    });
+    describe("validateIdToken", () => {
+        it("validates token issuer and audience", async () => {
+            const mockIdToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyMTIzIiwiaXNzIjoiaHR0cHM6Ly9jb21wYW55Lm9rdGEuY29tIiwiYXVkIjoidGVzdC1jbGllbnQtaWQiLCJleHAiOjk5OTk5OTk5OTl9.SIGNATURE";
+            const valid = await client.validateIdToken(mockIdToken);
+            expect(valid).toBe(true);
+        });
+        it("rejects token with wrong issuer", async () => {
+            const mockIdToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyMTIzIiwiaXNzIjoiaHR0cHM6Ly93cm9uZy5jb20iLCJhdWQiOiJ0ZXN0LWNsaWVudC1pZCIsImV4cCI6OTk5OTk5OTk5OX0.SIGNATURE";
+            const valid = await client.validateIdToken(mockIdToken);
+            expect(valid).toBe(false);
+        });
+        it("rejects token with wrong audience", async () => {
+            const mockIdToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyMTIzIiwiaXNzIjoiaHR0cHM6Ly9jb21wYW55Lm9rdGEuY29tIiwiYXVkIjoid3JvbmctY2xpZW50IiwiZXhwIjo5OTk5OTk5OTk5fQ.SIGNATURE";
+            const valid = await client.validateIdToken(mockIdToken);
+            expect(valid).toBe(false);
+        });
+        it("rejects expired token", async () => {
+            const mockIdToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyMTIzIiwiaXNzIjoiaHR0cHM6Ly9jb21wYW55Lm9rdGEuY29tIiwiYXVkIjoidGVzdC1jbGllbnQtaWQiLCJleHAiOjF9.SIGNATURE";
+            const valid = await client.validateIdToken(mockIdToken);
+            expect(valid).toBe(false);
+        });
+    });
+});
+describe("SCIMClient", () => {
+    let client;
+    beforeEach(() => {
+        mockFetch.mockReset();
+        client = new SCIMClient("https://scim.example.com", "bearer-token");
+    });
+    describe("getUsers", () => {
+        it("fetches all users", async () => {
+            const mockUsers = [
+                { id: "1", userName: "user1", active: true, schemas: [] },
+                { id: "2", userName: "user2", active: true, schemas: [] },
+            ];
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => ({ Resources: mockUsers }),
+            });
+            const users = await client.getUsers();
+            expect(users).toHaveLength(2);
+            expect(mockFetch).toHaveBeenCalledWith("https://scim.example.com/Users", expect.objectContaining({
+                method: "GET",
+                headers: expect.objectContaining({
+                    Authorization: "Bearer bearer-token",
+                }),
+            }));
+        });
+        it("returns empty array when no resources", async () => {
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => ({}),
+            });
+            const users = await client.getUsers();
+            expect(users).toEqual([]);
+        });
+    });
+    describe("getUser", () => {
+        it("fetches user by ID", async () => {
+            const mockUser = { id: "123", userName: "test", active: true, schemas: [] };
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => mockUser,
+            });
+            const user = await client.getUser("123");
+            expect(user).toEqual(mockUser);
+            expect(mockFetch).toHaveBeenCalledWith("https://scim.example.com/Users/123", expect.any(Object));
+        });
+        it("returns null for non-existent user", async () => {
+            mockFetch.mockRejectedValueOnce(new Error("Not found"));
+            const user = await client.getUser("nonexistent");
+            expect(user).toBeNull();
+        });
+    });
+    describe("createUser", () => {
+        it("creates new user", async () => {
+            const newUser = {
+                schemas: ["urn:ietf:params:scim:schemas:core:2.0:User"],
+                userName: "newuser",
+                active: true,
+            };
+            const createdUser = { ...newUser, id: "new-id" };
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => createdUser,
+            });
+            const result = await client.createUser(newUser);
+            expect(result.id).toBe("new-id");
+            expect(mockFetch).toHaveBeenCalledWith("https://scim.example.com/Users", expect.objectContaining({
+                method: "POST",
+                body: JSON.stringify(newUser),
+            }));
+        });
+    });
+    describe("updateUser", () => {
+        it("updates existing user", async () => {
+            const updates = { active: false };
+            const updatedUser = { id: "123", userName: "test", active: false, schemas: [] };
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => updatedUser,
+            });
+            const result = await client.updateUser("123", updates);
+            expect(result.active).toBe(false);
+            expect(mockFetch).toHaveBeenCalledWith("https://scim.example.com/Users/123", expect.objectContaining({
+                method: "PATCH",
+            }));
+        });
+    });
+    describe("deleteUser", () => {
+        it("deletes user", async () => {
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+            });
+            await client.deleteUser("123");
+            expect(mockFetch).toHaveBeenCalledWith("https://scim.example.com/Users/123", expect.objectContaining({
+                method: "DELETE",
+            }));
+        });
+    });
+    describe("getGroups", () => {
+        it("fetches all groups", async () => {
+            const mockGroups = [
+                { id: "g1", displayName: "Admins", schemas: [] },
+                { id: "g2", displayName: "Users", schemas: [] },
+            ];
+            mockFetch.mockResolvedValueOnce({
+                ok: true,
+                json: async () => ({ Resources: mockGroups }),
+            });
+            const groups = await client.getGroups();
+            expect(groups).toHaveLength(2);
+        });
+    });
+    describe("error handling", () => {
+        it("throws on failed request", async () => {
+            mockFetch.mockReset();
+            mockFetch.mockResolvedValueOnce({
+                ok: false,
+                status: 401,
+            });
+            await expect(client.getUsers()).rejects.toThrow("SCIM request failed: 401");
+        });
+    });
+});
+describe("Factory Functions", () => {
+    it("createOIDCClient creates OIDCClient instance", () => {
+        const client = createOIDCClient({
+            provider: "okta",
+            clientId: "id",
+            clientSecret: "secret",
+            issuerUrl: "https://example.okta.com",
+            redirectUri: "https://app.com/callback",
+        });
+        expect(client).toBeInstanceOf(OIDCClient);
+    });
+    it("createSCIMClient creates SCIMClient instance", () => {
+        const client = createSCIMClient("https://scim.example.com", "token");
+        expect(client).toBeInstanceOf(SCIMClient);
+    });
+});
+//# sourceMappingURL=oidc.test.js.map

package/dist/enterprise/auth/oidc.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.test.js","sourceRoot":"","sources":["../../../src/enterprise/auth/oidc.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EACL,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,gBAAgB,GAGjB,MAAM,WAAW,CAAC;AAEnB,aAAa;AACb,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;AAC1B,MAAM,CAAC,KAAK,GAAG,SAAS,CAAC;AAEzB,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,IAAI,MAAkB,CAAC;IACvB,IAAI,MAAkB,CAAC;IAEvB,UAAU,CAAC,GAAG,EAAE;QACd,SAAS,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,GAAG;YACP,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,oBAAoB;YAClC,SAAS,EAAE,0BAA0B;YACrC,WAAW,EAAE,kCAAkC;SAChD,CAAC;QACF,MAAM,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;YACnE,MAAM,CAAC,UAAU,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,mBAAmB,GAAG,IAAI,UAAU,CAAC;gBACzC,GAAG,MAAM;gBACT,MAAM,EAAE,SAAS;aAClB,CAAC,CAAC;YACH,MAAM,CAAC,mBAAmB,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC;gBAClC,GAAG,MAAM;gBACT,QAAQ,EAAE,QAAQ;gBAClB,SAAS,EAAE;oBACT,aAAa,EAAE,mCAAmC;oBAClD,KAAK,EAAE,+BAA+B;iBACvC;aACF,CAAC,CAAC;YACH,MAAM,CAAC,YAAY,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;QACxB,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;YAC/C,MAAM,YAAY,GAAG;gBACnB,sBAAsB,EAAE,oCAAoC;gBAC5D,cAAc,EAAE,gCAAgC;gBAChD,iBAAiB,EAAE,mCAAmC;gBACtD,QAAQ,EAAE,+BAA+B;aAC1C,CAAC;YAEF,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,YAAY;aAC/B,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;YAEvC,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,2DAA2D,CAC5D,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;YACzC,MAAM,YAAY,GAAG;gBACnB,sBAAsB,EAAE,oCAAoC;aAC7D,CAAC;YAEF,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,YAAY;aAC/B,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;YACxB,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;YAExB,yBAAyB;YACzB,MAAM,CAAC,SAAS,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YAC3C,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,GAAG;gBACX,UAAU,EAAE,WAAW;aACxB,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAC7C,sCAAsC,CACvC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,UAAU,CAAC,GAAG,EAAE;YACd,SAAS,CAAC,iBAAiB,CAAC;gBAC1B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;oBACjB,sBAAsB,EAAE,oCAAoC;iBAC7D,CAAC;aACH,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,EAAE,CAAC;YAE1D,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,oCAAoC,CAAC,CAAC;YAC5D,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;YAC5C,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,aAAa,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;YACtD,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;YACzC,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;YACpD,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;YACzC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;YACrC,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,EAAE,CAAC;YAEnD,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iBAAiB,EAAE,KAAK,IAAI,EAAE;YAC/B,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,EAAE,CAAC;YAEnD,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YAChC,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC5B,gDAAgD;QAChD,MAAM,iBAAiB,GAAG,CAAC,KAAa,EAAE,EAAE;YAC1C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC/F,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;gBACzC,GAAG,EAAE,SAAS;gBACd,KAAK,EAAE,kBAAkB;gBACzB,IAAI,EAAE,WAAW;gBACjB,KAAK;gBACL,GAAG,EAAE,0BAA0B;gBAC/B,GAAG,EAAE,gBAAgB;gBACrB,GAAG,EAAE,UAAU;aAChB,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC1B,OAAO,GAAG,MAAM,IAAI,OAAO,YAAY,CAAC;QAC1C,CAAC,CAAC;QAEF,UAAU,CAAC,GAAG,EAAE;YACd,2BAA2B;YAC3B,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;oBACjB,sBAAsB,EAAE,oCAAoC;oBAC5D,cAAc,EAAE,gCAAgC;iBACjD,CAAC;aACH,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;YACzC,oCAAoC;YACpC,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,EAAE,CAAC;YAErD,wDAAwD;YACxD,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAEnD,sBAAsB;YACtB,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;oBACjB,YAAY,EAAE,kBAAkB;oBAChC,QAAQ,EAAE,WAAW;oBACrB,UAAU,EAAE,QAAQ;oBACpB,UAAU,EAAE,IAAI;iBACjB,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,eAAe,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAEvE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC3D,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC/C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;YACvC,MAAM,MAAM,CACV,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,eAAe,CAAC,CAC7C,CAAC,OAAO,CAAC,OAAO,CAAC,wCAAwC,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;YACvC,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,EAAE,CAAC;YAErD,4BAA4B;YAC3B,KAAa,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAE7C,4DAA4D;YAC5D,oCAAoC;YACpC,MAAM,MAAM,CACV,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,CAAC,CACzC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACtB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE;YACtC,MAAM,WAAW,GACf,4LAA4L,CAAC;YAE/L,MAAM,MAAM,GAAG;gBACb,WAAW,EAAE,QAAQ;gBACrB,OAAO,EAAE,WAAW;gBACpB,SAAS,EAAE,QAAQ;gBACnB,SAAS,EAAE,IAAI;aAChB,CAAC;YAEF,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAE9C,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC5C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE;YACtC,MAAM,qBAAqB,GAAG,IAAI,UAAU,CAAC;gBAC3C,GAAG,MAAM;gBACT,WAAW,EAAE;oBACX,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE;wBACR,iBAAiB,EAAE,OAAO;wBAC1B,QAAQ,EAAE,SAAS;qBACpB;oBACD,WAAW,EAAE,QAAQ;iBACtB;aACF,CAAC,CAAC;YAEH,MAAM,WAAW,GACf,mJAAmJ,CAAC;YAEtJ,MAAM,MAAM,GAAG;gBACb,WAAW,EAAE,QAAQ;gBACrB,OAAO,EAAE,WAAW;gBACpB,SAAS,EAAE,QAAQ;gBACnB,SAAS,EAAE,IAAI;aAChB,CAAC;YAEF,MAAM,IAAI,GAAG,MAAM,qBAAqB,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAE7D,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;YACzD,MAAM,qBAAqB,GAAG,IAAI,UAAU,CAAC;gBAC3C,GAAG,MAAM;gBACT,WAAW,EAAE;oBACX,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE,EAAE;oBACZ,WAAW,EAAE,QAAQ;iBACtB;aACF,CAAC,CAAC;YAEH,MAAM,WAAW,GACf,gJAAgJ,CAAC;YAEnJ,MAAM,MAAM,GAAG;gBACb,WAAW,EAAE,QAAQ;gBACrB,OAAO,EAAE,WAAW;gBACpB,SAAS,EAAE,QAAQ;gBACnB,SAAS,EAAE,IAAI;aAChB,CAAC;YAEF,MAAM,IAAI,GAAG,MAAM,qBAAqB,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAE7D,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;YAC7C,MAAM,WAAW,GACf,yIAAyI,CAAC;YAE5I,MAAM,MAAM,GAAG;gBACb,WAAW,EAAE,QAAQ;gBACrB,OAAO,EAAE,WAAW;gBACpB,SAAS,EAAE,QAAQ;gBACnB,SAAS,EAAE,IAAI;aAChB,CAAC;YAEF,MAAM,MAAM,CACV,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAC7C,CAAC,OAAO,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,UAAU,CAAC,GAAG,EAAE;YACd,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;oBACjB,cAAc,EAAE,gCAAgC;iBACjD,CAAC;aACH,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;YAC7C,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;oBACjB,YAAY,EAAE,kBAAkB;oBAChC,QAAQ,EAAE,cAAc;oBACxB,UAAU,EAAE,QAAQ;oBACpB,UAAU,EAAE,IAAI;iBACjB,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;YAE/D,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;YACzC,oDAAoD;YACpD,iDAAiD;YACjD,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,KAAK;aACV,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,iBAAiB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACnE,sBAAsB,CACvB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,WAAW,GACf,yKAAyK,CAAC;YAE5K,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;YAExD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;YAC/C,MAAM,WAAW,GACf,gKAAgK,CAAC;YAEnK,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;YAExD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;YACjD,MAAM,WAAW,GACf,uKAAuK,CAAC;YAE1K,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;YAExD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;YACrC,MAAM,WAAW,GACf,6JAA6J,CAAC;YAEhK,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;YAExD,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,IAAI,MAAkB,CAAC;IAEvB,UAAU,CAAC,GAAG,EAAE;QACd,SAAS,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,GAAG,IAAI,UAAU,CAAC,0BAA0B,EAAE,cAAc,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;QACxB,EAAE,CAAC,mBAAmB,EAAE,KAAK,IAAI,EAAE;YACjC,MAAM,SAAS,GAAG;gBAChB,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE;gBACzD,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE;aAC1D,CAAC;YAEF,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;aAC7C,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;YAEtC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,gCAAgC,EAChC,MAAM,CAAC,gBAAgB,CAAC;gBACtB,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC;oBAC/B,aAAa,EAAE,qBAAqB;iBACrC,CAAC;aACH,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aACvB,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;YAEtC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE;QACvB,EAAE,CAAC,oBAAoB,EAAE,KAAK,IAAI,EAAE;YAClC,MAAM,QAAQ,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;YAE5E,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,QAAQ;aAC3B,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAEzC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC/B,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,oCAAoC,EACpC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,SAAS,CAAC,qBAAqB,CAAC,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC;YAExD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAEjD,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC1B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,kBAAkB,EAAE,KAAK,IAAI,EAAE;YAChC,MAAM,OAAO,GAAG;gBACd,OAAO,EAAE,CAAC,4CAA4C,CAAC;gBACvD,QAAQ,EAAE,SAAS;gBACnB,MAAM,EAAE,IAAI;aACb,CAAC;YAEF,MAAM,WAAW,GAAG,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC;YAEjD,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,WAAW;aAC9B,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAEhD,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACjC,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,gCAAgC,EAChC,MAAM,CAAC,gBAAgB,CAAC;gBACtB,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;aAC9B,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;YACrC,MAAM,OAAO,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAClC,MAAM,WAAW,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;YAEhF,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,WAAW;aAC9B,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAEvD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAClC,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,oCAAoC,EACpC,MAAM,CAAC,gBAAgB,CAAC;gBACtB,MAAM,EAAE,OAAO;aAChB,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,cAAc,EAAE,KAAK,IAAI,EAAE;YAC5B,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAE/B,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,oCAAoC,EACpC,MAAM,CAAC,gBAAgB,CAAC;gBACtB,MAAM,EAAE,QAAQ;aACjB,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;QACzB,EAAE,CAAC,oBAAoB,EAAE,KAAK,IAAI,EAAE;YAClC,MAAM,UAAU,GAAG;gBACjB,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE;gBAChD,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE;aAChD,CAAC;YAEF,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;aAC9C,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,CAAC;YAExC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;YACxC,SAAS,CAAC,SAAS,EAAE,CAAC;YACtB,SAAS,CAAC,qBAAqB,CAAC;gBAC9B,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,GAAG;aACZ,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;QAC9E,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG,gBAAgB,CAAC;YAC9B,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,IAAI;YACd,YAAY,EAAE,QAAQ;YACtB,SAAS,EAAE,0BAA0B;YACrC,WAAW,EAAE,0BAA0B;SACxC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,0BAA0B,EAAE,OAAO,CAAC,CAAC;QAErE,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/enterprise/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Enterprise Features
+ *
+ * Enterprise-grade integrations for authentication, policy,
+ * ticketing, notifications, and signing.
+ *
+ * @module enterprise
+ */
+export { OIDCClient, SCIMClient, createOIDCClient, createSCIMClient, type OIDCConfig, type OIDCProvider, type OIDCUser, type OIDCTokens, type RoleMapping, type VasperaRole, type AuthState, type SCIMUser, type SCIMGroup, } from "./auth/oidc.js";
+export { OPAClient, createOPAClient, createLocalOPAClient, createRemoteOPAClient, generateDefaultPolicy, generateSOC2Policy, policyResultToFindings, type OPAConfig, type OPAMode, type PolicyInput, type PolicyResult, type ComplianceFinding, type FindingSummary, } from "./policy/opa.js";
+export { TicketingClient, JiraClient, ServiceNowClient, LinearClient, createTicketingClient, createJiraClient, createServiceNowClient, createLinearClient, type TicketingConfig, type TicketingPlatform, type CreateTicketRequest, type TicketResponse, type BatchTicketResult, type JiraConfig, type ServiceNowConfig, type LinearConfig, } from "./integrations/ticketing.js";
+export { ChatClient, SlackClient, TeamsClient, DiscordClient, MultiPlatformNotifier, createChatClient, createSlackClient, createTeamsClient, createDiscordClient, createMultiPlatformNotifier, type ChatConfig, type ChatPlatform, type CertificationNotification, type FindingsSummary, type NotificationResult, } from "./integrations/chat.js";
+export { KMSClient, AWSKMSClient, GCPKMSClient, VaultClient, LocalKeyClient, createKMSClient, createAWSKMSClient, createGCPKMSClient, createVaultClient, createLocalKeyClient, type KMSConfig, type KMSProvider, type KMSSignedArtifact, type KMSVerificationResult, } from "./signing/kms.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/enterprise/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/enterprise/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,QAAQ,EACb,KAAK,SAAS,GACf,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,SAAS,EACT,eAAe,EACf,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,KAAK,SAAS,EACd,KAAK,OAAO,EACZ,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,iBAAiB,EACtB,KAAK,cAAc,GACpB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,eAAe,EACf,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,qBAAqB,EACrB,gBAAgB,EAChB,sBAAsB,EACtB,kBAAkB,EAClB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,EACxB,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,UAAU,EACf,KAAK,gBAAgB,EACrB,KAAK,YAAY,GAClB,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EACL,UAAU,EACV,WAAW,EACX,WAAW,EACX,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,2BAA2B,EAC3B,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,yBAAyB,EAC9B,KAAK,eAAe,EACpB,KAAK,kBAAkB,GACxB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,EACjB,oBAAoB,EACpB,KAAK,SAAS,EACd,KAAK,WAAW,EAChB,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,GAC3B,MAAM,kBAAkB,CAAC"}

package/dist/enterprise/index.js

@@ -0,0 +1,19 @@
+/**
+ * Enterprise Features
+ *
+ * Enterprise-grade integrations for authentication, policy,
+ * ticketing, notifications, and signing.
+ *
+ * @module enterprise
+ */
+// Authentication - OIDC SSO
+export { OIDCClient, SCIMClient, createOIDCClient, createSCIMClient, } from "./auth/oidc.js";
+// Policy - OPA/Rego
+export { OPAClient, createOPAClient, createLocalOPAClient, createRemoteOPAClient, generateDefaultPolicy, generateSOC2Policy, policyResultToFindings, } from "./policy/opa.js";
+// Ticketing - Jira, ServiceNow, Linear
+export { TicketingClient, JiraClient, ServiceNowClient, LinearClient, createTicketingClient, createJiraClient, createServiceNowClient, createLinearClient, } from "./integrations/ticketing.js";
+// Chat - Slack, Teams, Discord
+export { ChatClient, SlackClient, TeamsClient, DiscordClient, MultiPlatformNotifier, createChatClient, createSlackClient, createTeamsClient, createDiscordClient, createMultiPlatformNotifier, } from "./integrations/chat.js";
+// KMS Signing - AWS, GCP, Vault
+export { KMSClient, AWSKMSClient, GCPKMSClient, VaultClient, LocalKeyClient, createKMSClient, createAWSKMSClient, createGCPKMSClient, createVaultClient, createLocalKeyClient, } from "./signing/kms.js";
+//# sourceMappingURL=index.js.map

package/dist/enterprise/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/enterprise/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,4BAA4B;AAC5B,OAAO,EACL,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,gBAAgB,GAUjB,MAAM,gBAAgB,CAAC;AAExB,oBAAoB;AACpB,OAAO,EACL,SAAS,EACT,eAAe,EACf,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,GAOvB,MAAM,iBAAiB,CAAC;AAEzB,uCAAuC;AACvC,OAAO,EACL,eAAe,EACf,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,qBAAqB,EACrB,gBAAgB,EAChB,sBAAsB,EACtB,kBAAkB,GASnB,MAAM,6BAA6B,CAAC;AAErC,+BAA+B;AAC/B,OAAO,EACL,UAAU,EACV,WAAW,EACX,WAAW,EACX,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,2BAA2B,GAM5B,MAAM,wBAAwB,CAAC;AAEhC,gCAAgC;AAChC,OAAO,EACL,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,EACjB,oBAAoB,GAKrB,MAAM,kBAAkB,CAAC"}