workos 0.12.0-beta.1 → 0.12.0

package/dist/emulate/workos/helpers.js

@@ -1,7 +1,24 @@
 import { randomBytes, createHash, createCipheriv } from 'node:crypto';
 import { WorkOSApiError } from '../core/index.js';
-export function formatOrganization(org, ws) {
-    const domains = ws.organizationDomains.findBy('organization_id', org.id).map(formatDomain);
+const INTERNAL_FIELDS = new Set(['password_hash', 'code_challenge', 'code_challenge_method']);
+export function formatEntity(entity, opts) {
+    const exclude = opts?.exclude ?? INTERNAL_FIELDS;
+    const result = {};
+    for (const [key, value] of Object.entries(entity)) {
+        if (!exclude.has(key))
+            result[key] = value;
+    }
+    return result;
+}
+export function formatListResponse(result, formatter) {
+    return {
+        object: 'list',
+        data: result.data.map(formatter),
+        list_metadata: result.list_metadata,
+    };
+}
+export function formatOrganization(org, ws, opts) {
+    const domains = (opts?.domains ?? ws.organizationDomains.findBy('organization_id', org.id)).map(formatDomain);
     return {
         object: 'organization',
         id: org.id,
@@ -15,120 +32,32 @@ export function formatOrganization(org, ws) {
     };
 }
 export function formatDomain(domain) {
-    return {
-        object: 'organization_domain',
-        id: domain.id,
-        organization_id: domain.organization_id,
-        domain: domain.domain,
-        state: domain.state,
-        verification_strategy: domain.verification_strategy,
-        verification_token: domain.verification_token,
-        verification_prefix: domain.verification_prefix,
-        created_at: domain.created_at,
-        updated_at: domain.updated_at,
-    };
+    return formatEntity(domain);
 }
 export function formatMembership(m) {
-    return {
-        object: 'organization_membership',
-        id: m.id,
-        organization_id: m.organization_id,
-        user_id: m.user_id,
-        role: m.role,
-        status: m.status,
-        external_id: m.external_id,
-        metadata: m.metadata,
-        created_at: m.created_at,
-        updated_at: m.updated_at,
-    };
+    return formatEntity(m);
 }
+const USER_EXCLUDE = new Set([...INTERNAL_FIELDS, 'impersonator']);
 export function formatUser(user) {
-    return {
-        object: 'user',
-        id: user.id,
-        email: user.email,
-        first_name: user.first_name,
-        last_name: user.last_name,
-        email_verified: user.email_verified,
-        profile_picture_url: user.profile_picture_url,
-        last_sign_in_at: user.last_sign_in_at,
-        external_id: user.external_id,
-        metadata: user.metadata,
-        locale: user.locale,
-        created_at: user.created_at,
-        updated_at: user.updated_at,
-    };
+    return formatEntity(user, { exclude: USER_EXCLUDE });
 }
 export function formatSession(s) {
-    return {
-        object: 'session',
-        id: s.id,
-        user_id: s.user_id,
-        organization_id: s.organization_id,
-        ip_address: s.ip_address,
-        user_agent: s.user_agent,
-        created_at: s.created_at,
-        updated_at: s.updated_at,
-    };
+    return formatEntity(s);
 }
 export function formatEmailVerification(ev) {
-    return {
-        object: 'email_verification',
-        id: ev.id,
-        user_id: ev.user_id,
-        email: ev.email,
-        code: ev.code,
-        expires_at: ev.expires_at,
-        created_at: ev.created_at,
-        updated_at: ev.updated_at,
-    };
+    return formatEntity(ev);
 }
 export function formatPasswordReset(pr) {
-    return {
-        object: 'password_reset',
-        id: pr.id,
-        user_id: pr.user_id,
-        email: pr.email,
-        token: pr.token,
-        expires_at: pr.expires_at,
-        created_at: pr.created_at,
-        updated_at: pr.updated_at,
-    };
+    return formatEntity(pr);
 }
 export function formatMagicAuth(ma) {
-    return {
-        object: 'magic_auth',
-        id: ma.id,
-        user_id: ma.user_id,
-        email: ma.email,
-        code: ma.code,
-        expires_at: ma.expires_at,
-        created_at: ma.created_at,
-        updated_at: ma.updated_at,
-    };
+    return formatEntity(ma);
 }
 export function formatAuthFactor(f) {
-    return {
-        object: 'authentication_factor',
-        id: f.id,
-        user_id: f.user_id,
-        type: f.type,
-        totp: f.totp,
-        created_at: f.created_at,
-        updated_at: f.updated_at,
-    };
+    return formatEntity(f);
 }
 export function formatIdentity(i) {
-    return {
-        object: 'identity',
-        id: i.id,
-        user_id: i.user_id,
-        provider: i.provider,
-        provider_id: i.provider_id,
-        type: i.type,
-        created_at: i.created_at,
-        updated_at: i.updated_at,
-    };
+    return formatEntity(i);
 }
 export function generateVerificationToken() {
     return randomBytes(16).toString('hex');
@@ -149,110 +78,28 @@ export function isExpired(expiresAt) {
     return new Date(expiresAt).getTime() < Date.now();
 }
 export function formatConnection(conn) {
-    return {
-        object: 'connection',
-        id: conn.id,
-        organization_id: conn.organization_id,
-        connection_type: conn.connection_type,
-        name: conn.name,
-        state: conn.state,
-        domains: conn.domains,
-        created_at: conn.created_at,
-        updated_at: conn.updated_at,
-    };
+    return formatEntity(conn);
 }
 export function formatSSOProfile(p) {
-    return {
-        object: 'profile',
-        id: p.id,
-        connection_id: p.connection_id,
-        connection_type: p.connection_type,
-        organization_id: p.organization_id,
-        idp_id: p.idp_id,
-        email: p.email,
-        first_name: p.first_name,
-        last_name: p.last_name,
-        groups: p.groups,
-        raw_attributes: p.raw_attributes,
-        created_at: p.created_at,
-        updated_at: p.updated_at,
-    };
+    return formatEntity(p);
 }
 export function formatPipeConnection(pc) {
-    return {
-        object: 'pipe_connection',
-        id: pc.id,
-        user_id: pc.user_id,
-        provider: pc.provider,
-        scopes: pc.scopes,
-        status: pc.status,
-        external_account_id: pc.external_account_id,
-        created_at: pc.created_at,
-        updated_at: pc.updated_at,
-    };
+    return formatEntity(pc);
 }
 export function formatInvitation(inv) {
-    return {
-        object: 'invitation',
-        id: inv.id,
-        email: inv.email,
-        state: inv.state,
-        token: inv.token,
-        accept_invitation_url: inv.accept_invitation_url,
-        organization_id: inv.organization_id,
-        inviter_user_id: inv.inviter_user_id,
-        role_slug: inv.role_slug,
-        expires_at: inv.expires_at,
-        created_at: inv.created_at,
-        updated_at: inv.updated_at,
-    };
+    return formatEntity(inv);
 }
 export function formatRedirectUri(r) {
-    return {
-        object: 'redirect_uri',
-        id: r.id,
-        uri: r.uri,
-        created_at: r.created_at,
-        updated_at: r.updated_at,
-    };
+    return formatEntity(r);
 }
 export function formatCorsOrigin(o) {
-    return {
-        object: 'cors_origin',
-        id: o.id,
-        origin: o.origin,
-        created_at: o.created_at,
-        updated_at: o.updated_at,
-    };
+    return formatEntity(o);
 }
 export function formatAuthorizedApplication(a) {
-    return {
-        object: 'authorized_application',
-        id: a.id,
-        user_id: a.user_id,
-        name: a.name,
-        redirect_uri: a.redirect_uri,
-        created_at: a.created_at,
-        updated_at: a.updated_at,
-    };
+    return formatEntity(a);
 }
 export function formatConnectedAccount(a) {
-    return {
-        object: 'connected_account',
-        id: a.id,
-        user_id: a.user_id,
-        provider: a.provider,
-        provider_id: a.provider_id,
-        created_at: a.created_at,
-        updated_at: a.updated_at,
-    };
-}
-export function parseListParams(url) {
-    const limit = Math.max(1, Math.min(parseInt(url.searchParams.get('limit') ?? '10'), 100));
-    const order = url.searchParams.get('order') ?? 'desc';
-    const before = url.searchParams.get('before') ?? undefined;
-    const after = url.searchParams.get('after') ?? undefined;
-    return { limit, order, before, after };
+    return formatEntity(a);
 }
 /** Allowed redirect URI hosts for the emulator's authorize endpoints. */
 const ALLOWED_REDIRECT_HOSTS = new Set(['localhost', '127.0.0.1', '[::1]']);
@@ -272,64 +119,21 @@ export function assertLocalRedirectUri(uri) {
         throw new WorkOSApiError(400, `redirect_uri must point to localhost, got ${parsed.hostname}`, 'invalid_redirect_uri');
     }
 }
+const AUTH_CHALLENGE_EXCLUDE = new Set([...INTERNAL_FIELDS, 'code']);
 export function formatAuthChallenge(c) {
-    return {
-        object: 'authentication_challenge',
-        id: c.id,
-        user_id: c.user_id,
-        factor_id: c.factor_id,
-        expires_at: c.expires_at,
-        created_at: c.created_at,
-        updated_at: c.updated_at,
-    };
+    return formatEntity(c, { exclude: AUTH_CHALLENGE_EXCLUDE });
 }
 export function formatRole(role) {
-    return {
-        object: 'role',
-        id: role.id,
-        slug: role.slug,
-        name: role.name,
-        description: role.description,
-        type: role.type,
-        organization_id: role.organization_id,
-        is_default_role: role.is_default_role,
-        priority: role.priority,
-        created_at: role.created_at,
-        updated_at: role.updated_at,
-    };
+    return formatEntity(role);
 }
 export function formatPermission(p) {
-    return {
-        object: 'permission',
-        id: p.id,
-        slug: p.slug,
-        name: p.name,
-        description: p.description,
-        created_at: p.created_at,
-        updated_at: p.updated_at,
-    };
+    return formatEntity(p);
 }
 export function formatAuthorizationResource(r) {
-    return {
-        object: 'authorization_resource',
-        id: r.id,
-        resource_type_slug: r.resource_type_slug,
-        external_id: r.external_id,
-        organization_id: r.organization_id,
-        metadata: r.metadata,
-        created_at: r.created_at,
-        updated_at: r.updated_at,
-    };
+    return formatEntity(r);
 }
 export function formatRoleAssignment(ra) {
-    return {
-        object: 'role_assignment',
-        id: ra.id,
-        organization_membership_id: ra.organization_membership_id,
-        role_id: ra.role_id,
-        created_at: ra.created_at,
-        updated_at: ra.updated_at,
-    };
+    return formatEntity(ra);
 }
 export function formatDeviceAuthorization(d) {
     return {
@@ -340,158 +144,47 @@ export function formatDeviceAuthorization(d) {
         interval: d.interval,
     };
 }
-// --- Phase 4: CRUD Domain formatters ---
 export function formatDirectory(d) {
-    return {
-        object: 'directory',
-        id: d.id,
-        name: d.name,
-        organization_id: d.organization_id,
-        domain: d.domain,
-        type: d.type,
-        state: d.state,
-        external_key: d.external_key,
-        created_at: d.created_at,
-        updated_at: d.updated_at,
-    };
+    return formatEntity(d);
 }
 export function formatDirectoryUser(u) {
-    return {
-        object: 'directory_user',
-        id: u.id,
-        directory_id: u.directory_id,
-        organization_id: u.organization_id,
-        idp_id: u.idp_id,
-        first_name: u.first_name,
-        last_name: u.last_name,
-        email: u.email,
-        username: u.username,
-        state: u.state,
-        role: u.role,
-        custom_attributes: u.custom_attributes,
-        raw_attributes: u.raw_attributes,
-        groups: u.groups,
-        created_at: u.created_at,
-        updated_at: u.updated_at,
-    };
+    return formatEntity(u);
 }
 export function formatDirectoryGroup(g) {
-    return {
-        object: 'directory_group',
-        id: g.id,
-        directory_id: g.directory_id,
-        organization_id: g.organization_id,
-        idp_id: g.idp_id,
-        name: g.name,
-        raw_attributes: g.raw_attributes,
-        created_at: g.created_at,
-        updated_at: g.updated_at,
-    };
+    return formatEntity(g);
 }
 export function formatAuditLogAction(a) {
-    return {
-        object: 'audit_log_action',
-        id: a.id,
-        name: a.name,
-        description: a.description,
-        condition: a.condition,
-        created_at: a.created_at,
-        updated_at: a.updated_at,
-    };
+    return formatEntity(a);
 }
 export function formatAuditLogEvent(e) {
-    return {
-        object: 'audit_log_event',
-        id: e.id,
-        organization_id: e.organization_id,
-        action: e.action,
-        actor: e.actor,
-        targets: e.targets,
-        metadata: e.metadata,
-        occurred_at: e.occurred_at,
-        created_at: e.created_at,
-        updated_at: e.updated_at,
-    };
+    return formatEntity(e);
 }
 export function formatAuditLogExport(ex) {
-    return {
-        object: 'audit_log_export',
-        id: ex.id,
-        organization_id: ex.organization_id,
-        state: ex.state,
-        url: ex.url,
-        filters: ex.filters,
-        created_at: ex.created_at,
-        updated_at: ex.updated_at,
-    };
+    return formatEntity(ex);
 }
 export function formatFeatureFlag(f) {
-    return {
-        object: 'feature_flag',
-        id: f.id,
-        slug: f.slug,
-        name: f.name,
-        description: f.description,
-        type: f.type,
-        default_value: f.default_value,
-        enabled: f.enabled,
-        created_at: f.created_at,
-        updated_at: f.updated_at,
-    };
+    return formatEntity(f);
+}
+export function formatFlagTarget(t) {
+    return formatEntity(t);
 }
 export function formatConnectApplication(a) {
-    return {
-        object: 'connect_application',
-        id: a.id,
-        name: a.name,
-        redirect_uris: a.redirect_uris,
-        client_id: a.client_id,
-        logo_url: a.logo_url,
-        created_at: a.created_at,
-        updated_at: a.updated_at,
-    };
+    return formatEntity(a);
 }
+const CLIENT_SECRET_EXCLUDE = new Set([...INTERNAL_FIELDS, 'value']);
 export function formatClientSecret(s) {
-    return {
-        object: 'client_secret',
-        id: s.id,
-        application_id: s.application_id,
-        last_four: s.last_four,
-        created_at: s.created_at,
-        updated_at: s.updated_at,
-    };
+    return formatEntity(s, { exclude: CLIENT_SECRET_EXCLUDE });
 }
 export function formatRadarAttempt(a) {
-    return {
-        object: 'radar_attempt',
-        id: a.id,
-        user_id: a.user_id,
-        ip_address: a.ip_address,
-        user_agent: a.user_agent,
-        verdict: a.verdict,
-        signals: a.signals,
-        created_at: a.created_at,
-        updated_at: a.updated_at,
-    };
+    return formatEntity(a);
 }
+const API_KEY_EXCLUDE = new Set([...INTERNAL_FIELDS, 'key', 'environment']);
 export function formatApiKeyRecord(k) {
-    return {
-        object: 'api_key',
-        id: k.id,
-        name: k.name,
-        created_at: k.created_at,
-        updated_at: k.updated_at,
-    };
+    return formatEntity(k, { exclude: API_KEY_EXCLUDE });
 }
+const EVENT_EXCLUDE = new Set([...INTERNAL_FIELDS, 'updated_at']);
 export function formatEvent(e) {
-    return {
-        object: 'event',
-        id: e.id,
-        event: e.event,
-        data: e.data,
-        environment_id: e.environment_id,
-        created_at: e.created_at,
-    };
+    return formatEntity(e, { exclude: EVENT_EXCLUDE });
 }
 export function formatWebhookEndpoint(ep, opts) {
     return {

package/dist/emulate/workos/helpers.js.map

@@ -1 +1 @@
-{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../../src/emulate/workos/helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AA0ClD,MAAM,UAAU,kBAAkB,CAAC,GAAuB,EAAE,EAAe;IACzE,MAAM,OAAO,GAAG,EAAE,CAAC,mBAAmB,CAAC,MAAM,CAAC,iBAAiB,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAE3F,OAAO;QACL,MAAM,EAAE,cAAc;QACtB,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,OAAO;QACP,kBAAkB,EAAE,GAAG,CAAC,kBAAkB;QAC1C,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,UAAU,EAAE,GAAG,CAAC,UAAU;KAC3B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,MAAgC;IAC3D,OAAO;QACL,MAAM,EAAE,qBAAqB;QAC7B,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,eAAe,EAAE,MAAM,CAAC,eAAe;QACvC,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,qBAAqB,EAAE,MAAM,CAAC,qBAAqB;QACnD,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;QAC7C,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;QAC/C,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;KAC9B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAA+B;IAC9D,OAAO;QACL,MAAM,EAAE,yBAAyB;QACjC,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO;QACL,MAAM,EAAE,MAAM;QACd,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;QAC7C,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,CAAgB;IAC5C,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,EAA2B;IACjE,OAAO;QACL,MAAM,EAAE,oBAAoB;QAC5B,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,KAAK,EAAE,EAAE,CAAC,KAAK;QACf,IAAI,EAAE,EAAE,CAAC,IAAI;QACb,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,EAAuB;IACzD,OAAO;QACL,MAAM,EAAE,gBAAgB;QACxB,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,KAAK,EAAE,EAAE,CAAC,KAAK;QACf,KAAK,EAAE,EAAE,CAAC,KAAK;QACf,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,EAAmB;IACjD,OAAO;QACL,MAAM,EAAE,YAAY;QACpB,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,KAAK,EAAE,EAAE,CAAC,KAAK;QACf,IAAI,EAAE,EAAE,CAAC,IAAI;QACb,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAA6B;IAC5D,OAAO;QACL,MAAM,EAAE,uBAAuB;QAC/B,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,CAAiB;IAC9C,OAAO;QACL,MAAM,EAAE,UAAU;QAClB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,IAAY;IAC3D,OAAO,YAAY,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,OAAe;IACvC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;AAClE,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,SAAiB;IACzC,OAAO,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAsB;IACrD,OAAO;QACL,MAAM,EAAE,YAAY;QACpB,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAAmB;IAClD,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,aAAa,EAAE,CAAC,CAAC,aAAa;QAC9B,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,cAAc,EAAE,CAAC,CAAC,cAAc;QAChC,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,EAAwB;IAC3D,OAAO;QACL,MAAM,EAAE,iBAAiB;QACzB,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,QAAQ,EAAE,EAAE,CAAC,QAAQ;QACrB,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,mBAAmB,EAAE,EAAE,CAAC,mBAAmB;QAC3C,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,GAAqB;IACpD,OAAO;QACL,MAAM,EAAE,YAAY;QACpB,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,qBAAqB,EAAE,GAAG,CAAC,qBAAqB;QAChD,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,UAAU,EAAE,GAAG,CAAC,UAAU;KAC3B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,CAAoB;IACpD,OAAO;QACL,MAAM,EAAE,cAAc;QACtB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAAmB;IAClD,OAAO;QACL,MAAM,EAAE,aAAa;QACrB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,CAA8B;IACxE,OAAO;QACL,MAAM,EAAE,wBAAwB;QAChC,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,CAAyB;IAC9D,OAAO;QACL,MAAM,EAAE,mBAAmB;QAC3B,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,GAAQ;IACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1F,MAAM,KAAK,GAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAoB,IAAI,MAAM,CAAC;IAC1E,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;IACzD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,yEAAyE;AACzE,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAE5E;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAW;IAChD,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,cAAc,CACtB,GAAG,EACH,6CAA6C,MAAM,CAAC,QAAQ,EAAE,EAC9D,sBAAsB,CACvB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,CAAgC;IAClE,OAAO;QACL,MAAM,EAAE,0BAA0B;QAClC,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO;QACL,MAAM,EAAE,MAAM;QACd,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAAmB;IAClD,OAAO;QACL,MAAM,EAAE,YAAY;QACpB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,CAA8B;IACxE,OAAO;QACL,MAAM,EAAE,wBAAwB;QAChC,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,kBAAkB,EAAE,CAAC,CAAC,kBAAkB;QACxC,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,EAAwB;IAC3D,OAAO;QACL,MAAM,EAAE,iBAAiB;QACzB,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,0BAA0B,EAAE,EAAE,CAAC,0BAA0B;QACzD,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,CAA4B;IACpE,OAAO;QACL,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,gBAAgB,EAAE,4DAA4D;QAC9E,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3F,QAAQ,EAAE,CAAC,CAAC,QAAQ;KACrB,CAAC;AACJ,CAAC;AAED,0CAA0C;AAE1C,MAAM,UAAU,eAAe,CAAC,CAAkB;IAChD,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,CAAsB;IACxD,OAAO;QACL,MAAM,EAAE,gBAAgB;QACxB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,iBAAiB,EAAE,CAAC,CAAC,iBAAiB;QACtC,cAAc,EAAE,CAAC,CAAC,cAAc;QAChC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,CAAuB;IAC1D,OAAO;QACL,MAAM,EAAE,iBAAiB;QACzB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,cAAc,EAAE,CAAC,CAAC,cAAc;QAChC,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,CAAuB;IAC1D,OAAO;QACL,MAAM,EAAE,kBAAkB;QAC1B,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,CAAsB;IACxD,OAAO;QACL,MAAM,EAAE,iBAAiB;QACzB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,EAAwB;IAC3D,OAAO;QACL,MAAM,EAAE,kBAAkB;QAC1B,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,eAAe,EAAE,EAAE,CAAC,eAAe;QACnC,KAAK,EAAE,EAAE,CAAC,KAAK;QACf,GAAG,EAAE,EAAE,CAAC,GAAG;QACX,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,CAAoB;IACpD,OAAO;QACL,MAAM,EAAE,cAAc;QACtB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,aAAa,EAAE,CAAC,CAAC,aAAa;QAC9B,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,CAA2B;IAClE,OAAO;QACL,MAAM,EAAE,qBAAqB;QAC7B,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,aAAa,EAAE,CAAC,CAAC,aAAa;QAC9B,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,CAAqB;IACtD,OAAO;QACL,MAAM,EAAE,eAAe;QACvB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,cAAc,EAAE,CAAC,CAAC,cAAc;QAChC,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,CAAqB;IACtD,OAAO;QACL,MAAM,EAAE,eAAe;QACvB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,CAAe;IAChD,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,CAAc;IACxC,OAAO;QACL,MAAM,EAAE,OAAO;QACf,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,cAAc,EAAE,CAAC,CAAC,cAAc;QAChC,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,EAAyB,EACzB,IAAkC;IAElC,OAAO;QACL,MAAM,EAAE,kBAAkB;QAC1B,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,GAAG,EAAE,EAAE,CAAC,GAAG;QACX,MAAM,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM;QACxE,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,WAAW,EAAE,EAAE,CAAC,WAAW;QAC3B,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAyE,EACzE,MAAc;IAEd,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;IACzD,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACpF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAChE,CAAC","sourcesContent":["import { randomBytes, createHash, createCipheriv } from 'node:crypto';\nimport { WorkOSApiError } from '../core/index.js';\nimport type { WorkOSStore } from './store.js';\nimport type {\n  WorkOSOrganization,\n  WorkOSOrganizationDomain,\n  WorkOSOrganizationMembership,\n  WorkOSUser,\n  WorkOSSession,\n  WorkOSEmailVerification,\n  WorkOSPasswordReset,\n  WorkOSMagicAuth,\n  WorkOSAuthenticationFactor,\n  WorkOSIdentity,\n  WorkOSConnection,\n  WorkOSSSOProfile,\n  WorkOSPipeConnection,\n  WorkOSInvitation,\n  WorkOSRedirectUri,\n  WorkOSCorsOrigin,\n  WorkOSAuthorizedApplication,\n  WorkOSConnectedAccount,\n  WorkOSAuthenticationChallenge,\n  WorkOSDeviceAuthorization,\n  WorkOSRole,\n  WorkOSPermission,\n  WorkOSAuthorizationResource,\n  WorkOSRoleAssignment,\n  WorkOSDirectory,\n  WorkOSDirectoryUser,\n  WorkOSDirectoryGroup,\n  WorkOSAuditLogAction,\n  WorkOSAuditLogEvent,\n  WorkOSAuditLogExport,\n  WorkOSFeatureFlag,\n  WorkOSConnectApplication,\n  WorkOSClientSecret,\n  WorkOSRadarAttempt,\n  WorkOSApiKey,\n  WorkOSEvent,\n  WorkOSWebhookEndpoint,\n} from './entities.js';\n\nexport function formatOrganization(org: WorkOSOrganization, ws: WorkOSStore): Record<string, unknown> {\n  const domains = ws.organizationDomains.findBy('organization_id', org.id).map(formatDomain);\n\n  return {\n    object: 'organization',\n    id: org.id,\n    name: org.name,\n    external_id: org.external_id,\n    metadata: org.metadata,\n    domains,\n    stripe_customer_id: org.stripe_customer_id,\n    created_at: org.created_at,\n    updated_at: org.updated_at,\n  };\n}\n\nexport function formatDomain(domain: WorkOSOrganizationDomain): Record<string, unknown> {\n  return {\n    object: 'organization_domain',\n    id: domain.id,\n    organization_id: domain.organization_id,\n    domain: domain.domain,\n    state: domain.state,\n    verification_strategy: domain.verification_strategy,\n    verification_token: domain.verification_token,\n    verification_prefix: domain.verification_prefix,\n    created_at: domain.created_at,\n    updated_at: domain.updated_at,\n  };\n}\n\nexport function formatMembership(m: WorkOSOrganizationMembership): Record<string, unknown> {\n  return {\n    object: 'organization_membership',\n    id: m.id,\n    organization_id: m.organization_id,\n    user_id: m.user_id,\n    role: m.role,\n    status: m.status,\n    external_id: m.external_id,\n    metadata: m.metadata,\n    created_at: m.created_at,\n    updated_at: m.updated_at,\n  };\n}\n\nexport function formatUser(user: WorkOSUser): Record<string, unknown> {\n  return {\n    object: 'user',\n    id: user.id,\n    email: user.email,\n    first_name: user.first_name,\n    last_name: user.last_name,\n    email_verified: user.email_verified,\n    profile_picture_url: user.profile_picture_url,\n    last_sign_in_at: user.last_sign_in_at,\n    external_id: user.external_id,\n    metadata: user.metadata,\n    locale: user.locale,\n    created_at: user.created_at,\n    updated_at: user.updated_at,\n  };\n}\n\nexport function formatSession(s: WorkOSSession): Record<string, unknown> {\n  return {\n    object: 'session',\n    id: s.id,\n    user_id: s.user_id,\n    organization_id: s.organization_id,\n    ip_address: s.ip_address,\n    user_agent: s.user_agent,\n    created_at: s.created_at,\n    updated_at: s.updated_at,\n  };\n}\n\nexport function formatEmailVerification(ev: WorkOSEmailVerification): Record<string, unknown> {\n  return {\n    object: 'email_verification',\n    id: ev.id,\n    user_id: ev.user_id,\n    email: ev.email,\n    code: ev.code,\n    expires_at: ev.expires_at,\n    created_at: ev.created_at,\n    updated_at: ev.updated_at,\n  };\n}\n\nexport function formatPasswordReset(pr: WorkOSPasswordReset): Record<string, unknown> {\n  return {\n    object: 'password_reset',\n    id: pr.id,\n    user_id: pr.user_id,\n    email: pr.email,\n    token: pr.token,\n    expires_at: pr.expires_at,\n    created_at: pr.created_at,\n    updated_at: pr.updated_at,\n  };\n}\n\nexport function formatMagicAuth(ma: WorkOSMagicAuth): Record<string, unknown> {\n  return {\n    object: 'magic_auth',\n    id: ma.id,\n    user_id: ma.user_id,\n    email: ma.email,\n    code: ma.code,\n    expires_at: ma.expires_at,\n    created_at: ma.created_at,\n    updated_at: ma.updated_at,\n  };\n}\n\nexport function formatAuthFactor(f: WorkOSAuthenticationFactor): Record<string, unknown> {\n  return {\n    object: 'authentication_factor',\n    id: f.id,\n    user_id: f.user_id,\n    type: f.type,\n    totp: f.totp,\n    created_at: f.created_at,\n    updated_at: f.updated_at,\n  };\n}\n\nexport function formatIdentity(i: WorkOSIdentity): Record<string, unknown> {\n  return {\n    object: 'identity',\n    id: i.id,\n    user_id: i.user_id,\n    provider: i.provider,\n    provider_id: i.provider_id,\n    type: i.type,\n    created_at: i.created_at,\n    updated_at: i.updated_at,\n  };\n}\n\nexport function generateVerificationToken(): string {\n  return randomBytes(16).toString('hex');\n}\n\nexport function generateCode(): string {\n  return String(Math.floor(100000 + Math.random() * 900000));\n}\n\nexport function hashPassword(password: string): string {\n  return createHash('sha256').update(password).digest('hex');\n}\n\nexport function verifyPassword(password: string, hash: string): boolean {\n  return hashPassword(password) === hash;\n}\n\nexport function expiresIn(minutes: number): string {\n  return new Date(Date.now() + minutes * 60 * 1000).toISOString();\n}\n\nexport function isExpired(expiresAt: string): boolean {\n  return new Date(expiresAt).getTime() < Date.now();\n}\n\nexport function formatConnection(conn: WorkOSConnection): Record<string, unknown> {\n  return {\n    object: 'connection',\n    id: conn.id,\n    organization_id: conn.organization_id,\n    connection_type: conn.connection_type,\n    name: conn.name,\n    state: conn.state,\n    domains: conn.domains,\n    created_at: conn.created_at,\n    updated_at: conn.updated_at,\n  };\n}\n\nexport function formatSSOProfile(p: WorkOSSSOProfile): Record<string, unknown> {\n  return {\n    object: 'profile',\n    id: p.id,\n    connection_id: p.connection_id,\n    connection_type: p.connection_type,\n    organization_id: p.organization_id,\n    idp_id: p.idp_id,\n    email: p.email,\n    first_name: p.first_name,\n    last_name: p.last_name,\n    groups: p.groups,\n    raw_attributes: p.raw_attributes,\n    created_at: p.created_at,\n    updated_at: p.updated_at,\n  };\n}\n\nexport function formatPipeConnection(pc: WorkOSPipeConnection): Record<string, unknown> {\n  return {\n    object: 'pipe_connection',\n    id: pc.id,\n    user_id: pc.user_id,\n    provider: pc.provider,\n    scopes: pc.scopes,\n    status: pc.status,\n    external_account_id: pc.external_account_id,\n    created_at: pc.created_at,\n    updated_at: pc.updated_at,\n  };\n}\n\nexport function formatInvitation(inv: WorkOSInvitation): Record<string, unknown> {\n  return {\n    object: 'invitation',\n    id: inv.id,\n    email: inv.email,\n    state: inv.state,\n    token: inv.token,\n    accept_invitation_url: inv.accept_invitation_url,\n    organization_id: inv.organization_id,\n    inviter_user_id: inv.inviter_user_id,\n    role_slug: inv.role_slug,\n    expires_at: inv.expires_at,\n    created_at: inv.created_at,\n    updated_at: inv.updated_at,\n  };\n}\n\nexport function formatRedirectUri(r: WorkOSRedirectUri): Record<string, unknown> {\n  return {\n    object: 'redirect_uri',\n    id: r.id,\n    uri: r.uri,\n    created_at: r.created_at,\n    updated_at: r.updated_at,\n  };\n}\n\nexport function formatCorsOrigin(o: WorkOSCorsOrigin): Record<string, unknown> {\n  return {\n    object: 'cors_origin',\n    id: o.id,\n    origin: o.origin,\n    created_at: o.created_at,\n    updated_at: o.updated_at,\n  };\n}\n\nexport function formatAuthorizedApplication(a: WorkOSAuthorizedApplication): Record<string, unknown> {\n  return {\n    object: 'authorized_application',\n    id: a.id,\n    user_id: a.user_id,\n    name: a.name,\n    redirect_uri: a.redirect_uri,\n    created_at: a.created_at,\n    updated_at: a.updated_at,\n  };\n}\n\nexport function formatConnectedAccount(a: WorkOSConnectedAccount): Record<string, unknown> {\n  return {\n    object: 'connected_account',\n    id: a.id,\n    user_id: a.user_id,\n    provider: a.provider,\n    provider_id: a.provider_id,\n    created_at: a.created_at,\n    updated_at: a.updated_at,\n  };\n}\n\nexport function parseListParams(url: URL) {\n  const limit = Math.max(1, Math.min(parseInt(url.searchParams.get('limit') ?? '10'), 100));\n  const order = (url.searchParams.get('order') as 'asc' | 'desc') ?? 'desc';\n  const before = url.searchParams.get('before') ?? undefined;\n  const after = url.searchParams.get('after') ?? undefined;\n  return { limit, order, before, after };\n}\n\n/** Allowed redirect URI hosts for the emulator's authorize endpoints. */\nconst ALLOWED_REDIRECT_HOSTS = new Set(['localhost', '127.0.0.1', '[::1]']);\n\n/**\n * Validate that a redirect_uri points to a localhost origin.\n * Prevents the emulator from being used as an open redirect.\n */\nexport function assertLocalRedirectUri(uri: string): void {\n  let parsed: URL;\n  try {\n    parsed = new URL(uri);\n  } catch {\n    throw new WorkOSApiError(400, 'Invalid redirect_uri', 'invalid_redirect_uri');\n  }\n  if (!ALLOWED_REDIRECT_HOSTS.has(parsed.hostname)) {\n    throw new WorkOSApiError(\n      400,\n      `redirect_uri must point to localhost, got ${parsed.hostname}`,\n      'invalid_redirect_uri',\n    );\n  }\n}\n\nexport function formatAuthChallenge(c: WorkOSAuthenticationChallenge): Record<string, unknown> {\n  return {\n    object: 'authentication_challenge',\n    id: c.id,\n    user_id: c.user_id,\n    factor_id: c.factor_id,\n    expires_at: c.expires_at,\n    created_at: c.created_at,\n    updated_at: c.updated_at,\n  };\n}\n\nexport function formatRole(role: WorkOSRole): Record<string, unknown> {\n  return {\n    object: 'role',\n    id: role.id,\n    slug: role.slug,\n    name: role.name,\n    description: role.description,\n    type: role.type,\n    organization_id: role.organization_id,\n    is_default_role: role.is_default_role,\n    priority: role.priority,\n    created_at: role.created_at,\n    updated_at: role.updated_at,\n  };\n}\n\nexport function formatPermission(p: WorkOSPermission): Record<string, unknown> {\n  return {\n    object: 'permission',\n    id: p.id,\n    slug: p.slug,\n    name: p.name,\n    description: p.description,\n    created_at: p.created_at,\n    updated_at: p.updated_at,\n  };\n}\n\nexport function formatAuthorizationResource(r: WorkOSAuthorizationResource): Record<string, unknown> {\n  return {\n    object: 'authorization_resource',\n    id: r.id,\n    resource_type_slug: r.resource_type_slug,\n    external_id: r.external_id,\n    organization_id: r.organization_id,\n    metadata: r.metadata,\n    created_at: r.created_at,\n    updated_at: r.updated_at,\n  };\n}\n\nexport function formatRoleAssignment(ra: WorkOSRoleAssignment): Record<string, unknown> {\n  return {\n    object: 'role_assignment',\n    id: ra.id,\n    organization_membership_id: ra.organization_membership_id,\n    role_id: ra.role_id,\n    created_at: ra.created_at,\n    updated_at: ra.updated_at,\n  };\n}\n\nexport function formatDeviceAuthorization(d: WorkOSDeviceAuthorization): Record<string, unknown> {\n  return {\n    device_code: d.device_code,\n    user_code: d.user_code,\n    verification_uri: 'http://localhost:0/user_management/authorize/device/verify',\n    expires_in: Math.max(0, Math.floor((new Date(d.expires_at).getTime() - Date.now()) / 1000)),\n    interval: d.interval,\n  };\n}\n\n// --- Phase 4: CRUD Domain formatters ---\n\nexport function formatDirectory(d: WorkOSDirectory): Record<string, unknown> {\n  return {\n    object: 'directory',\n    id: d.id,\n    name: d.name,\n    organization_id: d.organization_id,\n    domain: d.domain,\n    type: d.type,\n    state: d.state,\n    external_key: d.external_key,\n    created_at: d.created_at,\n    updated_at: d.updated_at,\n  };\n}\n\nexport function formatDirectoryUser(u: WorkOSDirectoryUser): Record<string, unknown> {\n  return {\n    object: 'directory_user',\n    id: u.id,\n    directory_id: u.directory_id,\n    organization_id: u.organization_id,\n    idp_id: u.idp_id,\n    first_name: u.first_name,\n    last_name: u.last_name,\n    email: u.email,\n    username: u.username,\n    state: u.state,\n    role: u.role,\n    custom_attributes: u.custom_attributes,\n    raw_attributes: u.raw_attributes,\n    groups: u.groups,\n    created_at: u.created_at,\n    updated_at: u.updated_at,\n  };\n}\n\nexport function formatDirectoryGroup(g: WorkOSDirectoryGroup): Record<string, unknown> {\n  return {\n    object: 'directory_group',\n    id: g.id,\n    directory_id: g.directory_id,\n    organization_id: g.organization_id,\n    idp_id: g.idp_id,\n    name: g.name,\n    raw_attributes: g.raw_attributes,\n    created_at: g.created_at,\n    updated_at: g.updated_at,\n  };\n}\n\nexport function formatAuditLogAction(a: WorkOSAuditLogAction): Record<string, unknown> {\n  return {\n    object: 'audit_log_action',\n    id: a.id,\n    name: a.name,\n    description: a.description,\n    condition: a.condition,\n    created_at: a.created_at,\n    updated_at: a.updated_at,\n  };\n}\n\nexport function formatAuditLogEvent(e: WorkOSAuditLogEvent): Record<string, unknown> {\n  return {\n    object: 'audit_log_event',\n    id: e.id,\n    organization_id: e.organization_id,\n    action: e.action,\n    actor: e.actor,\n    targets: e.targets,\n    metadata: e.metadata,\n    occurred_at: e.occurred_at,\n    created_at: e.created_at,\n    updated_at: e.updated_at,\n  };\n}\n\nexport function formatAuditLogExport(ex: WorkOSAuditLogExport): Record<string, unknown> {\n  return {\n    object: 'audit_log_export',\n    id: ex.id,\n    organization_id: ex.organization_id,\n    state: ex.state,\n    url: ex.url,\n    filters: ex.filters,\n    created_at: ex.created_at,\n    updated_at: ex.updated_at,\n  };\n}\n\nexport function formatFeatureFlag(f: WorkOSFeatureFlag): Record<string, unknown> {\n  return {\n    object: 'feature_flag',\n    id: f.id,\n    slug: f.slug,\n    name: f.name,\n    description: f.description,\n    type: f.type,\n    default_value: f.default_value,\n    enabled: f.enabled,\n    created_at: f.created_at,\n    updated_at: f.updated_at,\n  };\n}\n\nexport function formatConnectApplication(a: WorkOSConnectApplication): Record<string, unknown> {\n  return {\n    object: 'connect_application',\n    id: a.id,\n    name: a.name,\n    redirect_uris: a.redirect_uris,\n    client_id: a.client_id,\n    logo_url: a.logo_url,\n    created_at: a.created_at,\n    updated_at: a.updated_at,\n  };\n}\n\nexport function formatClientSecret(s: WorkOSClientSecret): Record<string, unknown> {\n  return {\n    object: 'client_secret',\n    id: s.id,\n    application_id: s.application_id,\n    last_four: s.last_four,\n    created_at: s.created_at,\n    updated_at: s.updated_at,\n  };\n}\n\nexport function formatRadarAttempt(a: WorkOSRadarAttempt): Record<string, unknown> {\n  return {\n    object: 'radar_attempt',\n    id: a.id,\n    user_id: a.user_id,\n    ip_address: a.ip_address,\n    user_agent: a.user_agent,\n    verdict: a.verdict,\n    signals: a.signals,\n    created_at: a.created_at,\n    updated_at: a.updated_at,\n  };\n}\n\nexport function formatApiKeyRecord(k: WorkOSApiKey): Record<string, unknown> {\n  return {\n    object: 'api_key',\n    id: k.id,\n    name: k.name,\n    created_at: k.created_at,\n    updated_at: k.updated_at,\n  };\n}\n\nexport function formatEvent(e: WorkOSEvent): Record<string, unknown> {\n  return {\n    object: 'event',\n    id: e.id,\n    event: e.event,\n    data: e.data,\n    environment_id: e.environment_id,\n    created_at: e.created_at,\n  };\n}\n\nexport function formatWebhookEndpoint(\n  ep: WorkOSWebhookEndpoint,\n  opts?: { includeSecret?: boolean },\n): Record<string, unknown> {\n  return {\n    object: 'webhook_endpoint',\n    id: ep.id,\n    url: ep.url,\n    secret: opts?.includeSecret ? ep.secret : `${ep.secret.slice(0, 8)}****`,\n    enabled: ep.enabled,\n    events: ep.events,\n    description: ep.description,\n    created_at: ep.created_at,\n    updated_at: ep.updated_at,\n  };\n}\n\nexport function sealSession(\n  data: { access_token: string; refresh_token: string; session_id: string },\n  apiKey: string,\n): string {\n  const key = createHash('sha256').update(apiKey).digest();\n  const iv = randomBytes(12);\n  const cipher = createCipheriv('aes-256-gcm', key, iv);\n  const plaintext = JSON.stringify(data);\n  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n  const tag = cipher.getAuthTag();\n  return Buffer.concat([iv, tag, encrypted]).toString('base64');\n}\n"]}
+{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../../src/emulate/workos/helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AACtE,OAAO,EAAE,cAAc,EAA2C,MAAM,kBAAkB,CAAC;AA2C3F,MAAM,eAAe,GAAG,IAAI,GAAG,CAAS,CAAC,eAAe,EAAE,gBAAgB,EAAE,uBAAuB,CAAC,CAAC,CAAC;AAEtG,MAAM,UAAU,YAAY,CAAmB,MAAS,EAAE,IAAgC;IACxF,MAAM,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,eAAe,CAAC;IACjD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IAC7C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,MAAgC,EAChC,SAA+C;IAE/C,OAAO;QACL,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC;QAChC,aAAa,EAAE,MAAM,CAAC,aAAa;KACpC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,GAAuB,EACvB,EAAe,EACf,IAA+C;IAE/C,MAAM,OAAO,GAAG,CAAC,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC,mBAAmB,CAAC,MAAM,CAAC,iBAAiB,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAE9G,OAAO;QACL,MAAM,EAAE,cAAc;QACtB,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,OAAO;QACP,kBAAkB,EAAE,GAAG,CAAC,kBAAkB;QAC1C,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,UAAU,EAAE,GAAG,CAAC,UAAU;KAC3B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,MAAgC;IAC3D,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAA+B;IAC9D,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,eAAe,EAAE,cAAc,CAAC,CAAC,CAAC;AAEnE,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO,YAAY,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,CAAgB;IAC5C,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,EAA2B;IACjE,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,EAAuB;IACzD,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,EAAmB;IACjD,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAA6B;IAC5D,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,CAAiB;IAC9C,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,IAAY;IAC3D,OAAO,YAAY,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,OAAe;IACvC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;AAClE,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,SAAiB;IACzC,OAAO,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAsB;IACrD,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAAmB;IAClD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,EAAwB;IAC3D,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,GAAqB;IACpD,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,CAAoB;IACpD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAAmB;IAClD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,CAA8B;IACxE,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,CAAyB;IAC9D,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,yEAAyE;AACzE,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAE5E;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAW;IAChD,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,cAAc,CACtB,GAAG,EACH,6CAA6C,MAAM,CAAC,QAAQ,EAAE,EAC9D,sBAAsB,CACvB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;AAErE,MAAM,UAAU,mBAAmB,CAAC,CAAgC;IAClE,OAAO,YAAY,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAAmB;IAClD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,CAA8B;IACxE,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,EAAwB;IAC3D,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,CAA4B;IACpE,OAAO;QACL,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,gBAAgB,EAAE,4DAA4D;QAC9E,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3F,QAAQ,EAAE,CAAC,CAAC,QAAQ;KACrB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,CAAkB;IAChD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,CAAsB;IACxD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,CAAuB;IAC1D,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,CAAuB;IAC1D,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,CAAsB;IACxD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,EAAwB;IAC3D,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,CAAoB;IACpD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAAmB;IAClD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,CAA2B;IAClE,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC;AAErE,MAAM,UAAU,kBAAkB,CAAC,CAAqB;IACtD,OAAO,YAAY,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,CAAqB;IACtD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,eAAe,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC;AAE5E,MAAM,UAAU,kBAAkB,CAAC,CAAe;IAChD,OAAO,YAAY,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,eAAe,EAAE,YAAY,CAAC,CAAC,CAAC;AAElE,MAAM,UAAU,WAAW,CAAC,CAAc;IACxC,OAAO,YAAY,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,EAAyB,EACzB,IAAkC;IAElC,OAAO;QACL,MAAM,EAAE,kBAAkB;QAC1B,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,GAAG,EAAE,EAAE,CAAC,GAAG;QACX,MAAM,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM;QACxE,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,WAAW,EAAE,EAAE,CAAC,WAAW;QAC3B,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAyE,EACzE,MAAc;IAEd,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;IACzD,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACpF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAChE,CAAC","sourcesContent":["import { randomBytes, createHash, createCipheriv } from 'node:crypto';\nimport { WorkOSApiError, type CursorPaginatedResult, type Entity } from '../core/index.js';\nimport type { WorkOSStore } from './store.js';\nimport type {\n  WorkOSOrganization,\n  WorkOSOrganizationDomain,\n  WorkOSOrganizationMembership,\n  WorkOSUser,\n  WorkOSSession,\n  WorkOSEmailVerification,\n  WorkOSPasswordReset,\n  WorkOSMagicAuth,\n  WorkOSAuthenticationFactor,\n  WorkOSIdentity,\n  WorkOSConnection,\n  WorkOSSSOProfile,\n  WorkOSPipeConnection,\n  WorkOSInvitation,\n  WorkOSRedirectUri,\n  WorkOSCorsOrigin,\n  WorkOSAuthorizedApplication,\n  WorkOSConnectedAccount,\n  WorkOSAuthenticationChallenge,\n  WorkOSDeviceAuthorization,\n  WorkOSRole,\n  WorkOSPermission,\n  WorkOSAuthorizationResource,\n  WorkOSRoleAssignment,\n  WorkOSDirectory,\n  WorkOSDirectoryUser,\n  WorkOSDirectoryGroup,\n  WorkOSAuditLogAction,\n  WorkOSAuditLogEvent,\n  WorkOSAuditLogExport,\n  WorkOSFeatureFlag,\n  WorkOSFlagTarget,\n  WorkOSConnectApplication,\n  WorkOSClientSecret,\n  WorkOSRadarAttempt,\n  WorkOSApiKey,\n  WorkOSEvent,\n  WorkOSWebhookEndpoint,\n} from './entities.js';\n\nconst INTERNAL_FIELDS = new Set<string>(['password_hash', 'code_challenge', 'code_challenge_method']);\n\nexport function formatEntity<T extends Entity>(entity: T, opts?: { exclude?: Set<string> }): Record<string, unknown> {\n  const exclude = opts?.exclude ?? INTERNAL_FIELDS;\n  const result: Record<string, unknown> = {};\n  for (const [key, value] of Object.entries(entity)) {\n    if (!exclude.has(key)) result[key] = value;\n  }\n  return result;\n}\n\nexport function formatListResponse<T>(\n  result: CursorPaginatedResult<T>,\n  formatter: (item: T) => Record<string, unknown>,\n): { object: 'list'; data: Record<string, unknown>[]; list_metadata: { before: string | null; after: string | null } } {\n  return {\n    object: 'list',\n    data: result.data.map(formatter),\n    list_metadata: result.list_metadata,\n  };\n}\n\nexport function formatOrganization(\n  org: WorkOSOrganization,\n  ws: WorkOSStore,\n  opts?: { domains?: WorkOSOrganizationDomain[] },\n): Record<string, unknown> {\n  const domains = (opts?.domains ?? ws.organizationDomains.findBy('organization_id', org.id)).map(formatDomain);\n\n  return {\n    object: 'organization',\n    id: org.id,\n    name: org.name,\n    external_id: org.external_id,\n    metadata: org.metadata,\n    domains,\n    stripe_customer_id: org.stripe_customer_id,\n    created_at: org.created_at,\n    updated_at: org.updated_at,\n  };\n}\n\nexport function formatDomain(domain: WorkOSOrganizationDomain): Record<string, unknown> {\n  return formatEntity(domain);\n}\n\nexport function formatMembership(m: WorkOSOrganizationMembership): Record<string, unknown> {\n  return formatEntity(m);\n}\n\nconst USER_EXCLUDE = new Set([...INTERNAL_FIELDS, 'impersonator']);\n\nexport function formatUser(user: WorkOSUser): Record<string, unknown> {\n  return formatEntity(user, { exclude: USER_EXCLUDE });\n}\n\nexport function formatSession(s: WorkOSSession): Record<string, unknown> {\n  return formatEntity(s);\n}\n\nexport function formatEmailVerification(ev: WorkOSEmailVerification): Record<string, unknown> {\n  return formatEntity(ev);\n}\n\nexport function formatPasswordReset(pr: WorkOSPasswordReset): Record<string, unknown> {\n  return formatEntity(pr);\n}\n\nexport function formatMagicAuth(ma: WorkOSMagicAuth): Record<string, unknown> {\n  return formatEntity(ma);\n}\n\nexport function formatAuthFactor(f: WorkOSAuthenticationFactor): Record<string, unknown> {\n  return formatEntity(f);\n}\n\nexport function formatIdentity(i: WorkOSIdentity): Record<string, unknown> {\n  return formatEntity(i);\n}\n\nexport function generateVerificationToken(): string {\n  return randomBytes(16).toString('hex');\n}\n\nexport function generateCode(): string {\n  return String(Math.floor(100000 + Math.random() * 900000));\n}\n\nexport function hashPassword(password: string): string {\n  return createHash('sha256').update(password).digest('hex');\n}\n\nexport function verifyPassword(password: string, hash: string): boolean {\n  return hashPassword(password) === hash;\n}\n\nexport function expiresIn(minutes: number): string {\n  return new Date(Date.now() + minutes * 60 * 1000).toISOString();\n}\n\nexport function isExpired(expiresAt: string): boolean {\n  return new Date(expiresAt).getTime() < Date.now();\n}\n\nexport function formatConnection(conn: WorkOSConnection): Record<string, unknown> {\n  return formatEntity(conn);\n}\n\nexport function formatSSOProfile(p: WorkOSSSOProfile): Record<string, unknown> {\n  return formatEntity(p);\n}\n\nexport function formatPipeConnection(pc: WorkOSPipeConnection): Record<string, unknown> {\n  return formatEntity(pc);\n}\n\nexport function formatInvitation(inv: WorkOSInvitation): Record<string, unknown> {\n  return formatEntity(inv);\n}\n\nexport function formatRedirectUri(r: WorkOSRedirectUri): Record<string, unknown> {\n  return formatEntity(r);\n}\n\nexport function formatCorsOrigin(o: WorkOSCorsOrigin): Record<string, unknown> {\n  return formatEntity(o);\n}\n\nexport function formatAuthorizedApplication(a: WorkOSAuthorizedApplication): Record<string, unknown> {\n  return formatEntity(a);\n}\n\nexport function formatConnectedAccount(a: WorkOSConnectedAccount): Record<string, unknown> {\n  return formatEntity(a);\n}\n\n/** Allowed redirect URI hosts for the emulator's authorize endpoints. */\nconst ALLOWED_REDIRECT_HOSTS = new Set(['localhost', '127.0.0.1', '[::1]']);\n\n/**\n * Validate that a redirect_uri points to a localhost origin.\n * Prevents the emulator from being used as an open redirect.\n */\nexport function assertLocalRedirectUri(uri: string): void {\n  let parsed: URL;\n  try {\n    parsed = new URL(uri);\n  } catch {\n    throw new WorkOSApiError(400, 'Invalid redirect_uri', 'invalid_redirect_uri');\n  }\n  if (!ALLOWED_REDIRECT_HOSTS.has(parsed.hostname)) {\n    throw new WorkOSApiError(\n      400,\n      `redirect_uri must point to localhost, got ${parsed.hostname}`,\n      'invalid_redirect_uri',\n    );\n  }\n}\n\nconst AUTH_CHALLENGE_EXCLUDE = new Set([...INTERNAL_FIELDS, 'code']);\n\nexport function formatAuthChallenge(c: WorkOSAuthenticationChallenge): Record<string, unknown> {\n  return formatEntity(c, { exclude: AUTH_CHALLENGE_EXCLUDE });\n}\n\nexport function formatRole(role: WorkOSRole): Record<string, unknown> {\n  return formatEntity(role);\n}\n\nexport function formatPermission(p: WorkOSPermission): Record<string, unknown> {\n  return formatEntity(p);\n}\n\nexport function formatAuthorizationResource(r: WorkOSAuthorizationResource): Record<string, unknown> {\n  return formatEntity(r);\n}\n\nexport function formatRoleAssignment(ra: WorkOSRoleAssignment): Record<string, unknown> {\n  return formatEntity(ra);\n}\n\nexport function formatDeviceAuthorization(d: WorkOSDeviceAuthorization): Record<string, unknown> {\n  return {\n    device_code: d.device_code,\n    user_code: d.user_code,\n    verification_uri: 'http://localhost:0/user_management/authorize/device/verify',\n    expires_in: Math.max(0, Math.floor((new Date(d.expires_at).getTime() - Date.now()) / 1000)),\n    interval: d.interval,\n  };\n}\n\nexport function formatDirectory(d: WorkOSDirectory): Record<string, unknown> {\n  return formatEntity(d);\n}\n\nexport function formatDirectoryUser(u: WorkOSDirectoryUser): Record<string, unknown> {\n  return formatEntity(u);\n}\n\nexport function formatDirectoryGroup(g: WorkOSDirectoryGroup): Record<string, unknown> {\n  return formatEntity(g);\n}\n\nexport function formatAuditLogAction(a: WorkOSAuditLogAction): Record<string, unknown> {\n  return formatEntity(a);\n}\n\nexport function formatAuditLogEvent(e: WorkOSAuditLogEvent): Record<string, unknown> {\n  return formatEntity(e);\n}\n\nexport function formatAuditLogExport(ex: WorkOSAuditLogExport): Record<string, unknown> {\n  return formatEntity(ex);\n}\n\nexport function formatFeatureFlag(f: WorkOSFeatureFlag): Record<string, unknown> {\n  return formatEntity(f);\n}\n\nexport function formatFlagTarget(t: WorkOSFlagTarget): Record<string, unknown> {\n  return formatEntity(t);\n}\n\nexport function formatConnectApplication(a: WorkOSConnectApplication): Record<string, unknown> {\n  return formatEntity(a);\n}\n\nconst CLIENT_SECRET_EXCLUDE = new Set([...INTERNAL_FIELDS, 'value']);\n\nexport function formatClientSecret(s: WorkOSClientSecret): Record<string, unknown> {\n  return formatEntity(s, { exclude: CLIENT_SECRET_EXCLUDE });\n}\n\nexport function formatRadarAttempt(a: WorkOSRadarAttempt): Record<string, unknown> {\n  return formatEntity(a);\n}\n\nconst API_KEY_EXCLUDE = new Set([...INTERNAL_FIELDS, 'key', 'environment']);\n\nexport function formatApiKeyRecord(k: WorkOSApiKey): Record<string, unknown> {\n  return formatEntity(k, { exclude: API_KEY_EXCLUDE });\n}\n\nconst EVENT_EXCLUDE = new Set([...INTERNAL_FIELDS, 'updated_at']);\n\nexport function formatEvent(e: WorkOSEvent): Record<string, unknown> {\n  return formatEntity(e, { exclude: EVENT_EXCLUDE });\n}\n\nexport function formatWebhookEndpoint(\n  ep: WorkOSWebhookEndpoint,\n  opts?: { includeSecret?: boolean },\n): Record<string, unknown> {\n  return {\n    object: 'webhook_endpoint',\n    id: ep.id,\n    url: ep.url,\n    secret: opts?.includeSecret ? ep.secret : `${ep.secret.slice(0, 8)}****`,\n    enabled: ep.enabled,\n    events: ep.events,\n    description: ep.description,\n    created_at: ep.created_at,\n    updated_at: ep.updated_at,\n  };\n}\n\nexport function sealSession(\n  data: { access_token: string; refresh_token: string; session_id: string },\n  apiKey: string,\n): string {\n  const key = createHash('sha256').update(apiKey).digest();\n  const iv = randomBytes(12);\n  const cipher = createCipheriv('aes-256-gcm', key, iv);\n  const plaintext = JSON.stringify(data);\n  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n  const tag = cipher.getAuthTag();\n  return Buffer.concat([iv, tag, encrypted]).toString('base64');\n}\n"]}