diff --git a/.agents/rules/api-conventions.md b/.agents/rules/api-conventions.md new file mode 100644 index 0000000000..0c9550b14b --- /dev/null +++ b/.agents/rules/api-conventions.md @@ -0,0 +1,66 @@ +# API conventions + +Read before adding endpoints, commands/queries, validators, or error handling. + +## Endpoints + +Static extension methods on `IEndpointRouteBuilder`, returning `RouteHandlerBuilder`. The handler delegates to Mediator. Gate with `.RequirePermission(...)`. + +```csharp +public static class RegisterUserEndpoint +{ + internal static RouteHandlerBuilder MapRegisterUserEndpoint(this IEndpointRouteBuilder endpoints) => + endpoints.MapPost("/register", (RegisterUserCommand command, + IMediator mediator, CancellationToken cancellationToken) => + mediator.Send(command, cancellationToken)) + .WithName("RegisterUser") + .WithSummary("Register user") + .RequirePermission(IdentityPermissionConstants.Users.Create); +} +``` + +- **Always accept and forward `CancellationToken`** to `mediator.Send`. ASP.NET injects it. +- Wire each endpoint in the module's `MapEndpoints()`. Endpoints group under `api/v{version:apiVersion}/{module}`. +- Use `TypedResults` / `.Produces(...)` for accurate OpenAPI. Add `.WithIdempotency()` on POSTs that must be replay-safe. + +## CQRS + +- **Commands/Queries** live in `Modules.{Name}.Contracts` — implement `ICommand` / `IQuery`. Records preferred. +- **Handlers** live in `Modules.{Name}/Features/` — `public sealed`, implement `ICommandHandler` / `IQueryHandler`, return `ValueTask`, `.ConfigureAwait(false)` on awaits. +- Paginated queries implement `IPagedQuery` (`PageNumber`, `PageSize`, `Sort`) and return `PagedResponse`. + +## Validation + +FluentValidation, auto-registered by `ModuleLoader`. Name `{Command}Validator`. Live in the same feature folder. + +- **Every command handler needs a validator; every paginated query handler needs one too.** Enforced by `Architecture.Tests` (`HandlerValidatorPairingTests`). A handler legitimately without rules can be added to that test's known-missing allowlist, but prefer writing the validator. +- Validators run via the `ValidationBehavior<,>` Mediator pipeline before the handler. + +## Exceptions → ProblemDetails + +Throw framework exception types; the global handler converts to RFC 9457 `ProblemDetails`: + +| Throw | HTTP | +|---|---| +| `NotFoundException` | 404 | +| `ForbiddenException` | 403 | +| `UnauthorizedException` | 401 | +| `CustomException(msg, errors?, HttpStatusCode)` | as specified (default 400) | + +Don't catch broadly to swallow. Background loops may `catch (Exception)` to stay alive, but must **log with context** and exclude `OperationCanceledException` (filtered catch or a preceding `catch (OperationCanceledException)`). + +## Permissions + +Constants in `Shared/Identity/*Permissions.cs` (e.g. `IdentityPermissionConstants`). Apply with `.RequirePermission(...)` on the endpoint. `RequiredPermissionAttribute` implements `IRequiredPermissionMetadata` — never let a duplicate of that interface appear; it silently disables **all** `.RequirePermission()` gates. + +## Specifications + +Use `Specification` (`src/BuildingBlocks/Persistence/Specifications/`) for query composition. Default `AsNoTracking = true` — see `database.md` for when tracking is required instead. + +## Adding a feature (checklist) + +1. Command/query + response in `Modules.{Name}.Contracts/v1/{Area}/{Feature}/`. +2. Handler in `Modules.{Name}/Features/v1/{Area}/{Feature}/`. +3. Validator in the same folder. +4. Endpoint in the same folder; wire in module `MapEndpoints()`. +5. Tests in `Tests/{Name}.Tests/` (+ integration test if it touches DB/IO). diff --git a/.agents/rules/architecture.md b/.agents/rules/architecture.md new file mode 100644 index 0000000000..cf3fa6b6ef --- /dev/null +++ b/.agents/rules/architecture.md @@ -0,0 +1,99 @@ +# Architecture rules + +Modular Monolith + Vertical Slice Architecture (VSA). Read this before adding/moving modules or touching wiring. + +## Layers & dependency direction + +``` +Host (composition root) → Modules.{Name} (runtime) → Modules.{Name}.Contracts (public API) + → BuildingBlocks (shared framework) +``` + +- **BuildingBlocks** (`src/BuildingBlocks/`) — Core, Persistence, Web, Caching, Eventing, Storage, Quota, Jobs, Mailing, Shared. Consumed by all modules. **Do not modify without explicit approval.** +- **Modules** (`src/Modules/{Name}/`) — bounded contexts. Each = a runtime project (internal) + a `.Contracts` project (public API: commands, queries, events, DTOs, service interfaces). +- A module **MUST NOT** reference another module's runtime project — only its `.Contracts`. Enforced by `Architecture.Tests` (NetArchTest). + +## Module = runtime + Contracts + +``` +Modules.Identity/ ← runtime (internal): handlers, services, domain, data +Modules.Identity.Contracts/ ← public: ICommand/IQuery types, DTOs, events, service interfaces +``` + +Cross-module communication: through Contracts service interfaces or integration events only. + +## Feature folder layout (VSA) + +Each feature is a vertical slice in `Features/v{version}/{Area}/{Feature}/`: + +``` +Features/v1/Users/RegisterUser/ +├── RegisterUserEndpoint.cs # minimal API endpoint +├── RegisterUserCommandHandler.cs # CQRS handler (public sealed) +└── RegisterUserCommandValidator.cs # FluentValidation +``` + +Module support folders: `Domain/`, `Data/`, `Services/`, `Events/`, `Authorization/`. + +## IModule registration + +Each module implements `IModule`, declared via an **assembly-level** `[FshModule]` attribute (positional `(Type moduleType, int order = 0)`) — **not** a class-level `[FshModule(Order = n)]`: + +```csharp +[assembly: FshModule(typeof(FSH.Modules.Identity.IdentityModule), 1)] // above the namespace + +namespace FSH.Modules.Identity; + +public sealed class IdentityModule : IModule +{ + public void ConfigureServices(IHostApplicationBuilder builder) { ... } + public void ConfigureMiddleware(IApplicationBuilder app) { ... } // optional, runs AFTER UseAuthentication + public void MapEndpoints(IEndpointRouteBuilder endpoints) { ... } +} +``` + +`ModuleLoader.AddModules` (`src/BuildingBlocks/Web/Modules/ModuleLoader.cs`) discovers `[FshModule]` attributes, orders by `Order` then name, instantiates each, and calls `ConfigureServices`. Endpoints map under `api/v{version:apiVersion}/{module}`. + +## ⚠️ The four-place registration footgun + +Adding a module requires editing **four** lists. Miss one and it fails *silently*: + +| Place | File | Symptom if missed | +|---|---|---| +| Mediator `o.Assemblies` (two markers: Contracts type **and** module type) | `src/Host/FSH.Starter.Api/Program.cs` | Handlers silently undiscovered | +| `moduleAssemblies` array | `src/Host/FSH.Starter.Api/Program.cs` | Module never loaded | +| Mediator assemblies (same pair) | `src/Host/FSH.Starter.DbMigrator/Program.cs` | Migrate/seed misses the module | +| module assemblies array | `src/Host/FSH.Starter.DbMigrator/Program.cs` | Migrate/seed misses the module | + +After wiring, the fastest sanity check is: build, hit the endpoint, confirm the handler runs. + +## DI & handler conventions + +- Mediator handlers: `public sealed`, implement `ICommandHandler` / `IQueryHandler`, return `ValueTask`, `.ConfigureAwait(false)` on every await. `ServiceLifetime.Scoped`. +- Validators auto-register via `ModuleLoader` (`AddValidatorsFromAssemblies`). Name them `{Command}Validator`. +- Prefer constructor injection / primary constructors. Watch DI lifetimes: stateful singletons must be thread-safe (use `ConcurrentDictionary` / immutable snapshots). + +## Middleware ordering (critical) + +In `src/BuildingBlocks/Web/Extensions.cs` (`UseHeroPlatform`): + +1. ExceptionHandler → ResponseCompression +2. **CORS before HTTPS redirect** (so OPTIONS preflight isn't 307-redirected) +3. HttpsRedirection → SecurityHeaders → static files → Routing +4. **`UseAuthentication`** +5. **`UseModuleMiddlewares`** — each module's `ConfigureMiddleware`, runs **after** auth +6. RateLimiting → Quotas → `UseAuthorization` → `MapModules` + +`app.UseHeroMultiTenantDatabases()` (Finbuckle `UseMultiTenant()`) runs in `Program.cs` **before** `UseHeroPlatform`, i.e. **before `UseAuthentication`** — so tenant resolution is header-driven, not claim-driven. See `modules/multitenancy.md`. + +## Static/global state + +No global mutable static collections enumerated under concurrency. `Audit` (Auditing module) swaps an immutable `IAuditEnricher[]` atomically; `ModuleLoader` guards with a lock. Follow that pattern if you must hold process-global state. + +## Configuration & options + +- `appsettings.json` (+ `.Development`/`.Production`) live in `src/Host/FSH.Starter.Api/`. DbMigrator links the same files. +- Bind config with the Options pattern: `AddOptions().BindConfiguration(nameof(T))`, section name == type name (e.g. `JwtOptions`, `DatabaseOptions`, `CachingOptions`, `CorsOptions`, `QuotaOptions`, `RateLimitingOptions`; **storage section is `Storage`**, not `StorageOptions`). Add `.ValidateDataAnnotations().ValidateOnStart()` for fail-fast. +- Validate critical options via `IValidatableObject` — `JwtOptions` requires `SigningKey` ≥32 chars and **rejects placeholder strings containing `"replace-with"`**; `DatabaseOptions` rejects empty connection strings. +- **Production fail-fast** (`Program.cs`, before service registration): missing `DatabaseOptions:ConnectionString`, `CachingOptions:Redis`, or `JwtOptions:SigningKey` throws. Dev secrets via `dotnet user-secrets` (AppHost has a `UserSecretsId`); MinIO creds are Aspire secret parameters. +- Platform composition is one call each: `builder.AddHeroPlatform(o => { o.Enable... })` (DI) and `app.UseHeroPlatform(...)` (middleware). Feature flags toggle Caching/Jobs/Mailing/Quotas/Sse/Realtime/OpenTelemetry/CORS/Idempotency. diff --git a/.agents/rules/buildingblocks-protection.md b/.agents/rules/buildingblocks-protection.md new file mode 100644 index 0000000000..e50ed4bf5f --- /dev/null +++ b/.agents/rules/buildingblocks-protection.md @@ -0,0 +1,36 @@ +--- +paths: + - "src/BuildingBlocks/**/*" +--- + +# ⚠️ BuildingBlocks Protection + +**STOP. You are modifying BuildingBlocks.** + +Changes to BuildingBlocks affect ALL modules across the entire framework. These are core abstractions that many projects depend on. + +## Before Proceeding + +1. **Confirm explicit approval** - Has the user specifically approved this change? +2. **Consider alternatives** - Can this be done in the module instead? +3. **Assess impact** - What modules will this affect? + +## If Approved + +- Make minimal, focused changes +- Ensure backward compatibility +- Update all affected modules +- Run full test suite: `dotnet test src/FSH.Starter.slnx` +- Document the change + +## Alternatives to Consider + +| Instead of... | Consider... | +|---------------|-------------| +| Modifying Core | Extension method in module | +| Changing Persistence | Custom repository in module | +| Updating Web | Module-specific middleware | + +## If Not Approved + +Do not proceed. Suggest alternatives that don't require BuildingBlocks modifications. diff --git a/.agents/rules/caching.md b/.agents/rules/caching.md new file mode 100644 index 0000000000..cc26b8898d --- /dev/null +++ b/.agents/rules/caching.md @@ -0,0 +1,30 @@ +# Caching + +`src/BuildingBlocks/Caching/`. Read before adding cached reads or invalidation. + +## What's registered + +`AddHeroCaching(config)` always registers **`HybridCache`** (L1 in-memory + optional L2 Redis). Inject `HybridCache`, not `IDistributedCache`. + +- `CachingOptions.Redis` empty → in-memory only (dev fallback). Set → a **single shared `ConnectionMultiplexer`** (singleton `IConnectionMultiplexer`) backs both the L2 cache and the DataProtection key ring. +- Defaults: total expiration 1h, L1 (local) expiration 2min (`CachingOptions`). +- `ObservableHybridCache` transparently decorates `HybridCache` to emit OpenTelemetry (hits/misses/factory-duration/invalidations). You don't reference it — just inject `HybridCache`. + +## Pattern + +```csharp +var perms = await cache.GetOrCreateAsync( + CacheKeys.UserPermissions(userId), + async ct => await LoadPermissionsAsync(userId, ct), + tags: [CacheKeys.Tags.Permissions, CacheKeys.Tags.User(userId)], + cancellationToken: ct); +``` + +- **Keys & tags live in `CacheKeys.cs`** — add new keys/tags there, don't inline strings. Existing: `UserPermissions(userId)`, `TenantTheme(tenantId)`, `IdempotencyEntry(tenantId,key)`, `ImpersonationGrantStatus(jti)`; tags `Permissions`, `Themes`, `Idempotency`, `Tenant(id)`, `User(id)`. +- Invalidate with `RemoveAsync(key)` or `RemoveByTagAsync(tag)` in the relevant mutation handler. +- `GetOrCreateAsync` gives **stampede protection** for free (factory runs once per key). + +## Gotchas + +- **No L1 backplane.** `RemoveByTagAsync` on one node does **not** evict L1 on peer nodes — cross-node staleness is bounded only by the 2-min local expiration. Don't rely on instant cross-node invalidation; keep local expiration short for hot, mutable data. +- Don't reach for `IDistributedCache` directly except where the framework already does so deliberately (idempotency probe-read) — prefer `HybridCache`. diff --git a/.agents/rules/database.md b/.agents/rules/database.md new file mode 100644 index 0000000000..864b096215 --- /dev/null +++ b/.agents/rules/database.md @@ -0,0 +1,48 @@ +# Database & EF Core conventions + +Read before touching entities, DbContexts, migrations, or query filters. + +## Entities + +- `BaseEntity` — `Id`, `CreatedAt`, `UpdatedAt`, `TenantId`. +- `AggregateRoot` — `BaseEntity` + domain events (`IHasDomainEvents`, `_domainEvents` list). +- Marker interfaces: `IHasTenant`, `IAuditableEntity`, `ISoftDeletable`, `IGlobalEntity`. +- Domain events inherit `DomainEvent` (record: `EventId`, `OccurredOnUtc`, `CorrelationId`, `TenantId`). Integration events implement `IIntegrationEvent`; handlers `IIntegrationEventHandler`. + +## Tenant isolation (default-ON) + +- `BaseDbContext` auto-applies a tenant query filter to every entity. **Isolation is on by default.** +- Opt out **only** via `IGlobalEntity` (e.g. `BillingPlan`, `ImpersonationGrant`, `Outbox`/`InboxMessage`). +- A subclass DbContext that overrides `OnModelCreating` **must call `base.OnModelCreating(modelBuilder)` LAST**, or the auto-applied filters are lost. +- Cross-tenant reads use `IgnoreQueryFilters()` **plus an explicit re-filter** — never rely on the absence of the filter. +- **Query-filter naming:** SoftDelete filter is *named*; the tenant filter stays *anonymous* (Finbuckle owns it). Don't rename the tenant filter. + +## AsNoTracking — and when NOT to + +- Read-only queries: add `.AsNoTracking()` (Specifications default to it). +- **Do NOT add `AsNoTracking()` to a read-then-mutate-then-`SaveChanges` query** — the entity must stay tracked or your changes won't persist. The analyzer (AP010) flags these as a smell, but for mutate-and-save flows it is a false positive — leave them tracked. +- `AnyAsync(...)` materializes no entity, so `AsNoTracking()` there is a no-op — skip it. + +## Value generation for nav-collection children + +A child entity reached **only** through a parent's navigation collection needs `Property(x => x.Id).ValueGeneratedNever()` in its EF config — otherwise EF treats it as `Modified` instead of `Added` and the insert silently misbehaves. + +## Migrations + +All migrations live in **one** project, `src/Host/FSH.Starter.Migrations.PostgreSQL`, organized **per-module by folder** (`Identity/`, `Catalog/`, `Chat/`, …), each with its own `{Module}DbContextModelSnapshot`. + +```bash +dotnet ef migrations add {Name} \ + --project src/Host/FSH.Starter.Migrations.PostgreSQL \ + --startup-project src/Host/FSH.Starter.Api \ + --context {Module}DbContext +``` + +- **`migrations remove` operates on the snapshot** — run a full build *before* `migrations add` so the snapshot is current, or you can lose the previous migration. +- The DB is **not** migrated at API startup. The `DbMigrator` host is a separate step: `apply` (default), `seed`, `seed-demo` (dev only), `list-pending`; flags `--tenant `, `--catalog-only`, `--seed`. It migrates the tenant catalog first, then each tenant's per-module schema, serialized by a Postgres advisory lock. +- `dotnet-ef` is pinned in `.config/dotnet-tools.json` — run `dotnet tool restore` first. + +## Tests + EF + +- Integration tests use Testcontainers (real PostgreSQL) — **Docker must be running**. +- In integration tests, set the Finbuckle tenant context **inline in the same method** as the `UserManager`/`DbContext` call; an awaited-helper set is lost (AsyncLocal) and the tenant query filter NREs. diff --git a/.agents/rules/eventing.md b/.agents/rules/eventing.md new file mode 100644 index 0000000000..2da17f7d11 --- /dev/null +++ b/.agents/rules/eventing.md @@ -0,0 +1,39 @@ +# Eventing — domain events, integration events, Outbox/Inbox + +Read before publishing/handling cross-module events. `src/BuildingBlocks/Eventing/`. + +## Two tiers + +- **Domain events** (in-process, pre-commit) — inherit `DomainEvent` (record: `EventId`, `OccurredOnUtc`, `CorrelationId`, `TenantId`). Raised on aggregates (`IHasDomainEvents`). +- **Integration events** (cross-module, async) — implement `IIntegrationEvent` (`Id`, `OccurredOnUtc`, `TenantId`, `CorrelationId`, `Source`). Handlers implement `IIntegrationEventHandler` (single `HandleAsync(T, ct)`), are `sealed`, live in `Events/` or `IntegrationEventHandlers/`. + +## The Outbox is the only way to publish + +**Do not call `IEventBus` directly from a handler.** Publish via the outbox so it commits in the same transaction and survives crashes: + +```csharp +await _outboxStore.AddAsync(integrationEvent, ct).ConfigureAwait(false); +``` + +`EfCoreOutboxStore.AddAsync` serializes + `SaveChanges` immediately. `OutboxDispatcherHostedService` polls every `OutboxDispatchIntervalSeconds` (default 10), `OutboxDispatcher` pulls a batch (`OutboxBatchSize`, default 100), publishes via `IEventBus`, and dead-letters after `OutboxMaxRetries` (default 5) → `IsDead`. `OutboxMessage`/`InboxMessage` are `IGlobalEntity` (no tenant filter — the dispatcher has no tenant context; `TenantId` is an explicit column). + +## Idempotency is free (in-memory bus) + +`InMemoryEventBus` resolves handlers in a fresh DI scope and applies the **Inbox**: skips if `IInboxStore.HasProcessedAsync(eventId, handlerName)`, marks processed after success. Composite key `{Id, HandlerName}`; concurrent-insert race is swallowed. Don't hand-roll dedup. + +## Wiring (3 calls in the module's `ConfigureServices`) + +```csharp +services.AddEventingCore(builder.Configuration); // serializer + bus + hosted dispatcher +services.AddEventingForDbContext(); // outbox/inbox stores (scoped) +services.AddIntegrationEventHandlers(typeof(MyModule).Assembly); // scans IIntegrationEventHandler<> +``` + +Bus = `EventingOptions.Provider`: `"RabbitMQ"` → `RabbitMqEventBus` (durable topic exchange); else `InMemoryEventBus` (default). + +## Gotchas + +- **Renaming/moving an integration event type breaks deserialization** — the outbox stores the assembly-qualified type name; `Type.GetType()` returns null → the message dead-letters. Keep event type names/namespaces stable, or migrate dead rows. +- **Background handlers carry no HTTP/tenant context.** An open-generic or background handler that reads a tenant-filtered DbContext must restore Finbuckle context first via `IMultiTenantContextSetter` (see `WebhookFanoutHandler`, `modules/webhooks.md`). +- In-memory bus runs handlers **synchronously in the publisher's scope** — keep handler work minimal; exceptions surface to the originating request (relevant for Notifications consuming Chat events). +- Set `UseHostedServiceDispatcher=false` to drive the outbox via Hangfire instead of the hosted service. diff --git a/.agents/rules/frontend/admin.md b/.agents/rules/frontend/admin.md new file mode 100644 index 0000000000..1f1ce132b8 --- /dev/null +++ b/.agents/rules/frontend/admin.md @@ -0,0 +1,38 @@ +# Frontend — admin app (`clients/admin`) + +Operator/SuperAdmin-facing console. Read `frontend/shared.md` first; this file is only the divergences. + +- **Port** 5173 · dev proxy target `http://localhost:5030` (HTTP) · localStorage prefix `fsh.admin.*` · login header `X-FSH-App: admin`. +- **Env** (`src/env.ts`): `{ apiBase, defaultTenant, dashboardUrl }`. `dashboardUrl` is used for the one-way impersonation handoff into the dashboard app. + +## Forms — react-hook-form + zod + +Admin is the **only** app with `react-hook-form` + `zod` + `@hookform/resolvers`. Use them: + +```ts +const form = useForm({ resolver: zodResolver(schema) }); +``` + +Form layout primitives live in `src/components/list/` (`PageHeader`, `Field`, `FormShell`, `FormSection`, `FormActions`, `Pagination`, `ErrorBand`). + +## Permissions — fetched, hydrated, gated + +- The JWT carries only role names. Admin fetches the permission set separately: `GET /api/v1/identity/permissions` (`getMyPermissions`), cached under `fsh.admin.permissions`. +- `AuthProvider` hydrates them in an effect keyed on subject change and exposes `permissionsHydrated` to avoid a 403 flash on first paint. +- **Route gating:** wrap gated route elements in ``. It renders a "Resolving permissions" state while `!permissionsHydrated`, else ``. (`ProtectedRoute` also accepts a `permissions?` prop.) +- **Mirror server permissions by hand** in `src/lib/permissions.ts` (`IdentityPermissions`, `MultitenancyPermissions`, … frozen objects + `PERMISSION_CATALOG` driving the role editor). There is intentionally **no** runtime catalog fetch — when the server adds a permission, mirror the constant here. + +## Routing & realtime + +- Routes wrap elements in `` (no per-route Suspense wrapper). +- `RealtimeProvider` is mounted in `App.tsx` and wires only `["NotificationCreated"]`. + +## Theme + +Cool-cast neutrals (hue 240, small non-zero chroma — **not** chroma 0), a single fixed chartreuse "signal" accent (`--accent-signal` / `--signal-500`), Geist / Geist Mono fonts. Defined in `src/styles/globals.css`. + +## Add-a-page deltas (on top of shared steps) + +- Use RHF + zod for any form. +- If the endpoint requires a permission, mirror the constant in `src/lib/permissions.ts` (and `PERMISSION_CATALOG` if it belongs in the role editor) and wrap the route in ``. +- Playwright: `seedAuthedSession` here also pre-seeds `fsh.admin.permissions` so `RouteGuard` passes on first paint. diff --git a/.agents/rules/frontend/dashboard.md b/.agents/rules/frontend/dashboard.md new file mode 100644 index 0000000000..d0cb78a032 --- /dev/null +++ b/.agents/rules/frontend/dashboard.md @@ -0,0 +1,42 @@ +# Frontend — dashboard app (`clients/dashboard`) + +Tenant-facing application. Read `frontend/shared.md` first; this file is only the divergences. + +- **Port** 5174 · dev proxy target `https://localhost:7030` (HTTPS, with `ws: true` for the SignalR hub) · localStorage prefix `fsh.dashboard.*` · login header `X-FSH-App: dashboard`. +- **Env** (`src/env.ts`): `{ apiBase, defaultTenant, demoMode }`. +- Dev-proxy is HTTPS on purpose: routing the bearer token through an HTTP→HTTPS 307 redirect stripped the `Authorization` header. + +## No RHF/zod — hand-rolled forms + +The dashboard does **not** depend on react-hook-form or zod. Use controlled inputs + local state. Don't add those deps to match admin. + +## Permissions — straight from the JWT + +`auth-context.tsx` reads `claims.permissions` off the decoded JWT — no separate fetch, no `permissionsHydrated`, no permissions cache key. `ProtectedRoute` is **auth-only** (no permission gating). Don't add `RouteGuard`-style gating here. + +## Routing & realtime/SSE + +- Every route element is wrapped in `withSuspense(node)` (per-route skeleton fallback). No per-route permission guards. +- `RealtimeProvider` **and** `SseProvider` are mounted inside `AppShell` (authenticated routes only), under a `CommandPaletteProvider` (cmdk). +- SignalR provider pre-wires ~11 chat/notification events. +- **SSE** (`src/sse/`, dashboard-only): two-step token — `POST /api/v1/sse/token`, then `GET /api/v1/sse/stream?token=` consumed via fetch streaming (`parseSseStream` async generator; EventSource can't send auth headers). **Two split contexts:** `useSseStatus()` (stable, for status dots) vs `useSseEvents()` (mutates per event) to avoid cascading re-renders; `useSse()` is the composite. + +## Impersonation + +`token-store.ts` has `beginImpersonation` / `endImpersonationWithFreshTokens` / `restoreStashedActor` that stash the operator's tokens under `fsh.dashboard.impersonation.*`. `AuthProvider` exposes `beginImpersonation`/`stopImpersonation` and derives `ImpersonationInfo` from `act_sub` / `act_tenant` / `act_name` claims. Admin triggers the handoff one-way via its `dashboardUrl`. + +## Performance + +- `@tanstack/react-virtual` for long lists — use it for any large collection (chat history, big tables). +- `cmdk` powers the command palette. + +## Theme + +**Chroma-0 neutrals** (`--neutral-*: oklch(L 0 0)` — untinted; the warm-paper tint was deliberately removed). Rose default brand with **swappable accent themes** via `.accent-{rose,indigo,violet,sky,emerald,amber}` classes that override the `--brand-*` oklch stops; saffron secondary; Figtree font. Defined in `src/styles/globals.css`. Keep neutrals at chroma 0. + +## Add-a-page deltas (on top of shared steps) + +- Hand-roll forms (no RHF/zod). +- Wrap the route element in `withSuspense()`; no permission guard. +- If it consumes pushes: `useRealtimeEvent("EventName", handler)` (register the name in `realtime-context.tsx`) or `useSseEvents()` for SSE. +- Use `react-virtual` for long lists; keep neutrals chroma 0. diff --git a/.agents/rules/frontend/shared.md b/.agents/rules/frontend/shared.md new file mode 100644 index 0000000000..9974e44e35 --- /dev/null +++ b/.agents/rules/frontend/shared.md @@ -0,0 +1,90 @@ +# Frontend — shared conventions + +Applies to **both** `clients/admin` and `clients/dashboard`. Read this for any React work, then read +the app-specific file (`admin.md` / `dashboard.md`) for divergences. + +Stack: React 19 · Vite 7 · TypeScript · TanStack Query v5 · React Router 7 · Radix UI · Tailwind v4 · +class-variance-authority (shadcn-style) · `@microsoft/signalr`. Path alias `@` → `src` (`vite.config.ts`). + +## API client (`src/lib/api-client.ts`, `src/api/*`) + +- One fetch wrapper: `apiFetch(path, init)`. No axios. +- **Types are hand-written**, not generated. (`openapi-typescript` is declared in admin's devDeps but unused — there is no codegen step.) Define DTO `type`s and a `const BASE = "/api/v1/..."` in each `src/api/{feature}.ts`, with thin async functions calling `apiFetch`. +- Auth header `Authorization: Bearer ` from `tokenStore.getAccessToken()` (unless `skipAuth:true`). +- Tenant header (lowercase `tenant`) = `tokenStore.getTenant() ?? env.defaultTenant`, unless overridden per request. +- Errors: non-OK parses RFC 9457 `application/problem+json` and throws `ApiRequestError(status, message, problem)`. 204/empty → `undefined`. +- **Single-flight refresh:** on 401 with a refresh token, `POST /api/v1/identity/token/refresh` with `{token, refreshToken}`; a module-level `refreshPromise` dedupes concurrent refreshes; rotated token returns on `token` (not `accessToken`); the original request retries once. +- Search endpoints: build `URLSearchParams` with **PascalCase** keys (`PageNumber`, `PageSize`, …) to match the API. + +## Env (`src/env.ts`) — runtime, not build-time + +`loadRuntimeConfig()` fetches `/config.json` once at boot (awaited in `main.tsx` before React mounts); `env` is a getter that throws if read too early. One built image promotes across environments (operator writes `config.json`). The only `VITE_*` var, `VITE_API_BASE_URL`, configures the **Vite dev proxy target only** — it is not the runtime apiBase (`config.json` ships `apiBase: ""`, relative). + +## Data fetching (TanStack Query v5) + +- Shared `queryClient` (`src/lib/query-client.ts`): `staleTime: 30_000`, `refetchOnWindowFocus:false`, no retry on 401/403 else `failureCount < 2`. +- **Query keys are inline literal arrays**, hierarchical, params object last: `["users", {pageNumber, searchTerm}]`, `["user", id]`, `["user", id, "roles"]`. No central key factory. +- `useQuery`/`useMutation` live inline in page components. Invalidate in `onSuccess`: `queryClient.invalidateQueries({ queryKey: ["users"] })`. Pagination: `placeholderData: keepPreviousData`. + +### ⚠️ The `mutate(arg)` race-safe pattern (golden rule #9) + +`useMutation` reads its options at execute time, so values produced at call time (e.g. a fresh +`crypto.randomUUID()` client id) must ride **through `mutate(arg)`** and be read from the `variables` +argument of `onMutate`/`onSuccess`/`onError` — never from component state the callbacks close over, +or two rapid calls collide. + +```ts +mutation.mutate({ text, clientId: crypto.randomUUID() }); +// onMutate: ({ clientId }) => insert optimistic `temp:${clientId}` +// onSuccess: (real, { clientId }) => swap temp → real +// onError: (_e, { clientId }) => rollback +``` + +## Routing (`routes.tsx`, `App.tsx`) + +- `createBrowserRouter`, flat config. Pages are **named exports** loaded via a `lazyNamed(importer, name)` helper (adapts named → `React.lazy`'s default contract). No default exports. +- Nesting: public auth routes → `` → `` → page children. `errorElement: `. +- Provider tree: `ThemeProvider > QueryClientProvider > AuthProvider > … > RouterProvider` + `sonner` ``. + +## Auth (`src/auth/`) + +`token-store.ts` (localStorage + pub/sub), `jwt.ts` (`decodeJwt`), `AuthProvider`/`useAuth()`, `ProtectedRoute`. +Login `POST /api/v1/identity/token/issue` with header `X-FSH-App: "admin"|"dashboard"`. **localStorage keys are namespaced per app** (`fsh.admin.*` / `fsh.dashboard.*`) so both run side-by-side. Permission *source* differs per app — see the app files. + +## Design system (Tailwind v4, shadcn-style) + +- **`cn()` is at `src/lib/cn.ts`** (`twMerge(clsx(...))`) — not `lib/utils.ts`. `components.json`: `style:new-york`, `baseColor:slate`, `cssVariables:true`, `iconLibrary:lucide`. +- UI primitives in `src/components/ui/` are cva-based: `cva(base, { variants, defaultVariants })` + Radix `Slot`/`asChild` + `cn(buttonVariants({...}))`. Layout primitives in `src/components/list/` (admin) / similar (dashboard), re-exported from `index.ts`. +- **Tailwind v4 is CSS-first — there is NO `tailwind.config`.** Configured via the `@tailwindcss/vite` plugin and one entrypoint `src/styles/globals.css` (imported in `main.tsx`). Tokens: `:root` oklch primitives → semantic vars → an `@theme inline { --color-*: var(--…) }` block exposing them as utilities. `@custom-variant dark (&:is(.dark *))`. +- Add a new token in `globals.css` (primitive → semantic → `@theme inline`), then use the utility. Don't hard-code colors in components. + +### Design language (both apps differ on purpose) + +| | admin (operator) | dashboard (tenant) | +|---|---|---| +| Neutrals | cool-cast, hue 240, small non-zero chroma | **chroma 0** (untinted — the warm tint was removed) | +| Accent | single fixed chartreuse "signal" (`--accent-signal`) | rose brand + **swappable** `.accent-{rose,indigo,violet,sky,emerald,amber}` | +| Font | Geist / Geist Mono | Figtree (+ saffron secondary) | + +So "neutrals must be chroma 0" is a **dashboard** rule. Admin neutrals are intentionally cool — match the file you're editing. + +## Realtime (SignalR) + +`src/realtime/realtime-context.tsx`: one `HubConnection` to `/api/v1/realtime/hub`. `@microsoft/signalr` is **dynamically imported** (lazy ~37KB) only when an authed session opens the hub. Auth via `accessTokenFactory`; a `tokenEpoch` (bumped by `tokenStore.subscribe`) forces reconnect on login/refresh/impersonation. Consume with `useRealtimeEvent("EventName", handler, deps)` (handler kept in a ref). Pre-register new event names in the provider's event list. + +## Testing (Playwright, route-mocked) + +- `playwright.config.ts`: `testDir: ./tests`, chromium, auto-boots `npm run dev`, no real backend. +- Tests in `tests/{area}/{name}.spec.ts`; helpers in `tests/helpers/`. +- **JWT seeding:** `seedAuthedSession(page, TEST_USER)` builds a fake JWT and `addInitScript`-writes `fsh.{app}.*` to localStorage before React boots (server isn't called, so signature is junk). +- **Route mocking:** `mockJsonResponse(page, urlGlob, body)` / `mockProblemDetails(...)`. `installShellMocks(page)` stubs every call `AppShell` fires and **aborts** SSE/SignalR. Playwright matches most-recently-registered first → broad shell mocks in `beforeEach`, page-specific mocks after (they win). +- `beforeEach`: `seedAuthedSession(page, TEST_USER)` → `installShellMocks(page)`. + +## Add a page/feature (shared steps) + +1. API: extend `src/api/{feature}.ts` — hand-written types + `apiFetch` calls. +2. Page: `src/pages/{area}/{name}.tsx`, **named** export. `useQuery` with hierarchical key; `useMutation` invalidating in `onSuccess`, passing per-call data via `mutate(arg)`. +3. Route: add `const X = lazyNamed(() => import("@/pages/area/name"), "XPage")` and a child route under `AppShell`. +4. Test: `tests/{area}/{name}.spec.ts` with seed + shell mocks + page mocks. + +Then apply the app-specific steps in `admin.md` / `dashboard.md` (forms, permission gating, suspense, etc.). diff --git a/.agents/rules/integration-testing.md b/.agents/rules/integration-testing.md new file mode 100644 index 0000000000..63d0b7a264 --- /dev/null +++ b/.agents/rules/integration-testing.md @@ -0,0 +1,23 @@ +# Integration testing + +`src/Tests/Integration.Tests/` + `Integration.Middleware.Tests/`. Read before writing tests that touch the DB/HTTP pipeline. See `testing.md` for unit conventions. + +## Harness + +`WebApplicationFactory` over **real** infra via Testcontainers — PostgreSQL + Redis + MinIO. **Docker must be running**; if it isn't, tests fail fast with `DockerUnavailableException` (environmental, not a regression — run the unit projects instead). + +`FshWebApplicationFactory` (`Integration.Tests/Infrastructure/`) boots the containers, overlays in-memory config, swaps `IMailService` → `NoOpMailService`, and rewires storage to MinIO. + +## Must-know gotchas + +- **Tenant context is AsyncLocal — set it inline.** Set the Finbuckle tenant context **in the same method** as the `UserManager`/`DbContext` call. Setting it in an awaited helper loses it across the async boundary → NRE in the tenant query filter. +- **Storage is wired eagerly.** `AddHeroStorage` reads `Storage:Provider` before the test config overlay, so it picks `LocalStorageService`. The factory **removes the `IStorageService`/`LocalStorageService`/`S3StorageService` descriptors post-registration and re-registers the S3 stack** at MinIO. Follow that when a test needs real object storage. (See `storage.md`.) +- **SignalR tests force long-polling** — TestServer has no WebSocket. Configure the client transport accordingly. +- **Rate limiting is read eagerly** — `Integration.Middleware.Tests` sets `RateLimitingOptions:Enabled` via env var **before** host build, since flipping it after has no effect. + +## Coverage + +```bash +dotnet test --collect "XPlat Code Coverage" --settings coverage.runsettings +``` +Cobertura; includes `[FSH.Modules.*]` + `[FSH.Framework.*]`; excludes tests, the Migrations project, and `*HostedService`. diff --git a/.agents/rules/jobs.md b/.agents/rules/jobs.md new file mode 100644 index 0000000000..9630614c27 --- /dev/null +++ b/.agents/rules/jobs.md @@ -0,0 +1,36 @@ +# Background jobs (Hangfire) + +`src/BuildingBlocks/Jobs/`. Read before enqueuing or scheduling work. + +## Fire-and-forget / scheduled — `IJobService` + +Inject `IJobService` (`Jobs/Services/IJobService.cs`) and use it; don't call Hangfire's `BackgroundJob` directly in feature code. + +```csharp +jobService.Enqueue(() => mailService.SendAsync(req, CancellationToken.None)); // default queue +jobService.Enqueue("email", () => mailService.SendAsync(req, CancellationToken.None)); +jobService.Schedule(() => DoLater(), TimeSpan.FromMinutes(5)); +``` + +Queues: `default`, `email` (5 workers, 30s poll). Storage auto-selected from `DatabaseOptions.Provider` (Postgres/MSSQL). + +## Recurring jobs — `IRecurringJobManager` + +`IJobService` has **no** recurring API. Register recurring jobs in the module's `MapEndpoints` with `IRecurringJobManager.AddOrUpdate(...)`, always `TimeZoneInfo.Utc`: + +```csharp +recurringJobs.AddOrUpdate("files:purge-orphaned", + j => j.RunAsync(CancellationToken.None), Cron.Hourly(), new() { TimeZone = TimeZoneInfo.Utc }); +``` + +Examples in the tree: `PurgeOrphanedFiles`/`PurgeDeletedFiles` (Files), `MonthlyInvoiceJob` (Billing), `AuditRetentionJob` (Auditing), `WebhookDispatchJob` (Webhooks). + +## Dashboard & config + +`/jobs` (default), behind `HangfireOptions.UserName`/`Password` basic auth — both `[Required]`, password `[MinLength(12)]`, so **startup fails in non-dev if unset**. + +## Gotchas + +- Jobs run on the server with **no HTTP/tenant context** — restore Finbuckle tenant context inside the job (fresh scope + `IMultiTenantContextSetter`) before touching a tenant-filtered DbContext. +- The DbMigrator registers `NoOpJobService` whose methods **throw** — surfaces any accidental enqueue during migration. Don't enqueue from migration/seed paths. +- A job class is a normal DI-resolved type (scope-per-job via `FshJobActivator`); inject what you need. diff --git a/.agents/rules/logging.md b/.agents/rules/logging.md new file mode 100644 index 0000000000..22228a909c --- /dev/null +++ b/.agents/rules/logging.md @@ -0,0 +1,31 @@ +# Logging & observability + +`src/BuildingBlocks/Web/Observability/`. Read before adding logs, traces, or metrics. + +## Structured logging only + +**No string interpolation in log messages.** Use message templates with named placeholders, or `[LoggerMessage]` source-gen for hot paths. + +```csharp +// good +_logger.LogInformation("Cleaned up {Count} expired sessions for tenant {TenantId}", count, tenantId); +// also good (hot path) — see OutboxDispatcher, InMemoryEventBus, AppHub +[LoggerMessage(Level = LogLevel.Warning, Message = "Outbox message {MessageId} dead-lettered")] +private partial void LogDeadLettered(Guid messageId); +// NEVER +_logger.LogInformation($"Cleaned up {count} sessions"); // breaks structured logging + analyzers +``` + +Build runs with `TreatWarningsAsErrors` — interpolated log calls won't even compile clean under analysis. + +## Serilog + +`AddHeroLogging()` reads the `Serilog` config section (Console sink by default), attaches `HttpRequestContextEnricher` (adds `RequestMethod`/`RequestPath`/`UserAgent` + `UserId`/`Tenant`/`UserEmail` when authenticated), overrides Microsoft/EF/Hangfire/Finbuckle to higher levels, and excludes the `ExceptionHandlerMiddleware` source (the global handler logs exceptions itself — don't double-log). + +## Correlation + +`X-Correlation-ID` request header (falls back to `HttpContext.TraceIdentifier`), surfaced in every ProblemDetails and pushed to the Serilog `LogContext`. `CurrentUserMiddleware` tags the current `Activity` with `fsh.user_id` / `fsh.tenant_id` / `fsh.correlation_id`. + +## OpenTelemetry + +`AddHeroOpenTelemetry()` no-ops unless `OpenTelemetryOptions.Enabled`. Metrics + traces for AspNetCore/HttpClient/Npgsql/EFCore/Redis/Runtime, plus caching + auditing meters and Mediator pipeline spans (`MediatorTracingBehavior`). **OTLP exporter is off by default** (`Exporter.Otlp.Enabled=false`); endpoint `http://localhost:4317` (the Aspire/compose collector). Add a new meter/source name to `OpenTelemetryOptions` config, not by editing the extension. diff --git a/.agents/rules/modules/auditing.md b/.agents/rules/modules/auditing.md new file mode 100644 index 0000000000..75e581b857 --- /dev/null +++ b/.agents/rules/modules/auditing.md @@ -0,0 +1,15 @@ +# Module: Auditing + +Append-only audit trail (entity changes, security events, exceptions, HTTP activity) with async channel-buffered persistence + DLQ. Module `Order = 300`. + +**Entities / DbContext:** `AuditRecord`, `AuditDbContext`. `AuditEnvelope` is the in-flight event. Rich Contracts surface: `IAuditClient`, `ISecurityAudit`, `IAuditPublisher`, `IAuditSink`, `IAuditDlqSink`, `IAuditEnricher`, `NoAuditAttribute`, payload records. +**Areas:** read-only query side — GetAudits / ByCorrelation / ByTrace / Summary / Exception / Security. Full list: `Features/v1/` or `/scalar`. + +## Gotchas + +- **Static `Audit` fluent API** — `Audit.ForSecurity(...).WithUser(...).WriteAsync(ct)` (also `ForEntityChange`/`ForActivity`/`ForException`). Configured once at startup via `Audit.Configure(publisher, serializer, enrichers)`. Enrichers are held in a **volatile immutable array swapped atomically** — never mutate a live enricher list (it'd race the enrich loop). +- **Two interceptors, don't confuse them:** `AuditingSaveChangesInterceptor` (this module) captures EF entity diffs → EntityChange events and **skips `AuditDbContext`** (no recursive self-audit). `AuditableEntitySaveChangesInterceptor` (BuildingBlocks) stamps audit/soft-delete fields — different file, different job. +- **Channel-buffered, never blocks the request** — `ChannelAuditPublisher` has two lanes: default (`DropOldest` under pressure) and a **security lane that back-pressures and never drops** (login/permission/impersonation ride here). `AuditBackgroundWorker` drains both (security first), batches, writes via `IAuditSink`; on sink failure it retries then spills to `IAuditDlqSink` (file) so events survive a Postgres outage. +- `SqlAuditSink` groups a batch by `TenantId` and sets tenant context per group in a fresh scope (null → Root) — background writer has no ambient tenant. +- **JSON masking** redacts fields by keyword (password/secret/token/apiKey/connectionString…) → `****`. Add sensitive keys there. +- Exclude an endpoint from activity auditing with `[NoAudit]` / the `NoAudit` endpoint extension. diff --git a/.agents/rules/modules/billing.md b/.agents/rules/modules/billing.md new file mode 100644 index 0000000000..dae081b572 --- /dev/null +++ b/.agents/rules/modules/billing.md @@ -0,0 +1,13 @@ +# Module: Billing + +Plans, subscriptions, usage metering, monthly invoicing. **Manual payment marking — no payment provider.** Module `Order = 500`. + +**Entities / DbContext:** `BillingPlan`, `Subscription`, `Invoice` (+ `InvoiceLineItem`), `UsageSnapshot`. **`BillingDbContext : DbContext`** (NOT `BaseDbContext`) — billing lives in the main DB with an explicit `TenantId` column for cross-tenant admin visibility, filtered in query services. Contracts = DTOs; `IBillingService`/`IUsageReporter` are internal. +**Areas:** Plans, Subscriptions, Invoices (generate/issue/mark-paid/void), Usage (capture/get). Monthly invoice job (`5 0 1 * *`). Full list: `Features/v1/` or `/scalar`. + +## Gotchas + +- **`BillingPlan` is `IGlobalEntity`** — platform-wide catalogue rows, **not tenant-scoped** (opts out of tenant isolation). A plan's `Key` matches the quota config key (e.g. `"pro"`): limits come from `QuotaOptions`, prices/overage from the plan. +- **`BillingDbContext` is a plain `DbContext`** — tenant filtering is done explicitly in query services, not by the `BaseDbContext` auto-filter. Don't assume the global tenant filter applies here. +- **Invoice state machine** — `Draft → Issued → Paid | Void`. Line items only addable in Draft; a Paid invoice can't be voided; totals recompute on add; Issue defaults due = +14 days. +- **Usage metering is idempotent** — `IUsageReporter.CaptureForPeriodAsync` reads `IQuotaService` and persists one `UsageSnapshot` per `QuotaResource` per (tenant, period), so invoicing math is reproducible even after a mid-period plan change. diff --git a/.agents/rules/modules/catalog.md b/.agents/rules/modules/catalog.md new file mode 100644 index 0000000000..32b1efbc95 --- /dev/null +++ b/.agents/rules/modules/catalog.md @@ -0,0 +1,14 @@ +# Module: Catalog + +Product catalog — products, categories (tree), brands — with soft-delete/restore/trash and search. Module `Order = 600`. This is the **reference module** for the soft-delete + image patterns; copy from here. + +**Entities / DbContext:** `Product` (aggregate, soft-deletable) + `ProductImage`, `Brand`, `Category` (self-referencing tree), `Money` (owned value object). `CatalogDbContext`. Domain events (`ProductCreated`/`PriceChanged`/`StockAdjusted`) are **internal**, not integration events. +**Areas:** Products (+ price/stock/images), Categories (+ tree), Brands — each with Create/Update/Delete/Search/ListTrashed/Restore. Full list: `Features/v1/` or `/scalar`. + +## Gotchas / patterns to copy + +- **Soft-delete + restore + trashed-listing** is the standard pattern. Unique indexes are **filtered on `"IsDeleted" = FALSE`** so SKU/Slug stay unique-per-tenant among *live* rows only (a deleted SKU can be reused). Replicate this on any soft-deletable unique field. +- **EF value-generation for nav children** — `ProductImageConfiguration` sets `Id.ValueGeneratedNever()` (same nav-child footgun as Chat — see `database.md`). +- **Single-thumbnail invariant** is enforced by the **aggregate**, not a partial unique index (Postgres non-deferrable partial unique indexes can't handle the demote/promote ordering in one transaction). Enforce such invariants in the domain. +- Registers `ProductFileAccessPolicy` (OwnerType `"Product"`) for product images via the Files module. +- Route ordering: literal segments (`/trash`, `/tree`, `/restore`) are registered **before** `/{id:guid}` catch-alls. diff --git a/.agents/rules/modules/chat.md b/.agents/rules/modules/chat.md new file mode 100644 index 0000000000..d07cea0cf8 --- /dev/null +++ b/.agents/rules/modules/chat.md @@ -0,0 +1,16 @@ +# Module: Chat + +Slack-style messaging: 1:1 DMs, group DMs, named channels, threads, reactions, mentions, pins. Module `Order = 800` (after Notifications 750, so Notifications' handlers register first). + +**Entities / DbContext:** `ChatChannel` (aggregate, soft-deletable) + `ChannelMember`; `Message` (aggregate) + `MessageAttachment`/`MessageMention`/`MessageReaction`. `ChatDbContext : BaseDbContext`, schema `chat`. Publishes `MentionedInChannelIntegrationEvent`. +**Areas:** Channels, Messages (incl. pin/edit/delete/threads), Reactions, Search. Full list: `Features/v1/` or `/scalar`. + +## Gotchas + +- **EF value-generation for nav children** — `MessageConfiguration` sets `Property(x => x.Id).ValueGeneratedNever()` for child collections (attachments/mentions/reactions). The domain assigns `Guid.CreateVersion7()` in factories; without this EF treats nav-collection children as `Modified` → 0-row UPDATE instead of INSERT. See `database.md`. +- `ChatDbContext` calls **`base.OnModelCreating` LAST** so tenant auto-apply sees the configured child types. +- **`ChannelAuthorization`** (`Features/v1/Internal/`): `RequireMember` throws **NotFound (404)** (not 403) so non-members can't probe channel existence; `RequireAdmin` throws `ForbiddenException`. Use these in every channel/message handler. +- **SignalR via `IHubContext`** (the shared hub in BuildingBlocks), groups `channel:{id}`. The hub reads the user via `Context.User`, not `ICurrentUser` (see `realtime.md`). Chat registers `IChannelMembershipChecker`/`IUserChannelLookup` adapters so the shared hub can authorize channel groups. +- SendMessage publishes `MentionedInChannelIntegrationEvent` **per distinct mentioned user**; Notifications consumes it. +- DMs use a sorted `DirectKey` (`"{lo}:{hi}"`) for find-or-create; **threads are single-level only**. +- Chat attachments register `ChatChannelFileAccessPolicy` (OwnerType `"ChatChannel"`): attach/read require membership, delete is uploader-only (see `modules/files.md`). diff --git a/.agents/rules/modules/files.md b/.agents/rules/modules/files.md new file mode 100644 index 0000000000..fe1cea2ccb --- /dev/null +++ b/.agents/rules/modules/files.md @@ -0,0 +1,15 @@ +# Module: Files + +Presigned-URL file lifecycle (upload → finalize → serve → delete) shared by Catalog images, Chat attachments, avatars. Module `Order = 350` (loads before consumer modules). + +**Entities / DbContext:** `FileAsset` (aggregate, soft-deletable): status `PendingUpload → Available | Quarantined`, `Visibility` (Public/Private), `ScanStatus`. `FilesDbContext`. Publishes `FileFinalizedIntegrationEvent`. +**Areas:** RequestUploadUrl, FinalizeUpload, GetFileDownloadUrl/Metadata, ChangeVisibility, Delete/Restore, ListMy/Shared/Trashed. Purge jobs (orphaned hourly, deleted daily). Full list: `Features/v1/` or `/scalar`. Storage mechanics: `storage.md`. + +## Gotchas + +- **Presigned flow** — never stream uploads through the API. RequestUploadUrl validates category/extension/size + quota **pre-check** and persists a `PendingUpload`; client uploads directly to storage; **FinalizeUpload debits the quota** (not at request time) and flips to Available/Quarantined. +- **`FileAccessPolicyRegistry`** resolves `IFileAccessPolicy` by **OwnerType** — case-insensitive, **closed by default** (unknown OwnerType → forbidden), **last-write-wins** on duplicates (intentional, for test substitution). Each owning module registers its own policy in its `ConfigureServices` (Catalog/Tickets load after Files). Files ships `DefaultUploaderOnlyPolicy` for built-in OwnerTypes `"MyFiles"`/`"User"`. +- `CanChangeVisibilityAsync` defaults to the delete rule (uploader-only); domain-bound files (e.g. product images) may override to forbid visibility flips. +- Tenant scoping is implicit via `BaseDbContext` (no explicit `TenantId` on `FileAsset`). + +To support uploads for a new owner type: implement `IFileAccessPolicy`, register it in the owning module, and use that OwnerType in RequestUploadUrl. diff --git a/.agents/rules/modules/identity.md b/.agents/rules/modules/identity.md new file mode 100644 index 0000000000..968ca33f1c --- /dev/null +++ b/.agents/rules/modules/identity.md @@ -0,0 +1,37 @@ +# Module: Identity + +Auth (JWT + ASP.NET Identity), users, roles, permissions, sessions, impersonation, 2FA. + +## Service shape + +`IUserService` is a **facade** that delegates to focused single-responsibility services — change behavior in the specific service, not the facade: + +| Interface | Concern | +|---|---| +| `IUserRegistrationService` | register, external-principal create, email/phone confirm | +| `IUserProfileService` | get/list/count, update profile, image, existence checks | +| `IUserStatusService` | activate/deactivate (`DeleteAsync` == deactivate), audited toggles | +| `IUserRoleService` | role assignment, admin-role guards | +| `IUserPasswordService` | forgot/reset/change password, history + expiry | +| `IUserPermissionService` | effective permissions, cache invalidation | + +`ChangePassword`/`Update`/`Delete` etc. flow facade → service → EF/UserManager. `CancellationToken` is `= default` on these interfaces and propagated into EF sinks (note: `UserManager`/`RoleManager` have no CT overloads, so private helpers that only call them don't take one). + +## Permission gating footgun + +`RequiredPermissionAttribute` implements `FSH.Framework.Shared.Identity.Authorization.IRequiredPermissionMetadata`. **Never let a second/duplicate `IRequiredPermissionMetadata` appear** — it silently disables **all** `.RequirePermission()` gates across the app. Permission constants live in `Shared/Identity/*Permissions.cs`. + +## Hosted services (background) + +- `RolePermissionSyncHostedService` — best-effort sync of the permission catalog; loops, catches `Exception` *with* an `OperationCanceledException` filter, logs and continues. +- `SessionCleanupHostedService` — hourly expired-session purge; OCE handled by a preceding catch. + +These are the model for background loops: stay alive, log with context, never swallow cancellation. See `api-conventions.md`. + +## Tokens / sessions + +Login `POST /api/v1/identity/token/issue` (header `X-FSH-App` enforces the operator/tenant app boundary). Refresh `POST /api/v1/identity/token/refresh` cross-checks subject. Session rows are written best-effort during login — failures log a warning and login still succeeds. Admin can't demote/deactivate the last admin or the root-tenant seed admin (guards in `UserRoleService`/`UserStatusService`). + +## Tests + +`Identity.Tests` is the largest unit suite. When asserting a forwarded `CancellationToken`, assert the specific token (see `testing.md`). diff --git a/.agents/rules/modules/multitenancy.md b/.agents/rules/modules/multitenancy.md new file mode 100644 index 0000000000..189933c848 --- /dev/null +++ b/.agents/rules/modules/multitenancy.md @@ -0,0 +1,16 @@ +# Module: Multitenancy + +Tenant catalog, provisioning, activation/upgrade, per-tenant theming (Finbuckle.MultiTenant). Foundational — registered early. + +**Entities / DbContext:** `AppTenantInfo` (catalog), `TenantProvisioning` + `TenantProvisioningStep`, `TenantTheme`. `TenantDbContext` holds the tenant catalog in the main DB. +**Areas:** CreateTenant, ChangeTenantActivation, UpgradeTenant, Get(Tenants/Status/Migrations), TenantProvisioning (status/retry), TenantTheme (get/update/reset). Full list: `Features/v1/` or `/scalar`. + +## Gotchas + +- **Finbuckle pipeline ordering** — strategy chain Claim → Header → `?tenant=` → DistributedCache → EFCoreStore, but `UseMultiTenant()` runs **before `UseAuthentication()`**, so the claim strategy no-ops (User is anonymous at resolution time). Resolution is effectively **header-driven** (`MultitenancyConstants.Identifier`). +- **Root-operator cross-tenant override is a post-auth middleware** in `ConfigureMiddleware` (not a Finbuckle strategy). Gate: caller's JWT tenant claim == `MultitenancyConstants.Root.Id` **and** a `tenant` header != root; it re-resolves via `IMultiTenantContextSetter`. Claim-aware tenant logic must go here, never in a strategy. +- **`ITenantInitialPasswordBuffer`** (singleton) — the tenant admin password is **operator-supplied**, not a constant. `CreateTenantCommandHandler` calls `Store(tenantId, password)` **before** kicking off provisioning; the background seed step `TryConsume`s it (`ConcurrentDictionary`, consume = remove). +- **Provisioning** runs 4 steps (Database → Migrations → Seeding → CacheWarm) via a Hangfire `TenantProvisioningJob`, falling back to inline execution if Hangfire storage is unavailable. **Activation is gated on `Status == Completed`.** +- `ITenantService.MigrateTenantAsync`/`SeedTenantAsync` create a fresh scope and set `IMultiTenantContext` **first**, then run the `IDbInitializer`s. + +Tenant **isolation** mechanics (default-on filter, `IGlobalEntity` opt-out, `base.OnModelCreating` last) live in `database.md`. diff --git a/.agents/rules/modules/notifications.md b/.agents/rules/modules/notifications.md new file mode 100644 index 0000000000..8347ac1cb1 --- /dev/null +++ b/.agents/rules/modules/notifications.md @@ -0,0 +1,13 @@ +# Module: Notifications + +Per-user in-app inbox (bell icon) driven by cross-module integration events, with live SignalR push. Module `Order = 750` (**before Chat 800** so its handlers are registered before Chat publishes). + +**Entities / DbContext:** `Notification` (aggregate: `UserId`, `Type`, `Title`/`Body`/`Link`, `Source`, `MetadataJson`, `ReadAtUtc`). `NotificationsDbContext`. Consumes integration events from other modules (e.g. Chat's `MentionedInChannelIntegrationEvent`). +**Areas:** List, GetUnreadCount, MarkRead, MarkAllRead. Full list: `Features/v1/` or `/scalar`. + +## Gotchas + +- **It's a consumer.** New notification types come from **handling another module's integration event** (`AddIntegrationEventHandlers`), not from new endpoints. The handler writes an inbox row **and** pushes `"NotificationCreated"` to SignalR group `user:{userId}` via `IHubContext`. +- **Order matters** — Notifications (750) must load before any publisher whose events it consumes (Chat 800). If a new module publishes events Notifications should react to, mind the `Order`. +- In-memory bus runs handlers **synchronously in the publisher's request scope** — keep the handler minimal; an exception surfaces to the originating request. See `eventing.md`. +- Inbox rows are **denormalized** (Title/Body/Link/MetadataJson copied in) so rendering never calls back into the source module. `MarkRead` is idempotent (`ReadAtUtc ??= now`). diff --git a/.agents/rules/modules/tickets.md b/.agents/rules/modules/tickets.md new file mode 100644 index 0000000000..be2cfd4271 --- /dev/null +++ b/.agents/rules/modules/tickets.md @@ -0,0 +1,12 @@ +# Module: Tickets + +Support ticket lifecycle with comments. Module `Order = 700`. + +**Entities / DbContext:** `Ticket` (aggregate, soft-deletable, state machine) + `TicketComment`. `TicketsDbContext`. `TicketStatus`/`TicketPriority` enums in Contracts; domain events internal. +**Areas:** Create, Assign, Resolve, Reopen, Restore, AddComment, ListComments, GetById, Search, ListTrashed. Full list: `Features/v1/` or `/scalar`. + +## Gotchas + +- **State machine** (`Domain/Ticket.cs`): `Open → InProgress → Resolved → Closed`. Illegal transitions throw **`CustomException` with `HttpStatusCode.Conflict` (409)** — not a generic 400. Assigning auto-starts (Open→InProgress); unassigning an InProgress ticket reverts to Open; creating with an assignee starts at InProgress. Closed tickets reject comments/resolve until reopened. Keep all transition guards in the aggregate. +- Soft-delete/restore/trash pattern is identical to Catalog (filtered unique indexes — see `modules/catalog.md`). +- Endpoints are mapped on the bare `api/v{version}` group (no `/tickets` sub-path); literal routes precede `{ticketId:guid}`. diff --git a/.agents/rules/modules/webhooks.md b/.agents/rules/modules/webhooks.md new file mode 100644 index 0000000000..8bc3f95097 --- /dev/null +++ b/.agents/rules/modules/webhooks.md @@ -0,0 +1,13 @@ +# Module: Webhooks + +Tenant-scoped outbound webhook subscriptions with HMAC-signed delivery and retries. Module `Order = 400`. + +**Entities / DbContext:** `WebhookSubscription` (`Url`, `EventsCsv`, `SecretHash`, `IsActive`), `WebhookDelivery` (per-attempt log). `WebhookDbContext` (tenant-filtered). Contracts expose **DTOs only** — `IWebhookDispatcher`/`IWebhookDeliveryService` are internal. +**Areas:** Create/Delete/Get subscriptions, GetDeliveries, Test. Full list: `Features/v1/` or `/scalar`. + +## Gotchas + +- **Fan-out is an open-generic handler** — `WebhookFanoutHandler` is registered as an open generic, so it handles **every** `IIntegrationEvent` with no per-event wiring. It skips events with null `TenantId` (subscriptions are tenant-only) and matches event-type name against each subscription's `EventsCsv` (`*` wildcard supported). +- **Restore tenant context in the background** — both the fan-out handler and `WebhookDispatchJob` set `IMultiTenantContext` in a fresh scope before reading the tenant-filtered DbContext (background pumps/Hangfire carry no HTTP context). This is the canonical pattern for any background reader of tenant data — see `eventing.md`, `jobs.md`. +- **HMAC signing** — `X-Webhook-Signature: sha256=` (`WebhookPayloadSigner.Sign`), plus `X-Webhook-Event` and `X-Webhook-Delivery-Id` headers. +- **Delivery** — `WebhookDispatcher.EnqueueAsync` enqueues a Hangfire `WebhookDispatchJob` per subscription; `[AutomaticRetry(Attempts=4, DelaysInSeconds={30,120,600,3600})]`. Transient (5xx/408/429) throws to reschedule; permanent 4xx completes silently. Each attempt persists a `WebhookDelivery` row. The `"Webhooks"` HttpClient uses `AddHeroResilience` (see `resilience.md`). diff --git a/.agents/rules/realtime.md b/.agents/rules/realtime.md new file mode 100644 index 0000000000..49574c6660 --- /dev/null +++ b/.agents/rules/realtime.md @@ -0,0 +1,25 @@ +# Realtime — SignalR & SSE (backend) + +`src/BuildingBlocks/Web/Realtime/` + `Sse/`. For the frontend side see `frontend/shared.md` + `frontend/dashboard.md`. + +## SignalR (`AppHub`) + +`[Authorize] AppHub` mapped at **`/api/v1/realtime/hub`**. Groups: `user:{userId}`, `tenant:{tenantId}`, `channel:{channelId}`. + +- **⚠️ Read the user from `Context.User`, NOT `ICurrentUser`.** `ICurrentUser` flows through `IHttpContextAccessor`, but the negotiate `HttpContext` isn't pinned to subsequent hub invocations → `ICurrentUser` returns nulls inside the hub. Use `Context.User` (the hub's `GetUserId()`/`GetTenantId()` helpers). +- Broadcasts are **scoped to groups** (`tenant:{id}`, `user:{id}`, `channel:{id}`), never `Clients.All`. `PresenceChanged` goes to the tenant group. +- Redis backplane is added automatically when `CachingOptions:Redis` is set (channel prefix `fsh-signalr`) — required for multi-replica. +- Push to a user from a module via `IHubContext` to group `user:{userId}` (e.g. Notifications' `"NotificationCreated"`). +- `IPresenceTracker` (in-memory, **per-host** — single-replica only for presence). Modules supply `IChannelMembershipChecker`/`IUserChannelLookup` adapters so the shared hub can authorize channel groups without depending on Chat. + +## SSE (`Web/Sse/`) — two-step token + +EventSource can't send `Authorization`, so SSE uses a token handshake: +1. `POST /api/v1/sse/token` (authorized) → opaque Guid, **single-use, 30s TTL** in `IDistributedCache`. +2. `GET /api/v1/sse/stream?token={guid}` (anonymous, consumes the token) → `text/event-stream`, `X-Accel-Buffering: no`, 15s heartbeat. + +`SseConnectionManager` (singleton, `ConcurrentDictionary`, bounded channel cap 100 `DropOldest`): `TrySend(userId)` (all tabs), `Broadcast(tenantId)`, `BroadcastAll()`. + +## Tests + +SignalR hub tests force **long-polling** (TestServer has no WebSocket). See `integration-testing.md`. diff --git a/.agents/rules/resilience.md b/.agents/rules/resilience.md new file mode 100644 index 0000000000..a02c6c1b0e --- /dev/null +++ b/.agents/rules/resilience.md @@ -0,0 +1,19 @@ +# HTTP resilience + +`src/BuildingBlocks/Web/HttpResilience/`. Uses `Microsoft.Extensions.Http.Resilience` (Polly v8). + +## Pattern — opt-in per HttpClient + +`AddHeroResilience(config)` is an `IHttpClientBuilder` extension that adds `AddStandardResilienceHandler` configured from `HttpResilienceOptions` (retry, total-request timeout, attempt timeout, circuit breaker). It is **NOT global** — chain it onto the specific outbound client that needs it: + +```csharp +builder.Services.AddHttpClient("Webhooks", ...) + .AddHeroResilience(builder.Configuration); +``` + +Defaults (`HttpResilienceOptions`): 3 retries, 30s total, 10s per attempt, 50% failure ratio, throughput 10. No-ops when `Enabled=false`. + +## Notes + +- Only outbound integrations need this. The only current caller is the Webhooks delivery client (`WebhooksModule.cs`). Add it to any new typed/named `HttpClient` that calls a flaky external service. +- For internal ret/timeout of *background* work, prefer Hangfire's `[AutomaticRetry]` on the job (see `modules/webhooks.md`) — that's durable across restarts; the resilience handler only covers the in-flight HTTP call. diff --git a/.agents/rules/security.md b/.agents/rules/security.md new file mode 100644 index 0000000000..b3fb38404b --- /dev/null +++ b/.agents/rules/security.md @@ -0,0 +1,26 @@ +# Web security & request governance + +CORS, security headers, rate limiting, idempotency, quota enforcement. `src/BuildingBlocks/Web/` + `Quota/`. +For auth/JWT/permissions see `modules/identity.md`; for the global exception handler see `api-conventions.md`. + +## CORS (`Web/Cors/`) — the SignalR gotcha + +Policy `FSHCorsPolicy`. When `CorsOptions.AllowAll=true` it uses **`SetIsOriginAllowed(_ => true).AllowAnyHeader().AllowAnyMethod().AllowCredentials()`** — deliberately **NOT `AllowAnyOrigin()`**. `Access-Control-Allow-Origin: *` is illegal with credentialed requests, and **SignalR's negotiate always runs credentialed**, so `AllowAnyOrigin()` silently breaks SignalR while REST keeps working. Never "simplify" it to `AllowAnyOrigin()`. `UseHeroCors()` runs **before** `UseHttpsRedirection()` so OPTIONS preflight isn't 307-redirected. + +## Security headers (`Web/Security/`) + +`UseHeroSecurityHeaders()` sets `X-Content-Type-Options`, `X-Frame-Options: DENY`, `Referrer-Policy`, HSTS (HTTPS), and a CSP. `SecurityHeadersOptions.ExcludedPaths` defaults to `["/scalar","/openapi"]` (they manage their own scripts) — keep those excluded. + +## Rate limiting (`Web/RateLimiting/`) + +Chained partitioned fixed-window limiter: **tenant → user → IP** (defaults 1000 / 200 / 300 per 60s) + a stricter named `"auth"` policy (10/60s). Health paths are unlimited. Rejection → 429 + ProblemDetails + `Retry-After`. `RateLimitingOptions.Enabled` is read **eagerly** — when false the middleware is skipped entirely (tests set it via env var before host build). + +## Idempotency (`Web/Idempotency/`) + +Opt-in per endpoint with **`.WithIdempotency()`**. Reads the `Idempotency-Key` header (max 128 chars, 24h TTL); replays return the cached response with `Idempotency-Replayed: true`. Cache key is tenant-scoped (`CacheKeys.IdempotencyEntry`). Put it on POSTs that must be replay-safe (e.g. CreateTenant). + +## Quota enforcement (`Quota/`) + +`QuotaEnforcementMiddleware` charges 1 `ApiCalls` unit per request via `CheckAndRecordAsync`; over-limit → 429 + ProblemDetails + `Retry-After`, and sets `HttpContext.Items[QuotaRejected]` so auditing can tag it. Resources: `ApiCalls` (counter), `StorageBytes`, `Users`, `ActiveFeatureFlags` (gauges). Skips health/metrics, unresolved tenants, and the root tenant. **Pipeline:** runs after auth (needs tenant) and after the rate limiter. Inject `TimeProvider` (not `DateTimeOffset.UtcNow`) for any time math here — the subsystem is `TimeProvider`-based. + +`IQuotaService`: `CheckAsync` (no mutation), `RecordAsync` (increment), `CheckAndRecordAsync` (atomic — won't increment past the limit). Store: Redis (`RedisQuotaService`) or per-process `InMemoryQuotaService` (dev/test). `NoopQuotaService` when disabled. diff --git a/.agents/rules/storage.md b/.agents/rules/storage.md new file mode 100644 index 0000000000..edb483c9ce --- /dev/null +++ b/.agents/rules/storage.md @@ -0,0 +1,26 @@ +# Storage & file uploads + +`src/BuildingBlocks/Storage/`. Read before working with files/blobs. + +## `IStorageService` + +`UploadAsync(FileUploadRequest, FileType, ct)`, `RemoveAsync(path, ct)`, `DownloadAsync`, `ExistsAsync`, `GetSizeAsync` (0 if absent), `GenerateUploadUrlAsync`/`GenerateDownloadUrlAsync` (presigned), `HeadObjectAsync`, `BuildPublicUrl(key)→string` (string, not Uri — local storage returns a server-relative path). + +`FileType`: `Image` (5MB), `Document`, `Pdf` (10MB) — `FileTypeMetadata.GetRules` enforces extension + size. **Always propagate `CancellationToken`.** + +## Providers + +`AddHeroStorage(config)` reads `Storage:Provider` **eagerly at registration**: `"s3"` → `S3StorageService` (supports MinIO via `ServiceUrl` + `ForcePathStyle`), else `LocalStorageService`. When quotas are enabled the service is wrapped in `QuotaMeteredStorageService` (debits `StorageBytes`). + +## Presigned upload flow (preferred for user uploads) + +Don't stream large files through the API. The pattern (see Files module): +1. `RequestUploadUrl` — server validates category/extension/size + quota pre-check, returns a presigned PUT URL, persists a `PendingUpload` record. +2. Client uploads **directly** to storage. +3. `FinalizeUpload` — flips to `Available`, **debits the quota here** (not at request time), publishes `FileFinalizedIntegrationEvent`. + +Local/dev without MinIO uses `LocalPresignTokenStore` (in-memory one-shot tokens). + +## Test gotcha + +`AddHeroStorage` reads `Storage:Provider` **before** a test factory's in-memory config overlay applies, so it wires `LocalStorageService`. Integration tests that need MinIO must **remove the `IStorageService`/`LocalStorageService`/`S3StorageService` descriptors post-registration and re-register the S3 stack** pointed at the MinIO container (see `FshWebApplicationFactory`). See `integration-testing.md`. diff --git a/.agents/rules/testing.md b/.agents/rules/testing.md new file mode 100644 index 0000000000..e63c1523e9 --- /dev/null +++ b/.agents/rules/testing.md @@ -0,0 +1,47 @@ +# Testing conventions + +Read before writing or changing tests. + +## Stack + +xUnit · Shouldly (`result.ShouldBe(...)`) · NSubstitute (`Substitute.For()`) · AutoFixture (`_fixture.Create()`) · NetArchTest (architecture rules) · Testcontainers (integration). + +## Naming & shape + +- Method name: `MethodName_Should_ExpectedBehavior_When_Condition`. +- Arrange-Act-Assert, grouped with `#region` (Happy Path / Exception / Edge Cases). +- Assert on observable behavior. When verifying a forwarded `CancellationToken`, assert the **specific** token (`Received(1).XAsync(arg, ct)`), not the implicit default — NSubstitute fills optional params with `default`, so `Received(1).XAsync(arg)` silently asserts `CancellationToken.None`. + +## Test projects (`src/Tests/`) + +| Project | Scope | Docker? | +|---|---|---| +| `{Module}.Tests` | Unit: handlers, services, domain | no | +| `Framework.Tests`, `Generic.Tests`, `Caching.Tests` | BuildingBlocks units | no | +| `Architecture.Tests` | NetArchTest: module boundaries + tenant-isolation rules + handler↔validator pairing | no | +| `Integration.Tests` | `WebApplicationFactory` over real PostgreSQL/Redis/MinIO | **yes** | +| `Integration.Middleware.Tests` | Real middleware wiring | **yes** | + +```bash +dotnet test src/FSH.Starter.slnx # all (integration needs Docker) +dotnet test src/Tests/{Module}.Tests # one project +dotnet test --collect "XPlat Code Coverage" --settings coverage.runsettings +``` + +If Docker is down, integration tests fail fast with `DockerUnavailableException` — that is environmental, not a code regression. Run the unit projects to validate logic. + +## Architecture tests (must stay green) + +- Modules reference other modules only via `.Contracts`. +- Tenant-isolation rules on entities. +- Every command handler + paginated query handler has a `{Name}Validator` (`HandlerValidatorPairingTests`). Validator names accepted: `{Cmd}Validator`, `{Name}CommandValidator`, `{Name}Validator`. + +## Integration-test gotchas + +- Set the Finbuckle tenant context **inline** in the test method (AsyncLocal — an awaited helper loses it → NRE in the tenant filter). +- `AddHeroStorage` reads config eagerly; rewire `IStorageService` **after** registration in the factory. +- SignalR hub tests force **long-polling** (TestServer has no WebSocket). + +## Frontend tests + +Playwright, route-mocked (no real backend) — see `frontend/shared.md`. `cd clients/{app} && npm run test:e2e`. diff --git a/.agents/skills/add-entity/SKILL.md b/.agents/skills/add-entity/SKILL.md new file mode 100644 index 0000000000..e3fbcd0d96 --- /dev/null +++ b/.agents/skills/add-entity/SKILL.md @@ -0,0 +1,125 @@ +--- +name: add-entity +description: Add a domain entity/aggregate with EF configuration and a migration to an existing FSH module. Use when adding a new database-backed entity. Pairs with add-feature and create-migration. +argument-hint: [ModuleName] [EntityName] +--- + +# Add Entity + +Rich domain model: `sealed` aggregate, private EF ctor, static factory, behavior via methods, domain +events. DB conventions: `.agents/rules/database.md`. + +## Entity — `AggregateRoot` (or `BaseEntity`) + +`BaseEntity` gives only `Id` + domain-event machinery. Audit/tenant/soft-delete are **opt-in via +marker interfaces** (the base does NOT carry those fields). New ids use **`Guid.CreateVersion7()`**. + +```csharp +public sealed class {Entity} : AggregateRoot, IHasTenant, IAuditableEntity, ISoftDeletable +{ + public string Name { get; private set; } = default!; + public Money Price { get; private set; } = default!; + + // IHasTenant + public string TenantId { get; private set; } = default!; + // IAuditableEntity + public DateTimeOffset CreatedOnUtc { get; set; } + public string? CreatedBy { get; set; } + public DateTimeOffset? LastModifiedOnUtc { get; set; } + public string? LastModifiedBy { get; set; } + // ISoftDeletable + public bool IsDeleted { get; set; } + public DateTimeOffset? DeletedOnUtc { get; set; } + public string? DeletedBy { get; set; } + + private {Entity}() { } // EF + + public static {Entity} Create(string name, Money price) + { + ArgumentException.ThrowIfNullOrWhiteSpace(name); + ArgumentNullException.ThrowIfNull(price); + + var entity = new {Entity} { Id = Guid.CreateVersion7(), Name = name.Trim(), Price = price }; + entity.AddDomainEvent(DomainEvent.Create((id, ts) => + new {Entity}CreatedDomainEvent(entity.Id, entity.Name, id, ts))); + return entity; + } + + public void Rename(string name) + { + ArgumentException.ThrowIfNullOrWhiteSpace(name); + Name = name.Trim(); + } +} +``` + +Notes: setters are `private set`; `TenantId`/audit/soft-delete members are settable by the framework +(interceptor + Finbuckle) so they aren't `private set`. Use `Guid.CreateVersion7()`, never `Guid.NewGuid()`. + +## Domain event — inherit `DomainEvent` (abstract record) + +```csharp +public sealed record {Entity}CreatedDomainEvent( + Guid {Entity}Id, string Name, Guid EventId, DateTimeOffset OccurredOnUtc) + : DomainEvent(EventId, OccurredOnUtc); +``` + +Raise with the `DomainEvent.Create((id, ts) => …)` helper + `AddDomainEvent(...)` (not `QueueDomainEvent`). + +## EF configuration + +```csharp +public sealed class {Entity}Configuration : IEntityTypeConfiguration<{Entity}> +{ + public void Configure(EntityTypeBuilder<{Entity}> builder) + { + ArgumentNullException.ThrowIfNull(builder); + builder.ToTable("{Entities}"); // schema is set once on the DbContext + builder.HasKey(x => x.Id); + builder.Property(x => x.Name).IsRequired().HasMaxLength(200); + + // soft-deletable unique field → filter on live rows only + builder.HasIndex(x => x.Name).IsUnique().HasFilter("\"IsDeleted\" = FALSE"); + + // owned value object + builder.OwnsOne(x => x.Price, m => + { + m.Property(p => p.Amount).HasColumnName("PriceAmount").HasPrecision(18, 4); + m.Property(p => p.Currency).HasColumnName("PriceCurrency").HasMaxLength(3); + }); + + builder.Ignore(x => x.DomainEvents); + } +} +``` + +- **Do NOT add a manual `HasQueryFilter` for soft-delete or tenant** — `BaseDbContext` applies both automatically. +- A child entity reached only via a parent nav-collection needs `builder.Property(x => x.Id).ValueGeneratedNever()` in **its** config, or EF inserts it as `Modified` → 0-row UPDATE. See `database.md`. + +## Register in the module DbContext + +Add a `DbSet`; configurations are picked up by `ApplyConfigurationsFromAssembly`: + +```csharp +public DbSet<{Entity}> {Entities} => Set<{Entity}>(); +``` + +The DbContext already extends `BaseDbContext` and calls `base.OnModelCreating` **last** — don't change that. + +## Migration + +Use the **create-migration** skill (build first, correct `--context`): + +```bash +dotnet ef migrations add Add{Entity} \ + --project src/Host/FSH.Starter.Migrations.PostgreSQL \ + --startup-project src/Host/FSH.Starter.Api \ + --context {X}DbContext +``` + +## Checklist + +- [ ] `sealed`, `AggregateRoot` (+ `IHasTenant`/`IAuditableEntity`/`ISoftDeletable` as needed), private ctor, static `Create` using `Guid.CreateVersion7()` +- [ ] Domain event inherits `DomainEvent`; raised via `DomainEvent.Create` + `AddDomainEvent` +- [ ] EF config: no manual soft-delete/tenant filter; `ValueGeneratedNever()` on nav-collection children +- [ ] `DbSet` added; build green; migration created with `--context {X}DbContext` diff --git a/.agents/skills/add-feature/SKILL.md b/.agents/skills/add-feature/SKILL.md new file mode 100644 index 0000000000..35d051d17f --- /dev/null +++ b/.agents/skills/add-feature/SKILL.md @@ -0,0 +1,113 @@ +--- +name: add-feature +description: Add a vertical-slice feature (command/query + handler + validator + endpoint) to an existing FSH module. Use when adding an API endpoint or business operation to a module that already exists. +argument-hint: [ModuleName] [Area] [FeatureName] +--- + +# Add Feature + +A feature is a vertical slice **split across two projects**: the request/response types live in the +module's `.Contracts` project (public API); the handler, validator, and endpoint live in the runtime +project. Full conventions: `.agents/rules/api-conventions.md`. + +## Layout (real) + +``` +src/Modules/{X}/Modules.{X}.Contracts/v1/{Area}/{Feature}Command.cs # ICommand/IQuery +src/Modules/{X}/Modules.{X}.Contracts/Dtos/{Entity}Dto.cs # response DTOs (if any) +src/Modules/{X}/Modules.{X}/Features/v1/{Area}/{Feature}/ +├── {Feature}CommandHandler.cs # public sealed, injects the DbContext directly +├── {Feature}CommandValidator.cs # required for commands + paginated queries +└── {Feature}Endpoint.cs # internal static extension +``` + +## Step 1 — Command/Query (Contracts project) + +`Mediator` interfaces (`using Mediator;`). Records. A create command can return the raw `Guid`. + +```csharp +namespace FSH.Modules.{X}.Contracts.v1.{Area}; + +public sealed record Create{Entity}Command(string Name, decimal PriceAmount, string PriceCurrency) + : ICommand; +``` + +Read/list DTOs go in `Modules.{X}.Contracts/Dtos/`. Paginated queries return `PagedResponse` +(`FSH.Framework.Shared.Persistence`) — see `query-patterns`. + +## Step 2 — Handler (runtime `Features/`) — inject the DbContext, NOT a repository + +There is **no generic `IRepository`**. Inject the module's `{X}DbContext`. `public sealed`, primary +ctor, `ValueTask`, `.ConfigureAwait(false)`, guard first. Tenant/audit fields are auto-stamped — only +inject `ICurrentUser` if you need the acting user (`GetUserId()` / `GetTenant()`). + +```csharp +public sealed class Create{Entity}CommandHandler(CatalogDbContext dbContext) + : ICommandHandler +{ + public async ValueTask Handle(Create{Entity}Command command, CancellationToken cancellationToken) + { + ArgumentNullException.ThrowIfNull(command); + + var entity = {Entity}.Create(command.Name, new Money(command.PriceAmount, command.PriceCurrency)); + dbContext.{Entities}.Add(entity); + await dbContext.SaveChangesAsync(cancellationToken).ConfigureAwait(false); + return entity.Id; + } +} +``` + +Throw `NotFoundException` / `CustomException(msg, errors, HttpStatusCode)` (`FSH.Framework.Core.Exceptions`) — the global handler maps them to ProblemDetails. + +## Step 3 — Validator (required; same folder) + +```csharp +public sealed class Create{Entity}CommandValidator : AbstractValidator +{ + public Create{Entity}CommandValidator() + { + RuleFor(x => x.Name).NotEmpty().MaximumLength(200); + RuleFor(x => x.PriceCurrency).NotEmpty().Length(3); + } +} +``` + +`Architecture.Tests` fails the build if a command/paginated-query handler has no `{Name}Validator`. + +## Step 4 — Endpoint (same folder) + +```csharp +public static class Create{Entity}Endpoint +{ + internal static RouteHandlerBuilder MapCreate{Entity}Endpoint(this IEndpointRouteBuilder endpoints) => + endpoints.MapPost("/{entities}", + async (Create{Entity}Command command, IMediator mediator, CancellationToken ct) => + Results.Ok(await mediator.Send(command, ct))) + .WithName("Create{Entity}") + .WithSummary("Create a {entity}") + .RequirePermission({X}Permissions.{Entities}.Create) + .WithIdempotency(); // on replay-safe POSTs +} +``` + +## Step 5 — Wire it in `{X}Module.MapEndpoints` + +```csharp +group.MapCreate{Entity}Endpoint(); // group = endpoints.MapGroup("api/v{version:apiVersion}/{x}") … +``` + +## Step 6 — Verify + +```bash +dotnet build src/FSH.Starter.slnx # 0 warnings (TreatWarningsAsErrors) +dotnet test src/Tests/{X}.Tests # + add a handler/validator test (see testing-guide) +``` + +## Checklist + +- [ ] Command/Query in the **Contracts** project (`using Mediator;`), DTOs in `Contracts/Dtos/` +- [ ] Handler `public sealed`, injects `{X}DbContext` (no repository), `ValueTask` + `.ConfigureAwait(false)` +- [ ] `{Name}Validator` exists +- [ ] Endpoint `internal static …Map{Feature}Endpoint`, `.RequirePermission(...)`, `.WithName/.WithSummary` +- [ ] Wired in `{X}Module.MapEndpoints` +- [ ] Build 0 warnings; test added diff --git a/.agents/skills/add-full-slice/SKILL.md b/.agents/skills/add-full-slice/SKILL.md new file mode 100644 index 0000000000..00bb5d2e75 --- /dev/null +++ b/.agents/skills/add-full-slice/SKILL.md @@ -0,0 +1,50 @@ +--- +name: add-full-slice +description: Build a capability end-to-end — backend vertical slice (Contracts→handler→validator→endpoint) AND the React page wired to it. Use when delivering a user-facing feature across API + UI. Composes add-feature + add-react-page. +argument-hint: [ModuleName] [admin|dashboard] [FeatureName] +--- + +# Add Full Slice (backend → frontend) + +The kit's accelerator: deliver a feature from database to UI in one pass. This skill **composes** +`add-feature` (backend) and `add-react-page` (frontend) — follow each for the detailed code; this file is +the order of operations and the **contract** that keeps the two halves in sync. + +## Order of operations + +1. **Backend slice** — `add-feature` (and `add-entity` first if a new entity is needed): + - Command/Query + response DTO in `Modules.{X}.Contracts/v1/{Area}/` (+ `Contracts/Dtos/`). + - Handler (`public sealed`, injects `{X}DbContext`), Validator, Endpoint (`internal static Map…Endpoint`, `.RequirePermission(...)`). + - Wire in `{X}Module.MapEndpoints`. Build + test backend green. +2. **Lock the contract** — note the final **route path**, HTTP method, request shape, and response DTO field names/casing. The React side must match these exactly. +3. **Frontend page** — `add-react-page` in the chosen app: + - API module calls the **same path**; hand-write TS types mirroring the **response DTO** (the API serializes C# records as camelCase JSON — TS fields are camelCase even though admin *query params* are PascalCase). + - Page (`useQuery`/`useMutation`), route (`RouteGuard` for admin / `withSuspense` for dashboard). +4. **Permission** — if the endpoint is gated, mirror the constant into admin's `lib/permissions.ts` and gate the route (`add-permission`). Dashboard relies on the server 403. +5. **Tests both sides** — backend handler/validator test (xUnit/Shouldly/NSubstitute) + frontend Playwright spec (route-mocked). + +## The contract (the thing that breaks if you're sloppy) + +| Backend | Frontend must match | +|---|---| +| Endpoint route `api/v{n}/{module}/{resources}` | `apiFetch` path | +| Request: the `Command`/`Query` record fields | request body / query-param keys (admin params PascalCase; **body JSON camelCase**) | +| Response: the DTO record (camelCase JSON) | the hand-written TS `type` | +| `.RequirePermission({X}Permissions...)` | (admin) `RouteGuard perms` + the mirrored constant | +| Paginated → `PagedResponse` | `PagedResponse` (admin: `@/lib/api-types`; dashboard: inline) | + +## Verify end-to-end + +```bash +dotnet build src/FSH.Starter.slnx && dotnet test src/Tests/{X}.Tests +cd clients/{app} && npm run lint && npm run test:e2e +# optional manual check: dotnet run --project src/Host/FSH.Starter.AppHost (brings up API + both apps) +``` + +## Checklist + +- [ ] Backend slice complete + green (`add-feature`) +- [ ] Contract locked: route, request shape, response DTO field names +- [ ] Frontend api module path + TS types match the contract (body JSON camelCase) +- [ ] Page + route added (`add-react-page`); admin permission mirrored + gated (`add-permission`) +- [ ] Backend test + Playwright test added; both suites green diff --git a/.agents/skills/add-integration-event/SKILL.md b/.agents/skills/add-integration-event/SKILL.md new file mode 100644 index 0000000000..71f3809085 --- /dev/null +++ b/.agents/skills/add-integration-event/SKILL.md @@ -0,0 +1,94 @@ +--- +name: add-integration-event +description: Publish a cross-module integration event via the Outbox and handle it idempotently in another module. Use when one module must react to something that happened in another. See .agents/rules/eventing.md. +argument-hint: [SourceModule] [EventName] [ConsumerModule] +--- + +# Add Integration Event + +Cross-module communication goes through **integration events + the Outbox** (transactional, crash-safe) — +never a direct in-process call into another module's runtime, and never `IEventBus.PublishAsync` from a +handler. Full model: `.agents/rules/eventing.md`. + +## Step 1 — Define the event (source module's Contracts) + +`Modules.{Source}.Contracts/Events/{Event}IntegrationEvent.cs` — implement `IIntegrationEvent`: + +```csharp +public sealed record {Event}IntegrationEvent( + Guid Id, + DateTime OccurredOnUtc, + string? TenantId, + string CorrelationId, + string Source, + Guid {Entity}Id, + string SomePayload) : IIntegrationEvent; +``` + +⚠️ Don't rename/move this type later — the outbox stores its assembly-qualified name; a rename makes +`Type.GetType()` return null and the message dead-letters. Keep the type name + namespace stable. + +## Step 2 — Publish via the Outbox (source handler) + +The source module must have eventing wired (`add-module` Step 1): `AddEventingCore` + `AddEventingForDbContext<{Source}DbContext>`. Inject `IOutboxStore` and add the event in the same unit of work: + +```csharp +public sealed class Do{Thing}CommandHandler({Source}DbContext db, IOutboxStore outbox) + : ICommandHandler +{ + public async ValueTask Handle(Do{Thing}Command command, CancellationToken cancellationToken) + { + // … mutate entities, db.SaveChangesAsync … + var evt = new {Event}IntegrationEvent( + Id: Guid.CreateVersion7(), + OccurredOnUtc: DateTime.UtcNow, + TenantId: /* current tenant */, + CorrelationId: Guid.NewGuid().ToString(), + Source: "{Source}", + {Entity}Id: entity.Id, + SomePayload: "…"); + await outbox.AddAsync(evt, cancellationToken).ConfigureAwait(false); + return Unit.Value; + } +} +``` + +The `OutboxDispatcherHostedService` later publishes it via `IEventBus`. + +## Step 3 — Handle it (consumer module) + +`Modules.{Consumer}/IntegrationEventHandlers/{Event}IntegrationEventHandler.cs` — `sealed`, implement `IIntegrationEventHandler`: + +```csharp +public sealed class {Event}IntegrationEventHandler({Consumer}DbContext db /*, IHubContext hub */) + : IIntegrationEventHandler<{Event}IntegrationEvent> +{ + public async Task HandleAsync({Event}IntegrationEvent @event, CancellationToken cancellationToken) + { + ArgumentNullException.ThrowIfNull(@event); + // … write to the consumer's tables / push a notification … + await db.SaveChangesAsync(cancellationToken).ConfigureAwait(false); + } +} +``` + +Register the consumer's handlers in its `ConfigureServices`: + +```csharp +builder.Services.AddIntegrationEventHandlers(typeof({Consumer}Module).Assembly); +``` + +## Gotchas + +- **Idempotency is free** with the in-memory bus (the Inbox dedups by `{eventId, handlerName}`) — don't hand-roll it. +- The in-memory bus runs handlers **synchronously in the publisher's scope** — keep the handler lean; a throw surfaces to the originating request. +- If the handler reads a **tenant-filtered** DbContext from a background path (open-generic handler, Hangfire job), restore Finbuckle context first via `IMultiTenantContextSetter` (see `WebhookFanoutHandler`). +- **Module load order:** the consumer must load before the publisher if it must react (`Order` in `[assembly: FshModule]`) — e.g. Notifications (750) before Chat (800). + +## Checklist + +- [ ] Event in source Contracts, implements `IIntegrationEvent`, stable type name +- [ ] Source module has `AddEventingCore` + `AddEventingForDbContext`; published via `IOutboxStore.AddAsync` (not the bus) +- [ ] Consumer handler `sealed : IIntegrationEventHandler`; `AddIntegrationEventHandlers(assembly)` registered +- [ ] Background readers restore tenant context; module `Order` lets the consumer load first +- [ ] Build + tests green diff --git a/.agents/skills/add-module/SKILL.md b/.agents/skills/add-module/SKILL.md new file mode 100644 index 0000000000..6383fb9d2e --- /dev/null +++ b/.agents/skills/add-module/SKILL.md @@ -0,0 +1,135 @@ +--- +name: add-module +description: Create a new module (bounded context) — runtime + Contracts projects, IModule, DbContext, permissions, migrations, and the four registration sites. Use when adding a distinct business domain. For a feature in an existing module, use add-feature. +argument-hint: [ModuleName] +--- + +# Add Module + +High-ceremony. The part people get wrong is **registration — a module must be wired in FOUR places** +(see Step 6). Architecture rules: `.agents/rules/architecture.md`. + +## Projects + +``` +src/Modules/{Name}/ +├── Modules.{Name}/ ← runtime (internal): Domain/, Data/, Features/v1/, {Name}Module.cs +└── Modules.{Name}.Contracts/ ← public API: v1/ (commands/queries), Dtos/, Authorization/, Events/ +``` + +**Copy an existing module's two `.csproj` files** (e.g. `Modules.Catalog`) and rename — don't hand-write +project references. The runtime project references its Contracts project + the BuildingBlocks it needs; +the Contracts project references `Mediator` + shared contracts. + +## Step 1 — `[FshModule]` is an ASSEMBLY attribute (not class-level) + +In `{Name}Module.cs`, above the namespace: + +```csharp +[assembly: FshModule(typeof(FSH.Modules.{Name}.{Name}Module), 900)] // (Type, order) + +namespace FSH.Modules.{Name}; + +public sealed class {Name}Module : IModule +{ + public void ConfigureServices(IHostApplicationBuilder builder) + { + ArgumentNullException.ThrowIfNull(builder); + PermissionConstants.Register({Name}Permissions.All); + builder.Services.AddHeroDbContext<{Name}DbContext>(); + builder.Services.AddScoped(); + + // Only if the module publishes/handles integration events: + // builder.Services.AddEventingCore(builder.Configuration); + // builder.Services.AddEventingForDbContext<{Name}DbContext>(); + // builder.Services.AddIntegrationEventHandlers(typeof({Name}Module).Assembly); + + builder.Services.AddHealthChecks() + .AddDbContextCheck<{Name}DbContext>(name: "db:{name}"); + } + + public void ConfigureMiddleware(IApplicationBuilder app) { } // optional, runs after auth + + public void MapEndpoints(IEndpointRouteBuilder endpoints) + { + ArgumentNullException.ThrowIfNull(endpoints); + var versionSet = endpoints.NewApiVersionSet().HasApiVersion(new ApiVersion(1)).ReportApiVersions().Build(); + var group = endpoints.MapGroup("api/v{version:apiVersion}/{name}") + .WithTags("{Name}").WithApiVersionSet(versionSet).RequireAuthorization(); + // group.MapCreate{Entity}Endpoint(); … + } +} +``` + +`Order` controls load sequence (Auditing 300, Files 350, Webhooks 400, Billing 500, Catalog 600, Tickets 700, Notifications 750, Chat 800). If your module consumes another's events, load after it. + +## Step 2 — Permissions (Contracts/Authorization) + +`{Name}Permissions` with nested resource classes and an `All` collection registered via `PermissionConstants.Register({Name}Permissions.All)`. Mirror the shape of `CatalogPermissions`. + +## Step 3 — DbContext (extends `BaseDbContext`) + +```csharp +public sealed class {Name}DbContext : BaseDbContext +{ + public const string Schema = "{name}"; + + public {Name}DbContext( + IMultiTenantContextAccessor multiTenantContextAccessor, + DbContextOptions<{Name}DbContext> options, + IOptions settings, + IHostEnvironment environment) + : base(multiTenantContextAccessor, options, settings, environment) { } + + public DbSet<{Entity}> {Entities} => Set<{Entity}>(); + + protected override void OnModelCreating(ModelBuilder modelBuilder) + { + ArgumentNullException.ThrowIfNull(modelBuilder); + modelBuilder.HasDefaultSchema(Schema); + modelBuilder.ApplyConfigurationsFromAssembly(typeof({Name}DbContext).Assembly); + base.OnModelCreating(modelBuilder); // MUST be last — applies tenant + soft-delete filters + } +} +``` + +## Step 4 — Solution + project references + +```bash +dotnet sln src/FSH.Starter.slnx add src/Modules/{Name}/Modules.{Name}/Modules.{Name}.csproj +dotnet sln src/FSH.Starter.slnx add src/Modules/{Name}/Modules.{Name}.Contracts/Modules.{Name}.Contracts.csproj +``` + +Add a `` to the runtime module from **both** `FSH.Starter.Api` and `FSH.Starter.DbMigrator`, and reference the runtime project from `FSH.Starter.Migrations.PostgreSQL`. + +## Step 5 — Migrations folder + +Add a `{Name}/` folder in `src/Host/FSH.Starter.Migrations.PostgreSQL`, then create the initial migration (see **create-migration**) with `--context {Name}DbContext`. + +## Step 6 — ⚠️ Register in ALL FOUR places (the footgun) + +Identical edits in **both** `FSH.Starter.Api/Program.cs` **and** `FSH.Starter.DbMigrator/Program.cs`: + +1. Mediator `o.Assemblies` — add **two** markers: a Contracts type (e.g. `typeof(FSH.Modules.{Name}.Contracts.{Name}ContractsMarker)`) **and** the module type (`typeof({Name}Module)`). +2. `moduleAssemblies` array — add `typeof({Name}Module).Assembly`. + +Miss the Mediator marker → handlers silently undiscovered. Miss the assembly entry → module never loads. Miss the DbMigrator pair → migrate/seed skips the module. + +## Step 7 — Verify + +```bash +dotnet build src/FSH.Starter.slnx # 0 warnings +dotnet test src/Tests/Architecture.Tests # boundary + tenant-isolation rules must pass +dotnet test src/FSH.Starter.slnx +``` + +## Checklist + +- [ ] Two projects (copied csproj), added to `.slnx`, referenced from Api + DbMigrator (+ Migrations) +- [ ] `[assembly: FshModule(typeof({Name}Module), order)]` (assembly-level, positional) +- [ ] `IModule`: `AddHeroDbContext()`, `PermissionConstants.Register`, version-set group, eventing trio if needed +- [ ] `{Name}DbContext : BaseDbContext`, 4-arg ctor, `base.OnModelCreating` last +- [ ] `{Name}Permissions` in Contracts/Authorization +- [ ] Migrations folder + initial migration (`--context {Name}DbContext`) +- [ ] **Registered in all four places** (Api + DbMigrator × Mediator + moduleAssemblies) +- [ ] Build + Architecture.Tests green diff --git a/.agents/skills/add-permission/SKILL.md b/.agents/skills/add-permission/SKILL.md new file mode 100644 index 0000000000..8f5e637ce1 --- /dev/null +++ b/.agents/skills/add-permission/SKILL.md @@ -0,0 +1,72 @@ +--- +name: add-permission +description: Add a new permission end-to-end — server constant + endpoint gate, and (admin app) mirror it into the permissions catalog + route guard. Use when a new endpoint needs authorization. See modules/identity.md + frontend/admin.md. +argument-hint: [ModuleName] [Resource] [Action] +--- + +# Add Permission + +A permission spans server + the admin app. The dashboard app does **not** mirror permissions — it reads +them from the JWT and relies on the server's 403. + +## Step 1 — Server constant (`Modules.{X}.Contracts/Authorization/{X}Permissions.cs`) + +Add the constant to the resource group and ensure it's in the module's `All` collection. Convention: +`Permissions.{Resource}.{Action}`. + +```csharp +public static class {X}Permissions +{ + public static class {Resources} + { + public const string View = "Permissions.{Resources}.View"; + public const string Create = "Permissions.{Resources}.Create"; // ← new + } + public static IReadOnlyList All { get; } = [ /* … include the new one … */ ]; +} +``` + +The module already calls `PermissionConstants.Register({X}Permissions.All)` in `ConfigureServices`, so a new entry in `All` is picked up automatically. + +## Step 2 — Gate the endpoint + +```csharp +.RequirePermission({X}Permissions.{Resources}.Create); +``` + +⚠️ `RequiredPermissionAttribute` implements `IRequiredPermissionMetadata`. **Never let a second/duplicate of that interface exist** — it silently disables **all** `.RequirePermission()` gates app-wide. (See `.agents/rules/modules/identity.md`.) + +## Step 3 — (admin only) mirror it + +`clients/admin/src/lib/permissions.ts` — add the matching string to the frozen tree (no runtime catalog endpoint exists; mirror by hand): + +```ts +export const {Module}Permissions = Object.freeze({ + {Resources}: { View: "Permissions.{Resources}.View", Create: "Permissions.{Resources}.Create" }, +} as const); +``` + +If it should appear in the Role editor UI, add a `PERMISSION_CATALOG` entry (`{ name, description, root?, basic? }` under the right category group). + +## Step 4 — (admin only) gate the route + +```tsx +{ path: "{resources}/new", + element: }, +``` + +## Step 5 — (admin only) seed it in tests + +So `RouteGuard` passes on first paint, add the new permission to the test seed set (`ADMIN_PERMS` in `clients/admin/tests/helpers/shell-mocks.ts`, used by `seedAuthedSession`). + +## Dashboard + +No mirror, no `RouteGuard`. The permission rides in the JWT (`claims.permissions`) and the server enforces it; a missing permission yields a 403 the UI surfaces. Nothing to add client-side beyond consuming the gated endpoint. + +## Checklist + +- [ ] Server constant added to `{X}Permissions` **and** its `All` collection +- [ ] Endpoint gated with `.RequirePermission(...)`; no duplicate `IRequiredPermissionMetadata` +- [ ] (admin) mirrored in `lib/permissions.ts` (+ `PERMISSION_CATALOG` if role-editor-visible) +- [ ] (admin) route wrapped in ``; permission added to `ADMIN_PERMS` test seed +- [ ] Build green; admin `test:e2e` green diff --git a/.agents/skills/add-react-page/SKILL.md b/.agents/skills/add-react-page/SKILL.md new file mode 100644 index 0000000000..4dd83d1837 --- /dev/null +++ b/.agents/skills/add-react-page/SKILL.md @@ -0,0 +1,121 @@ +--- +name: add-react-page +description: Add a list+create page to a React app (clients/admin or clients/dashboard) — API module, page, lazy route, (admin) permission gate, Playwright test. Use when adding any frontend screen. See .agents/rules/frontend/. +argument-hint: [admin|dashboard] [Area] [Resource] +--- + +# Add React Page + +The frontend slice. Read `.agents/rules/frontend/shared.md` plus the app file (`frontend/admin.md` / +`frontend/dashboard.md`) — the two apps **deliberately diverge**: + +| | **admin** (operator) | **dashboard** (tenant) | +|---|---|---| +| Query params | PascalCase (`PageNumber`, `Search`) | camelCase (`pageNumber`, `search`) | +| `PagedResponse` | import from `@/lib/api-types` | re-declare inline in the api module | +| Path constant | `const BASE = "/api/v1/..."` | inline the full path per call | +| Forms | **react-hook-form + zod** | **hand-rolled** controlled inputs (no RHF/zod) | +| List + create | separate routed pages (`list.tsx`, `create.tsx`) | one file with `` editors | +| Route wrapper | `` | `withSuspense()` (no permission gate) | +| Permissions | mirror in `src/lib/permissions.ts` | none — JWT claims + server 403 | + +Shared everywhere: types are **hand-written** (no codegen); `apiFetch` from `@/lib/api-client`; `cn()` from `@/lib/cn`; `env.apiBase` from runtime `/config.json`; CVA `components/ui` + `components/list` primitives; Tailwind v4 CSS-first (tokens in `src/styles/globals.css`); `toast` from `sonner`; pages are **named exports**; `placeholderData: keepPreviousData` (v5). + +## Step 1 — API module (`src/api/{resource}.ts`) + +Hand-write the DTO/param/input types and thin `apiFetch` functions. + +```ts +// admin +import { apiFetch } from "@/lib/api-client"; +import type { PagedResponse } from "@/lib/api-types"; +const BASE = "/api/v1/{module}/{resources}"; + +export type {Resource}Dto = { id: string; name: string; /* … */ }; + +export async function search{Resources}(p: { pageNumber?: number; search?: string } = {}) { + const q = new URLSearchParams(); + q.set("PageNumber", String(p.pageNumber ?? 1)); + q.set("PageSize", "10"); + if (p.search?.trim()) q.set("Search", p.search.trim()); + return apiFetch>(`${BASE}/search?${q}`); +} +export async function create{Resource}(input: Create{Resource}Input) { + return apiFetch<{ id: string }>(BASE, { method: "POST", body: JSON.stringify(input) }); +} +``` + +(dashboard: inline `type PagedResponse = …`, inline the path, camelCase params, mutations often return `Promise`.) + +## Step 2 — Page (`src/pages/{area}/...tsx`, named export) + +```tsx +export function {Resource}ListPage() { + const [search, setSearch] = useState(""); // debounce → reset page to 1 on change + const [pageNumber, setPage] = useState(1); + const query = useQuery({ + queryKey: ["{resources}", { pageNumber, search }], // hierarchical; params object last + queryFn: () => search{Resources}({ pageNumber, search: search || undefined }), + placeholderData: keepPreviousData, + }); + // render with components/ui/* + components/list/* (admin: PageHeader/Field…; dashboard: Entity* family) +} +``` + +## Step 3 — Mutation (race-safe `mutate(arg)`) + +Pass per-call data through `mutate(arg)`; read it from the callback `variables` — never from a closed-over render variable. + +```tsx +const qc = useQueryClient(); +const createMut = useMutation({ + mutationFn: (input: Create{Resource}Input) => create{Resource}(input), + onSuccess: () => { toast.success("Created"); qc.invalidateQueries({ queryKey: ["{resources}"] }); }, + onError: (e) => toast.error(e instanceof ApiRequestError ? e.message : "Failed"), +}); +// admin: const form = useForm({ resolver: zodResolver(schema) }); form.handleSubmit(v => createMut.mutate(v)) +// dashboard: controlled useState fields; onSubmit(e){ e.preventDefault(); createMut.mutate(payload); } +``` + +If you need to track the in-flight item (e.g. a per-row busy state), use `onMutate: (arg) => setBusyId(arg)` reading the `mutate(arg)` value (pattern: `admin/src/pages/settings/sessions.tsx`). + +## Step 4 — Register the route (`routes.tsx`) + +```tsx +const {Resource}ListPage = lazyNamed(() => import("@/pages/{area}/list"), "{Resource}ListPage"); +// admin — under AppShell.children, gated: +{ path: "{resources}", element: <{Resource}ListPage /> }, +// dashboard — under AppShell.children, suspense only: +{ path: "{area}/{resources}", element: withSuspense(<{Resource}ListPage />) }, +``` + +## Step 5 — (admin only) mirror the permission + +Add the constant to `src/lib/permissions.ts` (`{Module}Permissions.{Resources}.View` = `"Permissions.{Resources}.View"`), and a `PERMISSION_CATALOG` entry if it belongs in the Role editor. See `add-permission`. + +## Step 6 — Playwright test (`tests/{area}/{resource}.spec.ts`) + +```ts +test.beforeEach(async ({ page }) => { + // admin: seedAuthedSession(page, { ...TEST_USER, permissions: [...ADMIN_PERMS] }); await installAdminShellMocks(page); + // dashboard: await seedAuthedSession(page, TEST_USER); await installShellMocks(page); + await mockJsonResponse(page, "**/api/v1/{module}/{resources}**", paged([SAMPLE])); // page mocks AFTER shell mocks +}); +``` + +Use `mockProblemDetails(...)` for error states. Dashboard: scope row assertions with `.last()` / dialog scoping (lists render mobile + desktop copies → strict-mode double match). + +## Step 7 — Verify + +```bash +cd clients/{app} && npm run lint && npm run test:e2e +``` + +## Checklist + +- [ ] API module: hand-written types, `apiFetch`, correct param casing per app (Pascal=admin, camel=dashboard) +- [ ] Page is a **named export**; `useQuery` key hierarchical + `placeholderData: keepPreviousData` +- [ ] Mutation passes data via `mutate(arg)`, invalidates in `onSuccess` +- [ ] Route via `lazyNamed`; admin wraps in ``, dashboard in `withSuspense` +- [ ] (admin) permission mirrored in `lib/permissions.ts` +- [ ] Playwright test: seed + shell mocks + page mocks; `lint` + `test:e2e` green diff --git a/.agents/skills/create-migration/SKILL.md b/.agents/skills/create-migration/SKILL.md new file mode 100644 index 0000000000..399a8872c3 --- /dev/null +++ b/.agents/skills/create-migration/SKILL.md @@ -0,0 +1,77 @@ +--- +name: create-migration +description: Create and apply an EF Core migration for a module's DbContext the FSH way (central Migrations project, per-module folder, correct --context). Use after changing entities/EF config. See .agents/rules/database.md. +argument-hint: [ModuleName] [MigrationName] +--- + +# Create Migration + +All migrations live in **one** project — `src/Host/FSH.Starter.Migrations.PostgreSQL` — but are foldered +**per module/context** (`Catalog/`, `Identity/`, …), each with its own `{X}DbContextModelSnapshot`. The DB +is **not** migrated at API startup; the `DbMigrator` host applies it. + +## Step 0 — restore the pinned tool (first time) + +```bash +dotnet tool restore # dotnet-ef is pinned in .config/dotnet-tools.json +``` + +## Step 1 — BUILD FIRST (snapshot footgun) + +`dotnet ef migrations add` reads the **current snapshot**, which is regenerated from a build. If you skip +the build after editing entities/config, you can generate against a stale snapshot and lose changes. Also, +`migrations remove` rewrites the snapshot — only remove the latest, and rebuild after. + +```bash +dotnet build src/FSH.Starter.slnx +``` + +## Step 2 — add the migration + +Specify **all three** of `--project` (the Migrations project), `--startup-project` (the API host), and +`--context {X}DbContext`. Use `--output-dir {X}` so it lands in that module's folder (match the existing +folder for the context). + +```bash +dotnet ef migrations add {MigrationName} \ + --project src/Host/FSH.Starter.Migrations.PostgreSQL \ + --startup-project src/Host/FSH.Starter.Api \ + --context {X}DbContext \ + --output-dir {X} +``` + +## Step 3 — review the generated SQL before applying + +```bash +dotnet ef migrations script --idempotent \ + --project src/Host/FSH.Starter.Migrations.PostgreSQL \ + --startup-project src/Host/FSH.Starter.Api \ + --context {X}DbContext +``` + +Check for: unintended table/column drops, non-nullable columns added without a default to an existing +table, and renames surfacing as drop+add (data loss). Adjust the model or hand-edit the migration if needed. + +## Step 4 — apply + +Preferred (the canonical path — migrates the tenant catalog then each tenant's per-module schema): + +```bash +dotnet run --project src/Host/FSH.Starter.DbMigrator -- apply +dotnet run --project src/Host/FSH.Starter.DbMigrator -- list-pending # to preview first +``` + +(Or, single-context local dev, `dotnet ef database update --context {X}DbContext --project … --startup-project …`.) + +## Notes + +- A **new module** also needs a `{X}/` folder in the Migrations project and the runtime project referenced from it — see `add-module`. +- `dotnet ef` against a `BaseDbContext` works because the 4-arg ctor is satisfied by the startup host's DI. + +## Checklist + +- [ ] `dotnet tool restore` done (first time) +- [ ] Built **before** `migrations add` +- [ ] `--context {X}DbContext` + `--output-dir {X}` (lands in the right folder) +- [ ] Reviewed the generated SQL for data loss +- [ ] Applied via DbMigrator `apply` (or `ef database update` for one context locally) diff --git a/.agents/skills/mediator-reference/SKILL.md b/.agents/skills/mediator-reference/SKILL.md new file mode 100644 index 0000000000..04ae1ef766 --- /dev/null +++ b/.agents/skills/mediator-reference/SKILL.md @@ -0,0 +1,69 @@ +--- +name: mediator-reference +description: CQRS interface reference for FSH. This project uses the Mediator source generator, NOT MediatR. Reference when implementing commands, queries, and handlers. +user-invocable: false +--- + +# Mediator Reference + +⚠️ **FSH uses the `Mediator` source-generator package (`using Mediator;`), NOT `MediatR`.** Different +interfaces — MediatR types won't compile. The CQRS interfaces below are the library's own (no FSH wrapper). + +## Interfaces + +| Purpose | ✅ Mediator (use) | ❌ MediatR (don't) | +|---|---|---| +| Command | `ICommand` | `IRequest` | +| Query | `IQuery` | `IRequest` | +| Command handler | `ICommandHandler` | `IRequestHandler<…>` | +| Query handler | `IQueryHandler` | `IRequestHandler<…>` | +| Notification / domain event | `INotification` (`IDomainEvent : INotification`) | `INotification` | + +## Pattern + +```csharp +// Command/Query → the Contracts project (Modules.{X}.Contracts/v1/{Area}/) +public sealed record Create{Entity}Command(string Name) : ICommand; + +// Handler → the runtime project (Modules.{X}/Features/v1/{Area}/{Feature}/), public sealed +public sealed class Create{Entity}CommandHandler({X}DbContext db) + : ICommandHandler +{ + public async ValueTask Handle(Create{Entity}Command command, CancellationToken cancellationToken) + { + // … + } +} +``` + +Rules: handlers return **`ValueTask`** (not `Task`); parameter named `command`/`query` (not `request`); +`public sealed`; `.ConfigureAwait(false)` on awaits. Send via `mediator.Send(command, ct)` (the `IMediator` +interface name matches MediatR's — that part is fine). + +## Registration — the four places + +The source generator only scans assemblies listed in `o.Assemblies`, and that list exists in **two host +files**. A new module needs **two markers** (a Contracts type **and** the module type) added to the Mediator +list **plus** an entry in the `moduleAssemblies` array — in **both** `FSH.Starter.Api/Program.cs` **and** +`FSH.Starter.DbMigrator/Program.cs`: + +```csharp +builder.Services.AddMediator(o => +{ + o.ServiceLifetime = ServiceLifetime.Scoped; + o.Assemblies = [ + /* … */ + typeof(FSH.Modules.{X}.Contracts.{X}ContractsMarker), // Contracts assembly + typeof(FSH.Modules.{X}.{X}Module)]; // runtime assembly +}); +``` + +See `add-module` for the full procedure. + +## Common errors + +| Symptom | Cause → fix | +|---|---| +| `IRequest` / `IRequestHandler<,>` not found | MediatR interface → use `ICommand`/`IQuery` + `ICommandHandler`/`IQueryHandler` | +| `Task` vs `ValueTask` mismatch | Handler must return `ValueTask` | +| Handler not invoked at runtime | Assembly missing from `o.Assemblies` (in one or both Program.cs files) | diff --git a/.agents/skills/query-patterns/SKILL.md b/.agents/skills/query-patterns/SKILL.md new file mode 100644 index 0000000000..17db664d12 --- /dev/null +++ b/.agents/skills/query-patterns/SKILL.md @@ -0,0 +1,112 @@ +--- +name: query-patterns +description: Implement read queries — paginated lists, search/filter/sort, and single-entity fetches — the FSH way (DbContext LINQ + PagedResponse). Use when adding GET endpoints. See also add-feature. +--- + +# Query Patterns + +The dominant pattern is **raw `IQueryable` on the module DbContext** (`AsNoTracking`) with manual +pagination. There is **no generic repository** and **no `PaginatedListAsync`/`EntitiesByPaginationFilterSpec`/ +`PaginationFilter`**. Paged results are `PagedResponse` (`FSH.Framework.Shared.Persistence`) — there is no `PagedList`. + +## Paginated search query + +```csharp +// Contracts/v1/{Area}/ +public sealed record Search{Entities}Query( + string? Search = null, + bool? IsActive = null, + int PageNumber = 1, + int PageSize = 20, + string? SortBy = null, + string? SortDir = null) : IQuery>; +``` + +```csharp +// Features/v1/{Area}/Search{Entities}/ +public sealed class Search{Entities}QueryHandler({X}DbContext dbContext) + : IQueryHandler> +{ + public async ValueTask> Handle( + Search{Entities}Query query, CancellationToken cancellationToken) + { + ArgumentNullException.ThrowIfNull(query); + int page = query.PageNumber < 1 ? 1 : query.PageNumber; + int size = Math.Clamp(query.PageSize, 1, 100); + + var q = dbContext.{Entities}.AsNoTracking().AsQueryable(); + if (!string.IsNullOrWhiteSpace(query.Search)) + q = q.Where(x => EF.Functions.ILike(x.Name, $"%{query.Search}%")); + if (query.IsActive is { } active) + q = q.Where(x => x.IsActive == active); + + q = ApplySort(q, query.SortBy, query.SortDir); + + long total = await q.LongCountAsync(cancellationToken).ConfigureAwait(false); + var items = await q.Skip((page - 1) * size).Take(size) + .ToListAsync(cancellationToken).ConfigureAwait(false); + + return new PagedResponse<{Entity}Dto> + { + Items = items.Select(x => x.ToDto()).ToList(), + PageNumber = page, PageSize = size, + TotalCount = total, + TotalPages = (int)Math.Ceiling(total / (double)size) + }; + } + + private static IQueryable<{Entity}> ApplySort(IQueryable<{Entity}> q, string? by, string? dir) + { + bool desc = string.Equals(dir, "desc", StringComparison.OrdinalIgnoreCase); + return by?.ToLowerInvariant() switch + { + "name" => desc ? q.OrderByDescending(x => x.Name) : q.OrderBy(x => x.Name), + _ => q.OrderByDescending(x => x.CreatedOnUtc) + }; + } +} +``` + +Tenant + soft-delete filters apply automatically — don't re-filter them. Project to a DTO (`.ToDto()` mapper); never return entities. + +## Single-entity query + +```csharp +public sealed record Get{Entity}Query(Guid Id) : IQuery<{Entity}Dto>; + +public sealed class Get{Entity}QueryHandler({X}DbContext dbContext) + : IQueryHandler +{ + public async ValueTask<{Entity}Dto> Handle(Get{Entity}Query query, CancellationToken cancellationToken) + { + ArgumentNullException.ThrowIfNull(query); + var entity = await dbContext.{Entities}.AsNoTracking() + .FirstOrDefaultAsync(x => x.Id == query.Id, cancellationToken).ConfigureAwait(false) + ?? throw new NotFoundException($"{Entity} {query.Id} not found"); + return entity.ToDto(); + } +} +``` + +## Endpoints + +```csharp +// list — bind the query with [AsParameters] +endpoints.MapGet("/{entities}", async ([AsParameters] Search{Entities}Query query, + IMediator mediator, CancellationToken ct) => Results.Ok(await mediator.Send(query, ct))) + .WithName("Search{Entities}").RequirePermission({X}Permissions.{Entities}.View); + +// single +endpoints.MapGet("/{entities}/{id:guid}", async (Guid id, + IMediator mediator, CancellationToken ct) => Results.Ok(await mediator.Send(new Get{Entity}Query(id), ct))) + .WithName("Get{Entity}").RequirePermission({X}Permissions.{Entities}.View); +``` + +A paginated query **needs a validator** (`Search{Entities}QueryValidator`: `PageNumber >= 1`, `PageSize` in `[1,100]`) — enforced by `Architecture.Tests`. + +## When to use a Specification instead + +`Specification` (`src/BuildingBlocks/Persistence/Specifications/`) is for **composing reusable query +shapes** (`protected Where(...)`/`Include(...)`/`OrderBy(...)` in a derived spec's ctor; `AsNoTracking` +defaults true; specs never paginate). Reach for it when the same filter/include set is shared across +handlers; otherwise inline LINQ is the norm here. diff --git a/.agents/skills/testing-guide/SKILL.md b/.agents/skills/testing-guide/SKILL.md new file mode 100644 index 0000000000..1108634094 --- /dev/null +++ b/.agents/skills/testing-guide/SKILL.md @@ -0,0 +1,106 @@ +--- +name: testing-guide +description: Write tests for an FSH feature — xUnit + Shouldly + NSubstitute + AutoFixture, with naming and AAA conventions. Use when adding unit/handler/validator/entity tests. Full rules in .agents/rules/testing.md + integration-testing.md. +--- + +# Testing Guide + +Stack: **xUnit** + **Shouldly** (`.ShouldBe`) + **NSubstitute** (`Substitute.For<>`) + **AutoFixture** +(`new Fixture()`). **Not** Moq, **not** FluentAssertions. Detailed conventions + integration-test gotchas +live in `.agents/rules/testing.md` and `.agents/rules/integration-testing.md`. + +## Conventions + +- Test class: `public sealed class {Sut}Tests`; SUT field named `_sut`. +- Method name: **`MethodName_Should_ExpectedBehavior[_When_Condition]`**. +- Arrange-Act-Assert with `// Arrange` / `// Act` / `// Assert`; group with `#region` (Happy Path / Guards / Edge Cases). +- Mocks via `Substitute.For()`; assert calls with `.Received(1).X(arg, Arg.Any())`. +- When asserting a forwarded `CancellationToken`, assert the **specific** token, not the default (NSubstitute fills optional params with `default`). + +## Handler test + +```csharp +public sealed class Create{Entity}CommandHandlerTests +{ + private readonly {X}DbContext _db; // or Substitute.For() for service deps + private readonly Create{Entity}CommandHandler _sut; + private readonly IFixture _fixture = new Fixture(); + + public Create{Entity}CommandHandlerTests() + { + _db = /* in-memory or test DbContext */; + _sut = new Create{Entity}CommandHandler(_db); + } + + [Fact] + public async Task Handle_Should_PersistEntity_And_ReturnId() + { + // Arrange + var command = new Create{Entity}Command(_fixture.Create(), 9.99m, "USD"); + + // Act + var id = await _sut.Handle(command, CancellationToken.None); + + // Assert + id.ShouldNotBe(Guid.Empty); + } +} +``` + +Service-dependency example (NSubstitute): + +```csharp +_userService = Substitute.For(); +// Act … then: +await _userService.Received(1).ToggleStatusAsync(true, command.UserId, Arg.Any()); +``` + +## Validator test + +```csharp +public sealed class Create{Entity}CommandValidatorTests +{ + private readonly Create{Entity}CommandValidator _sut = new(); + + [Theory] + [InlineData("")] + public void Validate_Should_Fail_When_NameInvalid(string name) + { + var result = _sut.Validate(new Create{Entity}Command(name, 1m, "USD")); + result.IsValid.ShouldBeFalse(); + result.Errors.ShouldContain(e => e.PropertyName == nameof(Create{Entity}Command.Name)); + } +} +``` + +## Entity / domain test (no mocks) + +```csharp +[Fact] +public void Create_Should_RaiseCreatedEvent() +{ + var entity = {Entity}.Create("Test", Money.Zero()); + entity.Id.ShouldNotBe(Guid.Empty); + entity.DomainEvents.ShouldContain(e => e is {Entity}CreatedDomainEvent); +} +``` + +## Architecture tests (guardrails — keep green) + +`Architecture.Tests` (NetArchTest) enforce: module boundaries (cross-module refs only via `.Contracts`), +tenant-isolation rules, handlers `sealed`, and **every command/paginated-query handler has a validator**. +Don't weaken these to make a change pass — fix the code. + +## Integration tests + +`Integration.Tests` runs over real Postgres/Redis/MinIO via Testcontainers — **Docker required**. Set the +Finbuckle tenant context inline, rewire `IStorageService` post-registration for MinIO, force long-polling +for SignalR. All detailed in `.agents/rules/integration-testing.md`. + +## Run + +```bash +dotnet test src/Tests/{X}.Tests +dotnet test src/Tests/Architecture.Tests +dotnet test src/FSH.Starter.slnx --collect "XPlat Code Coverage" --settings coverage.runsettings +``` diff --git a/.agents/workflows/architecture-guard.md b/.agents/workflows/architecture-guard.md new file mode 100644 index 0000000000..9269cce0ba --- /dev/null +++ b/.agents/workflows/architecture-guard.md @@ -0,0 +1,67 @@ +--- +description: Verify changes don't violate architectural integrity — module boundaries, BuildingBlocks protection, the four-place module registration, and the architecture-test suite. Run before commit/PR. READ-ONLY. +--- + +You are the architecture guardian for FullStackHero. You verify integrity and report — **READ-ONLY, never +modify files.** The authoritative enforcement is `Architecture.Tests` (NetArchTest); the greps below are +fast heuristics that point you at things to confirm against the tests + `.agents/rules/architecture.md`. + +## Steps + +### 1. BuildingBlocks guard +```bash +git diff --name-only | grep -E "^src/BuildingBlocks/" +``` +Any hit → **STOP and flag**: BuildingBlocks changes need explicit approval (wide blast radius). + +### 2. Architecture tests (the real enforcement) +```bash +dotnet test src/Tests/Architecture.Tests +``` +Covers: cross-module references only via `.Contracts`, tenant-isolation rules on entities, handlers `sealed`, and **every command/paginated-query handler has a validator**. All must pass. + +### 3. Build clean +```bash +dotnet build src/FSH.Starter.slnx 2>&1 | grep -E "warning|error" # expect none (TreatWarningsAsErrors) +``` + +### 4. Module boundary heuristic +```bash +grep -rn "using FSH.Modules\." src/Modules --include="*.cs" | grep -v "\.Contracts" +``` +Cross-module `using`s should resolve only to `*.Contracts` namespaces (same-module internal usings are fine — confirm the module name differs). + +### 5. Mediator, not MediatR +```bash +grep -rn "MediatR\|IRequest<\|IRequestHandler<" src/Modules --include="*.cs" # must be empty +``` + +### 6. New-module registration (the four-place footgun) +If a new `*Module` was added, confirm it appears in **all four**: Mediator `o.Assemblies` (Contracts marker **and** module type) + `moduleAssemblies` array, in **both** `FSH.Starter.Api/Program.cs` and `FSH.Starter.DbMigrator/Program.cs`. +```bash +grep -rn "{New}Module\|{New}ContractsMarker" src/Host/FSH.Starter.Api/Program.cs src/Host/FSH.Starter.DbMigrator/Program.cs +``` + +### 7. Permission-gate integrity +Confirm exactly one `IRequiredPermissionMetadata` implementation exists — a duplicate silently disables **all** `.RequirePermission()` gates. +```bash +grep -rn "IRequiredPermissionMetadata" src --include="*.cs" +``` + +### 8. Tenant-isolation sanity +New module DbContexts extend `BaseDbContext` and call `base.OnModelCreating` **last**; opt-outs use `IGlobalEntity`. (Detailed rules: `database.md`, `modules/multitenancy.md`.) + +## Output +``` +## Architecture Verification + +BuildingBlocks : ✅ untouched | ⚠️ MODIFIED — needs approval +Architecture.Tests : ✅ pass | ❌ {n} failed: {names} +Build : ✅ 0 warnings | ❌ {n} +Module boundaries : ✅ clean | ❌ {cross-module refs} +Mediator usage : ✅ | ❌ MediatR detected at {file:line} +Module registration : ✅ 4/4 places | ❌ missing in {file} +Permission metadata : ✅ single | ❌ duplicate at {file:line} + +Overall: ✅ PASS | ❌ FAIL — fix before commit +``` diff --git a/.agents/workflows/code-reviewer.md b/.agents/workflows/code-reviewer.md new file mode 100644 index 0000000000..cfe56325ee --- /dev/null +++ b/.agents/workflows/code-reviewer.md @@ -0,0 +1,66 @@ +--- +description: Review the current diff against FSH conventions and emit a structured report. Run after code changes, before commit. Read-only review (do not fix unless asked). +--- + +You review code changes for FullStackHero against its conventions and output a structured report. The +conventions are defined in `.agents/rules/` and `AGENTS.md` — treat those as the source of truth; this +playbook is the review procedure, not a second copy of the rules. + +## Procedure +1. `git diff HEAD` (and `git status`) to see what changed; group by area (backend module / BuildingBlocks / frontend). +2. For each changed file, check it against the relevant rule file (`api-conventions.md`, `database.md`, `eventing.md`, `frontend/*`, …) and the checklist below. +3. If the Roslyn navigator MCP is available, run `detect_antipatterns` and `get_diagnostics` (solution scope) for machine-found issues (broad `catch`, missing `CancellationToken`, EF `AsNoTracking`, logging interpolation) and fold them in — noting false positives (mutate-then-save queries don't want `AsNoTracking`; hosted-service `catch(Exception)` that logs + filters OCE is fine). +4. Report with `file:line` refs and a concrete fix per finding. + +## Checklist (high-signal) +**Boundaries / structure** +- Cross-module references go only through `.Contracts` (never another module's runtime). Enforced by `Architecture.Tests`. +- `src/BuildingBlocks/**` not modified without explicit approval (flag if it is). +- New module → registered in **all four** places (Mediator + `moduleAssemblies` in Api **and** DbMigrator). + +**CQRS / Mediator (not MediatR)** +- Command/Query in the Contracts project; `using Mediator;` (`ICommand`/`IQuery`). +- Handler `public sealed`, `ICommandHandler<,>`/`IQueryHandler<,>`, returns `ValueTask`, `.ConfigureAwait(false)`, injects the `{X}DbContext` (no generic repository). +- Every command + paginated query has a `{Name}Validator` (Architecture.Tests enforces). + +**Endpoints** +- `internal static …Map{Feature}Endpoint`; `.RequirePermission(...)` (or deliberate `.AllowAnonymous()`); `.WithName`/`.WithSummary`. Returns `Results.Ok(...)`/`TypedResults`. `.WithIdempotency()` on replay-safe POSTs. No duplicate `IRequiredPermissionMetadata`. + +**Data** +- Entities: `sealed`, `Guid.CreateVersion7()`, private ctor + factory, behavior via methods. Marker interfaces use `CreatedOnUtc`/`IsDeleted`/`DeletedOnUtc`. +- DbContext extends `BaseDbContext`, `base.OnModelCreating` last; **no manual tenant/soft-delete query filter**. Nav-collection children need `ValueGeneratedNever()`. `AsNoTracking` on read-only queries only (not read-then-save). + +**Cross-cutting** +- **Structured logging only** — no `$"..."` interpolation in log calls. +- `CancellationToken` propagated into EF/IO calls. +- Cross-module events go via the Outbox (`IOutboxStore.AddAsync`), not a direct bus publish. + +**Frontend** (`frontend/*` rules) +- Hand-written types + `apiFetch`; mutation data passed via `mutate(arg)`; query keys hierarchical; admin gates routes with `RouteGuard` + mirrors the permission; dashboard uses `withSuspense`. + +## Commands +```bash +git diff HEAD +grep -rn "MediatR\|IRequest<\|IRequestHandler<" src/Modules/ --include="*.cs" # must be empty +dotnet build src/FSH.Starter.slnx 2>&1 | grep -E "warning|error" # 0 expected +``` + +## Output +``` +## Code Review + +### Passed +- … + +### Violations (file:line) +1. {rule} — {file}:{line} + Issue: … + Fix: … + +### Warnings / suggestions +- … + +### Verification +dotnet build src/FSH.Starter.slnx → expect 0 warnings +dotnet test src/FSH.Starter.slnx (integration tests need Docker) +``` diff --git a/.agents/workflows/feature-scaffolder.md b/.agents/workflows/feature-scaffolder.md new file mode 100644 index 0000000000..b67266aef7 --- /dev/null +++ b/.agents/workflows/feature-scaffolder.md @@ -0,0 +1,32 @@ +--- +description: Orchestrate delivering a feature end-to-end. Sequences the scaffolding skills and verifies. Use when asked to "add a feature/endpoint/screen". Delegates the code recipes to skills — does not restate them. +--- + +You orchestrate feature delivery for FullStackHero. **You do not duplicate code templates** — each phase +invokes the canonical skill, which holds the current, verified recipe. Your job is sequencing, the +backend↔frontend contract, and verification. + +## Clarify first +1. Module (existing? if not → `module-creator`). +2. Operation: command (state change) or query (read)? +3. Does it need a new entity? (→ Phase 0) +4. UI surface: backend-only, `admin`, or `dashboard`? +5. Request fields + response shape + permission. + +## Phases (delegate each recipe to its skill) +- **Phase 0 — entity (if new):** follow the **`add-entity`** skill, then **`create-migration`**. +- **Phase 1 — backend slice:** follow the **`add-feature`** skill (Command/Query in Contracts → handler injecting the `{X}DbContext` → validator → endpoint → wire in `MapEndpoints`). Add a handler/validator test per **`testing-guide`**. Build + test green before moving on. +- **Phase 2 — frontend (if a UI surface):** lock the contract (route, request shape, **response DTO field names — JSON is camelCase**), then follow the **`add-react-page`** skill for the chosen app. For the whole flow at once, use the **`add-full-slice`** skill. +- **Phase 3 — permission (if gated):** follow the **`add-permission`** skill (server constant + admin mirror/guard). + +## Verify +```bash +dotnet build src/FSH.Starter.slnx && dotnet test src/Tests/{X}.Tests +# if a UI surface: cd clients/{app} && npm run lint && npm run test:e2e +``` +Then run the **`code-reviewer`** and **`architecture-guard`** workflows before commit. + +## Guardrails (the skills enforce these; confirm them) +- CQRS types live in the **Contracts** project; handlers are `public sealed`, return `ValueTask`, `.ConfigureAwait(false)`. +- Every command + paginated query has a `{Name}Validator` (Architecture.Tests fails otherwise). +- Endpoints gated with `.RequirePermission(...)`; structured logging only; `CancellationToken` propagated. diff --git a/.agents/workflows/migration-helper.md b/.agents/workflows/migration-helper.md new file mode 100644 index 0000000000..ad71f1fb54 --- /dev/null +++ b/.agents/workflows/migration-helper.md @@ -0,0 +1,39 @@ +--- +description: Safely manage EF Core migrations for FSH's central per-module Migrations project. Use when adding entities or changing schema. The create-migration skill holds the canonical add/apply recipe. +--- + +You help manage EF Core migrations safely. The canonical add/review/apply recipe is the **`create-migration`** +skill — follow it. This playbook covers the surrounding facts and troubleshooting. + +## Facts (read before running commands) +- All migrations live in **one** project, `src/Host/FSH.Starter.Migrations.PostgreSQL`, foldered **per module/context** (`Catalog/`, `Identity/`, …), each with its own `{X}DbContextModelSnapshot`. +- Startup project is `src/Host/FSH.Starter.Api`. Always pass `--context {X}DbContext` and `--output-dir {X}`. +- `dotnet-ef` is pinned — `dotnet tool restore` first. +- **The DB is NOT migrated on API startup.** The `DbMigrator` host applies it: it migrates the tenant catalog (`TenantDbContext`) first, then each tenant's per-module schema, serialized by a Postgres advisory lock. (`UseHeroMultiTenantDatabases()` only registers Finbuckle's tenant resolution — it does not run migrations.) +- **Build before `migrations add`** — it reads the snapshot, which regenerates from a build; a stale snapshot silently loses changes. `migrations remove` rewrites the snapshot, so only ever remove the latest and rebuild after. + +## Context names (real) +`IdentityDbContext`, `TenantDbContext` (the tenant catalog — **not** "MultitenancyDbContext"), `AuditDbContext`, `BillingDbContext`, `CatalogDbContext`, `TicketsDbContext`, `FilesDbContext`, `ChatDbContext`, `NotificationsDbContext`, `WebhookDbContext`. + +## Apply (canonical path) +```bash +dotnet run --project src/Host/FSH.Starter.DbMigrator -- list-pending # preview +dotnet run --project src/Host/FSH.Starter.DbMigrator -- apply [--seed] +``` +(`dotnet ef database update --context {X}DbContext …` works for a single context in local dev.) + +## Naming +`Add{Entity}`, `Add{Property}To{Entity}`, `Create{Index}Index`, `Rename{Old}To{New}`. + +## Review the generated migration +- `dotnet ef migrations script --idempotent --context {X}DbContext …` and scan for: dropped tables/columns, non-nullable columns added to existing tables without a default, renames surfacing as drop+add (data loss). +- Check `Up()` **and** `Down()`. + +## Troubleshooting +| Symptom | Cause → fix | +|---|---| +| "No DbContext was found" / multiple contexts | Always pass `--context {X}DbContext` | +| "Build failed" | `dotnet build src/FSH.Starter.slnx` first | +| Migration landed in the wrong folder | Add `--output-dir {X}` (match the context's existing folder) | +| Changes missing from the migration | You didn't build before `migrations add` (stale snapshot) | +| New module's context not found by ef | The Migrations project must reference the module's runtime project | diff --git a/.agents/workflows/module-creator.md b/.agents/workflows/module-creator.md new file mode 100644 index 0000000000..2f8019ee23 --- /dev/null +++ b/.agents/workflows/module-creator.md @@ -0,0 +1,28 @@ +--- +description: Orchestrate bringing up a new module (bounded context) end-to-end and verifying it loads. Use when adding a new business domain. Delegates the recipe to the add-module skill — does not restate it. +--- + +You orchestrate a full module bring-up for FullStackHero. **The code recipe lives in the `add-module` +skill** — follow it; this playbook adds the decision gate, sequencing, and verification. + +## Decide: is this really a new module? +A new module has its own domain entities and is a distinct bounded context. If it's just an operation in +an existing domain → use `feature-scaffolder` instead. + +## Sequence (each step → its skill) +1. **Scaffold the module** — follow **`add-module`**: copy an existing module's two `.csproj` files; `[assembly: FshModule(typeof({X}Module), order)]` (assembly-level); `IModule` with `AddHeroDbContext<{X}DbContext>()`, `PermissionConstants.Register({X}Permissions.All)`, a version-set endpoint group, and the eventing trio if it publishes/handles events; `{X}DbContext : BaseDbContext` with `base.OnModelCreating` **last**. +2. **First entity** — follow **`add-entity`**. +3. **First feature** — follow **`add-feature`** (and `add-react-page` if it has UI). +4. **Migration** — follow **`create-migration`** with `--context {X}DbContext --output-dir {X}`; add the `{X}/` folder in the Migrations project. +5. **⚠️ Register in ALL FOUR places** — Mediator `o.Assemblies` (Contracts marker **and** module type) + `moduleAssemblies` array, in **both** `FSH.Starter.Api/Program.cs` **and** `FSH.Starter.DbMigrator/Program.cs`. Add to `.slnx`; reference the runtime project from Api, DbMigrator, and the Migrations project. + +## Verify it actually loaded (not just compiled) +```bash +dotnet build src/FSH.Starter.slnx # 0 warnings +dotnet test src/Tests/Architecture.Tests # boundary + tenant-isolation rules +dotnet run --project src/Host/FSH.Starter.DbMigrator -- list-pending # new context shows up +``` +Then hit one endpoint and confirm the handler runs — a missing Mediator marker compiles fine but the handler is silently undiscovered. Finish with the `architecture-guard` workflow. + +## The footgun, restated +Four registration edits (2 lists × 2 host files). Miss the Mediator marker → handler not found at runtime. Miss the `moduleAssemblies` entry → module never loads. Miss the DbMigrator pair → migrate/seed skips it. diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json new file mode 100644 index 0000000000..8e70a91709 --- /dev/null +++ b/.config/dotnet-tools.json @@ -0,0 +1,20 @@ +{ + "version": 1, + "isRoot": true, + "tools": { + "dotnet-ef": { + "version": "10.0.2", + "commands": [ + "dotnet-ef" + ], + "rollForward": false + }, + "fullstackhero.cli": { + "version": "10.0.0-rc.1", + "commands": [ + "fsh" + ], + "rollForward": false + } + } +} \ No newline at end of file diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000000..5e690f421b --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,17 @@ +{ + "name": "FullStackHero .NET Starter Kit", + "image": "mcr.microsoft.com/dotnet/sdk:10.0", + "features": { + "ghcr.io/devcontainers/features/docker-in-docker:2": {} + }, + "postCreateCommand": "dotnet workload install aspire && dotnet restore src/FSH.Starter.slnx", + "forwardPorts": [5030, 7030, 15888], + "customizations": { + "vscode": { + "extensions": [ + "ms-dotnettools.csdevkit", + "ms-dotnettools.csharp" + ] + } + } +} diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..989d7d312a --- /dev/null +++ b/.dockerignore @@ -0,0 +1,31 @@ +# .NET build artifacts +**/bin +**/obj +**/.vs +**/TestResults + +# Node / frontend build artifacts +**/node_modules +**/dist +**/.vite +**/coverage +**/playwright-report +**/test-results + +# Test projects (not needed in any runtime image) +src/Tests/ + +# VCS / editor / docs / local dev +.git +.github +.idea +.vscode +*.md +LICENSE +**/.env +**/.env.* +!**/.env.example +deploy/ +docs/ +clients/dashboard/public/config.json +clients/admin/public/config.json diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000..2b15509289 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,9 @@ +# Default: normalize line endings to LF in the repo +* text=auto + +# Shell scripts must always be LF (Docker containers run on Linux) +*.sh text eol=lf + +# Dockerfiles +Dockerfile text eol=lf +*.dockerfile text eol=lf diff --git a/.github/workflows/blazor.yml b/.github/workflows/blazor.yml deleted file mode 100644 index 1939d2b8db..0000000000 --- a/.github/workflows/blazor.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: Build / Publish Blazor WebAssembly Project - -on: - workflow_dispatch: - - push: - branches: - - main - paths: - - "src/apps/blazor/**" - - "src/Directory.Packages.props" - - "src/Dockerfile.Blazor" - - pull_request: - branches: - - main - paths: - - "src/apps/blazor/**" - - "src/Directory.Packages.props" - - "src/Dockerfile.Blazor" - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: 9.x - - name: restore dependencies - run: dotnet restore ./src/apps/blazor/client/Client.csproj - - name: build - run: dotnet build ./src/apps/blazor/client/Client.csproj --no-restore - - name: test - run: dotnet test ./src/apps/blazor/client/Client.csproj --no-build --verbosity normal - - publish: - needs: build - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - name: docker login - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: build and publish to github container registry - working-directory: ./src/ - run: | - docker build -t ghcr.io/${{ github.repository_owner }}/blazor:latest -f Dockerfile.Blazor . - docker push ghcr.io/${{ github.repository_owner }}/blazor:latest diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml deleted file mode 100644 index 7a88fcb9b4..0000000000 --- a/.github/workflows/changelog.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Release Drafter - -on: - workflow_dispatch: - push: - branches: - - main - -permissions: - contents: read - -jobs: - update_release_draft: - permissions: - # write permission is required to create a github release - contents: write - # write permission is required for autolabeler - # otherwise, read permission is required at least - pull-requests: write - runs-on: ubuntu-latest - steps: - - uses: release-drafter/release-drafter@v6 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..2d85416cfa --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,439 @@ +name: CI/CD Pipeline + +on: + push: + branches: + - main + - develop + tags: + - 'v*' + paths: + - 'src/**' + pull_request: + branches: + - main + - develop + paths: + - 'src/**' + workflow_dispatch: + inputs: + version: + description: 'Package version (e.g., 10.0.0-rc.1)' + required: false + type: string + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +permissions: + contents: read + packages: write + +env: + DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true + DOTNET_CLI_TELEMETRY_OPTOUT: true + DOTNET_NOLOGO: true + + +jobs: + build: + name: Build + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Setup .NET SDK + uses: actions/setup-dotnet@v5 + with: + dotnet-version: '10.0.x' + dotnet-quality: 'preview' + + - name: Cache NuGet packages + uses: actions/cache@v5 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/Directory.Packages.props') }} + restore-keys: | + ${{ runner.os }}-nuget- + + - name: Restore dependencies + run: dotnet restore src/FSH.Starter.slnx + + - name: Build + run: dotnet build src/FSH.Starter.slnx -c Release --no-restore -warnaserror + + - name: Check for vulnerable packages + run: dotnet list src/FSH.Starter.slnx package --vulnerable --include-transitive 2>&1 | tee vulnerability-report.txt + continue-on-error: true + + - name: Upload build artifacts + uses: actions/upload-artifact@v7 + with: + name: build-output + path: | + src/**/bin/Release + src/**/obj/Release + retention-days: 1 + + test: + name: Test - ${{ matrix.test-project.name }} + runs-on: ubuntu-latest + needs: build + + strategy: + fail-fast: false + matrix: + test-project: + - name: Architecture.Tests + path: src/Tests/Architecture.Tests + - name: Auditing.Tests + path: src/Tests/Auditing.Tests + - name: Caching.Tests + path: src/Tests/Caching.Tests + - name: Generic.Tests + path: src/Tests/Generic.Tests + - name: Identity.Tests + path: src/Tests/Identity.Tests + - name: Multitenancy.Tests + path: src/Tests/Multitenancy.Tests + - name: Billing.Tests + path: src/Tests/Billing.Tests + - name: Catalog.Tests + path: src/Tests/Catalog.Tests + - name: Chat.Tests + path: src/Tests/Chat.Tests + - name: Files.Tests + path: src/Tests/Files.Tests + - name: Framework.Tests + path: src/Tests/Framework.Tests + - name: Webhooks.Tests + path: src/Tests/Webhooks.Tests + + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Setup .NET SDK + uses: actions/setup-dotnet@v5 + with: + dotnet-version: '10.0.x' + dotnet-quality: 'preview' + + - name: Cache NuGet packages + uses: actions/cache@v5 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/Directory.Packages.props') }} + restore-keys: | + ${{ runner.os }}-nuget- + + - name: Download build artifacts + uses: actions/download-artifact@v8 + with: + name: build-output + path: src + + - name: Run ${{ matrix.test-project.name }} + run: dotnet test ${{ matrix.test-project.path }} -c Release --no-build --verbosity normal --logger "trx;LogFileName=${{ matrix.test-project.name }}.trx" + + - name: Upload test results + uses: actions/upload-artifact@v7 + if: always() + with: + name: test-results-${{ matrix.test-project.name }} + path: '**/*.trx' + retention-days: 7 + + migrator-smoke: + name: DbMigrator Container Smoke + runs-on: ubuntu-latest + needs: build + # Catches container-publish regressions (Dockerfile-less SDK container) and DI-graph + # breakage in the migrator. Publishes the image locally, runs `apply --catalog-only` + # against an ephemeral Postgres, asserts exit 0. + + services: + postgres: + image: postgres:17-alpine + env: + POSTGRES_PASSWORD: migrator_smoke_pwd + POSTGRES_DB: fsh_migrator_smoke + ports: + - 5432:5432 + options: >- + --health-cmd "pg_isready -U postgres" + --health-interval 5s + --health-timeout 5s + --health-retries 10 + + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Setup .NET SDK + uses: actions/setup-dotnet@v5 + with: + dotnet-version: '10.0.x' + dotnet-quality: 'preview' + + - name: Cache NuGet packages + uses: actions/cache@v5 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/Directory.Packages.props') }} + restore-keys: | + ${{ runner.os }}-nuget- + + - name: Publish DbMigrator container (local daemon) + run: | + dotnet publish src/Host/FSH.Starter.DbMigrator/FSH.Starter.DbMigrator.csproj \ + -c Release -r linux-x64 \ + /t:PublishContainer \ + -p:ContainerRepository=fsh-db-migrator \ + -p:ContainerImageTags=smoke + + - name: Run DbMigrator against ephemeral Postgres + run: | + docker run --rm --network host \ + -e DatabaseOptions__Provider=POSTGRESQL \ + -e DatabaseOptions__ConnectionString="Host=localhost;Port=5432;Database=fsh_migrator_smoke;Username=postgres;Password=migrator_smoke_pwd" \ + -e DatabaseOptions__MigrationsAssembly=FSH.Starter.Migrations.PostgreSQL \ + fsh-db-migrator:smoke apply --catalog-only \ + | tee migrator.log + grep -q "finished successfully" migrator.log + + integration-test: + name: Integration Tests + runs-on: ubuntu-latest + needs: build + # Testcontainers requires Docker — ubuntu-latest has it pre-installed. + + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Setup .NET SDK + uses: actions/setup-dotnet@v5 + with: + dotnet-version: '10.0.x' + dotnet-quality: 'preview' + + - name: Cache NuGet packages + uses: actions/cache@v5 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/Directory.Packages.props') }} + restore-keys: | + ${{ runner.os }}-nuget- + + # Integration tests use WebApplicationFactory + Testcontainers. + # They must build from source (can't use pre-built artifacts). + - name: Run Integration Tests + run: dotnet test src/Tests/Integration.Tests -c Release --verbosity normal --logger "trx;LogFileName=Integration.Tests.trx" + + # Separate assembly (own process) for tests that build a host with production middleware + # re-wired (rate limiting, GlobalExceptionHandler, security headers) — kept out of + # Integration.Tests because a 2nd host there resets the static ModuleLoader. + - name: Run Middleware Integration Tests + run: dotnet test src/Tests/Integration.Middleware.Tests -c Release --verbosity normal --logger "trx;LogFileName=Integration.Middleware.Tests.trx" + + - name: Upload test results + uses: actions/upload-artifact@v7 + if: always() + with: + name: test-results-Integration.Tests + path: '**/*.trx' + retention-days: 7 + + coverage: + name: Coverage Gate + runs-on: ubuntu-latest + needs: build + # Runs the whole solution (unit + integration; Testcontainers needs Docker, which + # ubuntu-latest has) with coverage, then fails if line coverage regresses below the + # floor. Ratchet: bump MIN_LINE upward as coverage improves. + env: + MIN_LINE: '80' + + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Setup .NET SDK + uses: actions/setup-dotnet@v5 + with: + dotnet-version: '10.0.x' + dotnet-quality: 'preview' + + - name: Cache NuGet packages + uses: actions/cache@v5 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/Directory.Packages.props') }} + restore-keys: | + ${{ runner.os }}-nuget- + + - name: Run tests with coverage + run: dotnet test src/FSH.Starter.slnx -c Release --collect:"XPlat Code Coverage" --settings coverage.runsettings --results-directory ./TestResults + + - name: Install ReportGenerator + run: | + dotnet tool install --global dotnet-reportgenerator-globaltool + echo "$HOME/.dotnet/tools" >> "$GITHUB_PATH" + + - name: Generate coverage report + run: reportgenerator -reports:"./TestResults/**/coverage.cobertura.xml" -targetdir:./coverage-report -reporttypes:"TextSummary;Html;Cobertura" + + - name: Upload coverage report + uses: actions/upload-artifact@v7 + if: always() + with: + name: coverage-report + path: ./coverage-report + retention-days: 7 + + - name: Enforce coverage floor + run: | + LINE=$(grep -oP 'Line coverage:\s*\K[0-9.]+' coverage-report/Summary.txt | head -1) + echo "Line coverage: ${LINE}% (floor: ${MIN_LINE}%)" + awk "BEGIN { exit !(${LINE} >= ${MIN_LINE}) }" || { echo "::error::Line coverage ${LINE}% is below the ${MIN_LINE}% floor"; exit 1; } + + publish-dev-containers: + name: Publish Dev Containers + runs-on: ubuntu-latest + needs: [test, integration-test] + if: github.ref == 'refs/heads/develop' && github.event_name == 'push' + + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Setup .NET SDK + uses: actions/setup-dotnet@v5 + with: + dotnet-version: '10.0.x' + dotnet-quality: 'preview' + + - name: Cache NuGet packages + uses: actions/cache@v5 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/Directory.Packages.props') }} + restore-keys: | + ${{ runner.os }}-nuget- + + - name: Login to GHCR + uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish API container image + run: | + dotnet publish src/Host/FSH.Starter.Api/FSH.Starter.Api.csproj \ + -c Release -r linux-x64 \ + /t:PublishContainer \ + -p:ContainerRepository=ghcr.io/${{ github.repository_owner }}/fsh-api \ + -p:ContainerImageTags='"dev-${{ github.sha }};dev-latest"' + + + publish-release: + name: Publish Release (NuGet + Containers) + runs-on: ubuntu-latest + needs: [test, integration-test] + if: | + (github.ref == 'refs/heads/main' && github.event_name == 'workflow_dispatch') || + startsWith(github.ref, 'refs/tags/v') + + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Setup .NET SDK + uses: actions/setup-dotnet@v5 + with: + dotnet-version: '10.0.x' + dotnet-quality: 'preview' + + - name: Cache NuGet packages + uses: actions/cache@v5 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/Directory.Packages.props') }} + restore-keys: | + ${{ runner.os }}-nuget- + + - name: Determine version + id: version + run: | + if [ "${{ github.event_name }}" == "workflow_dispatch" ] && [ -n "${{ github.event.inputs.version }}" ]; then + VERSION="${{ github.event.inputs.version }}" + elif [[ "$GITHUB_REF" == refs/tags/v* ]]; then + VERSION="${GITHUB_REF#refs/tags/v}" + else + echo "No version specified and not a tag push" + exit 1 + fi + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "Publishing version: $VERSION" + + - name: Restore and Build with version + run: | + dotnet restore src/FSH.Starter.slnx + dotnet build src/FSH.Starter.slnx -c Release --no-restore -p:Version=${{ steps.version.outputs.version }} + + - name: Pack BuildingBlocks + run: | + dotnet pack src/BuildingBlocks/Core/Core.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/BuildingBlocks/Shared/Shared.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/BuildingBlocks/Persistence/Persistence.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/BuildingBlocks/Caching/Caching.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/BuildingBlocks/Mailing/Mailing.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/BuildingBlocks/Jobs/Jobs.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/BuildingBlocks/Storage/Storage.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/BuildingBlocks/Eventing/Eventing.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/BuildingBlocks/Eventing.Abstractions/Eventing.Abstractions.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/BuildingBlocks/Web/Web.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + + - name: Pack Modules + run: | + dotnet pack src/Modules/Auditing/Modules.Auditing.Contracts/Modules.Auditing.Contracts.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/Modules/Auditing/Modules.Auditing/Modules.Auditing.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/Modules/Identity/Modules.Identity.Contracts/Modules.Identity.Contracts.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/Modules/Identity/Modules.Identity/Modules.Identity.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/Modules/Multitenancy/Modules.Multitenancy.Contracts/Modules.Multitenancy.Contracts.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/Modules/Multitenancy/Modules.Multitenancy/Modules.Multitenancy.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/Modules/Webhooks/Modules.Webhooks.Contracts/Modules.Webhooks.Contracts.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + dotnet pack src/Modules/Webhooks/Modules.Webhooks/Modules.Webhooks.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + + - name: Pack CLI Tool + run: dotnet pack src/Tools/CLI/FSH.CLI.csproj -c Release --no-build -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + + # The dotnet new template package — the primary distribution artifact. Packs the + # repo (with its root .template.config) so consumers can `dotnet new install` then + # `dotnet new fsh -n MyApp`. Scaffolded output is fully owned, detached source. + - name: Pack Template + run: dotnet pack templates/FullStackHero.NET.StarterKit.csproj -c Release -o ./nupkgs -p:PackageVersion=${{ steps.version.outputs.version }} + + - name: Push to NuGet.org + run: dotnet nuget push "./nupkgs/*.nupkg" --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json --skip-duplicate + + - name: Login to GHCR + uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push API container + run: | + dotnet publish src/Host/FSH.Starter.Api/FSH.Starter.Api.csproj \ + -c Release -r linux-x64 \ + /t:PublishContainer \ + -p:ContainerRepository=ghcr.io/${{ github.repository_owner }}/fsh-api \ + -p:ContainerImageTags='"${{ steps.version.outputs.version }};latest"' + diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..be7949966c --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,27 @@ +name: CodeQL Analysis +on: + pull_request: + branches: [main, develop] + paths: + - 'src/**' + schedule: + - cron: '0 6 * * 1' + +permissions: + security-events: write + contents: read + +jobs: + analyze: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - uses: github/codeql-action/init@v3 + with: + languages: csharp + - uses: actions/setup-dotnet@v5 + with: + dotnet-version: '10.0.x' + dotnet-quality: 'preview' + - run: dotnet build src/FSH.Starter.slnx -c Release + - uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/nuget.yml b/.github/workflows/nuget.yml deleted file mode 100644 index 4ee62a6ff5..0000000000 --- a/.github/workflows/nuget.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Publish Package to NuGet.org -on: - push: - branches: - - main - paths: - - "FSH.StarterKit.nuspec" -jobs: - publish: - name: publish nuget - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - name: checkout code - - uses: nuget/setup-nuget@v2 - name: setup nuget - with: - nuget-version: "latest" - nuget-api-key: ${{ secrets.NUGET_API_KEY }} - - name: generate package - run: nuget pack FSH.StarterKit.nuspec -NoDefaultExcludes - - name: publish package - run: nuget push *.nupkg -Source 'https://api.nuget.org/v3/index.json' -SkipDuplicate diff --git a/.github/workflows/template-smoke.yml b/.github/workflows/template-smoke.yml new file mode 100644 index 0000000000..399e1edd4b --- /dev/null +++ b/.github/workflows/template-smoke.yml @@ -0,0 +1,118 @@ +name: Template Smoke Test + +# Guards the distribution path: scaffolding a project from the template must +# always produce a solution that builds (backend + both React apps) and passes +# architecture tests. Catches regressions like the .slnx referencing an excluded +# project, the Aspire `Projects.*` rename breaking, or clients/** dropping out. + +on: + push: + branches: [main, develop] + paths: + - '.template.config/**' + - 'templates/**' + - 'clients/**' + - 'src/**' + - '.github/workflows/template-smoke.yml' + pull_request: + branches: [main, develop] + paths: + - '.template.config/**' + - 'templates/**' + - 'clients/**' + - 'src/**' + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +permissions: + contents: read + +env: + DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true + DOTNET_CLI_TELEMETRY_OPTOUT: true + DOTNET_NOLOGO: true + +jobs: + scaffold-full: + name: Scaffold (Aspire + React) and build + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Setup .NET SDK + uses: actions/setup-dotnet@v5 + with: + dotnet-version: '10.0.x' + dotnet-quality: 'preview' + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Cache NuGet packages + uses: actions/cache@v5 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/Directory.Packages.props') }} + restore-keys: ${{ runner.os }}-nuget- + + # Pack then install from the nupkg — exercises the exact artifact shipped to + # consumers, not just the in-repo folder. + - name: Pack template + run: dotnet pack templates/FullStackHero.NET.StarterKit.csproj -c Release -o "$RUNNER_TEMP/pkg" + + - name: Install template + run: dotnet new install "$RUNNER_TEMP"/pkg/FullStackHero.NET.StarterKit.*.nupkg + + - name: Scaffold project + run: dotnet new fsh -n Smoke.App -o "$RUNNER_TEMP/smoke" --db postgresql --aspire true --frontend true --skipRestore true + + - name: Build backend (warnings as errors) + run: dotnet build "$RUNNER_TEMP/smoke/src/Smoke.App.slnx" -c Release -warnaserror + + - name: Build admin app + working-directory: ${{ runner.temp }}/smoke/clients/admin + run: npm ci && npm run build + + - name: Build dashboard app + working-directory: ${{ runner.temp }}/smoke/clients/dashboard + run: npm ci && npm run build + + - name: Run Architecture tests on scaffolded output + run: dotnet test "$RUNNER_TEMP/smoke/src/Tests/Architecture.Tests" -c Release --no-build + + scaffold-minimal: + name: Scaffold (no Aspire, no React) and build + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Setup .NET SDK + uses: actions/setup-dotnet@v5 + with: + dotnet-version: '10.0.x' + dotnet-quality: 'preview' + + - name: Cache NuGet packages + uses: actions/cache@v5 + with: + path: ~/.nuget/packages + key: ${{ runner.os }}-nuget-${{ hashFiles('**/Directory.Packages.props') }} + restore-keys: ${{ runner.os }}-nuget- + + - name: Install template + run: dotnet new install . + + # Backend-only path must still compile — guards the //#if (frontend) and + # (!aspire) conditional gating in AppHost.cs and the solution. + - name: Scaffold backend-only project + run: dotnet new fsh -n Smoke.Api -o "$RUNNER_TEMP/min" --db postgresql --aspire false --frontend false --skipRestore true + + - name: Build backend (warnings as errors) + run: dotnet build "$RUNNER_TEMP/min/src/Smoke.Api.slnx" -c Release -warnaserror diff --git a/.github/workflows/webapi.yml b/.github/workflows/webapi.yml deleted file mode 100644 index a84e28f03a..0000000000 --- a/.github/workflows/webapi.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: Build / Publish .NET WebAPI Project - -on: - workflow_dispatch: - - push: - branches: - - main - paths: - - "src/api/**" - - "src/Directory.Packages.props" - - pull_request: - branches: - - main - paths: - - "src/api/**" - - "src/Directory.Packages.props" - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: 9.x - - name: restore dependencies - run: dotnet restore ./src/api/server/Server.csproj - - name: build - run: dotnet build ./src/api/server/Server.csproj --no-restore - - name: test - run: dotnet test ./src/api/server/Server.csproj --no-build --verbosity normal - - publish: - needs: build - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - name: setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: 9.x - - name: docker login - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: publish to github container registry - working-directory: ./src/api/server/ - run: | - dotnet publish -c Release -p:ContainerRepository=ghcr.io/${{ github.repository_owner}}/webapi -p:RuntimeIdentifier=linux-x64 - docker push ghcr.io/${{ github.repository_owner}}/webapi --all-tags diff --git a/.gitignore b/.gitignore index 9995d856ac..23798fd6b1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,12 @@ ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. ## -## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore +## Get latest from `dotnet new gitignore` + +*.terraform +terraform.tfstate +# dotenv files +.env # User-specific files *.rsuser @@ -31,16 +36,12 @@ bld/ [Oo]bj/ [Ll]og/ [Ll]ogs/ -[Ii]mages/ -[Dd]atabases/ # Visual Studio 2015/2017 cache/options directory .vs/ # Uncomment if you have tasks that create the project's static files in wwwroot #wwwroot/ -.vscode/ - # Visual Studio 2017 auto generated files Generated\ Files/ @@ -61,7 +62,7 @@ dlldata.c # Benchmark Results BenchmarkDotNet.Artifacts/ -# .NET Core +# .NET project.lock.json project.fragment.lock.json artifacts/ @@ -97,6 +98,7 @@ StyleCopReport.xml *.tmp_proj *_wpftmp.csproj *.log +*.tlog *.vspscc *.vssscc .builds @@ -157,6 +159,10 @@ coverage*.info *.coverage *.coveragexml +# ReportGenerator output + test result dirs (generated by the coverage workflow) +coverage-report/ +**/TestResults/ + # NCrunch _NCrunch_* .*crunch*.local.xml @@ -206,6 +212,9 @@ PublishScripts/ **/[Pp]ackages/* # except build/, which is used as an MSBuild target. !**/[Pp]ackages/build/ +# except the Next.js workspace packages (monorepo, not NuGet restore artifacts). +!clients/**/packages/ +!clients/**/packages/** # Uncomment if necessary however generally it will be regenerated when needed #!**/[Pp]ackages/repositories.config # NuGet v3's project.json files produces more ignorable files @@ -300,6 +309,17 @@ node_modules/ # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) *.vbw +# Visual Studio 6 auto-generated project file (contains which files were open etc.) +*.vbp + +# Visual Studio 6 workspace and project file (working project files containing files to include in project) +*.dsw +*.dsp + +# Visual Studio 6 technical files +*.ncb +*.aps + # Visual Studio LightSwitch build output **/*.HTMLClient/GeneratedArtifacts **/*.DesktopClient/GeneratedArtifacts @@ -356,6 +376,9 @@ ASALocalRun/ # Local History for Visual Studio .localhistory/ +# Visual Studio History (VSHistory) files +.vshistory/ + # BeatPulse healthcheck temp database healthchecksdb @@ -368,6 +391,28 @@ MigrationBackup/ # Fody - auto-generated XML schema FodyWeavers.xsd +# VS Code files for those working on multiple tools +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# Local History for Visual Studio Code +.history/ + +# Windows Installer files from build outputs +*.cab +*.msi +*.msix +*.msm +*.msp + +# JetBrains Rider +*.sln.iml +.idea/ + ## ## Visual studio for Mac ## @@ -390,7 +435,7 @@ test-results/ *.dmg *.app -# content below from: https://github.com/github/gitignore/blob/master/Global/macOS.gitignore +# content below from: https://github.com/github/gitignore/blob/main/Global/macOS.gitignore # General .DS_Store .AppleDouble @@ -419,7 +464,7 @@ Network Trash Folder Temporary Items .apdisk -# content below from: https://github.com/github/gitignore/blob/master/Global/Windows.gitignore +# content below from: https://github.com/github/gitignore/blob/main/Global/Windows.gitignore # Windows thumbnail cache files Thumbs.db ehthumbs.db @@ -444,17 +489,32 @@ $RECYCLE.BIN/ # Windows shortcuts *.lnk -# JetBrains Rider -.idea/ -*.sln.iml - -## -## Visual Studio Code -## -.vscode/* -!.vscode/settings.json -!.vscode/tasks.json -!.vscode/launch.json -!.vscode/extensions.json - -**/Internal/Generated +# Vim temporary swap files +*.swp +/.bmad + +team/ +spec-os/ +/PLAN.md +**/nul +**/wwwroot/uploads/* + +/.claude/settings.local.json +/.claude/worktrees/ +/.claude/scheduled_tasks.lock +/.claude/last30days.env +tmpclaude** + +# Auto Claude data directory +.auto-claude/ + +# Clients (Next.js / pnpm workspace) +clients/**/node_modules/ +clients/**/.next/ +clients/**/.turbo/ +clients/**/dist/ +clients/**/.env.local + +# Audit dead-letter queue — runtime fallback when the audit pipeline cannot +# reach its persistent sink. Local-only by design; never commit. +**/audit-dlq/ diff --git a/.mcp.json b/.mcp.json new file mode 100644 index 0000000000..a0868ce17d --- /dev/null +++ b/.mcp.json @@ -0,0 +1,8 @@ +{ + "mcpServers": { + "shadcn": { + "type": "http", + "url": "https://mcp.shadcn.com" + } + } +} \ No newline at end of file diff --git a/.template.config/template.json b/.template.config/template.json index a5415e836e..5f5989e8bf 100644 --- a/.template.config/template.json +++ b/.template.config/template.json @@ -3,23 +3,131 @@ "author": "Mukesh Murugan", "classifications": [ "WebAPI", - "Clean Architecture", + "Modular Monolith", + "Vertical Slice", "Boilerplate", "ASP.NET Core", - "Starter Kit", "Cloud", - "Web" + "Web", + "React", + "Full Stack" ], "tags": { "language": "C#", - "type": "project" + "type": "solution" }, "identity": "FullStackHero.NET.StarterKit", "name": "FullStackHero .NET Starter Kit", - "description": "The best way to start a full-stack .NET 9 Web App.", + "description": "A production-ready full-stack starter: modular .NET 10 monolith (VSA, CQRS, multitenancy, Identity, Aspire) + two React 19 apps + Docker/Terraform.", "shortName": "fsh", "sourceName": "FSH.Starter", "preferNameDirectory": true, + "symbols": { + "db": { + "type": "parameter", + "datatype": "choice", + "description": "Database provider for migrations and persistence.", + "defaultValue": "postgresql", + "choices": [ + { + "choice": "postgresql", + "description": "PostgreSQL (default)" + }, + { + "choice": "sqlserver", + "description": "SQL Server" + } + ] + }, + "aspire": { + "type": "parameter", + "datatype": "bool", + "description": "Include the .NET Aspire AppHost project for orchestration.", + "defaultValue": "true" + }, + "frontend": { + "type": "parameter", + "datatype": "bool", + "description": "Include the React admin + dashboard client apps (clients/).", + "defaultValue": "true" + }, + "skipRestore": { + "type": "parameter", + "datatype": "bool", + "description": "Skip dotnet restore after project creation.", + "defaultValue": "false" + }, + "includeTools": { + "type": "parameter", + "datatype": "bool", + "description": "Internal: keep the fsh CLI project in the solution (FSH repo only).", + "defaultValue": "false" + }, + "contactEmail": { + "type": "parameter", + "datatype": "string", + "description": "Contact email written into OpenAPI metadata.", + "defaultValue": "noreply@example.com", + "replaces": "mukesh@codewithmukesh.com" + }, + "contactUrl": { + "type": "parameter", + "datatype": "string", + "description": "Contact / company URL written into OpenAPI metadata.", + "defaultValue": "https://example.com", + "replaces": "https://codewithmukesh.com" + }, + "mailFrom": { + "type": "parameter", + "datatype": "string", + "description": "Default 'from' address for outbound mail.", + "defaultValue": "noreply@example.com", + "replaces": "mukesh@fullstackhero.net" + }, + "sendgridFrom": { + "type": "generated", + "generator": "constant", + "parameters": { "value": "noreply@example.com" }, + "replaces": "sendgrid@fullstackhero.net" + }, + "nameUnderscore": { + "type": "derived", + "valueSource": "name", + "valueTransform": "underscoreForm", + "replaces": "FSH_Starter" + }, + "issuerSlug": { + "type": "derived", + "valueSource": "name", + "valueTransform": "kebabForm", + "replaces": "mukesh.murugan" + }, + "displayBrand": { + "type": "derived", + "valueSource": "name", + "valueTransform": "displayForm", + "replaces": "FullStackHero" + }, + "authorName": { + "type": "derived", + "valueSource": "name", + "valueTransform": "displayForm", + "replaces": "Mukesh Murugan" + }, + "openApiTitle": { + "type": "derived", + "valueSource": "name", + "valueTransform": "displayForm", + "replaces": "FSH PlayGround" + } + }, + "forms": { + "lc": { "identifier": "lowerCaseInvariant" }, + "dashNorm": { "identifier": "replace", "pattern": "[^a-zA-Z0-9]+", "replacement": "-" }, + "kebabForm": { "identifier": "chain", "steps": ["lc", "dashNorm"] }, + "underscoreForm": { "identifier": "replace", "pattern": "\\.", "replacement": "_" }, + "displayForm": { "identifier": "replace", "pattern": "[._-]+", "replacement": " " } + }, "sources": [ { "source": "./", @@ -30,16 +138,55 @@ ".vscode/**", ".vs/**", ".github/**", + ".agents/**", + ".claude/**", + ".devcontainer/**", + ".git/**", "templates/**/*", + "demo/**", + "docs/**", + "nupkgs/**", + "scripts/**", + "src/Tools/**", + "clients/**/node_modules/**", + "clients/**/dist/**", + "clients/**/build/**", + "clients/**/test-results/**", + "clients/**/playwright-report/**", + "clients/**/.turbo/**", + "clients/**/coverage/**", + "clients/**/.env", + "clients/**/.env.*", "**/*.filelist", "**/*.user", "**/images", "**/*.lock.json", - "*.nuspec" + "*.nuspec", + "**/bin/**", + "**/obj/**", + ".mcp.json", + "CLAUDE.md", + "GEMINI.md", + "README.md", + "LICENSE" ], "rename": { "README-template.md": "README.md" - } + }, + "modifiers": [ + { + "condition": "(!aspire)", + "exclude": [ + "src/Host/FSH.Starter.AppHost/**" + ] + }, + { + "condition": "(!frontend)", + "exclude": [ + "clients/**" + ] + } + ] } ], "primaryOutputs": [ @@ -49,7 +196,8 @@ ], "postActions": [ { - "description": "restore webapi project dependencies", + "condition": "(!skipRestore)", + "description": "Restore NuGet packages", "manualInstructions": [ { "text": "Run 'dotnet restore'" @@ -59,4 +207,4 @@ "continueOnError": false } ] -} \ No newline at end of file +} diff --git a/.vscode/launch.json b/.vscode/launch.json new file mode 100644 index 0000000000..5d0cb11799 --- /dev/null +++ b/.vscode/launch.json @@ -0,0 +1,18 @@ +{ + "version": "0.2.0", + "configurations": [ + { + "name": "Launch API", + "type": "coreclr", + "request": "launch", + "preLaunchTask": "build", + "program": "${workspaceFolder}/src/Host/FSH.Starter.Api/bin/Debug/net10.0/FSH.Starter.Api.dll", + "args": [], + "cwd": "${workspaceFolder}/src/Host/FSH.Starter.Api", + "stopAtEntry": false, + "env": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + } + ] +} diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000000..dfdf130c95 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,10 @@ +{ + "omnisharp.dotnetPath": "/home/jarvis/.dotnet", + "omnisharp.sdkPath": "/home/jarvis/.dotnet/sdk/10.0.102", + "omnisharp.useModernNet": true, + "editor.formatOnSave": true, + "files.exclude": { + "**/bin": true, + "**/obj": true + } +} diff --git a/.vscode/tasks.json b/.vscode/tasks.json new file mode 100644 index 0000000000..949717bef7 --- /dev/null +++ b/.vscode/tasks.json @@ -0,0 +1,76 @@ +{ + "version": "2.0.0", + "tasks": [ + { + "label": "build", + "command": "dotnet", + "type": "process", + "args": [ + "build", + "${workspaceFolder}/src/FSH.Starter.slnx", + "/property:GenerateFullPaths=true", + "/consoleloggerparameters:NoSummary" + ], + "problemMatcher": "$msCompile", + "group": { + "kind": "build", + "isDefault": true + } + }, + { + "label": "test", + "command": "dotnet", + "type": "process", + "args": [ + "test", + "${workspaceFolder}/src/FSH.Starter.slnx" + ], + "problemMatcher": "$msCompile", + "group": "test" + }, + { + "label": "run (Aspire)", + "command": "dotnet", + "type": "process", + "args": [ + "run", + "--project", + "${workspaceFolder}/src/Host/FSH.Starter.AppHost" + ], + "problemMatcher": "$msCompile", + "group": "none" + }, + { + "label": "run (API only)", + "command": "dotnet", + "type": "process", + "args": [ + "run", + "--project", + "${workspaceFolder}/src/Host/FSH.Starter.Api" + ], + "problemMatcher": "$msCompile", + "group": "none" + }, + { + "label": "clean", + "command": "dotnet", + "type": "process", + "args": [ + "clean", + "${workspaceFolder}/src/FSH.Starter.slnx" + ], + "problemMatcher": "$msCompile" + }, + { + "label": "restore", + "command": "dotnet", + "type": "process", + "args": [ + "restore", + "${workspaceFolder}/src/FSH.Starter.slnx" + ], + "problemMatcher": "$msCompile" + } + ] +} diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000000..d59075e3ad --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,133 @@ +# FullStackHero .NET Starter Kit + +> A production-ready modular .NET 10 monolith + two React 19 apps, built for enterprise SaaS. + +This file is the canonical guide for **all** AI coding tools (Claude Code, Gemini CLI, Cursor, Codex, …). +`CLAUDE.md` and `GEMINI.md` are thin bridges that import this file — edit conventions **here**, not there. + +This file is the map. Detailed conventions live in `.agents/rules/` and are read on demand — **read the +relevant rule file before working in that area** (see the index below). Keep this file lean. + +## What this is + +A **modular monolith** (Vertical Slice Architecture) backend that ships with two **React + Vite** +front-ends and a CLI. Multitenancy, auth, auditing, billing, files, chat and more are first-class. + +- **Backend** — .NET 10, EF Core 10, PostgreSQL, Redis, JWT + ASP.NET Identity, Finbuckle multitenancy, + Hangfire, OpenAPI/Scalar, Serilog + OpenTelemetry, .NET Aspire. +- **Frontends** — `clients/admin` (operator-facing) and `clients/dashboard` (tenant-facing): React 19, + Vite 7, TypeScript, TanStack Query v5, React Router 7, Radix + Tailwind v4 (shadcn-style), SignalR/SSE. + +## Repo map + +| Path | What | +|------|------| +| `src/BuildingBlocks/` | Shared framework libraries (Core, Persistence, Web, Caching, Eventing, Storage, Quota…). **Protected — see below.** | +| `src/Modules/{Name}/` | Bounded contexts. Each has a runtime project + a `.Contracts` project (its only public API). | +| `src/Host/FSH.Starter.Api` | Composition-root Web API host. | +| `src/Host/FSH.Starter.AppHost` | .NET Aspire orchestrator (Postgres, Redis, MinIO, migrator, API, **both React apps**). | +| `src/Host/FSH.Starter.DbMigrator` | One-shot migrate/seed runner. DB is **not** migrated at API startup. | +| `src/Host/FSH.Starter.Migrations.PostgreSQL` | All EF migrations, organized per-module by folder. | +| `src/Tests/` | Per-module tests, `Architecture.Tests` (NetArchTest), `Integration.Tests` (Testcontainers). | +| `src/Tools/CLI` | The `fsh` CLI (Spectre.Console). | +| `clients/admin`, `clients/dashboard` | The two React apps. | +| `deploy/` | Infra (docker, terraform, dokploy). | + +## Tech stack + +| Backend | | Frontend | | +|---|---|---|---| +| Framework | .NET 10 / C# latest | Framework | React 19 + Vite 7 + TS 5.x | +| CQRS | Mediator 3.x (source-gen) | Data | TanStack Query v5 | +| Validation | FluentValidation 12.x | Routing | React Router 7 | +| ORM / DB | EF Core 10 / PostgreSQL (Npgsql) | UI | Radix + Tailwind v4 + CVA (shadcn) | +| Auth | JWT Bearer + ASP.NET Identity | Forms | react-hook-form + zod (**admin only**) | +| Multitenancy | Finbuckle 10.x | Realtime | `@microsoft/signalr`, SSE (dashboard) | +| Cache / Jobs | Redis, Hangfire | Tests | Playwright (route-mocked) | +| Docs | OpenAPI + Scalar | API client | hand-written `apiFetch` (no codegen) | +| Hosting | .NET Aspire | Env | runtime `/config.json` (not `VITE_*`) | +| Testing | xUnit, Shouldly, NSubstitute, AutoFixture, NetArchTest, Testcontainers | | | + +## Build & run + +```bash +# Whole stack (Postgres + pgAdmin + Redis + MinIO + migrator + API + both React apps) +dotnet run --project src/Host/FSH.Starter.AppHost # one-time: npm install in clients/admin & clients/dashboard + +dotnet build src/FSH.Starter.slnx # build backend +dotnet run --project src/Host/FSH.Starter.Api # API only → https://localhost:7030 (/scalar) +dotnet test src/FSH.Starter.slnx # tests — integration tests REQUIRE Docker + +cd clients/admin && npm install && npm run dev # → http://localhost:5173 +cd clients/dashboard && npm install && npm run dev # → http://localhost:5174 +``` + +Migrations / seed (DbMigrator, separate step): +```bash +dotnet run --project src/Host/FSH.Starter.DbMigrator -- apply [--seed] +dotnet run --project src/Host/FSH.Starter.DbMigrator -- list-pending +``` + +**Ports:** API 7030 (https)/5030 (http) · admin 5173 · dashboard 5174 · Postgres 5432 · pgAdmin 5050 · Valkey 6379 · MinIO 9000/9001. + +## Golden rules (do not break) + +1. **Module boundaries** — a module references another module only through its `.Contracts` project, never its runtime project. Enforced by `Architecture.Tests`. +2. **Registering a module touches FOUR places** — `Program.cs` Mediator `o.Assemblies` (two markers each) + `moduleAssemblies` array, **and the identical pair in `DbMigrator/Program.cs`**. A missing Mediator marker = handlers silently undiscovered. See `architecture.md`. +3. **Tenant isolation is default-ON** via `BaseDbContext`. Opt out only via `IGlobalEntity`. Subclass DbContexts call `base.OnModelCreating` **last**. See `database.md`. +4. **Do NOT modify `src/BuildingBlocks`** without explicit approval — shared by every module, wide blast radius. +5. **Mediator handlers must be `public sealed`**, return `ValueTask`, and `.ConfigureAwait(false)` every await. +6. **Structured logging only** — no string interpolation in log messages; use message templates / `[LoggerMessage]`. +7. **Propagate `CancellationToken`** into every EF/IO call; add as `= default` on public service methods. +8. **Every command handler + paginated query handler needs a validator** (`{Name}Validator`). Enforced by `Architecture.Tests`. +9. **Frontend: pass per-call data through `mutate(arg)`**, never via state the mutation callbacks close over (execute-time race). See `frontend/shared.md`. +10. **Docs + changelog travel with the change** — a user-facing change (feature, endpoint, config, infra, breaking change) isn't done until the **separate docs repo** (`github.com/fullstackhero/docs`, the Astro site) is updated to match **and** a changelog entry is added (`src/content/docs/changelog/`). Don't let the docs drift from the code. + +## Rules index — read the relevant file before you work + +**Backend / cross-cutting** (`.agents/rules/`) + +| Working on… | Read | +|---|---| +| Module structure, boundaries, registration, DI, middleware order, config | `architecture.md` | +| Endpoints, CQRS, validation, exceptions, permissions, versioning | `api-conventions.md` | +| EF Core, entities, migrations, tenant isolation, query filters | `database.md` | +| Cross-module events, Outbox/Inbox, idempotent handlers | `eventing.md` | +| Caching (HybridCache/Redis), keys, invalidation | `caching.md` | +| Background jobs (Hangfire), recurring jobs | `jobs.md` | +| Outbound HTTP resilience (Polly) | `resilience.md` | +| Files/blobs, presigned uploads, providers | `storage.md` | +| CORS, security headers, rate limiting, idempotency, quotas | `security.md` | +| SignalR / SSE backend | `realtime.md` | +| Logging, correlation, OpenTelemetry | `logging.md` | +| Unit test conventions, NetArchTest | `testing.md` | +| Integration tests (Testcontainers harness + gotchas) | `integration-testing.md` | +| **Modifying `src/BuildingBlocks`** (read first — it's protected) | `buildingblocks-protection.md` | +| A specific module's quirks | `modules/{module}.md` (identity, multitenancy, chat, files, webhooks, auditing, billing, catalog, tickets, notifications) | + +**Frontend** (`.agents/rules/frontend/`) + +| Working on… | Read | +|---|---| +| Any React work (shared stack, API client, Query, Tailwind, design language) | `frontend/shared.md` | +| The operator app (`clients/admin`) | `frontend/admin.md` | +| The tenant app (`clients/dashboard`) | `frontend/dashboard.md` | + +## Coding style (backend) + +File-scoped namespaces · 4-space indent · explicit types (`var` only when RHS-obvious) · `is null` / +`is not null` · pattern matching + switch expressions · `ArgumentNullException.ThrowIfNull` guards · +records for DTOs/events/value objects · `default!` for required non-nullable strings. Build runs with +`TreatWarningsAsErrors` — warnings fail the build. + +## Adding things (quick pointers) + +- **Feature** — Contracts command/query → handler → validator → endpoint → wire in module `MapEndpoints()` → tests. Details: `api-conventions.md`. +- **Module** — new `Modules.{Name}` + `.Contracts`, implement `IModule` w/ assembly-level `[assembly: FshModule(typeof(XModule), order)]`, register in **all four places**, add migration folder + tests. Details: `architecture.md`. +- **React page** — API module (`src/api/`) → page → register lazy route → (admin) mirror permission + RouteGuard → Playwright test. Details: `frontend/shared.md`. + +## AI tooling resources + +- **Rules** — `.agents/rules/*.md` (indexed above). Read on demand. +- **Skills** — `.agents/skills/*/SKILL.md`: step-by-step task recipes. Scaffolders: `add-feature`, `add-entity`, `add-module`, `add-react-page`, `add-full-slice`. Ops: `create-migration`, `add-integration-event`, `add-permission`. Reference: `query-patterns`, `testing-guide`, `mediator-reference`. +- **Workflows** — `.agents/workflows/*.md`: task playbooks (`code-reviewer`, `feature-scaffolder`, `module-creator`, `architecture-guard`, `migration-helper`). diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000000..408f420f6e --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,5 @@ +# Claude Code + +The canonical project guide is **`AGENTS.md`** (tool-neutral). It is imported below; edit conventions there, not here. + +@AGENTS.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000000..c6fa439bf4 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,37 @@ +# Contributing + +Thanks for helping out. The conventions below keep PRs reviewable. + +## Reporting issues + +- **Security:** Use GitHub's private advisories — see [SECURITY.md](SECURITY.md). Do not file public issues for vulnerabilities. +- **Bugs:** Open a [GitHub issue](https://github.com/fullstackhero/dotnet-starter-kit/issues) with a minimal repro, your .NET SDK version, and the DB provider. +- **Features:** Start a [Discussion](https://github.com/fullstackhero/dotnet-starter-kit/discussions) before opening a PR for non-trivial work. + +## Dev setup + +Prerequisites: .NET 10 SDK, Docker, Node.js 22+. + +```bash +dotnet build src/FSH.Starter.slnx +dotnet run --project src/Host/FSH.Starter.AppHost # full Aspire stack +dotnet test src/FSH.Starter.slnx # tests (integration suite needs Docker) +``` + +Client apps live under `clients/admin` and `clients/dashboard` — `npm install && npm run dev` in each. + +## Pull requests + +- Branch from and target `develop`, not `main`. +- Follow [Conventional Commits](https://www.conventionalcommits.org) — match the existing history (`feat(chat): ...`, `fix(identity): ...`). +- Add tests. The build runs with `TreatWarningsAsErrors=true`; analyzer warnings must be fixed. +- Don't touch `src/BuildingBlocks/` without prior discussion — wide blast radius. +- Architecture rules (module boundaries, file layout, coding style) are documented in [CLAUDE.md](CLAUDE.md). Apply them. + +## Code of conduct + +This project follows the [Contributor Covenant](CODE_OF_CONDUCT.md). + +## Licensing + +Contributions are licensed under the project's [MIT License](LICENSE). diff --git a/FSH.StarterKit.nuspec b/FSH.StarterKit.nuspec deleted file mode 100644 index a96e4b69f1..0000000000 --- a/FSH.StarterKit.nuspec +++ /dev/null @@ -1,24 +0,0 @@ - - - - FullStackHero.NET.StarterKit - FullStackHero .NET Starter Kit - 2.0.4-rc - Mukesh Murugan - The best way to start a full-stack Multi-tenant .NET 9 Web App. - en-US - ./content/LICENSE - 2024 - ./content/README.md - https://fullstackhero.net/dotnet-starter-kit/general/getting-started/ - - - - - cleanarchitecture clean architecture WebAPI mukesh codewithmukesh fullstackhero solution csharp - ./content/icon.png - - - - - \ No newline at end of file diff --git a/GEMINI.md b/GEMINI.md new file mode 100644 index 0000000000..90b8c24546 --- /dev/null +++ b/GEMINI.md @@ -0,0 +1,5 @@ +# Gemini CLI + +The canonical project guide is **`AGENTS.md`** (tool-neutral). It is imported below; edit conventions there, not here. + +@AGENTS.md diff --git a/LICENSE b/LICENSE index fc25cd4f55..7e5256d336 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2024 fullstackhero +Copyright (c) 2021-2026 fullstackhero Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README-template.md b/README-template.md index e69de29bb2..1d91f9d2f2 100644 --- a/README-template.md +++ b/README-template.md @@ -0,0 +1,121 @@ +# FSH.Starter + +Your application, generated from the **FSH .NET Starter Kit** — a production-ready modular +.NET 10 monolith with two React 19 apps, multitenancy, identity, background jobs, and +cloud-native deploy. + +You **own all of this source**. There are no framework NuGet packages to track or upgrade — +the shared code lives in `src/BuildingBlocks` and is yours to change. + +## Prerequisites + +- [.NET 10 SDK](https://dotnet.microsoft.com/download/dotnet/10.0) +- [Node.js 20+](https://nodejs.org) — for the React apps +- [Docker](https://www.docker.com/) — Postgres, Redis, MinIO (orchestrated by Aspire) +- .NET Aspire workload: `dotnet workload install aspire` + +## Quick start + +### Everything at once (recommended) — .NET Aspire + +```bash +dotnet run --project src/Host/FSH.Starter.AppHost +``` + +Aspire starts Postgres, Redis, and MinIO, runs database migrations, then launches the API +**and both React apps**. + +| Surface | URL | +|---|---| +| Aspire dashboard | https://localhost:15888 | +| API + Scalar docs | https://localhost:7030/scalar | +| Admin console | http://localhost:5173 | +| Tenant dashboard | http://localhost:5174 | + +### Backend only + +```bash +dotnet run --project src/Host/FSH.Starter.Api # needs external Postgres + Redis +``` + +### Frontend only (against a running API) + +```bash +cd clients/admin && npm install && npm run dev # → http://localhost:5173 +cd clients/dashboard && npm install && npm run dev # → http://localhost:5174 +``` + +The React apps read their API URL at runtime from `public/config.json` — no rebuild to repoint. + +## Project structure + +``` +src/ + BuildingBlocks/ Shared framework libraries — yours to modify + Modules/ Bounded contexts: Identity, Multitenancy, Auditing, Billing, + Catalog, Chat, Files, Notifications, Tickets, Webhooks + Host/ + FSH.Starter.Api/ API composition root + FSH.Starter.AppHost/ .NET Aspire orchestrator + FSH.Starter.DbMigrator/ One-shot migrate / seed runner + FSH.Starter.Migrations.PostgreSQL/ EF Core migrations + Tests/ Unit, integration (Testcontainers), and architecture tests +clients/ + admin/ Operator console (React 19 + Vite + Tailwind) + dashboard/ Tenant app (React 19 + Vite + Tailwind, SSE live feed) +deploy/ + docker/ Production docker-compose + .env + terraform/ AWS infrastructure (ECS, RDS, ElastiCache, S3) +``` + +## Database + +Migrations run automatically under Aspire. To apply them yourself: + +```bash +dotnet run --project src/Host/FSH.Starter.DbMigrator -- apply --seed +``` + +## Make it yours — first-run checklist + +This project shipped with sensible defaults. Before production: + +- [ ] **Secrets** — set strong values in `deploy/docker/.env` (the `fsh` CLI generates these + for you; otherwise `cp deploy/docker/.env.example deploy/docker/.env` and fill them in). + Never commit `.env`. +- [ ] **Logo** — replace `clients/admin/public/logo-fullstackhero.png` and + `clients/dashboard/public/logo-fullstackhero.png` with your own. +- [ ] **Mail** — configure SMTP / SendGrid under `MailOptions` in + `src/Host/FSH.Starter.Api/appsettings.json`. +- [ ] **OpenAPI contact** — update `OpenApiOptions.Contact` in `appsettings.json`. +- [ ] **Container registry & infra** — set your registry and review bucket / database names + in `deploy/terraform/apps/starter/**/variables.tf` and `terraform.tfvars`. + +## Production (Docker Compose) + +```bash +cd deploy/docker +# .env is generated for you by the fsh CLI; otherwise: cp .env.example .env && edit +docker compose up -d --build +``` + +Sign in to the admin console as `admin@root.com` using the `SEED_ADMIN_PASSWORD` from your +`.env`, then rotate it from Settings → Security. + +## Adding a feature + +1. Contracts command/query in `src/Modules/{Module}.Contracts/v1/{Area}/{Feature}/` +2. Handler + FluentValidation validator in `src/Modules/{Module}/Features/...` +3. Endpoint, wired into the module's `MapEndpoints()` +4. Tests + +## Running tests + +```bash +dotnet test src/FSH.Starter.slnx # integration tests require Docker +``` + +## Learn more + +- [FSH Documentation](https://fullstackhero.net) +- [Source & issues](https://github.com/fullstackhero/dotnet-starter-kit) diff --git a/README.md b/README.md index 7682ba1331..d7005f55e7 100644 --- a/README.md +++ b/README.md @@ -1,95 +1,131 @@ -# FullStackHero .NET 9 Starter Kit 🚀 +# FullStackHero .NET 10 Starter Kit -> With ASP.NET Core Web API & Blazor Client +[![NuGet](https://img.shields.io/nuget/v/FullStackHero.CLI?label=fsh%20cli)](https://www.nuget.org/packages/FullStackHero.CLI) +[![NuGet](https://img.shields.io/nuget/v/FullStackHero.Framework.Web?label=framework)](https://www.nuget.org/packages/FullStackHero.Framework.Web) +[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -FullStackHero .NET Starter Kit is a starting point for your next `.NET 9 Clean Architecture` Solution that incorporates the most essential packages and features your projects will ever need including out-of-the-box Multi-Tenancy support. This project can save well over 200+ hours of development time for your team. +An opinionated, production-first starter for building multi-tenant SaaS and enterprise APIs on .NET 10. You get ready-to-ship Identity, Multitenancy, Auditing, Webhooks, caching, mailing, jobs, storage, health, OpenAPI, and OpenTelemetry — wired through Minimal APIs, Mediator, and EF Core. -![FullStackHero .NET Starter Kit](./assets/fullstackhero-dotnet-starter-kit.png) +## Quick Start -# Important +You get the complete source code — BuildingBlocks, Modules, and Host — with full project references. No black-box NuGet packages; you own and can modify everything. -This project is currently work in progress. The NuGet package is not yet available for v2. For now, you can fork this repository to try it out. [Follow @iammukeshm on X](https://x.com/iammukeshm) for project related updates. +### Option 1: FSH CLI (recommended) -# Quick Start Guide - -As the project is still in beta, the NuGet packages are not yet available. You can try out the project by pulling the code directly from this repository. - -Prerequisites: - -- .NET 9 SDK installed. -- Visual Studio IDE. -- Docker Desktop. -- PostgreSQL instance running on your machine or docker container. - -Please follow the below instructions. - -1. Fork this repository to your local. -2. Open up the `./src/FSH.Starter.sln`. -3. This would up the FSH Starter solution which has 3 main components. - 1. Aspire Dashboard (set as the default project) - 2. Web API - 3. Blazor -4. Now we will have to set the connection string for the API. Navigate to `./src/api/server/appsettings.Development.json` and change the `ConnectionString` under `DatabaseOptions`. Save it. -5. Once that is done, run the application via Visual Studio, with Aspire as the default project. This will open up Aspire Dashboard at `https://localhost:7200/`. -6. API will be running at `https://localhost:7000/swagger/index.html`. -7. Blazor will be running at `https://localhost:7100/`. - -# 🔎 The Project - -# ✨ Technologies +```bash +dotnet tool install -g FullStackHero.CLI +fsh new MyApp +cd MyApp +dotnet run --project src/Host/MyApp.AppHost +``` -- .NET 9 -- Entity Framework Core 9 -- Blazor -- MediatR -- PostgreSQL -- Redis -- FluentValidation +The interactive wizard lets you pick your database provider and whether to include Aspire. Run `fsh doctor` to verify your environment first. -# 👨‍🚀 Architecture +### Option 2: dotnet new template -# 📬 Service Endpoints +```bash +dotnet new install FullStackHero.NET.StarterKit +dotnet new fsh -n MyApp +cd MyApp +dotnet run --project src/Host/MyApp.AppHost +``` -| Endpoint | Method | Description | -| -------- | ------ | ---------------- | -| `/token` | POST | Generates Token. | +### Option 3: Clone the repository -# 🧪 Running Locally +```bash +git clone https://github.com/fullstackhero/dotnet-starter-kit.git MyApp +cd MyApp +dotnet restore src/FSH.Starter.slnx +dotnet run --project src/Host/FSH.Starter.AppHost +``` -# 🐳 Docker Support +### Option 4: GitHub Codespaces -# ☁️ Deploying to AWS +Click **"Use this template"** on GitHub, or open in Codespaces for a zero-install experience with .NET 10, Docker, and Aspire pre-configured. -# 🤝 Contributing +> Prerequisites: [.NET 10 SDK](https://dotnet.microsoft.com/download), [Docker](https://www.docker.com/) (for Postgres/Redis via Aspire) -# 🍕 Community +## Deploy -Thanks to the community who contribute to this repository! [Submit your PR and join the elite list!](CONTRIBUTING.md) +Production-style single-host deployment via Docker Compose: -[![FullStackHero .NET Starter Kit Contributors](https://contrib.rocks/image?repo=fullstackhero/dotnet-starter-kit "FullStackHero .NET Starter Kit Contributors")](https://github.com/fullstackhero/dotnet-starter-kit/graphs/contributors) +```bash +cd deploy/docker +cp .env.example .env && $EDITOR .env +docker compose up -d --build +``` -# 📝 Notes +Full walkthrough — prereqs, external proxy wiring, backup, swapping to managed services — in [`deploy/docker/README.md`](deploy/docker/README.md). -## Add Migrations +## FSH CLI Commands -Navigate to `./api/server` and run the following EF CLI commands. +| Command | Description | +|---------|------------| +| `fsh new [name]` | Create a new project with interactive wizard | +| `fsh doctor` | Check your environment (SDK, Docker, Aspire, ports) | +| `fsh info` | Show CLI/template versions and available updates | +| `fsh update` | Update CLI tool and template to latest | ```bash -dotnet ef migrations add "Add Identity Schema" --project .././migrations/postgresql/ --context IdentityDbContext -o Identity -dotnet ef migrations add "Add Tenant Schema" --project .././migrations/postgresql/ --context TenantDbContext -o Tenant -dotnet ef migrations add "Add Todo Schema" --project .././migrations/postgresql/ --context TodoDbContext -o Todo -dotnet ef migrations add "Add Catalog Schema" --project .././migrations/postgresql/ --context CatalogDbContext -o Catalog -``` - -## What's Pending? +# Non-interactive with options +fsh new MyApp --db sqlserver --no-aspire --no-git -- Few Identity Endpoints -- Blazor Client -- File Storage Service -- NuGet Generation Pipeline -- Source Code Generation -- Searching / Sorting - -# ⚖️ LICENSE +# Dry run (preview without creating) +fsh new MyApp --dry-run +``` -MIT © [fullstackhero](LICENSE) +## Why teams pick this +- Modular vertical slices: drop `Modules.Identity`, `Modules.Multitenancy`, `Modules.Auditing`, `Modules.Webhooks` into any API and let the module loader wire endpoints. +- Battle-tested building blocks: persistence + specifications, distributed caching, mailing, jobs via Hangfire, storage abstractions, and web host primitives (auth, rate limiting, versioning, CORS, exception handling). +- Cloud-ready out of the box: Aspire AppHost spins up Postgres + Redis + the API host with OTLP tracing enabled. +- Multi-tenant from day one: Finbuckle-powered tenancy across Identity and your module DbContexts; helpers to migrate and seed tenant databases on startup. +- Observability baked in: OpenTelemetry traces/metrics/logs, structured logging, health checks, and security/exception auditing. + +## Stack highlights +- .NET 10, C# latest, Minimal APIs, Mediator for commands/queries, FluentValidation. +- EF Core 10 with domain events + specifications; Postgres by default, SQL Server ready. +- ASP.NET Identity with JWT issuance/refresh, roles/permissions, rate-limited auth endpoints. +- Hangfire for background jobs; Redis-backed distributed cache; pluggable storage. +- API versioning, rate limiting, CORS, security headers, OpenAPI (Swagger) + Scalar docs. + +## Repository map +- `src/BuildingBlocks` — Core abstractions (DDD primitives, exceptions), Persistence, Caching, Mailing, Jobs, Storage, Web host wiring. +- `src/Modules` — `Identity`, `Multitenancy`, `Auditing`, `Webhooks` runtime + contracts projects. +- `src/Host` — Composition-root host (`FSH.Starter.Api`), Aspire app host (`FSH.Starter.AppHost`), Postgres migrations. +- `src/Tools/CLI` — The `fsh` CLI tool source code. +- `src/Tests` — Architecture tests that enforce layering and module boundaries. +- `deploy` — Docker, Dokploy, and Terraform deployment scaffolding. + +## Run it now (Aspire) +Prereqs: .NET 10 SDK, Aspire workload, Docker running (for Postgres/Redis). + +1. Restore: `dotnet restore src/FSH.Starter.slnx` +2. Start everything: `dotnet run --project src/Host/FSH.Starter.AppHost` + - Aspire brings up Postgres + Redis containers, wires env vars, launches the API host, and enables OTLP export on https://localhost:4317. +3. Hit the API: `https://localhost:5285` (Swagger/Scalar and module endpoints under `/api/v1/...`). + +### Run the API only +- Set env vars or appsettings for `DatabaseOptions__Provider`, `DatabaseOptions__ConnectionString`, `DatabaseOptions__MigrationsAssembly`, `CachingOptions__Redis`, and JWT options. +- Run: `dotnet run --project src/Host/FSH.Starter.Api` +- The host applies migrations/seeding via `UseHeroMultiTenantDatabases()` and maps module endpoints via `UseHeroPlatform`. + +## Bring the framework into your API +- Reference the building block and module projects you need. +- In `Program.cs`: + - Register Mediator with assemblies containing your commands/queries and module handlers. + - Call `builder.AddHeroPlatform(...)` to enable auth, OpenAPI, caching, mailing, jobs, health, OTel, rate limiting. + - Call `builder.AddModules(moduleAssemblies)` and `app.UseHeroPlatform(p => p.MapModules = true);`. +- Configure connection strings, Redis, JWT, CORS, and OTel endpoints via configuration. Example wiring lives in `src/Host/FSH.Starter.Api/Program.cs`. + +## Included modules +- **Identity** — ASP.NET Identity + JWT issuance/refresh, user/role/permission management, profile image storage, login/refresh auditing, health checks. +- **Multitenancy** — Tenant provisioning, migrations, status/upgrade APIs, tenant-aware EF Core contexts, health checks. +- **Auditing** — Security/exception/activity auditing with queryable endpoints; plugs into global exception handling and Identity events. +- **Webhooks** — Tenant-scoped webhook subscriptions with HMAC-signed delivery, retry policies, and delivery logs. + +## Development notes +- Target framework: `net10.0`; nullable enabled; analyzers on. +- Tests: `dotnet test src/FSH.Starter.slnx` (includes architecture guardrails). +- Want the deeper story? The full documentation site now lives in its own repo: [**fullstackhero/docs**](https://github.com/fullstackhero/docs) (Astro Starlight). Clone it and run `npm install && npm run dev` to read it locally. + +Built and maintained by Mukesh Murugan for teams that want to ship faster without sacrificing architecture discipline. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..ea5fec6b0b --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,36 @@ +# Security Policy + +## Supported versions + +This is a starter kit. Only the current `develop` branch receives security fixes from upstream. Forks, downstream projects, and tagged releases are owned by their maintainers — pull fixes in on your own cadence. + +## Reporting a vulnerability + +**Do not open a public issue.** Use GitHub's private vulnerability reporting: + + + +Please include: + +- Affected component (module, file, endpoint) +- Reproduction steps and any required configuration +- Impact (what an attacker can achieve) +- Proof-of-concept if you have one + +## What to expect + +- Acknowledgement within 72 hours. +- Triage decision within 7 days. +- Coordinated disclosure window of ~90 days from triage, longer for changes that need careful migration paths. + +Fixes ship as a patched commit on `develop` plus a GitHub Security Advisory. Reporters are credited with permission. + +## Scope + +In scope: `src/` (BuildingBlocks, Modules, Host), default `appsettings.*.json`, the `FullStackHero.CLI`, and the `clients/` apps. + +Out of scope: third-party NuGet/npm packages (report upstream), the docs site, and issues in downstream forks (contact that fork's maintainer). + +## Production hardening + +This kit ships with development-friendly defaults. Before deploying a fork, rotate JWT signing keys and seeded passwords, lock CORS, set strong Hangfire dashboard credentials, and persist DataProtection keys to a shared store for multi-instance hosting. diff --git a/assets/fullstackhero-dotnet-starter-kit.png b/assets/fullstackhero-dotnet-starter-kit.png deleted file mode 100644 index d5ac1f26ff..0000000000 Binary files a/assets/fullstackhero-dotnet-starter-kit.png and /dev/null differ diff --git a/clients/admin/.dockerignore b/clients/admin/.dockerignore new file mode 100644 index 0000000000..1aef886f93 --- /dev/null +++ b/clients/admin/.dockerignore @@ -0,0 +1,12 @@ +node_modules +dist +.vite +coverage +playwright-report +test-results +tests +*.log +.env +.env.* +!.env.example +public/config.json diff --git a/clients/admin/.gitignore b/clients/admin/.gitignore new file mode 100644 index 0000000000..4e2fa96baf --- /dev/null +++ b/clients/admin/.gitignore @@ -0,0 +1,25 @@ +node_modules +dist +dist-ssr +*.local +*.tsbuildinfo +.DS_Store + +# Env +.env +.env.local +.env.*.local + +# Editor +.vscode/* +!.vscode/extensions.json +.idea + +# Logs +logs +*.log +npm-debug.log* +pnpm-debug.log* + +# Generated +src/api/schema.d.ts diff --git a/clients/admin/Dockerfile b/clients/admin/Dockerfile new file mode 100644 index 0000000000..ff97828574 --- /dev/null +++ b/clients/admin/Dockerfile @@ -0,0 +1,38 @@ +# syntax=docker/dockerfile:1.7 + +# Stage 1: build the SPA bundle +FROM node:22-alpine AS build +WORKDIR /app + +# Install deps with a cached layer +COPY package.json package-lock.json ./ +RUN npm ci + +# Build +COPY . . +RUN npm run build + +# Stage 2: serve via nginx +FROM nginx:alpine AS runtime +WORKDIR /usr/share/nginx/html + +# nginx:alpine needs `envsubst` from gettext (it ships busybox without it). +RUN apk add --no-cache gettext + +# Replace the default nginx site +RUN rm -rf ./* /etc/nginx/conf.d/default.conf +COPY docker/nginx.conf /etc/nginx/conf.d/default.conf + +# Copy the built bundle, the runtime config template, and the entrypoint +COPY --from=build /app/dist/ ./ +COPY docker/config.json.template ./config.json.template +COPY docker/docker-entrypoint.sh /docker-entrypoint.sh +RUN chmod +x /docker-entrypoint.sh + +# Non-root: nginx:alpine includes the `nginx` user (uid 101). +# We do NOT switch to it here because the upstream image's master process +# needs root to bind :80; nginx will fork workers as the `nginx` user on +# its own per its default config. + +EXPOSE 80 +ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/clients/admin/README.md b/clients/admin/README.md new file mode 100644 index 0000000000..97328a36ea --- /dev/null +++ b/clients/admin/README.md @@ -0,0 +1,101 @@ +# FullStackHero — Admin + +Operator console for the FullStackHero .NET Starter Kit. Built with React 19, Vite 7, TypeScript, TanStack Query, React Router and Tailwind 4 + shadcn/ui. + +This is a **standalone Vite app** — not part of a pnpm workspace — so it can be mounted into .NET Aspire as a plain `ExecutableResource` without monorepo friction. + +## Prerequisites + +- Node.js 20+ +- The API running locally (`dotnet run --project src/Host/FSH.Starter.Api`, defaults to `http://localhost:5030`) + +## Install & run + +Two options — pick whichever matches how you want to develop. + +### Option A — run everything through Aspire (recommended) + +The AppHost launches Postgres, Redis, MinIO, the API, **and** this Vite app together, with `VITE_API_BASE_URL` wired via service discovery. + +```bash +npm install --prefix clients/admin # one-time +dotnet run --project src/Host/FSH.Starter.AppHost +``` + +Aspire dashboard will expose `fsh-admin` on . + +### Option B — run the frontend standalone + +Useful when the API is already running elsewhere (container, remote). + +```bash +cd clients/admin +npm install +npm run dev # http://localhost:5173 +``` + +The dev server proxies `/api`, `/openapi`, and `/scalar` to `VITE_API_BASE_URL` (default `http://localhost:5030`), so browser requests stay same-origin. + +## Scripts + +| Script | Purpose | +|-------------------|--------------------------------------| +| `npm run dev` | Vite dev server on port 5173 | +| `npm run build` | `tsc -b` + `vite build` → `dist/` | +| `npm run preview` | Preview the production build | +| `npm run lint` | ESLint (flat config) | + +## Configuration + +Environment variables are read via `import.meta.env` and surfaced through `src/env.ts`: + +| Variable | Default | Purpose | +|---------------------------|--------------------------|-----------------------------------------------| +| `VITE_API_BASE_URL` | `http://localhost:5030` | API origin used by the dev proxy | +| `VITE_DEFAULT_TENANT` | `root` | Default tenant header for unauthenticated calls | + +Create `.env.local` to override locally. + +## Structure + +``` +src/ +├── api/ # Typed API client functions (per backend feature) +├── auth/ # Token store, JWT decode, auth context, protected route +├── components/ +│ ├── layout/ # Sidebar, Topbar, AppShell +│ └── ui/ # shadcn primitives (Button, Card, Input, Label, Table) +├── lib/ +│ ├── api-client.ts # fetch wrapper: auth header, tenant header, single-flight refresh +│ ├── query-client.ts # TanStack QueryClient +│ └── cn.ts # clsx + tailwind-merge +├── pages/ # Route-level components +├── styles/globals.css # Tailwind 4 CSS-first + shadcn CSS variables +├── App.tsx # Provider tree (QueryClient, Auth, Router) +├── main.tsx # React entry +└── routes.tsx # Route definitions +``` + +## Authentication flow + +1. `POST /api/v1/identity/token/issue` with `{ email, password }` plus `tenant` header. +2. Access + refresh tokens are stored in `localStorage` (keys prefixed `fsh.admin.`). +3. The API client attaches `Authorization: Bearer ` and `tenant: ` on every call. +4. On `401`, a single-flight refresh call hits `POST /api/v1/identity/token/refresh`, retries the original request, and logs the user out if the refresh fails. + +## Styling + +- Tailwind 4 CSS-first config lives in `src/styles/globals.css` (no `tailwind.config.ts`). +- Colors use shadcn/ui oklch CSS variables; dark mode is toggled via the `.dark` class on ``. +- shadcn components follow the **new-york** style; `components.json` is present for `npx shadcn add ...`. + +## Adding a new page + +1. Add the API function in `src/api/.ts`. +2. Add the page component in `src/pages//.tsx`. +3. Register it in `src/routes.tsx` as a child of the `AppShell` route. +4. Add a nav entry in `src/components/layout/sidebar.tsx`. + +## Production build + +`npm run build` emits a static bundle to `dist/`. Host it behind any static web server (nginx, Caddy, Azure Static Web Apps, CloudFront, …). Configure the reverse proxy to forward `/api/*` to the backend and serve `index.html` as the SPA fallback for unmatched routes. diff --git a/clients/admin/components.json b/clients/admin/components.json new file mode 100644 index 0000000000..408958d879 --- /dev/null +++ b/clients/admin/components.json @@ -0,0 +1,21 @@ +{ + "$schema": "https://ui.shadcn.com/schema.json", + "style": "new-york", + "rsc": false, + "tsx": true, + "tailwind": { + "config": "", + "css": "src/styles/globals.css", + "baseColor": "slate", + "cssVariables": true, + "prefix": "" + }, + "aliases": { + "components": "@/components", + "utils": "@/lib/cn", + "ui": "@/components/ui", + "lib": "@/lib", + "hooks": "@/hooks" + }, + "iconLibrary": "lucide" +} diff --git a/clients/admin/docker/config.json.template b/clients/admin/docker/config.json.template new file mode 100644 index 0000000000..e3d5dc73d3 --- /dev/null +++ b/clients/admin/docker/config.json.template @@ -0,0 +1,5 @@ +{ + "apiBase": "${FSH_API_URL}", + "defaultTenant": "${FSH_DEFAULT_TENANT}", + "dashboardUrl": "${FSH_DASHBOARD_URL}" +} diff --git a/clients/admin/docker/docker-entrypoint.sh b/clients/admin/docker/docker-entrypoint.sh new file mode 100644 index 0000000000..3908a3444a --- /dev/null +++ b/clients/admin/docker/docker-entrypoint.sh @@ -0,0 +1,19 @@ +#!/bin/sh +set -e + +# Fail fast on missing required values rather than serve a broken bundle. +: "${FSH_API_URL:?FSH_API_URL is required (e.g. https://api.example.com)}" +: "${FSH_DASHBOARD_URL:?FSH_DASHBOARD_URL is required (e.g. https://app.example.com)}" + +# Defaults for non-required values. +: "${FSH_DEFAULT_TENANT:=root}" + +export FSH_API_URL FSH_DASHBOARD_URL FSH_DEFAULT_TENANT + +# Render the runtime config from the template, writing into nginx's web root. +envsubst < /usr/share/nginx/html/config.json.template > /usr/share/nginx/html/config.json + +# Drop the template so it isn't served accidentally. +rm /usr/share/nginx/html/config.json.template + +exec nginx -g 'daemon off;' diff --git a/clients/admin/docker/nginx.conf b/clients/admin/docker/nginx.conf new file mode 100644 index 0000000000..aa432f7bfe --- /dev/null +++ b/clients/admin/docker/nginx.conf @@ -0,0 +1,31 @@ +server { + listen 80; + server_name _; + root /usr/share/nginx/html; + index index.html; + + # Long-lived caching for hashed asset bundles + location ~* \.(?:js|css|woff2?|png|jpg|jpeg|svg|ico|webp)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + } + + # Runtime config — must be re-fetched on every deploy + location = /config.json { + add_header Cache-Control "no-store"; + add_header X-Content-Type-Options "nosniff"; + } + + # SPA fallback with security headers + location / { + try_files $uri /index.html; + add_header X-Frame-Options "DENY"; + add_header X-Content-Type-Options "nosniff"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + } + + # Block dotfiles + location ~ /\. { + deny all; + } +} diff --git a/clients/admin/eslint.config.js b/clients/admin/eslint.config.js new file mode 100644 index 0000000000..fdd39034f2 --- /dev/null +++ b/clients/admin/eslint.config.js @@ -0,0 +1,24 @@ +import globals from 'globals'; +import reactHooks from 'eslint-plugin-react-hooks'; +import reactRefresh from 'eslint-plugin-react-refresh'; +import tseslint from 'typescript-eslint'; + +export default tseslint.config( + { ignores: ['dist', 'node_modules', '*.config.js'] }, + { + extends: [...tseslint.configs.recommended], + files: ['**/*.{ts,tsx}'], + languageOptions: { + ecmaVersion: 2020, + globals: globals.browser, + }, + plugins: { + 'react-hooks': reactHooks, + 'react-refresh': reactRefresh, + }, + rules: { + ...reactHooks.configs.recommended.rules, + 'react-refresh/only-export-components': ['warn', { allowConstantExport: true }], + }, + }, +); diff --git a/clients/admin/index.html b/clients/admin/index.html new file mode 100644 index 0000000000..dd72e62969 --- /dev/null +++ b/clients/admin/index.html @@ -0,0 +1,19 @@ + + + + + + + + + + FullStackHero — Admin + + +
+ + + diff --git a/clients/admin/package-lock.json b/clients/admin/package-lock.json new file mode 100644 index 0000000000..31e752b5c0 --- /dev/null +++ b/clients/admin/package-lock.json @@ -0,0 +1,5735 @@ +{ + "name": "@fullstackhero/admin", + "version": "0.1.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "@fullstackhero/admin", + "version": "0.1.0", + "dependencies": { + "@hookform/resolvers": "^3.9.1", + "@microsoft/signalr": "^10.0.0", + "@radix-ui/react-dialog": "^1.1.15", + "@radix-ui/react-dropdown-menu": "^2.1.5", + "@radix-ui/react-label": "^2.1.2", + "@radix-ui/react-slot": "^1.1.2", + "@tanstack/react-query": "^5.66.0", + "@types/qrcode": "^1.5.6", + "class-variance-authority": "^0.7.1", + "clsx": "^2.1.1", + "lucide-react": "^0.475.0", + "qrcode": "^1.5.4", + "react": "^19.0.0", + "react-dom": "^19.0.0", + "react-hook-form": "^7.54.2", + "react-router-dom": "^7.1.5", + "sonner": "^2.0.7", + "tailwind-merge": "^3.0.1", + "zod": "^3.24.2" + }, + "devDependencies": { + "@playwright/test": "^1.60.0", + "@tailwindcss/vite": "^4.0.6", + "@types/node": "^22.13.1", + "@types/react": "^19.0.8", + "@types/react-dom": "^19.0.3", + "@vitejs/plugin-react": "^4.3.4", + "autoprefixer": "^10.4.20", + "eslint": "^9.19.0", + "eslint-plugin-react-hooks": "^5.1.0", + "eslint-plugin-react-refresh": "^0.4.18", + "globals": "^15.14.0", + "openapi-typescript": "^7.6.1", + "tailwindcss": "^4.0.6", + "typescript": "^5.7.3", + "typescript-eslint": "^8.23.0", + "vite": "^7.0.0" + }, + "engines": { + "node": ">=20" + } + }, + "node_modules/@babel/code-frame": { + "version": "7.29.0", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz", + "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-validator-identifier": "^7.28.5", + "js-tokens": "^4.0.0", + "picocolors": "^1.1.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/compat-data": { + "version": "7.29.0", + "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.29.0.tgz", + "integrity": "sha512-T1NCJqT/j9+cn8fvkt7jtwbLBfLC/1y1c7NtCeXFRgzGTsafi68MRv8yzkYSapBnFA6L3U2VSc02ciDzoAJhJg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/core": { + "version": "7.29.0", + "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.29.0.tgz", + "integrity": "sha512-CGOfOJqWjg2qW/Mb6zNsDm+u5vFQ8DxXfbM09z69p5Z6+mE1ikP2jUXw+j42Pf1XTYED2Rni5f95npYeuwMDQA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.29.0", + "@babel/generator": "^7.29.0", + "@babel/helper-compilation-targets": "^7.28.6", + "@babel/helper-module-transforms": "^7.28.6", + "@babel/helpers": "^7.28.6", + "@babel/parser": "^7.29.0", + "@babel/template": "^7.28.6", + "@babel/traverse": "^7.29.0", + "@babel/types": "^7.29.0", + "@jridgewell/remapping": "^2.3.5", + "convert-source-map": "^2.0.0", + "debug": "^4.1.0", + "gensync": "^1.0.0-beta.2", + "json5": "^2.2.3", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/babel" + } + }, + "node_modules/@babel/generator": { + "version": "7.29.1", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.1.tgz", + "integrity": "sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.29.0", + "@babel/types": "^7.29.0", + "@jridgewell/gen-mapping": "^0.3.12", + "@jridgewell/trace-mapping": "^0.3.28", + "jsesc": "^3.0.2" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-compilation-targets": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.28.6.tgz", + "integrity": "sha512-JYtls3hqi15fcx5GaSNL7SCTJ2MNmjrkHXg4FSpOA/grxK8KwyZ5bubHsCq8FXCkua6xhuaaBit+3b7+VZRfcA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/compat-data": "^7.28.6", + "@babel/helper-validator-option": "^7.27.1", + "browserslist": "^4.24.0", + "lru-cache": "^5.1.1", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-globals": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz", + "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-imports": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.28.6.tgz", + "integrity": "sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.28.6", + "@babel/types": "^7.28.6" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-transforms": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.6.tgz", + "integrity": "sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-module-imports": "^7.28.6", + "@babel/helper-validator-identifier": "^7.28.5", + "@babel/traverse": "^7.28.6" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-plugin-utils": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.28.6.tgz", + "integrity": "sha512-S9gzZ/bz83GRysI7gAD4wPT/AI3uCnY+9xn+Mx/KPs2JwHJIz1W8PZkg2cqyt3RNOBM8ejcXhV6y8Og7ly/Dug==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-string-parser": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz", + "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-identifier": { + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz", + "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-option": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz", + "integrity": "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helpers": { + "version": "7.29.2", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.29.2.tgz", + "integrity": "sha512-HoGuUs4sCZNezVEKdVcwqmZN8GoHirLUcLaYVNBK2J0DadGtdcqgr3BCbvH8+XUo4NGjNl3VOtSjEKNzqfFgKw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/template": "^7.28.6", + "@babel/types": "^7.29.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/parser": { + "version": "7.29.2", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.2.tgz", + "integrity": "sha512-4GgRzy/+fsBa72/RZVJmGKPmZu9Byn8o4MoLpmNe1m8ZfYnz5emHLQz3U4gLud6Zwl0RZIcgiLD7Uq7ySFuDLA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.29.0" + }, + "bin": { + "parser": "bin/babel-parser.js" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@babel/plugin-transform-react-jsx-self": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-self/-/plugin-transform-react-jsx-self-7.27.1.tgz", + "integrity": "sha512-6UzkCs+ejGdZ5mFFC/OCUrv028ab2fp1znZmCZjAOBKiBK2jXD1O+BPSfX8X2qjJ75fZBMSnQn3Rq2mrBJK2mw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-jsx-source": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-source/-/plugin-transform-react-jsx-source-7.27.1.tgz", + "integrity": "sha512-zbwoTsBruTeKB9hSq73ha66iFeJHuaFkUbwvqElnygoNbj/jHRsSeokowZFN3CZ64IvEqcmmkVe89OPXc7ldAw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/template": { + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz", + "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.28.6", + "@babel/parser": "^7.28.6", + "@babel/types": "^7.28.6" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/traverse": { + "version": "7.29.0", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.0.tgz", + "integrity": "sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.29.0", + "@babel/generator": "^7.29.0", + "@babel/helper-globals": "^7.28.0", + "@babel/parser": "^7.29.0", + "@babel/template": "^7.28.6", + "@babel/types": "^7.29.0", + "debug": "^4.3.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/types": { + "version": "7.29.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.0.tgz", + "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-string-parser": "^7.27.1", + "@babel/helper-validator-identifier": "^7.28.5" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@esbuild/aix-ppc64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.7.tgz", + "integrity": "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "aix" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.7.tgz", + "integrity": "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.7.tgz", + "integrity": "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-x64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.7.tgz", + "integrity": "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-arm64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.7.tgz", + "integrity": "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-x64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.7.tgz", + "integrity": "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-arm64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.7.tgz", + "integrity": "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-x64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.7.tgz", + "integrity": "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.7.tgz", + "integrity": "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.7.tgz", + "integrity": "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ia32": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.7.tgz", + "integrity": "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-loong64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.7.tgz", + "integrity": "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-mips64el": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.7.tgz", + "integrity": "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw==", + "cpu": [ + "mips64el" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ppc64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.7.tgz", + "integrity": "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-riscv64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.7.tgz", + "integrity": "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-s390x": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.7.tgz", + "integrity": "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-x64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.7.tgz", + "integrity": "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-arm64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.7.tgz", + "integrity": "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-x64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.7.tgz", + "integrity": "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-arm64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.7.tgz", + "integrity": "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-x64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.7.tgz", + "integrity": "sha512-+A1NJmfM8WNDv5CLVQYJ5PshuRm/4cI6WMZRg1by1GwPIQPCTs1GLEUHwiiQGT5zDdyLiRM/l1G0Pv54gvtKIg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openharmony-arm64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.7.tgz", + "integrity": "sha512-+KrvYb/C8zA9CU/g0sR6w2RBw7IGc5J2BPnc3dYc5VJxHCSF1yNMxTV5LQ7GuKteQXZtspjFbiuW5/dOj7H4Yw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/sunos-x64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.7.tgz", + "integrity": "sha512-ikktIhFBzQNt/QDyOL580ti9+5mL/YZeUPKU2ivGtGjdTYoqz6jObj6nOMfhASpS4GU4Q/Clh1QtxWAvcYKamA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "sunos" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-arm64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.7.tgz", + "integrity": "sha512-7yRhbHvPqSpRUV7Q20VuDwbjW5kIMwTHpptuUzV+AA46kiPze5Z7qgt6CLCK3pWFrHeNfDd1VKgyP4O+ng17CA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-ia32": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.7.tgz", + "integrity": "sha512-SmwKXe6VHIyZYbBLJrhOoCJRB/Z1tckzmgTLfFYOfpMAx63BJEaL9ExI8x7v0oAO3Zh6D/Oi1gVxEYr5oUCFhw==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-x64": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.7.tgz", + "integrity": "sha512-56hiAJPhwQ1R4i+21FVF7V8kSD5zZTdHcVuRFMW0hn753vVfQN8xlx4uOPT4xoGH0Z/oVATuR82AiqSTDIpaHg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@eslint-community/eslint-utils": { + "version": "4.9.1", + "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.1.tgz", + "integrity": "sha512-phrYmNiYppR7znFEdqgfWHXR6NCkZEK7hwWDHZUjit/2/U0r6XvkDl0SYnoM51Hq7FhCGdLDT6zxCCOY1hexsQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "eslint-visitor-keys": "^3.4.3" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + }, + "peerDependencies": { + "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" + } + }, + "node_modules/@eslint-community/eslint-utils/node_modules/eslint-visitor-keys": { + "version": "3.4.3", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@eslint-community/regexpp": { + "version": "4.12.2", + "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.12.2.tgz", + "integrity": "sha512-EriSTlt5OC9/7SXkRSCAhfSxxoSUgBm33OH+IkwbdpgoqsSsUg7y3uh+IICI/Qg4BBWr3U2i39RpmycbxMq4ew==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^12.0.0 || ^14.0.0 || >=16.0.0" + } + }, + "node_modules/@eslint/config-array": { + "version": "0.21.2", + "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.2.tgz", + "integrity": "sha512-nJl2KGTlrf9GjLimgIru+V/mzgSK0ABCDQRvxw5BjURL7WfH5uoWmizbH7QB6MmnMBd8cIC9uceWnezL1VZWWw==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@eslint/object-schema": "^2.1.7", + "debug": "^4.3.1", + "minimatch": "^3.1.5" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + } + }, + "node_modules/@eslint/config-helpers": { + "version": "0.4.2", + "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.2.tgz", + "integrity": "sha512-gBrxN88gOIf3R7ja5K9slwNayVcZgK6SOUORm2uBzTeIEfeVaIhOpCtTox3P6R7o2jLFwLFTLnC7kU/RGcYEgw==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@eslint/core": "^0.17.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + } + }, + "node_modules/@eslint/core": { + "version": "0.17.0", + "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.17.0.tgz", + "integrity": "sha512-yL/sLrpmtDaFEiUj1osRP4TI2MDz1AddJL+jZ7KSqvBuliN4xqYY54IfdN8qD8Toa6g1iloph1fxQNkjOxrrpQ==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@types/json-schema": "^7.0.15" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + } + }, + "node_modules/@eslint/eslintrc": { + "version": "3.3.5", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz", + "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==", + "dev": true, + "license": "MIT", + "dependencies": { + "ajv": "^6.14.0", + "debug": "^4.3.2", + "espree": "^10.0.1", + "globals": "^14.0.0", + "ignore": "^5.2.0", + "import-fresh": "^3.2.1", + "js-yaml": "^4.1.1", + "minimatch": "^3.1.5", + "strip-json-comments": "^3.1.1" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@eslint/eslintrc/node_modules/globals": { + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-14.0.0.tgz", + "integrity": "sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@eslint/js": { + "version": "9.39.4", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.4.tgz", + "integrity": "sha512-nE7DEIchvtiFTwBw4Lfbu59PG+kCofhjsKaCWzxTpt4lfRjRMqG6uMBzKXuEcyXhOHoUp9riAm7/aWYGhXZ9cw==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://eslint.org/donate" + } + }, + "node_modules/@eslint/object-schema": { + "version": "2.1.7", + "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.7.tgz", + "integrity": "sha512-VtAOaymWVfZcmZbp6E2mympDIHvyjXs/12LqWYjVw6qjrfF+VK+fyG33kChz3nnK+SU5/NeHOqrTEHS8sXO3OA==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + } + }, + "node_modules/@eslint/plugin-kit": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.4.1.tgz", + "integrity": "sha512-43/qtrDUokr7LJqoF2c3+RInu/t4zfrpYdoSDfYyhg52rwLV6TnOvdG4fXm7IkSB3wErkcmJS9iEhjVtOSEjjA==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@eslint/core": "^0.17.0", + "levn": "^0.4.1" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + } + }, + "node_modules/@floating-ui/core": { + "version": "1.7.5", + "resolved": "https://registry.npmjs.org/@floating-ui/core/-/core-1.7.5.tgz", + "integrity": "sha512-1Ih4WTWyw0+lKyFMcBHGbb5U5FtuHJuujoyyr5zTaWS5EYMeT6Jb2AuDeftsCsEuchO+mM2ij5+q9crhydzLhQ==", + "license": "MIT", + "dependencies": { + "@floating-ui/utils": "^0.2.11" + } + }, + "node_modules/@floating-ui/dom": { + "version": "1.7.6", + "resolved": "https://registry.npmjs.org/@floating-ui/dom/-/dom-1.7.6.tgz", + "integrity": "sha512-9gZSAI5XM36880PPMm//9dfiEngYoC6Am2izES1FF406YFsjvyBMmeJ2g4SAju3xWwtuynNRFL2s9hgxpLI5SQ==", + "license": "MIT", + "dependencies": { + "@floating-ui/core": "^1.7.5", + "@floating-ui/utils": "^0.2.11" + } + }, + "node_modules/@floating-ui/react-dom": { + "version": "2.1.8", + "resolved": "https://registry.npmjs.org/@floating-ui/react-dom/-/react-dom-2.1.8.tgz", + "integrity": "sha512-cC52bHwM/n/CxS87FH0yWdngEZrjdtLW/qVruo68qg+prK7ZQ4YGdut2GyDVpoGeAYe/h899rVeOVm6Oi40k2A==", + "license": "MIT", + "dependencies": { + "@floating-ui/dom": "^1.7.6" + }, + "peerDependencies": { + "react": ">=16.8.0", + "react-dom": ">=16.8.0" + } + }, + "node_modules/@floating-ui/utils": { + "version": "0.2.11", + "resolved": "https://registry.npmjs.org/@floating-ui/utils/-/utils-0.2.11.tgz", + "integrity": "sha512-RiB/yIh78pcIxl6lLMG0CgBXAZ2Y0eVHqMPYugu+9U0AeT6YBeiJpf7lbdJNIugFP5SIjwNRgo4DhR1Qxi26Gg==", + "license": "MIT" + }, + "node_modules/@hookform/resolvers": { + "version": "3.10.0", + "resolved": "https://registry.npmjs.org/@hookform/resolvers/-/resolvers-3.10.0.tgz", + "integrity": "sha512-79Dv+3mDF7i+2ajj7SkypSKHhl1cbln1OGavqrsF7p6mbUv11xpqpacPsGDCTRvCSjEEIez2ef1NveSVL3b0Ag==", + "license": "MIT", + "peerDependencies": { + "react-hook-form": "^7.0.0" + } + }, + "node_modules/@humanfs/core": { + "version": "0.19.2", + "resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.2.tgz", + "integrity": "sha512-UhXNm+CFMWcbChXywFwkmhqjs3PRCmcSa/hfBgLIb7oQ5HNb1wS0icWsGtSAUNgefHeI+eBrA8I1fxmbHsGdvA==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@humanfs/types": "^0.15.0" + }, + "engines": { + "node": ">=18.18.0" + } + }, + "node_modules/@humanfs/node": { + "version": "0.16.8", + "resolved": "https://registry.npmjs.org/@humanfs/node/-/node-0.16.8.tgz", + "integrity": "sha512-gE1eQNZ3R++kTzFUpdGlpmy8kDZD/MLyHqDwqjkVQI0JMdI1D51sy1H958PNXYkM2rAac7e5/CnIKZrHtPh3BQ==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@humanfs/core": "^0.19.2", + "@humanfs/types": "^0.15.0", + "@humanwhocodes/retry": "^0.4.0" + }, + "engines": { + "node": ">=18.18.0" + } + }, + "node_modules/@humanfs/types": { + "version": "0.15.0", + "resolved": "https://registry.npmjs.org/@humanfs/types/-/types-0.15.0.tgz", + "integrity": "sha512-ZZ1w0aoQkwuUuC7Yf+7sdeaNfqQiiLcSRbfI08oAxqLtpXQr9AIVX7Ay7HLDuiLYAaFPu8oBYNq/QIi9URHJ3Q==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=18.18.0" + } + }, + "node_modules/@humanwhocodes/module-importer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=12.22" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/nzakas" + } + }, + "node_modules/@humanwhocodes/retry": { + "version": "0.4.3", + "resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.3.tgz", + "integrity": "sha512-bV0Tgo9K4hfPCek+aMAn81RppFKv2ySDQeMoSZuvTASywNTnVJCArCZE2FWqpvIatKu7VMRLWlR1EazvVhDyhQ==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=18.18" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/nzakas" + } + }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.13", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz", + "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.0", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/remapping": { + "version": "2.3.5", + "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz", + "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", + "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", + "dev": true, + "license": "MIT" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.31", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz", + "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, + "node_modules/@microsoft/signalr": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/@microsoft/signalr/-/signalr-10.0.0.tgz", + "integrity": "sha512-0BRqz/uCx3JdrOqiqgFhih/+hfTERaUfCZXFB52uMaZJrKaPRzHzMuqVsJC/V3pt7NozcNXGspjKiQEK+X7P2w==", + "license": "MIT", + "dependencies": { + "abort-controller": "^3.0.0", + "eventsource": "^2.0.2", + "fetch-cookie": "^2.0.3", + "node-fetch": "^2.6.7", + "ws": "^7.5.10" + } + }, + "node_modules/@playwright/test": { + "version": "1.60.0", + "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.60.0.tgz", + "integrity": "sha512-O71yZIbAh/PxDMNGns37GHBIfrVkEVyn+AXyIa5dOTfb4/xNvRWV+Vv/NMbNCtODB/pO7vLlF2OTmMVLhmr7Ag==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "playwright": "1.60.0" + }, + "bin": { + "playwright": "cli.js" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@radix-ui/primitive": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/@radix-ui/primitive/-/primitive-1.1.3.tgz", + "integrity": "sha512-JTF99U/6XIjCBo0wqkU5sK10glYe27MRRsfwoiq5zzOEZLHU3A3KCMa5X/azekYRCJ0HlwI0crAXS/5dEHTzDg==", + "license": "MIT" + }, + "node_modules/@radix-ui/react-arrow": { + "version": "1.1.7", + "resolved": "https://registry.npmjs.org/@radix-ui/react-arrow/-/react-arrow-1.1.7.tgz", + "integrity": "sha512-F+M1tLhO+mlQaOWspE8Wstg+z6PwxwRd8oQ8IXceWz92kfAmalTRf0EjrouQeo7QssEPfCn05B4Ihs1K9WQ/7w==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-primitive": "2.1.3" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-collection": { + "version": "1.1.7", + "resolved": "https://registry.npmjs.org/@radix-ui/react-collection/-/react-collection-1.1.7.tgz", + "integrity": "sha512-Fh9rGN0MoI4ZFUNyfFVNU4y9LUz93u9/0K+yLgA2bwRojxM8JU1DyvvMBabnZPBgMWREAJvU2jjVzq+LrFUglw==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-compose-refs": "1.1.2", + "@radix-ui/react-context": "1.1.2", + "@radix-ui/react-primitive": "2.1.3", + "@radix-ui/react-slot": "1.2.3" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-collection/node_modules/@radix-ui/react-slot": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/@radix-ui/react-slot/-/react-slot-1.2.3.tgz", + "integrity": "sha512-aeNmHnBxbi2St0au6VBVC7JXFlhLlOnvIIlePNniyUNAClzmtAUEY8/pBiK3iHjufOlwA+c20/8jngo7xcrg8A==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-compose-refs": "1.1.2" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-compose-refs": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@radix-ui/react-compose-refs/-/react-compose-refs-1.1.2.tgz", + "integrity": "sha512-z4eqJvfiNnFMHIIvXP3CY57y2WJs5g2v3X0zm9mEJkrkNv4rDxu+sg9Jh8EkXyeqBkB7SOcboo9dMVqhyrACIg==", + "license": "MIT", + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-context": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@radix-ui/react-context/-/react-context-1.1.2.tgz", + "integrity": "sha512-jCi/QKUM2r1Ju5a3J64TH2A5SpKAgh0LpknyqdQ4m6DCV0xJ2HG1xARRwNGPQfi1SLdLWZ1OJz6F4OMBBNiGJA==", + "license": "MIT", + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-dialog": { + "version": "1.1.15", + "resolved": "https://registry.npmjs.org/@radix-ui/react-dialog/-/react-dialog-1.1.15.tgz", + "integrity": "sha512-TCglVRtzlffRNxRMEyR36DGBLJpeusFcgMVD9PZEzAKnUs1lKCgX5u9BmC2Yg+LL9MgZDugFFs1Vl+Jp4t/PGw==", + "license": "MIT", + "dependencies": { + "@radix-ui/primitive": "1.1.3", + "@radix-ui/react-compose-refs": "1.1.2", + "@radix-ui/react-context": "1.1.2", + "@radix-ui/react-dismissable-layer": "1.1.11", + "@radix-ui/react-focus-guards": "1.1.3", + "@radix-ui/react-focus-scope": "1.1.7", + "@radix-ui/react-id": "1.1.1", + "@radix-ui/react-portal": "1.1.9", + "@radix-ui/react-presence": "1.1.5", + "@radix-ui/react-primitive": "2.1.3", + "@radix-ui/react-slot": "1.2.3", + "@radix-ui/react-use-controllable-state": "1.2.2", + "aria-hidden": "^1.2.4", + "react-remove-scroll": "^2.6.3" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-dialog/node_modules/@radix-ui/react-slot": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/@radix-ui/react-slot/-/react-slot-1.2.3.tgz", + "integrity": "sha512-aeNmHnBxbi2St0au6VBVC7JXFlhLlOnvIIlePNniyUNAClzmtAUEY8/pBiK3iHjufOlwA+c20/8jngo7xcrg8A==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-compose-refs": "1.1.2" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-direction": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@radix-ui/react-direction/-/react-direction-1.1.1.tgz", + "integrity": "sha512-1UEWRX6jnOA2y4H5WczZ44gOOjTEmlqv1uNW4GAJEO5+bauCBhv8snY65Iw5/VOS/ghKN9gr2KjnLKxrsvoMVw==", + "license": "MIT", + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-dismissable-layer": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/@radix-ui/react-dismissable-layer/-/react-dismissable-layer-1.1.11.tgz", + "integrity": "sha512-Nqcp+t5cTB8BinFkZgXiMJniQH0PsUt2k51FUhbdfeKvc4ACcG2uQniY/8+h1Yv6Kza4Q7lD7PQV0z0oicE0Mg==", + "license": "MIT", + "dependencies": { + "@radix-ui/primitive": "1.1.3", + "@radix-ui/react-compose-refs": "1.1.2", + "@radix-ui/react-primitive": "2.1.3", + "@radix-ui/react-use-callback-ref": "1.1.1", + "@radix-ui/react-use-escape-keydown": "1.1.1" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-dropdown-menu": { + "version": "2.1.16", + "resolved": "https://registry.npmjs.org/@radix-ui/react-dropdown-menu/-/react-dropdown-menu-2.1.16.tgz", + "integrity": "sha512-1PLGQEynI/3OX/ftV54COn+3Sud/Mn8vALg2rWnBLnRaGtJDduNW/22XjlGgPdpcIbiQxjKtb7BkcjP00nqfJw==", + "license": "MIT", + "dependencies": { + "@radix-ui/primitive": "1.1.3", + "@radix-ui/react-compose-refs": "1.1.2", + "@radix-ui/react-context": "1.1.2", + "@radix-ui/react-id": "1.1.1", + "@radix-ui/react-menu": "2.1.16", + "@radix-ui/react-primitive": "2.1.3", + "@radix-ui/react-use-controllable-state": "1.2.2" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-focus-guards": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/@radix-ui/react-focus-guards/-/react-focus-guards-1.1.3.tgz", + "integrity": "sha512-0rFg/Rj2Q62NCm62jZw0QX7a3sz6QCQU0LpZdNrJX8byRGaGVTqbrW9jAoIAHyMQqsNpeZ81YgSizOt5WXq0Pw==", + "license": "MIT", + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-focus-scope": { + "version": "1.1.7", + "resolved": "https://registry.npmjs.org/@radix-ui/react-focus-scope/-/react-focus-scope-1.1.7.tgz", + "integrity": "sha512-t2ODlkXBQyn7jkl6TNaw/MtVEVvIGelJDCG41Okq/KwUsJBwQ4XVZsHAVUkK4mBv3ewiAS3PGuUWuY2BoK4ZUw==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-compose-refs": "1.1.2", + "@radix-ui/react-primitive": "2.1.3", + "@radix-ui/react-use-callback-ref": "1.1.1" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-id": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@radix-ui/react-id/-/react-id-1.1.1.tgz", + "integrity": "sha512-kGkGegYIdQsOb4XjsfM97rXsiHaBwco+hFI66oO4s9LU+PLAC5oJ7khdOVFxkhsmlbpUqDAvXw11CluXP+jkHg==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-use-layout-effect": "1.1.1" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-label": { + "version": "2.1.8", + "resolved": "https://registry.npmjs.org/@radix-ui/react-label/-/react-label-2.1.8.tgz", + "integrity": "sha512-FmXs37I6hSBVDlO4y764TNz1rLgKwjJMQ0EGte6F3Cb3f4bIuHB/iLa/8I9VKkmOy+gNHq8rql3j686ACVV21A==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-primitive": "2.1.4" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-label/node_modules/@radix-ui/react-primitive": { + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/@radix-ui/react-primitive/-/react-primitive-2.1.4.tgz", + "integrity": "sha512-9hQc4+GNVtJAIEPEqlYqW5RiYdrr8ea5XQ0ZOnD6fgru+83kqT15mq2OCcbe8KnjRZl5vF3ks69AKz3kh1jrhg==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-slot": "1.2.4" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-menu": { + "version": "2.1.16", + "resolved": "https://registry.npmjs.org/@radix-ui/react-menu/-/react-menu-2.1.16.tgz", + "integrity": "sha512-72F2T+PLlphrqLcAotYPp0uJMr5SjP5SL01wfEspJbru5Zs5vQaSHb4VB3ZMJPimgHHCHG7gMOeOB9H3Hdmtxg==", + "license": "MIT", + "dependencies": { + "@radix-ui/primitive": "1.1.3", + "@radix-ui/react-collection": "1.1.7", + "@radix-ui/react-compose-refs": "1.1.2", + "@radix-ui/react-context": "1.1.2", + "@radix-ui/react-direction": "1.1.1", + "@radix-ui/react-dismissable-layer": "1.1.11", + "@radix-ui/react-focus-guards": "1.1.3", + "@radix-ui/react-focus-scope": "1.1.7", + "@radix-ui/react-id": "1.1.1", + "@radix-ui/react-popper": "1.2.8", + "@radix-ui/react-portal": "1.1.9", + "@radix-ui/react-presence": "1.1.5", + "@radix-ui/react-primitive": "2.1.3", + "@radix-ui/react-roving-focus": "1.1.11", + "@radix-ui/react-slot": "1.2.3", + "@radix-ui/react-use-callback-ref": "1.1.1", + "aria-hidden": "^1.2.4", + "react-remove-scroll": "^2.6.3" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-menu/node_modules/@radix-ui/react-slot": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/@radix-ui/react-slot/-/react-slot-1.2.3.tgz", + "integrity": "sha512-aeNmHnBxbi2St0au6VBVC7JXFlhLlOnvIIlePNniyUNAClzmtAUEY8/pBiK3iHjufOlwA+c20/8jngo7xcrg8A==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-compose-refs": "1.1.2" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-popper": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@radix-ui/react-popper/-/react-popper-1.2.8.tgz", + "integrity": "sha512-0NJQ4LFFUuWkE7Oxf0htBKS6zLkkjBH+hM1uk7Ng705ReR8m/uelduy1DBo0PyBXPKVnBA6YBlU94MBGXrSBCw==", + "license": "MIT", + "dependencies": { + "@floating-ui/react-dom": "^2.0.0", + "@radix-ui/react-arrow": "1.1.7", + "@radix-ui/react-compose-refs": "1.1.2", + "@radix-ui/react-context": "1.1.2", + "@radix-ui/react-primitive": "2.1.3", + "@radix-ui/react-use-callback-ref": "1.1.1", + "@radix-ui/react-use-layout-effect": "1.1.1", + "@radix-ui/react-use-rect": "1.1.1", + "@radix-ui/react-use-size": "1.1.1", + "@radix-ui/rect": "1.1.1" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-portal": { + "version": "1.1.9", + "resolved": "https://registry.npmjs.org/@radix-ui/react-portal/-/react-portal-1.1.9.tgz", + "integrity": "sha512-bpIxvq03if6UNwXZ+HTK71JLh4APvnXntDc6XOX8UVq4XQOVl7lwok0AvIl+b8zgCw3fSaVTZMpAPPagXbKmHQ==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-primitive": "2.1.3", + "@radix-ui/react-use-layout-effect": "1.1.1" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-presence": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/@radix-ui/react-presence/-/react-presence-1.1.5.tgz", + "integrity": "sha512-/jfEwNDdQVBCNvjkGit4h6pMOzq8bHkopq458dPt2lMjx+eBQUohZNG9A7DtO/O5ukSbxuaNGXMjHicgwy6rQQ==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-compose-refs": "1.1.2", + "@radix-ui/react-use-layout-effect": "1.1.1" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-primitive": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/@radix-ui/react-primitive/-/react-primitive-2.1.3.tgz", + "integrity": "sha512-m9gTwRkhy2lvCPe6QJp4d3G1TYEUHn/FzJUtq9MjH46an1wJU+GdoGC5VLof8RX8Ft/DlpshApkhswDLZzHIcQ==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-slot": "1.2.3" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-primitive/node_modules/@radix-ui/react-slot": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/@radix-ui/react-slot/-/react-slot-1.2.3.tgz", + "integrity": "sha512-aeNmHnBxbi2St0au6VBVC7JXFlhLlOnvIIlePNniyUNAClzmtAUEY8/pBiK3iHjufOlwA+c20/8jngo7xcrg8A==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-compose-refs": "1.1.2" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-roving-focus": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/@radix-ui/react-roving-focus/-/react-roving-focus-1.1.11.tgz", + "integrity": "sha512-7A6S9jSgm/S+7MdtNDSb+IU859vQqJ/QAtcYQcfFC6W8RS4IxIZDldLR0xqCFZ6DCyrQLjLPsxtTNch5jVA4lA==", + "license": "MIT", + "dependencies": { + "@radix-ui/primitive": "1.1.3", + "@radix-ui/react-collection": "1.1.7", + "@radix-ui/react-compose-refs": "1.1.2", + "@radix-ui/react-context": "1.1.2", + "@radix-ui/react-direction": "1.1.1", + "@radix-ui/react-id": "1.1.1", + "@radix-ui/react-primitive": "2.1.3", + "@radix-ui/react-use-callback-ref": "1.1.1", + "@radix-ui/react-use-controllable-state": "1.2.2" + }, + "peerDependencies": { + "@types/react": "*", + "@types/react-dom": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", + "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "@types/react-dom": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-slot": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@radix-ui/react-slot/-/react-slot-1.2.4.tgz", + "integrity": "sha512-Jl+bCv8HxKnlTLVrcDE8zTMJ09R9/ukw4qBs/oZClOfoQk/cOTbDn+NceXfV7j09YPVQUryJPHurafcSg6EVKA==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-compose-refs": "1.1.2" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-use-callback-ref": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@radix-ui/react-use-callback-ref/-/react-use-callback-ref-1.1.1.tgz", + "integrity": "sha512-FkBMwD+qbGQeMu1cOHnuGB6x4yzPjho8ap5WtbEJ26umhgqVXbhekKUQO+hZEL1vU92a3wHwdp0HAcqAUF5iDg==", + "license": "MIT", + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-use-controllable-state": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/@radix-ui/react-use-controllable-state/-/react-use-controllable-state-1.2.2.tgz", + "integrity": "sha512-BjasUjixPFdS+NKkypcyyN5Pmg83Olst0+c6vGov0diwTEo6mgdqVR6hxcEgFuh4QrAs7Rc+9KuGJ9TVCj0Zzg==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-use-effect-event": "0.0.2", + "@radix-ui/react-use-layout-effect": "1.1.1" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-use-effect-event": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/@radix-ui/react-use-effect-event/-/react-use-effect-event-0.0.2.tgz", + "integrity": "sha512-Qp8WbZOBe+blgpuUT+lw2xheLP8q0oatc9UpmiemEICxGvFLYmHm9QowVZGHtJlGbS6A6yJ3iViad/2cVjnOiA==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-use-layout-effect": "1.1.1" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-use-escape-keydown": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@radix-ui/react-use-escape-keydown/-/react-use-escape-keydown-1.1.1.tgz", + "integrity": "sha512-Il0+boE7w/XebUHyBjroE+DbByORGR9KKmITzbR7MyQ4akpORYP/ZmbhAr0DG7RmmBqoOnZdy2QlvajJ2QA59g==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-use-callback-ref": "1.1.1" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-use-layout-effect": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@radix-ui/react-use-layout-effect/-/react-use-layout-effect-1.1.1.tgz", + "integrity": "sha512-RbJRS4UWQFkzHTTwVymMTUv8EqYhOp8dOOviLj2ugtTiXRaRQS7GLGxZTLL1jWhMeoSCf5zmcZkqTl9IiYfXcQ==", + "license": "MIT", + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-use-rect": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@radix-ui/react-use-rect/-/react-use-rect-1.1.1.tgz", + "integrity": "sha512-QTYuDesS0VtuHNNvMh+CjlKJ4LJickCMUAqjlE3+j8w+RlRpwyX3apEQKGFzbZGdo7XNG1tXa+bQqIE7HIXT2w==", + "license": "MIT", + "dependencies": { + "@radix-ui/rect": "1.1.1" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/react-use-size": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@radix-ui/react-use-size/-/react-use-size-1.1.1.tgz", + "integrity": "sha512-ewrXRDTAqAXlkl6t/fkXWNAhFX9I+CkKlw6zjEwk86RSPKwZr3xpBRso655aqYafwtnbpHLj6toFzmd6xdVptQ==", + "license": "MIT", + "dependencies": { + "@radix-ui/react-use-layout-effect": "1.1.1" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/@radix-ui/rect": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@radix-ui/rect/-/rect-1.1.1.tgz", + "integrity": "sha512-HPwpGIzkl28mWyZqG52jiqDJ12waP11Pa1lGoiyUkIEuMLBP0oeK/C89esbXrxsky5we7dfd8U58nm0SgAWpVw==", + "license": "MIT" + }, + "node_modules/@redocly/ajv": { + "version": "8.11.2", + "resolved": "https://registry.npmjs.org/@redocly/ajv/-/ajv-8.11.2.tgz", + "integrity": "sha512-io1JpnwtIcvojV7QKDUSIuMN/ikdOUd1ReEnUnMKGfDVridQZ31J0MmIuqwuRjWDZfmvr+Q0MqCcfHM2gTivOg==", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js-replace": "^1.0.1" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/@redocly/ajv/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true, + "license": "MIT" + }, + "node_modules/@redocly/config": { + "version": "0.22.0", + "resolved": "https://registry.npmjs.org/@redocly/config/-/config-0.22.0.tgz", + "integrity": "sha512-gAy93Ddo01Z3bHuVdPWfCwzgfaYgMdaZPcfL7JZ7hWJoK9V0lXDbigTWkhiPFAaLWzbOJ+kbUQG1+XwIm0KRGQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/@redocly/openapi-core": { + "version": "1.34.12", + "resolved": "https://registry.npmjs.org/@redocly/openapi-core/-/openapi-core-1.34.12.tgz", + "integrity": "sha512-b32XWsz6enN6K4bx8xWsqUaXTJR/DnYT3lL1CzDYzIYKw243NNlz6fexmr71q/U4HrEcMoJGBvwAfcxOb8ymQw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@redocly/ajv": "8.11.2", + "@redocly/config": "0.22.0", + "colorette": "1.4.0", + "https-proxy-agent": "7.0.6", + "js-levenshtein": "1.1.6", + "js-yaml": "4.1.1", + "minimatch": "5.1.9", + "pluralize": "8.0.0", + "yaml-ast-parser": "0.0.43" + }, + "engines": { + "node": ">=18.17.0", + "npm": ">=9.5.0" + } + }, + "node_modules/@redocly/openapi-core/node_modules/brace-expansion": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz", + "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/@redocly/openapi-core/node_modules/minimatch": { + "version": "5.1.9", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz", + "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/@rolldown/pluginutils": { + "version": "1.0.0-beta.27", + "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.27.tgz", + "integrity": "sha512-+d0F4MKMCbeVUJwG96uQ4SgAznZNSq93I3V+9NHA4OpvqG8mRCpGdKmK8l/dl02h2CCDHwW2FqilnTyDcAnqjA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@rollup/rollup-android-arm-eabi": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.2.tgz", + "integrity": "sha512-dnlp69efPPg6Uaw2dVqzWRfAWRnYVb1XJ8CyyhIbZeaq4CA5/mLeZ1IEt9QqQxmbdvagjLIm2ZL8BxXv5lH4Yw==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-android-arm64": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.2.tgz", + "integrity": "sha512-OqZTwDRDchGRHHm/hwLOL7uVPB9aUvI0am/eQuWMNyFHf5PSEQmyEeYYheA0EPPKUO/l0uigCp+iaTjoLjVoHg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-darwin-arm64": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.2.tgz", + "integrity": "sha512-UwRE7CGpvSVEQS8gUMBe1uADWjNnVgP3Iusyda1nSRwNDCsRjnGc7w6El6WLQsXmZTbLZx9cecegumcitNfpmA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-darwin-x64": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.2.tgz", + "integrity": "sha512-gjEtURKLCC5VXm1I+2i1u9OhxFsKAQJKTVB8WvDAHF+oZlq0GTVFOlTlO1q3AlCTE/DF32c16ESvfgqR7343/g==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-freebsd-arm64": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.2.tgz", + "integrity": "sha512-Bcl6CYDeAgE70cqZaMojOi/eK63h5Me97ZqAQoh77VPjMysA/4ORQBRGo3rRy45x4MzVlU9uZxs8Uwy7ZaKnBw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-freebsd-x64": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.2.tgz", + "integrity": "sha512-LU+TPda3mAE2QB0/Hp5VyeKJivpC6+tlOXd1VMoXV/YFMvk/MNk5iXeBfB4MQGRWyOYVJ01625vjkr0Az98OJQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-linux-arm-gnueabihf": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.2.tgz", + "integrity": "sha512-2QxQrM+KQ7DAW4o22j+XZ6RKdxjLD7BOWTP0Bv0tmjdyhXSsr2Ul1oJDQqh9Zf5qOwTuTc7Ek83mOFaKnodPjg==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm-musleabihf": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.2.tgz", + "integrity": "sha512-TbziEu2DVsTEOPif2mKWkMeDMLoYjx95oESa9fkQQK7r/Orta0gnkcDpzwufEcAO2BLBsD7mZkXGFqEdMRRwfw==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-gnu": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.2.tgz", + "integrity": "sha512-bO/rVDiDUuM2YfuCUwZ1t1cP+/yqjqz+Xf2VtkdppefuOFS2OSeAfgafaHNkFn0t02hEyXngZkxtGqXcXwO8Rg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-musl": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.2.tgz", + "integrity": "sha512-hr26p7e93Rl0Za+JwW7EAnwAvKkehh12BU1Llm9Ykiibg4uIr2rbpxG9WCf56GuvidlTG9KiiQT/TXT1yAWxTA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-gnu": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.2.tgz", + "integrity": "sha512-pOjB/uSIyDt+ow3k/RcLvUAOGpysT2phDn7TTUB3n75SlIgZzM6NKAqlErPhoFU+npgY3/n+2HYIQVbF70P9/A==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-musl": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.2.tgz", + "integrity": "sha512-2/w+q8jszv9Ww1c+6uJT3OwqhdmGP2/4T17cu8WuwyUuuaCDDJ2ojdyYwZzCxx0GcsZBhzi3HmH+J5pZNXnd+Q==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-gnu": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.2.tgz", + "integrity": "sha512-11+aL5vKheYgczxtPVVRhdptAM2H7fcDR5Gw4/bTcteuZBlH4oP9f5s9zYO9aGZvoGeBpqXI/9TZZihZ609wKw==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-musl": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.2.tgz", + "integrity": "sha512-i16fokAGK46IVZuV8LIIwMdtqhin9hfYkCh8pf8iC3QU3LpwL+1FSFGej+O7l3E/AoknL6Dclh2oTdnRMpTzFQ==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-gnu": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.2.tgz", + "integrity": "sha512-49FkKS6RGQoriDSK/6E2GkAsAuU5kETFCh7pG4yD/ylj9rKhTmO3elsnmBvRD4PgJPds5W2PkhC82aVwmUcJ7A==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-musl": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.2.tgz", + "integrity": "sha512-mjYNkHPfGpUR00DuM1ZZIgs64Hpf4bWcz9Z41+4Q+pgDx73UwWdAYyf6EG/lRFldmdHHzgrYyge5akFUW0D3mQ==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-s390x-gnu": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.2.tgz", + "integrity": "sha512-ALyvJz965BQk8E9Al/JDKKDLH2kfKFLTGMlgkAbbYtZuJt9LU8DW3ZoDMCtQpXAltZxwBHevXz5u+gf0yA0YoA==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-gnu": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.2.tgz", + "integrity": "sha512-UQjrkIdWrKI626Du8lCQ6MJp/6V1LAo2bOK9OTu4mSn8GGXIkPXk/Vsp4bLHCd9Z9Iz2OTEaokUE90VweJgIYQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-musl": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.2.tgz", + "integrity": "sha512-bTsRGj6VlSdn/XD4CGyzMnzaBs9bsRxy79eTqTCBsA8TMIEky7qg48aPkvJvFe1HyzQ5oMZdg7AnVlWQSKLTnw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-openbsd-x64": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.2.tgz", + "integrity": "sha512-6d4Z3534xitaA1FcMWP7mQPq5zGwBmGbhphh2DwaA1aNIXUu3KTOfwrWpbwI4/Gr0uANo7NTtaykFyO2hPuFLg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ] + }, + "node_modules/@rollup/rollup-openharmony-arm64": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.2.tgz", + "integrity": "sha512-NetAg5iO2uN7eB8zE5qrZ3CSil+7IJt4WDFLcC75Ymywq1VZVD6qJ6EvNLjZ3rEm6gB7XW5JdT60c6MN35Z85Q==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ] + }, + "node_modules/@rollup/rollup-win32-arm64-msvc": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.2.tgz", + "integrity": "sha512-NCYhOotpgWZ5kdxCZsv6Iudx0wX8980Q/oW4pNFNihpBKsDbEA1zpkfxJGC0yugsUuyDZ7gL37dbzwhR0VI7pQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-ia32-msvc": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.2.tgz", + "integrity": "sha512-RXsaOqXxfoUBQoOgvmmijVxJnW2IGB0eoMO7F8FAjaj0UTywUO/luSqimWBJn04WNgUkeNhh7fs7pESXajWmkg==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-gnu": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.2.tgz", + "integrity": "sha512-qdAzEULD+/hzObedtmV6iBpdL5TIbKVztGiK7O3/KYSf+HIzU257+MX1EXJcyIiDbMAqmbwaufcYPvyRryeZtA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-msvc": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.2.tgz", + "integrity": "sha512-Nd/SgG27WoA9e+/TdK74KnHz852TLa94ovOYySo/yMPuTmpckK/jIF2jSwS3g7ELSKXK13/cVdmg1Z/DaCWKxA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@tailwindcss/node": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/node/-/node-4.2.2.tgz", + "integrity": "sha512-pXS+wJ2gZpVXqFaUEjojq7jzMpTGf8rU6ipJz5ovJV6PUGmlJ+jvIwGrzdHdQ80Sg+wmQxUFuoW1UAAwHNEdFA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/remapping": "^2.3.5", + "enhanced-resolve": "^5.19.0", + "jiti": "^2.6.1", + "lightningcss": "1.32.0", + "magic-string": "^0.30.21", + "source-map-js": "^1.2.1", + "tailwindcss": "4.2.2" + } + }, + "node_modules/@tailwindcss/oxide": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide/-/oxide-4.2.2.tgz", + "integrity": "sha512-qEUA07+E5kehxYp9BVMpq9E8vnJuBHfJEC0vPC5e7iL/hw7HR61aDKoVoKzrG+QKp56vhNZe4qwkRmMC0zDLvg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 20" + }, + "optionalDependencies": { + "@tailwindcss/oxide-android-arm64": "4.2.2", + "@tailwindcss/oxide-darwin-arm64": "4.2.2", + "@tailwindcss/oxide-darwin-x64": "4.2.2", + "@tailwindcss/oxide-freebsd-x64": "4.2.2", + "@tailwindcss/oxide-linux-arm-gnueabihf": "4.2.2", + "@tailwindcss/oxide-linux-arm64-gnu": "4.2.2", + "@tailwindcss/oxide-linux-arm64-musl": "4.2.2", + "@tailwindcss/oxide-linux-x64-gnu": "4.2.2", + "@tailwindcss/oxide-linux-x64-musl": "4.2.2", + "@tailwindcss/oxide-wasm32-wasi": "4.2.2", + "@tailwindcss/oxide-win32-arm64-msvc": "4.2.2", + "@tailwindcss/oxide-win32-x64-msvc": "4.2.2" + } + }, + "node_modules/@tailwindcss/oxide-android-arm64": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-android-arm64/-/oxide-android-arm64-4.2.2.tgz", + "integrity": "sha512-dXGR1n+P3B6748jZO/SvHZq7qBOqqzQ+yFrXpoOWWALWndF9MoSKAT3Q0fYgAzYzGhxNYOoysRvYlpixRBBoDg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">= 20" + } + }, + "node_modules/@tailwindcss/oxide-darwin-arm64": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-arm64/-/oxide-darwin-arm64-4.2.2.tgz", + "integrity": "sha512-iq9Qjr6knfMpZHj55/37ouZeykwbDqF21gPFtfnhCCKGDcPI/21FKC9XdMO/XyBM7qKORx6UIhGgg6jLl7BZlg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 20" + } + }, + "node_modules/@tailwindcss/oxide-darwin-x64": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-x64/-/oxide-darwin-x64-4.2.2.tgz", + "integrity": "sha512-BlR+2c3nzc8f2G639LpL89YY4bdcIdUmiOOkv2GQv4/4M0vJlpXEa0JXNHhCHU7VWOKWT/CjqHdTP8aUuDJkuw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 20" + } + }, + "node_modules/@tailwindcss/oxide-freebsd-x64": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-freebsd-x64/-/oxide-freebsd-x64-4.2.2.tgz", + "integrity": "sha512-YUqUgrGMSu2CDO82hzlQ5qSb5xmx3RUrke/QgnoEx7KvmRJHQuZHZmZTLSuuHwFf0DJPybFMXMYf+WJdxHy/nQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">= 20" + } + }, + "node_modules/@tailwindcss/oxide-linux-arm-gnueabihf": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm-gnueabihf/-/oxide-linux-arm-gnueabihf-4.2.2.tgz", + "integrity": "sha512-FPdhvsW6g06T9BWT0qTwiVZYE2WIFo2dY5aCSpjG/S/u1tby+wXoslXS0kl3/KXnULlLr1E3NPRRw0g7t2kgaQ==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 20" + } + }, + "node_modules/@tailwindcss/oxide-linux-arm64-gnu": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-gnu/-/oxide-linux-arm64-gnu-4.2.2.tgz", + "integrity": "sha512-4og1V+ftEPXGttOO7eCmW7VICmzzJWgMx+QXAJRAhjrSjumCwWqMfkDrNu1LXEQzNAwz28NCUpucgQPrR4S2yw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 20" + } + }, + "node_modules/@tailwindcss/oxide-linux-arm64-musl": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-musl/-/oxide-linux-arm64-musl-4.2.2.tgz", + "integrity": "sha512-oCfG/mS+/+XRlwNjnsNLVwnMWYH7tn/kYPsNPh+JSOMlnt93mYNCKHYzylRhI51X+TbR+ufNhhKKzm6QkqX8ag==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 20" + } + }, + "node_modules/@tailwindcss/oxide-linux-x64-gnu": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-gnu/-/oxide-linux-x64-gnu-4.2.2.tgz", + "integrity": "sha512-rTAGAkDgqbXHNp/xW0iugLVmX62wOp2PoE39BTCGKjv3Iocf6AFbRP/wZT/kuCxC9QBh9Pu8XPkv/zCZB2mcMg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 20" + } + }, + "node_modules/@tailwindcss/oxide-linux-x64-musl": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-musl/-/oxide-linux-x64-musl-4.2.2.tgz", + "integrity": "sha512-XW3t3qwbIwiSyRCggeO2zxe3KWaEbM0/kW9e8+0XpBgyKU4ATYzcVSMKteZJ1iukJ3HgHBjbg9P5YPRCVUxlnQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 20" + } + }, + "node_modules/@tailwindcss/oxide-wasm32-wasi": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-wasm32-wasi/-/oxide-wasm32-wasi-4.2.2.tgz", + "integrity": "sha512-eKSztKsmEsn1O5lJ4ZAfyn41NfG7vzCg496YiGtMDV86jz1q/irhms5O0VrY6ZwTUkFy/EKG3RfWgxSI3VbZ8Q==", + "bundleDependencies": [ + "@napi-rs/wasm-runtime", + "@emnapi/core", + "@emnapi/runtime", + "@tybys/wasm-util", + "@emnapi/wasi-threads", + "tslib" + ], + "cpu": [ + "wasm32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "dependencies": { + "@emnapi/core": "^1.8.1", + "@emnapi/runtime": "^1.8.1", + "@emnapi/wasi-threads": "^1.1.0", + "@napi-rs/wasm-runtime": "^1.1.1", + "@tybys/wasm-util": "^0.10.1", + "tslib": "^2.8.1" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@tailwindcss/oxide-win32-arm64-msvc": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.2.2.tgz", + "integrity": "sha512-qPmaQM4iKu5mxpsrWZMOZRgZv1tOZpUm+zdhhQP0VhJfyGGO3aUKdbh3gDZc/dPLQwW4eSqWGrrcWNBZWUWaXQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 20" + } + }, + "node_modules/@tailwindcss/oxide-win32-x64-msvc": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-x64-msvc/-/oxide-win32-x64-msvc-4.2.2.tgz", + "integrity": "sha512-1T/37VvI7WyH66b+vqHj/cLwnCxt7Qt3WFu5Q8hk65aOvlwAhs7rAp1VkulBJw/N4tMirXjVnylTR72uI0HGcA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 20" + } + }, + "node_modules/@tailwindcss/vite": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@tailwindcss/vite/-/vite-4.2.2.tgz", + "integrity": "sha512-mEiF5HO1QqCLXoNEfXVA1Tzo+cYsrqV7w9Juj2wdUFyW07JRenqMG225MvPwr3ZD9N1bFQj46X7r33iHxLUW0w==", + "dev": true, + "license": "MIT", + "dependencies": { + "@tailwindcss/node": "4.2.2", + "@tailwindcss/oxide": "4.2.2", + "tailwindcss": "4.2.2" + }, + "peerDependencies": { + "vite": "^5.2.0 || ^6 || ^7 || ^8" + } + }, + "node_modules/@tanstack/query-core": { + "version": "5.99.2", + "resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.99.2.tgz", + "integrity": "sha512-1HunU0bXVsR1ZJMZbcOPE6VtaBJxsW809RE9xPe4Gz7MlB0GWwQvuTPhMoEmQ/hIzFKJ/DWAuttIe7BOaWx0tA==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/tannerlinsley" + } + }, + "node_modules/@tanstack/react-query": { + "version": "5.99.2", + "resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.99.2.tgz", + "integrity": "sha512-vM91UEe45QUS9ED6OklsVL15i8qKcRqNwpWzPTVWvRPRSEgDudDgHpvyTjcdlwHcrKNa80T+xXYcchT2noPnZA==", + "license": "MIT", + "dependencies": { + "@tanstack/query-core": "5.99.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/tannerlinsley" + }, + "peerDependencies": { + "react": "^18 || ^19" + } + }, + "node_modules/@types/babel__core": { + "version": "7.20.5", + "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "integrity": "sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.20.7", + "@babel/types": "^7.20.7", + "@types/babel__generator": "*", + "@types/babel__template": "*", + "@types/babel__traverse": "*" + } + }, + "node_modules/@types/babel__generator": { + "version": "7.27.0", + "resolved": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.27.0.tgz", + "integrity": "sha512-ufFd2Xi92OAVPYsy+P4n7/U7e68fex0+Ee8gSG9KX7eo084CWiQ4sdxktvdl0bOPupXtVJPY19zk6EwWqUQ8lg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.0.0" + } + }, + "node_modules/@types/babel__template": { + "version": "7.4.4", + "resolved": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "integrity": "sha512-h/NUaSyG5EyxBIp8YRxo4RMe2/qQgvyowRwVMzhYhBCONbW8PUsg4lkFMrhgZhUe5z3L3MiLDuvyJ/CaPa2A8A==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.1.0", + "@babel/types": "^7.0.0" + } + }, + "node_modules/@types/babel__traverse": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.28.0.tgz", + "integrity": "sha512-8PvcXf70gTDZBgt9ptxJ8elBeBjcLOAcOtoO/mPJjtji1+CdGbHgm77om1GrsPxsiE+uXIpNSK64UYaIwQXd4Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.28.2" + } + }, + "node_modules/@types/estree": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", + "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/json-schema": { + "version": "7.0.15", + "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/node": { + "version": "22.19.17", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.19.17.tgz", + "integrity": "sha512-wGdMcf+vPYM6jikpS/qhg6WiqSV/OhG+jeeHT/KlVqxYfD40iYJf9/AE1uQxVWFvU7MipKRkRv8NSHiCGgPr8Q==", + "license": "MIT", + "dependencies": { + "undici-types": "~6.21.0" + } + }, + "node_modules/@types/qrcode": { + "version": "1.5.6", + "resolved": "https://registry.npmjs.org/@types/qrcode/-/qrcode-1.5.6.tgz", + "integrity": "sha512-te7NQcV2BOvdj2b1hCAHzAoMNuj65kNBMz0KBaxM6c3VGBOhU0dURQKOtH8CFNI/dsKkwlv32p26qYQTWoB5bw==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/react": { + "version": "19.2.14", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.14.tgz", + "integrity": "sha512-ilcTH/UniCkMdtexkoCN0bI7pMcJDvmQFPvuPvmEaYA/NSfFTAgdUSLAoVjaRJm7+6PvcM+q1zYOwS4wTYMF9w==", + "devOptional": true, + "license": "MIT", + "dependencies": { + "csstype": "^3.2.2" + } + }, + "node_modules/@types/react-dom": { + "version": "19.2.3", + "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-19.2.3.tgz", + "integrity": "sha512-jp2L/eY6fn+KgVVQAOqYItbF0VY/YApe5Mz2F0aykSO8gx31bYCZyvSeYxCHKvzHG5eZjc+zyaS5BrBWya2+kQ==", + "devOptional": true, + "license": "MIT", + "peerDependencies": { + "@types/react": "^19.2.0" + } + }, + "node_modules/@typescript-eslint/eslint-plugin": { + "version": "8.58.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.58.2.tgz", + "integrity": "sha512-aC2qc5thQahutKjP+cl8cgN9DWe3ZUqVko30CMSZHnFEHyhOYoZSzkGtAI2mcwZ38xeImDucI4dnqsHiOYuuCw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@eslint-community/regexpp": "^4.12.2", + "@typescript-eslint/scope-manager": "8.58.2", + "@typescript-eslint/type-utils": "8.58.2", + "@typescript-eslint/utils": "8.58.2", + "@typescript-eslint/visitor-keys": "8.58.2", + "ignore": "^7.0.5", + "natural-compare": "^1.4.0", + "ts-api-utils": "^2.5.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "@typescript-eslint/parser": "^8.58.2", + "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": { + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz", + "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/@typescript-eslint/parser": { + "version": "8.58.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.58.2.tgz", + "integrity": "sha512-/Zb/xaIDfxeJnvishjGdcR4jmr7S+bda8PKNhRGdljDM+elXhlvN0FyPSsMnLmJUrVG9aPO6dof80wjMawsASg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/scope-manager": "8.58.2", + "@typescript-eslint/types": "8.58.2", + "@typescript-eslint/typescript-estree": "8.58.2", + "@typescript-eslint/visitor-keys": "8.58.2", + "debug": "^4.4.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/project-service": { + "version": "8.58.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.58.2.tgz", + "integrity": "sha512-Cq6UfpZZk15+r87BkIh5rDpi38W4b+Sjnb8wQCPPDDweS/LRCFjCyViEbzHk5Ck3f2QDfgmlxqSa7S7clDtlfg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/tsconfig-utils": "^8.58.2", + "@typescript-eslint/types": "^8.58.2", + "debug": "^4.4.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/scope-manager": { + "version": "8.58.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.58.2.tgz", + "integrity": "sha512-SgmyvDPexWETQek+qzZnrG6844IaO02UVyOLhI4wpo82dpZJY9+6YZCKAMFzXb7qhx37mFK1QcPQ18tud+vo6Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.58.2", + "@typescript-eslint/visitor-keys": "8.58.2" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/tsconfig-utils": { + "version": "8.58.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.58.2.tgz", + "integrity": "sha512-3SR+RukipDvkkKp/d0jP0dyzuls3DbGmwDpVEc5wqk5f38KFThakqAAO0XMirWAE+kT00oTauTbzMFGPoAzB0A==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/type-utils": { + "version": "8.58.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.58.2.tgz", + "integrity": "sha512-Z7EloNR/B389FvabdGeTo2XMs4W9TjtPiO9DAsmT0yom0bwlPyRjkJ1uCdW1DvrrrYP50AJZ9Xc3sByZA9+dcg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.58.2", + "@typescript-eslint/typescript-estree": "8.58.2", + "@typescript-eslint/utils": "8.58.2", + "debug": "^4.4.3", + "ts-api-utils": "^2.5.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/types": { + "version": "8.58.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.58.2.tgz", + "integrity": "sha512-9TukXyATBQf/Jq9AMQXfvurk+G5R2MwfqQGDR2GzGz28HvY/lXNKGhkY+6IOubwcquikWk5cjlgPvD2uAA7htQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/typescript-estree": { + "version": "8.58.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.58.2.tgz", + "integrity": "sha512-ELGuoofuhhoCvNbQjFFiobFcGgcDCEm0ThWdmO4Z0UzLqPXS3KFvnEZ+SHewwOYHjM09tkzOWXNTv9u6Gqtyuw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/project-service": "8.58.2", + "@typescript-eslint/tsconfig-utils": "8.58.2", + "@typescript-eslint/types": "8.58.2", + "@typescript-eslint/visitor-keys": "8.58.2", + "debug": "^4.4.3", + "minimatch": "^10.2.2", + "semver": "^7.7.3", + "tinyglobby": "^0.2.15", + "ts-api-utils": "^2.5.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "dev": true, + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": { + "version": "5.0.5", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz", + "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": { + "version": "10.2.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz", + "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "brace-expansion": "^5.0.5" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/@typescript-eslint/typescript-estree/node_modules/semver": { + "version": "7.7.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz", + "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==", + "dev": true, + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/@typescript-eslint/utils": { + "version": "8.58.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.58.2.tgz", + "integrity": "sha512-QZfjHNEzPY8+l0+fIXMvuQ2sJlplB4zgDZvA+NmvZsZv3EQwOcc1DuIU1VJUTWZ/RKouBMhDyNaBMx4sWvrzRA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@eslint-community/eslint-utils": "^4.9.1", + "@typescript-eslint/scope-manager": "8.58.2", + "@typescript-eslint/types": "8.58.2", + "@typescript-eslint/typescript-estree": "8.58.2" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/@typescript-eslint/visitor-keys": { + "version": "8.58.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.58.2.tgz", + "integrity": "sha512-f1WO2Lx8a9t8DARmcWAUPJbu0G20bJlj8L4z72K00TMeJAoyLr/tHhI/pzYBLrR4dXWkcxO1cWYZEOX8DKHTqA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.58.2", + "eslint-visitor-keys": "^5.0.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/visitor-keys/node_modules/eslint-visitor-keys": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz", + "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": "^20.19.0 || ^22.13.0 || >=24" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@vitejs/plugin-react": { + "version": "4.7.0", + "resolved": "https://registry.npmjs.org/@vitejs/plugin-react/-/plugin-react-4.7.0.tgz", + "integrity": "sha512-gUu9hwfWvvEDBBmgtAowQCojwZmJ5mcLn3aufeCsitijs3+f2NsrPtlAWIR6OPiqljl96GVCUbLe0HyqIpVaoA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/core": "^7.28.0", + "@babel/plugin-transform-react-jsx-self": "^7.27.1", + "@babel/plugin-transform-react-jsx-source": "^7.27.1", + "@rolldown/pluginutils": "1.0.0-beta.27", + "@types/babel__core": "^7.20.5", + "react-refresh": "^0.17.0" + }, + "engines": { + "node": "^14.18.0 || >=16.0.0" + }, + "peerDependencies": { + "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" + } + }, + "node_modules/abort-controller": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz", + "integrity": "sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==", + "license": "MIT", + "dependencies": { + "event-target-shim": "^5.0.0" + }, + "engines": { + "node": ">=6.5" + } + }, + "node_modules/acorn": { + "version": "8.16.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.16.0.tgz", + "integrity": "sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==", + "dev": true, + "license": "MIT", + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-jsx": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", + "dev": true, + "license": "MIT", + "peerDependencies": { + "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" + } + }, + "node_modules/agent-base": { + "version": "7.1.4", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz", + "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 14" + } + }, + "node_modules/ajv": { + "version": "6.14.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz", + "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ansi-colors": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.3.tgz", + "integrity": "sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "license": "MIT", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true, + "license": "Python-2.0" + }, + "node_modules/aria-hidden": { + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/aria-hidden/-/aria-hidden-1.2.6.tgz", + "integrity": "sha512-ik3ZgC9dY/lYVVM++OISsaYDeg1tb0VtP5uL3ouh1koGOaUMDPpbFIei4JkFimWUFPn90sbMNMXQAIVOlnYKJA==", + "license": "MIT", + "dependencies": { + "tslib": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/autoprefixer": { + "version": "10.5.0", + "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.5.0.tgz", + "integrity": "sha512-FMhOoZV4+qR6aTUALKX2rEqGG+oyATvwBt9IIzVR5rMa2HRWPkxf+P+PAJLD1I/H5/II+HuZcBJYEFBpq39ong==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/autoprefixer" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "browserslist": "^4.28.2", + "caniuse-lite": "^1.0.30001787", + "fraction.js": "^5.3.4", + "picocolors": "^1.1.1", + "postcss-value-parser": "^4.2.0" + }, + "bin": { + "autoprefixer": "bin/autoprefixer" + }, + "engines": { + "node": "^10 || ^12 || >=14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true, + "license": "MIT" + }, + "node_modules/baseline-browser-mapping": { + "version": "2.10.20", + "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.20.tgz", + "integrity": "sha512-1AaXxEPfXT+GvTBJFuy4yXVHWJBXa4OdbIebGN/wX5DlsIkU0+wzGnd2lOzokSk51d5LUmqjgBLRLlypLUqInQ==", + "dev": true, + "license": "Apache-2.0", + "bin": { + "baseline-browser-mapping": "dist/cli.cjs" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/brace-expansion": { + "version": "1.1.14", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz", + "integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/browserslist": { + "version": "4.28.2", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.2.tgz", + "integrity": "sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "baseline-browser-mapping": "^2.10.12", + "caniuse-lite": "^1.0.30001782", + "electron-to-chromium": "^1.5.328", + "node-releases": "^2.0.36", + "update-browserslist-db": "^1.2.3" + }, + "bin": { + "browserslist": "cli.js" + }, + "engines": { + "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" + } + }, + "node_modules/callsites": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/camelcase": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/caniuse-lite": { + "version": "1.0.30001788", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001788.tgz", + "integrity": "sha512-6q8HFp+lOQtcf7wBK+uEenxymVWkGKkjFpCvw5W25cmMwEDU45p1xQFBQv8JDlMMry7eNxyBaR+qxgmTUZkIRQ==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "CC-BY-4.0" + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dev": true, + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/change-case": { + "version": "5.4.4", + "resolved": "https://registry.npmjs.org/change-case/-/change-case-5.4.4.tgz", + "integrity": "sha512-HRQyTk2/YPEkt9TnUPbOpr64Uw3KOicFWPVBb+xiHvd6eBx/qPr9xqfBFDT8P2vWsvvz4jbEkfDe71W3VyNu2w==", + "dev": true, + "license": "MIT" + }, + "node_modules/class-variance-authority": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/class-variance-authority/-/class-variance-authority-0.7.1.tgz", + "integrity": "sha512-Ka+9Trutv7G8M6WT6SeiRWz792K5qEqIGEGzXKhAE6xOWAY6pPH8U+9IY3oCMv6kqTmLsv7Xh/2w2RigkePMsg==", + "license": "Apache-2.0", + "dependencies": { + "clsx": "^2.1.1" + }, + "funding": { + "url": "https://polar.sh/cva" + } + }, + "node_modules/cliui": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz", + "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==", + "license": "ISC", + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^6.2.0" + } + }, + "node_modules/clsx": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz", + "integrity": "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "license": "MIT", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "license": "MIT" + }, + "node_modules/colorette": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.4.0.tgz", + "integrity": "sha512-Y2oEozpomLn7Q3HFP7dpww7AtMJplbM9lGZP6RDfHqmbeRjiwRg4n6VM6j4KLmRke85uWEI7JqF17f3pqdRA0g==", + "dev": true, + "license": "MIT" + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "dev": true, + "license": "MIT" + }, + "node_modules/convert-source-map": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==", + "dev": true, + "license": "MIT" + }, + "node_modules/cookie": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz", + "integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/cross-spawn": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", + "dev": true, + "license": "MIT", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/csstype": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz", + "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==", + "devOptional": true, + "license": "MIT" + }, + "node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "dev": true, + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/decamelize": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", + "integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/deep-is": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/detect-libc": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz", + "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=8" + } + }, + "node_modules/detect-node-es": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/detect-node-es/-/detect-node-es-1.1.0.tgz", + "integrity": "sha512-ypdmJU/TbBby2Dxibuv7ZLW3Bs1QEmM7nHjEANfohJLvE0XVujisn1qPJcZxg+qDucsr+bP6fLD1rPS3AhJ7EQ==", + "license": "MIT" + }, + "node_modules/dijkstrajs": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz", + "integrity": "sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==", + "license": "MIT" + }, + "node_modules/electron-to-chromium": { + "version": "1.5.340", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.340.tgz", + "integrity": "sha512-908qahOGocRMinT2nM3ajCEM99H4iPdv84eagPP3FfZy/1ZGeOy2CZYzjhms81ckOPCXPlW7LkY4XpxD8r1DrA==", + "dev": true, + "license": "ISC" + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "license": "MIT" + }, + "node_modules/enhanced-resolve": { + "version": "5.20.1", + "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.20.1.tgz", + "integrity": "sha512-Qohcme7V1inbAfvjItgw0EaxVX5q2rdVEZHRBrEQdRZTssLDGsL8Lwrznl8oQ/6kuTJONLaDcGjkNP247XEhcA==", + "dev": true, + "license": "MIT", + "dependencies": { + "graceful-fs": "^4.2.4", + "tapable": "^2.3.0" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/esbuild": { + "version": "0.27.7", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.7.tgz", + "integrity": "sha512-IxpibTjyVnmrIQo5aqNpCgoACA/dTKLTlhMHihVHhdkxKyPO1uBBthumT0rdHmcsk9uMonIWS0m4FljWzILh3w==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "bin": { + "esbuild": "bin/esbuild" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "@esbuild/aix-ppc64": "0.27.7", + "@esbuild/android-arm": "0.27.7", + "@esbuild/android-arm64": "0.27.7", + "@esbuild/android-x64": "0.27.7", + "@esbuild/darwin-arm64": "0.27.7", + "@esbuild/darwin-x64": "0.27.7", + "@esbuild/freebsd-arm64": "0.27.7", + "@esbuild/freebsd-x64": "0.27.7", + "@esbuild/linux-arm": "0.27.7", + "@esbuild/linux-arm64": "0.27.7", + "@esbuild/linux-ia32": "0.27.7", + "@esbuild/linux-loong64": "0.27.7", + "@esbuild/linux-mips64el": "0.27.7", + "@esbuild/linux-ppc64": "0.27.7", + "@esbuild/linux-riscv64": "0.27.7", + "@esbuild/linux-s390x": "0.27.7", + "@esbuild/linux-x64": "0.27.7", + "@esbuild/netbsd-arm64": "0.27.7", + "@esbuild/netbsd-x64": "0.27.7", + "@esbuild/openbsd-arm64": "0.27.7", + "@esbuild/openbsd-x64": "0.27.7", + "@esbuild/openharmony-arm64": "0.27.7", + "@esbuild/sunos-x64": "0.27.7", + "@esbuild/win32-arm64": "0.27.7", + "@esbuild/win32-ia32": "0.27.7", + "@esbuild/win32-x64": "0.27.7" + } + }, + "node_modules/escalade": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", + "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint": { + "version": "9.39.4", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.4.tgz", + "integrity": "sha512-XoMjdBOwe/esVgEvLmNsD3IRHkm7fbKIUGvrleloJXUZgDHig2IPWNniv+GwjyJXzuNqVjlr5+4yVUZjycJwfQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@eslint-community/eslint-utils": "^4.8.0", + "@eslint-community/regexpp": "^4.12.1", + "@eslint/config-array": "^0.21.2", + "@eslint/config-helpers": "^0.4.2", + "@eslint/core": "^0.17.0", + "@eslint/eslintrc": "^3.3.5", + "@eslint/js": "9.39.4", + "@eslint/plugin-kit": "^0.4.1", + "@humanfs/node": "^0.16.6", + "@humanwhocodes/module-importer": "^1.0.1", + "@humanwhocodes/retry": "^0.4.2", + "@types/estree": "^1.0.6", + "ajv": "^6.14.0", + "chalk": "^4.0.0", + "cross-spawn": "^7.0.6", + "debug": "^4.3.2", + "escape-string-regexp": "^4.0.0", + "eslint-scope": "^8.4.0", + "eslint-visitor-keys": "^4.2.1", + "espree": "^10.4.0", + "esquery": "^1.5.0", + "esutils": "^2.0.2", + "fast-deep-equal": "^3.1.3", + "file-entry-cache": "^8.0.0", + "find-up": "^5.0.0", + "glob-parent": "^6.0.2", + "ignore": "^5.2.0", + "imurmurhash": "^0.1.4", + "is-glob": "^4.0.0", + "json-stable-stringify-without-jsonify": "^1.0.1", + "lodash.merge": "^4.6.2", + "minimatch": "^3.1.5", + "natural-compare": "^1.4.0", + "optionator": "^0.9.3" + }, + "bin": { + "eslint": "bin/eslint.js" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://eslint.org/donate" + }, + "peerDependencies": { + "jiti": "*" + }, + "peerDependenciesMeta": { + "jiti": { + "optional": true + } + } + }, + "node_modules/eslint-plugin-react-hooks": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-5.2.0.tgz", + "integrity": "sha512-+f15FfK64YQwZdJNELETdn5ibXEUQmW1DZL6KXhNnc2heoy/sg9VJJeT7n8TlMWouzWqSWavFkIhHyIbIAEapg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0" + } + }, + "node_modules/eslint-plugin-react-refresh": { + "version": "0.4.26", + "resolved": "https://registry.npmjs.org/eslint-plugin-react-refresh/-/eslint-plugin-react-refresh-0.4.26.tgz", + "integrity": "sha512-1RETEylht2O6FM/MvgnyvT+8K21wLqDNg4qD51Zj3guhjt433XbnnkVttHMyaVyAFD03QSV4LPS5iE3VQmO7XQ==", + "dev": true, + "license": "MIT", + "peerDependencies": { + "eslint": ">=8.40" + } + }, + "node_modules/eslint-scope": { + "version": "8.4.0", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.4.0.tgz", + "integrity": "sha512-sNXOfKCn74rt8RICKMvJS7XKV/Xk9kA7DyJr8mJik3S7Cwgy3qlkkmyS2uQB3jiJg6VNdZd/pDBJu0nvG2NlTg==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^5.2.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint-visitor-keys": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.1.tgz", + "integrity": "sha512-Uhdk5sfqcee/9H/rCOJikYz67o0a2Tw2hGRPOG2Y1R2dg7brRe1uG0yaNQDHu+TO/uQPF/5eCapvYSmHUjt7JQ==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/espree": { + "version": "10.4.0", + "resolved": "https://registry.npmjs.org/espree/-/espree-10.4.0.tgz", + "integrity": "sha512-j6PAQ2uUr79PZhBjP5C5fhl8e39FmRnOjsD5lGnWrFU8i2G776tBK7+nP8KuQUTTyAZUwfQqXAgrVH5MbH9CYQ==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "acorn": "^8.15.0", + "acorn-jsx": "^5.3.2", + "eslint-visitor-keys": "^4.2.1" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/esquery": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.7.0.tgz", + "integrity": "sha512-Ap6G0WQwcU/LHsvLwON1fAQX9Zp0A2Y6Y/cJBl9r/JbW90Zyg4/zbG6zzKa2OTALELarYHmKu0GhpM5EO+7T0g==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "estraverse": "^5.1.0" + }, + "engines": { + "node": ">=0.10" + } + }, + "node_modules/esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "estraverse": "^5.2.0" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "dev": true, + "license": "BSD-2-Clause", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "dev": true, + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/event-target-shim": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz", + "integrity": "sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/eventsource": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-2.0.2.tgz", + "integrity": "sha512-IzUmBGPR3+oUG9dUeXynyNmf91/3zUSJg1lCktzKw47OXuhco54U3r9B7O4XX+Rb1Itm9OZ2b0RkTs10bICOxA==", + "license": "MIT", + "engines": { + "node": ">=12.0.0" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "dev": true, + "license": "MIT" + }, + "node_modules/fast-json-stable-stringify": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==", + "dev": true, + "license": "MIT" + }, + "node_modules/fast-levenshtein": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==", + "dev": true, + "license": "MIT" + }, + "node_modules/fdir": { + "version": "6.5.0", + "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz", + "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "picomatch": "^3 || ^4" + }, + "peerDependenciesMeta": { + "picomatch": { + "optional": true + } + } + }, + "node_modules/fetch-cookie": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/fetch-cookie/-/fetch-cookie-2.2.0.tgz", + "integrity": "sha512-h9AgfjURuCgA2+2ISl8GbavpUdR+WGAM2McW/ovn4tVccegp8ZqCKWSBR8uRdM8dDNlx5WdKRWxBYUwteLDCNQ==", + "license": "Unlicense", + "dependencies": { + "set-cookie-parser": "^2.4.8", + "tough-cookie": "^4.0.0" + } + }, + "node_modules/file-entry-cache": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-8.0.0.tgz", + "integrity": "sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "flat-cache": "^4.0.0" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, + "license": "MIT", + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/flat-cache": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-4.0.1.tgz", + "integrity": "sha512-f7ccFPK3SXFHpx15UIGyRJ/FJQctuKZ0zVuN3frBo4HnK3cay9VEW0R6yPYFHC0AgqhukPzKjq22t5DmAyqGyw==", + "dev": true, + "license": "MIT", + "dependencies": { + "flatted": "^3.2.9", + "keyv": "^4.5.4" + }, + "engines": { + "node": ">=16" + } + }, + "node_modules/flatted": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz", + "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==", + "dev": true, + "license": "ISC" + }, + "node_modules/fraction.js": { + "version": "5.3.4", + "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-5.3.4.tgz", + "integrity": "sha512-1X1NTtiJphryn/uLQz3whtY6jK3fTqoE3ohKs0tT+Ujr1W59oopxmoEh7Lu5p6vBaPbgoM0bzveAW4Qi5RyWDQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": "*" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/rawify" + } + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/gensync": { + "version": "1.0.0-beta.2", + "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "license": "ISC", + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, + "node_modules/get-nonce": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-nonce/-/get-nonce-1.0.1.tgz", + "integrity": "sha512-FJhYRoDaiatfEkUK8HKlicmu/3SGFD51q3itKDGoSTysQJBnfOcxU5GxnhE1E6soB76MbT0MBtnKJuXyAx+96Q==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/glob-parent": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "dev": true, + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/globals": { + "version": "15.15.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-15.15.0.tgz", + "integrity": "sha512-7ACyT3wmyp3I61S4fG682L0VA2RGD9otkqGJIwNUMF1SWUombIIk+af1unuDYgMm082aHYwD+mzJvv9Iu8dsgg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", + "dev": true, + "license": "ISC" + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/https-proxy-agent": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz", + "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==", + "dev": true, + "license": "MIT", + "dependencies": { + "agent-base": "^7.1.2", + "debug": "4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/ignore": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", + "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/import-fresh": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.1.tgz", + "integrity": "sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "parent-module": "^1.0.0", + "resolve-from": "^4.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/imurmurhash": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.8.19" + } + }, + "node_modules/index-to-position": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/index-to-position/-/index-to-position-1.2.0.tgz", + "integrity": "sha512-Yg7+ztRkqslMAS2iFaU+Oa4KTSidr63OsFGlOrJoW981kIYO3CGCS3wA95P1mUi/IVSJkn0D479KTJpVpvFNuw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "dev": true, + "license": "ISC" + }, + "node_modules/jiti": { + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.6.1.tgz", + "integrity": "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ==", + "dev": true, + "license": "MIT", + "bin": { + "jiti": "lib/jiti-cli.mjs" + } + }, + "node_modules/js-levenshtein": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/js-levenshtein/-/js-levenshtein-1.1.6.tgz", + "integrity": "sha512-X2BB11YZtrRqY4EnQcLX5Rh373zbK4alC1FW7D7MBhL2gtcC17cTnr6DmfHZeS0s2rTHjUTMMHfG7gO8SSdw+g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/js-yaml": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", + "dev": true, + "license": "MIT", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/jsesc": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.1.0.tgz", + "integrity": "sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==", + "dev": true, + "license": "MIT", + "bin": { + "jsesc": "bin/jsesc" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/json-buffer": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "dev": true, + "license": "MIT" + }, + "node_modules/json-stable-stringify-without-jsonify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==", + "dev": true, + "license": "MIT" + }, + "node_modules/json5": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", + "dev": true, + "license": "MIT", + "bin": { + "json5": "lib/cli.js" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/keyv": { + "version": "4.5.4", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==", + "dev": true, + "license": "MIT", + "dependencies": { + "json-buffer": "3.0.1" + } + }, + "node_modules/levn": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "prelude-ls": "^1.2.1", + "type-check": "~0.4.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/lightningcss": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss/-/lightningcss-1.32.0.tgz", + "integrity": "sha512-NXYBzinNrblfraPGyrbPoD19C1h9lfI/1mzgWYvXUTe414Gz/X1FD2XBZSZM7rRTrMA8JL3OtAaGifrIKhQ5yQ==", + "dev": true, + "license": "MPL-2.0", + "dependencies": { + "detect-libc": "^2.0.3" + }, + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + }, + "optionalDependencies": { + "lightningcss-android-arm64": "1.32.0", + "lightningcss-darwin-arm64": "1.32.0", + "lightningcss-darwin-x64": "1.32.0", + "lightningcss-freebsd-x64": "1.32.0", + "lightningcss-linux-arm-gnueabihf": "1.32.0", + "lightningcss-linux-arm64-gnu": "1.32.0", + "lightningcss-linux-arm64-musl": "1.32.0", + "lightningcss-linux-x64-gnu": "1.32.0", + "lightningcss-linux-x64-musl": "1.32.0", + "lightningcss-win32-arm64-msvc": "1.32.0", + "lightningcss-win32-x64-msvc": "1.32.0" + } + }, + "node_modules/lightningcss-android-arm64": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss-android-arm64/-/lightningcss-android-arm64-1.32.0.tgz", + "integrity": "sha512-YK7/ClTt4kAK0vo6w3X+Pnm0D2cf2vPHbhOXdoNti1Ga0al1P4TBZhwjATvjNwLEBCnKvjJc2jQgHXH0NEwlAg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-darwin-arm64": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss-darwin-arm64/-/lightningcss-darwin-arm64-1.32.0.tgz", + "integrity": "sha512-RzeG9Ju5bag2Bv1/lwlVJvBE3q6TtXskdZLLCyfg5pt+HLz9BqlICO7LZM7VHNTTn/5PRhHFBSjk5lc4cmscPQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-darwin-x64": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss-darwin-x64/-/lightningcss-darwin-x64-1.32.0.tgz", + "integrity": "sha512-U+QsBp2m/s2wqpUYT/6wnlagdZbtZdndSmut/NJqlCcMLTWp5muCrID+K5UJ6jqD2BFshejCYXniPDbNh73V8w==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-freebsd-x64": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss-freebsd-x64/-/lightningcss-freebsd-x64-1.32.0.tgz", + "integrity": "sha512-JCTigedEksZk3tHTTthnMdVfGf61Fky8Ji2E4YjUTEQX14xiy/lTzXnu1vwiZe3bYe0q+SpsSH/CTeDXK6WHig==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-arm-gnueabihf": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss-linux-arm-gnueabihf/-/lightningcss-linux-arm-gnueabihf-1.32.0.tgz", + "integrity": "sha512-x6rnnpRa2GL0zQOkt6rts3YDPzduLpWvwAF6EMhXFVZXD4tPrBkEFqzGowzCsIWsPjqSK+tyNEODUBXeeVHSkw==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-arm64-gnu": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-gnu/-/lightningcss-linux-arm64-gnu-1.32.0.tgz", + "integrity": "sha512-0nnMyoyOLRJXfbMOilaSRcLH3Jw5z9HDNGfT/gwCPgaDjnx0i8w7vBzFLFR1f6CMLKF8gVbebmkUN3fa/kQJpQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-arm64-musl": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-musl/-/lightningcss-linux-arm64-musl-1.32.0.tgz", + "integrity": "sha512-UpQkoenr4UJEzgVIYpI80lDFvRmPVg6oqboNHfoH4CQIfNA+HOrZ7Mo7KZP02dC6LjghPQJeBsvXhJod/wnIBg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-x64-gnu": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss-linux-x64-gnu/-/lightningcss-linux-x64-gnu-1.32.0.tgz", + "integrity": "sha512-V7Qr52IhZmdKPVr+Vtw8o+WLsQJYCTd8loIfpDaMRWGUZfBOYEJeyJIkqGIDMZPwPx24pUMfwSxxI8phr/MbOA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-x64-musl": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss-linux-x64-musl/-/lightningcss-linux-x64-musl-1.32.0.tgz", + "integrity": "sha512-bYcLp+Vb0awsiXg/80uCRezCYHNg1/l3mt0gzHnWV9XP1W5sKa5/TCdGWaR/zBM2PeF/HbsQv/j2URNOiVuxWg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-win32-arm64-msvc": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss-win32-arm64-msvc/-/lightningcss-win32-arm64-msvc-1.32.0.tgz", + "integrity": "sha512-8SbC8BR40pS6baCM8sbtYDSwEVQd4JlFTOlaD3gWGHfThTcABnNDBda6eTZeqbofalIJhFx0qKzgHJmcPTnGdw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-win32-x64-msvc": { + "version": "1.32.0", + "resolved": "https://registry.npmjs.org/lightningcss-win32-x64-msvc/-/lightningcss-win32-x64-msvc-1.32.0.tgz", + "integrity": "sha512-Amq9B/SoZYdDi1kFrojnoqPLxYhQ4Wo5XiL8EVJrVsB8ARoC1PWW6VGtT0WKCemjy8aC+louJnjS7U18x3b06Q==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lodash.merge": { + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/lru-cache": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", + "dev": true, + "license": "ISC", + "dependencies": { + "yallist": "^3.0.2" + } + }, + "node_modules/lucide-react": { + "version": "0.475.0", + "resolved": "https://registry.npmjs.org/lucide-react/-/lucide-react-0.475.0.tgz", + "integrity": "sha512-NJzvVu1HwFVeZ+Gwq2q00KygM1aBhy/ZrhY9FsAgJtpB+E4R7uxRk9M2iKvHa6/vNxZydIB59htha4c2vvwvVg==", + "license": "ISC", + "peerDependencies": { + "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" + } + }, + "node_modules/magic-string": { + "version": "0.30.21", + "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz", + "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.5" + } + }, + "node_modules/minimatch": { + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz", + "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true, + "license": "MIT" + }, + "node_modules/nanoid": { + "version": "3.3.11", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", + "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/natural-compare": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==", + "dev": true, + "license": "MIT" + }, + "node_modules/node-fetch": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", + "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", + "license": "MIT", + "dependencies": { + "whatwg-url": "^5.0.0" + }, + "engines": { + "node": "4.x || >=6.0.0" + }, + "peerDependencies": { + "encoding": "^0.1.0" + }, + "peerDependenciesMeta": { + "encoding": { + "optional": true + } + } + }, + "node_modules/node-releases": { + "version": "2.0.37", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.37.tgz", + "integrity": "sha512-1h5gKZCF+pO/o3Iqt5Jp7wc9rH3eJJ0+nh/CIoiRwjRxde/hAHyLPXYN4V3CqKAbiZPSeJFSWHmJsbkicta0Eg==", + "dev": true, + "license": "MIT" + }, + "node_modules/openapi-typescript": { + "version": "7.13.0", + "resolved": "https://registry.npmjs.org/openapi-typescript/-/openapi-typescript-7.13.0.tgz", + "integrity": "sha512-EFP392gcqXS7ntPvbhBzbF8TyBA+baIYEm791Hy5YkjDYKTnk/Tn5OQeKm5BIZvJihpp8Zzr4hzx0Irde1LNGQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@redocly/openapi-core": "^1.34.6", + "ansi-colors": "^4.1.3", + "change-case": "^5.4.4", + "parse-json": "^8.3.0", + "supports-color": "^10.2.2", + "yargs-parser": "^21.1.1" + }, + "bin": { + "openapi-typescript": "bin/cli.js" + }, + "peerDependencies": { + "typescript": "^5.x" + } + }, + "node_modules/openapi-typescript/node_modules/supports-color": { + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-10.2.2.tgz", + "integrity": "sha512-SS+jx45GF1QjgEXQx4NJZV9ImqmO2NPz5FNsIHrsDjh2YsHnawpan7SNQ1o8NuhrbHZy9AZhIoCUiCeaW/C80g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/optionator": { + "version": "0.9.4", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz", + "integrity": "sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==", + "dev": true, + "license": "MIT", + "dependencies": { + "deep-is": "^0.1.3", + "fast-levenshtein": "^2.0.6", + "levn": "^0.4.1", + "prelude-ls": "^1.2.1", + "type-check": "^0.4.0", + "word-wrap": "^1.2.5" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/parent-module": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", + "dev": true, + "license": "MIT", + "dependencies": { + "callsites": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/parse-json": { + "version": "8.3.0", + "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-8.3.0.tgz", + "integrity": "sha512-ybiGyvspI+fAoRQbIPRddCcSTV9/LsJbf0e/S85VLowVGzRmokfneg2kwVW/KU5rOXrPSbF1qAKPMgNTqqROQQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.26.2", + "index-to-position": "^1.1.0", + "type-fest": "^4.39.1" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "dev": true, + "license": "ISC" + }, + "node_modules/picomatch": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz", + "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/playwright": { + "version": "1.60.0", + "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.60.0.tgz", + "integrity": "sha512-hheHdokM8cdqCb0lcE3s+zT4t4W+vvjpGxsZlDnikarzx8tSzMebh3UiFtgqwFwnTnjYQcsyMF8ei2mCO/tpeA==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "playwright-core": "1.60.0" + }, + "bin": { + "playwright": "cli.js" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "fsevents": "2.3.2" + } + }, + "node_modules/playwright-core": { + "version": "1.60.0", + "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.60.0.tgz", + "integrity": "sha512-9bW6zvX/m0lEbgTKJ6YppOKx8H3VOPBMOCFh2irXFOT4BbHgrx5hPjwJYLT40Lu+4qtD36qKc/Hn56StUW57IA==", + "dev": true, + "license": "Apache-2.0", + "bin": { + "playwright-core": "cli.js" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/playwright/node_modules/fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/pluralize": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "integrity": "sha512-Nc3IT5yHzflTfbjgqWcCPpo7DaKy4FnpB0l/zCAW0Tc7jxAiuqSxHasntB3D7887LSrA93kDJ9IXovxJYxyLCA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/pngjs": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz", + "integrity": "sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==", + "license": "MIT", + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/postcss": { + "version": "8.5.10", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.10.tgz", + "integrity": "sha512-pMMHxBOZKFU6HgAZ4eyGnwXF/EvPGGqUr0MnZ5+99485wwW41kW91A4LOGxSHhgugZmSChL5AlElNdwlNgcnLQ==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "nanoid": "^3.3.11", + "picocolors": "^1.1.1", + "source-map-js": "^1.2.1" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/postcss-value-parser": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/prelude-ls": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/psl": { + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/psl/-/psl-1.15.0.tgz", + "integrity": "sha512-JZd3gMVBAVQkSs6HdNZo9Sdo0LNcQeMNP3CozBJb3JYC/QUYZTnKxP+f8oWRX4rHP5EurWxqAHTSwUCjlNKa1w==", + "license": "MIT", + "dependencies": { + "punycode": "^2.3.1" + }, + "funding": { + "url": "https://github.com/sponsors/lupomontero" + } + }, + "node_modules/punycode": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/qrcode": { + "version": "1.5.4", + "resolved": "https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz", + "integrity": "sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg==", + "license": "MIT", + "dependencies": { + "dijkstrajs": "^1.0.1", + "pngjs": "^5.0.0", + "yargs": "^15.3.1" + }, + "bin": { + "qrcode": "bin/qrcode" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/querystringify": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz", + "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==", + "license": "MIT" + }, + "node_modules/react": { + "version": "19.2.5", + "resolved": "https://registry.npmjs.org/react/-/react-19.2.5.tgz", + "integrity": "sha512-llUJLzz1zTUBrskt2pwZgLq59AemifIftw4aB7JxOqf1HY2FDaGDxgwpAPVzHU1kdWabH7FauP4i1oEeer2WCA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-dom": { + "version": "19.2.5", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.5.tgz", + "integrity": "sha512-J5bAZz+DXMMwW/wV3xzKke59Af6CHY7G4uYLN1OvBcKEsWOs4pQExj86BBKamxl/Ik5bx9whOrvBlSDfWzgSag==", + "license": "MIT", + "dependencies": { + "scheduler": "^0.27.0" + }, + "peerDependencies": { + "react": "^19.2.5" + } + }, + "node_modules/react-hook-form": { + "version": "7.72.1", + "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.72.1.tgz", + "integrity": "sha512-RhwBoy2ygeVZje+C+bwJ8g0NjTdBmDlJvAUHTxRjTmSUKPYsKfMphkS2sgEMotsY03bP358yEYlnUeZy//D9Ig==", + "license": "MIT", + "engines": { + "node": ">=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/react-hook-form" + }, + "peerDependencies": { + "react": "^16.8.0 || ^17 || ^18 || ^19" + } + }, + "node_modules/react-refresh": { + "version": "0.17.0", + "resolved": "https://registry.npmjs.org/react-refresh/-/react-refresh-0.17.0.tgz", + "integrity": "sha512-z6F7K9bV85EfseRCp2bzrpyQ0Gkw1uLoCel9XBVWPg/TjRj94SkJzUTGfOa4bs7iJvBWtQG0Wq7wnI0syw3EBQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-remove-scroll": { + "version": "2.7.2", + "resolved": "https://registry.npmjs.org/react-remove-scroll/-/react-remove-scroll-2.7.2.tgz", + "integrity": "sha512-Iqb9NjCCTt6Hf+vOdNIZGdTiH1QSqr27H/Ek9sv/a97gfueI/5h1s3yRi1nngzMUaOOToin5dI1dXKdXiF+u0Q==", + "license": "MIT", + "dependencies": { + "react-remove-scroll-bar": "^2.3.7", + "react-style-singleton": "^2.2.3", + "tslib": "^2.1.0", + "use-callback-ref": "^1.3.3", + "use-sidecar": "^1.1.3" + }, + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/react-remove-scroll-bar": { + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/react-remove-scroll-bar/-/react-remove-scroll-bar-2.3.8.tgz", + "integrity": "sha512-9r+yi9+mgU33AKcj6IbT9oRCO78WriSj6t/cF8DWBZJ9aOGPOTEDvdUDz1FwKim7QXWwmHqtdHnRJfhAxEG46Q==", + "license": "MIT", + "dependencies": { + "react-style-singleton": "^2.2.2", + "tslib": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/react-router": { + "version": "7.14.1", + "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.14.1.tgz", + "integrity": "sha512-5BCvFskyAAVumqhEKh/iPhLOIkfxcEUz8WqFIARCkMg8hZZzDYX9CtwxXA0e+qT8zAxmMC0x3Ckb9iMONwc5jg==", + "license": "MIT", + "dependencies": { + "cookie": "^1.0.1", + "set-cookie-parser": "^2.6.0" + }, + "engines": { + "node": ">=20.0.0" + }, + "peerDependencies": { + "react": ">=18", + "react-dom": ">=18" + }, + "peerDependenciesMeta": { + "react-dom": { + "optional": true + } + } + }, + "node_modules/react-router-dom": { + "version": "7.14.1", + "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.14.1.tgz", + "integrity": "sha512-ZkrQuwwhGibjQLqH1eCdyiZyLWglPxzxdl5tgwgKEyCSGC76vmAjleGocRe3J/MLfzMUIKwaFJWpFVJhK3d2xA==", + "license": "MIT", + "dependencies": { + "react-router": "7.14.1" + }, + "engines": { + "node": ">=20.0.0" + }, + "peerDependencies": { + "react": ">=18", + "react-dom": ">=18" + } + }, + "node_modules/react-style-singleton": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/react-style-singleton/-/react-style-singleton-2.2.3.tgz", + "integrity": "sha512-b6jSvxvVnyptAiLjbkWLE/lOnR4lfTtDAl+eUC7RZy+QQWc6wRzIV2CE6xBuMmDxc2qIihtDCZD5NPOFl7fRBQ==", + "license": "MIT", + "dependencies": { + "get-nonce": "^1.0.0", + "tslib": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/require-main-filename": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", + "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==", + "license": "ISC" + }, + "node_modules/requires-port": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", + "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==", + "license": "MIT" + }, + "node_modules/resolve-from": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/rollup": { + "version": "4.60.2", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.60.2.tgz", + "integrity": "sha512-J9qZyW++QK/09NyN/zeO0dG/1GdGfyp9lV8ajHnRVLfo/uFsbji5mHnDgn/qYdUHyCkM2N+8VyspgZclfAh0eQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "1.0.8" + }, + "bin": { + "rollup": "dist/bin/rollup" + }, + "engines": { + "node": ">=18.0.0", + "npm": ">=8.0.0" + }, + "optionalDependencies": { + "@rollup/rollup-android-arm-eabi": "4.60.2", + "@rollup/rollup-android-arm64": "4.60.2", + "@rollup/rollup-darwin-arm64": "4.60.2", + "@rollup/rollup-darwin-x64": "4.60.2", + "@rollup/rollup-freebsd-arm64": "4.60.2", + "@rollup/rollup-freebsd-x64": "4.60.2", + "@rollup/rollup-linux-arm-gnueabihf": "4.60.2", + "@rollup/rollup-linux-arm-musleabihf": "4.60.2", + "@rollup/rollup-linux-arm64-gnu": "4.60.2", + "@rollup/rollup-linux-arm64-musl": "4.60.2", + "@rollup/rollup-linux-loong64-gnu": "4.60.2", + "@rollup/rollup-linux-loong64-musl": "4.60.2", + "@rollup/rollup-linux-ppc64-gnu": "4.60.2", + "@rollup/rollup-linux-ppc64-musl": "4.60.2", + "@rollup/rollup-linux-riscv64-gnu": "4.60.2", + "@rollup/rollup-linux-riscv64-musl": "4.60.2", + "@rollup/rollup-linux-s390x-gnu": "4.60.2", + "@rollup/rollup-linux-x64-gnu": "4.60.2", + "@rollup/rollup-linux-x64-musl": "4.60.2", + "@rollup/rollup-openbsd-x64": "4.60.2", + "@rollup/rollup-openharmony-arm64": "4.60.2", + "@rollup/rollup-win32-arm64-msvc": "4.60.2", + "@rollup/rollup-win32-ia32-msvc": "4.60.2", + "@rollup/rollup-win32-x64-gnu": "4.60.2", + "@rollup/rollup-win32-x64-msvc": "4.60.2", + "fsevents": "~2.3.2" + } + }, + "node_modules/scheduler": { + "version": "0.27.0", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.27.0.tgz", + "integrity": "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q==", + "license": "MIT" + }, + "node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "dev": true, + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/set-blocking": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", + "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==", + "license": "ISC" + }, + "node_modules/set-cookie-parser": { + "version": "2.7.2", + "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.2.tgz", + "integrity": "sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw==", + "license": "MIT" + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dev": true, + "license": "MIT", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/sonner": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/sonner/-/sonner-2.0.7.tgz", + "integrity": "sha512-W6ZN4p58k8aDKA4XPcx2hpIQXBRAgyiWVkYhT7CvK6D3iAu7xjvVyhQHg2/iaKJZ1XVJ4r7XuwGL+WGEK37i9w==", + "license": "MIT", + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0 || ^19.0.0-rc", + "react-dom": "^18.0.0 || ^19.0.0 || ^19.0.0-rc" + } + }, + "node_modules/source-map-js": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", + "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/tailwind-merge": { + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/tailwind-merge/-/tailwind-merge-3.5.0.tgz", + "integrity": "sha512-I8K9wewnVDkL1NTGoqWmVEIlUcB9gFriAEkXkfCjX5ib8ezGxtR3xD7iZIxrfArjEsH7F1CHD4RFUtxefdqV/A==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/dcastil" + } + }, + "node_modules/tailwindcss": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.2.2.tgz", + "integrity": "sha512-KWBIxs1Xb6NoLdMVqhbhgwZf2PGBpPEiwOqgI4pFIYbNTfBXiKYyWoTsXgBQ9WFg/OlhnvHaY+AEpW7wSmFo2Q==", + "dev": true, + "license": "MIT" + }, + "node_modules/tapable": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.3.2.tgz", + "integrity": "sha512-1MOpMXuhGzGL5TTCZFItxCc0AARf1EZFQkGqMm7ERKj8+Hgr5oLvJOVFcC+lRmR8hCe2S3jC4T5D7Vg/d7/fhA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/tinyglobby": { + "version": "0.2.16", + "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz", + "integrity": "sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==", + "dev": true, + "license": "MIT", + "dependencies": { + "fdir": "^6.5.0", + "picomatch": "^4.0.4" + }, + "engines": { + "node": ">=12.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/SuperchupuDev" + } + }, + "node_modules/tough-cookie": { + "version": "4.1.4", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.4.tgz", + "integrity": "sha512-Loo5UUvLD9ScZ6jh8beX1T6sO1w2/MpCRpEP7V280GKMVUQ0Jzar2U3UJPsrdbziLEMMhu3Ujnq//rhiFuIeag==", + "license": "BSD-3-Clause", + "dependencies": { + "psl": "^1.1.33", + "punycode": "^2.1.1", + "universalify": "^0.2.0", + "url-parse": "^1.5.3" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/tr46": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==", + "license": "MIT" + }, + "node_modules/ts-api-utils": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.5.0.tgz", + "integrity": "sha512-OJ/ibxhPlqrMM0UiNHJ/0CKQkoKF243/AEmplt3qpRgkW8VG7IfOS41h7V8TjITqdByHzrjcS/2si+y4lIh8NA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18.12" + }, + "peerDependencies": { + "typescript": ">=4.8.4" + } + }, + "node_modules/tslib": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "license": "0BSD" + }, + "node_modules/type-check": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==", + "dev": true, + "license": "MIT", + "dependencies": { + "prelude-ls": "^1.2.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/type-fest": { + "version": "4.41.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.41.0.tgz", + "integrity": "sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA==", + "dev": true, + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/typescript": { + "version": "5.9.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz", + "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", + "dev": true, + "license": "Apache-2.0", + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/typescript-eslint": { + "version": "8.58.2", + "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.58.2.tgz", + "integrity": "sha512-V8iSng9mRbdZjl54VJ9NKr6ZB+dW0J3TzRXRGcSbLIej9jV86ZRtlYeTKDR/QLxXykocJ5icNzbsl2+5TzIvcQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/eslint-plugin": "8.58.2", + "@typescript-eslint/parser": "8.58.2", + "@typescript-eslint/typescript-estree": "8.58.2", + "@typescript-eslint/utils": "8.58.2" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", + "typescript": ">=4.8.4 <6.1.0" + } + }, + "node_modules/undici-types": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", + "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==", + "license": "MIT" + }, + "node_modules/universalify": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz", + "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==", + "license": "MIT", + "engines": { + "node": ">= 4.0.0" + } + }, + "node_modules/update-browserslist-db": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz", + "integrity": "sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "escalade": "^3.2.0", + "picocolors": "^1.1.1" + }, + "bin": { + "update-browserslist-db": "cli.js" + }, + "peerDependencies": { + "browserslist": ">= 4.21.0" + } + }, + "node_modules/uri-js": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "punycode": "^2.1.0" + } + }, + "node_modules/uri-js-replace": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/uri-js-replace/-/uri-js-replace-1.0.1.tgz", + "integrity": "sha512-W+C9NWNLFOoBI2QWDp4UT9pv65r2w5Cx+3sTYFvtMdDBxkKt1syCqsUdSFAChbEe1uK5TfS04wt/nGwmaeIQ0g==", + "dev": true, + "license": "MIT" + }, + "node_modules/url-parse": { + "version": "1.5.10", + "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", + "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", + "license": "MIT", + "dependencies": { + "querystringify": "^2.1.1", + "requires-port": "^1.0.0" + } + }, + "node_modules/use-callback-ref": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/use-callback-ref/-/use-callback-ref-1.3.3.tgz", + "integrity": "sha512-jQL3lRnocaFtu3V00JToYz/4QkNWswxijDaCVNZRiRTO3HQDLsdu1ZtmIUvV4yPp+rvWm5j0y0TG/S61cuijTg==", + "license": "MIT", + "dependencies": { + "tslib": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/use-sidecar": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/use-sidecar/-/use-sidecar-1.1.3.tgz", + "integrity": "sha512-Fedw0aZvkhynoPYlA5WXrMCAMm+nSWdZt6lzJQ7Ok8S6Q+VsHmHpRWndVRJ8Be0ZbkfPc5LRYH+5XrzXcEeLRQ==", + "license": "MIT", + "dependencies": { + "detect-node-es": "^1.1.0", + "tslib": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "@types/react": "*", + "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/vite": { + "version": "7.3.2", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.2.tgz", + "integrity": "sha512-Bby3NOsna2jsjfLVOHKes8sGwgl4TT0E6vvpYgnAYDIF/tie7MRaFthmKuHx1NSXjiTueXH3do80FMQgvEktRg==", + "dev": true, + "license": "MIT", + "dependencies": { + "esbuild": "^0.27.0", + "fdir": "^6.5.0", + "picomatch": "^4.0.3", + "postcss": "^8.5.6", + "rollup": "^4.43.0", + "tinyglobby": "^0.2.15" + }, + "bin": { + "vite": "bin/vite.js" + }, + "engines": { + "node": "^20.19.0 || >=22.12.0" + }, + "funding": { + "url": "https://github.com/vitejs/vite?sponsor=1" + }, + "optionalDependencies": { + "fsevents": "~2.3.3" + }, + "peerDependencies": { + "@types/node": "^20.19.0 || >=22.12.0", + "jiti": ">=1.21.0", + "less": "^4.0.0", + "lightningcss": "^1.21.0", + "sass": "^1.70.0", + "sass-embedded": "^1.70.0", + "stylus": ">=0.54.8", + "sugarss": "^5.0.0", + "terser": "^5.16.0", + "tsx": "^4.8.1", + "yaml": "^2.4.2" + }, + "peerDependenciesMeta": { + "@types/node": { + "optional": true + }, + "jiti": { + "optional": true + }, + "less": { + "optional": true + }, + "lightningcss": { + "optional": true + }, + "sass": { + "optional": true + }, + "sass-embedded": { + "optional": true + }, + "stylus": { + "optional": true + }, + "sugarss": { + "optional": true + }, + "terser": { + "optional": true + }, + "tsx": { + "optional": true + }, + "yaml": { + "optional": true + } + } + }, + "node_modules/webidl-conversions": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==", + "license": "BSD-2-Clause" + }, + "node_modules/whatwg-url": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", + "license": "MIT", + "dependencies": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dev": true, + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/which-module": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz", + "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==", + "license": "ISC" + }, + "node_modules/word-wrap": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz", + "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/wrap-ansi": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/ws": { + "version": "7.5.10", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz", + "integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==", + "license": "MIT", + "engines": { + "node": ">=8.3.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": "^5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } + } + }, + "node_modules/y18n": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz", + "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==", + "license": "ISC" + }, + "node_modules/yallist": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", + "dev": true, + "license": "ISC" + }, + "node_modules/yaml-ast-parser": { + "version": "0.0.43", + "resolved": "https://registry.npmjs.org/yaml-ast-parser/-/yaml-ast-parser-0.0.43.tgz", + "integrity": "sha512-2PTINUwsRqSd+s8XxKaJWQlUuEMHJQyEuh2edBbW8KNJz0SJPwUSD2zRWqezFEdN7IzAgeuYHFUCF7o8zRdZ0A==", + "dev": true, + "license": "Apache-2.0" + }, + "node_modules/yargs": { + "version": "15.4.1", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz", + "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==", + "license": "MIT", + "dependencies": { + "cliui": "^6.0.0", + "decamelize": "^1.2.0", + "find-up": "^4.1.0", + "get-caller-file": "^2.0.1", + "require-directory": "^2.1.1", + "require-main-filename": "^2.0.0", + "set-blocking": "^2.0.0", + "string-width": "^4.2.0", + "which-module": "^2.0.0", + "y18n": "^4.0.0", + "yargs-parser": "^18.1.2" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/yargs-parser": { + "version": "21.1.1", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/yargs/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "license": "MIT", + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/yargs/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "license": "MIT", + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/yargs/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "license": "MIT", + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/yargs/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "license": "MIT", + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/yargs/node_modules/yargs-parser": { + "version": "18.1.3", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz", + "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==", + "license": "ISC", + "dependencies": { + "camelcase": "^5.0.0", + "decamelize": "^1.2.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/zod": { + "version": "3.25.76", + "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz", + "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + } + } +} diff --git a/clients/admin/package.json b/clients/admin/package.json new file mode 100644 index 0000000000..4892bdd187 --- /dev/null +++ b/clients/admin/package.json @@ -0,0 +1,56 @@ +{ + "name": "@fullstackhero/admin", + "private": true, + "version": "0.1.0", + "type": "module", + "scripts": { + "dev": "vite --port 5173", + "build": "tsc -b && vite build", + "preview": "vite preview --port 4173", + "lint": "eslint .", + "test:e2e": "playwright test", + "test:e2e:ui": "playwright test --ui" + }, + "dependencies": { + "@hookform/resolvers": "^3.9.1", + "@microsoft/signalr": "^10.0.0", + "@radix-ui/react-dialog": "^1.1.15", + "@radix-ui/react-dropdown-menu": "^2.1.5", + "@radix-ui/react-label": "^2.1.2", + "@radix-ui/react-slot": "^1.1.2", + "@tanstack/react-query": "^5.66.0", + "@types/qrcode": "^1.5.6", + "class-variance-authority": "^0.7.1", + "clsx": "^2.1.1", + "lucide-react": "^0.475.0", + "qrcode": "^1.5.4", + "react": "^19.0.0", + "react-dom": "^19.0.0", + "react-hook-form": "^7.54.2", + "react-router-dom": "^7.1.5", + "sonner": "^2.0.7", + "tailwind-merge": "^3.0.1", + "zod": "^3.24.2" + }, + "devDependencies": { + "@playwright/test": "^1.60.0", + "@tailwindcss/vite": "^4.0.6", + "@types/node": "^22.13.1", + "@types/react": "^19.0.8", + "@types/react-dom": "^19.0.3", + "@vitejs/plugin-react": "^4.3.4", + "autoprefixer": "^10.4.20", + "eslint": "^9.19.0", + "eslint-plugin-react-hooks": "^5.1.0", + "eslint-plugin-react-refresh": "^0.4.18", + "globals": "^15.14.0", + "openapi-typescript": "^7.6.1", + "tailwindcss": "^4.0.6", + "typescript": "^5.7.3", + "typescript-eslint": "^8.23.0", + "vite": "^7.0.0" + }, + "engines": { + "node": ">=20" + } +} diff --git a/clients/admin/playwright.config.ts b/clients/admin/playwright.config.ts new file mode 100644 index 0000000000..31ecc38abc --- /dev/null +++ b/clients/admin/playwright.config.ts @@ -0,0 +1,30 @@ +import { defineConfig, devices } from "@playwright/test"; + +/** + * Playwright config for the admin app. Mirrors the dashboard's setup — + * tests run against a Vite dev server on port 5173 with API calls + * intercepted via `page.route()`. See clients/admin/tests/ for specs. + */ +export default defineConfig({ + testDir: "./tests", + fullyParallel: true, + forbidOnly: !!process.env.CI, + retries: process.env.CI ? 2 : 0, + workers: process.env.CI ? 2 : undefined, + reporter: process.env.CI ? [["github"], ["html", { open: "never" }]] : "list", + use: { + baseURL: "http://localhost:5173", + trace: "on-first-retry", + actionTimeout: 10_000, + navigationTimeout: 15_000, + }, + projects: [{ name: "chromium", use: { ...devices["Desktop Chrome"] } }], + webServer: { + command: "npm run dev", + url: "http://localhost:5173", + reuseExistingServer: !process.env.CI, + timeout: 60_000, + stdout: "ignore", + stderr: "pipe", + }, +}); diff --git a/clients/admin/public/config.json b/clients/admin/public/config.json new file mode 100644 index 0000000000..82f2ddb547 --- /dev/null +++ b/clients/admin/public/config.json @@ -0,0 +1,5 @@ +{ + "apiBase": "", + "defaultTenant": "root", + "dashboardUrl": "http://localhost:5174" +} diff --git a/clients/admin/public/favicon.svg b/clients/admin/public/favicon.svg new file mode 100644 index 0000000000..9702aa091e --- /dev/null +++ b/clients/admin/public/favicon.svg @@ -0,0 +1,4 @@ + + + + diff --git a/clients/admin/public/logo-fullstackhero.png b/clients/admin/public/logo-fullstackhero.png new file mode 100644 index 0000000000..456a97d0a6 Binary files /dev/null and b/clients/admin/public/logo-fullstackhero.png differ diff --git a/clients/admin/src/App.tsx b/clients/admin/src/App.tsx new file mode 100644 index 0000000000..93f39976ef --- /dev/null +++ b/clients/admin/src/App.tsx @@ -0,0 +1,37 @@ +import { RouterProvider } from "react-router-dom"; +import { QueryClientProvider } from "@tanstack/react-query"; +import { Toaster } from "sonner"; +import { queryClient } from "@/lib/query-client"; +import { AuthProvider } from "@/auth/auth-context"; +import { RealtimeProvider } from "@/realtime/realtime-context"; +import { ThemeProvider } from "@/components/theme/theme-provider"; +import { router } from "@/routes"; + +export function App() { + return ( + + + + + + + + + + + ); +} diff --git a/clients/admin/src/api/audits.ts b/clients/admin/src/api/audits.ts new file mode 100644 index 0000000000..731ae4be66 --- /dev/null +++ b/clients/admin/src/api/audits.ts @@ -0,0 +1,200 @@ +import { apiFetch } from "@/lib/api-client"; +import type { PagedResponse } from "@/lib/api-types"; + +export type AuditEventType = "None" | "EntityChange" | "Security" | "Activity" | "Exception"; + +export type AuditSeverity = + | "None" + | "Trace" + | "Debug" + | "Information" + | "Warning" + | "Error" + | "Critical"; + +export type AuditTag = + | "None" + | "PiiMasked" + | "OutOfQuota" + | "Sampled" + | "RetainedLong" + | "HealthCheck" + | "Authentication" + | "Authorization"; + +export const AUDIT_EVENT_TYPES: AuditEventType[] = [ + "EntityChange", + "Security", + "Activity", + "Exception", +]; + +export const AUDIT_SEVERITIES: AuditSeverity[] = [ + "Trace", + "Debug", + "Information", + "Warning", + "Error", + "Critical", +]; + +export type AuditSummaryDto = { + id: string; + occurredAtUtc: string; + eventType: AuditEventType; + severity: AuditSeverity; + tenantId?: string | null; + userId?: string | null; + userName?: string | null; + traceId?: string | null; + correlationId?: string | null; + requestId?: string | null; + source?: string | null; + tags: AuditTag | number; +}; + +export type AuditDetailDto = AuditSummaryDto & { + receivedAtUtc: string; + spanId?: string | null; + payload: unknown; +}; + +export type AuditSummaryAggregateDto = { + eventsByType: Partial>; + eventsBySeverity: Partial>; + eventsBySource: Record; + eventsByTenant: Record; +}; + +export type ListAuditsParams = { + pageNumber?: number; + pageSize?: number; + sort?: string; + fromUtc?: string; + toUtc?: string; + tenantId?: string; + userId?: string; + eventType?: AuditEventType; + severity?: AuditSeverity; + source?: string; + correlationId?: string; + traceId?: string; + search?: string; +}; + +const ROOT = "/api/v1/audits"; + +// ────────────────────────────────────────────────────────────────────── +// Enum normalization +// +// The server serializes audit enums as INTEGERS by default (System.Text.Json +// has no JsonStringEnumConverter registered for these). The client surface +// types them as string unions, so every code path that does +// `eventType.toUpperCase()` / `severity === "Warning"` would explode at +// runtime. Rather than fix every call site or change the server-side +// contract (which other consumers may also rely on), we normalize at the +// API boundary — one place, one fix. +// +// Index mirrors the C# enum declarations in +// `src/Modules/Auditing/Modules.Auditing.Contracts/AuditEnums.cs`. +// ────────────────────────────────────────────────────────────────────── + +const EVENT_TYPE_BY_INT: readonly AuditEventType[] = [ + "None", + "EntityChange", + "Security", + "Activity", + "Exception", +]; + +const SEVERITY_BY_INT: readonly AuditSeverity[] = [ + "None", + "Trace", + "Debug", + "Information", + "Warning", + "Error", + "Critical", +]; + +function coerceEventType(raw: unknown): AuditEventType { + if (typeof raw === "string") return raw as AuditEventType; + if (typeof raw === "number") return EVENT_TYPE_BY_INT[raw] ?? "None"; + return "None"; +} + +function coerceSeverity(raw: unknown): AuditSeverity { + if (typeof raw === "string") return raw as AuditSeverity; + if (typeof raw === "number") return SEVERITY_BY_INT[raw] ?? "None"; + return "None"; +} + +function normalizeSummary(dto: T): T { + return { + ...dto, + eventType: coerceEventType((dto as { eventType: unknown }).eventType), + severity: coerceSeverity((dto as { severity: unknown }).severity), + }; +} + +export async function listAudits(params: ListAuditsParams = {}): Promise> { + const q = new URLSearchParams(); + q.set("PageNumber", String(params.pageNumber ?? 1)); + q.set("PageSize", String(params.pageSize ?? 25)); + if (params.sort) q.set("Sort", params.sort); + if (params.fromUtc) q.set("FromUtc", params.fromUtc); + if (params.toUtc) q.set("ToUtc", params.toUtc); + if (params.tenantId) q.set("TenantId", params.tenantId); + if (params.userId) q.set("UserId", params.userId); + if (params.eventType) q.set("EventType", params.eventType); + if (params.severity) q.set("Severity", params.severity); + if (params.source) q.set("Source", params.source); + if (params.correlationId) q.set("CorrelationId", params.correlationId); + if (params.traceId) q.set("TraceId", params.traceId); + if (params.search?.trim()) q.set("Search", params.search.trim()); + const page = await apiFetch>(`${ROOT}/?${q.toString()}`); + return { ...page, items: page.items.map(normalizeSummary) }; +} + +export async function getAudit(id: string): Promise { + const dto = await apiFetch(`${ROOT}/${encodeURIComponent(id)}`); + return normalizeSummary(dto); +} + +export async function getAuditSummary(params: { + fromUtc?: string; + toUtc?: string; + tenantId?: string; +} = {}): Promise { + const q = new URLSearchParams(); + if (params.fromUtc) q.set("FromUtc", params.fromUtc); + if (params.toUtc) q.set("ToUtc", params.toUtc); + if (params.tenantId) q.set("TenantId", params.tenantId); + const qs = q.toString(); + const raw = await apiFetch<{ + eventsByType: Record; + eventsBySeverity: Record; + eventsBySource: Record; + eventsByTenant: Record; + }>(`${ROOT}/summary${qs ? `?${qs}` : ""}`); + + // The server keys the histograms by the same integer enum form. Translate + // them to the string union so the rest of the UI can index them by name. + const eventsByType: Partial> = {}; + for (const [k, v] of Object.entries(raw.eventsByType ?? {})) { + const key = coerceEventType(/^\d+$/.test(k) ? Number(k) : k); + eventsByType[key] = (eventsByType[key] ?? 0) + v; + } + const eventsBySeverity: Partial> = {}; + for (const [k, v] of Object.entries(raw.eventsBySeverity ?? {})) { + const key = coerceSeverity(/^\d+$/.test(k) ? Number(k) : k); + eventsBySeverity[key] = (eventsBySeverity[key] ?? 0) + v; + } + + return { + eventsByType, + eventsBySeverity, + eventsBySource: raw.eventsBySource ?? {}, + eventsByTenant: raw.eventsByTenant ?? {}, + }; +} diff --git a/clients/admin/src/api/billing.ts b/clients/admin/src/api/billing.ts new file mode 100644 index 0000000000..c21c846ac6 --- /dev/null +++ b/clients/admin/src/api/billing.ts @@ -0,0 +1,186 @@ +import { apiFetch } from "@/lib/api-client"; +import type { PagedResponse } from "@/lib/api-types"; + +// ─── shared enums ──────────────────────────────────────────────────── + +export type InvoiceStatus = "Draft" | "Issued" | "Paid" | "Void" | (string & {}); + +export type SubscriptionStatus = "Active" | "Suspended" | "Cancelled" | (string & {}); + +export type InvoiceLineItemKind = "BaseFee" | "Overage" | "Adjustment" | (string & {}); + +export type QuotaResource = + | "ApiCalls" + | "StorageBytes" + | "Users" + | "ActiveFeatureFlags" + | (string & {}); + +// ─── plans ─────────────────────────────────────────────────────────── + +export type BillingPlanDto = { + id: string; + key: string; + name: string; + currency: string; + monthlyBasePrice: number; + overageRates: Partial>; + isActive: boolean; +}; + +export type CreatePlanInput = { + key: string; + name: string; + currency: string; + monthlyBasePrice: number; + overageRates?: Partial> | null; +}; + +export type UpdatePlanInput = { + planId: string; + name: string; + monthlyBasePrice: number; + overageRates?: Partial> | null; +}; + +export function getPlans(includeInactive = false): Promise { + const query = new URLSearchParams({ includeInactive: includeInactive ? "true" : "false" }); + return apiFetch(`/api/v1/billing/plans?${query.toString()}`); +} + +export function createPlan(input: CreatePlanInput): Promise { + return apiFetch(`/api/v1/billing/plans`, { + method: "POST", + body: JSON.stringify({ + key: input.key, + name: input.name, + currency: input.currency, + monthlyBasePrice: input.monthlyBasePrice, + overageRates: input.overageRates ?? null, + }), + }); +} + +export function updatePlan(input: UpdatePlanInput): Promise { + return apiFetch(`/api/v1/billing/plans/${encodeURIComponent(input.planId)}`, { + method: "PUT", + body: JSON.stringify({ + planId: input.planId, + name: input.name, + monthlyBasePrice: input.monthlyBasePrice, + overageRates: input.overageRates ?? null, + }), + }); +} + +// ─── subscriptions ─────────────────────────────────────────────────── + +export type SubscriptionDto = { + id: string; + tenantId: string; + planId: string; + planKey: string; + startUtc: string; + endUtc?: string | null; + status: SubscriptionStatus; +}; + +export type AssignSubscriptionInput = { + tenantId: string; + planKey: string; +}; + +export function getSubscription(tenantId?: string): Promise { + const query = new URLSearchParams(); + if (tenantId) query.set("tenantId", tenantId); + const suffix = query.toString() ? `?${query.toString()}` : ""; + return apiFetch(`/api/v1/billing/subscriptions${suffix}`); +} + +export function assignSubscription(input: AssignSubscriptionInput): Promise { + return apiFetch(`/api/v1/billing/subscriptions`, { + method: "POST", + body: JSON.stringify(input), + }); +} + +// ─── invoices ──────────────────────────────────────────────────────── + +export type InvoiceLineItemDto = { + id: string; + kind: InvoiceLineItemKind; + resource?: QuotaResource | null; + description: string; + quantity: number; + unitPrice: number; + amount: number; +}; + +export type InvoiceDto = { + id: string; + tenantId: string; + invoiceNumber: string; + periodYear: number; + periodMonth: number; + currency: string; + subtotalAmount: number; + status: InvoiceStatus; + createdAtUtc: string; + issuedAtUtc?: string | null; + dueAtUtc?: string | null; + paidAtUtc?: string | null; + voidedAtUtc?: string | null; + notes?: string | null; + lineItems: InvoiceLineItemDto[]; +}; + +export type ListInvoicesParams = { + tenantId?: string; + status?: InvoiceStatus; + periodYear?: number; + periodMonth?: number; + pageNumber?: number; + pageSize?: number; +}; + +export function listInvoices(params: ListInvoicesParams = {}): Promise> { + const query = new URLSearchParams(); + if (params.tenantId) query.set("tenantId", params.tenantId); + if (params.status) query.set("status", params.status); + if (params.periodYear) query.set("periodYear", String(params.periodYear)); + if (params.periodMonth) query.set("periodMonth", String(params.periodMonth)); + query.set("pageNumber", String(params.pageNumber ?? 1)); + query.set("pageSize", String(params.pageSize ?? 20)); + return apiFetch>(`/api/v1/billing/invoices?${query.toString()}`); +} + +export function getInvoice(invoiceId: string): Promise { + return apiFetch(`/api/v1/billing/invoices/${encodeURIComponent(invoiceId)}`); +} + +export function generateInvoices(periodYear: number, periodMonth: number): Promise<{ generated: number }> { + return apiFetch<{ generated: number }>(`/api/v1/billing/invoices/generate`, { + method: "POST", + body: JSON.stringify({ periodYear, periodMonth }), + }); +} + +export function issueInvoice(invoiceId: string, dueAtUtc: string | null): Promise { + return apiFetch(`/api/v1/billing/invoices/${encodeURIComponent(invoiceId)}/issue`, { + method: "POST", + body: JSON.stringify({ dueAtUtc }), + }); +} + +export function markInvoicePaid(invoiceId: string): Promise { + return apiFetch(`/api/v1/billing/invoices/${encodeURIComponent(invoiceId)}/pay`, { + method: "POST", + }); +} + +export function voidInvoice(invoiceId: string, reason: string | null): Promise { + return apiFetch(`/api/v1/billing/invoices/${encodeURIComponent(invoiceId)}/void`, { + method: "POST", + body: JSON.stringify({ reason }), + }); +} diff --git a/clients/admin/src/api/health.ts b/clients/admin/src/api/health.ts new file mode 100644 index 0000000000..a5c295a6b3 --- /dev/null +++ b/clients/admin/src/api/health.ts @@ -0,0 +1,63 @@ +import { env } from "@/env"; + +export type HealthStatus = "Healthy" | "Degraded" | "Unhealthy" | string; + +export type HealthEntry = { + name: string; + status: HealthStatus; + description?: string | null; + durationMs: number; + details?: Record | null; +}; + +export type HealthResult = { + status: HealthStatus; + results: HealthEntry[]; +}; + +/** + * Health probes are anonymous — bypass the apiClient so we don't drag the + * tenant header / auth token into a public endpoint, and so we can read + * the body on a 503 (apiClient would throw before parsing). + */ +async function fetchHealth(path: string, timeoutMs = 8_000): Promise { + const url = `${env.apiBase}${path}`; + const response = await fetch(url, { + method: "GET", + signal: AbortSignal.timeout(timeoutMs), + headers: { Accept: "application/json" }, + }); + + // /health/live returns 200; /health/ready returns 200 OR 503 with body. + if (!response.ok && response.status !== 503) { + return { + status: "Unhealthy", + results: [ + { + name: "probe", + status: "Unhealthy", + description: `Probe failed: ${response.status} ${response.statusText}`, + durationMs: 0, + }, + ], + }; + } + + const contentType = response.headers.get("content-type") ?? ""; + if (!contentType.includes("json")) { + return { + status: response.ok ? "Healthy" : "Unhealthy", + results: [], + }; + } + + return (await response.json()) as HealthResult; +} + +export function getLiveness(): Promise { + return fetchHealth("/health/live"); +} + +export function getReadiness(): Promise { + return fetchHealth("/health/ready"); +} diff --git a/clients/admin/src/api/impersonation-grants.ts b/clients/admin/src/api/impersonation-grants.ts new file mode 100644 index 0000000000..588973b55b --- /dev/null +++ b/clients/admin/src/api/impersonation-grants.ts @@ -0,0 +1,56 @@ +import { apiFetch } from "@/lib/api-client"; + +export type ImpersonationGrantStatus = "Active" | "Ended" | "Revoked" | "Expired"; + +export type ImpersonationGrantDto = { + id: string; + jti: string; + actorUserId: string; + actorUserName?: string | null; + actorTenantId: string; + impersonatedUserId: string; + impersonatedUserName?: string | null; + impersonatedTenantId: string; + reason: string; + startedAtUtc: string; + expiresAtUtc: string; + endedAtUtc?: string | null; + revokedAtUtc?: string | null; + revokedByUserId?: string | null; + revokedByUserName?: string | null; + revokeReason?: string | null; + status: ImpersonationGrantStatus; +}; + +export type ListGrantsParams = { + status?: ImpersonationGrantStatus; + impersonatedTenantId?: string; + actorUserId?: string; + take?: number; +}; + +export async function listImpersonationGrants( + params: ListGrantsParams = {}, +): Promise { + const q = new URLSearchParams(); + if (params.status) q.set("Status", params.status); + if (params.impersonatedTenantId) q.set("ImpersonatedTenantId", params.impersonatedTenantId); + if (params.actorUserId) q.set("ActorUserId", params.actorUserId); + q.set("Take", String(params.take ?? 100)); + return apiFetch( + `/api/v1/identity/impersonation/grants?${q.toString()}`, + ); +} + +export async function revokeImpersonationGrant( + id: string, + reason?: string, +): Promise { + return apiFetch( + `/api/v1/identity/impersonation/grants/${encodeURIComponent(id)}/revoke`, + { + method: "POST", + body: JSON.stringify({ reason: reason ?? null }), + }, + ); +} diff --git a/clients/admin/src/api/impersonation.ts b/clients/admin/src/api/impersonation.ts new file mode 100644 index 0000000000..ca6d04b5cd --- /dev/null +++ b/clients/admin/src/api/impersonation.ts @@ -0,0 +1,64 @@ +import { apiFetch } from "@/lib/api-client"; + +export type StartImpersonationInput = { + targetUserId: string; + targetTenantId: string; + reason: string; + /** 1..60 inclusive; null lets the server use its configured default. */ + durationMinutes?: number; +}; + +export type ImpersonationResponse = { + accessToken: string; + accessTokenExpiresAt: string; + actorUserId: string; + actorTenantId: string; + impersonatedUserId: string; + impersonatedTenantId: string; +}; + +/** + * Issues a short-lived impersonation access token representing the target + * user. The admin app never installs this token locally — it hands it off + * to the dashboard via a URL hash so the dashboard can swap into the + * impersonated session in a fresh tab. + * + * Note: the admin's apiFetch attaches the operator's current tenant header + * by default, which the server uses for the cross-tenant authorization + * check (root operators may impersonate any tenant; tenant admins only + * their own). We do NOT override the tenant header here for that reason. + * + * --- + * Why there is no `endImpersonation()` in this file (compare dashboard): + * + * The admin never holds an impersonation session — the impersonation + * token lives in the dashboard tab the operator opened with the hash + * handoff. So "ending impersonation" from the admin's perspective is + * actually server-side REVOCATION of the grant, not a session swap. + * That's covered by: + * + * POST /api/v1/identity/impersonation/grants/{id}/revoke + * + * which is wired via `revokeImpersonationGrant` in impersonation-grants.ts + * and rendered on the /impersonation page + the tenant-detail inline + * active-grants card. After revoke, the JWT validation hook short-circuits + * any further requests carrying that impersonation token via the + * HybridCache-backed revocation lookup — the dashboard tab effectively + * loses the session on its next API call. + * + * If the admin ever installs impersonation tokens locally (e.g. an + * in-place "view as user" mode), this file should pick up the + * `endImpersonation()` call from dashboard's identity.ts and wire it to + * a "Stop impersonating" button in the topbar. + */ +export function startImpersonation(input: StartImpersonationInput): Promise { + return apiFetch(`/api/v1/identity/impersonation/start`, { + method: "POST", + body: JSON.stringify({ + targetUserId: input.targetUserId, + targetTenantId: input.targetTenantId, + reason: input.reason, + durationMinutes: input.durationMinutes ?? null, + }), + }); +} diff --git a/clients/admin/src/api/notifications.ts b/clients/admin/src/api/notifications.ts new file mode 100644 index 0000000000..7d14be0d1f --- /dev/null +++ b/clients/admin/src/api/notifications.ts @@ -0,0 +1,36 @@ +import { apiFetch } from "@/lib/api-client"; + +export type NotificationDto = { + id: string; + type: string; + title: string; + body?: string | null; + link?: string | null; + source: string; + metadataJson: string; + readAtUtc?: string | null; + createdAtUtc: string; +}; + +const ROOT = "/api/v1/notifications"; + +export function listNotifications(params: { unreadOnly?: boolean; page?: number; pageSize?: number } = {}): Promise { + const qs = new URLSearchParams(); + if (params.unreadOnly) qs.set("unreadOnly", "true"); + if (params.page) qs.set("page", String(params.page)); + if (params.pageSize) qs.set("pageSize", String(params.pageSize)); + const q = qs.toString(); + return apiFetch(`${ROOT}/${q ? `?${q}` : ""}`); +} + +export function getUnreadCount(): Promise { + return apiFetch(`${ROOT}/unread-count`); +} + +export function markNotificationRead(notificationId: string): Promise { + return apiFetch(`${ROOT}/${encodeURIComponent(notificationId)}/read`, { method: "POST" }); +} + +export function markAllNotificationsRead(): Promise<{ updated: number }> { + return apiFetch<{ updated: number }>(`${ROOT}/read-all`, { method: "POST" }); +} diff --git a/clients/admin/src/api/roles.ts b/clients/admin/src/api/roles.ts new file mode 100644 index 0000000000..e5335d7359 --- /dev/null +++ b/clients/admin/src/api/roles.ts @@ -0,0 +1,60 @@ +import { apiFetch } from "@/lib/api-client"; + +export type RoleDto = { + id: string; + name: string; + description?: string | null; + permissions?: string[] | null; +}; + +export type UpsertRoleInput = { + /** Pass empty string to create a new role; existing GUID to update. */ + id: string; + name: string; + description?: string | null; +}; + +export type UpdateRolePermissionsInput = { + roleId: string; + permissions: string[]; +}; + +const ROOT = "/api/v1/identity"; + +export function listRoles(): Promise { + return apiFetch(`${ROOT}/roles`); +} + +export function getRole(id: string): Promise { + return apiFetch(`${ROOT}/roles/${encodeURIComponent(id)}`); +} + +export function getRoleWithPermissions(id: string): Promise { + // Note: this endpoint is mapped at `/{id:guid}/permissions` under the + // identity group, NOT under `/roles/`. Server-side asymmetry preserved. + return apiFetch(`${ROOT}/${encodeURIComponent(id)}/permissions`); +} + +export function upsertRole(input: UpsertRoleInput): Promise { + return apiFetch(`${ROOT}/roles`, { + method: "POST", + body: JSON.stringify({ + id: input.id, + name: input.name, + description: input.description ?? null, + }), + }); +} + +export function deleteRole(id: string): Promise { + return apiFetch(`${ROOT}/roles/${encodeURIComponent(id)}`, { + method: "DELETE", + }); +} + +export function updateRolePermissions(input: UpdateRolePermissionsInput): Promise { + return apiFetch(`${ROOT}/${encodeURIComponent(input.roleId)}/permissions`, { + method: "PUT", + body: JSON.stringify({ roleId: input.roleId, permissions: input.permissions }), + }); +} diff --git a/clients/admin/src/api/sessions.ts b/clients/admin/src/api/sessions.ts new file mode 100644 index 0000000000..e70c4c8a98 --- /dev/null +++ b/clients/admin/src/api/sessions.ts @@ -0,0 +1,56 @@ +import { apiFetch } from "@/lib/api-client"; + +export type UserSessionDto = { + id: string; + userId?: string | null; + userName?: string | null; + userEmail?: string | null; + ipAddress?: string | null; + deviceType?: string | null; + browser?: string | null; + browserVersion?: string | null; + operatingSystem?: string | null; + osVersion?: string | null; + createdAt: string; + lastActivityAt: string; + expiresAt: string; + isActive: boolean; + isCurrentSession: boolean; +}; + +const ROOT = "/api/v1/identity"; + +export async function getMySessions(): Promise { + return apiFetch(`${ROOT}/sessions/me`); +} + +export async function revokeMySession(sessionId: string): Promise { + await apiFetch(`${ROOT}/sessions/${encodeURIComponent(sessionId)}`, { + method: "DELETE", + }); +} + +export async function revokeAllMySessions(): Promise<{ revokedCount: number }> { + return apiFetch<{ revokedCount: number }>(`${ROOT}/sessions/revoke-all`, { + method: "POST", + body: JSON.stringify({}), + }); +} + +export async function getUserSessions(userId: string): Promise { + return apiFetch(`${ROOT}/users/${encodeURIComponent(userId)}/sessions`); +} + +export async function adminRevokeUserSession(userId: string, sessionId: string): Promise { + await apiFetch( + `${ROOT}/users/${encodeURIComponent(userId)}/sessions/${encodeURIComponent(sessionId)}`, + { method: "DELETE" }, + ); +} + +export async function adminRevokeAllUserSessions(userId: string): Promise<{ revokedCount: number }> { + return apiFetch<{ revokedCount: number }>( + `${ROOT}/users/${encodeURIComponent(userId)}/sessions/revoke-all`, + { method: "POST", body: JSON.stringify({}) }, + ); +} diff --git a/clients/admin/src/api/tenants.ts b/clients/admin/src/api/tenants.ts new file mode 100644 index 0000000000..a9a82d28dc --- /dev/null +++ b/clients/admin/src/api/tenants.ts @@ -0,0 +1,205 @@ +import { apiFetch } from "@/lib/api-client"; +import type { PagedResponse } from "@/lib/api-types"; + +export type { PagedResponse } from "@/lib/api-types"; + +export type TenantDto = { + id: string; + name: string; + adminEmail: string; + isActive: boolean; + validUpto: string; + issuer?: string; +}; + +export type ListTenantsParams = { + pageNumber?: number; + pageSize?: number; + sort?: string; +}; + +export type CreateTenantInput = { + id: string; + name: string; + adminEmail: string; + adminPassword: string; + issuer: string; + connectionString?: string | null; +}; + +export type CreateTenantResponse = { + id: string; + provisioningCorrelationId?: string; + status?: string; +}; + +export type TenantLifecycleResult = { + tenantId: string; + isActive: boolean; +}; + +export type TenantProvisioningStep = { + step: string; + status: string; + startedUtc?: string | null; + completedUtc?: string | null; + error?: string | null; +}; + +export type TenantProvisioningStatus = { + tenantId: string; + status: string; + correlationId: string; + currentStep?: string | null; + error?: string | null; + createdUtc: string; + startedUtc?: string | null; + completedUtc?: string | null; + steps: TenantProvisioningStep[]; +}; + +export async function listTenants(params: ListTenantsParams = {}): Promise> { + const query = new URLSearchParams(); + query.set("PageNumber", String(params.pageNumber ?? 1)); + query.set("PageSize", String(params.pageSize ?? 10)); + if (params.sort) query.set("Sort", params.sort); + return apiFetch>(`/api/v1/tenants/?${query.toString()}`); +} + +export async function getTenantStatus(id: string): Promise { + return apiFetch(`/api/v1/tenants/${encodeURIComponent(id)}/status`); +} + +export async function getTenantProvisioningStatus(id: string): Promise { + return apiFetch(`/api/v1/tenants/${encodeURIComponent(id)}/provisioning`); +} + +export async function createTenant(input: CreateTenantInput): Promise { + return apiFetch(`/api/v1/tenants/`, { + method: "POST", + body: JSON.stringify({ + id: input.id, + name: input.name, + adminEmail: input.adminEmail, + adminPassword: input.adminPassword, + issuer: input.issuer, + connectionString: input.connectionString ?? null, + }), + }); +} + +export async function changeTenantActivation(id: string, isActive: boolean): Promise { + return apiFetch(`/api/v1/tenants/${encodeURIComponent(id)}/activation`, { + method: "POST", + body: JSON.stringify({ tenantId: id, isActive }), + }); +} + +export async function retryTenantProvisioning(id: string): Promise { + return apiFetch(`/api/v1/tenants/${encodeURIComponent(id)}/provisioning/retry`, { + method: "POST", + }); +} + +// ───────────────────────────────────────────────────────────────────────── +// Tenant theme / branding +// +// The theme endpoints are CURRENT-TENANT scoped server-side — they read +// the request's tenant header and act on that tenant's row. The admin +// operator is in the root tenant by default, so we explicitly send +// `tenant: ` to operate on a different tenant. The server's +// root-operator override middleware permits this for root callers. +// ───────────────────────────────────────────────────────────────────────── + +export type PaletteDto = { + primary: string; + secondary: string; + tertiary: string; + background: string; + surface: string; + error: string; + warning: string; + success: string; + info: string; +}; + +export type BrandAssetsDto = { + logoUrl?: string | null; + logoDarkUrl?: string | null; + faviconUrl?: string | null; + deleteLogo?: boolean; + deleteLogoDark?: boolean; + deleteFavicon?: boolean; +}; + +export type TypographyDto = { + fontFamily: string; + headingFontFamily: string; + fontSizeBase: number; + lineHeightBase: number; +}; + +export type LayoutDto = { + borderRadius: string; + defaultElevation: number; +}; + +export type TenantThemeDto = { + lightPalette: PaletteDto; + darkPalette: PaletteDto; + brandAssets: BrandAssetsDto; + typography: TypographyDto; + layout: LayoutDto; + isDefault: boolean; +}; + +export const DEFAULT_LIGHT_PALETTE: PaletteDto = { + primary: "#2563EB", + secondary: "#0F172A", + tertiary: "#6366F1", + background: "#F8FAFC", + surface: "#FFFFFF", + error: "#DC2626", + warning: "#F59E0B", + success: "#16A34A", + info: "#0284C7", +}; + +export const DEFAULT_DARK_PALETTE: PaletteDto = { + primary: "#38BDF8", + secondary: "#94A3B8", + tertiary: "#818CF8", + background: "#0B1220", + surface: "#111827", + error: "#F87171", + warning: "#FBBF24", + success: "#22C55E", + info: "#38BDF8", +}; + +/** Fetch a tenant's theme. Caller needs MultitenancyPermissions.Tenants.ViewTheme. */ +export async function getTenantTheme(tenantId: string): Promise { + return apiFetch(`/api/v1/tenants/theme`, { + headers: { tenant: tenantId }, + }); +} + +/** Save a tenant's theme. Caller needs MultitenancyPermissions.Tenants.UpdateTheme. */ +export async function updateTenantTheme( + tenantId: string, + theme: TenantThemeDto, +): Promise { + await apiFetch(`/api/v1/tenants/theme`, { + method: "PUT", + headers: { tenant: tenantId }, + body: JSON.stringify(theme), + }); +} + +/** Reset a tenant's theme to framework defaults. */ +export async function resetTenantTheme(tenantId: string): Promise { + await apiFetch(`/api/v1/tenants/theme/reset`, { + method: "POST", + headers: { tenant: tenantId }, + }); +} diff --git a/clients/admin/src/api/two-factor.ts b/clients/admin/src/api/two-factor.ts new file mode 100644 index 0000000000..6110d65546 --- /dev/null +++ b/clients/admin/src/api/two-factor.ts @@ -0,0 +1,31 @@ +import { apiFetch } from "@/lib/api-client"; + +export type TwoFactorEnrollmentResponse = { + sharedKey: string; + authenticatorUri: string; +}; + +const ROOT = "/api/v1/identity"; + +/** + * Begin (or rotate) TOTP enrollment. The user has NOT yet enabled 2FA until + * they confirm with a code via verifyEnrollTwoFactor — this just hands back + * the secret + otpauth:// URI so the QR can render. + */ +export async function enrollTwoFactor(): Promise { + return apiFetch(`${ROOT}/2fa/enroll`, { method: "POST" }); +} + +export async function verifyEnrollTwoFactor(code: string): Promise<{ success: boolean }> { + return apiFetch<{ success: boolean }>(`${ROOT}/2fa/verify`, { + method: "POST", + body: JSON.stringify({ code }), + }); +} + +export async function disableTwoFactor(currentPassword: string): Promise<{ success: boolean }> { + return apiFetch<{ success: boolean }>(`${ROOT}/2fa/disable`, { + method: "POST", + body: JSON.stringify({ currentPassword }), + }); +} diff --git a/clients/admin/src/api/users.ts b/clients/admin/src/api/users.ts new file mode 100644 index 0000000000..ff0706f22c --- /dev/null +++ b/clients/admin/src/api/users.ts @@ -0,0 +1,198 @@ +import { apiFetch } from "@/lib/api-client"; +import type { PagedResponse } from "@/lib/api-types"; + +export type UserDto = { + id: string; + userName?: string | null; + firstName?: string | null; + lastName?: string | null; + email?: string | null; + isActive: boolean; + emailConfirmed: boolean; + phoneNumber?: string | null; + imageUrl?: string | null; + twoFactorEnabled?: boolean; +}; + +export type UserRoleDto = { + roleId: string; + roleName: string; + description?: string | null; + enabled: boolean; +}; + +export type SearchUsersParams = { + pageNumber?: number; + pageSize?: number; + sort?: string; + search?: string; + isActive?: boolean; + emailConfirmed?: boolean; + roleId?: string; + /** + * When set, sends a `tenant` header overriding the operator's active tenant + * for this request only. Used by impersonation flows so a root operator can + * browse another tenant's users without flipping their global session. + */ + tenantId?: string; +}; + +export type RegisterUserInput = { + firstName: string; + lastName: string; + email: string; + userName: string; + password: string; + confirmPassword: string; + phoneNumber?: string; +}; + +export type RegisterUserResponse = { + userId: string; + message?: string; +}; + +const BASE = "/api/v1/identity/users"; +const IDENTITY = "/api/v1/identity"; + +/** + * Returns the permission strings the current user holds. The JWT only carries + * role names — permissions are resolved server-side per role on this endpoint, + * so client-side route guards must call it after login (and after a refresh + * if grants may have changed). + */ +export async function getMyPermissions(): Promise { + return (await apiFetch(`${IDENTITY}/permissions`)) ?? []; +} + +export async function getMyProfile(): Promise { + return apiFetch(`${IDENTITY}/profile`); +} + +export async function setProfileImage(imageUrl: string | null): Promise { + await apiFetch(`${IDENTITY}/profile/image`, { + method: "PUT", + body: JSON.stringify({ imageUrl }), + }); +} + +export async function changePassword(input: { + password: string; + newPassword: string; + confirmNewPassword: string; +}): Promise { + return apiFetch(`${BASE}/change-password`, { + method: "POST", + body: JSON.stringify(input), + }); +} + +export async function searchUsers(params: SearchUsersParams = {}): Promise> { + const q = new URLSearchParams(); + q.set("PageNumber", String(params.pageNumber ?? 1)); + q.set("PageSize", String(params.pageSize ?? 10)); + if (params.sort) q.set("Sort", params.sort); + if (params.search?.trim()) q.set("Search", params.search.trim()); + if (params.isActive !== undefined) q.set("IsActive", String(params.isActive)); + if (params.emailConfirmed !== undefined) q.set("EmailConfirmed", String(params.emailConfirmed)); + if (params.roleId) q.set("RoleId", params.roleId); + return apiFetch>(`${BASE}/search?${q.toString()}`, { + headers: params.tenantId ? { tenant: params.tenantId } : undefined, + }); +} + +export async function getUser(id: string): Promise { + return apiFetch(`${BASE}/${encodeURIComponent(id)}`); +} + +export async function getUserRoles(id: string): Promise { + return apiFetch(`${BASE}/${encodeURIComponent(id)}/roles`); +} + +export async function registerUser(input: RegisterUserInput): Promise { + return apiFetch(`${BASE}/register`, { + method: "POST", + body: JSON.stringify(input), + }); +} + +export async function toggleUserStatus(id: string, activateUser: boolean): Promise { + await apiFetch(`${BASE}/${encodeURIComponent(id)}`, { + method: "PATCH", + body: JSON.stringify({ userId: id, activateUser }), + }); +} + +export async function assignUserRoles(id: string, roles: UserRoleDto[]): Promise { + return apiFetch(`${BASE}/${encodeURIComponent(id)}/roles`, { + method: "POST", + body: JSON.stringify({ userId: id, userRoles: roles }), + }); +} + +// ----------------------------- +// Anonymous password-reset trio +// forgot-password → reset-password → confirm-email +// ----------------------------- + +/** + * Step 1 of the forgot-password flow. Server resolves the user by + * (email, tenant), generates a reset token, and emails them the link. + * Server always returns 200 regardless of whether the email exists — + * never leak account presence to the UI. + */ +export async function requestPasswordReset(input: { + email: string; + tenant: string; +}): Promise { + await apiFetch(`${IDENTITY}/forgot-password`, { + method: "POST", + skipAuth: true, + headers: { tenant: input.tenant }, + body: JSON.stringify({ email: input.email }), + }); +} + +/** + * Step 2 — caller carries (token, email, tenant) from the emailed link + * plus a new password from the form. Existing JWTs stay valid until + * natural expiry; the UI should bounce to /login after success. + */ +export async function resetPassword(input: { + email: string; + password: string; + token: string; + tenant: string; +}): Promise { + await apiFetch(`${IDENTITY}/reset-password`, { + method: "POST", + skipAuth: true, + headers: { tenant: input.tenant }, + body: JSON.stringify({ + email: input.email, + password: input.password, + token: input.token, + }), + }); +} + +/** + * Confirm-email link landing. Server expects (userId, code, tenant) as + * query parameters from the registration email. + */ +export async function confirmEmail(input: { + userId: string; + code: string; + tenant: string; +}): Promise { + const qs = new URLSearchParams({ + userId: input.userId, + code: input.code, + tenant: input.tenant, + }).toString(); + return apiFetch(`${IDENTITY}/confirm-email?${qs}`, { + method: "GET", + skipAuth: true, + headers: { tenant: input.tenant }, + }); +} diff --git a/clients/admin/src/api/webhooks.ts b/clients/admin/src/api/webhooks.ts new file mode 100644 index 0000000000..f6d631b6d5 --- /dev/null +++ b/clients/admin/src/api/webhooks.ts @@ -0,0 +1,95 @@ +import { apiFetch } from "@/lib/api-client"; +import type { PagedResponse } from "@/lib/api-types"; + +export type WebhookSubscriptionDto = { + id: string; + url: string; + events: string[]; + isActive: boolean; + createdAtUtc: string; +}; + +export type WebhookDeliveryDto = { + id: string; + subscriptionId: string; + eventType: string; + httpStatusCode: number; + success: boolean; + attemptCount: number; + attemptedAtUtc: string; + errorMessage?: string | null; +}; + +export type CreateWebhookSubscriptionInput = { + url: string; + events: string[]; + secret?: string; +}; + +const ROOT = "/api/v1/webhooks"; + +export function listWebhookSubscriptions( + pageNumber = 1, + pageSize = 50, +): Promise> { + const q = new URLSearchParams({ + pageNumber: String(pageNumber), + pageSize: String(pageSize), + }); + return apiFetch>(`${ROOT}/subscriptions?${q.toString()}`); +} + +export function createWebhookSubscription(input: CreateWebhookSubscriptionInput): Promise { + return apiFetch(`${ROOT}/subscriptions`, { + method: "POST", + body: JSON.stringify({ + url: input.url, + events: input.events, + secret: input.secret?.trim() ? input.secret : null, + }), + }); +} + +export function deleteWebhookSubscription(id: string): Promise { + return apiFetch(`${ROOT}/subscriptions/${encodeURIComponent(id)}`, { + method: "DELETE", + }); +} + +export function testWebhookSubscription(id: string): Promise<{ success: boolean }> { + return apiFetch<{ success: boolean }>( + `${ROOT}/subscriptions/${encodeURIComponent(id)}/test`, + { method: "POST" }, + ); +} + +export function listWebhookDeliveries( + subscriptionId: string, + pageNumber = 1, + pageSize = 50, +): Promise> { + const q = new URLSearchParams({ + pageNumber: String(pageNumber), + pageSize: String(pageSize), + }); + return apiFetch>( + `${ROOT}/subscriptions/${encodeURIComponent(subscriptionId)}/deliveries?${q.toString()}`, + ); +} + +/** + * Curated list of event names commonly emitted by FSH modules. Webhook + * subscriptions accept arbitrary strings — these just power the chip + * picker in the create dialog so operators don't have to remember the + * canonical kebab-case names. + */ +export const SUGGESTED_EVENT_TYPES: readonly string[] = [ + "tenant.created", + "tenant.activation.changed", + "user.registered", + "user.role.assigned", + "billing.invoice.issued", + "billing.invoice.paid", + "billing.subscription.created", + "billing.subscription.cancelled", +]; diff --git a/clients/admin/src/auth/api.ts b/clients/admin/src/auth/api.ts new file mode 100644 index 0000000000..bc0489dc0b --- /dev/null +++ b/clients/admin/src/auth/api.ts @@ -0,0 +1,23 @@ +import { apiFetch } from "@/lib/api-client"; + +export type TokenResponse = { + accessToken: string; + refreshToken: string; + accessTokenExpiresAt: string; + refreshTokenExpiresAt: string; +}; + +export function issueToken(input: { + email: string; + password: string; + tenant: string; +}) { + return apiFetch("/api/v1/identity/token/issue", { + method: "POST", + body: JSON.stringify({ email: input.email, password: input.password }), + // X-FSH-App marks this client as the platform-admin app. Used by the + // API to enforce the SuperAdmin / dashboard boundary. + headers: { tenant: input.tenant, "X-FSH-App": "admin" }, + skipAuth: true, + }); +} diff --git a/clients/admin/src/auth/auth-context.tsx b/clients/admin/src/auth/auth-context.tsx new file mode 100644 index 0000000000..7704c9a98a --- /dev/null +++ b/clients/admin/src/auth/auth-context.tsx @@ -0,0 +1,139 @@ +import { createContext, useCallback, useEffect, useMemo, useRef, useState, type ReactNode } from "react"; +import { useQueryClient } from "@tanstack/react-query"; +import { tokenStore } from "@/auth/token-store"; +import { decodeJwt, type JwtClaims } from "@/auth/jwt"; +import { issueToken } from "@/auth/api"; +import { getMyPermissions } from "@/api/users"; + +export type AuthUser = { + id: string; + email?: string; + name?: string; + tenant?: string; + permissions: string[]; +}; + +export type AuthContextValue = { + user: AuthUser | null; + isAuthenticated: boolean; + /** + * True once permissions have been fetched at least once for the current + * user (or no user is signed in). Route guards check this before rendering + * a 403 — without it, the first paint flashes "access denied" while the + * permissions request is still in flight. + */ + permissionsHydrated: boolean; + login: (input: { email: string; password: string; tenant: string }) => Promise; + logout: () => void; + /** Re-fetch the permission set for the signed-in user. Call after a role + * assignment changes for the current user. */ + refreshPermissions: () => Promise; +}; + +export const AuthContext = createContext(null); + +function claimsToUser(claims: JwtClaims | null, permissions: string[]): AuthUser | null { + if (!claims?.sub) return null; + return { + id: claims.sub, + email: claims.email, + name: claims.name, + tenant: claims.tenant, + permissions, + }; +} + +export function AuthProvider({ children }: { children: ReactNode }) { + const queryClient = useQueryClient(); + const [user, setUser] = useState(() => + claimsToUser(decodeJwt(tokenStore.getAccessToken()), tokenStore.getPermissions()), + ); + // Cold-start: if we already have a cached permissions list, treat as hydrated + // so route guards don't flash 403. Otherwise, wait for the effect. + const [permissionsHydrated, setPermissionsHydrated] = useState(() => { + if (!tokenStore.getAccessToken()) return true; + return tokenStore.getPermissions().length > 0; + }); + const lastHydratedSubject = useRef(user?.id ?? null); + + // Hydrate (or re-hydrate) the permissions list from the server whenever the + // signed-in subject changes — covers cold-start, login, and account swap. + useEffect(() => { + if (!user) { + lastHydratedSubject.current = null; + setPermissionsHydrated(true); + return; + } + if (lastHydratedSubject.current === user.id && permissionsHydrated) { + return; + } + lastHydratedSubject.current = user.id; + let cancelled = false; + void (async () => { + try { + const perms = await getMyPermissions(); + if (cancelled) return; + tokenStore.setPermissions(perms); + // setPermissions emits, the subscribe listener will rebuild `user` + // with the new list. + setPermissionsHydrated(true); + } catch { + // Permissions fetch failure shouldn't sign the user out — the route + // guards will treat them as zero-permission until the next refresh. + if (!cancelled) setPermissionsHydrated(true); + } + })(); + return () => { + cancelled = true; + }; + }, [user, permissionsHydrated]); + + useEffect(() => { + return tokenStore.subscribe(() => { + const next = claimsToUser(decodeJwt(tokenStore.getAccessToken()), tokenStore.getPermissions()); + setUser(next); + }); + }, []); + + const login = useCallback( + async (input: { email: string; password: string; tenant: string }) => { + tokenStore.setTenant(input.tenant); + // Stale permissions from a previous user must not leak into the new + // session — clear before issuing the token so the hydration effect + // re-fetches from scratch. + tokenStore.setPermissions([]); + setPermissionsHydrated(false); + const tokens = await issueToken(input); + tokenStore.setTokens(tokens.accessToken, tokens.refreshToken); + }, + [], + ); + + const logout = useCallback(() => { + tokenStore.clear(); + queryClient.clear(); + }, [queryClient]); + + const refreshPermissions = useCallback(async () => { + try { + const perms = await getMyPermissions(); + tokenStore.setPermissions(perms); + } catch { + /* swallow — see hydration effect */ + } + }, []); + + const value = useMemo( + () => ({ + user, + isAuthenticated: user !== null, + permissionsHydrated, + login, + logout, + refreshPermissions, + }), + [user, permissionsHydrated, login, logout, refreshPermissions], + ); + + return {children}; +} diff --git a/clients/admin/src/auth/jwt.ts b/clients/admin/src/auth/jwt.ts new file mode 100644 index 0000000000..f6d81770e0 --- /dev/null +++ b/clients/admin/src/auth/jwt.ts @@ -0,0 +1,23 @@ +export type JwtClaims = { + sub?: string; + email?: string; + name?: string; + tenant?: string; + permissions?: string[] | string; + exp?: number; + [key: string]: unknown; +}; + +export function decodeJwt(token: string | null | undefined): JwtClaims | null { + if (!token) return null; + const parts = token.split("."); + if (parts.length !== 3) return null; + try { + const payload = parts[1].replace(/-/g, "+").replace(/_/g, "/"); + const padded = payload + "=".repeat((4 - (payload.length % 4)) % 4); + const json = atob(padded); + return JSON.parse(json) as JwtClaims; + } catch { + return null; + } +} diff --git a/clients/admin/src/auth/protected-route.tsx b/clients/admin/src/auth/protected-route.tsx new file mode 100644 index 0000000000..5c589fe8fd --- /dev/null +++ b/clients/admin/src/auth/protected-route.tsx @@ -0,0 +1,31 @@ +import { Navigate, Outlet, useLocation } from "react-router-dom"; +import { useAuth } from "@/auth/use-auth"; +import { ForbiddenView } from "@/components/forbidden-view"; + +type ProtectedRouteProps = { + /** + * Optional list of permission strings. When provided, the current user must hold EVERY + * listed permission. Missing any one renders a 403 view instead of navigating to login. + * Omit or pass [] to keep the route auth-only (any signed-in user). + */ + permissions?: string[]; +}; + +export function ProtectedRoute({ permissions = [] }: ProtectedRouteProps) { + const { isAuthenticated, user } = useAuth(); + const location = useLocation(); + + if (!isAuthenticated) { + return ; + } + + if (permissions.length > 0) { + const granted = user?.permissions ?? []; + const missing = permissions.filter((p) => !granted.includes(p)); + if (missing.length > 0) { + return ; + } + } + + return ; +} diff --git a/clients/admin/src/auth/route-guard.tsx b/clients/admin/src/auth/route-guard.tsx new file mode 100644 index 0000000000..a801d9f484 --- /dev/null +++ b/clients/admin/src/auth/route-guard.tsx @@ -0,0 +1,49 @@ +import type { ReactNode } from "react"; +import { useAuth } from "@/auth/use-auth"; +import { ForbiddenView } from "@/components/forbidden-view"; + +type RouteGuardProps = { + /** + * Permission strings the current user must hold to view the wrapped + * content. Missing any one renders ForbiddenView instead of the route. + * Use this on the route's `element` to gate by permission per-page — + * ProtectedRoute itself only handles the auth-vs-anonymous question. + */ + perms: readonly string[]; + children: ReactNode; +}; + +/** + * RouteGuard — per-route permission wrapper. Layered inside ProtectedRoute, + * not as a replacement: ProtectedRoute decides "are you signed in?", this + * decides "do you hold these specific permissions for this surface?". + * + * Note: the JWT only carries role names; permissions are resolved server-side + * per role and fetched into AuthContext after sign-in. While that fetch is in + * flight (permissionsHydrated=false), we render a quiet loading slug instead + * of 403 to avoid a flash of "access denied" on first paint. + */ +export function RouteGuard({ perms, children }: RouteGuardProps) { + const { user, permissionsHydrated } = useAuth(); + + if (!permissionsHydrated) { + return ( +
+ Resolving permissions + +
+ ); + } + + const granted = user?.permissions ?? []; + const missing = perms.filter((p) => !granted.includes(p)); + + if (missing.length > 0) { + return ; + } + + return <>{children}; +} diff --git a/clients/admin/src/auth/token-store.ts b/clients/admin/src/auth/token-store.ts new file mode 100644 index 0000000000..8c36ae061f --- /dev/null +++ b/clients/admin/src/auth/token-store.ts @@ -0,0 +1,64 @@ +const ACCESS_KEY = "fsh.admin.accessToken"; +const REFRESH_KEY = "fsh.admin.refreshToken"; +const TENANT_KEY = "fsh.admin.tenant"; +const PERMS_KEY = "fsh.admin.permissions"; + +type Listener = () => void; + +const listeners = new Set(); + +function emit() { + for (const listener of listeners) listener(); +} + +export const tokenStore = { + getAccessToken: () => localStorage.getItem(ACCESS_KEY), + getRefreshToken: () => localStorage.getItem(REFRESH_KEY), + getTenant: () => localStorage.getItem(TENANT_KEY), + + /** + * Permissions are fetched separately from the JWT (the token only carries + * role names — see GetCurrentUserPermissionsEndpoint server-side). Cached + * here so route guards can read them synchronously; refreshed on each login. + */ + getPermissions(): string[] { + try { + const raw = localStorage.getItem(PERMS_KEY); + if (!raw) return []; + const parsed = JSON.parse(raw) as unknown; + return Array.isArray(parsed) ? parsed.filter((p): p is string => typeof p === "string") : []; + } catch { + return []; + } + }, + + setPermissions(permissions: string[]) { + localStorage.setItem(PERMS_KEY, JSON.stringify(permissions)); + emit(); + }, + + setTokens(accessToken: string, refreshToken: string) { + localStorage.setItem(ACCESS_KEY, accessToken); + localStorage.setItem(REFRESH_KEY, refreshToken); + emit(); + }, + + setTenant(tenant: string) { + localStorage.setItem(TENANT_KEY, tenant); + emit(); + }, + + clear() { + localStorage.removeItem(ACCESS_KEY); + localStorage.removeItem(REFRESH_KEY); + localStorage.removeItem(PERMS_KEY); + emit(); + }, + + subscribe(listener: Listener) { + listeners.add(listener); + return () => { + listeners.delete(listener); + }; + }, +}; diff --git a/clients/admin/src/auth/use-auth.ts b/clients/admin/src/auth/use-auth.ts new file mode 100644 index 0000000000..e66d0827d8 --- /dev/null +++ b/clients/admin/src/auth/use-auth.ts @@ -0,0 +1,10 @@ +import { useContext } from "react"; +import { AuthContext } from "@/auth/auth-context"; + +export function useAuth() { + const ctx = useContext(AuthContext); + if (!ctx) { + throw new Error("useAuth must be used within AuthProvider"); + } + return ctx; +} diff --git a/clients/admin/src/components/auth/auth-shell.tsx b/clients/admin/src/components/auth/auth-shell.tsx new file mode 100644 index 0000000000..68981ec30c --- /dev/null +++ b/clients/admin/src/components/auth/auth-shell.tsx @@ -0,0 +1,107 @@ +import type { ReactNode } from "react"; +import { BrandMarkXL } from "@/components/brand-mark"; +import { cn } from "@/lib/cn"; + +// ──────────────────────────────────────────────────────────────────────── +// AuthShell — shared chrome for unauthenticated admin surfaces +// (login already inlines its own variant; this is for forgot-password, +// reset-password, confirm-email). +// +// Mirrors login.tsx's editorial split-screen aesthetic: +// left pane (lg+): brand stage — canvas-mesh, chartreuse vignette, +// corner ticks, BrandMarkXL hero monogram. +// right pane: focused form column with the // SECTION-RULE chip. +// +// The brand stage stays consistent across all auth pages so the operator +// always knows they're on the FSH Console surface. The right pane carries +// the page-specific content. +// ──────────────────────────────────────────────────────────────────────── + +function CornerTicks() { + const TICK = "h-3 w-3 border-[var(--color-accent-signal)]"; + return ( + <> + + + + + + ); +} + +export function AuthShell({ + crumbLeft, + crumbRight, + blurb, + children, +}: { + /** Section-rule left crumb, e.g. "// RECOVER ACCOUNT" */ + crumbLeft: string; + /** Section-rule right crumb (muted), e.g. "issue reset token" */ + crumbRight: string; + /** One-line description under the section-rule. */ + blurb: ReactNode; + /** Form area below the blurb. */ + children: ReactNode; +}) { + return ( +
+ {/* ─── Left pane — brand stage ───────────────────────────────── */} + + + {/* ─── Right pane — page content ─────────────────────────────── */} +
+
+ +
+ {/* Mobile-only brand (lg+ uses the left pane). */} +
+ +
+ +
+
+ {crumbLeft} + {crumbRight} +
+

{blurb}

+
+ + {children} +
+
+
+ ); +} diff --git a/clients/admin/src/components/brand-mark.tsx b/clients/admin/src/components/brand-mark.tsx new file mode 100644 index 0000000000..f0bdd05403 --- /dev/null +++ b/clients/admin/src/components/brand-mark.tsx @@ -0,0 +1,54 @@ +import { cn } from "@/lib/cn"; + +/** + * BrandMark — the Console wordmark. Two glyphs side-by-side: + * • A small chartreuse square "punctuation" mark (the only place chrome + * uses the accent at full saturation). + * • A mono "FSH" lockup with tight letter-spacing. + * Designed to feel like a system header line rather than a logo. + */ +export function BrandMark({ className }: { className?: string }) { + return ( +
+ + + FSH + /admin + +
+ ); +} + +/** + * BrandMarkXL — splash version for the Login page. Leads with the FSH logo + * mark + "fullstackhero" wordmark, then the "Console." display monogram and + * a one-line system blurb. The chartreuse signal carries through the wordmark + * accent and the monogram period. + */ +export function BrandMarkXL({ className }: { className?: string }) { + return ( +
+
+ FullStackHero + + fullstackhero + + · platform admin +
+

+ Console. +

+

+ Operate every tenant on this instance — identity, multitenancy, billing, + and the rest of the system surface, from one place. +

+
+ ); +} diff --git a/clients/admin/src/components/empty-state.tsx b/clients/admin/src/components/empty-state.tsx new file mode 100644 index 0000000000..baee73de4d --- /dev/null +++ b/clients/admin/src/components/empty-state.tsx @@ -0,0 +1,59 @@ +import type { LucideIcon } from "lucide-react"; +import { cn } from "@/lib/cn"; + +type EmptyStateProps = { + icon?: LucideIcon; + /** Mono crumb shown above the headline. */ + kicker?: string; + title: string; + description?: React.ReactNode; + action?: React.ReactNode; + className?: string; +}; + +/** + * EmptyState — used wherever a list/query returns no results. Pulls the + * Console language together in one place: hairline icon container, mono + * kicker, display headline, single CTA. Pages should reach for this + * instead of inline "No results" copy. + */ +export function EmptyState({ + icon: Icon, + kicker, + title, + description, + action, + className, +}: EmptyStateProps) { + return ( +
+ {Icon && ( + + + + + )} + {kicker && ( + {kicker} + )} +

{title}

+ {description && ( +

+ {description} +

+ )} + {action &&
{action}
} +
+ ); +} diff --git a/clients/admin/src/components/forbidden-view.tsx b/clients/admin/src/components/forbidden-view.tsx new file mode 100644 index 0000000000..782a7f69c7 --- /dev/null +++ b/clients/admin/src/components/forbidden-view.tsx @@ -0,0 +1,56 @@ +import { Link } from "react-router-dom"; +import { ShieldOff } from "lucide-react"; +import { Button } from "@/components/ui/button"; + +type ForbiddenViewProps = { + /** Permission strings the caller required that the user doesn't hold. Shown for operator clarity. */ + missing?: string[]; +}; + +/** + * ForbiddenView — 403 surface in the Console language. Hairline-bordered + * mono crumb, single chartreuse accent rule, missing permissions printed + * as code-chips so the operator can paste them into a permission grant. + */ +export function ForbiddenView({ missing }: ForbiddenViewProps) { + return ( +
+
+
+ + + +
+ // 403 · access denied +
+
+ +

+ You don't hold the permissions to view this surface. +

+

+ Ask a root-tenant operator to grant the permissions below to a role you hold. +

+ + {missing && missing.length > 0 && ( +
+
missing
+
    + {missing.map((p) => ( +
  • + {p} +
    • + ))} +
+
+ )} + +
+ +
+
+
+ ); +} diff --git a/clients/admin/src/components/impersonation/active-grants-card.tsx b/clients/admin/src/components/impersonation/active-grants-card.tsx new file mode 100644 index 0000000000..b15a304ffe --- /dev/null +++ b/clients/admin/src/components/impersonation/active-grants-card.tsx @@ -0,0 +1,184 @@ +import { useState } from "react"; +import { useQuery } from "@tanstack/react-query"; +import { ShieldOff, UserCog } from "lucide-react"; +import { + listImpersonationGrants, + type ImpersonationGrantDto, +} from "@/api/impersonation-grants"; +import type { UserDto } from "@/api/users"; +import { useAuth } from "@/auth/use-auth"; +import { Button } from "@/components/ui/button"; +import { Badge } from "@/components/ui/badge"; +import { FormSection, FormShell } from "@/components/list"; +import { ImpersonateDialog } from "@/components/impersonation/impersonate-dialog"; +import { RevokeGrantDialog } from "@/components/impersonation/revoke-grant-dialog"; +import { IdentityPermissions } from "@/lib/permissions"; + +const REFRESH_INTERVAL_MS = 5_000; + +/** + * ActiveGrantsCard — tenant-detail inline view of active impersonation + * sessions targeting users in this tenant. Polls every 5s. Renders nothing + * if the caller can't see impersonation grants (perm-gated upstream). + */ +export function ActiveGrantsCard({ tenantId }: { tenantId: string }) { + const { user } = useAuth(); + const canView = (user?.permissions ?? []).includes(IdentityPermissions.Impersonation.View); + const canRevoke = (user?.permissions ?? []).includes(IdentityPermissions.Impersonation.Revoke); + const canImpersonate = (user?.permissions ?? []).includes(IdentityPermissions.Users.Impersonate); + const currentUserId = user?.id ?? null; + + const query = useQuery({ + queryKey: ["impersonation-grants", "tenant-active", tenantId], + queryFn: () => + listImpersonationGrants({ + status: "Active", + impersonatedTenantId: tenantId, + take: 50, + }), + enabled: canView, + refetchInterval: REFRESH_INTERVAL_MS, + }); + + const [targetGrant, setTargetGrant] = useState(null); + const [reopenGrant, setReopenGrant] = useState(null); + + // Minimal UserDto sufficient for ImpersonateDialog's ConfigureStep render. + const reopenPrefillUser: UserDto | undefined = reopenGrant + ? { + id: reopenGrant.impersonatedUserId, + userName: reopenGrant.impersonatedUserName ?? undefined, + firstName: null, + lastName: null, + email: null, + isActive: true, + emailConfirmed: true, + } + : undefined; + + // Quiet hide when there's nothing to show — busy operators don't need + // an empty box on every tenant page. + if (!canView) return null; + if (query.isLoading) return null; + const items = query.data ?? []; + if (items.length === 0) return null; + + return ( + <> + + +
    + {items.map((g) => ( +
  • + +
    +
    + + + {g.actorUserName ?? g.actorUserId} + + + + {g.impersonatedUserName ?? g.impersonatedUserId} + + + + Active + +
    +
    + started {new Date(g.startedAtUtc).toLocaleTimeString()} · expires{" "} + {new Date(g.expiresAtUtc).toLocaleTimeString()} + {g.reason && <> · {truncate(g.reason, 80)}} +
    +
    + setTargetGrant(g)} + onReopen={() => setReopenGrant(g)} + /> +
    • + ))} +
+ + + + !open && setTargetGrant(null)} + /> + + !open && setReopenGrant(null)} + tenantId={reopenGrant?.impersonatedTenantId ?? ""} + tenantName={reopenGrant?.impersonatedTenantId} + prefillUser={reopenPrefillUser} + /> + + ); +} + +function RowActions({ + grant: _grant, + canRevoke, + canReopen, + onRevoke, + onReopen, +}: { + grant: ImpersonationGrantDto; + canRevoke: boolean; + canReopen: boolean; + onRevoke: () => void; + onReopen: () => void; +}) { + if (!canRevoke && !canReopen) { + return ( + + view-only + + ); + } + return ( +
+ {canReopen && ( + + )} + {canRevoke && ( + + )} +
+ ); +} + +function truncate(s: string, n: number): string { + return s.length > n ? `${s.slice(0, n - 1)}…` : s; +} diff --git a/clients/admin/src/components/impersonation/impersonate-dialog.tsx b/clients/admin/src/components/impersonation/impersonate-dialog.tsx new file mode 100644 index 0000000000..7afa6924c0 --- /dev/null +++ b/clients/admin/src/components/impersonation/impersonate-dialog.tsx @@ -0,0 +1,465 @@ +import { useEffect, useState } from "react"; +import { useMutation, useQuery, keepPreviousData } from "@tanstack/react-query"; +import { ArrowLeft, ArrowRight, Check, Search, ShieldAlert, UserCog } from "lucide-react"; +import { toast } from "sonner"; +import { searchUsers, type UserDto } from "@/api/users"; +import { startImpersonation, type ImpersonationResponse } from "@/api/impersonation"; +import { Button } from "@/components/ui/button"; +import { Input } from "@/components/ui/input"; +import { Badge } from "@/components/ui/badge"; +import { + Dialog, + DialogBody, + DialogContent, + DialogDescription, + DialogFooter, + DialogHeader, + DialogTitle, +} from "@/components/ui/dialog"; +import { Monogram } from "@/components/monogram"; +import { ApiRequestError } from "@/lib/api-client"; +import { env } from "@/env"; +import { cn } from "@/lib/cn"; + +type Props = { + open: boolean; + onOpenChange: (open: boolean) => void; + tenantId: string; + tenantName?: string; + /** Pre-select a user — skips the picker and jumps straight to the form. */ + prefillUser?: UserDto; +}; + +type DurationOption = { minutes: number; label: string }; +const DURATION_OPTIONS: DurationOption[] = [ + { minutes: 10, label: "10 min" }, + { minutes: 15, label: "15 min" }, + { minutes: 30, label: "30 min" }, +]; + +/** + * ImpersonateDialog — two-step modal flow: + * 1. Pick a user inside the target tenant (skipped if `prefillUser` is set) + * 2. Enter reason + pick session duration → start + * + * On success, opens the dashboard origin in a NEW TAB with the impersonation + * token in the URL hash. The dashboard's bootstrap reads the hash, installs + * the token, and strips it from the URL before any render. Hash params are + * never sent to the server and don't leak via referrer/HTTP logs. + */ +export function ImpersonateDialog({ + open, + onOpenChange, + tenantId, + tenantName, + prefillUser, +}: Props) { + const [step, setStep] = useState<"pick" | "configure">(prefillUser ? "configure" : "pick"); + const [selected, setSelected] = useState(prefillUser ?? null); + + // Reset on close + when prefill changes so reopening is idempotent. + useEffect(() => { + if (open) { + setStep(prefillUser ? "configure" : "pick"); + setSelected(prefillUser ?? null); + } + }, [open, prefillUser]); + + return ( + + + +
+ + + + Impersonate user +
+ + Tenant{" "} + {tenantName ?? tenantId} ·{" "} + {step === "pick" + ? "pick a user to impersonate." + : "session details. Token will be issued and opened in the dashboard."} + + + + {step === "pick" ? ( + { + setSelected(user); + setStep("configure"); + }} + onCancel={() => onOpenChange(false)} + /> + ) : ( + selected && ( + { + setSelected(null); + setStep("pick"); + } + } + onDone={() => onOpenChange(false)} + /> + ) + )} + + + ); +} + +// ─── Step 1: pick user ────────────────────────────────────────────────── + +function PickStep({ + tenantId, + onPick, + onCancel, +}: { + tenantId: string; + onPick: (user: UserDto) => void; + onCancel: () => void; +}) { + const [search, setSearch] = useState(""); + const [debounced, setDebounced] = useState(""); + + useEffect(() => { + const handle = setTimeout(() => setDebounced(search.trim()), 250); + return () => clearTimeout(handle); + }, [search]); + + const query = useQuery({ + queryKey: ["impersonation", "users", tenantId, debounced], + queryFn: () => + searchUsers({ + tenantId, + search: debounced || undefined, + pageSize: 25, + // Skip disabled accounts — impersonating a deactivated user is a footgun + // (the impersonation token would be valid, but the user's normal sign-in + // is disabled — confusing to debug). + isActive: true, + }), + placeholderData: keepPreviousData, + }); + + const users = query.data?.items ?? []; + + return ( + <> + +
+ + setSearch(e.target.value)} + placeholder="Search by name, email, or username…" + className="pl-9" + /> +
+ +
+ {query.isError && ( +
+ {query.error instanceof ApiRequestError + ? query.error.problem?.detail ?? query.error.message + : "Failed to load users."} +
+ )} + + {query.isLoading && ( +
+ Loading + +
+ )} + + {!query.isLoading && users.length === 0 && ( +
+ No users match{debounced ? ` “${debounced}”` : ""}. +
+ )} + +
    + {users.map((user) => ( +
  • + +
    • + ))} +
+
+ + + + + + + ); +} + +// ─── Step 2: configure ────────────────────────────────────────────────── + +function ConfigureStep({ + tenantId, + tenantName, + user, + onBack, + onDone, +}: { + tenantId: string; + tenantName?: string; + user: UserDto; + onBack?: () => void; + onDone: () => void; +}) { + const [reason, setReason] = useState(""); + const [minutes, setMinutes] = useState(15); + + const trimmedReason = reason.trim(); + const reasonValid = trimmedReason.length >= 4; + + const mutation = useMutation({ + mutationFn: () => + startImpersonation({ + targetUserId: user.id, + targetTenantId: tenantId, + reason: trimmedReason, + durationMinutes: minutes, + }), + onSuccess: (response) => { + handoffToDashboard(response, tenantId); + toast.success(`Impersonation started · ${minutes} min`, { + description: `Opened the dashboard as ${labelFor(user)}. End impersonation from inside the dashboard tab.`, + }); + onDone(); + }, + onError: (err) => { + const detail = + err instanceof ApiRequestError + ? err.problem?.detail ?? err.problem?.title ?? err.message + : err.message; + toast.error("Impersonation failed", { description: detail }); + }, + }); + + return ( + <> + + + +
+ // Duration +
+ {DURATION_OPTIONS.map((opt) => { + const active = minutes === opt.minutes; + return ( + + ); + })} +
+
+ +
+ +