KC deploy 3

KC deploy 2
KC deploy
2026-05-04 15:00:28 +02:00 · 2026-05-04 14:56:06 +02:00 · 2026-05-04 13:49:18 +02:00 · 2026-05-04 12:08:32 +02:00 · 2026-04-30 19:08:24 +02:00 · 2026-04-30 18:24:34 +02:00
267 changed files with 17021 additions and 25160 deletions
@@ -0,0 +1,2 @@
 # Force LF line endings for shell scripts
 *.sh text eol=lf
@@ -0,0 +1,47 @@
 name: AI Code Review
 on:
  pull_request:
    types: [ labeled, synchronize ]
 jobs:
  ai-review:
    if: >-
      (github.event.action == 'synchronized' && contains(toJSON(github.event.pull_request.labels), 'ai-review')) || contains(toJSON(gitea.event.changes.added_labels), 'ai-review')
    runs-on: ubuntu-latest
    env:
      AI_REVIEW_CONFIG_FILE_YAML: ./shared-prompts/iac/.ai-review.yaml
      # VCS configuration
      VCS__PROVIDER: GITEA
      VCS__PIPELINE__OWNER: ${{ github.repository_owner }}
      VCS__PIPELINE__REPO: ${{ github.event.repository.name }}
      VCS__PIPELINE__PULL_NUMBER: ${{ github.event.pull_request.number }}
      VCS__HTTP_CLIENT__API_URL: https://git.forteapps.net/api/v1
      VCS__HTTP_CLIENT__API_TOKEN: ${{ secrets.AI_REVIEW_TOKEN }}
      # Review — disable fallback to see real Gitea API errors
      REVIEW__INLINE_COMMENT_FALLBACK: "false"
      # LLM configuration
      LLM__PROVIDER: CLAUDE
      LLM__META__MODEL: claude-sonnet-4-20250514
      LLM__META__MAX_TOKENS: "4096"
      LLM__HTTP_CLIENT__API_URL: https://api.anthropic.com
      LLM__HTTP_CLIENT__API_TOKEN: ${{ secrets.ANTHROPIC_API_KEY }}
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
      with:
        submodules: true
        fetch-depth: 0
        token: ${{ secrets.AI_REVIEW_TOKEN }}
    - name: Run inline review
      uses: docker://nikitafilonov/ai-review:v0.64.0
      with:
        args: ai-review run-inline
    - name: Run summary review
      uses: docker://nikitafilonov/ai-review:v0.64.0
      with:
        args: ai-review run-summary
@@ -0,0 +1,18 @@
 # User-specific files
 *.user
 *.lock
 *.userosscache
 # User-specific files (MonoDevelop/Xamarin Studio)
 *.userprefs
 private/
 .helm/
 temp/
 *.orig
 CLAUDE.md
 .claude/
 devbox.d/
 devbox.lock
 .devbox/
 bash.exe.stackdump
@@ -0,0 +1,3 @@
 [submodule "shared-prompts"]
 	path = shared-prompts
 	url = https://git.forteapps.net/Forte/ai-review-prompts.git
@@ -1,460 +0,0 @@
 <!doctype html>
 <html lang="en" class="no-js">
  <head>
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width,initial-scale=1">
        <meta name="description" content="Documentation for the GitOps-managed Kubernetes cluster">
      <link rel="icon" href="/assets/images/favicon.png">
      <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.6">
        <title>K8s Launchpad</title>
      <link rel="stylesheet" href="/assets/stylesheets/main.484c7ddc.min.css">
        <link rel="stylesheet" href="/assets/stylesheets/palette.ab4e12ef.min.css">
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
        <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
    <script>__md_scope=new URL("/",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
  </head>
    <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
    <label class="md-overlay" for="__drawer"></label>
    <div data-md-component="skip">
    </div>
    <div data-md-component="announce">
    </div>
 <header class="md-header md-header--shadow" data-md-component="header">
  <nav class="md-header__inner md-grid" aria-label="Header">
    <a href="/." title="K8s Launchpad" class="md-header__button md-logo" aria-label="K8s Launchpad" data-md-component="logo">
  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
    </a>
    <label class="md-header__button md-icon" for="__drawer">
      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
    </label>
    <div class="md-header__title" data-md-component="header-title">
      <div class="md-header__ellipsis">
        <div class="md-header__topic">
          <span class="md-ellipsis">
            K8s Launchpad
          </span>
        </div>
        <div class="md-header__topic" data-md-component="header-topic">
          <span class="md-ellipsis">
          </span>
        </div>
      </div>
    </div>
        <form class="md-header__option" data-md-component="palette">
    <input class="md-option" data-md-color-media="" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo"  aria-label="Switch to dark mode"  type="radio" name="__palette" id="__palette_0">
      <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
      </label>
    <input class="md-option" data-md-color-media="" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo"  aria-label="Switch to light mode"  type="radio" name="__palette" id="__palette_1">
      <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
      </label>
 </form>
      <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
        <label class="md-header__button md-icon" for="__search">
          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
        </label>
        <div class="md-search" data-md-component="search" role="dialog">
  <label class="md-search__overlay" for="__search"></label>
  <div class="md-search__inner" role="search">
    <form class="md-search__form" name="search">
      <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
      <label class="md-search__icon md-icon" for="__search">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
      </label>
      <nav class="md-search__options" aria-label="Search">
        <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
        </button>
      </nav>
    </form>
    <div class="md-search__output">
      <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
        <div class="md-search-result" data-md-component="search-result">
          <div class="md-search-result__meta">
            Initializing search
          </div>
          <ol class="md-search-result__list" role="presentation"></ol>
        </div>
      </div>
    </div>
  </div>
 </div>
      <div class="md-header__source">
        <a href="https://git.forteapps.net/Forte/launchpad" title="Go to repository" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">
    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
  </div>
  <div class="md-source__repository">
    Forte/launchpad
  </div>
 </a>
      </div>
  </nav>
 </header>
    <div class="md-container" data-md-component="container">
      <main class="md-main" data-md-component="main">
        <div class="md-main__inner md-grid">
              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
 <nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
  <label class="md-nav__title" for="__drawer">
    <a href="/." title="K8s Launchpad" class="md-nav__button md-logo" aria-label="K8s Launchpad" data-md-component="logo">
  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
    </a>
    K8s Launchpad
  </label>
    <div class="md-nav__source">
      <a href="https://git.forteapps.net/Forte/launchpad" title="Go to repository" class="md-source" data-md-component="source">
  <div class="md-source__icon md-icon">
    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
  </div>
  <div class="md-source__repository">
    Forte/launchpad
  </div>
 </a>
    </div>
  <ul class="md-nav__list" data-md-scrollfix>
    <li class="md-nav__item">
      <a href="/." class="md-nav__link">
  <span class="md-ellipsis">
    Home
  </span>
      </a>
    </li>
    <li class="md-nav__item">
      <a href="/GITOPS-ARCHITECTURE/" class="md-nav__link">
  <span class="md-ellipsis">
    GitOps Architecture
  </span>
      </a>
    </li>
    <li class="md-nav__item">
      <a href="/DEVELOPER-GUIDE/" class="md-nav__link">
  <span class="md-ellipsis">
    Developer Guide
  </span>
      </a>
    </li>
    <li class="md-nav__item">
      <a href="/OPERATIONS-RUNBOOK/" class="md-nav__link">
  <span class="md-ellipsis">
    Operations Runbook
  </span>
      </a>
    </li>
    <li class="md-nav__item">
      <a href="/REFERENCE/" class="md-nav__link">
  <span class="md-ellipsis">
    Technical Reference
  </span>
      </a>
    </li>
  </ul>
 </nav>
                  </div>
                </div>
              </div>
              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
 <nav class="md-nav md-nav--secondary" aria-label="Table of contents">
 </nav>
                  </div>
                </div>
              </div>
            <div class="md-content" data-md-component="content">
              <article class="md-content__inner md-typeset">
  <h1>404 - Not found</h1>
              </article>
            </div>
 <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
        </div>
          <button type="button" class="md-top md-icon" data-md-component="top" hidden>
  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
  Back to top
 </button>
      </main>
        <footer class="md-footer">
  <div class="md-footer-meta md-typeset">
    <div class="md-footer-meta__inner md-grid">
      <div class="md-copyright">
    Made with
    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
      Material for MkDocs
    </a>
 </div>
    </div>
  </div>
 </footer>
    </div>
    <div class="md-dialog" data-md-component="dialog">
      <div class="md-dialog__inner md-typeset"></div>
    </div>
      <script id="__config" type="application/json">{"annotate": null, "base": "/", "features": ["navigation.instant", "navigation.sections", "navigation.top", "search.highlight", "content.code.copy"], "search": "/assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": null}</script>
      <script src="/assets/javascripts/bundle.79ae519e.min.js"></script>
  </body>
 </html>
@@ -0,0 +1,527 @@
 # Kubernetes Cluster - GitOps Configuration
 > **Kubernetes cluster bootstrapping and GitOps configuration repository** using ArgoCD for multi-cloud Kubernetes (UpCloud, AWS EKS, Azure AKS, GCP GKE)
 [![GitOps](https://img.shields.io/badge/GitOps-ArgoCD-blue)](https://argoproj.github.io/cd/)
 [![Kubernetes](https://img.shields.io/badge/Kubernetes-Multi--Cloud-orange)]()
 ---
 ## 📚 Complete Documentation
 **New developers and operators**: Please refer to our comprehensive documentation for detailed guides and references:
 ### 🎯 [**START HERE: Documentation Index**](docs/README.md)
 | Document | Description | Audience |
 |----------|-------------|----------|
 | **[GitOps Architecture](docs/GITOPS-ARCHITECTURE.md)** | System architecture, repository structure, GitOps workflows, security model | Everyone (start here) |
 | **[Developer Guide](docs/DEVELOPER-GUIDE.md)** | Local setup, deploying apps, managing secrets, troubleshooting | Developers |
 | **[Operations Runbook](docs/OPERATIONS-RUNBOOK.md)** | Cluster bootstrap, day-to-day operations, incident response, maintenance | Platform Engineers, SREs |
 | **[Technical Reference](docs/REFERENCE.md)** | Component specs, Helm charts, ArgoCD config, Kyverno policies, API docs | Everyone (reference) |
 ---
 ## 🚀 Quick Start
 ### For New Developers
 ```bash
 # 1. Clone repositories
 git clone https://git.forteapps.net/Forte/launchpad.git
 git clone ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
 # 2. Read the guides
 # - Start: docs/GITOPS-ARCHITECTURE.md
 # - Follow: docs/DEVELOPER-GUIDE.md
 # 3. Deploy your first app (see Developer Guide)
 ```
 ### For Operators
 ```bash
 # 1. Bootstrap new cluster
 ./bootstrap.sh
 # 2. Verify deployment
 kubectl get applications -n argocd
 kubectl get pods --all-namespaces
 # 3. Read Operations Runbook for day-to-day tasks
 ```
 ---
 ## 📋 Overview
 This repository contains the complete GitOps configuration for our Kubernetes cluster, using the **App-of-Apps pattern** with ArgoCD.
 ### What's Inside
 - **Infrastructure Applications**: Traefik, Cert-Manager, Kyverno, Prometheus, Grafana, Loki, Tempo, Sealed Secrets, Homepage (platform dashboard)
 - **Business Applications**: MCP10X, MusicMan, Dot-AI Stack, ArgoCD MCP
 - **Policies**: Kyverno security policies for secret management, namespace controls, pod verification
 - **Monitoring**: Full observability stack with metrics, logs, traces, and alerting
 - **Secrets**: Sealed Secrets for secure Git storage
 ### Key Features
 ✅ **GitOps-Native**: Git is the single source of truth
 ✅ **Auto-Sync**: Changes automatically deployed (60s reconciliation)
 ✅ **Self-Healing**: Manual cluster changes are reverted
 ✅ **Multi-Source**: Separate chart templates from configuration
 ✅ **Policy Enforcement**: Kyverno ensures security and compliance
 ✅ **Authentication**: Automatic sidecar injection (token & OIDC support)
 ✅ **TLS Everywhere**: Automatic Let's Encrypt certificates
 ✅ **Full Observability**: Prometheus, Grafana, Loki, Tempo integration
 ---
 ## 🗂️ Repository Structure
 ```
 .
 ├── bootstrap.sh                # Cluster initialization script
 ├── _app-of-apps.yaml          # Root ArgoCD Application (App-of-Apps pattern)
 │
 ├── infra/                     # Infrastructure ArgoCD Applications (Kustomize multi-cluster)
 │   ├── base/                  # Base ArgoCD Application manifests (one dir per component)
 │   │   ├── kustomization.yaml # Aggregates all component subdirectories
 │   │   ├── traefik-application/
 │   │   │   ├── kustomization.yaml
 │   │   │   └── traefik-application.yaml
 │   │   ├── keycloak/
 │   │   │   ├── kustomization.yaml
 │   │   │   └── keycloak.yaml
 │   │   ├── grafana/
 │   │   ├── prometheus/
 │   │   ├── ...               # Each component in its own subdirectory
 │   │   └── secrets/
 │   ├── overlays/              # Per-cluster overrides (Kustomize)
 │   │   ├── upc-dev/           # UpCloud Dev — includes all base components
 │   │   ├── upc-prod/         # UpCloud Prod — all components + patches
 │   │   ├── aks-dev/          # Azure AKS Dev — selective components only
 │   │   ├── aks-prod/         # Azure AKS Prod
 │   │   ├── eks-dev/           # AWS EKS Dev
 │   │   ├── eks-prod/         # AWS EKS Prod
 │   │   ├── gke-dev/          # GCP GKE Dev
 │   │   └── gke-prod/         # GCP GKE Prod
 │   ├── dashboards/            # Grafana dashboard ConfigMaps
 │   └── values/                # Helm value overrides
 │       ├── base/              # Shared cloud-agnostic values
 │       ├── upc-dev/           # UpCloud Dev (storage, LB, pricing)
 │       ├── upc-prod/         # UpCloud Prod
 │       ├── eks-dev/           # AWS EKS Dev
 │       ├── eks-prod/         # AWS EKS Prod
 │       ├── aks-dev/        # Azure AKS Dev
 │       ├── aks-prod/       # Azure AKS Prod
 │       ├── gke-dev/          # GCP GKE Dev
 │       └── gke-prod/         # GCP GKE Prod
 │
 ├── apps/                      # Business Applications (Kustomize, same pattern as infra)
 │   ├── base/                  # One subdirectory per app
 │   │   ├── kustomization.yaml
 │   │   ├── musicman/
 │   │   ├── mcp10x/
 │   │   ├── dot-ai-stack/
 │   │   ├── ts-mcp/
 │   │   └── argo-mcp/
 │   └── overlays/              # Per-cluster: cherry-pick or include all
 │       ├── upc-dev/           # All apps
 │       ├── upc-prod/         # All apps + patches
 │       └── aks-dev/          # Selective apps only
 │
 ├── cluster-resources/         # Cluster-wide Kubernetes resources
 │   ├── letsencrypt-issuer.yaml
 │   ├── kyverno-config.yaml
 │   ├── *-sealed.yaml          # Sealed secrets
 │   └── policies/              # Kyverno policies
 │       ├── secret-cloner.yaml
 │       ├── default-ns-blocker.yaml
 │       ├── bare-pod-cleaner.yaml
 │       └── auth-sidecar-injector.yaml
 │
 ├── secrets/                   # Application secrets (sealed)
 │   └── *-credentials-sealed.yaml
 │
 ├── private/                   # Local-only files (Git-ignored)
 │   └── *.yaml                 # Unsealed secrets (never committed)
 │
 └── docs/                      # 📚 Comprehensive documentation
    ├── README.md              # Documentation index
    ├── GITOPS-ARCHITECTURE.md # Architecture guide
    ├── DEVELOPER-GUIDE.md     # Developer onboarding
    ├── OPERATIONS-RUNBOOK.md  # Operations procedures
    └── REFERENCE.md           # Technical reference
 ```
 **See [GitOps Architecture - Repository Structure](docs/GITOPS-ARCHITECTURE.md#repository-structure) for detailed explanation.**
 ---
 ## 🏗️ Architecture
 ### Three-Repository Pattern
 | Repository | Purpose | Who Edits | How Often |
 |------------|---------|-----------|-----------|
 | **[launchpad](https://git.forteapps.net/Forte/launchpad)** (this repo) | ArgoCD Applications, cluster resources | Platform / DevOps engineers | ✅ Often |
 | **[forte-helm](https://git.forteapps.net/Forte/forte-helm)** | Generic Helm chart templates | Platform engineers | ❌ Rarely |
 | **[helm-prod-values](ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git)** | App-specific configuration & versions | Developers / CI pipelines | ✅ Sometimes |
 ### GitOps Workflow
 ```
 Developer commits code → CI/CD builds image → Updates helm-prod-values → ArgoCD syncs → Deployed to cluster
 ```
 **Learn more**: [GitOps Architecture - GitOps Workflow](docs/GITOPS-ARCHITECTURE.md#gitops-workflow)
 ---
 ## 🔧 Common Tasks
 ### Deploy a New Application
 **See detailed guide**: [Developer Guide - Deploying Your First Application](docs/DEVELOPER-GUIDE.md#deploying-your-first-application)
 **Quick version**:
 1. Create `apps/myapp.yaml` (ArgoCD Application manifest)
 2. Create `helm-prod-values/myapp/values.yaml` (configuration)
 3. Create sealed secrets if needed
 4. Commit and push - ArgoCD auto-syncs!
 ### Update an Existing Application
 **See detailed guide**: [Developer Guide - Updating an Existing Application](docs/DEVELOPER-GUIDE.md#updating-an-existing-application)
 **Quick version**:
 - **Update code**: Push to app repo → CI/CD updates image tag in helm-prod-values
 - **Update config**: Edit `helm-prod-values/myapp/values.yaml` → commit → push
 ### Manage Secrets
 **See detailed guide**: [Developer Guide - Working with Secrets](docs/DEVELOPER-GUIDE.md#working-with-secrets)
 ```bash
 # Create plain secret
 kubectl create secret generic myapp-creds \
  --from-literal=KEY=value \
  --dry-run=client -o yaml > private/myapp-creds.yaml
 # Seal it
 kubeseal --format=yaml --cert=pub-cert.pem \
  < private/myapp-creds.yaml > secrets/myapp-creds-sealed.yaml
 # Commit sealed version
 git add secrets/myapp-creds-sealed.yaml
 git commit -m "Add myapp credentials"
 git push
 ```
 ### Enable Authentication
 **See detailed guide**: [Developer Guide - Enabling Authentication](docs/DEVELOPER-GUIDE.md#enabling-authentication-for-applications)
 **Quick version**:
 ```yaml
 # In helm-prod-values/myapp/values.yaml
 # Token-based auth (simple)
 auth:
  enabled: true
  type: token
  tokens:
  - your-secret-token-here
 # OIDC auth (SSO)
 auth:
  enabled: true
  type: oidc
  oidc:
    authority: https://auth.example.com/realms/master
    clientId: myapp
 ```
 Then create OIDC secret (if using OIDC):
 ```bash
 kubectl create secret generic auth-oidc \
  --from-literal=client-secret=your-oidc-secret \
  --from-literal=cookie-secret=$(openssl rand -hex 32) \
  --namespace=myapp | \
  kubeseal --format=yaml --cert=pub-cert.pem --namespace=myapp | \
  kubectl apply -f -
 ```
 ### Bootstrap Cluster
 **See detailed guide**: [Operations Runbook - Cluster Bootstrap](docs/OPERATIONS-RUNBOOK.md#cluster-bootstrap)
 ```bash
 # Initialize new cluster
 ./bootstrap.sh
 # Verify
 kubectl get applications -n argocd
 kubectl get pods --all-namespaces
 ```
 ---
 ## 🛠️ Quick Reference
 ### Monitor Applications
 ```bash
 # List all ArgoCD applications
 kubectl get applications -n argocd
 # Watch sync status
 kubectl get applications -n argocd -w
 # Check specific application
 kubectl describe application myapp -n argocd
 # View application logs
 kubectl logs -n myapp <pod-name>
 ```
 ### Access UIs
 ```bash
 # ArgoCD UI
 kubectl port-forward svc/argocd-server -n argocd 8080:443
 # Access: https://localhost:8080 (no auth required)
 # Grafana
 kubectl port-forward -n monitoring svc/grafana 3000:80
 # Access: http://localhost:3000
 # Prometheus
 kubectl port-forward -n monitoring svc/prometheus-server 9090:80
 # Access: http://localhost:9090
 ```
 ### Troubleshooting
 ```bash
 # Check pod status
 kubectl get pods -n myapp
 # View pod logs
 kubectl logs -n myapp <pod-name>
 # Check pod events
 kubectl describe pod -n myapp <pod-name>
 # Check ArgoCD sync errors
 kubectl describe application myapp -n argocd
 # Force sync
 kubectl patch application myapp -n argocd \
  --type merge -p '{"metadata":{"annotations":{"argocd.argoproj.io/refresh":"hard"}}}'
 ```
 **Full troubleshooting guide**: [Developer Guide - Troubleshooting](docs/DEVELOPER-GUIDE.md#troubleshooting)
 ---
 ## 🔐 Security
 ### Secret Management
 - ✅ Sealed Secrets for Git storage
 - ✅ Kyverno auto-clones secrets to namespaces
 - ❌ Never commit plain secrets
 ### Network Security
 - ✅ All traffic TLS-encrypted (Let's Encrypt)
 - ✅ HTTP → HTTPS redirect
 - ✅ Traefik IngressRoute per application
 ### Policy Enforcement
 - ✅ Kyverno policies for security
 - ✅ Default namespace blocked
 - ✅ Bare pods not allowed
 - ✅ Optional authentication sidecar injection
 **Learn more**: [GitOps Architecture - Security Model](docs/GITOPS-ARCHITECTURE.md#security-model)
 ---
 ## 📊 Infrastructure Components
 | Component | Purpose | Namespace | Replicas |
 |-----------|---------|-----------|----------|
 | **ArgoCD** | GitOps controller | `argocd` | 1 |
 | **Traefik** | Ingress controller | `traefik` | 2 |
 | **Cert-Manager** | TLS certificates | `cert-manager` | 1 |
 | **Kyverno** | Policy engine | `kyverno` | 1 |
 | **Sealed Secrets** | Secret encryption | `kube-system` | 1 |
 | **Prometheus** | Metrics | `monitoring` | 1 |
 | **Grafana** | Dashboards | `monitoring` | 1 |
 | **Loki** | Logs | `monitoring` | 1 |
 | **Tempo** | Distributed tracing | `monitoring` | 1 |
 | **Fluent-Bit** | Log shipping | `monitoring` | DaemonSet |
 | **OpenCost** | Cost monitoring | `monitoring` | 1 |
 | **Renovate** | Dependency updates | `renovate` | CronJob |
 **Full specs**: [Technical Reference - Infrastructure Components](docs/REFERENCE.md#infrastructure-components)
 ---
 ## 🌐 Domains & Networking
 - **Local development**: `*.127.0.0.1.nip.io`
 - **Production**: `*.forteapps.net`
 - **DNS**: Manual configuration (contact platform team)
 - **TLS**: Automatic via Let's Encrypt
 ---
 ## 📖 Key Concepts
 ### App-of-Apps Pattern
 `_app-of-apps-{cluster}.yaml` is the root Application that manages all other Applications in `infra/`. Each component in `infra/base/` lives in its own subdirectory (e.g., `infra/base/grafana/`). Overlays can either include **all** components (via `../../base`) or **cherry-pick** specific ones (via `../../base/grafana`, `../../base/prometheus`, etc.). Per-cluster patches swap Helm value file paths. Supported clusters: `upc-dev`, `upc-prod`, `eks-dev`, `eks-prod`, `aks-dev`, `aks-prod`, `gke-dev`, `gke-prod`.
 ### Multi-Source Pattern
 Applications reference both:
 1. **Helm charts** from `forte-helm` (templates)
 2. **Values** from `helm-prod-values` (configuration)
 This separates reusable templates from environment-specific config.
 ### Sync Waves
 Applications deploy in order using `argocd.argoproj.io/sync-wave`:
 - Wave `-1`: Namespaces
 - Wave `0`: Kyverno (policies)
 - Wave `1`: Infrastructure
 - Wave `2+`: Applications
 ### Auto-Sync & Self-Heal
 - **Auto-Sync**: ArgoCD automatically deploys Git changes (60s polling)
 - **Self-Heal**: Manual cluster changes are reverted to match Git
 - **Prune**: Deleted resources in Git are removed from cluster
 **Learn more**: [GitOps Architecture - GitOps Workflow](docs/GITOPS-ARCHITECTURE.md#gitops-workflow)
 ---
 ## ⚙️ Configuration
 ### ArgoCD Settings
 - **Reconciliation**: Every 60 seconds
 - **Sync timeout**: 5 minutes per application
 - **Retry policy**: 5 attempts with exponential backoff
 - **Authentication**: Disabled (internal use only)
 ### Application Defaults
 - **Auto-sync**: Enabled
 - **Self-heal**: Enabled
 - **Prune**: Enabled
 - **Validation**: Server-side validation enabled
 - **Server-side apply**: Enabled
 **Full configuration**: [Technical Reference - ArgoCD Configuration](docs/REFERENCE.md#argocd-configuration)
 ---
 ## 🆘 Getting Help
 ### Documentation
 1. **Start here**: [Documentation Index](docs/README.md)
 2. **For development**: [Developer Guide](docs/DEVELOPER-GUIDE.md)
 3. **For operations**: [Operations Runbook](docs/OPERATIONS-RUNBOOK.md)
 4. **For reference**: [Technical Reference](docs/REFERENCE.md)
 ### Support
 - **Slack**: #platform-support
 - **Issues**: Contact platform team
 - **Emergencies**: Escalate via Slack
 ### Common Questions
 | Question | Answer |
 |----------|--------|
 | How do I deploy an app? | [Developer Guide - Deploying Your First Application](docs/DEVELOPER-GUIDE.md#deploying-your-first-application) |
 | How do I manage secrets? | [Developer Guide - Working with Secrets](docs/DEVELOPER-GUIDE.md#working-with-secrets) |
 | App won't sync? | [Developer Guide - Troubleshooting](docs/DEVELOPER-GUIDE.md#troubleshooting) |
 | How do I bootstrap a cluster? | [Operations Runbook - Cluster Bootstrap](docs/OPERATIONS-RUNBOOK.md#cluster-bootstrap) |
 | Where are the logs? | [Operations Runbook - Monitoring & Alerting](docs/OPERATIONS-RUNBOOK.md#monitoring--alerting) |
 ---
 ## 🤝 Contributing
 ### Adding a New Application
 1. Read [Developer Guide - Deploying Your First Application](docs/DEVELOPER-GUIDE.md#deploying-your-first-application)
 2. Create ArgoCD Application manifest in `apps/`
 3. Create Helm values in `helm-prod-values/`
 4. Create sealed secrets if needed
 5. Commit and push - ArgoCD handles the rest!
 ### Modifying Infrastructure
 1. Read [Operations Runbook](docs/OPERATIONS-RUNBOOK.md)
 2. Update relevant files in `infra/` or `cluster-resources/`
 3. Test changes in isolated namespace if possible
 4. Commit and push
 5. Monitor sync status in Slack/ArgoCD UI
 ### Updating Documentation
 Documentation lives in `docs/`. To update:
 1. Edit relevant markdown file
 2. Update "Last Updated" date
 3. Submit PR or push directly
 4. Notify team of significant changes
 ---
 ## 📝 Notes
 ### Current Environment
 - **Provider**: Multi-cloud (UpCloud, AWS EKS, Azure AKS, GCP GKE)
 - **Active clusters**: UpCloud (upc-dev, upc-prod)
 - **Environment**: Production (internal use only)
 - **Auth**: Disabled for ArgoCD (internal access)
 - **Backup**: Gitea daily backup to S3-compatible storage
 ### Known Limitations
 - Secret rotation not automated
 - DNS management is manual
 **Future improvements**: See [Operations Runbook - Disaster Recovery](docs/OPERATIONS-RUNBOOK.md#disaster-recovery)
 ---
 ## 📚 Additional Resources
 ### External Documentation
 - [ArgoCD Documentation](https://argo-cd.readthedocs.io/)
 - [Kyverno Documentation](https://kyverno.io/docs/)
 - [Traefik Documentation](https://doc.traefik.io/traefik/)
 - [Cert-Manager Documentation](https://cert-manager.io/docs/)
 - [Grafana Tempo Documentation](https://grafana.com/docs/tempo/)
 - [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets)
 ### Related Repositories
 - [forte-helm](https://git.forteapps.net/Forte/forte-helm) - Helm chart templates
 - [helm-prod-values](git@github.com:fortedigital/helm-prod-values.git) - Application values
 ---
 ## 📄 License
 Internal use only. Not for public distribution.
 ---
 ## 👥 Maintainers
 **Platform Team**
 - Contact: #platform-support on Slack
 - Issues: Create issue in repository or contact team directly
 ---
 **Last Updated**: 2026-04-22
 **Documentation Version**: 1.0.0
 **🚀 Ready to get started? Check out the [Documentation Index](docs/README.md)!**
@@ -0,0 +1,32 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: monitoring
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: infrastructure-apps
  namespace: argocd
  labels:
    app.kubernetes.io/name: infrastructure-apps
    app.kubernetes.io/part-of: platform
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
    targetRevision: HEAD
    path: infra/overlays/aks-dev
  destination:
    server: https://kubernetes.default.svc
    namespace: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
@@ -0,0 +1,32 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: monitoring
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: infrastructure-apps
  namespace: argocd
  labels:
    app.kubernetes.io/name: infrastructure-apps
    app.kubernetes.io/part-of: platform
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
    targetRevision: HEAD
    path: infra/overlays/aks-prod
  destination:
    server: https://kubernetes.default.svc
    namespace: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
@@ -0,0 +1,32 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: monitoring
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: infrastructure-apps
  namespace: argocd
  labels:
    app.kubernetes.io/name: infrastructure-apps
    app.kubernetes.io/part-of: platform
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
    targetRevision: HEAD
    path: infra/overlays/eks-dev
  destination:
    server: https://kubernetes.default.svc
    namespace: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
@@ -0,0 +1,32 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: monitoring
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: infrastructure-apps
  namespace: argocd
  labels:
    app.kubernetes.io/name: infrastructure-apps
    app.kubernetes.io/part-of: platform
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
    targetRevision: HEAD
    path: infra/overlays/eks-prod
  destination:
    server: https://kubernetes.default.svc
    namespace: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
@@ -0,0 +1,32 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: monitoring
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: infrastructure-apps
  namespace: argocd
  labels:
    app.kubernetes.io/name: infrastructure-apps
    app.kubernetes.io/part-of: platform
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
    targetRevision: HEAD
    path: infra/overlays/gke-dev
  destination:
    server: https://kubernetes.default.svc
    namespace: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
@@ -0,0 +1,32 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: monitoring
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: infrastructure-apps
  namespace: argocd
  labels:
    app.kubernetes.io/name: infrastructure-apps
    app.kubernetes.io/part-of: platform
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
    targetRevision: HEAD
    path: infra/overlays/gke-prod
  destination:
    server: https://kubernetes.default.svc
    namespace: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
@@ -0,0 +1,32 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: monitoring
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: infrastructure-apps
  namespace: argocd
  labels:
    app.kubernetes.io/name: infrastructure-apps
    app.kubernetes.io/part-of: platform
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
    targetRevision: HEAD
    path: infra/overlays/upc-dev
  destination:
    server: https://kubernetes.default.svc
    namespace: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
@@ -0,0 +1,32 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: monitoring
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: infrastructure-apps
  namespace: argocd
  labels:
    app.kubernetes.io/name: infrastructure-apps
    app.kubernetes.io/part-of: platform
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
    targetRevision: HEAD
    path: infra/overlays/upc-prod
  destination:
    server: https://kubernetes.default.svc
    namespace: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
@@ -0,0 +1,38 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: argocd-mcp
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "1"
    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
    notifications.argoproj.io/subscribe.on-degraded.slack: ""
  labels:
    app.kubernetes.io/name: argocd-mcp
    app.kubernetes.io/part-of: apps
    app.kubernetes.io/managed-by: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  sources:
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
    path: forteapp
    targetRevision: HEAD
    helm:
      valueFiles:
      - $values/argocd-mcp/values.yaml
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
    targetRevision: HEAD
    ref: values
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd-mcp
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
@@ -0,0 +1,15 @@
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: argocd-mcp-credentials
  namespace: argocd-mcp
 spec:
  encryptedData:
    ARGOCD_API_TOKEN: AgCgJkgdm3jJhMZcQviLXHU0T9MVWRw+OaVLS965PpIFSu6HkBwvVuOx0uUKzEtss3y5XjoGzgqrOrkVJqdb7Amiyj88ZIhLImdZzP/FXhH9N4U1jQ+ayPI02EmjhYuuJeNSvbF+K0IwS8nj/5POaCN9CNj5f/px8EmYhZalcFO7szBbpVNiwyGObMIv7DgtjrfROIVWZ1MD2oEjQ7jiqzvi2ynBJtiF7wyX0ZzE6aIYg/eyvZ3dkW0tRrWjFLtaucFoPVto848UeRHsNfQJnuFHGRI4mrnanBI9YsppPqWuHic9fvyLg9fMz9ZTHaPTS5EMbU+e9eshkQqAPLmawjiy2zW8X9MytjTECPVALko8ejj0MTwmTS15as4tXn7FqAxsH5hCHISVHdqQnEhvw9IdUSXFooipgWaQmz4k+zR3TlMU9III3G0PYiFVyjWy2/mfO4Vsg4RoD8i+RVqQINK9EN6OCr3frqMumhMlJLpTX6+8749Qa/5b6aRzvt5ACDixeHXzeJTzbYJrfGNwTrjL5SZvILgzE24g9YocE5/aLp1X4Qyb99qSODkA51uiVKKLJx9K+R1SnHDduxWuh+9tzJXgbWu2PACaMb5qLkpzA6Dx2kF28lIBAYz/yYR1kY2wvpqh7SO2rXSUROCB7RDRLCCk8V40J74/o4HiDzj9DJEmRzJKWerkPlzOxoe32XDvtY3rmZ1t+orXPRuRJ8PDrmhD4Z0+iBDQrxkv3UDvF7ES7NbtCiXQRN1m3v03q9rP4AsB/s0p8Byq94SoUasisDk5mCf1TAdvkgK4C9D4BcqCfVYRFNGk5AgbuIb1Fsz506TWFImEiJp2R+z18KIJ2Uhdz4NfkUhToe8odr1mP6vxzjzv+6Et5+v9CVYZPkoO7JBDwCVRie+H8qroAzG8OvAq9iuptwDFeZuQ9RLbDGtneqMjWj0a3pkdhRddr6uaKus/oBJo2E98afMY1WWRh/19fstkQ0NYeTrJahTNrKtxnHziTO89MVQZ5G7eDEKnQPYELnor6mMZ9CqSqUIT3w==
    ARGOCD_BASE_URL: AgA6OxPRQoyPHYpTQoO/vM4xkl0heMdPvIZ6xBxS9+yt9zbqhBCoupixyuP4nxbkwB522GVnC/qG2nNN5kzzWck99nlf0UVJ0uac5x5GtkbZ5s1Rc2u1aE42hMdmqS7MIqp0OR96nY2aWwPPIh2OLIECEf1axLZ6uN1bMEAUN36s05JQUlKMikFfcv1iIqxiVj7U2oz5jNXUGknnXnDp4V7Y68yyXpjzqp8Gm0dCugc4ZLuK3v3IUsKTJ/A+keMbeDC+VGTYmoNJevVhuZaPgcwRDU1v7bIYSjVgvYenOEvdWM3IZs5x4USLWPr9K8a7efSCYRJBZD0/45Au87bIcASXtZzN1ifmaWnI69uqqCLj2dsO1O2RTf0ivzpzRLPJkX1D7yqOnPCyQEAGryFSdyl9w8by6Z801dsJkSf/NM3aymqxu0xhNZ+r1tSSdlt6RKEjFJfrsGD/UmBW6EpfMAw6N34FUc3qpgB7TGW7cK5UbxtQEJbdxhOpySdSnMCfupgIu9x/mQa5tfbHMAc8QTj9lXMuipNrO7n5gIxOG6ra+uM7gaDW/xdksDGNmekTO+C9inqQj/LRXL/MEXdy+LaPRquzE0+YRLjCvRFjv0glK+vR2scd7+bd90Pnv5qJwOPod6PXCREGviiBJvSt62mTxnnritHun77lXwpScFYHhA8Loey5/blUSXnOkScLHGzhUibX6AIRw/nBw3IwfgHHrfVz4xBrrzBCs1eJxQfrELsmondd61MeCz94ERY=
  template:
    metadata:
      creationTimestamp: null
      name: argocd-mcp-credentials
      namespace: argocd-mcp
@@ -0,0 +1,16 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: auth-oidc
  namespace: argocd-mcp
 spec:
  encryptedData:
    client-secret: AgBHbqXV1iuVNc1txIt2VWm+Enm2j7W2Z1WptWvRyLZrEhjJlY9pPxJuDuEIGeMbYsVlp+I79Wl897EYPpzZTo7U/h+JQKtPe78rS9trGN6Y+jE5ID/H+SYqZrWDXkYGWjan2+5OTpuH4Cef7G6faXhDW8iwhch4Ep1ZIDbiHQ2EVmQ24+Ar6/d+RDlcfXvF38oWk1Io3WrDkxzf210nIuX5ZapyDP+hP/0Tk7i75wlJX/HYh664rBo+Plxy2HQweRvmUb9y4/jv6VJtlY7tmud7GF9QRg9tGUV8Aor9qyhZjH6CUx7AATelkcaWFko5h185d/q8AYxDbdguSbvVor5hcfG14YCqi51gDNK23jsGdMYiLkSp1Pgr2hgrWL7T5c2LLd2BMXqG1UXIkhwTukK7oPHiZV9sIbvX//duIQWQHRT795eHO2F1YJXiGeDY7icvqpNhpjVxhb4FRTj5PjOKtjfMWd1BGus7Y0THw91kKaM0i/cmKOwNpNHEqsGMcqL9blRykTQWPNL40/Efvk8QxL6D14394F5FLHHg2rzvgASdroqnIq86UrlR3xmXPHpMpUu1zQwfL4eU31Fvy8FsrjPGNhHZPXvdBzi2U6HvFe+/SFrQm3EhGV3JA7tBTLx2jByzLzZLOuPZ0ndrQwccmuSLOkjSVE+WOwZJQ9X6rGa/dyxe/jTvnx6rZ7C/PutrP6BSqtD8By60vF9/bS76mGTQAMEtnsNfaBTiRiU+W0oAfb43VpZn
    cookie-secret: AgA3NHKTzIdz9PgWDLhyZRt8c1SP7oE0cdlyLUjKVBpeozz0YuiPus54w7IdWQcDhtE5KhV3ndjqiu4FIQIGDRil5Am863zCT0qCx71sldql6bhZbUWnYEnUvF2UpayQTajB6+zcEo9IbHta8146Ien3yCuYpfZ0m0RoIVrYCnJFijOurfRieHkQ6nhmjxkFYOha9xStJFoGxKNetdv6uw52+iTMmSOjYtmtwA77uhU4SovrZ2Rs6xp3ySX7bdho0sfu+H/Gyl7/olLBAedVcCBKpZ06efY/SIlP3TGYH4GWN+dxapuCtg+zgTNFOXyWnHdTaeEHrPfVWZnlcy7WOFs8vh1tUsvsmYiR3Pq1OeGPdrayXexM92sKMcqGuX5F6yRv7lE2ikK/rGpNt1NyGOizyrYSWhaRICNtMeFRljEfCgjwsrfzJ28cBsBbAwUg3VTfJLxGOsYZ1oiiO//BO2C4pQtw72fEwpyPkYlSXUgOgnnYZmCvpuc/joHMRyrHIZbkYQ24jDD3a75f+6JP6zXDKYpSsq5g3Sdjhp/SbY30Lr9yMpNq9Lmv7FWj/KCRIBQ38smZTBWkdytvfFqpXyLFrVM/itM6GSgOA0nJnicNn+0p99YFjQzqgXxPdBkAk3Xg7iOX2e4PGPH2a3GkSIzlnhgGi9tuitx4fvQRQZyaFAZcWbCDcFoc9YuRoMbkbC6LAMQyrFj3Rrolp7UjL17IXP8dJEcwwXr2Oz3taTiuTBuMERo1zDzcFcozBarDmRQvcJqcnEtsxxcrne2AjfYf
  template:
    metadata:
      creationTimestamp: null
      name: auth-oidc
      namespace: argocd-mcp
@@ -0,0 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - argo-mcp.yaml
 - argocdmcp-auth-oidc-sealed.yaml
 - argocd-mcp-credentials.yaml
@@ -0,0 +1,18 @@
 # SealedSecret created after namespace (sync-wave: 0)
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: dot-ai-secrets
  namespace: dot-ai
 spec:
  encryptedData:
    anthropic-api-key: AgASIRVNs7kIvZ/XwFJ4j9TJ05TW4YlFNzi2lx+6URlvzjTkMignK+y4/HD3wTK37BkIonnOXf/DGJcMgqgxOrHBVu9tLkSamve5qgf+SOZ8jxaqpLX2e5hdmHrgMp7rVWKiOoxM+bvu8Gdve3eMwXX8Eazj7W7vi430LsvW4BmPrQp+A9SOP+hwMlV5r+P5pUogC3hddt5KoSwpgnpOb8fRGlLDpc548eDNBJrhsAZiiFqc8+CycHX6idxWzlWOTPR05LBs7YrTIP/LUXWdyq6UG8yB5D0c9JNndnGo6kSfJxdaxCNO7GhMAOmo4CitzYn/zhICwuHPLKwUYQBcEHVpFxgub0U9fY7s4i0SAH9aF1kk8yqHWaCicHzi6B3AxMZYr+knS5vVNB+uGZmSKgZ7QNE1bF6E4Gg5bXRwk7OVQhuJSBzxVNDoXoJ6stL8ejU+MP5FtI792FxZbNDImu3kqor/t9wB49ZeB9Ngks2yvtlSrQ3G2lxJaOgNBPmKYhAX95JFI3xUSHOMa18ftn+aXmEQTXOHtM/IT8A95gUvIKz8Hrt03CwgZ8E+3lcsjAVsfNjqn/erqV+xi93OYOL6o9ivmTIem3MzsqjKuQ57HKaghnd+Ygdt/WfotRBSgZtCweOkZBV0XKxI1RmCQXk6dce8x4T7FDEeaSQwkc4yZ77LfQJnyVgU1rds9Hqv0RbymHK8JCQEMMb6PcK+Ow068fdj4NP27HkuYMB5JdPp682KIRwGznN2d3+QPXRd/ZHshnixudY7CLirlZl9xD0HssfSBI+uCrFEAln8D93UYbn7trF5gkKWYQsQ07CVZ5Z1qXieqwJWjHRY+oY=
    auth-token: AgB65rUY3yJuTTLbGyrCtJPZp8UyEOr+kznSMGvUaZ9PoHq+kIEhazRdVKHa/WGvMWuc4x+XYRuIGj+2KiooyilUPrLcE3bz9fUOAFbRw3+iUh3WAgwK+f3eBUG6/0OoFw+GJ583IRidDW1t2BchMxSM1m+3vmQoF24qj7k9j/lWPsnX2IX3DhM0SomD1xmG+LsQMo2e4vQXB0BxhVDIQ621JTrvUPYzYx0NlPqZO/MtR1JWYS7WBTvegvgeBKLxfy9KLnqsuzu7rc2t9BYt7TRqvBg/prrKPdSV6Ei4GOZq+AcG15iOKXhsj8SxejPpM0QDemFTRQkdfz+k8ms4/SM0eylr5fEaa99TMTvjYGCfjJJyRcVm5Ef/XdmXiM3OI1u+9QNPiqXh1zmtp0yQMZ7nRE70kKQ2MHVhEmSUkBjovybIzLk4OL1v0FGDDqa1BN9KmNEBlo8H7DqXzfamVoNPyuuO625B3HgSeR3Udq8hngy9W/wiolmMNSc9C6vBA0HzE7Mkq79fHh/ruTi5zOJLfyEP7KQQqlNKfEtDFQfabaV9ERthQjuUs8ZIrdfCTOyQkrmmGY/sH5yodLRSYSEpHFrhPepwHS7lGzbVucW3Fn34D4OxJXyXQQObZKybLV7g6Oglf2Pdn11CEu/4+19RlykuOlm1dlj852a5NWWmmX319laLGlEd1BpG4cZyc9UZud68dGumwzrUupUMTLlJx8bR5rLgqaMpQMluwvq8MQbBXm4ySOcQ2jQhjw==
    openai-api-key: AgBc4cSrd0riSxKPrp7AqrNYMDAZJTe3aCjTOwEb5pS/KARkgoEGz+0ZhLXa2bcCsPlQzqRzZ1c1cUCnBACkp1xoMfhSOoIJUWJQHRgZx5kEDhNIE/M8PQe8es7jYsW7/ui6iK8uj3Ljk21r8l/ctnP/KiKyML4553el28Ya7XsPQynRvpVexFC4BoJw50nkauLnvl3in0cKmEVAkMWorUP3Etapaj4DWkCQQ22RPN0xGNo9yiIUEAVE+uTRFNKGEHMIvJzgB291FJQtG/WoN/Sy/DeoZkUYndA7CbfFgiz9sq3GqJwyqTM+Ikzw6VCQ3TVWYO/6+yaEzT1NZ/rw00YhDyFoH+yGTkX5lrSUo8lGf3T9OODTdSS1203xtj4dhGbY70sPGMxDfucnO6piVcuRfh9bWg1VX+MTjqpBQE1J0DKJanhoh6lKbPOJhRbi0TIoCz1a3btbbKLDq2YJl7FXA3QNdBsR4qVJ3xmgWlH/eTUskCE2YxDzHmkxgZN2mL22SfeUJYtDRswRG0UGc6pvg2xrR0iEDB0UbH4FQK46fWv8aiOejteLlAAyA9HNA8yi73rTEjq55wpO19/MYj+6oUGEHpFaJje77INTHAKpdbfkp8iKotNXFYLM2hsjyau+x/AFjg87kEdIUVVHHLVMDhOq6NO+foM0nFOIv4lr2Yjl15+ImMSTEfcBr+nWaomnb9G8i5ptqz9bMHbxAcHpzWUBH9SZhzrCWZNDzOm2X2K6mpXhg4WX7VJMoIJk/f+bxTTKnWBawdnpCdbdG5GYQh7usqjPuELFYRTsx+6Tqoddp4KIEyMMxO81XObiN5vEBg74ygunxrjKNg5FoOkUA79YvcGBVVU1FNRl3d8IslXFqhEOT35nxGBB0T7ZORii34tZ2E551NkIo1WbCwilD3Dlgw==
    ui-auth-token: AgDStP4jHhMehx/SAv5x2aQrJwChnWq8WhV/LVTSuuCSSy9kFQGa3Izyl21sMhLKUgrlS030GH50lbku+IY90S+MSBfaCq0Xb8qwohfH+qJulMRgljoU8r58/3ZsaBzbGJjiNMgBCwGlvuK85t3R3662ftwikahWqLfwAahi12L0llUDNyG9UB0Os3oR2CVAt83+YB07YspCWRzwuOz9D1SgOL/g/JF2hoL43pDD65BqYKdEuLFInJZx1Ul68V/FPmJK1gmJb/Kv8pgtk0sGTzxbbTdIQ1Ugf6+8//CWEq6GsMeEZG9VwExL/KYqobnbqd02FRgSSvWybhWLjiALLQvAFtce6FR6bur0rsariyogGjYCuXYdRnhf7QnB6NopwplhFP37Qf6E4q2pJTJ6Fzv0xq+XlfzNkn9Jvebrdkk/5CThW+wPAfx8r1VIySqBsYnPO/ZQDkfQ5ocX6fmzZ1iCg+0NI24k2YwCeMZtEAGpKEtejS0BLvqrilUG6Oz9sHCGHro4Bv5B/jzUjGbye0DSDj1f6c2RcpqMiUxfPvydJIcJGhrTx8sZS3qhEWME7kwjJCZpHEzfdv0weSJbgVGBSh9e1wjZxxeJGXuZKdFzdhpNEWP4uScGW0UnRDwxZzHMsLjS/W30mQmwmgJVTKdPl6VQrvdq7m4AC6+/d7iXlHazieC1KpBme4hWzO+/h7qRw1P5Va/ZWZtnGs8476J8hIojRtOJ/CdWwVLUa0gHo4CYnempIMwCIS3GtA==
  template:
    metadata:
      creationTimestamp: null
      name: dot-ai-secrets
      namespace: dot-ai
@@ -0,0 +1,70 @@
 ---
 # Namespace must be created first (sync-wave: -1)
 apiVersion: v1
 kind: Namespace
 metadata:
  name: dot-ai
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
 ---
 # ArgoCD Application syncs last (sync-wave: 1)
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: dot-ai-stack
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "1"
    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ""
    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
    notifications.argoproj.io/subscribe.on-degraded.slack: ""
  labels:
    app.kubernetes.io/name: dot-ai-stack
    app.kubernetes.io/part-of: apps
    app.kubernetes.io/managed-by: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  sources:
  - repoURL: ghcr.io/vfarcic/dot-ai-stack/charts
    chart: dot-ai-stack
    targetRevision: "0.56.0"
    helm:
      releaseName: dot-ai-stack
      valueFiles:
      - $values/infra/values/base/dot-ai-stack-values.yaml
      - $values/infra/values/upc-dev/dot-ai-stack-values.yaml
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
    targetRevision: HEAD
    ref: values
  destination:
    server: https://kubernetes.default.svc
    namespace: dot-ai
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
      allowEmpty: false
    syncOptions:
    - Validate=true
    - ServerSideApply=true
    - Replace=false
    retry:
      limit: 5
      backoff:
        duration: 5s
        factor: 2
        maxDuration: 3m
  ignoreDifferences:
  - group: apps
    kind: StatefulSet
    jsonPointers:
    - /spec/volumeClaimTemplates
@@ -0,0 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - dot-ai-stack.yaml
 - dot-ai-secrets.yaml
@@ -0,0 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - dot-ai-stack
 - mcp10x
 - musicman
 - ts-mcp
 - argo-mcp
@@ -0,0 +1,16 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: app-credentials
  namespace: mcp10x
 spec:
  encryptedData:
    FLOWCASE_TOKEN: AgAjQ0Jm779LiB2/EBKtIl18Iky/tgl7VvEvkJfr82mbe7JIp99+I8WPIMgmlXsxWBDfwJ/DZoDEAKG5o8mvwc7DtaE7LkpPSXKRIviLrm+7amNdEpwb1zKjCmZ3vNOPXLnCTD3W1od8u106MEvrZpt1N1Pzav/QUElAA4lqyf4AZPuio0H/7jF8QciVHIN4BdofodOmWWCTxP1aVMylat3txlkzuqwkXc1fKBPmOKC1qWepAG7dlQ3xJ2C5Cinz5IqOYnQPO6sm/Gp+c8yQSS+0NpKO3dp93yuwRsOLOMNpCeeYOyzn2ypFIdiBuLA5k85l5WyI9BCvRjP+kzRX+u69XL7p2eMEg+vRVfoOWNetysYCdK+96bWNVVleQEuPAFxsbJWK5eV8jTZk+QeFES8kkXQwUoTMqh+JULgONakxrzc1LmA+FtKNwHWCHalh8pLQ9KeI2i9E5CtotjHfEGLE6T0ibwwOg1ZrL3irQVII8VFm4Rk+dSicbeEMAtIaII023NWuZlonrwIIy+GSVzskhhcjV7t51hylqFA3yfb+RQCzdGYA5fySlJBWhli8IotvqnDmWduPBHGb/+yrdXHsaiDqWuUu6JBUg4JqM+AMa8FkaFh8SbctbGBoycpzLVFn9N2qWviojhC9s1NJ4MiCegvE6IsCLaHidY4UXeeGjUK6Mx6h4x3y/q7ZIrBIpUOJ+8I4Mgvi9sTCogeR+vWtpP9ZZ/31MXELuu/ho3Wn9Q==
  template:
    metadata:
      creationTimestamp: null
      name: app-credentials
      namespace: mcp10x
    type: Opaque
@@ -0,0 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - mcp10x.yaml
 - forte10x-app-credentials-sealed.yaml
@@ -0,0 +1,39 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: mcp10x
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "1"
    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ""
    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
    notifications.argoproj.io/subscribe.on-degraded.slack: ""
  labels:
    app.kubernetes.io/name: mcp10x
    app.kubernetes.io/part-of: apps
    app.kubernetes.io/managed-by: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  sources:
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
    path: forteapp
    targetRevision: HEAD
    helm:
      valueFiles:
      - $values/mcp10x/values.yaml
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
    targetRevision: HEAD
    ref: values
  destination:
    server: https://kubernetes.default.svc
    namespace: mcp10x
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
@@ -0,0 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - musicman.yaml
 - musicman-credentials.yaml
@@ -0,0 +1,19 @@
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: musicman-credentials
  namespace: music-man
  annotations:
    argocd.argoproj.io/sync-wave: "12"
 spec:
  encryptedData:
    DATABASE_URL: AgBGLu8Rw9z9WMo3uX7fezN7tOVlEsmWtikFlyBxuSuQ1dCv6KTCePkwxJx4LuKvaHXlwdWl5yP8wQxMJP0BNJ1wewFb9zeUkP1YuCz4MrfuXq1zrecIr86R5hNbPiOb66e/4oOTCY/z3QREX9WjZdLJV/PCyBz8MP0D51pgWXpM6CBdhwpFbHSALyJk89+q44c9KkRxAUG2OLnesMeRe9nXJt5ariUCl9Qd2POIjx2hSNII1l0KbTcjI9hCf91DYM6poqKYYQUpnrjKv3LJwWS79I2b56+iTtroH3usIRgaiwgtFt2INm+8gwLBmC4xxKJ5VAjjYB/3dcN9XeboXvj0NB05P9jS3e77imUFANIB9coeaNlcvRWxwGCewYMp8+7RT7jPVA41/+aT/zT74tq9WhkKvgrr1It9/5fRnXtFEkhZg5bBcYCChzooarHkiwKlA3Wo0CrFsDPqy89oZrnwMRnVqKWBf79koZV4l7uCA0do9ojf55lTy8mt3mKQkwfqK9UdzZNbYzH0/Fk6gxlSxANOOqe7kt6VPywYUBnh6JS5U+kdTgNeSrFy/xqLFz28fXuikSJvLEouSFu66MeT+6uvYEmdfdLeh7quW/n+p7QTok3v3kRYJ/1Dl8ZtgvM7e8F/J5bLcacj394AJ/bBt+RIDa+XBjNNPrWKcWt/mkudZ25F/84G+hNxYQv7PIbhYfA1JTuHmQSoF+xah5QhKpyNpI3+knJmJj/4MhPKLnTuebg0xfbPevm2CU9fSa4sPIqmSvSGtqlXODvCfDSFEYzWfyfXV5Tys1NGAt04V8fl9A9UxULUm510NCeD0jzFeeYm3ZJiyavA5xF6hXCHoqLE
    JWT_SECRET: AgAJmQ+WPiuifW8jCMOkiZNYj7xb29Z4woRO2ir6bE/qX7y4LkR6SjmsS/FSJqV7apiKgdrQ0TTxSU/7JlwzBkAgzH5UgcwQmQ8imC7JDYLmHssAeZz75Ft/TwCo7ToCPLr4YBetwz39XYyTAi7wgDzKNX8vYuEEaxP5xOTniyIysMzLVGs0EJSB7398fTgQo0t7rIuBBIP072iX93YfLvvTE7rrqg6uIE4D7LJ3oqvKJlN0MnpDPbdqWvxO7lX6P45ACCveCW1G0U77HOLj4QwyORsIEEUkOqDtr1CF7EQJLEZaREvpB42WI6sQEqsORr7F/Z0d0DdCjCSjKolkb/3z9uDUGwGkuTLJvOzMWAQFtQi1pjImCo79jNoKC0h0iBWqXBQbvg5dkCLVDD4A0lq7GD3KXtjktg9hbqPqFgAyYcJ6cUYp7xx53Y6yYyUS2T9KljvqtBR3bZ7yvdLMvsZbecTOgBpTvoELWa+bsympoZYu9PWCE3YnDyYmLLiWRnKgZuA6LhrNZzxzd6ytiasXn8ZIqrec4Rsj2avtmc7NQPwSe9/MmfUG7pWL1T3D9k4vqt4lfoFTswgVIkFE2h/DQDrEhnEAsLDOSYR8LCdvyQWbiSy3d2VvDOHdogyFbhvoHEyH1+cLMR5zgGgDbTyPidUxjkq//A8l1d0twFaJ0y1rvo/RJ/KnXl1E9OdV42i1jZCsCl81qZjfGaIQ18tNB/bwbqsWZRJxxEuLIKJHX2FuKXZDfsj+E0Qsmhj6kwGpVsTkqgLO7mOCCk5d8Lft
    POSTGRES_PASSWORD: AgAG9l5ZbBHtT9o+ysPIy9TAEwVH17xWlKIDScvCY7iVM1gKuZav6nye84DVCNccgZ8nCtu/GQay35ejttR9CLu9Du89OhkFJMGKXSyij7P1+TJP/BPD2+XIzzcMJimq8jrObzqLTPdgfrTs21nJ50GaP0qEvXgEAh+aWyspHrwMnyIJMWq8jpl2ITIEsUpvbxD9zx0yJ7rdkpjrW8Q6AA5bzL9qCmgz8M06+wR86Zu+u+6qOV2SCGDIMmTPqQdvQOU8rzVYF7Xrl4iASju9bdlhjuWSzzYJmDg7O7Xwam4JEUwpHK4zjEaPydF55Lc6t8Sf3P00VMRzBrwZxUeVWCAvzSiiQnfe6/kbG8neCJ99kJoJqULsZ9dvsGrDyz5wu1QSVBHhUseeX8IMoH3R97XJFtQ32EenMTm/SmnmXnI2LD06TB7IBhyTK2uBx2QtYRLasKa+bb0mCD8cJEtpBo9/Y5VY6ILoGH7jEH5WRO8XXLoc6z2GmfxyjOe2cu5C+PUg4cfbafevFiEXp8TbCgiV2214VZ6yMoDNM7xabSPpyo0N4oZ0obiy4Ltc0gwwDDXpEAmfiIjKQ8mu9pywU5OpWhw0bvGsuEeI5nQVWbqvziwdfrUEfBhq+X8hUtNQfrC0DNAePkQVJDbhfXyknWpo6M6upCE2EYeJrM7kJiVV7FkamQcTxYwhl+XrdV4nBwSUolQ/Jy7Jq5Y00iQnm57O49OpRkZWhwBRSWkaF5pbTIPWG/JDii7ixb60sagFTAF1g+IfPPnNjwvuqqEIEyy3
  template:
    metadata:
      creationTimestamp: null
      name: musicman-credentials
      namespace: music-man
    type: Opaque
@@ -0,0 +1,52 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: music-man
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "11"
    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ""
    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
    notifications.argoproj.io/subscribe.on-degraded.slack: ""
  labels:
    app.kubernetes.io/name: music-man
    app.kubernetes.io/part-of: apps
    app.kubernetes.io/managed-by: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  sources:
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
    path: forteapp
    targetRevision: HEAD
    helm:
      valueFiles:
      - $values/musicman/values.yaml
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
    targetRevision: HEAD
    ref: values
  destination:
    server: https://kubernetes.default.svc
    namespace: music-man
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
    retry:
      limit: 5
      backoff:
        duration: 5s
        factor: 2
        maxDuration: 3m
  ignoreDifferences:
  - group: apps
    kind: Deployment
    jsonPointers:
    - /spec/replicas
@@ -0,0 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ts-mcp.yaml
 - ts-mcp-secrets-sealed.yaml
@@ -0,0 +1,13 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  name: ts-mcp-secrets
  namespace: ts-mcp
 spec:
  encryptedData:
    AZURE_CLIENT_SECRET: AgCWj525+NHkZ8XG97hEe4RS0SDC0QIGDXmEvzSlIqJQ9XVZEeKxVuAYmJ+w/HH7zBXD3qlZISeOPKn3FbMEeRukmYK0d5PsH26tRUMPoMzwWCuQkZIQ83uX9Pz/wMiqW8aZFIxpdEiUgVdanxHSFoDRPC1VlSEtV9B9yN2MgXBID5s0oje5BM9ttc4WVRe6+9pMeaOC6u+YUgcfY7xPLetZfC9nQO4zn4jYhoQXfAddwMzNODvQNGPzIv6PXDXJweTwdmtGaxM6eDdcCJI/30bEV9prA5m6UlgTZ/Qp+onU70KdkBA9gM9tMMVUR6j/2sbWzqMP/rVaFLeUH1PjHv15n4EieWyuDyYEfmZNDFXc7O9RIK6P0jCIE+t3myxK2ZQ7cfXprdOSj94au0qP6leat0UUVoc9CFJHHtrNxXYWl7IYVhwvIQCMSgO2qoAXkdW4wKVJAcbJadJjoL2pWxzjaD4GgnUaAxWBANqZI2lD8CED4VfUVMB0ZUYRS/zvy/eqIGlT8WbzwTYFi3YDZRvAUIknxaWEavIG4x52d0FqTmFYY06W53fGYfBrUjJI54GWYyBpKdZTf7b/AlAN0+kwkk6OqsUWwWDqxR7LVCcPhjSIKd/THp+Tbq9z5TiPIHxOO9V60u51f8IoQrEgQfNov7CEGQZ8B9HUGObjNc5MhujzBJasMhrUcd2Ddk6KWk07B7223p/gIEM+81ZWQYUcc29+U/j1dQyRNZy/TC56ywe5DDBJSoGp
  template:
    metadata:
      name: ts-mcp-secrets
      namespace: ts-mcp
@@ -0,0 +1,40 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: ts-mcp
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "11"
    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ""
    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
    notifications.argoproj.io/subscribe.on-degraded.slack: ""
  labels:
    app.kubernetes.io/name: ts-mcp
    app.kubernetes.io/part-of: apps
    app.kubernetes.io/managed-by: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  sources:
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
    path: forteapp
    targetRevision: HEAD
    helm:
      valueFiles:
      - $values/ts-mcp/values.yaml
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
    targetRevision: HEAD
    ref: values
  destination:
    server: https://kubernetes.default.svc
    namespace: ts-mcp
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
@@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ../../base/musicman
@@ -0,0 +1,47 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: dbunk-demo
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "12"
  labels:
    app.kubernetes.io/name: dbunk-demo
    app.kubernetes.io/part-of: apps
    app.kubernetes.io/managed-by: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  sources:
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
    path: forteapp
    targetRevision: HEAD
    helm:
      valueFiles:
      - $values/dbunk-demo/values.yaml
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
    targetRevision: HEAD
    ref: values
  destination:
    server: https://kubernetes.default.svc
    namespace: dbunk-demo
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
      allowEmpty: false
    syncOptions:
    - CreateNamespace=true
    - Validate=true
    - ServerSideApply=true
    retry:
      limit: 5
      backoff:
        duration: 5s
        factor: 2
        maxDuration: 3m
@@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - dbunk-demo.yaml
@@ -0,0 +1,53 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: feedback
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "12"
  labels:
    app.kubernetes.io/name: feedback
    app.kubernetes.io/part-of: apps
    app.kubernetes.io/managed-by: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  sources:
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
    path: forteapp
    targetRevision: HEAD
    helm:
      valueFiles:
      - $values/feedback/values.yaml
  - repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
    targetRevision: HEAD
    ref: values
  destination:
    server: https://kubernetes.default.svc
    namespace: feedback
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
      allowEmpty: false
    syncOptions:
    - CreateNamespace=true
    - Validate=true
    - ServerSideApply=true
    retry:
      limit: 5
      backoff:
        duration: 5s
        factor: 2
        maxDuration: 3m
  ignoreDifferences:
  - group: apps
    kind: StatefulSet
    jsonPointers:
    - /spec/volumeClaimTemplates
@@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - feedback.yaml
@@ -0,0 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ../../base
 - dbunk-demo
 - feedback
 # No patches needed — base already has "upc-dev" paths
 # upc-dev is the default/base cluster
@@ -0,0 +1,14 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ../../base
 patches:
 # dot-ai-stack: swap upc-dev → upc-prod
 - target:
    kind: Application
    name: dot-ai-stack
  patch: |
    - op: replace
      path: /spec/sources/0/helm/valueFiles/1
      value: $values/infra/values/upc-prod/dot-ai-stack-values.yaml
@@ -1,18 +0,0 @@
 /*!
 * Lunr languages, `Danish` language
 * https://github.com/MihaiValentin/lunr-languages
 *
 * Copyright 2014, Mihai Valentin
 * http://www.mozilla.org/MPL/
 */
 /*!
 * based on
 * Snowball JavaScript Library v0.3
 * http://code.google.com/p/urim/
 * http://snowball.tartarus.org/
 *
 * Copyright 2010, Oleg Mazko
 * http://www.mozilla.org/MPL/
 */
 !function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.da=function(){this.pipeline.reset(),this.pipeline.add(e.da.trimmer,e.da.stopWordFilter,e.da.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.da.stemmer))},e.da.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤﬀ-ﬆＡ-Ｚａ-ｚ",e.da.trimmer=e.trimmerSupport.generateTrimmer(e.da.wordCharacters),e.Pipeline.registerFunction(e.da.trimmer,"trimmer-da"),e.da.stemmer=function(){var r=e.stemmerSupport.Among,i=e.stemmerSupport.SnowballProgram,n=new function(){function e(){var e,r=f.cursor+3;if(d=f.limit,0<=r&&r<=f.limit){for(a=r;;){if(e=f.cursor,f.in_grouping(w,97,248)){f.cursor=e;break}if(f.cursor=e,e>=f.limit)return;f.cursor++}for(;!f.out_grouping(w,97,248);){if(f.cursor>=f.limit)return;f.cursor++}d=f.cursor,d<a&&(d=a)}}function n(){var e,r;if(f.cursor>=d&&(r=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,e=f.find_among_b(c,32),f.limit_backward=r,e))switch(f.bra=f.cursor,e){case 1:f.slice_del();break;case 2:f.in_grouping_b(p,97,229)&&f.slice_del()}}function t(){var e,r=f.limit-f.cursor;f.cursor>=d&&(e=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,f.find_among_b(l,4)?(f.bra=f.cursor,f.limit_backward=e,f.cursor=f.limit-r,f.cursor>f.limit_backward&&(f.cursor--,f.bra=f.cursor,f.slice_del())):f.limit_backward=e)}function s(){var e,r,i,n=f.limit-f.cursor;if(f.ket=f.cursor,f.eq_s_b(2,"st")&&(f.bra=f.cursor,f.eq_s_b(2,"ig")&&f.slice_del()),f.cursor=f.limit-n,f.cursor>=d&&(r=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,e=f.find_among_b(m,5),f.limit_backward=r,e))switch(f.bra=f.cursor,e){case 1:f.slice_del(),i=f.limit-f.cursor,t(),f.cursor=f.limit-i;break;case 2:f.slice_from("løs")}}function o(){var e;f.cursor>=d&&(e=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,f.out_grouping_b(w,97,248)?(f.bra=f.cursor,u=f.slice_to(u),f.limit_backward=e,f.eq_v_b(u)&&f.slice_del()):f.limit_backward=e)}var a,d,u,c=[new r("hed",-1,1),new r("ethed",0,1),new r("ered",-1,1),new r("e",-1,1),new r("erede",3,1),new r("ende",3,1),new r("erende",5,1),new r("ene",3,1),new r("erne",3,1),new r("ere",3,1),new r("en",-1,1),new r("heden",10,1),new r("eren",10,1),new r("er",-1,1),new r("heder",13,1),new r("erer",13,1),new r("s",-1,2),new r("heds",16,1),new r("es",16,1),new r("endes",18,1),new r("erendes",19,1),new r("enes",18,1),new r("ernes",18,1),new r("eres",18,1),new r("ens",16,1),new r("hedens",24,1),new r("erens",24,1),new r("ers",16,1),new r("ets",16,1),new r("erets",28,1),new r("et",-1,1),new r("eret",30,1)],l=[new r("gd",-1,-1),new r("dt",-1,-1),new r("gt",-1,-1),new r("kt",-1,-1)],m=[new r("ig",-1,1),new r("lig",0,1),new r("elig",1,1),new r("els",-1,1),new r("løst",-1,2)],w=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,48,0,128],p=[239,254,42,3,0,0,0,0,0,0,0,0,0,0,0,0,16],f=new i;this.setCurrent=function(e){f.setCurrent(e)},this.getCurrent=function(){return f.getCurrent()},this.stem=function(){var r=f.cursor;return e(),f.limit_backward=r,f.cursor=f.limit,n(),f.cursor=f.limit,t(),f.cursor=f.limit,s(),f.cursor=f.limit,o(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return n.setCurrent(e),n.stem(),n.getCurrent()}):(n.setCurrent(e),n.stem(),n.getCurrent())}}(),e.Pipeline.registerFunction(e.da.stemmer,"stemmer-da"),e.da.stopWordFilter=e.generateStopWordFilter("ad af alle alt anden at blev blive bliver da de dem den denne der deres det dette dig din disse dog du efter eller en end er et for fra ham han hans har havde have hende hendes her hos hun hvad hvis hvor i ikke ind jeg jer jo kunne man mange med meget men mig min mine mit mod ned noget nogle nu når og også om op os over på selv sig sin sine sit skal skulle som sådan thi til ud under var vi vil ville vor være været".split(" ")),e.Pipeline.registerFunction(e.da.stopWordFilter,"stopWordFilter-da")}});
@@ -1 +0,0 @@
 !function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.hi=function(){this.pipeline.reset(),this.pipeline.add(e.hi.trimmer,e.hi.stopWordFilter,e.hi.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.hi.stemmer))},e.hi.wordCharacters="ऀ-ःऄ-एऐ-टठ-यर-िी-ॏॐ-य़ॠ-९॰-ॿa-zA-Zａ-ｚＡ-Ｚ0-9０-９",e.hi.trimmer=e.trimmerSupport.generateTrimmer(e.hi.wordCharacters),e.Pipeline.registerFunction(e.hi.trimmer,"trimmer-hi"),e.hi.stopWordFilter=e.generateStopWordFilter("अत अपना अपनी अपने अभी अंदर आदि आप इत्यादि इन इनका इन्हीं इन्हें इन्हों इस इसका इसकी इसके इसमें इसी इसे उन उनका उनकी उनके उनको उन्हीं उन्हें उन्हों उस उसके उसी उसे एक एवं एस ऐसे और कई कर करता करते करना करने करें कहते कहा का काफ़ी कि कितना किन्हें किन्हों किया किर किस किसी किसे की कुछ कुल के को कोई कौन कौनसा गया घर जब जहाँ जा जितना जिन जिन्हें जिन्हों जिस जिसे जीधर जैसा जैसे जो तक तब तरह तिन तिन्हें तिन्हों तिस तिसे तो था थी थे दबारा दिया दुसरा दूसरे दो द्वारा न नके नहीं ना निहायत नीचे ने पर पहले पूरा पे फिर बनी बही बहुत बाद बाला बिलकुल भी भीतर मगर मानो मे में यदि यह यहाँ यही या यिह ये रखें रहा रहे ऱ्वासा लिए लिये लेकिन व वग़ैरह वर्ग वह वहाँ वहीं वाले वुह वे वो सकता सकते सबसे सभी साथ साबुत साभ सारा से सो संग ही हुआ हुई हुए है हैं हो होता होती होते होना होने".split(" ")),e.hi.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var r=e.wordcut;r.init(),e.hi.tokenizer=function(i){if(!arguments.length||null==i||void 0==i)return[];if(Array.isArray(i))return i.map(function(r){return isLunr2?new e.Token(r.toLowerCase()):r.toLowerCase()});var t=i.toString().toLowerCase().replace(/^\s+/,"");return r.cut(t).split("|")},e.Pipeline.registerFunction(e.hi.stemmer,"stemmer-hi"),e.Pipeline.registerFunction(e.hi.stopWordFilter,"stopWordFilter-hi")}});
@@ -1 +0,0 @@
 !function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.hy=function(){this.pipeline.reset(),this.pipeline.add(e.hy.trimmer,e.hy.stopWordFilter)},e.hy.wordCharacters="[A-Za-z԰-֏ﬀ-ﭏ]",e.hy.trimmer=e.trimmerSupport.generateTrimmer(e.hy.wordCharacters),e.Pipeline.registerFunction(e.hy.trimmer,"trimmer-hy"),e.hy.stopWordFilter=e.generateStopWordFilter("դու և եք էիր էիք հետո նաև նրանք որը վրա է որ պիտի են այս մեջ ն իր ու ի այդ որոնք այն կամ էր մի ես համար այլ իսկ էին ենք հետ ին թ էինք մենք նրա նա դուք եմ էի ըստ որպես ում".split(" ")),e.Pipeline.registerFunction(e.hy.stopWordFilter,"stopWordFilter-hy"),e.hy.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}(),e.Pipeline.registerFunction(e.hy.stemmer,"stemmer-hy")}});
@@ -1 +0,0 @@
 !function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var r="2"==e.version[0];e.ja=function(){this.pipeline.reset(),this.pipeline.add(e.ja.trimmer,e.ja.stopWordFilter,e.ja.stemmer),r?this.tokenizer=e.ja.tokenizer:(e.tokenizer&&(e.tokenizer=e.ja.tokenizer),this.tokenizerFn&&(this.tokenizerFn=e.ja.tokenizer))};var t=new e.TinySegmenter;e.ja.tokenizer=function(i){var n,o,s,p,a,u,m,l,c,f;if(!arguments.length||null==i||void 0==i)return[];if(Array.isArray(i))return i.map(function(t){return r?new e.Token(t.toLowerCase()):t.toLowerCase()});for(o=i.toString().toLowerCase().replace(/^\s+/,""),n=o.length-1;n>=0;n--)if(/\S/.test(o.charAt(n))){o=o.substring(0,n+1);break}for(a=[],s=o.length,c=0,l=0;c<=s;c++)if(u=o.charAt(c),m=c-l,u.match(/\s/)||c==s){if(m>0)for(p=t.segment(o.slice(l,c)).filter(function(e){return!!e}),f=l,n=0;n<p.length;n++)r?a.push(new e.Token(p[n],{position:[f,p[n].length],index:a.length})):a.push(p[n]),f+=p[n].length;l=c+1}return a},e.ja.stemmer=function(){return function(e){return e}}(),e.Pipeline.registerFunction(e.ja.stemmer,"stemmer-ja"),e.ja.wordCharacters="一二三四五六七八九十百千万億兆一-龠々〆ヵヶぁ-んァ-ヴーｱ-ﾝﾞa-zA-Zａ-ｚＡ-Ｚ0-9０-９",e.ja.trimmer=e.trimmerSupport.generateTrimmer(e.ja.wordCharacters),e.Pipeline.registerFunction(e.ja.trimmer,"trimmer-ja"),e.ja.stopWordFilter=e.generateStopWordFilter("これ それ あれ この その あの ここ そこ あそこ こちら どこ だれ なに なん 何 私 貴方 貴方方 我々 私達 あの人 あのかた 彼女 彼 です あります おります います は が の に を で え から まで より も どの と し それで しかし".split(" ")),e.Pipeline.registerFunction(e.ja.stopWordFilter,"stopWordFilter-ja"),e.jp=e.ja,e.Pipeline.registerFunction(e.jp.stemmer,"stemmer-jp"),e.Pipeline.registerFunction(e.jp.trimmer,"trimmer-jp"),e.Pipeline.registerFunction(e.jp.stopWordFilter,"stopWordFilter-jp")}});
@@ -1 +0,0 @@
 module.exports=require("./lunr.ja");
@@ -1 +0,0 @@
 !function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.kn=function(){this.pipeline.reset(),this.pipeline.add(e.kn.trimmer,e.kn.stopWordFilter,e.kn.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.kn.stemmer))},e.kn.wordCharacters="ಀ-಄ಅ-ಔಕ-ಹಾ-ೌ಼-ಽೕ-ೖೝ-ೞೠ-ೡೢ-ೣ೤೥೦-೯ೱ-ೳ",e.kn.trimmer=e.trimmerSupport.generateTrimmer(e.kn.wordCharacters),e.Pipeline.registerFunction(e.kn.trimmer,"trimmer-kn"),e.kn.stopWordFilter=e.generateStopWordFilter("ಮತ್ತು ಈ ಒಂದು ರಲ್ಲಿ ಹಾಗೂ ಎಂದು ಅಥವಾ ಇದು ರ ಅವರು ಎಂಬ ಮೇಲೆ ಅವರ ತನ್ನ ಆದರೆ ತಮ್ಮ ನಂತರ ಮೂಲಕ ಹೆಚ್ಚು ನ ಆ ಕೆಲವು ಅನೇಕ ಎರಡು ಹಾಗು ಪ್ರಮುಖ ಇದನ್ನು ಇದರ ಸುಮಾರು ಅದರ ಅದು ಮೊದಲ ಬಗ್ಗೆ ನಲ್ಲಿ ರಂದು ಇತರ ಅತ್ಯಂತ ಹೆಚ್ಚಿನ ಸಹ ಸಾಮಾನ್ಯವಾಗಿ ನೇ ಹಲವಾರು ಹೊಸ ದಿ ಕಡಿಮೆ ಯಾವುದೇ ಹೊಂದಿದೆ ದೊಡ್ಡ ಅನ್ನು ಇವರು ಪ್ರಕಾರ ಇದೆ ಮಾತ್ರ ಕೂಡ ಇಲ್ಲಿ ಎಲ್ಲಾ ವಿವಿಧ ಅದನ್ನು ಹಲವು ರಿಂದ ಕೇವಲ ದ ದಕ್ಷಿಣ ಗೆ ಅವನ ಅತಿ ನೆಯ ಬಹಳ ಕೆಲಸ ಎಲ್ಲ ಪ್ರತಿ ಇತ್ಯಾದಿ ಇವು ಬೇರೆ ಹೀಗೆ ನಡುವೆ ಇದಕ್ಕೆ ಎಸ್ ಇವರ ಮೊದಲು ಶ್ರೀ ಮಾಡುವ ಇದರಲ್ಲಿ ರೀತಿಯ ಮಾಡಿದ ಕಾಲ ಅಲ್ಲಿ ಮಾಡಲು ಅದೇ ಈಗ ಅವು ಗಳು ಎ ಎಂಬುದು ಅವನು ಅಂದರೆ ಅವರಿಗೆ ಇರುವ ವಿಶೇಷ ಮುಂದೆ ಅವುಗಳ ಮುಂತಾದ ಮೂಲ ಬಿ ಮೀ ಒಂದೇ ಇನ್ನೂ ಹೆಚ್ಚಾಗಿ ಮಾಡಿ ಅವರನ್ನು ಇದೇ ಯ ರೀತಿಯಲ್ಲಿ ಜೊತೆ ಅದರಲ್ಲಿ ಮಾಡಿದರು ನಡೆದ ಆಗ ಮತ್ತೆ ಪೂರ್ವ ಆತ ಬಂದ ಯಾವ ಒಟ್ಟು ಇತರೆ ಹಿಂದೆ ಪ್ರಮಾಣದ ಗಳನ್ನು ಕುರಿತು ಯು ಆದ್ದರಿಂದ ಅಲ್ಲದೆ ನಗರದ ಮೇಲಿನ ಏಕೆಂದರೆ ರಷ್ಟು ಎಂಬುದನ್ನು ಬಾರಿ ಎಂದರೆ ಹಿಂದಿನ ಆದರೂ ಆದ ಸಂಬಂಧಿಸಿದ ಮತ್ತೊಂದು ಸಿ ಆತನ ".split(" ")),e.kn.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var r=e.wordcut;r.init(),e.kn.tokenizer=function(t){if(!arguments.length||null==t||void 0==t)return[];if(Array.isArray(t))return t.map(function(r){return isLunr2?new e.Token(r.toLowerCase()):r.toLowerCase()});var n=t.toString().toLowerCase().replace(/^\s+/,"");return r.cut(n).split("|")},e.Pipeline.registerFunction(e.kn.stemmer,"stemmer-kn"),e.Pipeline.registerFunction(e.kn.stopWordFilter,"stopWordFilter-kn")}});
@@ -1 +0,0 @@
 !function(e,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(e.lunr)}(this,function(){return function(e){e.multiLanguage=function(){for(var t=Array.prototype.slice.call(arguments),i=t.join("-"),r="",n=[],s=[],p=0;p<t.length;++p)"en"==t[p]?(r+="\\w",n.unshift(e.stopWordFilter),n.push(e.stemmer),s.push(e.stemmer)):(r+=e[t[p]].wordCharacters,e[t[p]].stopWordFilter&&n.unshift(e[t[p]].stopWordFilter),e[t[p]].stemmer&&(n.push(e[t[p]].stemmer),s.push(e[t[p]].stemmer)));var o=e.trimmerSupport.generateTrimmer(r);return e.Pipeline.registerFunction(o,"lunr-multi-trimmer-"+i),n.unshift(o),function(){this.pipeline.reset(),this.pipeline.add.apply(this.pipeline,n),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add.apply(this.searchPipeline,s))}}}});
@@ -1,18 +0,0 @@
 /*!
 * Lunr languages, `Norwegian` language
 * https://github.com/MihaiValentin/lunr-languages
 *
 * Copyright 2014, Mihai Valentin
 * http://www.mozilla.org/MPL/
 */
 /*!
 * based on
 * Snowball JavaScript Library v0.3
 * http://code.google.com/p/urim/
 * http://snowball.tartarus.org/
 *
 * Copyright 2010, Oleg Mazko
 * http://www.mozilla.org/MPL/
 */
 !function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.no=function(){this.pipeline.reset(),this.pipeline.add(e.no.trimmer,e.no.stopWordFilter,e.no.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.no.stemmer))},e.no.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤﬀ-ﬆＡ-Ｚａ-ｚ",e.no.trimmer=e.trimmerSupport.generateTrimmer(e.no.wordCharacters),e.Pipeline.registerFunction(e.no.trimmer,"trimmer-no"),e.no.stemmer=function(){var r=e.stemmerSupport.Among,n=e.stemmerSupport.SnowballProgram,i=new function(){function e(){var e,r=w.cursor+3;if(a=w.limit,0<=r||r<=w.limit){for(s=r;;){if(e=w.cursor,w.in_grouping(d,97,248)){w.cursor=e;break}if(e>=w.limit)return;w.cursor=e+1}for(;!w.out_grouping(d,97,248);){if(w.cursor>=w.limit)return;w.cursor++}a=w.cursor,a<s&&(a=s)}}function i(){var e,r,n;if(w.cursor>=a&&(r=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,e=w.find_among_b(m,29),w.limit_backward=r,e))switch(w.bra=w.cursor,e){case 1:w.slice_del();break;case 2:n=w.limit-w.cursor,w.in_grouping_b(c,98,122)?w.slice_del():(w.cursor=w.limit-n,w.eq_s_b(1,"k")&&w.out_grouping_b(d,97,248)&&w.slice_del());break;case 3:w.slice_from("er")}}function t(){var e,r=w.limit-w.cursor;w.cursor>=a&&(e=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,w.find_among_b(u,2)?(w.bra=w.cursor,w.limit_backward=e,w.cursor=w.limit-r,w.cursor>w.limit_backward&&(w.cursor--,w.bra=w.cursor,w.slice_del())):w.limit_backward=e)}function o(){var e,r;w.cursor>=a&&(r=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,e=w.find_among_b(l,11),e?(w.bra=w.cursor,w.limit_backward=r,1==e&&w.slice_del()):w.limit_backward=r)}var s,a,m=[new r("a",-1,1),new r("e",-1,1),new r("ede",1,1),new r("ande",1,1),new r("ende",1,1),new r("ane",1,1),new r("ene",1,1),new r("hetene",6,1),new r("erte",1,3),new r("en",-1,1),new r("heten",9,1),new r("ar",-1,1),new r("er",-1,1),new r("heter",12,1),new r("s",-1,2),new r("as",14,1),new r("es",14,1),new r("edes",16,1),new r("endes",16,1),new r("enes",16,1),new r("hetenes",19,1),new r("ens",14,1),new r("hetens",21,1),new r("ers",14,1),new r("ets",14,1),new r("et",-1,1),new r("het",25,1),new r("ert",-1,3),new r("ast",-1,1)],u=[new r("dt",-1,-1),new r("vt",-1,-1)],l=[new r("leg",-1,1),new r("eleg",0,1),new r("ig",-1,1),new r("eig",2,1),new r("lig",2,1),new r("elig",4,1),new r("els",-1,1),new r("lov",-1,1),new r("elov",7,1),new r("slov",7,1),new r("hetslov",9,1)],d=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,48,0,128],c=[119,125,149,1],w=new n;this.setCurrent=function(e){w.setCurrent(e)},this.getCurrent=function(){return w.getCurrent()},this.stem=function(){var r=w.cursor;return e(),w.limit_backward=r,w.cursor=w.limit,i(),w.cursor=w.limit,t(),w.cursor=w.limit,o(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return i.setCurrent(e),i.stem(),i.getCurrent()}):(i.setCurrent(e),i.stem(),i.getCurrent())}}(),e.Pipeline.registerFunction(e.no.stemmer,"stemmer-no"),e.no.stopWordFilter=e.generateStopWordFilter("alle at av bare begge ble blei bli blir blitt både båe da de deg dei deim deira deires dem den denne der dere deres det dette di din disse ditt du dykk dykkar då eg ein eit eitt eller elles en enn er et ett etter for fordi fra før ha hadde han hans har hennar henne hennes her hjå ho hoe honom hoss hossen hun hva hvem hver hvilke hvilken hvis hvor hvordan hvorfor i ikke ikkje ikkje ingen ingi inkje inn inni ja jeg kan kom korleis korso kun kunne kva kvar kvarhelst kven kvi kvifor man mange me med medan meg meget mellom men mi min mine mitt mot mykje ned no noe noen noka noko nokon nokor nokre nå når og også om opp oss over på samme seg selv si si sia sidan siden sin sine sitt sjøl skal skulle slik so som som somme somt så sånn til um upp ut uten var vart varte ved vere verte vi vil ville vore vors vort vår være være vært å".split(" ")),e.Pipeline.registerFunction(e.no.stopWordFilter,"stopWordFilter-no")}});
@@ -1 +0,0 @@
 !function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.sa=function(){this.pipeline.reset(),this.pipeline.add(e.sa.trimmer,e.sa.stopWordFilter,e.sa.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.sa.stemmer))},e.sa.wordCharacters="ऀ-ःऄ-एऐ-टठ-यर-िी-ॏॐ-य़ॠ-९॰-ॿ꣠-꣱ꣲ-ꣷ꣸-ꣻ꣼-ꣽꣾ-ꣿᆰ0-ᆰ9",e.sa.trimmer=e.trimmerSupport.generateTrimmer(e.sa.wordCharacters),e.Pipeline.registerFunction(e.sa.trimmer,"trimmer-sa"),e.sa.stopWordFilter=e.generateStopWordFilter('तथा अयम्‌ एकम्‌ इत्यस्मिन्‌ तथा तत्‌ वा अयम्‌ इत्यस्य ते आहूत उपरि तेषाम्‌  किन्तु तेषाम्‌ तदा इत्यनेन अधिकः इत्यस्य तत्‌ केचन बहवः द्वि तथा महत्वपूर्णः अयम्‌ अस्य  विषये अयं अस्ति तत्‌ प्रथमः विषये इत्युपरि इत्युपरि इतर अधिकतमः अधिकः अपि सामान्यतया ठ इतरेतर नूतनम्‌ द  न्यूनम्‌ कश्चित्‌ वा विशालः द  सः अस्ति तदनुसारम् तत्र अस्ति केवलम्‌ अपि अत्र सर्वे विविधाः तत्‌ बहवः यतः इदानीम्‌ द  दक्षिण इत्यस्मै तस्य उपरि नथ अतीव कार्यम्‌ सर्वे एकैकम्‌ इत्यादि। एते सन्ति  उत इत्थम्‌ मध्ये एतदर्थं . स कस्य प्रथमः श्री. करोति अस्मिन् प्रकारः निर्मिता कालः तत्र कर्तुं  समान अधुना ते सन्ति स एकः अस्ति सः अर्थात् तेषां कृते . स्थितम्  विशेषः अग्रिम तेषाम्‌ समान स्रोतः ख म समान इदानीमपि अधिकतया करोतु ते समान इत्यस्य वीथी सह यस्मिन्  कृतवान्‌ धृतः तदा पुनः पूर्वं सः आगतः किम्‌ कुल इतर पुरा  मात्रा स विषये उ अतएव अपि नगरस्य  उपरि यतः प्रतिशतं  कतरः कालः साधनानि भूत तथापि जात सम्बन्धि अन्यत्‌ ग अतः अस्माकं स्वकीयाः अस्माकं इदानीं अन्तः इत्यादयः भवन्तः इत्यादयः एते एताः तस्य अस्य इदम् एते तेषां तेषां तेषां तान् तेषां तेषां तेषां समानः सः एकः च तादृशाः बहवः अन्ये च वदन्ति यत् कियत् कस्मै  कस्मै  यस्मै  यस्मै  यस्मै  यस्मै न अतिनीचः किन्तु प्रथमं सम्पूर्णतया  ततः चिरकालानन्तरं पुस्तकं सम्पूर्णतया अन्तः  किन्तु अत्र वा इह इव श्रद्धाय अवशिष्यते  परन्तु अन्ये वर्गाः सन्ति ते सन्ति शक्नुवन्ति सर्वे मिलित्वा सर्वे एकत्र"'.split(" ")),e.sa.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var r=e.wordcut;r.init(),e.sa.tokenizer=function(t){if(!arguments.length||null==t||void 0==t)return[];if(Array.isArray(t))return t.map(function(r){return isLunr2?new e.Token(r.toLowerCase()):r.toLowerCase()});var i=t.toString().toLowerCase().replace(/^\s+/,"");return r.cut(i).split("|")},e.Pipeline.registerFunction(e.sa.stemmer,"stemmer-sa"),e.Pipeline.registerFunction(e.sa.stopWordFilter,"stopWordFilter-sa")}});
@@ -1 +0,0 @@
 !function(r,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(r.lunr)}(this,function(){return function(r){r.stemmerSupport={Among:function(r,t,i,s){if(this.toCharArray=function(r){for(var t=r.length,i=new Array(t),s=0;s<t;s++)i[s]=r.charCodeAt(s);return i},!r&&""!=r||!t&&0!=t||!i)throw"Bad Among initialisation: s:"+r+", substring_i: "+t+", result: "+i;this.s_size=r.length,this.s=this.toCharArray(r),this.substring_i=t,this.result=i,this.method=s},SnowballProgram:function(){var r;return{bra:0,ket:0,limit:0,cursor:0,limit_backward:0,setCurrent:function(t){r=t,this.cursor=0,this.limit=t.length,this.limit_backward=0,this.bra=this.cursor,this.ket=this.limit},getCurrent:function(){var t=r;return r=null,t},in_grouping:function(t,i,s){if(this.cursor<this.limit){var e=r.charCodeAt(this.cursor);if(e<=s&&e>=i&&(e-=i,t[e>>3]&1<<(7&e)))return this.cursor++,!0}return!1},in_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e<=s&&e>=i&&(e-=i,t[e>>3]&1<<(7&e)))return this.cursor--,!0}return!1},out_grouping:function(t,i,s){if(this.cursor<this.limit){var e=r.charCodeAt(this.cursor);if(e>s||e<i)return this.cursor++,!0;if(e-=i,!(t[e>>3]&1<<(7&e)))return this.cursor++,!0}return!1},out_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e>s||e<i)return this.cursor--,!0;if(e-=i,!(t[e>>3]&1<<(7&e)))return this.cursor--,!0}return!1},eq_s:function(t,i){if(this.limit-this.cursor<t)return!1;for(var s=0;s<t;s++)if(r.charCodeAt(this.cursor+s)!=i.charCodeAt(s))return!1;return this.cursor+=t,!0},eq_s_b:function(t,i){if(this.cursor-this.limit_backward<t)return!1;for(var s=0;s<t;s++)if(r.charCodeAt(this.cursor-t+s)!=i.charCodeAt(s))return!1;return this.cursor-=t,!0},find_among:function(t,i){for(var s=0,e=i,n=this.cursor,u=this.limit,o=0,h=0,c=!1;;){for(var a=s+(e-s>>1),f=0,l=o<h?o:h,_=t[a],m=l;m<_.s_size;m++){if(n+l==u){f=-1;break}if(f=r.charCodeAt(n+l)-_.s[m])break;l++}if(f<0?(e=a,h=l):(s=a,o=l),e-s<=1){if(s>0||e==s||c)break;c=!0}}for(;;){var _=t[s];if(o>=_.s_size){if(this.cursor=n+_.s_size,!_.method)return _.result;var b=_.method();if(this.cursor=n+_.s_size,b)return _.result}if((s=_.substring_i)<0)return 0}},find_among_b:function(t,i){for(var s=0,e=i,n=this.cursor,u=this.limit_backward,o=0,h=0,c=!1;;){for(var a=s+(e-s>>1),f=0,l=o<h?o:h,_=t[a],m=_.s_size-1-l;m>=0;m--){if(n-l==u){f=-1;break}if(f=r.charCodeAt(n-1-l)-_.s[m])break;l++}if(f<0?(e=a,h=l):(s=a,o=l),e-s<=1){if(s>0||e==s||c)break;c=!0}}for(;;){var _=t[s];if(o>=_.s_size){if(this.cursor=n-_.s_size,!_.method)return _.result;var b=_.method();if(this.cursor=n-_.s_size,b)return _.result}if((s=_.substring_i)<0)return 0}},replace_s:function(t,i,s){var e=s.length-(i-t),n=r.substring(0,t),u=r.substring(i);return r=n+s+u,this.limit+=e,this.cursor>=i?this.cursor+=e:this.cursor>t&&(this.cursor=t),e},slice_check:function(){if(this.bra<0||this.bra>this.ket||this.ket>this.limit||this.limit>r.length)throw"faulty slice operation"},slice_from:function(r){this.slice_check(),this.replace_s(this.bra,this.ket,r)},slice_del:function(){this.slice_from("")},insert:function(r,t,i){var s=this.replace_s(r,t,i);r<=this.bra&&(this.bra+=s),r<=this.ket&&(this.ket+=s)},slice_to:function(){return this.slice_check(),r.substring(this.bra,this.ket)},eq_v_b:function(r){return this.eq_s_b(r.length,r)}}}},r.trimmerSupport={generateTrimmer:function(r){var t=new RegExp("^[^"+r+"]+"),i=new RegExp("[^"+r+"]+$");return function(r){return"function"==typeof r.update?r.update(function(r){return r.replace(t,"").replace(i,"")}):r.replace(t,"").replace(i,"")}}}}});
@@ -1,18 +0,0 @@
 /*!
 * Lunr languages, `Swedish` language
 * https://github.com/MihaiValentin/lunr-languages
 *
 * Copyright 2014, Mihai Valentin
 * http://www.mozilla.org/MPL/
 */
 /*!
 * based on
 * Snowball JavaScript Library v0.3
 * http://code.google.com/p/urim/
 * http://snowball.tartarus.org/
 *
 * Copyright 2010, Oleg Mazko
 * http://www.mozilla.org/MPL/
 */
 !function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.sv=function(){this.pipeline.reset(),this.pipeline.add(e.sv.trimmer,e.sv.stopWordFilter,e.sv.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.sv.stemmer))},e.sv.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤﬀ-ﬆＡ-Ｚａ-ｚ",e.sv.trimmer=e.trimmerSupport.generateTrimmer(e.sv.wordCharacters),e.Pipeline.registerFunction(e.sv.trimmer,"trimmer-sv"),e.sv.stemmer=function(){var r=e.stemmerSupport.Among,n=e.stemmerSupport.SnowballProgram,t=new function(){function e(){var e,r=w.cursor+3;if(o=w.limit,0<=r||r<=w.limit){for(a=r;;){if(e=w.cursor,w.in_grouping(l,97,246)){w.cursor=e;break}if(w.cursor=e,w.cursor>=w.limit)return;w.cursor++}for(;!w.out_grouping(l,97,246);){if(w.cursor>=w.limit)return;w.cursor++}o=w.cursor,o<a&&(o=a)}}function t(){var e,r=w.limit_backward;if(w.cursor>=o&&(w.limit_backward=o,w.cursor=w.limit,w.ket=w.cursor,e=w.find_among_b(u,37),w.limit_backward=r,e))switch(w.bra=w.cursor,e){case 1:w.slice_del();break;case 2:w.in_grouping_b(d,98,121)&&w.slice_del()}}function i(){var e=w.limit_backward;w.cursor>=o&&(w.limit_backward=o,w.cursor=w.limit,w.find_among_b(c,7)&&(w.cursor=w.limit,w.ket=w.cursor,w.cursor>w.limit_backward&&(w.bra=--w.cursor,w.slice_del())),w.limit_backward=e)}function s(){var e,r;if(w.cursor>=o){if(r=w.limit_backward,w.limit_backward=o,w.cursor=w.limit,w.ket=w.cursor,e=w.find_among_b(m,5))switch(w.bra=w.cursor,e){case 1:w.slice_del();break;case 2:w.slice_from("lös");break;case 3:w.slice_from("full")}w.limit_backward=r}}var a,o,u=[new r("a",-1,1),new r("arna",0,1),new r("erna",0,1),new r("heterna",2,1),new r("orna",0,1),new r("ad",-1,1),new r("e",-1,1),new r("ade",6,1),new r("ande",6,1),new r("arne",6,1),new r("are",6,1),new r("aste",6,1),new r("en",-1,1),new r("anden",12,1),new r("aren",12,1),new r("heten",12,1),new r("ern",-1,1),new r("ar",-1,1),new r("er",-1,1),new r("heter",18,1),new r("or",-1,1),new r("s",-1,2),new r("as",21,1),new r("arnas",22,1),new r("ernas",22,1),new r("ornas",22,1),new r("es",21,1),new r("ades",26,1),new r("andes",26,1),new r("ens",21,1),new r("arens",29,1),new r("hetens",29,1),new r("erns",21,1),new r("at",-1,1),new r("andet",-1,1),new r("het",-1,1),new r("ast",-1,1)],c=[new r("dd",-1,-1),new r("gd",-1,-1),new r("nn",-1,-1),new r("dt",-1,-1),new r("gt",-1,-1),new r("kt",-1,-1),new r("tt",-1,-1)],m=[new r("ig",-1,1),new r("lig",0,1),new r("els",-1,1),new r("fullt",-1,3),new r("löst",-1,2)],l=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,24,0,32],d=[119,127,149],w=new n;this.setCurrent=function(e){w.setCurrent(e)},this.getCurrent=function(){return w.getCurrent()},this.stem=function(){var r=w.cursor;return e(),w.limit_backward=r,w.cursor=w.limit,t(),w.cursor=w.limit,i(),w.cursor=w.limit,s(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return t.setCurrent(e),t.stem(),t.getCurrent()}):(t.setCurrent(e),t.stem(),t.getCurrent())}}(),e.Pipeline.registerFunction(e.sv.stemmer,"stemmer-sv"),e.sv.stopWordFilter=e.generateStopWordFilter("alla allt att av blev bli blir blivit de dem den denna deras dess dessa det detta dig din dina ditt du där då efter ej eller en er era ert ett från för ha hade han hans har henne hennes hon honom hur här i icke ingen inom inte jag ju kan kunde man med mellan men mig min mina mitt mot mycket ni nu när någon något några och om oss på samma sedan sig sin sina sitta själv skulle som så sådan sådana sådant till under upp ut utan vad var vara varför varit varje vars vart vem vi vid vilka vilkas vilken vilket vår våra vårt än är åt över".split(" ")),e.Pipeline.registerFunction(e.sv.stopWordFilter,"stopWordFilter-sv")}});
@@ -1 +0,0 @@
 !function(e,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.ta=function(){this.pipeline.reset(),this.pipeline.add(e.ta.trimmer,e.ta.stopWordFilter,e.ta.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.ta.stemmer))},e.ta.wordCharacters="஀-உஊ-ஏஐ-ஙச-ட஠-னப-யர-ஹ஺-ிீ-௉ொ-௏ௐ-௙௚-௟௠-௩௪-௯௰-௹௺-௿a-zA-Zａ-ｚＡ-Ｚ0-9０-９",e.ta.trimmer=e.trimmerSupport.generateTrimmer(e.ta.wordCharacters),e.Pipeline.registerFunction(e.ta.trimmer,"trimmer-ta"),e.ta.stopWordFilter=e.generateStopWordFilter("அங்கு அங்கே அது அதை அந்த அவர் அவர்கள் அவள் அவன் அவை ஆக ஆகவே ஆகையால் ஆதலால் ஆதலினால் ஆனாலும் ஆனால் இங்கு இங்கே இது இதை இந்த இப்படி இவர் இவர்கள் இவள் இவன் இவை இவ்வளவு உனக்கு உனது உன் உன்னால் எங்கு எங்கே எது எதை எந்த எப்படி எவர் எவர்கள் எவள் எவன் எவை எவ்வளவு எனக்கு எனது எனவே என் என்ன என்னால் ஏது ஏன் தனது தன்னால் தானே தான் நாங்கள் நாம் நான் நீ நீங்கள்".split(" ")),e.ta.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var t=e.wordcut;t.init(),e.ta.tokenizer=function(r){if(!arguments.length||null==r||void 0==r)return[];if(Array.isArray(r))return r.map(function(t){return isLunr2?new e.Token(t.toLowerCase()):t.toLowerCase()});var i=r.toString().toLowerCase().replace(/^\s+/,"");return t.cut(i).split("|")},e.Pipeline.registerFunction(e.ta.stemmer,"stemmer-ta"),e.Pipeline.registerFunction(e.ta.stopWordFilter,"stopWordFilter-ta")}});
@@ -1 +0,0 @@
 !function(e,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.te=function(){this.pipeline.reset(),this.pipeline.add(e.te.trimmer,e.te.stopWordFilter,e.te.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.te.stemmer))},e.te.wordCharacters="ఀ-ఄఅ-ఔక-హా-ౌౕ-ౖౘ-ౚౠ-ౡౢ-ౣ౦-౯౸-౿఼ఽ్ౝ౷౤౥",e.te.trimmer=e.trimmerSupport.generateTrimmer(e.te.wordCharacters),e.Pipeline.registerFunction(e.te.trimmer,"trimmer-te"),e.te.stopWordFilter=e.generateStopWordFilter("అందరూ అందుబాటులో అడగండి అడగడం అడ్డంగా అనుగుణంగా అనుమతించు అనుమతిస్తుంది అయితే ఇప్పటికే ఉన్నారు ఎక్కడైనా ఎప్పుడు ఎవరైనా ఎవరో ఏ ఏదైనా ఏమైనప్పటికి ఒక ఒకరు కనిపిస్తాయి కాదు కూడా గా గురించి చుట్టూ చేయగలిగింది తగిన తర్వాత దాదాపు దూరంగా నిజంగా పై ప్రకారం ప్రక్కన మధ్య మరియు మరొక మళ్ళీ మాత్రమే మెచ్చుకో వద్ద వెంట వేరుగా వ్యతిరేకంగా సంబంధం".split(" ")),e.te.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var t=e.wordcut;t.init(),e.te.tokenizer=function(r){if(!arguments.length||null==r||void 0==r)return[];if(Array.isArray(r))return r.map(function(t){return isLunr2?new e.Token(t.toLowerCase()):t.toLowerCase()});var i=r.toString().toLowerCase().replace(/^\s+/,"");return t.cut(i).split("|")},e.Pipeline.registerFunction(e.te.stemmer,"stemmer-te"),e.Pipeline.registerFunction(e.te.stopWordFilter,"stopWordFilter-te")}});
@@ -1 +0,0 @@
 !function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var r="2"==e.version[0];e.th=function(){this.pipeline.reset(),this.pipeline.add(e.th.trimmer),r?this.tokenizer=e.th.tokenizer:(e.tokenizer&&(e.tokenizer=e.th.tokenizer),this.tokenizerFn&&(this.tokenizerFn=e.th.tokenizer))},e.th.wordCharacters="[฀-๿]",e.th.trimmer=e.trimmerSupport.generateTrimmer(e.th.wordCharacters),e.Pipeline.registerFunction(e.th.trimmer,"trimmer-th");var t=e.wordcut;t.init(),e.th.tokenizer=function(i){if(!arguments.length||null==i||void 0==i)return[];if(Array.isArray(i))return i.map(function(t){return r?new e.Token(t):t});var n=i.toString().replace(/^\s+/,"");return t.cut(n).split("|")}}});
@@ -1 +0,0 @@
 !function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.vi=function(){this.pipeline.reset(),this.pipeline.add(e.vi.stopWordFilter,e.vi.trimmer)},e.vi.wordCharacters="[A-Za-ẓ̀͐́͑̉̃̓ÂâÊêÔôĂ-ăĐ-đƠ-ơƯ-ư]",e.vi.trimmer=e.trimmerSupport.generateTrimmer(e.vi.wordCharacters),e.Pipeline.registerFunction(e.vi.trimmer,"trimmer-vi"),e.vi.stopWordFilter=e.generateStopWordFilter("là cái nhưng mà".split(" "))}});
@@ -1 +0,0 @@
 !function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r(require("@node-rs/jieba")):r()(e.lunr)}(this,function(e){return function(r,t){if(void 0===r)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===r.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var i="2"==r.version[0];r.zh=function(){this.pipeline.reset(),this.pipeline.add(r.zh.trimmer,r.zh.stopWordFilter,r.zh.stemmer),i?this.tokenizer=r.zh.tokenizer:(r.tokenizer&&(r.tokenizer=r.zh.tokenizer),this.tokenizerFn&&(this.tokenizerFn=r.zh.tokenizer))},r.zh.tokenizer=function(n){if(!arguments.length||null==n||void 0==n)return[];if(Array.isArray(n))return n.map(function(e){return i?new r.Token(e.toLowerCase()):e.toLowerCase()});t&&e.load(t);var o=n.toString().trim().toLowerCase(),s=[];e.cut(o,!0).forEach(function(e){s=s.concat(e.split(" "))}),s=s.filter(function(e){return!!e});var u=0;return s.map(function(e,t){if(i){var n=o.indexOf(e,u),s={};return s.position=[n,e.length],s.index=t,u=n,new r.Token(e,s)}return e})},r.zh.wordCharacters="\\w一-龥",r.zh.trimmer=r.trimmerSupport.generateTrimmer(r.zh.wordCharacters),r.Pipeline.registerFunction(r.zh.trimmer,"trimmer-zh"),r.zh.stemmer=function(){return function(e){return e}}(),r.Pipeline.registerFunction(r.zh.stemmer,"stemmer-zh"),r.zh.stopWordFilter=r.generateStopWordFilter("的 一 不 在 人 有 是 为 為 以 于 於 上 他 而 后 後 之 来 來 及 了 因 下 可 到 由 这 這 与 與 也 此 但 并 並 个 個 其 已 无 無 小 我 们 們 起 最 再 今 去 好 只 又 或 很 亦 某 把 那 你 乃 它 吧 被 比 别 趁 当 當 从 從 得 打 凡 儿 兒 尔 爾 该 該 各 给 給 跟 和 何 还 還 即 几 幾 既 看 据 據 距 靠 啦 另 么 麽 每 嘛 拿 哪 您 凭 憑 且 却 卻 让 讓 仍 啥 如 若 使 谁 誰 虽 雖 随 隨 同 所 她 哇 嗡 往 些 向 沿 哟 喲 用 咱 则 則 怎 曾 至 致 着 著 诸 諸 自".split(" ")),r.Pipeline.registerFunction(r.zh.stopWordFilter,"stopWordFilter-zh")}});
@@ -1,206 +0,0 @@
 /**
 * export the module via AMD, CommonJS or as a browser global
 * Export code from https://github.com/umdjs/umd/blob/master/returnExports.js
 */
 ;(function (root, factory) {
    if (typeof define === 'function' && define.amd) {
        // AMD. Register as an anonymous module.
        define(factory)
    } else if (typeof exports === 'object') {
        /**
         * Node. Does not work with strict CommonJS, but
         * only CommonJS-like environments that support module.exports,
         * like Node.
         */
        module.exports = factory()
    } else {
        // Browser globals (root is window)
        factory()(root.lunr);
    }
 }(this, function () {
    /**
     * Just return a value to define the module export.
     * This example returns an object, but the module
     * can return a function as the exported value.
     */
    return function(lunr) {
        // TinySegmenter 0.1 -- Super compact Japanese tokenizer in Javascript
        // (c) 2008 Taku Kudo <taku@chasen.org>
        // TinySegmenter is freely distributable under the terms of a new BSD licence.
        // For details, see http://chasen.org/~taku/software/TinySegmenter/LICENCE.txt
        function TinySegmenter() {
          var patterns = {
            "[一二三四五六七八九十百千万億兆]":"M",
            "[一-龠々〆ヵヶ]":"H",
            "[ぁ-ん]":"I",
            "[ァ-ヴーｱ-ﾝﾞｰ]":"K",
            "[a-zA-Zａ-ｚＡ-Ｚ]":"A",
            "[0-9０-９]":"N"
          }
          this.chartype_ = [];
          for (var i in patterns) {
            var regexp = new RegExp(i);
            this.chartype_.push([regexp, patterns[i]]);
          }
          this.BIAS__ = -332
          this.BC1__ = {"HH":6,"II":2461,"KH":406,"OH":-1378};
          this.BC2__ = {"AA":-3267,"AI":2744,"AN":-878,"HH":-4070,"HM":-1711,"HN":4012,"HO":3761,"IA":1327,"IH":-1184,"II":-1332,"IK":1721,"IO":5492,"KI":3831,"KK":-8741,"MH":-3132,"MK":3334,"OO":-2920};
          this.BC3__ = {"HH":996,"HI":626,"HK":-721,"HN":-1307,"HO":-836,"IH":-301,"KK":2762,"MK":1079,"MM":4034,"OA":-1652,"OH":266};
          this.BP1__ = {"BB":295,"OB":304,"OO":-125,"UB":352};
          this.BP2__ = {"BO":60,"OO":-1762};
          this.BQ1__ = {"BHH":1150,"BHM":1521,"BII":-1158,"BIM":886,"BMH":1208,"BNH":449,"BOH":-91,"BOO":-2597,"OHI":451,"OIH":-296,"OKA":1851,"OKH":-1020,"OKK":904,"OOO":2965};
          this.BQ2__ = {"BHH":118,"BHI":-1159,"BHM":466,"BIH":-919,"BKK":-1720,"BKO":864,"OHH":-1139,"OHM":-181,"OIH":153,"UHI":-1146};
          this.BQ3__ = {"BHH":-792,"BHI":2664,"BII":-299,"BKI":419,"BMH":937,"BMM":8335,"BNN":998,"BOH":775,"OHH":2174,"OHM":439,"OII":280,"OKH":1798,"OKI":-793,"OKO":-2242,"OMH":-2402,"OOO":11699};
          this.BQ4__ = {"BHH":-3895,"BIH":3761,"BII":-4654,"BIK":1348,"BKK":-1806,"BMI":-3385,"BOO":-12396,"OAH":926,"OHH":266,"OHK":-2036,"ONN":-973};
          this.BW1__ = {",と":660,",同":727,"B1あ":1404,"B1同":542,"、と":660,"、同":727,"」と":1682,"あっ":1505,"いう":1743,"いっ":-2055,"いる":672,"うし":-4817,"うん":665,"から":3472,"がら":600,"こう":-790,"こと":2083,"こん":-1262,"さら":-4143,"さん":4573,"した":2641,"して":1104,"すで":-3399,"そこ":1977,"それ":-871,"たち":1122,"ため":601,"った":3463,"つい":-802,"てい":805,"てき":1249,"でき":1127,"です":3445,"では":844,"とい":-4915,"とみ":1922,"どこ":3887,"ない":5713,"なっ":3015,"など":7379,"なん":-1113,"にし":2468,"には":1498,"にも":1671,"に対":-912,"の一":-501,"の中":741,"ませ":2448,"まで":1711,"まま":2600,"まる":-2155,"やむ":-1947,"よっ":-2565,"れた":2369,"れで":-913,"をし":1860,"を見":731,"亡く":-1886,"京都":2558,"取り":-2784,"大き":-2604,"大阪":1497,"平方":-2314,"引き":-1336,"日本":-195,"本当":-2423,"毎日":-2113,"目指":-724,"Ｂ１あ":1404,"Ｂ１同":542,"｣と":1682};
          this.BW2__ = {"..":-11822,"11":-669,"――":-5730,"−−":-13175,"いう":-1609,"うか":2490,"かし":-1350,"かも":-602,"から":-7194,"かれ":4612,"がい":853,"がら":-3198,"きた":1941,"くな":-1597,"こと":-8392,"この":-4193,"させ":4533,"され":13168,"さん":-3977,"しい":-1819,"しか":-545,"した":5078,"して":972,"しな":939,"その":-3744,"たい":-1253,"たた":-662,"ただ":-3857,"たち":-786,"たと":1224,"たは":-939,"った":4589,"って":1647,"っと":-2094,"てい":6144,"てき":3640,"てく":2551,"ては":-3110,"ても":-3065,"でい":2666,"でき":-1528,"でし":-3828,"です":-4761,"でも":-4203,"とい":1890,"とこ":-1746,"とと":-2279,"との":720,"とみ":5168,"とも":-3941,"ない":-2488,"なが":-1313,"など":-6509,"なの":2614,"なん":3099,"にお":-1615,"にし":2748,"にな":2454,"によ":-7236,"に対":-14943,"に従":-4688,"に関":-11388,"のか":2093,"ので":-7059,"のに":-6041,"のの":-6125,"はい":1073,"はが":-1033,"はず":-2532,"ばれ":1813,"まし":-1316,"まで":-6621,"まれ":5409,"めて":-3153,"もい":2230,"もの":-10713,"らか":-944,"らし":-1611,"らに":-1897,"りし":651,"りま":1620,"れた":4270,"れて":849,"れば":4114,"ろう":6067,"われ":7901,"を通":-11877,"んだ":728,"んな":-4115,"一人":602,"一方":-1375,"一日":970,"一部":-1051,"上が":-4479,"会社":-1116,"出て":2163,"分の":-7758,"同党":970,"同日":-913,"大阪":-2471,"委員":-1250,"少な":-1050,"年度":-8669,"年間":-1626,"府県":-2363,"手権":-1982,"新聞":-4066,"日新":-722,"日本":-7068,"日米":3372,"曜日":-601,"朝鮮":-2355,"本人":-2697,"東京":-1543,"然と":-1384,"社会":-1276,"立て":-990,"第に":-1612,"米国":-4268,"１１":-669};
          this.BW3__ = {"あた":-2194,"あり":719,"ある":3846,"い.":-1185,"い。":-1185,"いい":5308,"いえ":2079,"いく":3029,"いた":2056,"いっ":1883,"いる":5600,"いわ":1527,"うち":1117,"うと":4798,"えと":1454,"か.":2857,"か。":2857,"かけ":-743,"かっ":-4098,"かに":-669,"から":6520,"かり":-2670,"が,":1816,"が、":1816,"がき":-4855,"がけ":-1127,"がっ":-913,"がら":-4977,"がり":-2064,"きた":1645,"けど":1374,"こと":7397,"この":1542,"ころ":-2757,"さい":-714,"さを":976,"し,":1557,"し、":1557,"しい":-3714,"した":3562,"して":1449,"しな":2608,"しま":1200,"す.":-1310,"す。":-1310,"する":6521,"ず,":3426,"ず、":3426,"ずに":841,"そう":428,"た.":8875,"た。":8875,"たい":-594,"たの":812,"たり":-1183,"たる":-853,"だ.":4098,"だ。":4098,"だっ":1004,"った":-4748,"って":300,"てい":6240,"てお":855,"ても":302,"です":1437,"でに":-1482,"では":2295,"とう":-1387,"とし":2266,"との":541,"とも":-3543,"どう":4664,"ない":1796,"なく":-903,"など":2135,"に,":-1021,"に、":-1021,"にし":1771,"にな":1906,"には":2644,"の,":-724,"の、":-724,"の子":-1000,"は,":1337,"は、":1337,"べき":2181,"まし":1113,"ます":6943,"まっ":-1549,"まで":6154,"まれ":-793,"らし":1479,"られ":6820,"るる":3818,"れ,":854,"れ、":854,"れた":1850,"れて":1375,"れば":-3246,"れる":1091,"われ":-605,"んだ":606,"んで":798,"カ月":990,"会議":860,"入り":1232,"大会":2217,"始め":1681,"市":965,"新聞":-5055,"日,":974,"日、":974,"社会":2024,"ｶ月":990};
          this.TC1__ = {"AAA":1093,"HHH":1029,"HHM":580,"HII":998,"HOH":-390,"HOM":-331,"IHI":1169,"IOH":-142,"IOI":-1015,"IOM":467,"MMH":187,"OOI":-1832};
          this.TC2__ = {"HHO":2088,"HII":-1023,"HMM":-1154,"IHI":-1965,"KKH":703,"OII":-2649};
          this.TC3__ = {"AAA":-294,"HHH":346,"HHI":-341,"HII":-1088,"HIK":731,"HOH":-1486,"IHH":128,"IHI":-3041,"IHO":-1935,"IIH":-825,"IIM":-1035,"IOI":-542,"KHH":-1216,"KKA":491,"KKH":-1217,"KOK":-1009,"MHH":-2694,"MHM":-457,"MHO":123,"MMH":-471,"NNH":-1689,"NNO":662,"OHO":-3393};
          this.TC4__ = {"HHH":-203,"HHI":1344,"HHK":365,"HHM":-122,"HHN":182,"HHO":669,"HIH":804,"HII":679,"HOH":446,"IHH":695,"IHO":-2324,"IIH":321,"III":1497,"IIO":656,"IOO":54,"KAK":4845,"KKA":3386,"KKK":3065,"MHH":-405,"MHI":201,"MMH":-241,"MMM":661,"MOM":841};
          this.TQ1__ = {"BHHH":-227,"BHHI":316,"BHIH":-132,"BIHH":60,"BIII":1595,"BNHH":-744,"BOHH":225,"BOOO":-908,"OAKK":482,"OHHH":281,"OHIH":249,"OIHI":200,"OIIH":-68};
          this.TQ2__ = {"BIHH":-1401,"BIII":-1033,"BKAK":-543,"BOOO":-5591};
          this.TQ3__ = {"BHHH":478,"BHHM":-1073,"BHIH":222,"BHII":-504,"BIIH":-116,"BIII":-105,"BMHI":-863,"BMHM":-464,"BOMH":620,"OHHH":346,"OHHI":1729,"OHII":997,"OHMH":481,"OIHH":623,"OIIH":1344,"OKAK":2792,"OKHH":587,"OKKA":679,"OOHH":110,"OOII":-685};
          this.TQ4__ = {"BHHH":-721,"BHHM":-3604,"BHII":-966,"BIIH":-607,"BIII":-2181,"OAAA":-2763,"OAKK":180,"OHHH":-294,"OHHI":2446,"OHHO":480,"OHIH":-1573,"OIHH":1935,"OIHI":-493,"OIIH":626,"OIII":-4007,"OKAK":-8156};
          this.TW1__ = {"につい":-4681,"東京都":2026};
          this.TW2__ = {"ある程":-2049,"いった":-1256,"ころが":-2434,"しょう":3873,"その後":-4430,"だって":-1049,"ていた":1833,"として":-4657,"ともに":-4517,"もので":1882,"一気に":-792,"初めて":-1512,"同時に":-8097,"大きな":-1255,"対して":-2721,"社会党":-3216};
          this.TW3__ = {"いただ":-1734,"してい":1314,"として":-4314,"につい":-5483,"にとっ":-5989,"に当た":-6247,"ので,":-727,"ので、":-727,"のもの":-600,"れから":-3752,"十二月":-2287};
          this.TW4__ = {"いう.":8576,"いう。":8576,"からな":-2348,"してい":2958,"たが,":1516,"たが、":1516,"ている":1538,"という":1349,"ました":5543,"ません":1097,"ようと":-4258,"よると":5865};
          this.UC1__ = {"A":484,"K":93,"M":645,"O":-505};
          this.UC2__ = {"A":819,"H":1059,"I":409,"M":3987,"N":5775,"O":646};
          this.UC3__ = {"A":-1370,"I":2311};
          this.UC4__ = {"A":-2643,"H":1809,"I":-1032,"K":-3450,"M":3565,"N":3876,"O":6646};
          this.UC5__ = {"H":313,"I":-1238,"K":-799,"M":539,"O":-831};
          this.UC6__ = {"H":-506,"I":-253,"K":87,"M":247,"O":-387};
          this.UP1__ = {"O":-214};
          this.UP2__ = {"B":69,"O":935};
          this.UP3__ = {"B":189};
          this.UQ1__ = {"BH":21,"BI":-12,"BK":-99,"BN":142,"BO":-56,"OH":-95,"OI":477,"OK":410,"OO":-2422};
          this.UQ2__ = {"BH":216,"BI":113,"OK":1759};
          this.UQ3__ = {"BA":-479,"BH":42,"BI":1913,"BK":-7198,"BM":3160,"BN":6427,"BO":14761,"OI":-827,"ON":-3212};
          this.UW1__ = {",":156,"、":156,"「":-463,"あ":-941,"う":-127,"が":-553,"き":121,"こ":505,"で":-201,"と":-547,"ど":-123,"に":-789,"の":-185,"は":-847,"も":-466,"や":-470,"よ":182,"ら":-292,"り":208,"れ":169,"を":-446,"ん":-137,"・":-135,"主":-402,"京":-268,"区":-912,"午":871,"国":-460,"大":561,"委":729,"市":-411,"日":-141,"理":361,"生":-408,"県":-386,"都":-718,"｢":-463,"･":-135};
          this.UW2__ = {",":-829,"、":-829,"〇":892,"「":-645,"」":3145,"あ":-538,"い":505,"う":134,"お":-502,"か":1454,"が":-856,"く":-412,"こ":1141,"さ":878,"ざ":540,"し":1529,"す":-675,"せ":300,"そ":-1011,"た":188,"だ":1837,"つ":-949,"て":-291,"で":-268,"と":-981,"ど":1273,"な":1063,"に":-1764,"の":130,"は":-409,"ひ":-1273,"べ":1261,"ま":600,"も":-1263,"や":-402,"よ":1639,"り":-579,"る":-694,"れ":571,"を":-2516,"ん":2095,"ア":-587,"カ":306,"キ":568,"ッ":831,"三":-758,"不":-2150,"世":-302,"中":-968,"主":-861,"事":492,"人":-123,"会":978,"保":362,"入":548,"初":-3025,"副":-1566,"北":-3414,"区":-422,"大":-1769,"天":-865,"太":-483,"子":-1519,"学":760,"実":1023,"小":-2009,"市":-813,"年":-1060,"強":1067,"手":-1519,"揺":-1033,"政":1522,"文":-1355,"新":-1682,"日":-1815,"明":-1462,"最":-630,"朝":-1843,"本":-1650,"東":-931,"果":-665,"次":-2378,"民":-180,"気":-1740,"理":752,"発":529,"目":-1584,"相":-242,"県":-1165,"立":-763,"第":810,"米":509,"自":-1353,"行":838,"西":-744,"見":-3874,"調":1010,"議":1198,"込":3041,"開":1758,"間":-1257,"｢":-645,"｣":3145,"ｯ":831,"ｱ":-587,"ｶ":306,"ｷ":568};
          this.UW3__ = {",":4889,"1":-800,"−":-1723,"、":4889,"々":-2311,"〇":5827,"」":2670,"〓":-3573,"あ":-2696,"い":1006,"う":2342,"え":1983,"お":-4864,"か":-1163,"が":3271,"く":1004,"け":388,"げ":401,"こ":-3552,"ご":-3116,"さ":-1058,"し":-395,"す":584,"せ":3685,"そ":-5228,"た":842,"ち":-521,"っ":-1444,"つ":-1081,"て":6167,"で":2318,"と":1691,"ど":-899,"な":-2788,"に":2745,"の":4056,"は":4555,"ひ":-2171,"ふ":-1798,"へ":1199,"ほ":-5516,"ま":-4384,"み":-120,"め":1205,"も":2323,"や":-788,"よ":-202,"ら":727,"り":649,"る":5905,"れ":2773,"わ":-1207,"を":6620,"ん":-518,"ア":551,"グ":1319,"ス":874,"ッ":-1350,"ト":521,"ム":1109,"ル":1591,"ロ":2201,"ン":278,"・":-3794,"一":-1619,"下":-1759,"世":-2087,"両":3815,"中":653,"主":-758,"予":-1193,"二":974,"人":2742,"今":792,"他":1889,"以":-1368,"低":811,"何":4265,"作":-361,"保":-2439,"元":4858,"党":3593,"全":1574,"公":-3030,"六":755,"共":-1880,"円":5807,"再":3095,"分":457,"初":2475,"別":1129,"前":2286,"副":4437,"力":365,"動":-949,"務":-1872,"化":1327,"北":-1038,"区":4646,"千":-2309,"午":-783,"協":-1006,"口":483,"右":1233,"各":3588,"合":-241,"同":3906,"和":-837,"員":4513,"国":642,"型":1389,"場":1219,"外":-241,"妻":2016,"学":-1356,"安":-423,"実":-1008,"家":1078,"小":-513,"少":-3102,"州":1155,"市":3197,"平":-1804,"年":2416,"広":-1030,"府":1605,"度":1452,"建":-2352,"当":-3885,"得":1905,"思":-1291,"性":1822,"戸":-488,"指":-3973,"政":-2013,"教":-1479,"数":3222,"文":-1489,"新":1764,"日":2099,"旧":5792,"昨":-661,"時":-1248,"曜":-951,"最":-937,"月":4125,"期":360,"李":3094,"村":364,"東":-805,"核":5156,"森":2438,"業":484,"氏":2613,"民":-1694,"決":-1073,"法":1868,"海":-495,"無":979,"物":461,"特":-3850,"生":-273,"用":914,"町":1215,"的":7313,"直":-1835,"省":792,"県":6293,"知":-1528,"私":4231,"税":401,"立":-960,"第":1201,"米":7767,"系":3066,"約":3663,"級":1384,"統":-4229,"総":1163,"線":1255,"者":6457,"能":725,"自":-2869,"英":785,"見":1044,"調":-562,"財":-733,"費":1777,"車":1835,"軍":1375,"込":-1504,"通":-1136,"選":-681,"郎":1026,"郡":4404,"部":1200,"金":2163,"長":421,"開":-1432,"間":1302,"関":-1282,"雨":2009,"電":-1045,"非":2066,"駅":1620,"１":-800,"｣":2670,"･":-3794,"ｯ":-1350,"ｱ":551,"ｸﾞ":1319,"ｽ":874,"ﾄ":521,"ﾑ":1109,"ﾙ":1591,"ﾛ":2201,"ﾝ":278};
          this.UW4__ = {",":3930,".":3508,"―":-4841,"、":3930,"。":3508,"〇":4999,"「":1895,"」":3798,"〓":-5156,"あ":4752,"い":-3435,"う":-640,"え":-2514,"お":2405,"か":530,"が":6006,"き":-4482,"ぎ":-3821,"く":-3788,"け":-4376,"げ":-4734,"こ":2255,"ご":1979,"さ":2864,"し":-843,"じ":-2506,"す":-731,"ず":1251,"せ":181,"そ":4091,"た":5034,"だ":5408,"ち":-3654,"っ":-5882,"つ":-1659,"て":3994,"で":7410,"と":4547,"な":5433,"に":6499,"ぬ":1853,"ね":1413,"の":7396,"は":8578,"ば":1940,"ひ":4249,"び":-4134,"ふ":1345,"へ":6665,"べ":-744,"ほ":1464,"ま":1051,"み":-2082,"む":-882,"め":-5046,"も":4169,"ゃ":-2666,"や":2795,"ょ":-1544,"よ":3351,"ら":-2922,"り":-9726,"る":-14896,"れ":-2613,"ろ":-4570,"わ":-1783,"を":13150,"ん":-2352,"カ":2145,"コ":1789,"セ":1287,"ッ":-724,"ト":-403,"メ":-1635,"ラ":-881,"リ":-541,"ル":-856,"ン":-3637,"・":-4371,"ー":-11870,"一":-2069,"中":2210,"予":782,"事":-190,"井":-1768,"人":1036,"以":544,"会":950,"体":-1286,"作":530,"側":4292,"先":601,"党":-2006,"共":-1212,"内":584,"円":788,"初":1347,"前":1623,"副":3879,"力":-302,"動":-740,"務":-2715,"化":776,"区":4517,"協":1013,"参":1555,"合":-1834,"和":-681,"員":-910,"器":-851,"回":1500,"国":-619,"園":-1200,"地":866,"場":-1410,"塁":-2094,"士":-1413,"多":1067,"大":571,"子":-4802,"学":-1397,"定":-1057,"寺":-809,"小":1910,"屋":-1328,"山":-1500,"島":-2056,"川":-2667,"市":2771,"年":374,"庁":-4556,"後":456,"性":553,"感":916,"所":-1566,"支":856,"改":787,"政":2182,"教":704,"文":522,"方":-856,"日":1798,"時":1829,"最":845,"月":-9066,"木":-485,"来":-442,"校":-360,"業":-1043,"氏":5388,"民":-2716,"気":-910,"沢":-939,"済":-543,"物":-735,"率":672,"球":-1267,"生":-1286,"産":-1101,"田":-2900,"町":1826,"的":2586,"目":922,"省":-3485,"県":2997,"空":-867,"立":-2112,"第":788,"米":2937,"系":786,"約":2171,"経":1146,"統":-1169,"総":940,"線":-994,"署":749,"者":2145,"能":-730,"般":-852,"行":-792,"規":792,"警":-1184,"議":-244,"谷":-1000,"賞":730,"車":-1481,"軍":1158,"輪":-1433,"込":-3370,"近":929,"道":-1291,"選":2596,"郎":-4866,"都":1192,"野":-1100,"銀":-2213,"長":357,"間":-2344,"院":-2297,"際":-2604,"電":-878,"領":-1659,"題":-792,"館":-1984,"首":1749,"高":2120,"｢":1895,"｣":3798,"･":-4371,"ｯ":-724,"ｰ":-11870,"ｶ":2145,"ｺ":1789,"ｾ":1287,"ﾄ":-403,"ﾒ":-1635,"ﾗ":-881,"ﾘ":-541,"ﾙ":-856,"ﾝ":-3637};
          this.UW5__ = {",":465,".":-299,"1":-514,"E2":-32768,"]":-2762,"、":465,"。":-299,"「":363,"あ":1655,"い":331,"う":-503,"え":1199,"お":527,"か":647,"が":-421,"き":1624,"ぎ":1971,"く":312,"げ":-983,"さ":-1537,"し":-1371,"す":-852,"だ":-1186,"ち":1093,"っ":52,"つ":921,"て":-18,"で":-850,"と":-127,"ど":1682,"な":-787,"に":-1224,"の":-635,"は":-578,"べ":1001,"み":502,"め":865,"ゃ":3350,"ょ":854,"り":-208,"る":429,"れ":504,"わ":419,"を":-1264,"ん":327,"イ":241,"ル":451,"ン":-343,"中":-871,"京":722,"会":-1153,"党":-654,"務":3519,"区":-901,"告":848,"員":2104,"大":-1296,"学":-548,"定":1785,"嵐":-1304,"市":-2991,"席":921,"年":1763,"思":872,"所":-814,"挙":1618,"新":-1682,"日":218,"月":-4353,"査":932,"格":1356,"機":-1508,"氏":-1347,"田":240,"町":-3912,"的":-3149,"相":1319,"省":-1052,"県":-4003,"研":-997,"社":-278,"空":-813,"統":1955,"者":-2233,"表":663,"語":-1073,"議":1219,"選":-1018,"郎":-368,"長":786,"間":1191,"題":2368,"館":-689,"１":-514,"Ｅ２":-32768,"｢":363,"ｲ":241,"ﾙ":451,"ﾝ":-343};
          this.UW6__ = {",":227,".":808,"1":-270,"E1":306,"、":227,"。":808,"あ":-307,"う":189,"か":241,"が":-73,"く":-121,"こ":-200,"じ":1782,"す":383,"た":-428,"っ":573,"て":-1014,"で":101,"と":-105,"な":-253,"に":-149,"の":-417,"は":-236,"も":-206,"り":187,"る":-135,"を":195,"ル":-673,"ン":-496,"一":-277,"中":201,"件":-800,"会":624,"前":302,"区":1792,"員":-1212,"委":798,"学":-960,"市":887,"広":-695,"後":535,"業":-697,"相":753,"社":-507,"福":974,"空":-822,"者":1811,"連":463,"郎":1082,"１":-270,"Ｅ１":306,"ﾙ":-673,"ﾝ":-496};
          return this;
        }
        TinySegmenter.prototype.ctype_ = function(str) {
          for (var i in this.chartype_) {
            if (str.match(this.chartype_[i][0])) {
              return this.chartype_[i][1];
            }
          }
          return "O";
        }
        TinySegmenter.prototype.ts_ = function(v) {
          if (v) { return v; }
          return 0;
        }
        TinySegmenter.prototype.segment = function(input) {
          if (input == null || input == undefined || input == "") {
            return [];
          }
          var result = [];
          var seg = ["B3","B2","B1"];
          var ctype = ["O","O","O"];
          var o = input.split("");
          for (i = 0; i < o.length; ++i) {
            seg.push(o[i]);
            ctype.push(this.ctype_(o[i]))
          }
          seg.push("E1");
          seg.push("E2");
          seg.push("E3");
          ctype.push("O");
          ctype.push("O");
          ctype.push("O");
          var word = seg[3];
          var p1 = "U";
          var p2 = "U";
          var p3 = "U";
          for (var i = 4; i < seg.length - 3; ++i) {
            var score = this.BIAS__;
            var w1 = seg[i-3];
            var w2 = seg[i-2];
            var w3 = seg[i-1];
            var w4 = seg[i];
            var w5 = seg[i+1];
            var w6 = seg[i+2];
            var c1 = ctype[i-3];
            var c2 = ctype[i-2];
            var c3 = ctype[i-1];
            var c4 = ctype[i];
            var c5 = ctype[i+1];
            var c6 = ctype[i+2];
            score += this.ts_(this.UP1__[p1]);
            score += this.ts_(this.UP2__[p2]);
            score += this.ts_(this.UP3__[p3]);
            score += this.ts_(this.BP1__[p1 + p2]);
            score += this.ts_(this.BP2__[p2 + p3]);
            score += this.ts_(this.UW1__[w1]);
            score += this.ts_(this.UW2__[w2]);
            score += this.ts_(this.UW3__[w3]);
            score += this.ts_(this.UW4__[w4]);
            score += this.ts_(this.UW5__[w5]);
            score += this.ts_(this.UW6__[w6]);
            score += this.ts_(this.BW1__[w2 + w3]);
            score += this.ts_(this.BW2__[w3 + w4]);
            score += this.ts_(this.BW3__[w4 + w5]);
            score += this.ts_(this.TW1__[w1 + w2 + w3]);
            score += this.ts_(this.TW2__[w2 + w3 + w4]);
            score += this.ts_(this.TW3__[w3 + w4 + w5]);
            score += this.ts_(this.TW4__[w4 + w5 + w6]);
            score += this.ts_(this.UC1__[c1]);
            score += this.ts_(this.UC2__[c2]);
            score += this.ts_(this.UC3__[c3]);
            score += this.ts_(this.UC4__[c4]);
            score += this.ts_(this.UC5__[c5]);
            score += this.ts_(this.UC6__[c6]);
            score += this.ts_(this.BC1__[c2 + c3]);
            score += this.ts_(this.BC2__[c3 + c4]);
            score += this.ts_(this.BC3__[c4 + c5]);
            score += this.ts_(this.TC1__[c1 + c2 + c3]);
            score += this.ts_(this.TC2__[c2 + c3 + c4]);
            score += this.ts_(this.TC3__[c3 + c4 + c5]);
            score += this.ts_(this.TC4__[c4 + c5 + c6]);
        //  score += this.ts_(this.TC5__[c4 + c5 + c6]);    
            score += this.ts_(this.UQ1__[p1 + c1]);
            score += this.ts_(this.UQ2__[p2 + c2]);
            score += this.ts_(this.UQ3__[p3 + c3]);
            score += this.ts_(this.BQ1__[p2 + c2 + c3]);
            score += this.ts_(this.BQ2__[p2 + c3 + c4]);
            score += this.ts_(this.BQ3__[p3 + c2 + c3]);
            score += this.ts_(this.BQ4__[p3 + c3 + c4]);
            score += this.ts_(this.TQ1__[p2 + c1 + c2 + c3]);
            score += this.ts_(this.TQ2__[p2 + c2 + c3 + c4]);
            score += this.ts_(this.TQ3__[p3 + c1 + c2 + c3]);
            score += this.ts_(this.TQ4__[p3 + c2 + c3 + c4]);
            var p = "O";
            if (score > 0) {
              result.push(word);
              word = "";
              p = "B";
            }
            p1 = p2;
            p2 = p3;
            p3 = p;
            word += seg[i];
          }
          result.push(word);
          return result;
        }
        lunr.TinySegmenter = TinySegmenter;
    };
 }));
@@ -1 +0,0 @@
 {"version":3,"sources":["src/templates/assets/stylesheets/palette/_scheme.scss","../../../../src/templates/assets/stylesheets/palette.scss","src/templates/assets/stylesheets/palette/_accent.scss","src/templates/assets/stylesheets/palette/_primary.scss","src/templates/assets/stylesheets/utilities/_break.scss"],"names":[],"mappings":"AA2BA,cAGE,6BAME,sDAAA,CACA,6DAAA,CACA,+DAAA,CACA,gEAAA,CACA,mDAAA,CACA,6DAAA,CACA,+DAAA,CACA,gEAAA,CAGA,mDAAA,CACA,gDAAA,CACA,yDAAA,CACA,4DAAA,CAGA,0BAAA,CACA,mCAAA,CAGA,iCAAA,CACA,kCAAA,CACA,mCAAA,CACA,mCAAA,CACA,kCAAA,CACA,iCAAA,CACA,+CAAA,CACA,6DAAA,CACA,gEAAA,CACA,4DAAA,CACA,4DAAA,CACA,6DAAA,CAGA,6CAAA,CAGA,+CAAA,CAGA,uDAAA,CACA,6DAAA,CACA,2DAAA,CAGA,iCAAA,CAGA,yDAAA,CACA,iEAAA,CAGA,mDAAA,CACA,mDAAA,CAGA,qDAAA,CACA,uDAAA,CAGA,8DAAA,CAKA,8DAAA,CAKA,0DAAA,CAzEA,iBCiBF,CD6DE,kHAEE,YC3DJ,CDkFE,yDACE,4BChFJ,CD+EE,2DACE,4BC7EJ,CD4EE,gEACE,4BC1EJ,CDyEE,2DACE,4BCvEJ,CDsEE,yDACE,4BCpEJ,CDmEE,0DACE,4BCjEJ,CDgEE,gEACE,4BC9DJ,CD6DE,0DACE,4BC3DJ,CD0DE,2OACE,4BC/CJ,CDsDA,+FAGE,iCCpDF,CACF,CCjDE,2BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD6CN,CCvDE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDoDN,CC9DE,8BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD2DN,CCrEE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDkEN,CC5EE,8BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDyEN,CCnFE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDgFN,CC1FE,kCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDuFN,CCjGE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD8FN,CCxGE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDqGN,CC/GE,6BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD4GN,CCtHE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDmHN,CC7HE,4BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCD6HN,CCpIE,8BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCDoIN,CC3IE,6BACE,yBAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCD2IN,CClJE,8BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCDkJN,CCzJE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDsJN,CE3JE,4BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwJN,CEnKE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgKN,CE3KE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwKN,CEnLE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgLN,CE3LE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwLN,CEnME,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgMN,CE3ME,mCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwMN,CEnNE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgNN,CE3NE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwNN,CEnOE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgON,CE3OE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwON,CEnPE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCFmPN,CE3PE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCF2PN,CEnQE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCFmQN,CE3QE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCF2QN,CEnRE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgRN,CE3RE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwRN,CEnSE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCAAA,CAKA,4BF4RN,CE5SE,kCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCAAA,CAKA,4BFqSN,CEtRE,sEACE,4BFyRJ,CE1RE,+DACE,4BF6RJ,CE9RE,iEACE,4BFiSJ,CElSE,gEACE,4BFqSJ,CEtSE,iEACE,4BFySJ,CEhSA,8BACE,mDAAA,CACA,4DAAA,CACA,0DAAA,CACA,oDAAA,CACA,2DAAA,CAGA,4BFiSF,CE9RE,yCACE,+BFgSJ,CE7RI,kDAEE,0CAAA,CACA,sCAAA,CAFA,mCFiSN,CG7MI,mCD1EA,+CACE,8CF0RJ,CEvRI,qDACE,8CFyRN,CEpRE,iEACE,mCFsRJ,CACF,CGxNI,sCDvDA,uCACE,oCFkRJ,CACF,CEzQA,8BACE,kDAAA,CACA,4DAAA,CACA,wDAAA,CACA,oDAAA,CACA,6DAAA,CAGA,4BF0QF,CEvQE,yCACE,+BFyQJ,CEtQI,kDAEE,0CAAA,CACA,sCAAA,CAFA,mCF0QN,CEnQE,yCACE,6CFqQJ,CG9NI,0CDhCA,8CACE,gDFiQJ,CACF,CGnOI,0CDvBA,iFACE,6CF6PJ,CACF,CG3PI,sCDKA,uCACE,6CFyPJ,CACF","file":"palette.css"}
@@ -0,0 +1,58 @@
 #!/bin/zsh
 # in case of  $'\r': command not found error, run command below first
 # sed -i 's/\r$//' ./bootstrap.sh
 CLUSTER="${1:?Usage: ./bootstrap.sh <cluster> (upc-dev|upc-prod|aks-dev|aks-prod|eks-dev|eks-prod|gke-dev|gke-prod)}"
 echo "running $0 for cluster: ${CLUSTER}..."
 # Source cluster config
 eval $(yq -r 'to_entries[] | "export \(.key)=\"\(.value)\""' "clusters/${CLUSTER}.yaml")
 echo "Bootstrapping cluster: ${clusterName} (${CLUSTER})..."
 ############################################################
 # Bootstrap                                                     #
 ############################################################
 Bootstrap()
 {
    ArgoCd
    Gitea
 }
 ############################################################
 # Gitea                                                     #
 ############################################################
 Gitea()
 {
    echo "Installing secret..."
    kubectl apply -f "private/${CLUSTER}/gitea-repo-main.yaml"
    kubectl apply -f "private/${CLUSTER}/main.key"
 }
 ############################################################
 # ArgoCd                                                     #
 ############################################################
 ArgoCd()
 {
    # Pre-create ConfigMap for repo-server env (must exist before Helm upgrade)
    kubectl create namespace argocd --dry-run=client -o yaml | kubectl apply -f -
    kubectl apply -f cluster-resources/argocd-repo-server-config.yaml
    # install argocd
    echo "Installing ArgoCD..."
    helm upgrade --install argocd argo-cd \
            --repo https://argoproj.github.io/argo-helm \
            --version "7.8.0" \
            --namespace argocd --create-namespace \
            --values infra/values/base/argocd-values.yaml \
            --values "infra/values/${CLUSTER}/argocd-values.yaml" \
            --set notifications.context.clusterName="${clusterName}" \
            --timeout 60s --atomic
    kubectl apply -f "_app-of-apps-${CLUSTER}.yaml" -n argocd
 }
 Bootstrap
@@ -0,0 +1,16 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: argocd-notifications-secret
  namespace: argocd
 spec:
  encryptedData:
    slack-webhook-url: AgBIIEfU1TzNNJoQMsiKqF+x0y5vGu5iMwvTADGuUcjlz7DtfExTQu86OdUO1+Gxri/NKKj+KN1Tv7WNJs5Yo/hjjLs/JTxKYuEF6S0xaqLX3sRCkMCdVpRkH079CW4ayDP2moIGrG9+nq0iGNA7qyPssjjSCeMaj6SiHAIXdV+f/5XLrwHUybL2drBp7OVsZcLQJhQRGYIM/R4PvQJGLv95L/XPn5aOK8jxhHIsaxwRlAuGpCP/Ct7mG6H2qL0zKZn/H7Vl+x/Xgx0a/VGcEMosgQY1PeSqihyTcCsSu1g2rd8A03nw8v3kIjkiMzSpIKHoEpWuoNWxDmwMYrpvy1QUnpW2nT9WkLoaoi4lczNr63Z/LT2mCTMhgC83OxF5IA/9cekWh+VMHVsS2c4qQvlDZoT2N4SwkWy++rreFwrXdaMBJHIQI2wT9rtWwRLG4sLigaxBPX7lzVlplkSxHgrVi6c329u6+2Dcw9eMOPfw7GmbnF5H+t1AmFEBbrf2LOPGRy3yd+5g5U4Eyhf7YmA9SaT7TB1w3UhacSCslVH41NLtqNV65lvAjPCyYbEEjmnV02i9rPDyHMitrZ9Z8Spzo3oiK0ZndWh98u8iA7NJY2i+L01n7OLGjRBGL364URHRqcDxCPRrc0ApRBj5aa4HEScowmWCPcoqgzwFfclAz2iNAgQ7h+7/rUN2k96V7Eo0xco+bF/XgwWX5ehIB6FQYKborWa7XHvAGEc85eD3bNOnOUF1RJB/4GzN5yu/7fyeRVnKNEAzZ2cuXD+5RA5gPyqBVgTFspl2MasbMW9KOZT4YKts0ILXqpo=
  template:
    metadata:
      creationTimestamp: null
      name: argocd-notifications-secret
      namespace: argocd
    type: Opaque
@@ -0,0 +1,83 @@
 # CronJob: syncs OIDC client secret from registrar-managed
 # argocd-oidc-credentials into argocd-secret (oidc.clientSecret key).
 # Runs every 2 min. No-ops if source secret doesn't exist yet
 # (safe for fresh deploys before Keycloak is up).
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: argocd-oidc-sync
  namespace: argocd
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: argocd-oidc-sync
  namespace: argocd
 rules:
 - apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["argocd-oidc-credentials", "argocd-secret"]
  verbs: ["get", "patch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: argocd-oidc-sync
  namespace: argocd
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: argocd-oidc-sync
 subjects:
 - kind: ServiceAccount
  name: argocd-oidc-sync
  namespace: argocd
 ---
 apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: argocd-oidc-sync
  namespace: argocd
 spec:
  schedule: "*/2 * * * *"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      backoffLimit: 1
      template:
        spec:
          serviceAccountName: argocd-oidc-sync
          restartPolicy: Never
          containers:
          - name: sync
            image: bitnami/kubectl:latest
            command: ["/bin/sh", "-c"]
            args:
            - |
              set -e
              # Exit gracefully if source secret doesn't exist yet
              if ! kubectl get secret argocd-oidc-credentials -n argocd >/dev/null 2>&1; then
                echo "argocd-oidc-credentials not found — skipping (Keycloak not ready yet)"
                exit 0
              fi
              # Read current OIDC client secret
              NEW_SECRET=$(kubectl get secret argocd-oidc-credentials -n argocd \
                -o jsonpath='{.data.client-secret}' | base64 -d)
              # Read current value in argocd-secret (if any)
              CURRENT=$(kubectl get secret argocd-secret -n argocd \
                -o jsonpath='{.data.oidc\.clientSecret}' 2>/dev/null | base64 -d || echo "")
              # Only patch if changed
              if [ "$NEW_SECRET" = "$CURRENT" ]; then
                echo "oidc.clientSecret already up to date"
                exit 0
              fi
              kubectl patch secret argocd-secret -n argocd --type merge \
                -p "{\"stringData\":{\"oidc.clientSecret\":\"${NEW_SECRET}\"}}"
              echo "Patched argocd-secret with oidc.clientSecret"
@@ -0,0 +1,9 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-repo-server-config
  namespace: argocd
 data:
  # Disable git submodule checkout - submodules (e.g. shared-prompts)
  # are not needed for K8s manifest generation
  ARGOCD_GIT_MODULES_ENABLED: "false"
@@ -0,0 +1,7 @@
 ---
 # Disable Istio sidecar injection for cert-manager namespace
 # This is required for cert-manager to function properly with Istio
 apiVersion: v1
 kind: Namespace
 metadata:
  name: cert-manager
@@ -0,0 +1,20 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: forte10x-repo-creds
  namespace: argocd
 spec:
  encryptedData:
    sshPrivateKey: AgBJ0kYo34Fd52HXd6lNo3QUUesZx/8s3f3U6VYuRP+hwLWRx/toh2+33H3FSvEJlHakMiXOnKSFePP7xS2xi7+ZnjQUviw/dueDzTMAAL6jR11VNc4wLZBmvBlISW3/lRA7dVy8vhyP5FCt1gizwx8+bCDFSJqG6Z2Ca2NuxSC+d3kYL1BTcGOda9SApht/RNM0HY11WGBVEoT/AP8zqwtG3vOTWGiqRkU/UgKbnOIzVrv0ZqwAloj/7+4LgaD7rpy5wPx6WFakjD5ON0xZF1uiusAoa5i+ukMSsmNGTko5qMhkcCyS41H0RgnLKW5UoOuY9Ewvp/8/49FN8hhmAZU0PVVfcKalZYFaei+Ka79oaoKpACHLOevCjMF2sgLEOdtow5nVMlxmsCYWb1cPtuczUH0bGwmNOAmS4Y0cuxc3++5UXZiML5n9Hnfl8K1rxeHWB0nzlRuzwj/JKItBcsjVdF9F+fAHAt8LDzxuqOt+PyyABXHk0aZ56DCvUDm90IAm8ojufLbGWXeouiudM11UxAP9ySp4FB9ou+re6F11ZFE3yVgScKlfpu0bHUFFhm+glVLF+8nlv8E6a1LCb+HOP3WwwXJ0OB9KnYaFhrTuvF9pOVwX9zUs4QCWq323jzTrK8yR3upybxIbfPTF/iMzTQliDUuA5WpK0y2/B+OoeMevuqR4HklUp/OHGpigfTo9p4JtR6f96foXpgg4ViNrl2FwKK8imSkGqTj1NoqFs0gseq3Q/9w5BB0gOd4hK9o3flXljz1wpJxwYWX8ogM05eJD83pjX0b0hvWk1fEZHx+xFLVhm6vYXNfsZ+nnwwEyLV6PdEW2gVYJQo8+e0eVX5eUnynZCL96BgjCkUa/Yvfds1L1q7vzyYOT7t4h4qqmlAwDsUwbPbdANZ26Ybehjn8kS9e9V4oPzk7yvsqzSfzX4UUoFjQsB7ETmiNVbWEYJpAkTJ6OcPQUD12SCW3BDmwmBjpwPOjwl9/zRJezKOdFVncDKtOzXtef7Q+bdNR85klOTmxpEV3GFpp+Qh6xbYuSREYm+N5B1rLcgvoA34VZDmMbQwdlfK2tXG1lO1fnM9inhdU0SDVfgqqeiPZHMhV8TaajQNWEtQJij6VW8/Lsm4yxbKs5cg6ung5I30saaM8LFTI0Njq5/TpbF753+F/v5SV275o5+0MFCZDER30Nh/uFipTpvzOFrQlG/bHrT3/rUnw1dfYz0BcUO7V0KaUQFzV2ArPsNxc=
    type: AgBwM8m/1ZFU6Wdwq3riZkRBlcqLRe4t3MK3T7L6s0Cr7rVsE2QIw7JJgJWW77plgqWYUANxLd8pcXeC3uqvLH7ApYWN0kFzpPD/qK7ZVD13Tq+OnXE+zZyEYwr9YH790ca+KFrJJTewX9zN1Y3KSeyNX2ko0UndPn99PNAhtMCeMrsiJ59HgE66fnq+iGx7Ghs3xai7FVAmQADeaAd5WHkfzN0jEKFccZ/nV60cisqwVttFB0Rt+eMywAoRXw9+mmSVmwGX/bDfO6fm2C3O+GQrVa80E57iXeMO3m6G/lRCjA+9If6lg8QyuD3W+3Xnm3IC5pHEtYFjj8J4cwa4qTMcYsyfOt/NtmWD8KlLNcIFzP/uMar1WQ256PWPoN60pM9mTe6Jyz0sq3L4H/KC/5EfbOJ4tm5QN6/57mcls0eOfOP3JzV92zvC/Z4exjlvEqmKK/T/gMtXCv29ITWtmQWkXtfERuVxB13kXN4gJVuffMKKrsr5uOm5n17PQd1GLoDYo/8nRyNBu4H6+9r8LcAuaE7z4cETuYC9EM3gp4ZkeuwTwNjnNYyrs8nNxGzjVTc1HIhfKGZkJilF0BhXiSmrNczEFBZqC30vgChJ2ko/RePQsxh32rXfdZ1RBGL1B2o8Nf4FZQz6dMpuNeei0tjfo2rq7LCB3Ze8vj8q/iQDAlRbunkevYhTotXPZoZXdcs5VkA=
    url: AgBT+Tyn3YN731bMBG9jJv8F+jda1vA/0DemSL9SWxZFfrH4xSGlg3IITOW+iN4lDDKNiceHFRXcxVSYrStArEnGbBy5a7GvXBuKpwshal3MXGwt1iy5fZZH4nKzKCkLRmECFI4/N/zJpqxWxmiQtXMtBYIPyf97ulaPg4R9h0CwDAfesgbfmfsxB3F6ceUj6BkKHxx36Ca6AlNc06FhqmR307kAnijdfg0Ji+geqnqpruDG2717n5s6+xQG03GiM8rWAnny/4GDkYQsuRxaaRl4skalSS0UfvsoBwdfmn5Uvem6zefbnHaP9j9r5xI5ZN23QB6dQhzMooVHz8vgzn06mj73YkLVSYCwU0cMSOgDr9RWVOxkpCqrP3p76c3Xzj91K+OzVUHfvYbxBuypNJoojCG5bP1amuwtFs8rBSiCONxSTNjStvXN3qDCRKpHmskHlVeH4Lsn20UFOd+vsQue1vfb1jMxQ6I3xi5AUZO6x8TJCGR33EswbGF6ZGvJXuW+S7XtgjUgGMgWcGpBHpjk5EAFCPO83AFf8iNlbX30th/eDsIs1tX7b+RD1+QJYuJsC6pBIU3cVdjDy1Mjb3ViadwkWy6sEytL1NMpRBh7A2T/oIZV0DFkI4wul5y5hztQrNgzzJH9MGeLLxtAxtb1ZTb+StJJjr39c+mXOZMDzl4/cv3KNoj7hTJo1H6y0KbiIjQuaEl6XZdGu/46ZmdearxEPL/60Rtonf/wUve8UV0pqYEVaadHx2ui
  template:
    metadata:
      creationTimestamp: null
      labels:
        argocd.argoproj.io/secret-type: repository
      name: forte10x-repo-creds
      namespace: argocd
    type: Opaque
@@ -0,0 +1,88 @@
 apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: gitea-backup
  namespace: gitea
 spec:
  schedule: "0 3 * * *"   # daily at 03:00 UTC
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 3
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      backoffLimit: 1
      activeDeadlineSeconds: 1800
      template:
        spec:
          restartPolicy: Never
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            fsGroup: 1000
          # Must run on the same node as Gitea to share the RWO volume
          affinity:
            podAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                - labelSelector:
                    matchLabels:
                      app.kubernetes.io/name: gitea
                  topologyKey: kubernetes.io/hostname
          initContainers:
            - name: gitea-dump
              image: gitea/gitea:1.25.4
              command:
                - sh
                - -c
                - |
                  gitea dump \
                    -c /data/gitea/conf/app.ini \
                    -f /backup/gitea-dump.zip \
                    -t /tmp/gitea-dump && \
                  echo "Dump completed: $(ls -lh /backup/gitea-dump.zip)"
              volumeMounts:
                - name: data
                  mountPath: /data
                  readOnly: true
                - name: backup
                  mountPath: /backup
                - name: tmp
                  mountPath: /tmp/gitea-dump
          containers:
            - name: upload
              image: minio/mc:latest
              env:
                - name: HOME
                  value: /tmp
              command:
                - sh
                - -c
                - |
                  mc alias set s3 "${S3_ENDPOINT}" "${AWS_ACCESS_KEY_ID}" "${AWS_SECRET_ACCESS_KEY}"
                  TIMESTAMP=$(date +%Y%m%d-%H%M%S)
                  KEY="gitea-dump-${TIMESTAMP}.zip"
                  echo "Uploading ${KEY}..."
                  mc cp /backup/gitea-dump.zip "s3/${S3_BUCKET}/${KEY}" && \
                  echo "Upload complete."
                  # Prune backups older than 7 days
                  echo "Pruning backups older than 7 days..."
                  mc rm --older-than 7d --force "s3/${S3_BUCKET}/" 2>&1 || true
                  echo "Pruning complete."
              envFrom:
                - secretRef:
                    name: gitea-backup-s3
              volumeMounts:
                - name: backup
                  mountPath: /backup
                  readOnly: true
          volumes:
            - name: data
              persistentVolumeClaim:
                claimName: gitea-shared-storage
            - name: backup
              emptyDir:
                sizeLimit: 5Gi
            - name: tmp
              emptyDir:
                sizeLimit: 5Gi
@@ -0,0 +1,13 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
 metadata:
  name: gitea-ssh
  namespace: gitea
 spec:
  entryPoints:
    - giteassh
  routes:
    - match: HostSNI(`*`)
      services:
        - name: gitea-ssh
          port: 22
@@ -0,0 +1,54 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: kyverno:pods-replicasets:manage
  labels:
    rbac.kyverno.io/aggregate-to-cleanup-controller: "true"
 rules:
 - apiGroups:
  - ''
  - 'apps'
  resources:
  - replicasets
  - pods
  verbs:
  - get
  - list
  - watch
  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: kyverno:secrets:view
  labels:
    rbac.kyverno.io/aggregate-to-admission-controller: "true"
    rbac.kyverno.io/aggregate-to-reports-controller: "true"
    rbac.kyverno.io/aggregate-to-background-controller: "true"
 rules:
 - apiGroups:
  - ''
  resources:
  - secrets
  - namespaces
  verbs:
  - get
  - list
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: kyverno:secrets:manage
  labels:
    rbac.kyverno.io/aggregate-to-background-controller: "true"
 rules:
 - apiGroups:
  - ''
  resources:
  - secrets
  - namespaces
  verbs:
  - create
  - update
  - delete
@@ -0,0 +1,35 @@
 ---
 # Staging ClusterIssuer for testing (higher rate limits, not browser-trusted)
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-staging
 spec:
  acme:
    # Let's Encrypt staging server
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: danijels@gmail.com
    privateKeySecretRef:
      name: letsencrypt-staging-key
    solvers:
    - http01:
        ingress:
          class: traefik
 ---
 # Production ClusterIssuer for browser-trusted certificates
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-prod
 spec:
  acme:
    # Let's Encrypt production server
    server: https://acme-v02.api.letsencrypt.org/directory
    email: danijels@gmail.com
    privateKeySecretRef:
      name: letsencrypt-prod-key
    solvers:
    - http01:
        ingress:
          class: traefik
@@ -0,0 +1,20 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: mcp10x-repo-creds
  namespace: argocd
 spec:
  encryptedData:
    sshPrivateKey: AgABjxZ9fCInZErXR2rkRfn/xg3foN/k8PZaU2xeaf6SraOIoAzsEOmCZjOhml2aOxezED9jAuCyAVcnJGjULlYiwGklmRzekqy3aUNMPsswQIBhs2kDkR0py0ANudNrv1gYkmNn0Z+nMuPIvMbjKkA0avoRD9aXbY7XFP6lJfoFURGYQ6mZeUsjbsugL3m0drync5Ff5IWoPm4cs+O58RXRIiUuMQ/BSEov9DBQfugB94Dg5xA2o1IO9MoXLiHVGfXTd6JD65SnGwhtftmucTXETZjGJbDwJnwcbmC5JqOnxP+wvb9sFUm8QNaGBkODB7ET2YOFnrbhL45L1HwXkLzvteyOpuStfihtOeyKl2D1PRxyy/uwlEg2GR+TZzegrrMlEU/wY6u1nqfkw8g+VPQy2r0KCCRDWha9bBReyFz2LzJr8quTp/HmKi5l0ljVTwziZ2EI6SFdtIGjnyAhEAYWZZoCn1cYQ9Y7qTSnnm6k1f6tnqCJljfr0ls63cXosWxPaSsyHjnmxQboUs+QgpLZDGo5UZLsYJpafPeKN5lQJgZpkK0el4JzLreA1TTLSp2bVW/3Y2R6auQlOhC79A+/ctEooQq6ugPdKaiKUjDpcl9J3pIEiMw0/m6cnFRgBFZdey0hia/joYruIKjL+P6MpwMEL5nKEjnV1hSQqDraC+H4fvQOuYIHYYOPTePxcFyznK/ctcZI9ByW1zT8tSNbKJLia2fhv1Fv15MX/qrk84stW3FG4W1M9PKbmYX8gksF1PxWh+FWfOFteTU+bZPXUOvU5onEFET1L8ZaN7z8v2cYh/D7kRHVcTrLrxgvugvRnGFIsx2Wy0d48LApfDNmip4q4AjA+yhZgRR+eziyStEzFfsvU/MDK9qeQoK+cmV3RMcKUOYthjDbCzndH6TFlqcQQGEWvcbLqofpFjXz0uw9pY7Z8YRBemD6wqAM13JtaI+hF6EW3fW6Vy3QS0O1Kqgy/8bCh4R3h+DGtXPkMu/xLKuFiUQJF2XnQEZya+aYbxQUcNcxOvblWndHOMFpbce0ERIon9m4rvn8HLNeoRqC+x4iGW7ft4pFkaLr/DYOkhiNmSfd35js8TLfcxSXZg2pX+dq6lejGxVdkrvmisWm+4xpc0B8hRpwQMJGuIM4rQz5wj/XndfHSH1Z0NnorCmSubOwPIpq7VQqoyCIpOBCzBLVki4hlJeqIvm2/xJPPVzxZZ16Uy7TGbSoPWs=
    type: AgC9y+ZjBL2JsaUBFhWc4wlZWnp04EzxyXwJJgwu+FyBTGWGBrA5dp7KeS7LuPW+vBcjJKcLVuYrDbxJw622RgD0m8ALEL+TQg+CnULXljb7P1inSlAVKHBg0le2bz6dZ55SmZvAItrm5MSxcwVZYFeBVjHFP5IDwF2uPv9ZQOrIGA58ZjTK9+kTsVN/XbVCnNnTaAakW6PR7YaLvpiYYfMbGlU+JmItwIJASPnqmQV40+5f+ewgCl5w0ATeNi6VOQx6quQm7HJovneE0pfYRyg/fTc3SNI6Ao/82+QP3H/7Kmme1DLncMfKSmTZ1dcLQ7AaUZFXuwaQzwzLwv1RLsyFowweJJh20TGV66526oM9zzPAAuFD+yBQln+qdn+qJnOpUZU9Ft/bbnaX2JuBHfcpXK93CvlATo9p+d2RdWvscUSN5NcQ+/szkIJmcCwPW4W7wLvst/+oy2mqJIoRY2T8VT5QclPe2Mbz0onriXx50zeGGAi2MWzNUdR60S8sfadn/6J0+3GdQnQwrgvgV1W2yuXQW6+ThzEqZZlQLZz9+LUQBTYf7DAObGw1EJE1ZdldoyiurMrrlCf88xA9grv9y1QiN0TIElTy5z10Jke8cB9yXBYMA4D/XaEAJ5juk44XjzlmOqPyyFny0xEd6LFILETr76ph1lI6TJUrE5dA9MOwRMQWwSfcMyqRob1nSwx9tBA=
    url: AgCZPKVLwBsR41TulTWsw5gSnAFBCH5pQj8hoty2LlGcgM2cY+ArDCv46B8ihFdLiGY4r9hRAhlzkeC1mjgTI9GDzfmrTVs5xS4ilKG9HTt8SzleyqlYT8jZAopc1ln3j4pMLZj471th0PBRxajIxT4rv+tm02FlS+1Py+sHTochMakXLBSQxAy0fGr+Y98WuG6GYxcrHOD4yqErdmq06N9xrmGjP0KCAxTS4VJLiVvWbikANwtDFCmB63wiaqQ0uky7aeX/UrmCUi4WhuFfwUipSr6nyn2Ws3TdTOjioeRNA/LtDb6zc0k1WqgWU2Kk0YHoIJF7w4POSurNQu4yrPgeaK8Ez8k+cFQihK+/4YHZPOUS5Dzm3XhXuQOgQRMfeIFPsutYAMk7WQB8bPDjlk2CpLIg+vQicrW6JEjAgIbD4ohUNKznP2h6vTu6fcGKleDMEedp73/Pud1EinOxyOA91uYv+k54F/tndE6Jj/RJnMTBVBuw71789oBF/QZJ3glhjq/Q78v8t5Zq0QFlpuc4oXOn6WAuP79kUBiBbOVDfSaBMtztsZihf9En3RRzC5RRncOhYaLOufkPTY+qC2Myj6+T/SdxZnyohEZSzHyqSMsBOLCcWTcap79kP3ARRH8az+/7Nga95TnIEoG6f5Wt12f9ZglZtM/UJvQv0NxhSF6YY4gk8sI0Mv5A9ihnUKP7i0gxCnf+X+UJACt+Iy6MDdxFxCHJW7Gp79wrIPmOWnhRJQ==
  template:
    metadata:
      creationTimestamp: null
      labels:
        argocd.argoproj.io/secret-type: repository
      name: mcp10x-repo-creds
      namespace: argocd
    type: Opaque
@@ -0,0 +1,37 @@
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
  name: deny-external-egress
  namespace: trivy-system
  labels:
    app.kubernetes.io/managed-by: argocd
    app.kubernetes.io/part-of: network-policies
 spec:
  endpointSelector: {}
  egress:
    # Allow DNS resolution
    - toEndpoints:
        - matchLabels:
            io.kubernetes.pod.namespace: kube-system
            k8s-app: kube-dns
      toPorts:
        - ports:
            - port: "53"
              protocol: UDP
            - port: "53"
              protocol: TCP
    # Allow cluster-internal traffic (RFC1918)
    - toCIDR:
        - 10.0.0.0/8
        - 172.16.0.0/12
        - 192.168.0.0/16
    # Allow Trivy vulnerability DB downloads (ghcr.io OCI registry)
    - toFQDNs:
        - matchName: ghcr.io
        - matchName: pkg-containers.githubusercontent.com
      toPorts:
        - ports:
            - port: "443"
              protocol: TCP
@@ -0,0 +1,500 @@
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: inject-auth-sidecar
  annotations:
    pod-policies.kyverno.io/autogen-controllers: none
    policies.kyverno.io/title: Inject Auth Sidecar
    policies.kyverno.io/minversion: 1.6.0
    policies.kyverno.io/category: Security
    policies.kyverno.io/severity: medium
    policies.kyverno.io/subject: Pod
    policies.kyverno.io/description: >-
      Injects an auth sidecar container into Pods annotated with policies.forteapps.io/auth: "true". Supports three auth modes controlled by the policies.forteapps.io/auth-type annotation: "token" (default), "oidc", and "mcp". In token mode the sidecar reads credentials from a mounted Secret volume. In OIDC mode the sidecar uses OpenID Connect with authority and client-id provided via required annotations (policies.forteapps.io/auth-oidc-authority and policies.forteapps.io/auth-oidc-client-id) and secrets from an auth-oidc Secret. In MCP mode the sidecar implements OAuth 2.0 for MCP servers per RFC 9728 (Protected Resource Metadata) and RFC 7591 (Dynamic Client Registration), configured via policies.forteapps.io/auth-mcp-resource and policies.forteapps.io/auth-mcp-authority annotations. The sidecar port defaults to 9001 and can be overridden via the policies.forteapps.io/auth-port annotation. A NetworkPolicy is generated to restrict ingress to the sidecar port only.
 spec:
  background: false
  rules:
  - name: generate-auth-tokens-secret
    skipBackgroundRequests: true
    match:
      any:
      - resources:
          kinds:
          - Pod
          annotations:
            policies.forteapps.io/auth: "true"
    exclude:
      any:
      - resources:
          namespaces:
          - kube-system
          - kyverno
          - argocd
          - cert-manager
          - monitoring
    preconditions:
      all:
      - key: "{{ request.operation }}"
        operator: In
        value:
        - CREATE
      - key: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-type\" || 'token' }}"
        operator: Equals
        value: "token"
    generate:
      synchronize: false
      apiVersion: v1
      kind: Secret
      name: auth-tokens
      namespace: "{{ request.namespace }}"
      data:
        metadata:
          labels:
            app.kubernetes.io/managed-by: kyverno
            app.kubernetes.io/created-by: inject-auth-sidecar
        type: Opaque
        data: {}
  - name: generate-auth-oidc-secret
    skipBackgroundRequests: true
    match:
      any:
      - resources:
          kinds:
          - Pod
          annotations:
            policies.forteapps.io/auth: "true"
            policies.forteapps.io/auth-type: "oidc"
    exclude:
      any:
      - resources:
          namespaces:
          - kube-system
          - kyverno
          - argocd
          - cert-manager
          - monitoring
    preconditions:
      all:
      - key: "{{ request.operation }}"
        operator: In
        value:
        - CREATE
    generate:
      synchronize: false
      apiVersion: v1
      kind: Secret
      name: auth-oidc
      namespace: "{{ request.namespace }}"
      data:
        metadata:
          labels:
            app.kubernetes.io/managed-by: kyverno
            app.kubernetes.io/created-by: inject-auth-sidecar
        type: Opaque
        data: {}
  - name: inject-sidecar-token
    skipBackgroundRequests: true
    match:
      any:
      - resources:
          kinds:
          - Pod
          annotations:
            policies.forteapps.io/auth: "true"
    exclude:
      any:
      - resources:
          namespaces:
          - kube-system
          - kyverno
          - argocd
          - cert-manager
          - monitoring
    preconditions:
      all:
      - key: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-type\" || 'token' }}"
        operator: Equals
        value: "token"
    context:
    - name: appPort
      variable:
        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
    - name: sidecarPort
      variable:
        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '9001')
    mutate:
      patchStrategicMerge:
        spec:
          containers:
          - name: authn
            image: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image\" || 'git.forteapps.net/forte/auth-sidecar' }}:{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image-version\" || 'latest' }}"
            ports:
            - containerPort: "{{ sidecarPort }}"
              name: auth
              protocol: TCP
            env:
            - name: AUTH_LISTEN_ADDR
              value: ":{{ sidecarPort }}"
            - name: AUTH_UPSTREAM_URL
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}"
            - name: AUTH_PUBLIC_PATHS
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-public-paths\" || '/healthz' }}"
            - name: AUTH_TOKEN_FILE
              value: "/etc/auth/tokens"
            - name: AUTH_MODE
              value: "token"
            volumeMounts:
            - name: auth-tokens
              mountPath: /etc/auth
              readOnly: true
            resources:
              limits:
                cpu: 50m
                memory: 64Mi
              requests:
                cpu: 10m
                memory: 32Mi
            readinessProbe:
              httpGet:
                path: /healthz
                port: "{{ sidecarPort }}"
              initialDelaySeconds: 2
              periodSeconds: 5
            livenessProbe:
              httpGet:
                path: /healthz
                port: "{{ sidecarPort }}"
              initialDelaySeconds: 5
              periodSeconds: 10
            securityContext:
              allowPrivilegeEscalation: false
              readOnlyRootFilesystem: true
              capabilities:
                drop:
                - ALL
          volumes:
          - name: auth-tokens
            secret:
              secretName: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-token-secret-name\" || 'auth-tokens' }}"
              optional: true
  - name: inject-sidecar-oidc
    skipBackgroundRequests: true
    match:
      any:
      - resources:
          kinds:
          - Pod
          annotations:
            policies.forteapps.io/auth: "true"
            policies.forteapps.io/auth-type: "oidc"
    exclude:
      any:
      - resources:
          namespaces:
          - kube-system
          - kyverno
          - argocd
          - cert-manager
          - monitoring
    context:
    - name: appPort
      variable:
        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
    - name: sidecarPort
      variable:
        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '9001')
    mutate:
      patchStrategicMerge:
        spec:
          containers:
          - name: authn
            image: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image\" || 'git.forteapps.net/forte/auth-sidecar' }}:{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image-version\" || 'latest' }}"
            imagePullPolicy: Always
            ports:
            - containerPort: "{{ sidecarPort }}"
              name: auth
              protocol: TCP
            env:
            - name: AUTH_MODE
              value: "oidc"
            - name: AUTH_LISTEN_ADDR
              value: ":{{ sidecarPort }}"
            - name: AUTH_LOG_LEVEL
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-log-level\" || 'info' }}"
            - name: AUTH_UPSTREAM_URL
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}"
            - name: AUTH_OIDC_AUTHORITY
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-authority\" }}"
            - name: AUTH_OIDC_CLIENT_ID
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-client-id\" }}"
            - name: AUTH_OIDC_CALLBACK_URL
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\" }}"
            - name: AUTH_OIDC_CALLBACK_PATH
              value: "{{ regex_replace_all('https?://[^/]*', request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\", '') }}"
            - name: AUTH_OIDC_SCOPES
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-scopes\" || 'openid,profile,email'  }}"
            - name: AUTH_PUBLIC_PATHS
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-public-paths\" || '/healthz' }}"
            - name: AUTH_OIDC_COOKIE_SECRET
              valueFrom:
                secretKeyRef:
                  name: auth-oidc
                  key: cookie-secret
            - name: AUTH_OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-credentials-secret\" || 'auth-oidc' }}"
                  key: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-credentials-secret-key\" || 'client-secret' }}"
            - name: AUTH_OIDC_IDP_HINT
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-idp-hint\" || '' }}"
            - name: AUTH_OIDC_BROKER_ALIAS
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-broker-alias\" || '' }}"
            - name: AUTH_OIDC_BROKER_TOKEN_HEADER
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-broker-token-header\" || '' }}"
            resources:
              limits:
                cpu: 50m
                memory: 64Mi
              requests:
                cpu: 10m
                memory: 32Mi
            readinessProbe:
              httpGet:
                path: /healthz
                port: "{{ sidecarPort }}"
              initialDelaySeconds: 2
              periodSeconds: 5
            livenessProbe:
              httpGet:
                path: /healthz
                port: "{{ sidecarPort }}"
              initialDelaySeconds: 5
              periodSeconds: 10
            securityContext:
              allowPrivilegeEscalation: false
              readOnlyRootFilesystem: true
              capabilities:
                drop:
                - ALL
  - name: inject-sidecar-mcp
    skipBackgroundRequests: true
    match:
      any:
      - resources:
          kinds:
          - Pod
          annotations:
            policies.forteapps.io/auth: "true"
            policies.forteapps.io/auth-type: "mcp"
    exclude:
      any:
      - resources:
          namespaces:
          - kube-system
          - kyverno
          - argocd
          - cert-manager
          - monitoring
    context:
    - name: appPort
      variable:
        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
    - name: sidecarPort
      variable:
        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '9001')
    mutate:
      patchStrategicMerge:
        spec:
          containers:
          - name: authn
            image: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image\" || 'git.forteapps.net/forte/auth-sidecar' }}:{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image-version\" || 'latest' }}"
            imagePullPolicy: Always
            ports:
            - containerPort: "{{ sidecarPort }}"
              name: auth
              protocol: TCP
            env:
            - name: AUTH_MODE
              value: "mcp"
            - name: AUTH_LISTEN_ADDR
              value: ":{{ sidecarPort }}"
            - name: AUTH_LOG_LEVEL
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-log-level\" || 'info' }}"
            - name: AUTH_UPSTREAM_URL
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}"
            - name: AUTH_MCP_RESOURCE
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-resource\" }}"
            - name: AUTH_MCP_AUTHORIZATION_SERVERS
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-authority\" }}"
            - name: AUTH_PUBLIC_PATHS
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-public-paths\" || '/healthz' }}"
            - name: AUTH_MCP_SCOPES_SUPPORTED
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-scopes\" || 'profile'  }}"
            - name: AUTH_MCP_IDP_HINT
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-idp-hint\" || '' }}"
            resources:
              limits:
                cpu: 50m
                memory: 64Mi
              requests:
                cpu: 10m
                memory: 32Mi
            readinessProbe:
              httpGet:
                path: /healthz
                port: "{{ sidecarPort }}"
              initialDelaySeconds: 2
              periodSeconds: 5
            livenessProbe:
              httpGet:
                path: /healthz
                port: "{{ sidecarPort }}"
              initialDelaySeconds: 5
              periodSeconds: 10
            securityContext:
              allowPrivilegeEscalation: false
              readOnlyRootFilesystem: true
              capabilities:
                drop:
                - ALL
  - name: inject-sidecar-oauth
    skipBackgroundRequests: true
    match:
      any:
      - resources:
          kinds:
          - Pod
          annotations:
            policies.forteapps.io/auth: "true"
            policies.forteapps.io/auth-type: "oauth"
    exclude:
      any:
      - resources:
          namespaces:
          - kube-system
          - kyverno
          - argocd
          - cert-manager
          - monitoring
    context:
    - name: appPort
      variable:
        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
    - name: sidecarPort
      variable:
        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '9001')
    mutate:
      patchStrategicMerge:
        spec:
          containers:
          - name: authn
            image: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image\" || 'git.forteapps.net/forte/auth-sidecar' }}:{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image-version\" || 'latest' }}"
            imagePullPolicy: Always
            ports:
            - containerPort: "{{ sidecarPort }}"
              name: auth
              protocol: TCP
            env:
            - name: AUTH_MODE
              value: "oauth"
            - name: AUTH_LISTEN_ADDR
              value: ":{{ sidecarPort }}"
            - name: AUTH_LOG_LEVEL
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-log-level\" || 'info' }}"
            - name: AUTH_UPSTREAM_URL
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}"
            - name: AUTH_OAUTH_AUTHORITY
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-authority\" }}"
            - name: AUTH_OAUTH_CLIENT_ID
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-client-id\" }}"
            - name: AUTH_OAUTH_SCOPES
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-scopes\" || 'openid,profile,email'  }}"
            - name: AUTH_OAUTH_DELEGATION_ENABLED
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-delegation-enabled\" || 'false'  }}"
            - name: AUTH_OAUTH_DELEGATION_CLIENT_ID
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-delegation-client-id\" || ''  }}"
            - name: AUTH_OAUTH_DELEGATION_SCOPES
              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-delegation-scopes\" || ''  }}"
            - name: AUTH_OAUTH_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-credentials-secret\" || 'auth-oauth' }}"
                  key: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-credentials-secret-key\" || 'client-secret' }}"
            - name: AUTH_OAUTH_DELEGATION_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: auth-oauth
                  key: delegation-client-secret
            resources:
              limits:
                cpu: 50m
                memory: 64Mi
              requests:
                cpu: 10m
                memory: 32Mi
            readinessProbe:
              httpGet:
                path: /healthz
                port: "{{ sidecarPort }}"
              initialDelaySeconds: 2
              periodSeconds: 5
            livenessProbe:
              httpGet:
                path: /healthz
                port: "{{ sidecarPort }}"
              initialDelaySeconds: 5
              periodSeconds: 10
            securityContext:
              allowPrivilegeEscalation: false
              readOnlyRootFilesystem: true
              capabilities:
                drop:
                - ALL
  - name: generate-auth-network-policy
    skipBackgroundRequests: true
    match:
      any:
      - resources:
          kinds:
          - Pod
          annotations:
            policies.forteapps.io/auth: "true"
    exclude:
      any:
      - resources:
          namespaces:
          - kube-system
          - kyverno
          - argocd
          - cert-manager
          - monitoring
    preconditions:
      all:
      - key: "{{ request.operation }}"
        operator: In
        value:
        - CREATE
    context:
    - name: sidecarPort
      variable:
        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '9001')
    generate:
      synchronize: false
      apiVersion: networking.k8s.io/v1
      kind: NetworkPolicy
      name: "{{ request.object.metadata.name }}-auth-ingress"
      namespace: "{{ request.namespace }}"
      data:
        metadata:
          labels:
            app.kubernetes.io/managed-by: kyverno
            app.kubernetes.io/created-by: inject-auth-sidecar
        spec:
          podSelector:
            matchLabels: "{{ request.object.metadata.labels }}"
          policyTypes:
          - Ingress
          ingress:
          - ports:
            - port: "{{ sidecarPort }}"
              protocol: TCP
@@ -0,0 +1,26 @@
 apiVersion: kyverno.io/v2
 kind: ClusterCleanupPolicy
 metadata:
  name: clean-bare-pods
  annotations:
    policies.kyverno.io/title: Cleanup Bare Pods
    policies.kyverno.io/category: Other
    policies.kyverno.io/severity: medium
    policies.kyverno.io/subject: Pod
    kyverno.io/kyverno-version: 1.11.1
    policies.kyverno.io/minversion: 1.10.0
    pod-policies.kyverno.io/autogen-controllers: none
    kyverno.io/kubernetes-version: "1.27"
    policies.kyverno.io/description: A bare Pod is any Pod created directly and not owned by a controller such as a Deployment or Job. Bare Pods are often create manually by users in an attempt to troubleshoot an issue. If left in the cluster, they create clutter, increase cost, and can be a security risk. Bare Pods can be cleaned up periodically through use of a policy. This policy finds and removes all bare Pods across the cluster.
 spec:
  match:
    any:
    - resources:
        kinds:
        - Pod
  conditions:
    all:
    - key: "{{ target.metadata.ownerReferences[] || `[]` }}"
      operator: Equals
      value: []
  schedule: "*/5 * * * *"
@@ -0,0 +1,45 @@
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: disallow-default-namespace
  annotations:
    pod-policies.kyverno.io/autogen-controllers: none
    policies.kyverno.io/title: Disallow Default Namespace
    policies.kyverno.io/minversion: 1.6.0
    policies.kyverno.io/category: Multi-Tenancy
    policies.kyverno.io/severity: medium
    policies.kyverno.io/subject: Pod
    policies.kyverno.io/description: Kubernetes Namespaces are an optional feature that provide a way to segment and isolate cluster resources across multiple applications and users. As a best practice, workloads should be isolated with Namespaces. Namespaces should be required and the default (empty) Namespace should not be used. This policy validates that Pods specify a Namespace name other than `default`. Rule auto-generation is disabled here due to Pod controllers need to specify the `namespace` field under the top-level `metadata` object and not at the Pod template level.
 spec:
  validationFailureAction: Enforce
  background: true
  rules:
  - name: enforce-namespace
    skipBackgroundRequests: true
    match:
      any:
      - resources:
          kinds:
          - Pod
    validate:
      allowExistingViolations: false
      message: Using 'default' namespace is not allowed.
      pattern:
        metadata:
          namespace: "!default"
  - name: enforce-podcontroller-namespace
    skipBackgroundRequests: true
    match:
      any:
      - resources:
          kinds:
          - DaemonSet
          - Deployment
          - Job
          - StatefulSet
    validate:
      allowExistingViolations: false
      message: Using 'default' namespace is not allowed for pod controllers.
      pattern:
        metadata:
          namespace: "!default"
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`# Force LF line endings for shell scripts`
							`*.sh text eol=lf`
		`@@ -1 +0,0 @@`
			!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.hi=function(){this.pipeline.reset(),this.pipeline.add(e.hi.trimmer,e.hi.stopWordFilter,e.hi.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.hi.stemmer))},e.hi.wordCharacters="ऀ-ःऄ-एऐ-टठ-यर-िी-ॏॐ-य़ॠ-९॰-ॿa-zA-Zａ-ｚＡ-Ｚ0-9０-９",e.hi.trimmer=e.trimmerSupport.generateTrimmer(e.hi.wordCharacters),e.Pipeline.registerFunction(e.hi.trimmer,"trimmer-hi"),e.hi.stopWordFilter=e.generateStopWordFilter("अत अपना अपनी अपने अभी अंदर आदि आप इत्यादि इन इनका इन्हीं इन्हें इन्हों इस इसका इसकी इसके इसमें इसी इसे उन उनका उनकी उनके उनको उन्हीं उन्हें उन्हों उस उसके उसी उसे एक एवं एस ऐसे और कई कर करता करते करना करने करें कहते कहा का काफ़ी कि कितना किन्हें किन्हों किया किर किस किसी किसे की कुछ कुल के को कोई कौन कौनसा गया घर जब जहाँ जा जितना जिन जिन्हें जिन्हों जिस जिसे जीधर जैसा जैसे जो तक तब तरह तिन तिन्हें तिन्हों तिस तिसे तो था थी थे दबारा दिया दुसरा दूसरे दो द्वारा न नके नहीं ना निहायत नीचे ने पर पहले पूरा पे फिर बनी बही बहुत बाद बाला बिलकुल भी भीतर मगर मानो मे में यदि यह यहाँ यही या यिह ये रखें रहा रहे ऱ्वासा लिए लिये लेकिन व वग़ैरह वर्ग वह वहाँ वहीं वाले वुह वे वो सकता सकते सबसे सभी साथ साबुत साभ सारा से सो संग ही हुआ हुई हुए है हैं हो होता होती होते होना होने".split(" ")),e.hi.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var r=e.wordcut;r.init(),e.hi.tokenizer=function(i){if(!arguments.length\|\|null==i\|\|void 0==i)return[];if(Array.isArray(i))return i.map(function(r){return isLunr2?new e.Token(r.toLowerCase()):r.toLowerCase()});var t=i.toString().toLowerCase().replace(/^\s+/,"");return r.cut(t).split("\|")},e.Pipeline.registerFunction(e.hi.stemmer,"stemmer-hi"),e.Pipeline.registerFunction(e.hi.stopWordFilter,"stopWordFilter-hi")}});
		`@@ -1 +0,0 @@`
			!function(e,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(e.lunr)}(this,function(){return function(e){e.multiLanguage=function(){for(var t=Array.prototype.slice.call(arguments),i=t.join("-"),r="",n=[],s=[],p=0;p<t.length;++p)"en"==t[p]?(r+="\\w",n.unshift(e.stopWordFilter),n.push(e.stemmer),s.push(e.stemmer)):(r+=e[t[p]].wordCharacters,e[t[p]].stopWordFilter&&n.unshift(e[t[p]].stopWordFilter),e[t[p]].stemmer&&(n.push(e[t[p]].stemmer),s.push(e[t[p]].stemmer)));var o=e.trimmerSupport.generateTrimmer(r);return e.Pipeline.registerFunction(o,"lunr-multi-trimmer-"+i),n.unshift(o),function(){this.pipeline.reset(),this.pipeline.add.apply(this.pipeline,n),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add.apply(this.searchPipeline,s))}}}});
		`@@ -1 +0,0 @@`
			!function(r,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(r.lunr)}(this,function(){return function(r){r.stemmerSupport={Among:function(r,t,i,s){if(this.toCharArray=function(r){for(var t=r.length,i=new Array(t),s=0;s<t;s++)i[s]=r.charCodeAt(s);return i},!r&&""!=r\|\|!t&&0!=t\|\|!i)throw"Bad Among initialisation: s:"+r+", substring_i: "+t+", result: "+i;this.s_size=r.length,this.s=this.toCharArray(r),this.substring_i=t,this.result=i,this.method=s},SnowballProgram:function(){var r;return{bra:0,ket:0,limit:0,cursor:0,limit_backward:0,setCurrent:function(t){r=t,this.cursor=0,this.limit=t.length,this.limit_backward=0,this.bra=this.cursor,this.ket=this.limit},getCurrent:function(){var t=r;return r=null,t},in_grouping:function(t,i,s){if(this.cursor<this.limit){var e=r.charCodeAt(this.cursor);if(e<=s&&e>=i&&(e-=i,t[e>>3]&1<<(7&e)))return this.cursor++,!0}return!1},in_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e<=s&&e>=i&&(e-=i,t[e>>3]&1<<(7&e)))return this.cursor--,!0}return!1},out_grouping:function(t,i,s){if(this.cursor<this.limit){var e=r.charCodeAt(this.cursor);if(e>s\|\|e<i)return this.cursor++,!0;if(e-=i,!(t[e>>3]&1<<(7&e)))return this.cursor++,!0}return!1},out_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e>s\|\|e<i)return this.cursor--,!0;if(e-=i,!(t[e>>3]&1<<(7&e)))return this.cursor--,!0}return!1},eq_s:function(t,i){if(this.limit-this.cursor<t)return!1;for(var s=0;s<t;s++)if(r.charCodeAt(this.cursor+s)!=i.charCodeAt(s))return!1;return this.cursor+=t,!0},eq_s_b:function(t,i){if(this.cursor-this.limit_backward<t)return!1;for(var s=0;s<t;s++)if(r.charCodeAt(this.cursor-t+s)!=i.charCodeAt(s))return!1;return this.cursor-=t,!0},find_among:function(t,i){for(var s=0,e=i,n=this.cursor,u=this.limit,o=0,h=0,c=!1;;){for(var a=s+(e-s>>1),f=0,l=o<h?o:h,_=t[a],m=l;m<_.s_size;m++){if(n+l==u){f=-1;break}if(f=r.charCodeAt(n+l)-_.s[m])break;l++}if(f<0?(e=a,h=l):(s=a,o=l),e-s<=1){if(s>0\|\|e==s\|\|c)break;c=!0}}for(;;){var _=t[s];if(o>=_.s_size){if(this.cursor=n+_.s_size,!_.method)return _.result;var b=_.method();if(this.cursor=n+_.s_size,b)return _.result}if((s=_.substring_i)<0)return 0}},find_among_b:function(t,i){for(var s=0,e=i,n=this.cursor,u=this.limit_backward,o=0,h=0,c=!1;;){for(var a=s+(e-s>>1),f=0,l=o<h?o:h,_=t[a],m=_.s_size-1-l;m>=0;m--){if(n-l==u){f=-1;break}if(f=r.charCodeAt(n-1-l)-_.s[m])break;l++}if(f<0?(e=a,h=l):(s=a,o=l),e-s<=1){if(s>0\|\|e==s\|\|c)break;c=!0}}for(;;){var _=t[s];if(o>=_.s_size){if(this.cursor=n-_.s_size,!_.method)return _.result;var b=_.method();if(this.cursor=n-_.s_size,b)return _.result}if((s=_.substring_i)<0)return 0}},replace_s:function(t,i,s){var e=s.length-(i-t),n=r.substring(0,t),u=r.substring(i);return r=n+s+u,this.limit+=e,this.cursor>=i?this.cursor+=e:this.cursor>t&&(this.cursor=t),e},slice_check:function(){if(this.bra<0\|\|this.bra>this.ket\|\|this.ket>this.limit\|\|this.limit>r.length)throw"faulty slice operation"},slice_from:function(r){this.slice_check(),this.replace_s(this.bra,this.ket,r)},slice_del:function(){this.slice_from("")},insert:function(r,t,i){var s=this.replace_s(r,t,i);r<=this.bra&&(this.bra+=s),r<=this.ket&&(this.ket+=s)},slice_to:function(){return this.slice_check(),r.substring(this.bra,this.ket)},eq_v_b:function(r){return this.eq_s_b(r.length,r)}}}},r.trimmerSupport={generateTrimmer:function(r){var t=new RegExp("^[^"+r+"]+"),i=new RegExp("[^"+r+"]+$");return function(r){return"function"==typeof r.update?r.update(function(r){return r.replace(t,"").replace(i,"")}):r.replace(t,"").replace(i,"")}}}}});
		`@@ -1 +0,0 @@`
			{"version":3,"sources":["src/templates/assets/stylesheets/palette/_scheme.scss","../../../../src/templates/assets/stylesheets/palette.scss","src/templates/assets/stylesheets/palette/_accent.scss","src/templates/assets/stylesheets/palette/_primary.scss","src/templates/assets/stylesheets/utilities/_break.scss"],"names":[],"mappings":"AA2BA,cAGE,6BAME,sDAAA,CACA,6DAAA,CACA,+DAAA,CACA,gEAAA,CACA,mDAAA,CACA,6DAAA,CACA,+DAAA,CACA,gEAAA,CAGA,mDAAA,CACA,gDAAA,CACA,yDAAA,CACA,4DAAA,CAGA,0BAAA,CACA,mCAAA,CAGA,iCAAA,CACA,kCAAA,CACA,mCAAA,CACA,mCAAA,CACA,kCAAA,CACA,iCAAA,CACA,+CAAA,CACA,6DAAA,CACA,gEAAA,CACA,4DAAA,CACA,4DAAA,CACA,6DAAA,CAGA,6CAAA,CAGA,+CAAA,CAGA,uDAAA,CACA,6DAAA,CACA,2DAAA,CAGA,iCAAA,CAGA,yDAAA,CACA,iEAAA,CAGA,mDAAA,CACA,mDAAA,CAGA,qDAAA,CACA,uDAAA,CAGA,8DAAA,CAKA,8DAAA,CAKA,0DAAA,CAzEA,iBCiBF,CD6DE,kHAEE,YC3DJ,CDkFE,yDACE,4BChFJ,CD+EE,2DACE,4BC7EJ,CD4EE,gEACE,4BC1EJ,CDyEE,2DACE,4BCvEJ,CDsEE,yDACE,4BCpEJ,CDmEE,0DACE,4BCjEJ,CDgEE,gEACE,4BC9DJ,CD6DE,0DACE,4BC3DJ,CD0DE,2OACE,4BC/CJ,CDsDA,+FAGE,iCCpDF,CACF,CCjDE,2BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD6CN,CCvDE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDoDN,CC9DE,8BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD2DN,CCrEE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDkEN,CC5EE,8BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDyEN,CCnFE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDgFN,CC1FE,kCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDuFN,CCjGE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD8FN,CCxGE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDqGN,CC/GE,6BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD4GN,CCtHE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDmHN,CC7HE,4BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCD6HN,CCpIE,8BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCDoIN,CC3IE,6BACE,yBAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCD2IN,CClJE,8BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCDkJN,CCzJE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDsJN,CE3JE,4BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwJN,CEnKE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgKN,CE3KE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwKN,CEnLE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgLN,CE3LE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwLN,CEnME,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgMN,CE3ME,mCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwMN,CEnNE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgNN,CE3NE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwNN,CEnOE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgON,CE3OE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwON,CEnPE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCFmPN,CE3PE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCF2PN,CEnQE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCFmQN,CE3QE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCF2QN,CEnRE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgRN,CE3RE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwRN,CEnSE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCAAA,CAKA,4BF4RN,CE5SE,kCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCAAA,CAKA,4BFqSN,CEtRE,sEACE,4BFyRJ,CE1RE,+DACE,4BF6RJ,CE9RE,iEACE,4BFiSJ,CElSE,gEACE,4BFqSJ,CEtSE,iEACE,4BFySJ,CEhSA,8BACE,mDAAA,CACA,4DAAA,CACA,0DAAA,CACA,oDAAA,CACA,2DAAA,CAGA,4BFiSF,CE9RE,yCACE,+BFgSJ,CE7RI,kDAEE,0CAAA,CACA,sCAAA,CAFA,mCFiSN,CG7MI,mCD1EA,+CACE,8CF0RJ,CEvRI,qDACE,8CFyRN,CEpRE,iEACE,mCFsRJ,CACF,CGxNI,sCDvDA,uCACE,oCFkRJ,CACF,CEzQA,8BACE,kDAAA,CACA,4DAAA,CACA,wDAAA,CACA,oDAAA,CACA,6DAAA,CAGA,4BF0QF,CEvQE,yCACE,+BFyQJ,CEtQI,kDAEE,0CAAA,CACA,sCAAA,CAFA,mCF0QN,CEnQE,yCACE,6CFqQJ,CG9NI,0CDhCA,8CACE,gDFiQJ,CACF,CGnOI,0CDvBA,iFACE,6CF6PJ,CACF,CG3PI,sCDKA,uCACE,6CFyPJ,CACF","file":"palette.css"}