@agent-native/core 0.22.34 → 0.22.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/dist/action.d.ts +10 -0
  2. package/dist/action.d.ts.map +1 -1
  3. package/dist/action.js.map +1 -1
  4. package/dist/client/AgentPanel.d.ts +5 -4
  5. package/dist/client/AgentPanel.d.ts.map +1 -1
  6. package/dist/client/AgentPanel.js.map +1 -1
  7. package/dist/client/MultiTabAssistantChat.d.ts +4 -5
  8. package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
  9. package/dist/client/MultiTabAssistantChat.js.map +1 -1
  10. package/dist/client/index.d.ts +1 -1
  11. package/dist/client/index.d.ts.map +1 -1
  12. package/dist/client/index.js +1 -1
  13. package/dist/client/index.js.map +1 -1
  14. package/dist/client/mcp-app-host.d.ts.map +1 -1
  15. package/dist/client/mcp-app-host.js +9 -5
  16. package/dist/client/mcp-app-host.js.map +1 -1
  17. package/dist/client/sharing/ShareButton.d.ts +7 -0
  18. package/dist/client/sharing/ShareButton.d.ts.map +1 -1
  19. package/dist/client/sharing/ShareButton.js +261 -38
  20. package/dist/client/sharing/ShareButton.js.map +1 -1
  21. package/dist/client/sharing/ShareButton.spec.js +77 -0
  22. package/dist/client/sharing/ShareButton.spec.js.map +1 -1
  23. package/dist/client/use-chat-threads.d.ts.map +1 -1
  24. package/dist/client/use-chat-threads.js +72 -26
  25. package/dist/client/use-chat-threads.js.map +1 -1
  26. package/dist/client/use-chat-threads.spec.js +101 -0
  27. package/dist/client/use-chat-threads.spec.js.map +1 -1
  28. package/dist/index.browser.d.ts +1 -1
  29. package/dist/index.browser.d.ts.map +1 -1
  30. package/dist/index.browser.js +1 -1
  31. package/dist/index.browser.js.map +1 -1
  32. package/dist/index.d.ts +1 -1
  33. package/dist/index.d.ts.map +1 -1
  34. package/dist/index.js +1 -1
  35. package/dist/index.js.map +1 -1
  36. package/dist/mcp/build-server.d.ts +2 -0
  37. package/dist/mcp/build-server.d.ts.map +1 -1
  38. package/dist/mcp/build-server.js +55 -21
  39. package/dist/mcp/build-server.js.map +1 -1
  40. package/dist/mcp/embed-app.d.ts.map +1 -1
  41. package/dist/mcp/embed-app.js +21 -16
  42. package/dist/mcp/embed-app.js.map +1 -1
  43. package/dist/mcp/server.js +3 -3
  44. package/dist/mcp/server.js.map +1 -1
  45. package/dist/org/handlers.d.ts +2 -0
  46. package/dist/org/handlers.d.ts.map +1 -1
  47. package/dist/org/handlers.js +46 -5
  48. package/dist/org/handlers.js.map +1 -1
  49. package/docs/content/actions.md +6 -2
  50. package/docs/content/client.md +2 -1
  51. package/docs/content/external-agents.md +16 -5
  52. package/docs/content/mcp-protocol.md +18 -6
  53. package/package.json +1 -1
package/dist/org/handlers.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"handlers.js","sourceRoot":"","sources":["../../src/org/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,WAAW,GAEZ,MAAM,IAAI,CAAC;AAEZ;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC/C,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,yBAAyB,CAAC;QACrC,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;IACzD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AAED,iGAAiG;AACjG,SAAS,kBAAkB,CAAC,KAAc;IACxC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAClD,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC;QACnC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;QAC7B,IAAI,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACxD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AACD,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAGhE,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,OAAO,SAAS,EAAE,CAAC;AACrB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAkC;IAC1D,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,2FAA2F;AAC3F,MAAM,CAAC,MAAM,eAAe,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IACzE,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IAEvC,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;mCAG0B;QAC/B,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC5C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;KACzC,CAAC,CAAC,CAAC;IAEJ,IAAI,aAAa,GAA8C,EAAE,CAAC;IAClE,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IACtD,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;gBAC5B,GAAG,EAAE;;;;;;;;kBAQK;gBACV,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;aACxC,CAAC,CAAC;YACH,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;gBAC1C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnB,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;aACxB,CAAC,CAAC,CAAC;QACN,CAAC;QAAC,MAAM,CAAC;YACP,kEAAkE;QACpE,CAAC;IACH,CAAC;IAED,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;gBAC5B,GAAG,EAAE,2EAA2E;gBAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;aAClB,CAAC,CAAC;YACH,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClB,aAAa;oBACX,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;gBAC9D,SAAS,GAAG,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;YACtE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC;IAEpE,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,oEAAoE;QACpE,6DAA6D;QAC7D,kEAAkE;QAClE,+DAA+D;QAC/D,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC1D,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;QACxC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;KAC/C,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,IAAI;QACJ,kBAAkB;QAClB,aAAa;QACb,aAAa;QACb,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KAClD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,0DAA0D;AAC1D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9E,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AACzC,CAAC,CAAC,CAAC;AAEH,wDAAwD;AACxD,MAAM,CAAC,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC5E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IAEvC,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,+EAA+E;QACpF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACpC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,SAAS,CAAC;KAC5C,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC,CAAC,CAAC;AAEH,SAAS,mBAAmB,CAAC,KAAc;IACzC,OAAO,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;AAChD,CAAC;AAgBD,KAAK,UAAU,SAAS,CACtB,GAA6D,EAC7D,QAAgB,EAChB,IAAwB,EACxB,KAAc;IAEd,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9C,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kBAAkB,QAAQ,EAAE;SACtC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC;KACzB,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,GAAG,KAAK,sBAAsB;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,oGAAoG;QACzG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC;KACzB,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wCAAwC,KAAK,EAAE;SACzD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4HAA4H;QACjI,IAAI,EAAE,CAAC,EAAE,EAAE,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC;KAC1D,CAAC,CAAC;IAEH,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,IAAI,UAA8B,CAAC;IACnC,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;gBAChD,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,WAAW;gBACnC,SAAS,EAAE,eAAe,CAAC,KAAK,CAAC;gBACjC,OAAO,EAAE,GAAG,CAAC,KAAK;aACnB,CAAC,CAAC;YACH,MAAM,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,UAAU,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACvE,CAAC;AAED,8EAA8E;AAC9E,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sDAAsD;SAChE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IAEnC,sEAAsE;IACtE,+DAA+D;IAC/D,sDAAsD;IACtD,MAAM,YAAY,GAChB,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;QAC1B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC;YAC9B,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE,KAAK,IAAI,EAAE,CAAC;YAC/B,IAAI,EAAE,GAAG,EAAE,IAAI;SAChB,CAAC,CAAC;QACL,CAAC,CAAC,IAAI,CAAC;IAEX,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,SAAS,GAAyB,EAAE,CAAC;QAC3C,MAAM,MAAM,GAA0B,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAE/B,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK;gBAAE,SAAS;YACrB,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS;YAC9B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAEhB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAC5B,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,EAC5D,GAAG,CAAC,KAAK,EACT,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAC7B,KAAK,CACN,CAAC;gBACF,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACzB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAED,OAAO;YACL,SAAS;YACT,MAAM;YACN,KAAK,EAAE,SAAS,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM;SACxC,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,MAAM,IAAI,GAAG,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,SAAS,CAC5B,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,EAC5D,IAAI,EAAE,KAAK,IAAI,EAAE,EACjB,IAAI,EACJ,KAAK,CACN,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC,CACF,CAAC;AAEF,gFAAgF;AAChF,MAAM,CAAC,MAAM,sBAAsB,GAAG,kBAAkB,CACtD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAE3C,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE;;oDAEyC;QAC9C,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACxC,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;QACxB,IAAI,EACD,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAa,KAAK,OAAO;YACjD,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,QAAQ;KACf,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,WAAW,EAAE,CAAC;AACzB,CAAC,CACF,CAAC;AAEF,4EAA4E;AAC5E,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,YAAY,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,2DAA2D;QAC3D,gDAAgD;QAChD,GAAG,EAAE;6EACkE;QACvE,IAAI,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KAC1C,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,UAAU,GAAY,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEtE,MAAM,kBAAkB,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACzC,GAAG,EAAE,4EAA4E;QACjF,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACtC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,qDAAqD;QAC1D,IAAI,EAAE,CAAC,QAAQ,CAAC;KACjB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAE5D,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,CAAC,OAAO,CAAC;YACd,GAAG,EAAE,6DAA6D;YAClE,IAAI,EAAE,CAAC,YAAY,CAAC;SACrB,CAAC,CAAC;QACH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClE,OAAO;YACL,KAAK,EAAE,QAAQ;YACf,OAAO;YACP,IAAI,EAAE,MAAM,CAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAY;SAClE,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,qFAAqF;QAC1F,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC1D,CAAC,CAAC;IAEH,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,6DAA6D;QAClE,IAAI,EAAE,CAAC,YAAY,CAAC;KACrB,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;IAElE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,gEAAgE;IAChE,kEAAkE;IAClE,kEAAkE;IAClE,gEAAgE;IAChE,+DAA+D;IAC/D,mEAAmE;IACnE,uCAAuC;IACvC,MAAM,gBAAgB,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IACnD,IAAI,gBAAgB,KAAK,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACzE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,gEAAgE;IAChE,iEAAiE;IACjE,6DAA6D;IAC7D,8DAA8D;IAC9D,gEAAgE;IAChE,6DAA6D;IAC7D,gEAAgE;IAChE,2DAA2D;IAC3D,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,+DAA+D;QACpE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC,CACF,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,gBAAgB,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAEnD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEzD,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,qEAAqE;IACrE,kCAAkC;IAClC,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,4EAA4E;QACjF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,CAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAY,CAAC;IAErE,IAAI,WAAW,KAAK,OAAO,EAAE,CAAC;QAC5B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,qEAAqE;IACrE,gEAAgE;IAChE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,WAAW,KAAK,OAAO,IAAI,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;QAC1E,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+CAA+C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,sEAAsE;IACtE,iEAAiE;IACjE,qDAAqD;IACrD,IAAI,gBAAgB,KAAK,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACzE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,qDAAqD;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,uEAAuE;QAC5E,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KAC1C,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;AAC3C,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,gDAAgD;QACrD,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC;KACxB,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;AACpC,CAAC,CAAC,CAAC;AAEH,4EAA4E;AAC5E,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IAEH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACtC,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC;QAC5C,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAY;KAClC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,mGAAmG;AACnG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,CAAC;KACd,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IAEtD,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,UAAU,EAAE,CAAC;QACnD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qEAAqE;SACxE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC3C,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;QACzB,IAAI,EAAE,QAAmB;KAC1B,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,+FAA+F;AAC/F,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC;IAExD,IAAI,GAAG,IAAI,CAAC,+CAA+C,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACtE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,GAAG,EAAE,CAAC;QACR,sEAAsE;QACtE,sEAAsE;QACtE,sEAAsE;QACtE,6DAA6D;QAC7D,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EACL,2HAA2H;aAC9H,CAAC,CAAC;QACL,CAAC;QAED,mEAAmE;QACnE,iEAAiE;QACjE,oEAAoE;QACpE,mEAAmE;QACnE,gCAAgC;QAChC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QAC/D,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,iDAAiD,SAAS,IAAI;aACxE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;YAC/B,GAAG,EAAE,kFAAkF;YACvF,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;SACvB,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,+CAA+C;aACzD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,0DAA0D;QAC/D,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;KACvB,CAAC,CAAC;IAEH,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,oGAAoG;AACpG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAE1C,2CAA2C;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACpD,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,wEAAwE;IACxE,8DAA8D;IAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,2DAA2D;QAChE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,cAAc,GAClB,MAAM,CAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE7D,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC;KAC1B,CAAC,CAAC;IAEH,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;AAC/C,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,kBAAkB,CACpD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,kBAAkB,GACtB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QAC5D,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QACxB,CAAC,CAAC,IAAI,CAAC;IAEX,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,2EAA2E;QAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IACvD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE9D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2DAA2D;SACrE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,+GAA+G;SAClH,CAAC,CAAC;IACL,CAAC;IAED,MAAM,UAAU,GAAG,kBAAkB,IAAI,MAAM,CAAC;IAEhD,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;IACxE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAE1D,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;IAEtC,MAAM,OAAO,GAOR,EAAE,CAAC;IAER,MAAM,OAAO,CAAC,GAAG,CACf,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACzB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAEnE,MAAM,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,uCAAuC,CAAC;YACtF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC9B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,KAAK,EAAE;iBACjC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;aAC5C,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC;oBACX,EAAE,EAAE,KAAK,CAAC,EAAE;oBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;oBACd,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,KAAK,EAAE,IAAI,IAAI,GAAG,CAAC,UAAU;iBAC9B,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,GAAG,CAAC,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC;IACrD,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,SAAS;QACT,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,SAAS;QAClC,OAAO;KACR,CAAC;AACJ,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAElC,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5D,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEjD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7D,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,SAAS,KAAK,QAAQ;QACjC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,CAAC,CAAC,EAAE,CAAC;IACT,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,sEAAsE;IACtE,sEAAsE;IACtE,IAAI,aAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACzC,aAAa;YACV,UAAU,CAAC,UAAiC,IAAI,SAAS,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,eAAe;SACzB,CAAC,CAAC;IACL,CAAC;IACD,IACE,CAAC,aAAa;QACd,aAAa,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,WAAW,EAAE,EACvD,CAAC;QACD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,4CAA4C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,kFAAkF;QACvF,IAAI,EAAE,CAAC,SAAS,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE5D,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,qEAAqE;QACrE,8DAA8D;QAC9D,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qGAAqG;SACxG,CAAC,CAAC;IACL,CAAC;IAED,uEAAuE;IACvE,mEAAmE;IACnE,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KAC9B,CAAC,CAAC;IAEH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;AACzC,CAAC,CACF,CAAC","sourcesContent":["import {\n defineEventHandler,\n getRouterParam,\n getRequestURL,\n createError,\n type H3Event,\n} from \"h3\";\n\n/**\n * Extract the :id from invitation-accept paths. The framework request handler\n * strips the mount prefix before calling the handler, so `event.url.pathname`\n * is the relative tail — e.g. `/some-id/accept`. Falls back to matching the\n * full path for contexts that don't strip, and to the h3 router param.\n */\nfunction extractInvitationId(event: H3Event): string | undefined {\n const fromRouter = getRouterParam(event, \"id\");\n if (fromRouter) return fromRouter;\n const path = getRequestURL(event).pathname;\n const match =\n path.match(/^\\/([^\\/]+)\\/accept\\/?$/) ??\n path.match(/\\/org\\/invitations\\/([^\\/]+)\\/accept\\/?$/);\n return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\n\n/** Extract the :email from member-delete and member-role paths. Same prefix-stripping caveat. */\nfunction extractMemberEmail(event: H3Event): string | undefined {\n const fromRouter = getRouterParam(event, \"email\");\n if (fromRouter) return fromRouter;\n const path = getRequestURL(event).pathname;\n const match =\n path.match(/^\\/([^\\/]+)\\/role\\/?$/) ??\n path.match(/^\\/([^\\/]+)\\/?$/) ??\n path.match(/\\/org\\/members\\/([^\\/]+)(?:\\/role)?\\/?$/);\n return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\nconst nanoid = (): string =>\n globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n Math.random().toString(36).slice(2) + Date.now().toString(36);\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { getSession } from \"../server/auth.js\";\nimport { putUserSetting } from \"../settings/user-settings.js\";\nimport { getDbExec } from \"../db/client.js\";\nimport { sendEmail, isEmailConfigured } from \"../server/email.js\";\nimport { renderInviteEmail } from \"../server/email-templates.js\";\nimport { getAppProductionUrl } from \"../server/app-url.js\";\nimport { getOrgContext, createOrganization } from \"./context.js\";\nimport { isFreeEmailProvider } from \"./free-email-providers.js\";\nimport type { OrgRole } from \"./types.js\";\n\nfunction getInviteAppUrl(event: H3Event): string {\n return getAppProductionUrl(event);\n}\n\nfunction escapeHtml(s: string): string {\n return s\n .replace(/&/g, \"&amp;\")\n .replace(/</g, \"&lt;\")\n .replace(/>/g, \"&gt;\")\n .replace(/\"/g, \"&quot;\")\n .replace(/'/g, \"&#39;\");\n}\n\nasync function exec() {\n return getDbExec();\n}\n\nfunction requireAuthEmail(session: { email?: string } | null): string {\n const email = session?.email;\n if (!email) {\n throw createError({ statusCode: 401, message: \"Authentication required\" });\n }\n return email;\n}\n\n/** GET /_agent-native/org/me — current user's active org, all orgs, pending invitations */\nexport const getMyOrgHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n\n const e = await exec();\n const allOrgsRes = await e.execute({\n sql: `SELECT m.org_id AS \"orgId\", m.role AS role, o.name AS \"orgName\"\n FROM org_members m\n INNER JOIN organizations o ON m.org_id = o.id\n WHERE LOWER(m.email) = ?`,\n args: [ctx.email.toLowerCase()],\n });\n const orgs = allOrgsRes.rows.map((r: any) => ({\n orgId: String(r.orgId ?? r.org_id),\n role: String(r.role) as OrgRole,\n orgName: String(r.orgName ?? r.org_name),\n }));\n\n let domainMatches: Array<{ orgId: string; orgName: string }> = [];\n const domain = ctx.email.split(\"@\")[1]?.toLowerCase();\n if (domain) {\n try {\n const dmRes = await e.execute({\n sql: `SELECT o.id, o.name\n FROM organizations o\n WHERE LOWER(o.allowed_domain) = ?\n AND NOT EXISTS (\n SELECT 1\n FROM org_members m\n WHERE m.org_id = o.id\n AND LOWER(m.email) = ?\n )`,\n args: [domain, ctx.email.toLowerCase()],\n });\n domainMatches = dmRes.rows.map((r: any) => ({\n orgId: String(r.id),\n orgName: String(r.name),\n }));\n } catch {\n // allowed_domain column may not exist yet if migration hasn't run\n }\n }\n\n let allowedDomain: string | null = null;\n let a2aSecret: string | null = null;\n if (ctx.orgId) {\n try {\n const adRes = await e.execute({\n sql: `SELECT allowed_domain, a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n if (adRes.rows[0]) {\n allowedDomain =\n String((adRes.rows[0] as any).allowed_domain ?? \"\") || null;\n a2aSecret = String((adRes.rows[0] as any).a2a_secret ?? \"\") || null;\n }\n } catch {\n // Column may not exist yet\n }\n }\n\n const isOwnerOrAdmin = ctx.role === \"owner\" || ctx.role === \"admin\";\n\n const invitesRes = await e.execute({\n // Case-insensitive match: invitations are stored with whatever case\n // the inviter typed, but the session email may be normalized\n // differently by the auth provider. LOWER(both sides) keeps these\n // discoverable and matches getOrgContext.hasPendingInvitation.\n sql: `SELECT i.id AS id, i.org_id AS \"orgId\", o.name AS \"orgName\", i.invited_by AS \"invitedBy\"\n FROM org_invitations i\n INNER JOIN organizations o ON i.org_id = o.id\n WHERE LOWER(i.email) = ? AND i.status = 'pending'`,\n args: [ctx.email.toLowerCase()],\n });\n const pendingInvitations = invitesRes.rows.map((r: any) => ({\n id: String(r.id),\n orgId: String(r.orgId ?? r.org_id),\n orgName: String(r.orgName ?? r.org_name),\n invitedBy: String(r.invitedBy ?? r.invited_by),\n }));\n\n return {\n email: ctx.email,\n orgId: ctx.orgId,\n orgName: ctx.orgName,\n role: ctx.role,\n orgs,\n pendingInvitations,\n domainMatches,\n allowedDomain,\n a2aSecret: isOwnerOrAdmin ? a2aSecret : undefined,\n };\n});\n\n/** POST /_agent-native/org — create a new organization */\nexport const createOrgHandler = defineEventHandler(async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const name = body?.name?.trim();\n if (!name) {\n throw createError({\n statusCode: 400,\n message: \"Organization name is required\",\n });\n }\n\n const { id, name: createdName, role } = await createOrganization(name, email);\n return { id, name: createdName, role };\n});\n\n/** GET /_agent-native/org/members — list org members */\nexport const listMembersHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) return { members: [] };\n\n const e = await exec();\n const { rows } = await e.execute({\n sql: `SELECT email, role, joined_at AS \"joinedAt\" FROM org_members WHERE org_id = ?`,\n args: [ctx.orgId],\n });\n const members = rows.map((r: any) => ({\n email: String(r.email),\n role: String(r.role) as OrgRole,\n joinedAt: Number(r.joinedAt ?? r.joined_at),\n }));\n return { members };\n});\n\nfunction normalizeInviteRole(input: unknown): \"member\" | \"admin\" {\n return input === \"admin\" ? \"admin\" : \"member\";\n}\n\ninterface SingleInviteResult {\n id: string;\n email: string;\n role: \"member\" | \"admin\";\n status: \"pending\";\n emailSent: boolean;\n emailError?: string;\n}\n\ninterface SingleInviteFailure {\n email: string;\n error: string;\n}\n\nasync function inviteOne(\n ctx: { orgId: string; orgName: string | null; email: string },\n rawEmail: string,\n role: \"member\" | \"admin\",\n event: H3Event,\n): Promise<SingleInviteResult> {\n const email = rawEmail.trim().toLowerCase();\n if (!email) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n if (!/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/.test(email)) {\n throw createError({\n statusCode: 400,\n message: `Invalid email: ${rawEmail}`,\n });\n }\n\n const e = await exec();\n\n const existingMember = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [ctx.orgId, email],\n });\n if (existingMember.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: `${email} is already a member`,\n });\n }\n\n const existingInvite = await e.execute({\n sql: `SELECT 1 FROM org_invitations WHERE org_id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n args: [ctx.orgId, email],\n });\n if (existingInvite.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: `An invitation is already pending for ${email}`,\n });\n }\n\n const id = nanoid();\n await e.execute({\n sql: `INSERT INTO org_invitations (id, org_id, email, invited_by, created_at, status, role) VALUES (?, ?, ?, ?, ?, 'pending', ?)`,\n args: [id, ctx.orgId, email, ctx.email, Date.now(), role],\n });\n\n let emailSent = false;\n let emailError: string | undefined;\n if (isEmailConfigured()) {\n try {\n const { subject, html, text } = renderInviteEmail({\n invitee: email,\n orgName: ctx.orgName || \"your team\",\n acceptUrl: getInviteAppUrl(event),\n inviter: ctx.email,\n });\n await sendEmail({ to: email, subject, html, text });\n emailSent = true;\n } catch (err) {\n emailError = err instanceof Error ? err.message : String(err);\n console.error(\"[org/invitations] failed to send invite email\", err);\n }\n }\n\n return { id, email, role, status: \"pending\", emailSent, emailError };\n}\n\n/** POST /_agent-native/org/invitations — invite one or many users by email */\nexport const createInvitationHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"You must belong to an organization to invite members\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can invite members\",\n });\n }\n\n const body = await readBody(event);\n\n // Bulk shape: { invites: [{ email, role }, ...] } — preferred for any\n // multi-recipient flow (paste-many, CSV upload). Single shape:\n // { email, role } — kept for backwards compatibility.\n const invitesInput: Array<{ email: string; role?: string }> | null =\n Array.isArray(body?.invites)\n ? body.invites.map((inv: any) => ({\n email: String(inv?.email ?? \"\"),\n role: inv?.role,\n }))\n : null;\n\n if (invitesInput) {\n const succeeded: SingleInviteResult[] = [];\n const failed: SingleInviteFailure[] = [];\n const seen = new Set<string>();\n\n for (const inv of invitesInput) {\n const lower = inv.email.trim().toLowerCase();\n if (!lower) continue;\n if (seen.has(lower)) continue;\n seen.add(lower);\n\n try {\n const result = await inviteOne(\n { orgId: ctx.orgId, orgName: ctx.orgName, email: ctx.email },\n inv.email,\n normalizeInviteRole(inv.role),\n event,\n );\n succeeded.push(result);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n failed.push({ email: lower, error: message });\n }\n }\n\n return {\n succeeded,\n failed,\n total: succeeded.length + failed.length,\n };\n }\n\n // Single-invite shape.\n const role = normalizeInviteRole(body?.role);\n const result = await inviteOne(\n { orgId: ctx.orgId, orgName: ctx.orgName, email: ctx.email },\n body?.email ?? \"\",\n role,\n event,\n );\n return result;\n },\n);\n\n/** GET /_agent-native/org/invitations — list pending invitations for the org */\nexport const listInvitationsHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) return { invitations: [] };\n\n const e = await exec();\n const { rows } = await e.execute({\n sql: `SELECT id, email, invited_by AS \"invitedBy\", created_at AS \"createdAt\", status, role\n FROM org_invitations\n WHERE org_id = ? AND status = 'pending'`,\n args: [ctx.orgId],\n });\n const invitations = rows.map((r: any) => ({\n id: String(r.id),\n email: String(r.email),\n invitedBy: String(r.invitedBy ?? r.invited_by),\n createdAt: Number(r.createdAt ?? r.created_at),\n status: String(r.status),\n role:\n (String(r.role ?? \"member\") as OrgRole) === \"admin\"\n ? \"admin\"\n : \"member\",\n }));\n return { invitations };\n },\n);\n\n/** POST /_agent-native/org/invitations/:id/accept — accept an invitation */\nexport const acceptInvitationHandler = defineEventHandler(\n async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const invitationId = extractInvitationId(event);\n if (!invitationId) {\n throw createError({\n statusCode: 400,\n message: \"Invitation ID required\",\n });\n }\n\n const e = await exec();\n\n const invRes = await e.execute({\n // Case-insensitive on email — see comment on the analogous\n // pending-invitations query in getMyOrgHandler.\n sql: `SELECT id, org_id AS \"orgId\", role FROM org_invitations\n WHERE id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n args: [invitationId, email.toLowerCase()],\n });\n if (invRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"Invitation not found or already used\",\n });\n }\n const inv = invRes.rows[0] as any;\n const invOrgId = String(inv.orgId ?? inv.org_id);\n const inviteRole: OrgRole = inv.role === \"admin\" ? \"admin\" : \"member\";\n\n const existingMembership = await e.execute({\n sql: `SELECT role FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [invOrgId, email.toLowerCase()],\n });\n\n const orgRes = await e.execute({\n sql: `SELECT name FROM organizations WHERE id = ? LIMIT 1`,\n args: [invOrgId],\n });\n const orgName = String((orgRes.rows[0] as any)?.name ?? \"\");\n\n if (existingMembership.rows.length > 0) {\n await e.execute({\n sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n args: [invitationId],\n });\n await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n return {\n orgId: invOrgId,\n orgName,\n role: String((existingMembership.rows[0] as any).role) as OrgRole,\n };\n }\n\n await e.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, ?, ?)`,\n args: [nanoid(), invOrgId, email, inviteRole, Date.now()],\n });\n\n await e.execute({\n sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n args: [invitationId],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n\n return { orgId: invOrgId, orgName, role: inviteRole };\n },\n);\n\n/** DELETE /_agent-native/org/members/:email — remove a member (owner/admin only) */\nexport const removeMemberHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can remove members\",\n });\n }\n\n const memberEmail = extractMemberEmail(event);\n if (!memberEmail) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n\n // memberEmail comes from the URL path verbatim; org_members may\n // hold the row with any case. LOWER both sides for the lookup AND\n // the DELETE so removal works regardless of how either side cased\n // it. The self-removal guard ALSO compares case-insensitively —\n // otherwise an owner whose email was stored as Alice@... could\n // remove themselves via the lowercase URL alice@..., bypassing the\n // guard and leaving the org ownerless.\n const memberEmailLower = memberEmail.toLowerCase();\n if (memberEmailLower === ctx.email.toLowerCase() && ctx.role === \"owner\") {\n throw createError({\n statusCode: 400,\n message: \"Organization owner cannot remove themselves\",\n });\n }\n const e = await exec();\n // Look specifically for an OWNER row matching this email rather\n // than just \"any matching row\". Duplicate-case rows are possible\n // (e.g. legacy data with both \"Alice@...\" and \"alice@...\" in\n // org_members), and the prior `SELECT role ... LIMIT 1` could\n // return the non-owner duplicate, pass the role check, and then\n // the case-insensitive DELETE below would remove BOTH rows —\n // including the owner — leaving the org ownerless. Querying for\n // the owner row directly closes that case-mismatch attack.\n const ownerCheck = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? AND role = 'owner' LIMIT 1`,\n args: [ctx.orgId, memberEmailLower],\n });\n if (ownerCheck.rows.length > 0) {\n throw createError({\n statusCode: 403,\n message: \"Cannot remove the organization owner\",\n });\n }\n\n await e.execute({\n sql: `DELETE FROM org_members WHERE org_id = ? AND LOWER(email) = ?`,\n args: [ctx.orgId, memberEmailLower],\n });\n\n return { success: true };\n },\n);\n\n/**\n * PUT /_agent-native/org/members/:email/role — change a member's role\n * (owner/admin only). Body: { role: \"admin\" | \"member\" }.\n *\n * Only owners can promote/demote admins. (Admins can manage members but\n * not other admins — otherwise an admin could escalate themselves to\n * owner-equivalent control by promoting a confederate.)\n */\nexport const changeMemberRoleHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can change member roles\",\n });\n }\n\n const memberEmail = extractMemberEmail(event);\n if (!memberEmail) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n const memberEmailLower = memberEmail.toLowerCase();\n\n const body = await readBody(event);\n const role = body?.role === \"admin\" ? \"admin\" : \"member\";\n\n const e = await exec();\n\n // Look up the target member's current role to enforce sensible rules\n // about what changes are allowed.\n const current = await e.execute({\n sql: `SELECT role FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [ctx.orgId, memberEmailLower],\n });\n if (current.rows.length === 0) {\n throw createError({ statusCode: 404, message: \"Member not found\" });\n }\n const currentRole = String((current.rows[0] as any).role) as OrgRole;\n\n if (currentRole === \"owner\") {\n throw createError({\n statusCode: 400,\n message: \"Cannot change the organization owner's role\",\n });\n }\n\n // Admins are scoped to managing members. If they could promote\n // members to admin, they could grant near-owner powers without owner\n // approval. Restrict admin/admin role transitions to the owner.\n if (ctx.role === \"admin\" && (currentRole === \"admin\" || role === \"admin\")) {\n throw createError({\n statusCode: 403,\n message: \"Only the organization owner can manage admins\",\n });\n }\n\n // Self-demotion guard: prevent the only admin from removing their own\n // ability to manage things, and prevent the owner-self edge case\n // (already filtered above by the currentRole check).\n if (memberEmailLower === ctx.email.toLowerCase() && ctx.role === \"admin\") {\n throw createError({\n statusCode: 400,\n message: \"Use the owner account to change your own admin role\",\n });\n }\n\n await e.execute({\n sql: `UPDATE org_members SET role = ? WHERE org_id = ? AND LOWER(email) = ?`,\n args: [role, ctx.orgId, memberEmailLower],\n });\n\n return { email: memberEmailLower, role };\n },\n);\n\n/** PATCH /_agent-native/org — rename the current organization (owner/admin only) */\nexport const updateOrgHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can update the organization\",\n });\n }\n\n const body = await readBody(event);\n const name = body?.name?.trim();\n if (!name) {\n throw createError({\n statusCode: 400,\n message: \"Organization name is required\",\n });\n }\n\n const e = await exec();\n await e.execute({\n sql: `UPDATE organizations SET name = ? WHERE id = ?`,\n args: [name, ctx.orgId],\n });\n\n return { orgId: ctx.orgId, name };\n});\n\n/** PUT /_agent-native/org/switch — switch the user's active organization */\nexport const switchOrgHandler = defineEventHandler(async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const orgId = body?.orgId;\n\n if (!orgId) {\n await putUserSetting(email, \"active-org-id\", { orgId: null });\n return { orgId: null, orgName: null, role: null };\n }\n\n const e = await exec();\n const membership = await e.execute({\n sql: `SELECT m.role AS role, o.name AS \"orgName\"\n FROM org_members m\n INNER JOIN organizations o ON m.org_id = o.id\n WHERE m.org_id = ? AND LOWER(m.email) = ? LIMIT 1`,\n args: [orgId, email.toLowerCase()],\n });\n\n if (membership.rows.length === 0) {\n throw createError({\n statusCode: 403,\n message: \"You are not a member of that organization\",\n });\n }\n\n await putUserSetting(email, \"active-org-id\", { orgId });\n\n const row = membership.rows[0] as any;\n return {\n orgId,\n orgName: String(row.orgName ?? row.org_name),\n role: String(row.role) as OrgRole,\n };\n});\n\n/** POST /_agent-native/org/join-by-domain — join an org whose allowed_domain matches your email */\nexport const joinByDomainHandler = defineEventHandler(\n async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const orgId = body?.orgId;\n if (!orgId) {\n throw createError({ statusCode: 400, message: \"orgId is required\" });\n }\n\n const e = await exec();\n\n const orgRes = await e.execute({\n sql: `SELECT id, name, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n args: [orgId],\n });\n if (orgRes.rows.length === 0) {\n throw createError({ statusCode: 404, message: \"Organization not found\" });\n }\n const org = orgRes.rows[0] as any;\n const allowedDomain = String(org.allowed_domain || \"\").toLowerCase();\n const userDomain = email.split(\"@\")[1]?.toLowerCase();\n\n if (!allowedDomain || allowedDomain !== userDomain) {\n throw createError({\n statusCode: 403,\n message:\n \"Your email domain does not match this organization's allowed domain\",\n });\n }\n\n const existing = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [orgId, email.toLowerCase()],\n });\n if (existing.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: \"Already a member of this organization\",\n });\n }\n\n await e.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n args: [nanoid(), orgId, email, Date.now()],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId });\n\n return {\n orgId,\n orgName: String(org.name),\n role: \"member\" as OrgRole,\n };\n },\n);\n\n/** PUT /_agent-native/org/domain — set or clear the allowed email domain (owner/admin only) */\nexport const setDomainHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No active organization\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can set the allowed domain\",\n });\n }\n\n const body = await readBody(event);\n const raw = body?.domain?.trim()?.toLowerCase() || null;\n\n if (raw && !/^([a-z0-9]([a-z0-9-]*[a-z0-9])?\\.)+[a-z]{2,}$/.test(raw)) {\n throw createError({\n statusCode: 400,\n message: \"Invalid domain format\",\n });\n }\n\n if (raw) {\n // Auto-join is \"anyone with this domain joins automatically\". That is\n // safe for company domains (the company controls who gets an address)\n // and catastrophic for shared mailbox providers — anyone in the world\n // could create a matching mailbox and silently join the org.\n if (isFreeEmailProvider(raw)) {\n throw createError({\n statusCode: 400,\n message:\n \"Free email providers (gmail.com, outlook.com, etc.) cannot be used as an auto-join domain. Use your company's own domain.\",\n });\n }\n\n // Restrict to the admin's own email domain. Without this, an admin\n // could set `allowed_domain` to a domain they don't control, and\n // anyone signing up under that domain would join the org. Even with\n // the free-provider blocklist above, that would still let an admin\n // hijack a competitor's domain.\n const ownDomain = ctx.email.split(\"@\")[1]?.toLowerCase() ?? \"\";\n if (raw !== ownDomain) {\n throw createError({\n statusCode: 400,\n message: `You can only auto-join your own email domain (${ownDomain}).`,\n });\n }\n }\n\n const e = await exec();\n\n if (raw) {\n const existing = await e.execute({\n sql: `SELECT id FROM organizations WHERE LOWER(allowed_domain) = ? AND id != ? LIMIT 1`,\n args: [raw, ctx.orgId],\n });\n if (existing.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: \"Another organization already uses this domain\",\n });\n }\n }\n\n await e.execute({\n sql: `UPDATE organizations SET allowed_domain = ? WHERE id = ?`,\n args: [raw, ctx.orgId],\n });\n\n return { domain: raw };\n});\n\n/** PUT /_agent-native/org/a2a-secret — regenerate or set the org's A2A secret (owner/admin only) */\nexport const setA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"No active organization\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can manage the A2A secret\",\n });\n }\n\n const body = await readBody(event);\n let secret = body?.secret?.trim() || null;\n\n // If no secret provided, auto-generate one\n if (!secret) {\n const { randomBytes } = await import(\"node:crypto\");\n secret = randomBytes(32).toString(\"base64url\");\n }\n\n const e = await exec();\n // Read the previous secret BEFORE overwriting so the client can chain a\n // sync call that signs JWTs with the secret peers still hold.\n const prevRes = await e.execute({\n sql: `SELECT a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n const previousSecret =\n String((prevRes.rows[0] as any)?.a2a_secret ?? \"\") || null;\n\n await e.execute({\n sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n args: [secret, ctx.orgId],\n });\n\n return { a2aSecret: secret, previousSecret };\n },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/sync — push the org's A2A secret to all\n * connected apps so cross-app delegation works without manual copy/paste.\n *\n * Auth: standard session — owner/admin only.\n *\n * For each discovered agent, signs a JWT with the org's CURRENT a2a_secret\n * and POSTs to `<app>/_agent-native/org/a2a-secret/receive` with the same\n * secret + the org's domain. The receiving app verifies the JWT using its\n * own copy of the secret (peers must already share a secret to be trusted)\n * — for the first-ever sync this means at least one peer must already hold\n * the secret, which is the bootstrap. For ongoing rotation, regenerate\n * locally and call sync immediately; sync signs with the secret that's\n * currently in DB, which the peers still have.\n *\n * Body (optional): { signSecret?: string } — sign the outbound JWTs with\n * this secret instead of the org's current secret. Used by the regenerate-\n * then-sync flow: regenerate stores the NEW secret, but sync needs to\n * authenticate using the OLD one that peers still hold. Owner/admin only,\n * gated by the session.\n */\nexport const syncA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"No active organization\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can sync the A2A secret\",\n });\n }\n\n const body = await readBody(event).catch(() => null);\n const overrideSignSecret =\n typeof body?.signSecret === \"string\" && body.signSecret.trim()\n ? body.signSecret.trim()\n : null;\n\n const e = await exec();\n const orgRes = await e.execute({\n sql: `SELECT a2a_secret, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n if (orgRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"Organization not found\",\n });\n }\n const orgRow = orgRes.rows[0] as any;\n const secret = String(orgRow.a2a_secret ?? \"\") || null;\n const orgDomain = String(orgRow.allowed_domain ?? \"\") || null;\n\n if (!secret) {\n throw createError({\n statusCode: 400,\n message: \"Org has no A2A secret. Generate one first before syncing.\",\n });\n }\n if (!orgDomain) {\n throw createError({\n statusCode: 400,\n message:\n \"Org has no allowed domain set. Set the email domain first so connected apps can identify which org to update.\",\n });\n }\n\n const signSecret = overrideSignSecret || secret;\n\n const { discoverAgents } = await import(\"../server/agent-discovery.js\");\n const { signA2AToken } = await import(\"../a2a/client.js\");\n\n const agents = await discoverAgents();\n\n const results: Array<{\n id: string;\n name: string;\n url: string;\n ok: boolean;\n status?: number;\n error?: string;\n }> = [];\n\n await Promise.all(\n agents.map(async (agent) => {\n try {\n const token = await signA2AToken(ctx.email, orgDomain, signSecret);\n\n const target = `${agent.url.replace(/\\/$/, \"\")}/_agent-native/org/a2a-secret/receive`;\n const res = await fetch(target, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({ secret, orgDomain }),\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: false,\n status: res.status,\n error: text || res.statusText,\n });\n return;\n }\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: true,\n status: res.status,\n });\n } catch (err) {\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: false,\n error: err instanceof Error ? err.message : String(err),\n });\n }\n }),\n );\n\n const succeeded = results.filter((r) => r.ok).length;\n return {\n total: results.length,\n succeeded,\n failed: results.length - succeeded,\n results,\n };\n },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/receive — accept a secret push from a\n * connected agent-native app. Auth-exempt at the route guard; we verify a\n * JWT signed by the calling app using OUR copy of the org's a2a_secret. If\n * verification succeeds the calling app is a trusted peer and we overwrite\n * our local org's secret with the supplied value.\n *\n * Body: { secret: string, orgDomain: string }\n *\n * Header: Authorization: Bearer <JWT signed with the existing shared\n * a2a_secret, with `org_domain` matching the body's orgDomain>.\n */\nexport const receiveA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const { getRequestHeader } = await import(\"h3\");\n const jose = await import(\"jose\");\n\n const authHeader = getRequestHeader(event, \"authorization\");\n if (!authHeader || !authHeader.startsWith(\"Bearer \")) {\n throw createError({\n statusCode: 401,\n message: \"Bearer token required\",\n });\n }\n const token = authHeader.slice(\"Bearer \".length);\n\n const body = await readBody(event);\n const newSecret =\n typeof body?.secret === \"string\" ? body.secret.trim() : \"\";\n const orgDomain =\n typeof body?.orgDomain === \"string\"\n ? body.orgDomain.trim().toLowerCase()\n : \"\";\n if (!newSecret || !orgDomain) {\n throw createError({\n statusCode: 400,\n message: \"secret and orgDomain are required\",\n });\n }\n\n // Peek at JWT (unverified) to confirm it claims the same domain we're\n // updating. Verification still happens below with the trusted secret.\n let claimedDomain: string | undefined;\n try {\n const unverified = jose.decodeJwt(token);\n claimedDomain =\n (unverified.org_domain as string | undefined) || undefined;\n } catch {\n throw createError({\n statusCode: 401,\n message: \"Malformed JWT\",\n });\n }\n if (\n !claimedDomain ||\n claimedDomain.toLowerCase() !== orgDomain.toLowerCase()\n ) {\n throw createError({\n statusCode: 401,\n message: \"JWT org_domain does not match request body\",\n });\n }\n\n // Look up our local org by the domain and grab the existing secret.\n const e = await exec();\n const orgRes = await e.execute({\n sql: `SELECT id, a2a_secret FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n args: [orgDomain],\n });\n if (orgRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"No local org matches that domain\",\n });\n }\n const row = orgRes.rows[0] as any;\n const localOrgId = String(row.id);\n const existingSecret = String(row.a2a_secret ?? \"\") || null;\n\n if (!existingSecret) {\n // Bootstrap requires an existing shared secret to verify the caller.\n // If we have nothing on file, we can't verify trust — refuse.\n throw createError({\n statusCode: 401,\n message:\n \"Local org has no A2A secret yet — cannot verify caller. Set the secret manually for the first time.\",\n });\n }\n\n // Verify the JWT using OUR existing secret. If the caller is a trusted\n // peer they signed with the same secret and verification succeeds.\n try {\n await jose.jwtVerify(token, new TextEncoder().encode(existingSecret));\n } catch {\n throw createError({\n statusCode: 401,\n message: \"Invalid or expired JWT signature\",\n });\n }\n\n // Trusted — apply the new secret.\n await e.execute({\n sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n args: [newSecret, localOrgId],\n });\n\n return { ok: true, orgId: localOrgId };\n },\n);\n"]}
1
+ {"version":3,"file":"handlers.js","sourceRoot":"","sources":["../../src/org/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,WAAW,GAEZ,MAAM,IAAI,CAAC;AAEZ;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC/C,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,yBAAyB,CAAC;QACrC,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;IACzD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AAED,iGAAiG;AACjG,SAAS,kBAAkB,CAAC,KAAc;IACxC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAClD,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC;QACnC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;QAC7B,IAAI,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACxD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AACD,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAGhE,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,OAAO,SAAS,EAAE,CAAC;AACrB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAkC;IAC1D,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,2FAA2F;AAC3F,MAAM,CAAC,MAAM,eAAe,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IACzE,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IAEvC,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;mCAG0B;QAC/B,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC5C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;KACzC,CAAC,CAAC,CAAC;IAEJ,IAAI,aAAa,GAA8C,EAAE,CAAC;IAClE,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IACtD,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;gBAC5B,GAAG,EAAE;;;;;;;;kBAQK;gBACV,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;aACxC,CAAC,CAAC;YACH,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;gBAC1C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnB,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;aACxB,CAAC,CAAC,CAAC;QACN,CAAC;QAAC,MAAM,CAAC;YACP,kEAAkE;QACpE,CAAC;IACH,CAAC;IAED,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;gBAC5B,GAAG,EAAE,2EAA2E;gBAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;aAClB,CAAC,CAAC;YACH,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClB,aAAa;oBACX,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;gBAC9D,SAAS,GAAG,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;YACtE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC;IAEpE,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,oEAAoE;QACpE,6DAA6D;QAC7D,kEAAkE;QAClE,+DAA+D;QAC/D,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC1D,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;QACxC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;KAC/C,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,IAAI;QACJ,kBAAkB;QAClB,aAAa;QACb,aAAa;QACb,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KAClD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,0DAA0D;AAC1D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9E,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AACzC,CAAC,CAAC,CAAC;AAEH,wDAAwD;AACxD,MAAM,CAAC,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC5E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IAEzE,MAAM,GAAG,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,CACb,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC9B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;QACzB,EAAE,CACH;SACE,IAAI,EAAE;SACN,WAAW,EAAE,CAAC;IACjB,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,IAAI,SAAS,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,cAAc;QAC1B,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC;QACzD,CAAC,CAAC,IAAI,CAAC;IACT,MAAM,MAAM,GAAG,cAAc;QAC3B,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC;QAC7D,CAAC,CAAC,CAAC,CAAC;IAEN,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,IAAI,GAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,IAAI,GAAG,GAAG,+EAA+E,CAAC;IAC1F,IAAI,MAAM,EAAE,CAAC;QACX,GAAG,IAAI,sCAAsC,CAAC;QAC9C,IAAI,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IACD,GAAG,IAAI,4BAA4B,CAAC;IACpC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,GAAG,IAAI,mBAAmB,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG;QACH,IAAI;KACL,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9D,MAAM,OAAO,GAAG,KAAK,KAAK,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,SAAS,CAAC;KAC5C,CAAC,CAAC,CAAC;IACJ,OAAO;QACL,OAAO;QACP,OAAO;QACP,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;KACrD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,YAAY,CACnB,KAAoB,EACpB,QAAgB,EAChB,GAAW,EACX,GAAW;IAEX,MAAM,KAAK,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACrE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC7C,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,OAAO,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;AAChD,CAAC;AAgBD,KAAK,UAAU,SAAS,CACtB,GAA6D,EAC7D,QAAgB,EAChB,IAAwB,EACxB,KAAc;IAEd,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9C,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kBAAkB,QAAQ,EAAE;SACtC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC;KACzB,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,GAAG,KAAK,sBAAsB;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,oGAAoG;QACzG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC;KACzB,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wCAAwC,KAAK,EAAE;SACzD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4HAA4H;QACjI,IAAI,EAAE,CAAC,EAAE,EAAE,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC;KAC1D,CAAC,CAAC;IAEH,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,IAAI,UAA8B,CAAC;IACnC,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;gBAChD,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,WAAW;gBACnC,SAAS,EAAE,eAAe,CAAC,KAAK,CAAC;gBACjC,OAAO,EAAE,GAAG,CAAC,KAAK;aACnB,CAAC,CAAC;YACH,MAAM,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,UAAU,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACvE,CAAC;AAED,8EAA8E;AAC9E,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sDAAsD;SAChE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IAEnC,sEAAsE;IACtE,+DAA+D;IAC/D,sDAAsD;IACtD,MAAM,YAAY,GAChB,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;QAC1B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC;YAC9B,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE,KAAK,IAAI,EAAE,CAAC;YAC/B,IAAI,EAAE,GAAG,EAAE,IAAI;SAChB,CAAC,CAAC;QACL,CAAC,CAAC,IAAI,CAAC;IAEX,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,SAAS,GAAyB,EAAE,CAAC;QAC3C,MAAM,MAAM,GAA0B,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAE/B,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK;gBAAE,SAAS;YACrB,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS;YAC9B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAEhB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAC5B,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,EAC5D,GAAG,CAAC,KAAK,EACT,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAC7B,KAAK,CACN,CAAC;gBACF,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACzB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAED,OAAO;YACL,SAAS;YACT,MAAM;YACN,KAAK,EAAE,SAAS,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM;SACxC,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,MAAM,IAAI,GAAG,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,SAAS,CAC5B,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,EAC5D,IAAI,EAAE,KAAK,IAAI,EAAE,EACjB,IAAI,EACJ,KAAK,CACN,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC,CACF,CAAC;AAEF,gFAAgF;AAChF,MAAM,CAAC,MAAM,sBAAsB,GAAG,kBAAkB,CACtD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAE3C,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE;;oDAEyC;QAC9C,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACxC,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;QACxB,IAAI,EACD,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAa,KAAK,OAAO;YACjD,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,QAAQ;KACf,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,WAAW,EAAE,CAAC;AACzB,CAAC,CACF,CAAC;AAEF,4EAA4E;AAC5E,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,YAAY,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,2DAA2D;QAC3D,gDAAgD;QAChD,GAAG,EAAE;6EACkE;QACvE,IAAI,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KAC1C,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,UAAU,GAAY,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEtE,MAAM,kBAAkB,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACzC,GAAG,EAAE,4EAA4E;QACjF,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACtC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,qDAAqD;QAC1D,IAAI,EAAE,CAAC,QAAQ,CAAC;KACjB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAE5D,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,CAAC,OAAO,CAAC;YACd,GAAG,EAAE,6DAA6D;YAClE,IAAI,EAAE,CAAC,YAAY,CAAC;SACrB,CAAC,CAAC;QACH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClE,OAAO;YACL,KAAK,EAAE,QAAQ;YACf,OAAO;YACP,IAAI,EAAE,MAAM,CAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAY;SAClE,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,qFAAqF;QAC1F,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC1D,CAAC,CAAC;IAEH,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,6DAA6D;QAClE,IAAI,EAAE,CAAC,YAAY,CAAC;KACrB,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;IAElE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,gEAAgE;IAChE,kEAAkE;IAClE,kEAAkE;IAClE,gEAAgE;IAChE,+DAA+D;IAC/D,mEAAmE;IACnE,uCAAuC;IACvC,MAAM,gBAAgB,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IACnD,IAAI,gBAAgB,KAAK,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACzE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,gEAAgE;IAChE,iEAAiE;IACjE,6DAA6D;IAC7D,8DAA8D;IAC9D,gEAAgE;IAChE,6DAA6D;IAC7D,gEAAgE;IAChE,2DAA2D;IAC3D,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,+DAA+D;QACpE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC,CACF,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,gBAAgB,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAEnD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEzD,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,qEAAqE;IACrE,kCAAkC;IAClC,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,4EAA4E;QACjF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,CAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAY,CAAC;IAErE,IAAI,WAAW,KAAK,OAAO,EAAE,CAAC;QAC5B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,qEAAqE;IACrE,gEAAgE;IAChE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,WAAW,KAAK,OAAO,IAAI,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;QAC1E,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+CAA+C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,sEAAsE;IACtE,iEAAiE;IACjE,qDAAqD;IACrD,IAAI,gBAAgB,KAAK,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACzE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,qDAAqD;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,uEAAuE;QAC5E,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KAC1C,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;AAC3C,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,gDAAgD;QACrD,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC;KACxB,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;AACpC,CAAC,CAAC,CAAC;AAEH,4EAA4E;AAC5E,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IAEH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACtC,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC;QAC5C,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAY;KAClC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,mGAAmG;AACnG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,CAAC;KACd,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IAEtD,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,UAAU,EAAE,CAAC;QACnD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qEAAqE;SACxE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC3C,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;QACzB,IAAI,EAAE,QAAmB;KAC1B,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,+FAA+F;AAC/F,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC;IAExD,IAAI,GAAG,IAAI,CAAC,+CAA+C,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACtE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,GAAG,EAAE,CAAC;QACR,sEAAsE;QACtE,sEAAsE;QACtE,sEAAsE;QACtE,6DAA6D;QAC7D,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EACL,2HAA2H;aAC9H,CAAC,CAAC;QACL,CAAC;QAED,mEAAmE;QACnE,iEAAiE;QACjE,oEAAoE;QACpE,mEAAmE;QACnE,gCAAgC;QAChC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QAC/D,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,iDAAiD,SAAS,IAAI;aACxE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;YAC/B,GAAG,EAAE,kFAAkF;YACvF,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;SACvB,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,+CAA+C;aACzD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,0DAA0D;QAC/D,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;KACvB,CAAC,CAAC;IAEH,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,oGAAoG;AACpG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAE1C,2CAA2C;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACpD,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,wEAAwE;IACxE,8DAA8D;IAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,2DAA2D;QAChE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,cAAc,GAClB,MAAM,CAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE7D,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC;KAC1B,CAAC,CAAC;IAEH,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;AAC/C,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,kBAAkB,CACpD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,kBAAkB,GACtB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QAC5D,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QACxB,CAAC,CAAC,IAAI,CAAC;IAEX,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,2EAA2E;QAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IACvD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE9D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2DAA2D;SACrE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,+GAA+G;SAClH,CAAC,CAAC;IACL,CAAC;IAED,MAAM,UAAU,GAAG,kBAAkB,IAAI,MAAM,CAAC;IAEhD,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;IACxE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAE1D,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;IAEtC,MAAM,OAAO,GAOR,EAAE,CAAC;IAER,MAAM,OAAO,CAAC,GAAG,CACf,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACzB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAEnE,MAAM,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,uCAAuC,CAAC;YACtF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC9B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,KAAK,EAAE;iBACjC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;aAC5C,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC;oBACX,EAAE,EAAE,KAAK,CAAC,EAAE;oBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;oBACd,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,KAAK,EAAE,IAAI,IAAI,GAAG,CAAC,UAAU;iBAC9B,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,GAAG,CAAC,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC;IACrD,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,SAAS;QACT,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,SAAS;QAClC,OAAO;KACR,CAAC;AACJ,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAElC,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5D,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEjD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7D,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,SAAS,KAAK,QAAQ;QACjC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,CAAC,CAAC,EAAE,CAAC;IACT,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,sEAAsE;IACtE,sEAAsE;IACtE,IAAI,aAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACzC,aAAa;YACV,UAAU,CAAC,UAAiC,IAAI,SAAS,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,eAAe;SACzB,CAAC,CAAC;IACL,CAAC;IACD,IACE,CAAC,aAAa;QACd,aAAa,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,WAAW,EAAE,EACvD,CAAC;QACD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,4CAA4C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,kFAAkF;QACvF,IAAI,EAAE,CAAC,SAAS,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE5D,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,qEAAqE;QACrE,8DAA8D;QAC9D,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qGAAqG;SACxG,CAAC,CAAC;IACL,CAAC;IAED,uEAAuE;IACvE,mEAAmE;IACnE,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KAC9B,CAAC,CAAC;IAEH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;AACzC,CAAC,CACF,CAAC","sourcesContent":["import {\n defineEventHandler,\n getRouterParam,\n getRequestURL,\n createError,\n type H3Event,\n} from \"h3\";\n\n/**\n * Extract the :id from invitation-accept paths. The framework request handler\n * strips the mount prefix before calling the handler, so `event.url.pathname`\n * is the relative tail — e.g. `/some-id/accept`. Falls back to matching the\n * full path for contexts that don't strip, and to the h3 router param.\n */\nfunction extractInvitationId(event: H3Event): string | undefined {\n const fromRouter = getRouterParam(event, \"id\");\n if (fromRouter) return fromRouter;\n const path = getRequestURL(event).pathname;\n const match =\n path.match(/^\\/([^\\/]+)\\/accept\\/?$/) ??\n path.match(/\\/org\\/invitations\\/([^\\/]+)\\/accept\\/?$/);\n return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\n\n/** Extract the :email from member-delete and member-role paths. Same prefix-stripping caveat. */\nfunction extractMemberEmail(event: H3Event): string | undefined {\n const fromRouter = getRouterParam(event, \"email\");\n if (fromRouter) return fromRouter;\n const path = getRequestURL(event).pathname;\n const match =\n path.match(/^\\/([^\\/]+)\\/role\\/?$/) ??\n path.match(/^\\/([^\\/]+)\\/?$/) ??\n path.match(/\\/org\\/members\\/([^\\/]+)(?:\\/role)?\\/?$/);\n return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\nconst nanoid = (): string =>\n globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n Math.random().toString(36).slice(2) + Date.now().toString(36);\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { getSession } from \"../server/auth.js\";\nimport { putUserSetting } from \"../settings/user-settings.js\";\nimport { getDbExec } from \"../db/client.js\";\nimport { sendEmail, isEmailConfigured } from \"../server/email.js\";\nimport { renderInviteEmail } from \"../server/email-templates.js\";\nimport { getAppProductionUrl } from \"../server/app-url.js\";\nimport { getOrgContext, createOrganization } from \"./context.js\";\nimport { isFreeEmailProvider } from \"./free-email-providers.js\";\nimport type { OrgRole } from \"./types.js\";\n\nfunction getInviteAppUrl(event: H3Event): string {\n return getAppProductionUrl(event);\n}\n\nfunction escapeHtml(s: string): string {\n return s\n .replace(/&/g, \"&amp;\")\n .replace(/</g, \"&lt;\")\n .replace(/>/g, \"&gt;\")\n .replace(/\"/g, \"&quot;\")\n .replace(/'/g, \"&#39;\");\n}\n\nasync function exec() {\n return getDbExec();\n}\n\nfunction requireAuthEmail(session: { email?: string } | null): string {\n const email = session?.email;\n if (!email) {\n throw createError({ statusCode: 401, message: \"Authentication required\" });\n }\n return email;\n}\n\n/** GET /_agent-native/org/me — current user's active org, all orgs, pending invitations */\nexport const getMyOrgHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n\n const e = await exec();\n const allOrgsRes = await e.execute({\n sql: `SELECT m.org_id AS \"orgId\", m.role AS role, o.name AS \"orgName\"\n FROM org_members m\n INNER JOIN organizations o ON m.org_id = o.id\n WHERE LOWER(m.email) = ?`,\n args: [ctx.email.toLowerCase()],\n });\n const orgs = allOrgsRes.rows.map((r: any) => ({\n orgId: String(r.orgId ?? r.org_id),\n role: String(r.role) as OrgRole,\n orgName: String(r.orgName ?? r.org_name),\n }));\n\n let domainMatches: Array<{ orgId: string; orgName: string }> = [];\n const domain = ctx.email.split(\"@\")[1]?.toLowerCase();\n if (domain) {\n try {\n const dmRes = await e.execute({\n sql: `SELECT o.id, o.name\n FROM organizations o\n WHERE LOWER(o.allowed_domain) = ?\n AND NOT EXISTS (\n SELECT 1\n FROM org_members m\n WHERE m.org_id = o.id\n AND LOWER(m.email) = ?\n )`,\n args: [domain, ctx.email.toLowerCase()],\n });\n domainMatches = dmRes.rows.map((r: any) => ({\n orgId: String(r.id),\n orgName: String(r.name),\n }));\n } catch {\n // allowed_domain column may not exist yet if migration hasn't run\n }\n }\n\n let allowedDomain: string | null = null;\n let a2aSecret: string | null = null;\n if (ctx.orgId) {\n try {\n const adRes = await e.execute({\n sql: `SELECT allowed_domain, a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n if (adRes.rows[0]) {\n allowedDomain =\n String((adRes.rows[0] as any).allowed_domain ?? \"\") || null;\n a2aSecret = String((adRes.rows[0] as any).a2a_secret ?? \"\") || null;\n }\n } catch {\n // Column may not exist yet\n }\n }\n\n const isOwnerOrAdmin = ctx.role === \"owner\" || ctx.role === \"admin\";\n\n const invitesRes = await e.execute({\n // Case-insensitive match: invitations are stored with whatever case\n // the inviter typed, but the session email may be normalized\n // differently by the auth provider. LOWER(both sides) keeps these\n // discoverable and matches getOrgContext.hasPendingInvitation.\n sql: `SELECT i.id AS id, i.org_id AS \"orgId\", o.name AS \"orgName\", i.invited_by AS \"invitedBy\"\n FROM org_invitations i\n INNER JOIN organizations o ON i.org_id = o.id\n WHERE LOWER(i.email) = ? AND i.status = 'pending'`,\n args: [ctx.email.toLowerCase()],\n });\n const pendingInvitations = invitesRes.rows.map((r: any) => ({\n id: String(r.id),\n orgId: String(r.orgId ?? r.org_id),\n orgName: String(r.orgName ?? r.org_name),\n invitedBy: String(r.invitedBy ?? r.invited_by),\n }));\n\n return {\n email: ctx.email,\n orgId: ctx.orgId,\n orgName: ctx.orgName,\n role: ctx.role,\n orgs,\n pendingInvitations,\n domainMatches,\n allowedDomain,\n a2aSecret: isOwnerOrAdmin ? a2aSecret : undefined,\n };\n});\n\n/** POST /_agent-native/org — create a new organization */\nexport const createOrgHandler = defineEventHandler(async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const name = body?.name?.trim();\n if (!name) {\n throw createError({\n statusCode: 400,\n message: \"Organization name is required\",\n });\n }\n\n const { id, name: createdName, role } = await createOrganization(name, email);\n return { id, name: createdName, role };\n});\n\n/** GET /_agent-native/org/members — list org members */\nexport const listMembersHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) return { members: [], hasMore: false, nextOffset: null };\n\n const url = getRequestURL(event);\n const search = (\n url.searchParams.get(\"search\") ??\n url.searchParams.get(\"q\") ??\n \"\"\n )\n .trim()\n .toLowerCase();\n const hasLimit = url.searchParams.has(\"limit\");\n const hasOffset = url.searchParams.has(\"offset\");\n const shouldPaginate = hasLimit || hasOffset || search.length > 0;\n const limit = shouldPaginate\n ? clampInteger(url.searchParams.get(\"limit\"), 25, 1, 100)\n : null;\n const offset = shouldPaginate\n ? clampInteger(url.searchParams.get(\"offset\"), 0, 0, 100_000)\n : 0;\n\n const e = await exec();\n const args: unknown[] = [ctx.orgId];\n let sql = `SELECT email, role, joined_at AS \"joinedAt\" FROM org_members WHERE org_id = ?`;\n if (search) {\n sql += ` AND LOWER(email) LIKE ? ESCAPE '\\\\'`;\n args.push(`%${escapeLike(search)}%`);\n }\n sql += ` ORDER BY LOWER(email) ASC`;\n if (limit !== null) {\n sql += ` LIMIT ? OFFSET ?`;\n args.push(limit + 1, offset);\n }\n\n const { rows } = await e.execute({\n sql,\n args,\n });\n const pageRows = limit !== null ? rows.slice(0, limit) : rows;\n const hasMore = limit !== null && rows.length > limit;\n const members = pageRows.map((r: any) => ({\n email: String(r.email),\n role: String(r.role) as OrgRole,\n joinedAt: Number(r.joinedAt ?? r.joined_at),\n }));\n return {\n members,\n hasMore,\n nextOffset: hasMore ? offset + members.length : null,\n };\n});\n\nfunction clampInteger(\n input: string | null,\n fallback: number,\n min: number,\n max: number,\n): number {\n const value = input === null ? fallback : Number.parseInt(input, 10);\n if (!Number.isFinite(value)) return fallback;\n return Math.min(max, Math.max(min, value));\n}\n\nfunction escapeLike(value: string): string {\n return value.replace(/[\\\\%_]/g, (match) => `\\\\${match}`);\n}\n\nfunction normalizeInviteRole(input: unknown): \"member\" | \"admin\" {\n return input === \"admin\" ? \"admin\" : \"member\";\n}\n\ninterface SingleInviteResult {\n id: string;\n email: string;\n role: \"member\" | \"admin\";\n status: \"pending\";\n emailSent: boolean;\n emailError?: string;\n}\n\ninterface SingleInviteFailure {\n email: string;\n error: string;\n}\n\nasync function inviteOne(\n ctx: { orgId: string; orgName: string | null; email: string },\n rawEmail: string,\n role: \"member\" | \"admin\",\n event: H3Event,\n): Promise<SingleInviteResult> {\n const email = rawEmail.trim().toLowerCase();\n if (!email) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n if (!/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/.test(email)) {\n throw createError({\n statusCode: 400,\n message: `Invalid email: ${rawEmail}`,\n });\n }\n\n const e = await exec();\n\n const existingMember = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [ctx.orgId, email],\n });\n if (existingMember.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: `${email} is already a member`,\n });\n }\n\n const existingInvite = await e.execute({\n sql: `SELECT 1 FROM org_invitations WHERE org_id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n args: [ctx.orgId, email],\n });\n if (existingInvite.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: `An invitation is already pending for ${email}`,\n });\n }\n\n const id = nanoid();\n await e.execute({\n sql: `INSERT INTO org_invitations (id, org_id, email, invited_by, created_at, status, role) VALUES (?, ?, ?, ?, ?, 'pending', ?)`,\n args: [id, ctx.orgId, email, ctx.email, Date.now(), role],\n });\n\n let emailSent = false;\n let emailError: string | undefined;\n if (isEmailConfigured()) {\n try {\n const { subject, html, text } = renderInviteEmail({\n invitee: email,\n orgName: ctx.orgName || \"your team\",\n acceptUrl: getInviteAppUrl(event),\n inviter: ctx.email,\n });\n await sendEmail({ to: email, subject, html, text });\n emailSent = true;\n } catch (err) {\n emailError = err instanceof Error ? err.message : String(err);\n console.error(\"[org/invitations] failed to send invite email\", err);\n }\n }\n\n return { id, email, role, status: \"pending\", emailSent, emailError };\n}\n\n/** POST /_agent-native/org/invitations — invite one or many users by email */\nexport const createInvitationHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"You must belong to an organization to invite members\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can invite members\",\n });\n }\n\n const body = await readBody(event);\n\n // Bulk shape: { invites: [{ email, role }, ...] } — preferred for any\n // multi-recipient flow (paste-many, CSV upload). Single shape:\n // { email, role } — kept for backwards compatibility.\n const invitesInput: Array<{ email: string; role?: string }> | null =\n Array.isArray(body?.invites)\n ? body.invites.map((inv: any) => ({\n email: String(inv?.email ?? \"\"),\n role: inv?.role,\n }))\n : null;\n\n if (invitesInput) {\n const succeeded: SingleInviteResult[] = [];\n const failed: SingleInviteFailure[] = [];\n const seen = new Set<string>();\n\n for (const inv of invitesInput) {\n const lower = inv.email.trim().toLowerCase();\n if (!lower) continue;\n if (seen.has(lower)) continue;\n seen.add(lower);\n\n try {\n const result = await inviteOne(\n { orgId: ctx.orgId, orgName: ctx.orgName, email: ctx.email },\n inv.email,\n normalizeInviteRole(inv.role),\n event,\n );\n succeeded.push(result);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n failed.push({ email: lower, error: message });\n }\n }\n\n return {\n succeeded,\n failed,\n total: succeeded.length + failed.length,\n };\n }\n\n // Single-invite shape.\n const role = normalizeInviteRole(body?.role);\n const result = await inviteOne(\n { orgId: ctx.orgId, orgName: ctx.orgName, email: ctx.email },\n body?.email ?? \"\",\n role,\n event,\n );\n return result;\n },\n);\n\n/** GET /_agent-native/org/invitations — list pending invitations for the org */\nexport const listInvitationsHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) return { invitations: [] };\n\n const e = await exec();\n const { rows } = await e.execute({\n sql: `SELECT id, email, invited_by AS \"invitedBy\", created_at AS \"createdAt\", status, role\n FROM org_invitations\n WHERE org_id = ? AND status = 'pending'`,\n args: [ctx.orgId],\n });\n const invitations = rows.map((r: any) => ({\n id: String(r.id),\n email: String(r.email),\n invitedBy: String(r.invitedBy ?? r.invited_by),\n createdAt: Number(r.createdAt ?? r.created_at),\n status: String(r.status),\n role:\n (String(r.role ?? \"member\") as OrgRole) === \"admin\"\n ? \"admin\"\n : \"member\",\n }));\n return { invitations };\n },\n);\n\n/** POST /_agent-native/org/invitations/:id/accept — accept an invitation */\nexport const acceptInvitationHandler = defineEventHandler(\n async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const invitationId = extractInvitationId(event);\n if (!invitationId) {\n throw createError({\n statusCode: 400,\n message: \"Invitation ID required\",\n });\n }\n\n const e = await exec();\n\n const invRes = await e.execute({\n // Case-insensitive on email — see comment on the analogous\n // pending-invitations query in getMyOrgHandler.\n sql: `SELECT id, org_id AS \"orgId\", role FROM org_invitations\n WHERE id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n args: [invitationId, email.toLowerCase()],\n });\n if (invRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"Invitation not found or already used\",\n });\n }\n const inv = invRes.rows[0] as any;\n const invOrgId = String(inv.orgId ?? inv.org_id);\n const inviteRole: OrgRole = inv.role === \"admin\" ? \"admin\" : \"member\";\n\n const existingMembership = await e.execute({\n sql: `SELECT role FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [invOrgId, email.toLowerCase()],\n });\n\n const orgRes = await e.execute({\n sql: `SELECT name FROM organizations WHERE id = ? LIMIT 1`,\n args: [invOrgId],\n });\n const orgName = String((orgRes.rows[0] as any)?.name ?? \"\");\n\n if (existingMembership.rows.length > 0) {\n await e.execute({\n sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n args: [invitationId],\n });\n await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n return {\n orgId: invOrgId,\n orgName,\n role: String((existingMembership.rows[0] as any).role) as OrgRole,\n };\n }\n\n await e.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, ?, ?)`,\n args: [nanoid(), invOrgId, email, inviteRole, Date.now()],\n });\n\n await e.execute({\n sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n args: [invitationId],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n\n return { orgId: invOrgId, orgName, role: inviteRole };\n },\n);\n\n/** DELETE /_agent-native/org/members/:email — remove a member (owner/admin only) */\nexport const removeMemberHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can remove members\",\n });\n }\n\n const memberEmail = extractMemberEmail(event);\n if (!memberEmail) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n\n // memberEmail comes from the URL path verbatim; org_members may\n // hold the row with any case. LOWER both sides for the lookup AND\n // the DELETE so removal works regardless of how either side cased\n // it. The self-removal guard ALSO compares case-insensitively —\n // otherwise an owner whose email was stored as Alice@... could\n // remove themselves via the lowercase URL alice@..., bypassing the\n // guard and leaving the org ownerless.\n const memberEmailLower = memberEmail.toLowerCase();\n if (memberEmailLower === ctx.email.toLowerCase() && ctx.role === \"owner\") {\n throw createError({\n statusCode: 400,\n message: \"Organization owner cannot remove themselves\",\n });\n }\n const e = await exec();\n // Look specifically for an OWNER row matching this email rather\n // than just \"any matching row\". Duplicate-case rows are possible\n // (e.g. legacy data with both \"Alice@...\" and \"alice@...\" in\n // org_members), and the prior `SELECT role ... LIMIT 1` could\n // return the non-owner duplicate, pass the role check, and then\n // the case-insensitive DELETE below would remove BOTH rows —\n // including the owner — leaving the org ownerless. Querying for\n // the owner row directly closes that case-mismatch attack.\n const ownerCheck = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? AND role = 'owner' LIMIT 1`,\n args: [ctx.orgId, memberEmailLower],\n });\n if (ownerCheck.rows.length > 0) {\n throw createError({\n statusCode: 403,\n message: \"Cannot remove the organization owner\",\n });\n }\n\n await e.execute({\n sql: `DELETE FROM org_members WHERE org_id = ? AND LOWER(email) = ?`,\n args: [ctx.orgId, memberEmailLower],\n });\n\n return { success: true };\n },\n);\n\n/**\n * PUT /_agent-native/org/members/:email/role — change a member's role\n * (owner/admin only). Body: { role: \"admin\" | \"member\" }.\n *\n * Only owners can promote/demote admins. (Admins can manage members but\n * not other admins — otherwise an admin could escalate themselves to\n * owner-equivalent control by promoting a confederate.)\n */\nexport const changeMemberRoleHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can change member roles\",\n });\n }\n\n const memberEmail = extractMemberEmail(event);\n if (!memberEmail) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n const memberEmailLower = memberEmail.toLowerCase();\n\n const body = await readBody(event);\n const role = body?.role === \"admin\" ? \"admin\" : \"member\";\n\n const e = await exec();\n\n // Look up the target member's current role to enforce sensible rules\n // about what changes are allowed.\n const current = await e.execute({\n sql: `SELECT role FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [ctx.orgId, memberEmailLower],\n });\n if (current.rows.length === 0) {\n throw createError({ statusCode: 404, message: \"Member not found\" });\n }\n const currentRole = String((current.rows[0] as any).role) as OrgRole;\n\n if (currentRole === \"owner\") {\n throw createError({\n statusCode: 400,\n message: \"Cannot change the organization owner's role\",\n });\n }\n\n // Admins are scoped to managing members. If they could promote\n // members to admin, they could grant near-owner powers without owner\n // approval. Restrict admin/admin role transitions to the owner.\n if (ctx.role === \"admin\" && (currentRole === \"admin\" || role === \"admin\")) {\n throw createError({\n statusCode: 403,\n message: \"Only the organization owner can manage admins\",\n });\n }\n\n // Self-demotion guard: prevent the only admin from removing their own\n // ability to manage things, and prevent the owner-self edge case\n // (already filtered above by the currentRole check).\n if (memberEmailLower === ctx.email.toLowerCase() && ctx.role === \"admin\") {\n throw createError({\n statusCode: 400,\n message: \"Use the owner account to change your own admin role\",\n });\n }\n\n await e.execute({\n sql: `UPDATE org_members SET role = ? WHERE org_id = ? AND LOWER(email) = ?`,\n args: [role, ctx.orgId, memberEmailLower],\n });\n\n return { email: memberEmailLower, role };\n },\n);\n\n/** PATCH /_agent-native/org — rename the current organization (owner/admin only) */\nexport const updateOrgHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can update the organization\",\n });\n }\n\n const body = await readBody(event);\n const name = body?.name?.trim();\n if (!name) {\n throw createError({\n statusCode: 400,\n message: \"Organization name is required\",\n });\n }\n\n const e = await exec();\n await e.execute({\n sql: `UPDATE organizations SET name = ? WHERE id = ?`,\n args: [name, ctx.orgId],\n });\n\n return { orgId: ctx.orgId, name };\n});\n\n/** PUT /_agent-native/org/switch — switch the user's active organization */\nexport const switchOrgHandler = defineEventHandler(async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const orgId = body?.orgId;\n\n if (!orgId) {\n await putUserSetting(email, \"active-org-id\", { orgId: null });\n return { orgId: null, orgName: null, role: null };\n }\n\n const e = await exec();\n const membership = await e.execute({\n sql: `SELECT m.role AS role, o.name AS \"orgName\"\n FROM org_members m\n INNER JOIN organizations o ON m.org_id = o.id\n WHERE m.org_id = ? AND LOWER(m.email) = ? LIMIT 1`,\n args: [orgId, email.toLowerCase()],\n });\n\n if (membership.rows.length === 0) {\n throw createError({\n statusCode: 403,\n message: \"You are not a member of that organization\",\n });\n }\n\n await putUserSetting(email, \"active-org-id\", { orgId });\n\n const row = membership.rows[0] as any;\n return {\n orgId,\n orgName: String(row.orgName ?? row.org_name),\n role: String(row.role) as OrgRole,\n };\n});\n\n/** POST /_agent-native/org/join-by-domain — join an org whose allowed_domain matches your email */\nexport const joinByDomainHandler = defineEventHandler(\n async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const orgId = body?.orgId;\n if (!orgId) {\n throw createError({ statusCode: 400, message: \"orgId is required\" });\n }\n\n const e = await exec();\n\n const orgRes = await e.execute({\n sql: `SELECT id, name, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n args: [orgId],\n });\n if (orgRes.rows.length === 0) {\n throw createError({ statusCode: 404, message: \"Organization not found\" });\n }\n const org = orgRes.rows[0] as any;\n const allowedDomain = String(org.allowed_domain || \"\").toLowerCase();\n const userDomain = email.split(\"@\")[1]?.toLowerCase();\n\n if (!allowedDomain || allowedDomain !== userDomain) {\n throw createError({\n statusCode: 403,\n message:\n \"Your email domain does not match this organization's allowed domain\",\n });\n }\n\n const existing = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [orgId, email.toLowerCase()],\n });\n if (existing.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: \"Already a member of this organization\",\n });\n }\n\n await e.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n args: [nanoid(), orgId, email, Date.now()],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId });\n\n return {\n orgId,\n orgName: String(org.name),\n role: \"member\" as OrgRole,\n };\n },\n);\n\n/** PUT /_agent-native/org/domain — set or clear the allowed email domain (owner/admin only) */\nexport const setDomainHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No active organization\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can set the allowed domain\",\n });\n }\n\n const body = await readBody(event);\n const raw = body?.domain?.trim()?.toLowerCase() || null;\n\n if (raw && !/^([a-z0-9]([a-z0-9-]*[a-z0-9])?\\.)+[a-z]{2,}$/.test(raw)) {\n throw createError({\n statusCode: 400,\n message: \"Invalid domain format\",\n });\n }\n\n if (raw) {\n // Auto-join is \"anyone with this domain joins automatically\". That is\n // safe for company domains (the company controls who gets an address)\n // and catastrophic for shared mailbox providers — anyone in the world\n // could create a matching mailbox and silently join the org.\n if (isFreeEmailProvider(raw)) {\n throw createError({\n statusCode: 400,\n message:\n \"Free email providers (gmail.com, outlook.com, etc.) cannot be used as an auto-join domain. Use your company's own domain.\",\n });\n }\n\n // Restrict to the admin's own email domain. Without this, an admin\n // could set `allowed_domain` to a domain they don't control, and\n // anyone signing up under that domain would join the org. Even with\n // the free-provider blocklist above, that would still let an admin\n // hijack a competitor's domain.\n const ownDomain = ctx.email.split(\"@\")[1]?.toLowerCase() ?? \"\";\n if (raw !== ownDomain) {\n throw createError({\n statusCode: 400,\n message: `You can only auto-join your own email domain (${ownDomain}).`,\n });\n }\n }\n\n const e = await exec();\n\n if (raw) {\n const existing = await e.execute({\n sql: `SELECT id FROM organizations WHERE LOWER(allowed_domain) = ? AND id != ? LIMIT 1`,\n args: [raw, ctx.orgId],\n });\n if (existing.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: \"Another organization already uses this domain\",\n });\n }\n }\n\n await e.execute({\n sql: `UPDATE organizations SET allowed_domain = ? WHERE id = ?`,\n args: [raw, ctx.orgId],\n });\n\n return { domain: raw };\n});\n\n/** PUT /_agent-native/org/a2a-secret — regenerate or set the org's A2A secret (owner/admin only) */\nexport const setA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"No active organization\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can manage the A2A secret\",\n });\n }\n\n const body = await readBody(event);\n let secret = body?.secret?.trim() || null;\n\n // If no secret provided, auto-generate one\n if (!secret) {\n const { randomBytes } = await import(\"node:crypto\");\n secret = randomBytes(32).toString(\"base64url\");\n }\n\n const e = await exec();\n // Read the previous secret BEFORE overwriting so the client can chain a\n // sync call that signs JWTs with the secret peers still hold.\n const prevRes = await e.execute({\n sql: `SELECT a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n const previousSecret =\n String((prevRes.rows[0] as any)?.a2a_secret ?? \"\") || null;\n\n await e.execute({\n sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n args: [secret, ctx.orgId],\n });\n\n return { a2aSecret: secret, previousSecret };\n },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/sync — push the org's A2A secret to all\n * connected apps so cross-app delegation works without manual copy/paste.\n *\n * Auth: standard session — owner/admin only.\n *\n * For each discovered agent, signs a JWT with the org's CURRENT a2a_secret\n * and POSTs to `<app>/_agent-native/org/a2a-secret/receive` with the same\n * secret + the org's domain. The receiving app verifies the JWT using its\n * own copy of the secret (peers must already share a secret to be trusted)\n * — for the first-ever sync this means at least one peer must already hold\n * the secret, which is the bootstrap. For ongoing rotation, regenerate\n * locally and call sync immediately; sync signs with the secret that's\n * currently in DB, which the peers still have.\n *\n * Body (optional): { signSecret?: string } — sign the outbound JWTs with\n * this secret instead of the org's current secret. Used by the regenerate-\n * then-sync flow: regenerate stores the NEW secret, but sync needs to\n * authenticate using the OLD one that peers still hold. Owner/admin only,\n * gated by the session.\n */\nexport const syncA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"No active organization\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can sync the A2A secret\",\n });\n }\n\n const body = await readBody(event).catch(() => null);\n const overrideSignSecret =\n typeof body?.signSecret === \"string\" && body.signSecret.trim()\n ? body.signSecret.trim()\n : null;\n\n const e = await exec();\n const orgRes = await e.execute({\n sql: `SELECT a2a_secret, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n if (orgRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"Organization not found\",\n });\n }\n const orgRow = orgRes.rows[0] as any;\n const secret = String(orgRow.a2a_secret ?? \"\") || null;\n const orgDomain = String(orgRow.allowed_domain ?? \"\") || null;\n\n if (!secret) {\n throw createError({\n statusCode: 400,\n message: \"Org has no A2A secret. Generate one first before syncing.\",\n });\n }\n if (!orgDomain) {\n throw createError({\n statusCode: 400,\n message:\n \"Org has no allowed domain set. Set the email domain first so connected apps can identify which org to update.\",\n });\n }\n\n const signSecret = overrideSignSecret || secret;\n\n const { discoverAgents } = await import(\"../server/agent-discovery.js\");\n const { signA2AToken } = await import(\"../a2a/client.js\");\n\n const agents = await discoverAgents();\n\n const results: Array<{\n id: string;\n name: string;\n url: string;\n ok: boolean;\n status?: number;\n error?: string;\n }> = [];\n\n await Promise.all(\n agents.map(async (agent) => {\n try {\n const token = await signA2AToken(ctx.email, orgDomain, signSecret);\n\n const target = `${agent.url.replace(/\\/$/, \"\")}/_agent-native/org/a2a-secret/receive`;\n const res = await fetch(target, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({ secret, orgDomain }),\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: false,\n status: res.status,\n error: text || res.statusText,\n });\n return;\n }\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: true,\n status: res.status,\n });\n } catch (err) {\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: false,\n error: err instanceof Error ? err.message : String(err),\n });\n }\n }),\n );\n\n const succeeded = results.filter((r) => r.ok).length;\n return {\n total: results.length,\n succeeded,\n failed: results.length - succeeded,\n results,\n };\n },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/receive — accept a secret push from a\n * connected agent-native app. Auth-exempt at the route guard; we verify a\n * JWT signed by the calling app using OUR copy of the org's a2a_secret. If\n * verification succeeds the calling app is a trusted peer and we overwrite\n * our local org's secret with the supplied value.\n *\n * Body: { secret: string, orgDomain: string }\n *\n * Header: Authorization: Bearer <JWT signed with the existing shared\n * a2a_secret, with `org_domain` matching the body's orgDomain>.\n */\nexport const receiveA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const { getRequestHeader } = await import(\"h3\");\n const jose = await import(\"jose\");\n\n const authHeader = getRequestHeader(event, \"authorization\");\n if (!authHeader || !authHeader.startsWith(\"Bearer \")) {\n throw createError({\n statusCode: 401,\n message: \"Bearer token required\",\n });\n }\n const token = authHeader.slice(\"Bearer \".length);\n\n const body = await readBody(event);\n const newSecret =\n typeof body?.secret === \"string\" ? body.secret.trim() : \"\";\n const orgDomain =\n typeof body?.orgDomain === \"string\"\n ? body.orgDomain.trim().toLowerCase()\n : \"\";\n if (!newSecret || !orgDomain) {\n throw createError({\n statusCode: 400,\n message: \"secret and orgDomain are required\",\n });\n }\n\n // Peek at JWT (unverified) to confirm it claims the same domain we're\n // updating. Verification still happens below with the trusted secret.\n let claimedDomain: string | undefined;\n try {\n const unverified = jose.decodeJwt(token);\n claimedDomain =\n (unverified.org_domain as string | undefined) || undefined;\n } catch {\n throw createError({\n statusCode: 401,\n message: \"Malformed JWT\",\n });\n }\n if (\n !claimedDomain ||\n claimedDomain.toLowerCase() !== orgDomain.toLowerCase()\n ) {\n throw createError({\n statusCode: 401,\n message: \"JWT org_domain does not match request body\",\n });\n }\n\n // Look up our local org by the domain and grab the existing secret.\n const e = await exec();\n const orgRes = await e.execute({\n sql: `SELECT id, a2a_secret FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n args: [orgDomain],\n });\n if (orgRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"No local org matches that domain\",\n });\n }\n const row = orgRes.rows[0] as any;\n const localOrgId = String(row.id);\n const existingSecret = String(row.a2a_secret ?? \"\") || null;\n\n if (!existingSecret) {\n // Bootstrap requires an existing shared secret to verify the caller.\n // If we have nothing on file, we can't verify trust — refuse.\n throw createError({\n statusCode: 401,\n message:\n \"Local org has no A2A secret yet — cannot verify caller. Set the secret manually for the first time.\",\n });\n }\n\n // Verify the JWT using OUR existing secret. If the caller is a trusted\n // peer they signed with the same secret and verification succeeds.\n try {\n await jose.jwtVerify(token, new TextEncoder().encode(existingSecret));\n } catch {\n throw createError({\n statusCode: 401,\n message: \"Invalid or expired JWT signature\",\n });\n }\n\n // Trusted — apply the new secret.\n await e.execute({\n sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n args: [newSecret, localOrgId],\n });\n\n return { ok: true, orgId: localOrgId };\n },\n);\n"]}
package/docs/content/actions.md CHANGED
@@ -201,7 +201,9 @@ This advertises the MCP Apps extension (`io.modelcontextprotocol/ui`), exposes t
201
201
  The helper launches the action's `link` target through `/_agent-native/embed/start` with a short-lived browser session, so routes such as full dashboards, filtered inboxes, drafts, and extension pages can reuse the app's React components directly.
202
202
  Same-app `open_app({ embed: true })` mints that embed-start ticket during the
203
203
  original tool call, and custom actions can return `embedStartUrl` for the same
204
- fast path; otherwise the resource falls back to the app-only
204
+ fast path. The MCP layer keeps ticket-bearing embed-start URLs in hidden
205
+ metadata and removes them from model-visible `structuredContent` and open-link
206
+ metadata; otherwise the resource falls back to the app-only
205
207
  `create_embed_session` helper.
206
208
  Standard hosts navigate the MCP App frame directly to that signed route.
207
209
  Claude web uses a single-frame transplant path that hydrates the signed app
@@ -217,7 +219,9 @@ and explicit diagnostic iframe path proxy `agentNative.mcpHost.*` messages
217
219
  through the launch wrapper.
218
220
  When a submitted app prompt should continue the host chat, call
219
221
  `sendToAgentChat()` from the embedded route; it sends hidden model context and
220
- then posts a visible user message through the host bridge where supported.
222
+ then posts a visible user message through the host bridge where supported. Keep
223
+ internal route/app-state instructions in the hidden context; the visible prompt
224
+ should be the user's actual request.
221
225
  Design those routes with their own scrolling, because the MCP resource reports
222
226
  a bounded inline height rather than asking the host to size itself to the full
223
227
  app document. `embedApp({ height })` defaults to a `560px` shell, clamps to
package/docs/content/client.md CHANGED
@@ -77,7 +77,8 @@ When the app route is running inside an MCP App embed created with `embedApp()`,
77
77
  auto-submitted messages (`submit` omitted or `true`) are forwarded to the MCP
78
78
  App host bridge, which asks the containing host to add hidden context and send
79
79
  the visible user turn. `context` is sent as model context before the visible
80
- message, so it stays model-visible without being posted as user-facing chat.
80
+ message, so it stays model-visible without being posted as user-facing chat or
81
+ concatenated into the host's visible prompt.
81
82
  `submit: false` keeps the local prefill/review behavior because MCP Apps do not
82
83
  define a standard draft-prefill API.
83
84
 
package/docs/content/external-agents.md CHANGED
@@ -52,7 +52,10 @@ OAuth grants are per host and per user. The host stores the tokens and
52
52
  mediates tool/resource calls, so inline MCP App previews never receive raw
53
53
  OAuth tokens. ChatGPT can keep a reviewed or published connector's tool
54
54
  snapshot until you refresh/review it again, so rescan the connector after MCP
55
- tool or MCP App metadata changes. The scopes are:
55
+ tool or MCP App metadata changes. If you still have old per-app connectors
56
+ enabled alongside Dispatch, refresh or reconnect each stale connector; updating
57
+ Dispatch does not rewrite ChatGPT or Claude's cached Calendar/Mail/etc.
58
+ snapshots. The scopes are:
56
59
 
57
60
  | Scope | What it enables |
58
61
  | ----------- | ---------------------------------------------------- |
@@ -237,11 +240,13 @@ embedded routes so a reload with the same signed URL reconstructs the same
237
240
  view.
238
241
 
239
242
  For same-app `open_app({ embed: true })`, the framework mints the embed-start
240
- ticket during the original tool call and returns `embedStartUrl` in the hidden
241
- structured payload. Custom actions can do the same. When no `embedStartUrl` is
243
+ ticket during the original tool call and stores the signed start URL in hidden
244
+ tool metadata. Custom actions can return `embedStartUrl` for the same fast
245
+ path; the MCP layer strips that ticket-bearing URL from model-visible
246
+ `structuredContent` and normal open-link metadata. When no embed start URL is
242
247
  present, the resource falls back to the app-only `create_embed_session` helper.
243
248
  This keeps production hosts that restrict iframe-initiated tool calls on the
244
- direct route.
249
+ direct route without leaking one-time app session URLs into the transcript.
245
250
 
246
251
  ChatGPT gets a dedicated compatibility path through `window.openai`: the launch
247
252
  document reads `toolInput`, `toolOutput`, and `toolResponseMetadata` directly,
@@ -438,7 +443,9 @@ loads third-party assets.
438
443
  Inside those `embedApp()` routes, `sendToAgentChat()` is embed-aware.
439
444
  Auto-submitted prompts relay to the MCP host as `ui/update-model-context` plus
440
445
  `ui/message`, so a button in the embedded app can intentionally continue the
441
- Claude/ChatGPT conversation from the selected app state. `submit: false`
446
+ Claude/ChatGPT conversation from the selected app state. Hidden context is sent
447
+ as model context; the visible user turn stays just the app's prompt, which
448
+ avoids scary host consent around internal app-state file paths. `submit: false`
442
449
  remains local prefill/review behavior.
443
450
 
444
451
  ### The `link` contract {#link-contract}
@@ -587,6 +594,10 @@ The fallback hosted `connect` flow never copies the deployment's shared secret.
587
594
  - When validating ChatGPT or Claude web, trigger a fresh tool call after shell
588
595
  changes and measure the visible iframe. Previously rendered frames in the
589
596
  same conversation may still show cached height or launch behavior.
597
+ - Keep ChatGPT/Claude app-host catalogs compact. Use Dispatch and
598
+ `open_app({ embed: true })` for full-app previews; only mark a specific
599
+ action `mcpApp.compactCatalog: true` when it must appear directly in the
600
+ compact host discovery surface.
590
601
 
591
602
  **Don't**
592
603
 
package/docs/content/mcp-protocol.md CHANGED
@@ -89,9 +89,10 @@ For normal action authoring, use `embedRoute()` when the action's
89
89
  `link` and `mcpApp` should come from the same pure route builder. The route
90
90
  itself should derive state from the URL and normal app data fetching.
91
91
  Same-app `open_app({ embed: true })` returns a server-minted `embedStartUrl`
92
- so the resource can launch without a second iframe-originated tool call;
93
- custom actions can return the same field when they already know the target
94
- route.
92
+ so the resource can launch without a second iframe-originated tool call. The
93
+ server moves that ticket-bearing URL into hidden metadata and strips it from
94
+ model-visible structured content and normal open-link metadata. Custom actions
95
+ can return the same field when they already know the target route.
95
96
 
96
97
  The outer MCP resource reports a bounded inline height to the host and the app
97
98
  route scrolls internally. `embedApp({ height })` defaults to a `560px` shell,
@@ -158,14 +159,25 @@ Model context updates are opt-in and hidden from the user-facing transcript.
158
159
  `ui/message` is the portable way for an embedded app button to ask the host to
159
160
  post a visible user message and continue the chat. In agent-native routes,
160
161
  `sendToAgentChat()` uses `ui/update-model-context` plus `ui/message` when
161
- called from a submitted MCP App embed, while `submit: false` remains an
162
- in-route draft/prefill path.
162
+ called from a submitted MCP App embed. Hidden context is sent through model
163
+ context, while `ui/message` contains only the visible prompt. `submit: false`
164
+ remains an in-route draft/prefill path.
163
165
  Display mode requests are best-effort: a host can honor, ignore, or reject the
164
166
  request. Embedded routes must remain functional in the default inline mode.
165
167
 
166
168
  ## Tools {#tools}
167
169
 
168
- Stdio/code developer clients can see all connected app actions as MCP tools. Chat-style app hosts, including OAuth callers that request `mcp:apps` and generic authenticated remote HTTP/static-token callers, get a compact app-host catalog: app-facing builtins (`list_apps`, `open_app`, `ask_app`, and app-only `create_embed_session`) plus rare actions marked `mcpApp.compactCatalog: true`. Their `resources/list` is compact too, normally advertising only the generic `open_app` embed resource. `publicAgent.expose` remains the opt-in for safe read/ingest tools outside that compact app catalog. This keeps ChatGPT/Claude app-host discovery small while preserving the full developer surface for local agents.
170
+ Stdio/code developer clients can see all connected app actions as MCP tools
171
+ when they explicitly request the full catalog. Chat-style app hosts, including
172
+ OAuth callers that request `mcp:apps` and generic authenticated remote
173
+ HTTP/static-token callers, get a compact app-host catalog by default:
174
+ app-facing builtins (`list_apps`, `open_app`, `ask_app`, and app-only
175
+ `create_embed_session`) plus rare actions marked `mcpApp.compactCatalog: true`.
176
+ Their `resources/list` is compact too, normally advertising only the generic
177
+ `open_app` embed resource. `publicAgent.expose` remains the opt-in for safe
178
+ read/ingest tools outside that compact app catalog. This keeps ChatGPT/Claude
179
+ app-host discovery small while preserving the full developer surface for local
180
+ agents.
169
181
 
170
182
  The mapping is direct:
171
183
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agent-native/core",
3
- "version": "0.22.34",
3
+ "version": "0.22.36",
4
4
  "type": "module",
5
5
  "description": "Framework for agent-native application development — where AI agents and UI share state via files",
6
6
  "license": "MIT",