npm - @agent-native/core - Versions diffs - 0.22.36 → 0.22.37 - Mend

@agent-native/core 0.22.36 → 0.22.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/mcp/build-server.d.ts.map +1 -1
package/dist/mcp/build-server.js +13 -8
package/dist/mcp/build-server.js.map +1 -1
package/dist/mcp/embed-app.d.ts.map +1 -1
package/dist/mcp/embed-app.js +9 -6
package/dist/mcp/embed-app.js.map +1 -1
package/dist/server/embed-session.d.ts.map +1 -1
package/dist/server/embed-session.js +4 -0
package/dist/server/embed-session.js.map +1 -1
package/package.json +1 -1

package/dist/mcp/build-server.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAyBhE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC;;;;;;;;;;;OAWG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChD,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,gEAAgE;IAChE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;~~AAiQD~~;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAyBA;AAqYD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA6Z7B;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AA+FD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,EACrC,OAAO,GAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAO,GAC7D,OAAO,CAAC;IACT,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC,CAoHD;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}
1	+ {"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAyBhE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC;;;;;;;;;;;OAWG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChD,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,gEAAgE;IAChE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAsQD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAyBA;AAqYD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA6Z7B;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AA+FD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,EACrC,OAAO,GAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAO,GAC7D,OAAO,CAAC;IACT,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC,CAoHD;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}

package/dist/mcp/build-server.js CHANGED Viewed

@@ -203,14 +203,15 @@ function mcpAppEmbedOpenLinkMeta(result, resource, meta) {
         : typeof out.path === "string" && out.path.trim()
             ? out.path.trim()
             : undefined;
+    const safeViewOpenUrl = view ? view : undefined;
     const explicitOpenUrl = deepLinkUrl
         ? deepLinkUrl
         : typeof out.url === "string" && !isEmbedStartUrl(out.url)
             ? out.url
-            : view;
+            : safeViewOpenUrl;
     const safeOpenUrl = explicitOpenUrl
         ? toAbsoluteOpenUrl(explicitOpenUrl, meta?.origin)
-        : webUrl;
+        : null;
     return {
         "agent-native/embedStart": {
             startUrl: webUrl,
@@ -218,12 +219,16 @@ function mcpAppEmbedOpenLinkMeta(result, resource, meta) {
                 ? { expiresAt: out.embedExpiresAt }
                 : {}),
         },
-        "agent-native/openLink": {
-            label,
-            ...(view ? { view } : {}),
-            webUrl: safeOpenUrl,
-            desktopUrl: safeOpenUrl,
-        },
+        ...(safeOpenUrl
+            ? {
+                "agent-native/openLink": {
+                    label,
+                    ...(view ? { view } : {}),
+                    webUrl: safeOpenUrl,
+                    desktopUrl: safeOpenUrl,
+                },
+            }
+            : {}),
     };
 }
 /**

package/dist/mcp/build-server.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"build-server.js","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,6BAA6B,GAG9B,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,iCAAiC,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC7E,OAAO,EACL,yBAAyB,EACzB,8BAA8B,GAC/B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,+BAA+B,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAEL,gBAAgB,EAChB,yBAAyB,GAC1B,MAAM,kBAAkB,CAAC;AA8F1B,SAAS,4BAA4B,CACnC,KAAkB,EAClB,MAA4B;IAE5B,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,QAAQ,GACZ,KAAK,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;IACrD,OAAO,gBAAgB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,gCAAgC,GAAG,IAAI,GAAG,CAAC;IAC/C,WAAW;IACX,UAAU;IACV,SAAS;IACT,sBAAsB;CACvB,CAAC,CAAC;AAEH,SAAS,wCAAwC,CAC/C,IAAY,EACZ,KAAkB,EAClB,MAAiB;IAEjB,IAAI,gCAAgC,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5D,IACG,KAAK,CAAC,MAAmD;QACxD,EAAE,cAAc,KAAK,IAAI,EAC3B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,MAAM,CAAC,oBAAoB,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;QACpE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,uBAAuB,GAAG,wCAAwC,CAAC;AACzE,MAAM,uBAAuB,GAC3B,6DAA6D,CAAC;AAChE,MAAM,8BAA8B,GAClC,2DAA2D,CAAC;AAC9D,MAAM,sBAAsB,GAC1B,uGAAuG,CAAC;AAE1G,KAAK,UAAU,wBAAwB,CACrC,QAAuC;IAEvC,MAAM,QAAQ,GAAG,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACjD,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAE5B,SAAS,oBAAoB,CAAC,KAAgC;QAC5D,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QACzB,OAAO,CACL,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC;YACnC,CAAC,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,CACrC,CAAC;IACJ,CAAC;IAED,SAAS,uBAAuB,CAAC,KAAgC;QAC/D,OAAO,OAAO,CAAC,KAAK,IAAI,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,SAAS,wBAAwB,CAAC,GAAW;QAC3C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACzB,OAAO,CACL,GAAG,CAAC,QAAQ,KAAK,QAAQ;gBACzB,8BAA8B,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAClD,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,IAAI,oBAAoB,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAChD,IAAI,uBAAuB,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC9C,2EAA2E;QAC3E,2EAA2E;QAC3E,yBAAyB;QACzB,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,IAAI,oBAAoB,CAAC,MAAM,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QACzD,IAAI,uBAAuB,CAAC,MAAM,CAAC,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QAC7D,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,wBAAwB,CAAC;YAAE,OAAO,IAAI,CAAC;QACpE,0EAA0E;QAC1E,0EAA0E;QAC1E,mCAAmC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,yEAAyE;QACzE,2EAA2E;QAC3E,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,gCAAgC,CACvC,WAAuC;IAEvC,IAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACnE,IAAI,WAAW,EAAE,WAAW,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,WAAW,EAAE,UAAU,EAAE,CAAC;QAC5B,OAAO,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,sBAAsB,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,mCAAmC,CAC1C,QAAuC,EACvC,WAAuC;IAEvC,IAAI,gCAAgC,CAAC,WAAW,CAAC;QAAE,OAAO,KAAK,CAAC;IAChE,2EAA2E;IAC3E,4EAA4E;IAC5E,IAAI,QAAQ,EAAE,aAAa;QAAE,OAAO,KAAK,CAAC;IAC1C,2EAA2E;IAC3E,wEAAwE;IACxE,0EAA0E;IAC1E,OAAO,WAAW,EAAE,WAAW,KAAK,IAAI,CAAC;AAC3C,CAAC;AAwBD,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAChE,CAAC,CAAE,KAAiC;QACpC,CAAC,CAAC,EAAE,CAAC;AACT,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IACjE,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAc;IAC9C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IACjE,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACjB,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,SAAiB;IAC/C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,6BAA6B,CAAC;QAC3C,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC;YACnC,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC;YAC1B,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QACvB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC;QAC3D,OAAO,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC;YAC9B,CAAC,CAAC,GAAG,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE;YAC3C,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,6BAA6B,CAAC;QAC3C,MAAM,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC1E,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAC9B,MAAe,EACf,QAAgC,EAChC,IAAgC;IAEhC,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,aAAa,GACjB,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ;QACnC,CAAC,CAAC,GAAG,CAAC,aAAa;QACnB,CAAC,CAAC,GAAG,CAAC,KAAK,KAAK,IAAI;YAChB,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ;YAC3B,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,4BAA4B,CAAC;YAChD,CAAC,CAAC,GAAG,CAAC,GAAG;YACT,CAAC,CAAC,IAAI,CAAC;IACb,IAAI,CAAC,aAAa;QAAE,OAAO,EAAE,CAAC;IAE9B,MAAM,MAAM,GAAG,iBAAiB,CAC9B,sBAAsB,CAAC,aAAa,CAAC,EACrC,IAAI,EAAE,MAAM,CACb,CAAC;IACF,MAAM,WAAW,GACf,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;IAC/D,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,IAAI,IAAI,KAAK,CAAC;IAC/D,MAAM,KAAK,GACT,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE;QAC3C,CAAC,CAAC,QAAQ,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE;QAC1B,CAAC,CAAC,aAAa,CAAC;IACpB,MAAM,IAAI,GACR,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;QAC7C,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;QACjB,CAAC,CAAC,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;YAC/C,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;YACjB,CAAC,CAAC,SAAS,CAAC;IAClB,MAAM,eAAe,GAAG,WAAW;QACjC,CAAC,CAAC,WAAW;QACb,CAAC,CAAC,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC;YACxD,CAAC,CAAC,GAAG,CAAC,GAAG;YACT,CAAC,CAAC,IAAI,CAAC;IACX,MAAM,WAAW,GAAG,eAAe;QACjC,CAAC,CAAC,iBAAiB,CAAC,eAAe,EAAE,IAAI,EAAE,MAAM,CAAC;QAClD,CAAC,CAAC,MAAM,CAAC;IAEX,OAAO;QACL,yBAAyB,EAAE;YACzB,QAAQ,EAAE,MAAM;YAChB,GAAG,CAAC,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ;gBACxC,CAAC,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,cAAc,EAAE;gBACnC,CAAC,CAAC,EAAE,CAAC;SACR;QACD,uBAAuB,EAAE;YACvB,KAAK;YACL,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACzB,MAAM,EAAE,WAAW;YACnB,UAAU,EAAE,WAAW;SACxB;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAkB,EAClB,IAAyB,EACzB,MAAW,EACX,IAAgC;IAKhC,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,EAAE,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,EAAE,EAAE,GAAG;YAAE,OAAO,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,yBAAyB,CAAC,EAAE,CAAC,GAAG,CAAC;YAC/C,CAAC,CAAC,8BAA8B,CAAC,EAAE,CAAC,GAAG,CAAC;YACxC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC;QACX,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,IAAI,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;QACrE,OAAO;YACL,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,KAAK,OAAO,WAAW,GAAG,EAAE;YACpE,KAAK,EAAE;gBACL,uBAAuB,EAAE;oBACvB,KAAK,EAAE,EAAE,CAAC,KAAK;oBACf,IAAI,EAAE,EAAE,CAAC,IAAI;oBACb,MAAM;oBACN,UAAU;iBACX;aACF;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,iBAAiB,CACxB,MAAiB,EACjB,WAAwC,EACxC,WAA4B;IAE5B,IAAI,MAAM,CAAC,oBAAoB,KAAK,KAAK;QAAE,OAAO,WAAW,CAAC;IAC9D,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAgC,EAAE,GAAG,QAAQ,EAAE,CAAC;IAC5D,wDAAwD;IACxD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IACvB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,KAAyB,EAAE,QAAgB;IAChE,MAAM,UAAU,GAAG,CAAC,KAAK,IAAI,QAAQ,CAAC;SACnC,IAAI,EAAE;SACN,WAAW,EAAE;SACb,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC;SAC9B,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAC3B,OAAO,UAAU,IAAI,QAAQ,CAAC;AAChC,CAAC;AAED,2EAA2E;AAC3E,2EAA2E;AAC3E,MAAM,8BAA8B,GAAG,WAAW,CAAC;AAEnD,SAAS,sBAAsB,CAAC,MAAiB,EAAE,UAAkB;IACnE,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACjD,OAAO,QAAQ,GAAG,IAAI,MAAM,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,wBAAwB,CAC/B,MAAc;IAEd,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAC1B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1C,MAAM,aAAa,GAAG,IAAI,8BAA8B,EAAE,CAAC;IAC3D,IAAI,YAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClD,MAAM,CAAC,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;YAC1C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,aAAa,CAAC;YAC9C,CAAC,CAAC,GAAG,IAAI,GAAG,aAAa,EAAE,CAAC;QAC9B,YAAY,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO;QACL,GAAG,EAAE,YAAY;QACjB,GAAG,CAAC,YAAY,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACvD,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,MAAiB,EACjB,UAAkB,EAClB,KAAkB;IAElB,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC;IACxC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,OAAO,GACX,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,sBAAsB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACrE,OAAO,wBAAwB,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,0BAA0B,CACjC,OAA6B,EAC7B,WAA4B;IAE5B,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,MAAM,MAAM,GAAG,WAAW,EAAE,MAAM,CAAC;IACnC,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE,CAChC,MAAM,KAAK,iCAAiC,IAAI,MAAM;QACpD,CAAC,CAAC,CAAC,MAAM,CAAC;QACV,CAAC,CAAC,CAAC,MAAM,CAAC,CACb,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CACtB,SAAsC,EACtC,WAA4B;IAE5B,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,GAAG,GAA6B,EAAE,CAAC;IACzC,MAAM,cAAc,GAAG,0BAA0B,CAC/C,SAAS,CAAC,cAAc,EACxB,WAAW,CACZ,CAAC;IACF,MAAM,eAAe,GAAG,0BAA0B,CAChD,SAAS,CAAC,eAAe,EACzB,WAAW,CACZ,CAAC;IACF,MAAM,YAAY,GAAG,0BAA0B,CAC7C,SAAS,CAAC,YAAY,EACtB,WAAW,CACZ,CAAC;IACF,IAAI,cAAc,EAAE,MAAM;QAAE,GAAG,CAAC,eAAe,GAAG,cAAc,CAAC;IACjE,IAAI,eAAe,EAAE,MAAM;QAAE,GAAG,CAAC,gBAAgB,GAAG,eAAe,CAAC;IACpE,IAAI,YAAY,EAAE,MAAM;QAAE,GAAG,CAAC,aAAa,GAAG,YAAY,CAAC;IAC3D,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,SAAS,YAAY,CACnB,QAAoC,EACpC,WAAwC,EACxC,WAA4B,EAC5B,WAAoB;IAEpB,MAAM,IAAI,GACR,QAAQ,CAAC,KAAK,IAAI,OAAO,QAAQ,CAAC,KAAK,KAAK,QAAQ;QAClD,CAAC,CAAC,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE;QACvB,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,UAAU,GACd,IAAI,CAAC,EAAE,IAAI,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/D,CAAC,CAAE,IAAI,CAAC,EAA8B;QACtC,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,EAAE,GAA4B,EAAE,GAAG,UAAU,EAAE,CAAC;IACtD,OAAO,EAAE,CAAC,MAAM,CAAC;IACjB,IAAI,WAAW,EAAE,CAAC;QAChB,EAAE,CAAC,GAAG,GAAG;YACP,GAAG,WAAW;YACd,cAAc,EAAE,0BAA0B,CACxC,WAAW,CAAC,cAAc,EAC1B,WAAW,CACZ;YACD,eAAe,EAAE,0BAA0B,CACzC,WAAW,CAAC,eAAe,EAC3B,WAAW,CACZ;YACD,YAAY,EAAE,0BAA0B,CACtC,WAAW,CAAC,YAAY,EACxB,WAAW,CACZ;YACD,cAAc,EAAE,0BAA0B,CACxC,WAAW,CAAC,cAAc,EAC1B,WAAW,CACZ;SACF,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,WAAW;QAAE,EAAE,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;IAChE,MAAM,kBAAkB,GACtB,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC;QACzC,wBAAwB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9C,IAAI,kBAAkB;QAAE,EAAE,CAAC,MAAM,GAAG,kBAAkB,CAAC;IACvD,MAAM,kBAAkB,GACtB,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC7B,YAAY,CAAC,EAAE,CAAC,MAAM,CAAC;QACvB,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC;QAC/B,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IACpC,IAAI,OAAO,QAAQ,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QAChD,EAAE,CAAC,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC;IAC5C,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IAC7C,IAAI,WAAW,IAAI,IAAI,CAAC,0BAA0B,CAAC,IAAI,IAAI,EAAE,CAAC;QAC5D,IAAI,CAAC,0BAA0B,CAAC,GAAG,WAAW,CAAC;IACjD,CAAC;IACD,IACE,OAAO,QAAQ,CAAC,aAAa,KAAK,SAAS;QAC3C,IAAI,CAAC,4BAA4B,CAAC,IAAI,IAAI,EAC1C,CAAC;QACD,IAAI,CAAC,4BAA4B,CAAC,GAAG,QAAQ,CAAC,aAAa,CAAC;IAC9D,CAAC;IACD,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IAC5D,IAAI,SAAS,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,IAAI,EAAE,CAAC;QAClD,IAAI,CAAC,kBAAkB,CAAC,GAAG,SAAS,CAAC;IACvC,CAAC;IACD,IAAI,kBAAkB,IAAI,IAAI,CAAC,qBAAqB,CAAC,IAAI,IAAI,EAAE,CAAC;QAC9D,IAAI,CAAC,qBAAqB,CAAC,GAAG,kBAAkB,CAAC;IACnD,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AACzD,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,QAAoC,EACpC,GAA0B;IAE1B,IAAI,CAAC,QAAQ,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IACpC,OAAO,OAAO,QAAQ,CAAC,GAAG,KAAK,UAAU;QACvC,CAAC,CAAC,MAAM,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;QACzB,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,MAAiB,EACjB,UAAkB,EAClB,KAAkB,EAClB,WAA4B;IAE5B,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC;IACxC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;IACpE,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAC9B,MAAM,WAAW,GAAG,QAAQ,CAAC,WAAW,IAAI,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;IACnE,MAAM,WAAW,GAAG,MAAM,gBAAgB,CAAC,QAAQ,EAAE;QACnD,UAAU;QACV,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,aAAa,EAAE,WAAW,EAAE,MAAM;KACnC,CAAC,CAAC;IACH,MAAM,YAAY,GAAG,YAAY,CAC/B,QAAQ,EACR,WAAW,EACX,WAAW,EACX,WAAW,CACZ,CAAC;IACF,OAAO;QACL,GAAG,EAAE,WAAW,CAAC,GAAG;QACpB,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,UAAU;QACzC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpD,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,iBAAiB;QAChD,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,MAAiB,EACjB,UAAkB,EAClB,KAAkB,EAClB,WAA4B;IAE5B,IAAI,CAAC;QACH,OAAO,MAAM,qBAAqB,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC;IAC7E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CACV,+CAA+C,UAAU,+CAA+C,EACxG,KAAK,CACN,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,MAAiB,EACjB,OAAoC,EACpC,WAA4B;IAE5B,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CACjC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAC5C,2BAA2B,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,CAAC,CAC9D,CACF,CAAC;IACF,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAsC,EAAE,CACvE,OAAO,CAAC,QAAQ,CAAC,CAClB,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,QAAgC,EAChC,UAAkB,EAClB,MAAiB,EACjB,WAA4B;IAE5B,IAAI,OAAO,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACxC,OAAO,QAAQ,CAAC,IAAI,CAAC;YACnB,UAAU;YACV,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,aAAa,EAAE,WAAW,EAAE,MAAM;SACnC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC;AACvB,CAAC;AAED,SAAS,wBAAwB,CAC/B,QAAgC;IAEhC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,IAAI,CAAC;IAC9C,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACvE,OAAO;QACL,uBAAuB,EAAE,QAAQ,CAAC,GAAG;QACrC,gCAAgC,EAAE,WAAW,KAAK,EAAE;QACpD,+BAA+B,EAAE,GAAG,KAAK,QAAQ;QACjD,yBAAyB,EAAE,IAAI;QAC/B,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC;YACnC,CAAC,CAAC,EAAE,kBAAkB,EAAE,SAAS,EAAE;YACnC,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,QAAgC;IAEhC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,IAAI,CAAC;IAC9C,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACvE,OAAO;QACL,uBAAuB,EAAE,QAAQ,CAAC,GAAG;QACrC,gCAAgC,EAAE,WAAW,KAAK,EAAE;QACpD,+BAA+B,EAAE,GAAG,KAAK,QAAQ;QACjD,yBAAyB,EAAE,IAAI;QAC/B,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC;YACnC,CAAC,CAAC,EAAE,kBAAkB,EAAE,SAAS,EAAE;YACnC,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,QAAgC,EAChC,UAAmB;IAEnB,OAAO;QACL,WAAW,EAAE,QAAQ,CAAC,GAAG;QACzB,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC;KACtE,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,OAAO,KAAK,KAAK,QAAQ;QACzB,OAAO,KAAK,KAAK,SAAS,CAC3B,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAC9B,MAAe,EACf,IAAyC;IAEzC,MAAM,GAAG,GACP,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAC5D,CAAC,CAAC,EAAE,GAAI,MAAkC,EAAE;QAC5C,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC;YACtB,CAAC,CAAC,EAAE,MAAM,EAAE;YACZ,CAAC,CAAC,EAAE,CAAC;IACX,KAAK,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,UAAU,CAAC,EAAE,CAAC;QAChD,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,eAAe,CAAC,KAAK,CAAC;YAAE,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5D,OAAO,GAAG,CAAC,GAAG,CAAC;IACjB,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,EAAE,CAAC,uBAAuB,CAAC,CAAC;IACjD,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzE,MAAM,MAAM,GAAI,QAAoC,CAAC,MAAM,CAAC;QAC5D,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1D,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QAC9D,CAAC;QACD,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACxB,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,GAAG;YAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC;IAC/D,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC9D,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa,EAAE,GAAG,GAAG,IAAI;IACjD,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC;AACvC,CAAC;AAED,SAAS,qBAAqB,CAC5B,IAAY,EACZ,MAAe,EACf,iBAA0C;IAE1C,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAChE,MAAM,OAAO,GAAG,iBAAiB,CAAC,OAAO,CAAC;IAC1C,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QAClD,OAAO,gBAAgB,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,IAAI,iBAAiB,CAAC,IAAI,CAAC;IAChE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC9C,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC;IACrC,CAAC;IACD,MAAM,EAAE,GAAG,iBAAiB,CAAC,EAAE,CAAC;IAChC,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC;QACxC,OAAO,GAAG,IAAI,kBAAkB,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC;IAC/C,CAAC;IACD,OAAO,GAAG,IAAI,aAAa,CAAC;AAC9B,CAAC;AAED,8EAA8E;AAC9E,mEAAmE;AACnE,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiB,EACjB,QAAuC,EACvC,WAA4B;IAE5B,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC7E,MAAM,EACJ,sBAAsB,EACtB,qBAAqB,EACrB,0BAA0B,EAC1B,yBAAyB,EACzB,kCAAkC,GACnC,GAAG,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAEvD,uEAAuE;IACvE,0EAA0E;IAC1E,8DAA8D;IAC9D,4EAA4E;IAC5E,6EAA6E;IAC7E,2EAA2E;IAC3E,yEAAyE;IACzE,sBAAsB;IACtB,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IAClE,MAAM,iBAAiB,GACrB,QAAQ;QACR,CAAC,YAAY;YACX,CAAC,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE;YACnD,CAAC,CAAC,SAAS,CAAC,CAAC;IAEjB,0EAA0E;IAC1E,yEAAyE;IACzE,yEAAyE;IACzE,wEAAwE;IACxE,wEAAwE;IACxE,wEAAwE;IACxE,yEAAyE;IACzE,YAAY;IACZ,MAAM,cAAc,GAAG,WAAW,EAAE,WAAW,KAAK,IAAI,IAAI,CAAC,CAAC,YAAY,CAAC;IAC3E,MAAM,WAAW,GACf,cAAc,IAAI,MAAM,CAAC,iBAAiB;QACxC,CAAC,CAAC,MAAM,CAAC,iBAAiB;QAC1B,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;IACrB,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;IACpE,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CACvC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAC3C,4BAA4B,CAAC,KAAK,EAAE,iBAAiB,EAAE,WAAW,CAAC,CACpE,CACF,CAAC;IACF,MAAM,oBAAoB,GAAG,gCAAgC,CAAC,WAAW,CAAC;QACxE,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,iBAAiB,EAAE,WAAW,CAAC;YAC5C,gBAAgB,CAAC,iBAAiB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YAC9D,CAAC,MAAM,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;YACnD,mCAAmC,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACxE,MAAM,iBAAiB,GAAG,oBAAoB;QAC5C,CAAC,CAAC,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CACtD,wCAAwC,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAC9D,CACF;QACH,CAAC,CAAC,cAAc,CAAC;IACnB,MAAM,eAAe,GACnB,oBAAoB;QACpB,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAC9C,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAChC,CAAC;IACJ,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,OAAO,EAAE,EACzD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;YACT,GAAG,CAAC,eAAe;gBACjB,CAAC,CAAC;oBACE,SAAS,EAAE,EAAE;oBACb,UAAU,EAAE;wBACV,CAAC,oBAAoB,CAAC,EAAE;4BACtB,SAAS,EAAE,CAAC,iBAAiB,CAAC;yBAC/B;qBACF;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR;KACF,CACF,CAAC;IAEF,qEAAqE;IACrE,wEAAwE;IACxE,sEAAsE;IACtE,qEAAqE;IACrE,wCAAwC;IACxC,MAAM,YAAY,GAAG,sBAAsB,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAE1E;;;;;;;;;;OAUG;IACH,KAAK,UAAU,iBAAiB,CAAI,EAAoB;QACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC;QACjC,OAAO,qBAAqB,CAC1B;YACE,SAAS,EAAE,iBAAiB,EAAE,SAAS;YACvC,KAAK;YACL,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtE,EACD,EAAE,CACW,CAAC;IAClB,CAAC;IAED,wEAAwE;IACxE,wEAAwE;IACxE,8BAA8B;IAC9B,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAC7B,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE;gBAC5D,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU,CAAC;gBACjD,MAAM,cAAc,GAAG,MAAM,2BAA2B,CACtD,MAAM,EACN,IAAI,EACJ,KAAK,EACL,WAAW,CACZ,CAAC;gBACF,MAAM,WAAW,GACd,KAAK,CAAC,IAAY,CAAC,KAAK;oBACzB,OAAQ,KAAK,CAAC,IAAY,CAAC,KAAK,KAAK,QAAQ;oBAC7C,CAAC,KAAK,CAAC,OAAO,CAAE,KAAK,CAAC,IAAY,CAAC,KAAK,CAAC;oBACvC,CAAC,CAAC,EAAE,GAAK,KAAK,CAAC,IAAY,CAAC,KAAiC,EAAE;oBAC/D,CAAC,CAAC,EAAE,CAAC;gBACT,MAAM,QAAQ,GAAG;oBACf,GAAG,WAAW;oBACd,GAAG,CAAC,cAAc;wBAChB,CAAC,CAAC;4BACE,GAAG,wBAAwB,CAAC,cAAc,CAAC;4BAC3C,CAAC,6BAA6B,CAAC,EAAE,cAAc,CAAC,GAAG;4BACnD,EAAE,EAAE,gBAAgB,CAClB,cAAc,EACd,KAAK,CAAC,MAAM,EAAE,UAAU;gCACtB,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,UAAU,CAC5C;yBACF;wBACH,CAAC,CAAC,EAAE,CAAC;iBACR,CAAC;gBACF,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;gBACvD,MAAM,WAAW,GAA4B;oBAC3C,YAAY,EAAE,KAAK,CAAC,QAAQ,KAAK,IAAI;oBACrC,eAAe,EAAE,KAAK,CAAC,WAAW,EAAE,eAAe,KAAK,IAAI;oBAC5D,aAAa,EAAE,KAAK;iBACrB,CAAC;gBACF,IAAI,OAAO;oBAAE,WAAW,CAAC,+BAA+B,CAAC,GAAG,IAAI,CAAC;gBACjE,OAAO;oBACL,IAAI;oBACJ,WAAW,EAAE,OAAO;wBAClB,CAAC,CAAC,GAAG,eAAe,sEAAsE;wBAC1F,CAAC,CAAC,eAAe;oBACnB,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI;wBACpC,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE,EAAE;qBACf;oBACD,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAChE,WAAW;iBACZ,CAAC;YACJ,CAAC,CAAC,CACH,CAAC;YAEF,IACE,CAAC,oBAAoB;gBACrB,MAAM,CAAC,QAAQ;gBACf,gBAAgB,CAAC,iBAAiB,EAAE,WAAW,EAAE,WAAW,CAAC,EAC7D,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,WAAW;oBACjB,WAAW,EACT,4EAA4E;wBAC5E,4EAA4E;wBAC5E,iCAAiC;oBACnC,WAAW,EAAE;wBACX,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE;4BACV,OAAO,EAAE;gCACP,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,kCAAkC;6BAChD;yBACF;wBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;qBACtB;oBACD,WAAW,EAAE;wBACX,YAAY,EAAE,KAAK;wBACnB,eAAe,EAAE,KAAK;wBACtB,aAAa,EAAE,KAAK;qBACrB;iBACF,CAAC,CAAC;YACL,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,CAAC;QACnB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,uEAAuE;IACvE,iEAAiE;IACjE,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACrE,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAEjD,IAAI,IAAI,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC5C,IAAI,oBAAoB,EAAE,CAAC;oBACzB,OAAO;wBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;wBAC1D,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;oBACnE,OAAO;wBACL,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,iDAAiD;6BACxD;yBACF;wBACD,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;gBACD,MAAM,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBAC9C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;gBACvD,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,OAAO;wBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;wBAC1D,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,eAAe,GAAG,oBAAoB;gBAC1C,CAAC,CAAC,iBAAiB;gBACnB,CAAC,CAAC,OAAO,CAAC;YACZ,MAAM,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YACpC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YACD,IACE,CAAC,4BAA4B,CAAC,KAAK,EAAE,iBAAiB,EAAE,WAAW,CAAC,EACpE,CAAC;gBACD,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE,8CAA8C,IAAI,EAAE;yBAC3D;qBACF;oBACD,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAE,IAA+B,IAAI,EAAE,CAAC,CAAC;gBACvE,MAAM,SAAS,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC;gBAClE,MAAM,eAAe,GAAG,iBAAiB,CAAC,MAAM,CAAC;oBAC/C,CAAC,CAAC,MAAM,CAAC,IAAI;oBACb,CAAC,CAAC,MAAM,CAAC;gBACX,MAAM,cAAc,GAAG,MAAM,2BAA2B,CACtD,MAAM,EACN,IAAI,EACJ,KAAK,EACL,WAAW,CACZ,CAAC;gBACF,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,kBAAkB,CACzC,KAAK,EACJ,IAA4B,IAAI,EAAE,EACnC,SAAS,EACT,WAAW,CACZ,CAAC;gBACF,MAAM,YAAY,GAA4B;oBAC5C,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;oBAChB,GAAG,CAAC,cAAc;wBAChB,CAAC,CAAC,uBAAuB,CAAC,SAAS,EAAE,cAAc,EAAE,WAAW,CAAC;wBACjE,CAAC,CAAC,EAAE,CAAC;oBACP,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;iBAChE,CAAC;gBACF,MAAM,iBAAiB,GAAG,cAAc;oBACtC,CAAC,CAAC,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC;oBAClD,CAAC,CAAC,SAAS,CAAC;gBACd,MAAM,IAAI,GAAG,cAAc;oBACzB,CAAC,CAAC,qBAAqB,CAAC,IAAI,EAAE,eAAe,EAAE,iBAAkB,CAAC;oBAClE,CAAC,CAAC,OAAO,eAAe,KAAK,QAAQ;wBACnC,CAAC,CAAC,eAAe;wBACjB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;gBACtC,MAAM,OAAO,GAAU,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChD,IAAI,KAAK;oBAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC/B,OAAO;oBACL,OAAO;oBACP,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACnD,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,MAAM,GAAG,CAAC;wBACtC,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE;wBACzB,CAAC,CAAC,EAAE,CAAC;iBACR,CAAC;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,CAAC,iBAAiB,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;YAC9D,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAC9C,MAAM,EACN,iBAAiB,EACjB,WAAW,CACZ,CAAC;gBACF,OAAO;oBACL,SAAS,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;wBAC5C,GAAG,EAAE,QAAQ,CAAC,GAAG;wBACjB,IAAI,EAAE,QAAQ,CAAC,IAAI;wBACnB,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACpD,GAAG,CAAC,QAAQ,CAAC,WAAW;4BACtB,CAAC,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,EAAE;4BACvC,CAAC,CAAC,EAAE,CAAC;wBACP,QAAQ,EAAE,QAAQ,CAAC,QAAQ;wBAC3B,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;qBACrD,CAAC,CAAC;iBACJ,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,iBAAiB,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YACtE,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAC9C,MAAM,EACN,iBAAiB,EACjB,WAAW,CACZ,CAAC;gBACF,OAAO;oBACL,iBAAiB,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;wBACpD,WAAW,EAAE,QAAQ,CAAC,GAAG;wBACzB,IAAI,EAAE,QAAQ,CAAC,IAAI;wBACnB,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACpD,GAAG,CAAC,QAAQ,CAAC,WAAW;4BACtB,CAAC,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,EAAE;4BACvC,CAAC,CAAC,EAAE,CAAC;wBACP,QAAQ,EAAE,QAAQ,CAAC,QAAQ;wBAC3B,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;qBACrD,CAAC,CAAC;iBACJ,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,iBAAiB,CACtB,yBAAyB,EACzB,KAAK,EAAE,OAAY,EAAE,EAAE;YACrB,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;gBAChC,IAAI,KAAK,GAGE,IAAI,CAAC;gBAChB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAC9D,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;oBAC9D,IACE,CAAC,WAAW;wBACZ,CAAC,WAAW,CAAC,GAAG,KAAK,GAAG;4BACtB,CAAC,WAAW,CAAC,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,EACzC,CAAC;wBACD,SAAS;oBACX,CAAC;oBACD,MAAM,QAAQ,GAAG,MAAM,2BAA2B,CAChD,MAAM,EACN,IAAI,EACJ,KAAK,EACL,WAAW,CACZ,CAAC;oBACF,IAAI,QAAQ,EAAE,CAAC;wBACb,KAAK,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;oBACzC,CAAC;oBACD,MAAM;gBACR,CAAC;gBACD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,EAAE,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG;4BACH,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ;4BACjC,IAAI,EAAE,gBAAgB,CACpB,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,UAAU,EAChB,MAAM,EACN,WAAW,CACZ;4BACD,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK;gCACtB,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE;gCACjC,CAAC,CAAC,EAAE,CAAC;yBACR;qBACF;iBACF,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,6EAA6E;AAC7E,gFAAgF;AAChF,8EAA8E;AAE9E,MAAM,UAAU,eAAe;IAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACxC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CACT,GAAG,KAAK;aACL,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,CACnB,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,SAAS,yBAAyB,CAChC,gBAAoC;IAEpC,MAAM,KAAK,GACT,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE;QAC5C,CAAC,OAAO,gBAAgB,KAAK,QAAQ,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACjE,EAAE,CAAC;IACL,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACpD,CAAC;AAED,SAAS,kBAAkB,CACzB,UAAoB,EACpB,MAAiC;IAEjC,MAAM,OAAO,GAAG,MAAM,EAAE,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO;IACrD,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC3B,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,KAAa;IAEb,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAClC,IAAI,iBAAiB,GAAmC,IAAI,CAAC;IAC7D,IAAI,CAAC;QACH,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAA4B,CAAC;IACvE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,kBAAkB,CAAC,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE7D,MAAM,SAAS,GACb,OAAO,iBAAiB,CAAC,UAAU,KAAK,QAAQ;QAC9C,CAAC,CAAC,iBAAiB,CAAC,UAAU;QAC9B,CAAC,CAAC,SAAS,CAAC;IAChB,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YACnE,kBAAkB,CAChB,gBAAgB,EAChB,MAAM,oBAAoB,CAAC,SAAS,CAAC,CACtC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,0EAA0E;QAC5E,CAAC;IACH,CAAC;IAED,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CACtC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CACjC,CAAC;YACF,OAAO,OAAkC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,gEAAgE;QAClE,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,gBAAqC,EACrC,UAA4D,EAAE;IAa9D,oEAAoE;IACpE,yEAAyE;IACzE,0EAA0E;IAC1E,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;IACvC,MAAM,YAAY,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAC9C,MAAM,KAAK,GAAG,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;QAC7C,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QACrB,CAAC,CAAC,SAAS,CAAC;IACd,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,aAAa,GAAG,MAAM,yBAAyB,CACnD,KAAK,EACL,OAAO,CAAC,WAAW,CACpB,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE;oBACR,SAAS,EAAE,aAAa,CAAC,SAAS;oBAClC,SAAS,EAAE,aAAa,CAAC,SAAS;oBAClC,WAAW,EAAE,aAAa,CAAC,MAAM;oBACjC,aAAa,EAAE,aAAa,CAAC,QAAQ;iBACtC;gBACD,WAAW,EAAE,IAAI;aAClB,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,KAAK,EAAE,CAAC;QACzD,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;YACnC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;YACrD,uEAAuE;YACvE,sEAAsE;YACtE,uEAAuE;YACvE,iDAAiD;YACjD,WAAW,EAAE,CAAC,CAAC,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;SAC7D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAErC,wEAAwE;IACxE,uDAAuD;IACvD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,UAAU,GACd,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAChE,IAAI,UAAU,IAAI,UAAU,KAAK,iBAAiB,EAAE,CAAC;YACnD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3B,CAAC;QAED,uEAAuE;QACvE,mEAAmE;QACnE,sEAAsE;QACtE,uDAAuD;QACvD,mEAAmE;QACnE,kDAAkD;QAClD,IAAI,UAAU,KAAK,iBAAiB,EAAE,CAAC;YACrC,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBACpD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC3B,CAAC;YACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,EAAE,YAAY,EAAE,cAAc,EAAE,GACpC,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;gBACrC,IAAI,MAAM,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC5B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;gBAC3B,CAAC;gBACD,uDAAuD;gBACvD,KAAK,cAAc,CAAC,GAAG,CAAC,CAAC;YAC3B,CAAC;YAAC,MAAM,CAAC;gBACP,gEAAgE;YAClE,CAAC;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE;gBACR,SAAS,EAAE,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;gBACpE,SAAS,EACP,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;oBACpC,CAAC,CAAE,OAAO,CAAC,UAAqB;oBAChC,CAAC,CAAC,SAAS;aAChB;YACD,mEAAmE;YACnE,WAAW,EAAE,IAAI;SAClB,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;YACnC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;YACrD,WAAW,EAAE,CAAC,CAAC,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;SAC7D,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,uEAAuE;IACvE,4DAA4D;IAC5D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;YACrD,qDAAqD;YACrD,WAAW,EAAE,IAAI;SAClB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,SAA6B;IAE7B,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAChD,OAAO,GAAG,EAAE,KAAK,IAAI,SAAS,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["/*\n Shared MCP server builder.\n \n Extracted from `server.ts` so the stateless Streamable-HTTP mount\n * (`mountMCP`) and the stdio transport (`runMCPStdio --standalone`) build the\n * same MCP server from the same `ActionEntry` registry. Both surfaces:\n \n - expose every action as an MCP tool (+ the `ask-agent` meta-tool),\n * - append the framework deep-link block / `_meta` to every tool result,\n * - wrap `run()` / `askAgent()` in `runWithRequestContext` so per-user /\n * per-org scoping (accessFilter, resolveCredential, MCP visibility) is\n * honoured.\n \n `server.ts` re-exports `createMCPServerForRequest` and the auth helpers so\n * any (future) external importer of `@agent-native/core/mcp` keeps resolving.\n \n Node-only at the SDK level, but this module itself has no Node-only imports\n * — it can be bundled into the serverless function alongside `mountMCP`.\n /\n\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport { isMcpActionResult } from \"../mcp-client/app-result.js\";\nimport {\n MCP_APP_EXTENSION_ID,\n MCP_APP_MIME_TYPE,\n MCP_APP_RESOURCE_URI_META_KEY,\n type ActionMcpAppCsp,\n type ActionMcpAppResourceConfig,\n} from \"../action.js\";\nimport { MCP_APP_REQUEST_ORIGIN_CSP_SOURCE } from \"./embed-app.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { toAbsoluteOpenUrl, toDesktopOpenUrl } from \"../server/deep-link.js\";\nimport {\n isAgentNativeOpenDeepLink,\n withCollapsedAgentSidebarParam,\n} from \"../shared/agent-sidebar-url.js\";\nimport { MCP_APP_CHAT_BRIDGE_QUERY_PARAM } from \"../shared/embed-auth.js\";\nimport { getBuiltinCrossAppTools } from \"./builtin-tools.js\";\nimport { MCP_CONNECT_SCOPE } from \"./connect-store.js\";\nimport {\n MCP_OAUTH_SCOPES,\n hasMcpOAuthScope,\n verifyMcpOAuthAccessToken,\n} from \"./oauth-token.js\";\n\nexport interface MCPConfig {\n /* App name shown in MCP server info /\n name: string;\n /\n Canonical app id (directory under `apps/`, e.g. `mail`) this MCP server\n * is mounted for. Optional & back-compat: when omitted the builtin\n * cross-app tools fall back to lowercasing `name`. Used by `open_app` /\n * `ask_app` / `create_workspace_app` to tell \"this app\" from a cross-app\n * target so they resolve the target app's origin rather than echoing the\n * current request origin.\n /\n appId?: string;\n /* App description /\n description: string;\n /* Version string (default \"1.0.0\") /\n version?: string;\n /* Action registry — same as agent chat and A2A /\n actions: Record<string, ActionEntry>;\n /\n Full (\"production\") action surface served to an *authenticated real\n caller** — a connect-minted token, an `agent-native mcp install` stdio\n * proxy (owner-email header / `AGENT_NATIVE_OWNER_EMAIL`), or a deployed /\n * `AGENT_MODE=production` app. In local dev `actions` is intentionally the\n * sparse, dev-toggled surface (builtins + read-only public-agent actions)\n * so the local agent chat and unauthenticated dev probes don't see every\n * mutating tool; but per the external-agents contract a real caller that\n * connected with a token MUST get the full surface even in dev. When unset\n * (production, where `actions` already IS the full set) the swap is a\n * no-op. See `external-agents` skill, \"Dev vs production tool surface\".\n /\n productionActions?: Record<string, ActionEntry>;\n /* Handler for the ask-agent meta-tool — runs the full agent loop /\n askAgent?: (message: string) => Promise<string>;\n /\n Disable the generic cross-app builtin tools (`list_apps`, `open_app`,\n * `ask_app`, `create_workspace_app`, `list_templates`). They are merged in\n * by default so external agents get a stable verb set; a template action of\n * the same name always wins (template precedence). Set to `false` only for\n * a constrained / locked-down mount.\n /\n builtinCrossAppTools?: boolean;\n}\n\n/\n Identity extracted from a verified MCP bearer token / JWT. Used to wrap\n * `entry.run()` and `config.askAgent()` calls in `runWithRequestContext`\n * so downstream tools (db-query, accessFilter, resolveCredential) honour\n * per-user / per-org scoping. Without this wrap the MCP endpoint would\n * silently bypass tenant isolation. See finding #6 in\n * /tmp/security-audit/12-mcp-a2a-agent.md.\n /\nexport interface MCPCallerIdentity {\n userEmail: string \| undefined;\n orgDomain: string \| undefined;\n /* Present only for standard remote MCP OAuth access tokens. /\n oauthScopes?: string[];\n /* Present only for standard remote MCP OAuth access tokens. /\n oauthClientId?: string;\n}\n\n/* Per-request context used to turn an action's relative deep link into the\n * absolute web URL (and desktop `agentnative://` URL) the external agent\n * surfaces. Derived from the inbound request headers in `mountMCP`, or from\n * the resolved local app origin in the stdio standalone path. /\nexport interface MCPRequestMeta {\n /* Origin of the running app, e.g. `http://localhost:8100`. /\n origin?: string;\n /* Optional client preference for which URL the markdown link uses. /\n target?: \"browser\" \| \"desktop\" \| \"terminal\";\n /\n Best-effort caller label derived from MCP transport headers. Chat-style\n * remote hosts should stay on the compact catalog; code/stdio clients can\n * explicitly identify themselves to keep the full action surface.\n /\n clientName?: string;\n /* Explicit framework client hint from `x-agent-native-mcp-client`. /\n clientHint?: string;\n /* Explicit opt-in to the full tool catalog for code/stdio style clients. /\n fullCatalog?: boolean;\n /\n The caller authenticated with a real credential (verified A2A/connect\n * JWT, matching ACCESS_TOKEN, or a forwarded owner-email header from\n * `agent-native mcp install`) — not the unauthenticated local dev-open\n * path. When true, `createMCPServerForRequest` serves\n * `config.productionActions` (the full surface) instead of the sparse dev\n * `config.actions`. Set by `mountMCP` from `verifyAuth`.\n /\n fullSurface?: boolean;\n}\n\ntype McpOAuthScope = (typeof MCP_OAUTH_SCOPES)[number];\n\nfunction isActionVisibleForOAuthScope(\n entry: ActionEntry,\n scopes: string[] \| undefined,\n): boolean {\n if (!scopes) return true;\n const required: McpOAuthScope =\n entry.readOnly === true ? \"mcp:read\" : \"mcp:write\";\n return hasMcpOAuthScope(scopes, required);\n}\n\nconst COMPACT_MCP_APP_CATALOG_BUILTINS = new Set([\n \"list_apps\",\n \"open_app\",\n \"ask_app\",\n \"create_embed_session\",\n]);\n\nfunction isActionAdvertisedInCompactMcpAppCatalog(\n name: string,\n entry: ActionEntry,\n config: MCPConfig,\n): boolean {\n if (COMPACT_MCP_APP_CATALOG_BUILTINS.has(name)) return true;\n if (\n (entry.mcpApp as { compactCatalog?: unknown } \| undefined)\n ?.compactCatalog === true\n ) {\n return true;\n }\n if (config.builtinCrossAppTools === false && entry.mcpApp?.resource) {\n return true;\n }\n return false;\n}\n\nconst MCP_APP_OAUTH_CLIENT_RE = /\\b(chatgpt\|openai\|claude\|anthropic)\\b/i;\nconst NON_APP_OAUTH_CLIENT_RE =\n /\\b(code\|cli\|cursor\|codex\|goose\|postman\|mcpjam\|inspector)\\b/i;\nconst MCP_APP_OAUTH_REDIRECT_HOST_RE =\n /(^\|\\.)((chatgpt\|openai)\\.com\|claude\\.ai\|anthropic\\.com)$/i;\nconst FULL_CATALOG_CLIENT_RE =\n /\\b(agent-native-mcp-(proxy\|stdio\|standalone)\|code\|cli\|cursor\|codex\|goose\|postman\|mcpjam\|inspector)\\b/i;\n\nasync function isKnownMcpAppOAuthClient(\n identity: MCPCallerIdentity \| undefined,\n): Promise<boolean> {\n const clientId = identity?.oauthClientId?.trim();\n if (!clientId) return false;\n\n function isKnownAppClientName(value: string \| undefined \| null): boolean {\n if (!value) return false;\n return (\n MCP_APP_OAUTH_CLIENT_RE.test(value) &&\n !NON_APP_OAUTH_CLIENT_RE.test(value)\n );\n }\n\n function isKnownNonAppClientName(value: string \| undefined \| null): boolean {\n return Boolean(value && NON_APP_OAUTH_CLIENT_RE.test(value));\n }\n\n function isKnownMcpAppRedirectUri(uri: string): boolean {\n try {\n const url = new URL(uri);\n return (\n url.protocol === \"https:\" &&\n MCP_APP_OAUTH_REDIRECT_HOST_RE.test(url.hostname)\n );\n } catch {\n return false;\n }\n }\n\n if (isKnownAppClientName(clientId)) return true;\n if (isKnownNonAppClientName(clientId)) return false;\n\n try {\n const { getOAuthClient } = await import(\"./oauth-store.js\");\n const client = await getOAuthClient(clientId);\n // If the token carries an OAuth client id but its registration is missing,\n // keep the model on the compact MCP Apps surface instead of exposing every\n // private action/schema.\n if (!client) return true;\n if (isKnownAppClientName(client.clientName)) return true;\n if (isKnownNonAppClientName(client.clientName)) return false;\n if (client.redirectUris.some(isKnownMcpAppRedirectUri)) return true;\n // Most OAuth hosts are UI-oriented MCP clients. Preserve the full catalog\n // only for known code/CLI clients so unknown browser hosts cannot trigger\n // massive resources/list payloads.\n return true;\n } catch {\n // On metadata lookup errors, fail compact instead of falling back to the\n // full action surface; ChatGPT/Claude old tokens otherwise get huge lists.\n return true;\n }\n}\n\nfunction explicitlyRequestsFullMcpCatalog(\n requestMeta: MCPRequestMeta \| undefined,\n): boolean {\n if (process.env.AGENT_NATIVE_MCP_FULL_CATALOG === \"1\") return true;\n if (requestMeta?.fullCatalog === true) return true;\n if (requestMeta?.clientHint) {\n return FULL_CATALOG_CLIENT_RE.test(requestMeta.clientHint);\n }\n return FULL_CATALOG_CLIENT_RE.test(requestMeta?.clientName ?? \"\");\n}\n\nfunction shouldUseCompactMcpCatalogByDefault(\n identity: MCPCallerIdentity \| undefined,\n requestMeta: MCPRequestMeta \| undefined,\n): boolean {\n if (explicitlyRequestsFullMcpCatalog(requestMeta)) return false;\n // OAuth callers are classified through `isKnownMcpAppOAuthClient`: unknown\n // OAuth clients compact by default, while known code/CLI clients stay full.\n if (identity?.oauthClientId) return false;\n // A real authenticated remote HTTP caller with no OAuth client metadata is\n // usually a chat-host static-token connector. Keep it on the app-facing\n // verbs so a host cannot dump every action schema into a giant tool card.\n return requestMeta?.fullSurface === true;\n}\n\ninterface ResolvedMcpAppResource {\n uri: string;\n legacyUris?: string[];\n name: string;\n title?: string;\n description?: string;\n html: ActionMcpAppResourceConfig[\"html\"];\n mimeType: typeof MCP_APP_MIME_TYPE;\n _meta?: Record<string, unknown>;\n}\n\ninterface McpAppResourceContext {\n actionName: string;\n appId?: string;\n requestOrigin?: string;\n}\n\ninterface VersionedMcpAppResourceUri {\n uri: string;\n legacyUris?: string[];\n}\n\nfunction metadataObject(value: unknown): Record<string, unknown> {\n return value && typeof value === \"object\" && !Array.isArray(value)\n ? (value as Record<string, unknown>)\n : {};\n}\n\nfunction originString(value: unknown): string \| undefined {\n if (typeof value !== \"string\" \|\| !value.trim()) return undefined;\n try {\n return new URL(value).origin;\n } catch {\n return undefined;\n }\n}\n\nfunction hostSpecificDomainString(value: unknown): string \| undefined {\n if (typeof value !== \"string\" \|\| !value.trim()) return undefined;\n const trimmed = value.trim();\n try {\n new URL(trimmed);\n return undefined;\n } catch {\n return trimmed;\n }\n}\n\nfunction withMcpChatBridgeParam(urlOrPath: string): string {\n try {\n const base = \"http://agent-native.invalid\";\n const url = urlOrPath.startsWith(\"/\")\n ? new URL(urlOrPath, base)\n : new URL(urlOrPath);\n url.searchParams.set(MCP_APP_CHAT_BRIDGE_QUERY_PARAM, \"1\");\n return urlOrPath.startsWith(\"/\")\n ? `${url.pathname}${url.search}${url.hash}`\n : url.toString();\n } catch {\n return urlOrPath;\n }\n}\n\nfunction isEmbedStartUrl(value: string): boolean {\n try {\n const base = \"http://agent-native.invalid\";\n const url = value.startsWith(\"/\") ? new URL(value, base) : new URL(value);\n return url.pathname.includes(\"/_agent-native/embed/start\");\n } catch {\n return value.includes(\"/_agent-native/embed/start\");\n }\n}\n\nfunction mcpAppEmbedOpenLinkMeta(\n result: unknown,\n resource: ResolvedMcpAppResource,\n meta: MCPRequestMeta \| undefined,\n): Record<string, unknown> {\n const out = metadataObject(result);\n const embedStartUrl =\n typeof out.embedStartUrl === \"string\"\n ? out.embedStartUrl\n : out.embed === true &&\n typeof out.url === \"string\" &&\n out.url.includes(\"/_agent-native/embed/start\")\n ? out.url\n : null;\n if (!embedStartUrl) return {};\n\n const webUrl = toAbsoluteOpenUrl(\n withMcpChatBridgeParam(embedStartUrl),\n meta?.origin,\n );\n const deepLinkUrl =\n typeof out.deepLinkUrl === \"string\" ? out.deepLinkUrl : null;\n const fallbackLabel = resource.title ?? resource.name ?? \"app\";\n const label =\n typeof out.app === \"string\" && out.app.trim()\n ? `Open ${out.app.trim()}`\n : fallbackLabel;\n const view =\n typeof out.view === \"string\" && out.view.trim()\n ? out.view.trim()\n : typeof out.path === \"string\" && out.path.trim()\n ? out.path.trim()\n : undefined;\n const explicitOpenUrl = deepLinkUrl\n ? deepLinkUrl\n : typeof out.url === \"string\" && !isEmbedStartUrl(out.url)\n ? out.url\n : view;\n const safeOpenUrl = explicitOpenUrl\n ? toAbsoluteOpenUrl(explicitOpenUrl, meta?.origin)\n : webUrl;\n\n return {\n \"agent-native/embedStart\": {\n startUrl: webUrl,\n ...(typeof out.embedExpiresAt === \"number\"\n ? { expiresAt: out.embedExpiresAt }\n : {}),\n },\n \"agent-native/openLink\": {\n label,\n ...(view ? { view } : {}),\n webUrl: safeOpenUrl,\n desktopUrl: safeOpenUrl,\n },\n };\n}\n\n/\n Build the deep-link content block + structured `_meta` for a tool result.\n * Best-effort: any throw / nullish link is swallowed so a bad `link` builder\n * never fails the tool call.\n /\nexport function buildLinkArtifacts(\n entry: ActionEntry,\n args: Record<string, any>,\n result: any,\n meta: MCPRequestMeta \| undefined,\n): {\n block?: { type: \"text\"; text: string };\n _meta?: Record<string, unknown>;\n} {\n if (typeof entry.link !== \"function\") return {};\n try {\n const lk = entry.link({ args: args ?? {}, result });\n if (!lk?.url) return {};\n const linkUrl = isAgentNativeOpenDeepLink(lk.url)\n ? withCollapsedAgentSidebarParam(lk.url)\n : lk.url;\n const webUrl = toAbsoluteOpenUrl(linkUrl, meta?.origin);\n const desktopUrl = toDesktopOpenUrl(linkUrl);\n const markdownUrl = meta?.target === \"desktop\" ? desktopUrl : webUrl;\n return {\n block: { type: \"text\", text: `\\n\\n[${lk.label} →](${markdownUrl})` },\n _meta: {\n \"agent-native/openLink\": {\n label: lk.label,\n view: lk.view,\n webUrl,\n desktopUrl,\n },\n },\n };\n } catch {\n return {};\n }\n}\n\n/\n Merge the generic cross-app builtin tools into the config's action\n * registry. Template actions take precedence: if a template defines an\n * action with the same name as a builtin (e.g. its own `list_apps`), the\n * template entry wins and the builtin is dropped. This mirrors the\n * template-over-workspace-core precedence in `autoDiscoverActions`.\n \n The builtins are pure-ish navigators / scaffolders; they call back into the\n * same `config.actions` / `config.askAgent` so there is no second agent loop.\n /\nfunction mergeBuiltinTools(\n config: MCPConfig,\n baseActions: Record<string, ActionEntry>,\n requestMeta?: MCPRequestMeta,\n): Record<string, ActionEntry> {\n if (config.builtinCrossAppTools === false) return baseActions;\n const builtins = getBuiltinCrossAppTools(config, requestMeta);\n const merged: Record<string, ActionEntry> = { ...builtins };\n // Template / app actions overwrite same-named builtins.\n for (const [name, entry] of Object.entries(baseActions)) {\n merged[name] = entry;\n }\n return merged;\n}\n\nfunction safeUiSegment(value: string \| undefined, fallback: string): string {\n const normalized = (value \|\| fallback)\n .trim()\n .toLowerCase()\n .replace(/[^a-z0-9._-]+/g, \"-\")\n .replace(/^-+\|-+$/g, \"\");\n return normalized \|\| fallback;\n}\n\n// ChatGPT and Claude cache MCP App resource HTML by `ui://` URI. Bump this\n// when the shared shell changes in a way that must invalidate host caches.\nconst MCP_APP_RESOURCE_SHELL_VERSION = \"shell-v26\";\n\nfunction legacyDefaultMcpAppUri(config: MCPConfig, actionName: string): string {\n const app = safeUiSegment(config.appId ?? config.name, \"agent-native\");\n const action = safeUiSegment(actionName, \"tool\");\n return `ui://${app}/${action}`;\n}\n\nfunction versionMcpAppResourceUri(\n rawUri: string,\n): VersionedMcpAppResourceUri \| null {\n const uri = rawUri.trim();\n if (!uri.startsWith(\"ui://\")) return null;\n const versionSuffix = `/${MCP_APP_RESOURCE_SHELL_VERSION}`;\n let versionedUri: string;\n try {\n const parsed = new URL(uri);\n const path = parsed.pathname.replace(/\\/+$/g, \"\");\n parsed.pathname = /\\/shell-v\\d+$/.test(path)\n ? path.replace(/\\/shell-v\\d+$/, versionSuffix)\n : `${path}${versionSuffix}`;\n versionedUri = parsed.toString();\n } catch {\n return null;\n }\n return {\n uri: versionedUri,\n ...(versionedUri !== uri ? { legacyUris: [uri] } : {}),\n };\n}\n\nfunction getMcpAppResourceUri(\n config: MCPConfig,\n actionName: string,\n entry: ActionEntry,\n): VersionedMcpAppResourceUri \| null {\n const resource = entry.mcpApp?.resource;\n if (!resource) return null;\n const baseUri =\n resource.uri?.trim() \|\| legacyDefaultMcpAppUri(config, actionName);\n return versionMcpAppResourceUri(baseUri);\n}\n\nfunction expandRequestOriginSources(\n sources: string[] \| undefined,\n requestMeta?: MCPRequestMeta,\n): string[] \| undefined {\n if (!sources) return undefined;\n const origin = requestMeta?.origin;\n return sources.flatMap((source) =>\n source === MCP_APP_REQUEST_ORIGIN_CSP_SOURCE && origin\n ? [origin]\n : [source],\n );\n}\n\nfunction openAiWidgetCsp(\n cspConfig: ActionMcpAppCsp \| undefined,\n requestMeta?: MCPRequestMeta,\n): Record<string, string[]> \| undefined {\n if (!cspConfig) return undefined;\n const csp: Record<string, string[]> = {};\n const connectDomains = expandRequestOriginSources(\n cspConfig.connectDomains,\n requestMeta,\n );\n const resourceDomains = expandRequestOriginSources(\n cspConfig.resourceDomains,\n requestMeta,\n );\n const frameDomains = expandRequestOriginSources(\n cspConfig.frameDomains,\n requestMeta,\n );\n if (connectDomains?.length) csp.connect_domains = connectDomains;\n if (resourceDomains?.length) csp.resource_domains = resourceDomains;\n if (frameDomains?.length) csp.frame_domains = frameDomains;\n return Object.keys(csp).length > 0 ? csp : undefined;\n}\n\nfunction mcpAppUiMeta(\n resource: ActionMcpAppResourceConfig,\n resolvedCsp: ActionMcpAppCsp \| undefined,\n requestMeta?: MCPRequestMeta,\n description?: string,\n): Record<string, unknown> \| undefined {\n const base =\n resource._meta && typeof resource._meta === \"object\"\n ? { ...resource._meta }\n : {};\n const existingUi =\n base.ui && typeof base.ui === \"object\" && !Array.isArray(base.ui)\n ? (base.ui as Record<string, unknown>)\n : {};\n const ui: Record<string, unknown> = { ...existingUi };\n delete ui.domain;\n if (resolvedCsp) {\n ui.csp = {\n ...resolvedCsp,\n connectDomains: expandRequestOriginSources(\n resolvedCsp.connectDomains,\n requestMeta,\n ),\n resourceDomains: expandRequestOriginSources(\n resolvedCsp.resourceDomains,\n requestMeta,\n ),\n frameDomains: expandRequestOriginSources(\n resolvedCsp.frameDomains,\n requestMeta,\n ),\n baseUriDomains: expandRequestOriginSources(\n resolvedCsp.baseUriDomains,\n requestMeta,\n ),\n };\n }\n if (resource.permissions) ui.permissions = resource.permissions;\n const hostSpecificDomain =\n hostSpecificDomainString(resource.domain) ??\n hostSpecificDomainString(existingUi.domain);\n if (hostSpecificDomain) ui.domain = hostSpecificDomain;\n const openAiWidgetDomain =\n originString(resource.domain) ??\n originString(ui.domain) ??\n originString(existingUi.domain) ??\n originString(requestMeta?.origin);\n if (typeof resource.prefersBorder === \"boolean\") {\n ui.prefersBorder = resource.prefersBorder;\n }\n if (Object.keys(ui).length > 0) base.ui = ui;\n if (description && base[\"openai/widgetDescription\"] == null) {\n base[\"openai/widgetDescription\"] = description;\n }\n if (\n typeof resource.prefersBorder === \"boolean\" &&\n base[\"openai/widgetPrefersBorder\"] == null\n ) {\n base[\"openai/widgetPrefersBorder\"] = resource.prefersBorder;\n }\n const openAiCsp = openAiWidgetCsp(resolvedCsp, requestMeta);\n if (openAiCsp && base[\"openai/widgetCSP\"] == null) {\n base[\"openai/widgetCSP\"] = openAiCsp;\n }\n if (openAiWidgetDomain && base[\"openai/widgetDomain\"] == null) {\n base[\"openai/widgetDomain\"] = openAiWidgetDomain;\n }\n return Object.keys(base).length > 0 ? base : undefined;\n}\n\nasync function resolveMcpAppCsp(\n resource: ActionMcpAppResourceConfig,\n ctx: McpAppResourceContext,\n): Promise<ActionMcpAppCsp \| undefined> {\n if (!resource.csp) return undefined;\n return typeof resource.csp === \"function\"\n ? await resource.csp(ctx)\n : resource.csp;\n}\n\nasync function resolveMcpAppResource(\n config: MCPConfig,\n actionName: string,\n entry: ActionEntry,\n requestMeta?: MCPRequestMeta,\n): Promise<ResolvedMcpAppResource \| null> {\n const resource = entry.mcpApp?.resource;\n if (!resource) return null;\n const resolvedUri = getMcpAppResourceUri(config, actionName, entry);\n if (!resolvedUri) return null;\n const description = resource.description ?? entry.tool.description;\n const resolvedCsp = await resolveMcpAppCsp(resource, {\n actionName,\n appId: config.appId,\n requestOrigin: requestMeta?.origin,\n });\n const resourceMeta = mcpAppUiMeta(\n resource,\n resolvedCsp,\n requestMeta,\n description,\n );\n return {\n uri: resolvedUri.uri,\n ...(resolvedUri.legacyUris ? { legacyUris: resolvedUri.legacyUris } : {}),\n name: resource.name?.trim() \|\| actionName,\n ...(resource.title ? { title: resource.title } : {}),\n ...(description ? { description } : {}),\n html: resource.html,\n mimeType: resource.mimeType ?? MCP_APP_MIME_TYPE,\n ...(resourceMeta ? { _meta: resourceMeta } : {}),\n };\n}\n\nasync function resolveMcpAppResourceSafely(\n config: MCPConfig,\n actionName: string,\n entry: ActionEntry,\n requestMeta?: MCPRequestMeta,\n): Promise<ResolvedMcpAppResource \| null> {\n try {\n return await resolveMcpAppResource(config, actionName, entry, requestMeta);\n } catch (error) {\n console.warn(\n `[mcp] Skipping MCP App resource for action \"${actionName}\" because its metadata could not be resolved.`,\n error,\n );\n return null;\n }\n}\n\nasync function getMcpAppResources(\n config: MCPConfig,\n actions: Record<string, ActionEntry>,\n requestMeta?: MCPRequestMeta,\n): Promise<ResolvedMcpAppResource[]> {\n const resources = await Promise.all(\n Object.entries(actions).map(([name, entry]) =>\n resolveMcpAppResourceSafely(config, name, entry, requestMeta),\n ),\n );\n return resources.filter((resource): resource is ResolvedMcpAppResource =>\n Boolean(resource),\n );\n}\n\nfunction renderMcpAppHtml(\n resource: ResolvedMcpAppResource,\n actionName: string,\n config: MCPConfig,\n requestMeta?: MCPRequestMeta,\n): string {\n if (typeof resource.html === \"function\") {\n return resource.html({\n actionName,\n appId: config.appId,\n requestOrigin: requestMeta?.origin,\n });\n }\n return resource.html;\n}\n\nfunction openAiToolDescriptorMeta(\n resource: ResolvedMcpAppResource,\n): Record<string, unknown> {\n const label = resource.title ?? resource.name;\n const widgetCsp = metadataObject(resource._meta?.[\"openai/widgetCSP\"]);\n return {\n \"openai/outputTemplate\": resource.uri,\n \"openai/toolInvocation/invoking\": `Opening ${label}`,\n \"openai/toolInvocation/invoked\": `${label} ready`,\n \"openai/widgetAccessible\": true,\n ...(Object.keys(widgetCsp).length > 0\n ? { \"openai/widgetCSP\": widgetCsp }\n : {}),\n };\n}\n\nfunction openAiToolResultMeta(\n resource: ResolvedMcpAppResource,\n): Record<string, unknown> {\n const label = resource.title ?? resource.name;\n const widgetCsp = metadataObject(resource._meta?.[\"openai/widgetCSP\"]);\n return {\n \"openai/outputTemplate\": resource.uri,\n \"openai/toolInvocation/invoking\": `Opening ${label}`,\n \"openai/toolInvocation/invoked\": `${label} ready`,\n \"openai/widgetAccessible\": true,\n ...(Object.keys(widgetCsp).length > 0\n ? { \"openai/widgetCSP\": widgetCsp }\n : {}),\n };\n}\n\nfunction mcpAppToolUiMeta(\n resource: ResolvedMcpAppResource,\n visibility: unknown,\n): Record<string, unknown> {\n return {\n resourceUri: resource.uri,\n visibility: Array.isArray(visibility) ? visibility : [\"model\", \"app\"],\n };\n}\n\nfunction primitiveValue(value: unknown): value is string \| number \| boolean {\n return (\n typeof value === \"string\" \|\|\n typeof value === \"number\" \|\|\n typeof value === \"boolean\"\n );\n}\n\nfunction mcpAppStructuredContent(\n result: unknown,\n meta: Record<string, unknown> \| undefined,\n): Record<string, unknown> {\n const out: Record<string, unknown> =\n result && typeof result === \"object\" && !Array.isArray(result)\n ? { ...(result as Record<string, unknown>) }\n : primitiveValue(result)\n ? { result }\n : {};\n for (const key of [\"embedStartUrl\", \"startUrl\"]) {\n const value = out[key];\n if (typeof value === \"string\" && isEmbedStartUrl(value)) delete out[key];\n }\n if (typeof out.url === \"string\" && isEmbedStartUrl(out.url)) {\n delete out.url;\n }\n const openLink = meta?.[\"agent-native/openLink\"];\n if (openLink && typeof openLink === \"object\" && !Array.isArray(openLink)) {\n const webUrl = (openLink as Record<string, unknown>).webUrl;\n if (typeof webUrl === \"string\" && isEmbedStartUrl(webUrl)) {\n return Object.keys(out).length > 0 ? out : { status: \"ok\" };\n }\n out.openLink = openLink;\n if (typeof webUrl === \"string\" && !out.url) out.url = webUrl;\n }\n return Object.keys(out).length > 0 ? out : { status: \"ok\" };\n}\n\nfunction truncateToolText(value: string, max = 2000): string {\n if (value.length <= max) return value;\n return `${value.slice(0, max - 1)}…`;\n}\n\nfunction conciseMcpAppToolText(\n name: string,\n result: unknown,\n structuredContent: Record<string, unknown>,\n): string {\n if (typeof result === \"string\") return truncateToolText(result);\n const message = structuredContent.message;\n if (typeof message === \"string\" && message.trim()) {\n return truncateToolText(message.trim());\n }\n const title = structuredContent.title ?? structuredContent.name;\n if (typeof title === \"string\" && title.trim()) {\n return `${title.trim()} is ready.`;\n }\n const id = structuredContent.id;\n if (typeof id === \"string\" && id.trim()) {\n return `${name} completed for ${id.trim()}.`;\n }\n return `${name} completed.`;\n}\n\n// ---------------------------------------------------------------------------\n// MCP Server creation — converts ActionEntry registry to MCP tools\n// ---------------------------------------------------------------------------\n\n/\n Build a fully-wired MCP `Server` for a single request / session.\n \n Shared by the stateless Streamable-HTTP mount (`mountMCP`) and the stdio\n * standalone transport. The HTTP mount passes the per-request origin via\n * `requestMeta`; the stdio standalone path passes the resolved local app\n * origin so deep links still become absolute URLs.\n /\nexport async function createMCPServerForRequest(\n config: MCPConfig,\n identity: MCPCallerIdentity \| undefined,\n requestMeta?: MCPRequestMeta,\n) {\n const { Server } = await import(\"@modelcontextprotocol/sdk/server/index.js\");\n const {\n ListToolsRequestSchema,\n CallToolRequestSchema,\n ListResourcesRequestSchema,\n ReadResourceRequestSchema,\n ListResourceTemplatesRequestSchema,\n } = await import(\"@modelcontextprotocol/sdk/types.js\");\n\n // Resolve the effective caller identity. JWT / header-derived identity\n // (passed by `mountMCP` via `verifyAuth`) wins. When the caller passed no\n // identity — the stdio standalone* path — fall back to the\n // `AGENT_NATIVE_OWNER_EMAIL` env the `agent-native mcp install` flow writes\n // into the `agent-native mcp serve` process env, so standalone tool runs are\n // tenant-scoped to the configured owner instead of running unscoped. Stays\n // undefined for true dev-open (no token, no secret, no owner) — behavior\n // there is unchanged.\n const ownerFromEnv = process.env.AGENT_NATIVE_OWNER_EMAIL?.trim();\n const effectiveIdentity: MCPCallerIdentity \| undefined =\n identity ??\n (ownerFromEnv\n ? { userEmail: ownerFromEnv, orgDomain: undefined }\n : undefined);\n\n // The action set the request handlers operate on = base actions + generic\n // cross-app builtins (template wins on name collision). An authenticated\n // real caller (connect-minted token / `mcp install` owner / production —\n // `requestMeta.fullSurface`, or the stdio standalone path identified by\n // `AGENT_NATIVE_OWNER_EMAIL`) gets the full `productionActions` surface\n // even in local dev; the unauthenticated dev-open path keeps the sparse\n // `config.actions`. See `external-agents` skill, \"Dev vs production tool\n // surface\".\n const useFullSurface = requestMeta?.fullSurface === true \|\| !!ownerFromEnv;\n const baseActions =\n useFullSurface && config.productionActions\n ? config.productionActions\n : config.actions;\n const actions = mergeBuiltinTools(config, baseActions, requestMeta);\n const visibleActions = Object.fromEntries(\n Object.entries(actions).filter(([, entry]) =>\n isActionVisibleForOAuthScope(entry, effectiveIdentity?.oauthScopes),\n ),\n );\n const compactMcpAppCatalog = explicitlyRequestsFullMcpCatalog(requestMeta)\n ? false\n : (Array.isArray(effectiveIdentity?.oauthScopes) &&\n hasMcpOAuthScope(effectiveIdentity.oauthScopes, \"mcp:apps\")) \|\|\n (await isKnownMcpAppOAuthClient(effectiveIdentity)) \|\|\n shouldUseCompactMcpCatalogByDefault(effectiveIdentity, requestMeta);\n const advertisedActions = compactMcpAppCatalog\n ? Object.fromEntries(\n Object.entries(visibleActions).filter(([name, entry]) =>\n isActionAdvertisedInCompactMcpAppCatalog(name, entry, config),\n ),\n )\n : visibleActions;\n const supportsMcpApps =\n compactMcpAppCatalog \|\|\n Object.values(advertisedActions).some((entry) =>\n Boolean(entry.mcpApp?.resource),\n );\n const server = new Server(\n { name: config.name, version: config.version ?? \"1.0.0\" },\n {\n capabilities: {\n tools: {},\n ...(supportsMcpApps\n ? {\n resources: {},\n extensions: {\n [MCP_APP_EXTENSION_ID]: {\n mimeTypes: [MCP_APP_MIME_TYPE],\n },\n },\n }\n : {}),\n },\n },\n );\n\n // Resolve orgId once per request (DB lookup) so subsequent wraps are\n // synchronous. The caller identity may be undefined for true dev-open —\n // in that case we run with no userEmail/orgId, which makes downstream\n // tools that require per-user scope return empty results rather than\n // cross-tenant data (the safe default).\n const orgIdPromise = resolveOrgIdFromDomain(effectiveIdentity?.orgDomain);\n\n /*\n Wrap a callback in\n * `runWithRequestContext({ userEmail, orgId, requestOrigin }, fn)`.\n * Both the tools/list and tools/call handlers go through this so\n * downstream `accessFilter`, `resolveCredential`, and per-user MCP\n * visibility checks see the verified caller's identity. `requestOrigin`\n * is the live server origin derived from the inbound request (same value\n * used to absolutize deep links) so actions that build fetchable URLs\n * (e.g. design `export-coding-handoff`'s signed raw-code URL) resolve the\n * correct local-workspace origin instead of a prod/localhost fallback.\n /\n async function withCallerContext<T>(fn: () => Promise<T>): Promise<T> {\n const orgId = await orgIdPromise;\n return runWithRequestContext(\n {\n userEmail: effectiveIdentity?.userEmail,\n orgId,\n ...(requestMeta?.origin ? { requestOrigin: requestMeta.origin } : {}),\n },\n fn,\n ) as Promise<T>;\n }\n\n // tools/list — return all actions + ask-agent meta-tool. Wrapped in the\n // request context so per-user MCP visibility (mcp-client/visibility.ts)\n // applies to the listing too.\n server.setRequestHandler(ListToolsRequestSchema, async () => {\n return withCallerContext(async () => {\n const tools = await Promise.all(\n Object.entries(advertisedActions).map(async ([name, entry]) => {\n const hasLink = typeof entry.link === \"function\";\n const mcpAppResource = await resolveMcpAppResourceSafely(\n config,\n name,\n entry,\n requestMeta,\n );\n const rawToolMeta =\n (entry.tool as any)._meta &&\n typeof (entry.tool as any)._meta === \"object\" &&\n !Array.isArray((entry.tool as any)._meta)\n ? { ...((entry.tool as any)._meta as Record<string, unknown>) }\n : {};\n const toolMeta = {\n ...rawToolMeta,\n ...(mcpAppResource\n ? {\n ...openAiToolDescriptorMeta(mcpAppResource),\n [MCP_APP_RESOURCE_URI_META_KEY]: mcpAppResource.uri,\n ui: mcpAppToolUiMeta(\n mcpAppResource,\n entry.mcpApp?.visibility ??\n metadataObject(rawToolMeta.ui).visibility,\n ),\n }\n : {}),\n };\n const baseDescription = entry.tool.description ?? name;\n const annotations: Record<string, unknown> = {\n readOnlyHint: entry.readOnly === true,\n destructiveHint: entry.publicAgent?.isConsequential === true,\n openWorldHint: false,\n };\n if (hasLink) annotations[\"agent-native/producesOpenLink\"] = true;\n return {\n name,\n description: hasLink\n ? `${baseDescription} After calling, surface the returned \"Open in … →\" link to the user.`\n : baseDescription,\n inputSchema: entry.tool.parameters ?? {\n type: \"object\" as const,\n properties: {},\n },\n ...(Object.keys(toolMeta).length > 0 ? { _meta: toolMeta } : {}),\n annotations,\n };\n }),\n );\n\n if (\n !compactMcpAppCatalog &&\n config.askAgent &&\n hasMcpOAuthScope(effectiveIdentity?.oauthScopes, \"mcp:write\")\n ) {\n tools.push({\n name: \"ask-agent\",\n description:\n \"Send a natural-language message to the app's AI agent and get a response. \" +\n \"Use this for complex, multi-step tasks that require the agent's reasoning \" +\n \"and full context about the app.\",\n inputSchema: {\n type: \"object\" as const,\n properties: {\n message: {\n type: \"string\",\n description: \"The message to send to the agent\",\n },\n },\n required: [\"message\"],\n },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n openWorldHint: false,\n },\n });\n }\n\n return { tools };\n });\n });\n\n // tools/call — dispatch to action registry or ask-agent. Wrapped in the\n // request context so the action's `run(args)` and `askAgent()` execute\n // with the verified caller's identity, not the platform default.\n server.setRequestHandler(CallToolRequestSchema, async (request: any) => {\n return withCallerContext(async () => {\n const { name, arguments: args } = request.params;\n\n if (name === \"ask-agent\" && config.askAgent) {\n if (compactMcpAppCatalog) {\n return {\n content: [{ type: \"text\", text: `Unknown tool: ${name}` }],\n isError: true,\n };\n }\n if (!hasMcpOAuthScope(effectiveIdentity?.oauthScopes, \"mcp:write\")) {\n return {\n content: [\n {\n type: \"text\",\n text: \"Forbidden: OAuth scope does not allow ask-agent\",\n },\n ],\n isError: true,\n };\n }\n const message = args?.message ?? \"\";\n try {\n const result = await config.askAgent(message);\n return { content: [{ type: \"text\", text: result }] };\n } catch (err: any) {\n return {\n content: [{ type: \"text\", text: `Error: ${err.message}` }],\n isError: true,\n };\n }\n }\n\n const callableActions = compactMcpAppCatalog\n ? advertisedActions\n : actions;\n const entry = callableActions[name];\n if (!entry) {\n return {\n content: [{ type: \"text\", text: `Unknown tool: ${name}` }],\n isError: true,\n };\n }\n if (\n !isActionVisibleForOAuthScope(entry, effectiveIdentity?.oauthScopes)\n ) {\n return {\n content: [\n {\n type: \"text\",\n text: `Forbidden: OAuth scope does not allow tool ${name}`,\n },\n ],\n isError: true,\n };\n }\n\n try {\n const result = await entry.run((args as Record<string, string>) ?? {});\n const rawResult = isMcpActionResult(result) ? result.raw : result;\n const resultForClient = isMcpActionResult(result)\n ? result.text\n : result;\n const mcpAppResource = await resolveMcpAppResourceSafely(\n config,\n name,\n entry,\n requestMeta,\n );\n const { block, _meta } = buildLinkArtifacts(\n entry,\n (args as Record<string, any>) ?? {},\n rawResult,\n requestMeta,\n );\n const responseMeta: Record<string, unknown> = {\n ...(_meta ?? {}),\n ...(mcpAppResource\n ? mcpAppEmbedOpenLinkMeta(rawResult, mcpAppResource, requestMeta)\n : {}),\n ...(mcpAppResource ? openAiToolResultMeta(mcpAppResource) : {}),\n };\n const structuredContent = mcpAppResource\n ? mcpAppStructuredContent(rawResult, responseMeta)\n : undefined;\n const text = mcpAppResource\n ? conciseMcpAppToolText(name, resultForClient, structuredContent!)\n : typeof resultForClient === \"string\"\n ? resultForClient\n : JSON.stringify(resultForClient);\n const content: any[] = [{ type: \"text\", text }];\n if (block) content.push(block);\n return {\n content,\n ...(structuredContent ? { structuredContent } : {}),\n ...(Object.keys(responseMeta).length > 0\n ? { _meta: responseMeta }\n : {}),\n };\n } catch (err: any) {\n return {\n content: [{ type: \"text\", text: `Error: ${err.message}` }],\n isError: true,\n };\n }\n });\n });\n\n if (supportsMcpApps) {\n server.setRequestHandler(ListResourcesRequestSchema, async () => {\n return withCallerContext(async () => {\n const mcpAppResources = await getMcpAppResources(\n config,\n advertisedActions,\n requestMeta,\n );\n return {\n resources: mcpAppResources.map((resource) => ({\n uri: resource.uri,\n name: resource.name,\n ...(resource.title ? { title: resource.title } : {}),\n ...(resource.description\n ? { description: resource.description }\n : {}),\n mimeType: resource.mimeType,\n ...(resource._meta ? { _meta: resource._meta } : {}),\n })),\n };\n });\n });\n\n server.setRequestHandler(ListResourceTemplatesRequestSchema, async () => {\n return withCallerContext(async () => {\n const mcpAppResources = await getMcpAppResources(\n config,\n advertisedActions,\n requestMeta,\n );\n return {\n resourceTemplates: mcpAppResources.map((resource) => ({\n uriTemplate: resource.uri,\n name: resource.name,\n ...(resource.title ? { title: resource.title } : {}),\n ...(resource.description\n ? { description: resource.description }\n : {}),\n mimeType: resource.mimeType,\n ...(resource._meta ? { _meta: resource._meta } : {}),\n })),\n };\n });\n });\n\n server.setRequestHandler(\n ReadResourceRequestSchema,\n async (request: any) => {\n return withCallerContext(async () => {\n const uri = request.params?.uri;\n let found: {\n actionName: string;\n resource: ResolvedMcpAppResource;\n } \| null = null;\n for (const [name, entry] of Object.entries(advertisedActions)) {\n const resourceUri = getMcpAppResourceUri(config, name, entry);\n if (\n !resourceUri \|\|\n (resourceUri.uri !== uri &&\n !resourceUri.legacyUris?.includes(uri))\n ) {\n continue;\n }\n const resource = await resolveMcpAppResourceSafely(\n config,\n name,\n entry,\n requestMeta,\n );\n if (resource) {\n found = { actionName: name, resource };\n }\n break;\n }\n if (!found) {\n throw new Error(`MCP App resource not found: ${uri}`);\n }\n return {\n contents: [\n {\n uri,\n mimeType: found.resource.mimeType,\n text: renderMcpAppHtml(\n found.resource,\n found.actionName,\n config,\n requestMeta,\n ),\n ...(found.resource._meta\n ? { _meta: found.resource._meta }\n : {}),\n },\n ],\n };\n });\n },\n );\n }\n\n return server;\n}\n\n// ---------------------------------------------------------------------------\n// Auth — reuses the same pattern as A2A (Bearer token or JWT). Shared so the\n// HTTP mount and any stdio-side auth-aware helper resolve identity identically.\n// ---------------------------------------------------------------------------\n\nexport function getAccessTokens(): string[] {\n const single = process.env.ACCESS_TOKEN;\n const multi = process.env.ACCESS_TOKENS;\n const tokens: string[] = [];\n if (single) tokens.push(single);\n if (multi) {\n tokens.push(\n ...multi\n .split(\",\")\n .map((t) => t.trim())\n .filter(Boolean),\n );\n }\n return tokens;\n}\n\n/\n Resolve the caller identity for a static-token (or dev-open) auth path.\n \n Static `ACCESS_TOKEN` / `ACCESS_TOKENS` auth carries no per-caller claims,\n * so without this the MCP endpoint would run every tool with\n * `userEmail === undefined` and per-user / per-org scoped actions\n * (`accessFilter`, `resolveAccess`, `resolveCredential`) would return\n * empty / wrong data. The `agent-native mcp install` flow writes\n * `AGENT_NATIVE_OWNER_EMAIL` into the client config env and the stdio proxy\n * forwards it as the `X-Agent-Native-Owner-Email` request header (see\n * `mcp/stdio.ts#authHeaders`). We trust that owner hint only on the\n * static-token path — JWT auth already carries a cryptographically verified\n * `sub`, so the header is ignored there and never widens JWT scope.\n \n Precedence is server-trusted-first: the server process's\n * `AGENT_NATIVE_OWNER_EMAIL` env (set out-of-band by the operator / deploy)\n * ALWAYS wins, and a client-supplied `X-Agent-Native-Owner-Email` header is\n * honored only as a fallback when that env is unset. A static `ACCESS_TOKEN`\n * is a shared bearer secret; letting a request header override a\n * server-configured owner would let anyone holding a leaked token act as any\n * user. The header path remains for the single-tenant local-dev install flow\n * where the app server process has no owner env and the token is the\n * workspace secret; multi-tenant deployments must use A2A JWT (verified `sub`),\n * not a static token, for per-user scope.\n \n Returns `undefined` when no owner email is available (true dev-open: no\n * token, no secret, no owner) so behavior there stays unchanged.\n /\nfunction deriveStaticTokenIdentity(\n ownerEmailHeader: string \| undefined,\n): MCPCallerIdentity \| undefined {\n const owner =\n process.env.AGENT_NATIVE_OWNER_EMAIL?.trim() \|\|\n (typeof ownerEmailHeader === \"string\" && ownerEmailHeader.trim()) \|\|\n \"\";\n if (!owner) return undefined;\n return { userEmail: owner, orgDomain: undefined };\n}\n\nfunction addSecretCandidate(\n candidates: string[],\n secret: string \| null \| undefined,\n): void {\n const trimmed = secret?.trim();\n if (!trimmed \|\| candidates.includes(trimmed)) return;\n candidates.push(trimmed);\n}\n\nasync function verifyA2AJwtForMcp(\n token: string,\n): Promise<Record<string, unknown> \| null> {\n const jose = await import(\"jose\");\n let unverifiedPayload: Record<string, unknown> \| null = null;\n try {\n unverifiedPayload = jose.decodeJwt(token) as Record<string, unknown>;\n } catch {\n return null;\n }\n\n const candidateSecrets: string[] = [];\n addSecretCandidate(candidateSecrets, process.env.A2A_SECRET);\n\n const orgDomain =\n typeof unverifiedPayload.org_domain === \"string\"\n ? unverifiedPayload.org_domain\n : undefined;\n if (orgDomain) {\n try {\n const { getA2ASecretByDomain } = await import(\"../org/context.js\");\n addSecretCandidate(\n candidateSecrets,\n await getA2ASecretByDomain(orgDomain),\n );\n } catch {\n // DB not ready or org lookup unavailable — fall back to other candidates.\n }\n }\n\n for (const secret of candidateSecrets) {\n try {\n const { payload } = await jose.jwtVerify(\n token,\n new TextEncoder().encode(secret),\n );\n return payload as Record<string, unknown>;\n } catch {\n // Try the next candidate without exposing which secret matched.\n }\n }\n\n return null;\n}\n\n/\n Verify the inbound auth header. Returns:\n * - { authed: true, identity } when verified — `identity` is derived from\n * the JWT (`sub` / `org_domain`) for JWT auth, or from the\n * `AGENT_NATIVE_OWNER_EMAIL` env / `X-Agent-Native-Owner-Email` header\n * for static-token auth (the `agent-native mcp install` flow). `identity`\n * is undefined only for true dev-open with no owner hint.\n * - { authed: false } on rejection.\n \n When A2A_SECRET is set we extract the JWT's `sub` (caller email) and\n * `org_domain` claims so the MCP endpoint can wrap tool runs in\n * `runWithRequestContext({ userEmail, orgId })`. Without that wrap, the\n * MCP endpoint loses tenant identity and downstream `accessFilter` /\n * `resolveCredential` calls fall back to platform-wide defaults.\n \n `ownerEmailHeader` is the forwarded `X-Agent-Native-Owner-Email` value; it\n * is consulted ONLY on the static-token / dev-open path (never to influence\n * verified JWT identity), so the install flow runs tools as the configured\n * owner instead of an unscoped anonymous caller.\n /\nexport async function verifyAuth(\n authHeader: string \| undefined,\n ownerEmailHeader?: string \| undefined,\n options: { allowDevOpen?: boolean; resourceUrl?: string } = {},\n): Promise<{\n authed: boolean;\n identity?: MCPCallerIdentity;\n /\n The caller presented a real credential — a verified A2A/connect JWT, a\n * matching ACCESS_TOKEN, or (on the no-auth-configured path) a forwarded\n * owner-email header from `agent-native mcp install`. Drives the full vs\n * sparse MCP tool surface in local dev. The pure unauthenticated dev-open\n * path (no secret, no token, no owner header) is `false`.\n */\n fullSurface?: boolean;\n}> {\n // No auth configured → allow only when the route caller has already\n // established that this is a loopback/local dev request. Still honour an\n // owner hint there so the local install/connect flow stays tenant-scoped.\n const accessTokens = getAccessTokens();\n const hasA2ASecret = !!process.env.A2A_SECRET;\n const token = authHeader?.startsWith(\"Bearer \")\n ? authHeader.slice(7)\n : undefined;\n if (token) {\n const oauthIdentity = await verifyMcpOAuthAccessToken(\n token,\n options.resourceUrl,\n );\n if (oauthIdentity) {\n return {\n authed: true,\n identity: {\n userEmail: oauthIdentity.userEmail,\n orgDomain: oauthIdentity.orgDomain,\n oauthScopes: oauthIdentity.scopes,\n oauthClientId: oauthIdentity.clientId,\n },\n fullSurface: true,\n };\n }\n }\n if (accessTokens.length === 0 && !hasA2ASecret && !token) {\n if (options.allowDevOpen === false) {\n return { authed: false };\n }\n return {\n authed: true,\n identity: deriveStaticTokenIdentity(ownerEmailHeader),\n // `mcp install`'s stdio proxy forwards an owner-email header even when\n // the local app has no secret configured — that is a real, identified\n // caller and gets the full surface. A bare browser/curl dev probe with\n // no owner hint stays on the sparse dev surface.\n fullSurface: !!(ownerEmailHeader && ownerEmailHeader.trim()),\n };\n }\n\n if (!token) return { authed: false };\n\n // Try an A2A JWT via the shared A2A_SECRET first, then the caller org's\n // synced A2A secret when the token carries org_domain.\n const payload = await verifyA2AJwtForMcp(token);\n if (payload) {\n const tokenScope =\n typeof payload.scope === \"string\" ? payload.scope : undefined;\n if (tokenScope && tokenScope !== MCP_CONNECT_SCOPE) {\n return { authed: false };\n }\n\n // Connect-minted tokens (scope === \"mcp-connect\") carry a random `jti`\n // and are individually revocable. Only these tokens hit the revoke\n // store — ordinary A2A delegation JWTs skip the DB lookup entirely so\n // the hot path is unchanged. The signature was already\n // cryptographically verified, so failing open here only widens the\n // explicit-revoke gate, never the trust boundary.\n if (tokenScope === MCP_CONNECT_SCOPE) {\n if (typeof payload.jti !== \"string\" \|\| !payload.jti) {\n return { authed: false };\n }\n const jti = payload.jti;\n try {\n const { isJtiRevoked, touchTokenUsed } =\n await import(\"./connect-store.js\");\n if (await isJtiRevoked(jti)) {\n return { authed: false };\n }\n // Best-effort usage telemetry — never blocks / throws.\n void touchTokenUsed(jti);\n } catch {\n // Store import / lookup failed — fail open (see comment above).\n }\n }\n\n return {\n authed: true,\n identity: {\n userEmail: typeof payload.sub === \"string\" ? payload.sub : undefined,\n orgDomain:\n typeof payload.org_domain === \"string\"\n ? (payload.org_domain as string)\n : undefined,\n },\n // Verified JWT (connect-minted or A2A delegation) — a real caller.\n fullSurface: true,\n };\n }\n\n if (accessTokens.length === 0 && !hasA2ASecret) {\n if (options.allowDevOpen === false) {\n return { authed: false };\n }\n return {\n authed: true,\n identity: deriveStaticTokenIdentity(ownerEmailHeader),\n fullSurface: !!(ownerEmailHeader && ownerEmailHeader.trim()),\n };\n }\n\n // Try ACCESS_TOKEN / ACCESS_TOKENS exact match. Static tokens carry no\n // per-caller claims, so derive identity from the forwarded owner-email\n // hint (install flow) — otherwise tools would run unscoped.\n if (accessTokens.length > 0 && accessTokens.includes(token)) {\n return {\n authed: true,\n identity: deriveStaticTokenIdentity(ownerEmailHeader),\n // Matched a configured ACCESS_TOKEN — a real caller.\n fullSurface: true,\n };\n }\n\n return { authed: false };\n}\n\nexport async function resolveOrgIdFromDomain(\n orgDomain: string \| undefined,\n): Promise<string \| undefined> {\n if (!orgDomain) return undefined;\n try {\n const { resolveOrgByDomain } = await import(\"../org/context.js\");\n const org = await resolveOrgByDomain(orgDomain);\n return org?.orgId ?? undefined;\n } catch {\n return undefined;\n }\n}\n"]}
1	+ {"version":3,"file":"build-server.js","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,6BAA6B,GAG9B,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,iCAAiC,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC7E,OAAO,EACL,yBAAyB,EACzB,8BAA8B,GAC/B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,+BAA+B,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAEL,gBAAgB,EAChB,yBAAyB,GAC1B,MAAM,kBAAkB,CAAC;AA8F1B,SAAS,4BAA4B,CACnC,KAAkB,EAClB,MAA4B;IAE5B,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,QAAQ,GACZ,KAAK,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;IACrD,OAAO,gBAAgB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,gCAAgC,GAAG,IAAI,GAAG,CAAC;IAC/C,WAAW;IACX,UAAU;IACV,SAAS;IACT,sBAAsB;CACvB,CAAC,CAAC;AAEH,SAAS,wCAAwC,CAC/C,IAAY,EACZ,KAAkB,EAClB,MAAiB;IAEjB,IAAI,gCAAgC,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5D,IACG,KAAK,CAAC,MAAmD;QACxD,EAAE,cAAc,KAAK,IAAI,EAC3B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,MAAM,CAAC,oBAAoB,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;QACpE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,uBAAuB,GAAG,wCAAwC,CAAC;AACzE,MAAM,uBAAuB,GAC3B,6DAA6D,CAAC;AAChE,MAAM,8BAA8B,GAClC,2DAA2D,CAAC;AAC9D,MAAM,sBAAsB,GAC1B,uGAAuG,CAAC;AAE1G,KAAK,UAAU,wBAAwB,CACrC,QAAuC;IAEvC,MAAM,QAAQ,GAAG,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACjD,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAE5B,SAAS,oBAAoB,CAAC,KAAgC;QAC5D,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QACzB,OAAO,CACL,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC;YACnC,CAAC,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,CACrC,CAAC;IACJ,CAAC;IAED,SAAS,uBAAuB,CAAC,KAAgC;QAC/D,OAAO,OAAO,CAAC,KAAK,IAAI,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,SAAS,wBAAwB,CAAC,GAAW;QAC3C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACzB,OAAO,CACL,GAAG,CAAC,QAAQ,KAAK,QAAQ;gBACzB,8BAA8B,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAClD,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,IAAI,oBAAoB,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAChD,IAAI,uBAAuB,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC9C,2EAA2E;QAC3E,2EAA2E;QAC3E,yBAAyB;QACzB,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,IAAI,oBAAoB,CAAC,MAAM,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QACzD,IAAI,uBAAuB,CAAC,MAAM,CAAC,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QAC7D,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,wBAAwB,CAAC;YAAE,OAAO,IAAI,CAAC;QACpE,0EAA0E;QAC1E,0EAA0E;QAC1E,mCAAmC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,yEAAyE;QACzE,2EAA2E;QAC3E,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,gCAAgC,CACvC,WAAuC;IAEvC,IAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACnE,IAAI,WAAW,EAAE,WAAW,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,WAAW,EAAE,UAAU,EAAE,CAAC;QAC5B,OAAO,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,sBAAsB,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,mCAAmC,CAC1C,QAAuC,EACvC,WAAuC;IAEvC,IAAI,gCAAgC,CAAC,WAAW,CAAC;QAAE,OAAO,KAAK,CAAC;IAChE,2EAA2E;IAC3E,4EAA4E;IAC5E,IAAI,QAAQ,EAAE,aAAa;QAAE,OAAO,KAAK,CAAC;IAC1C,2EAA2E;IAC3E,wEAAwE;IACxE,0EAA0E;IAC1E,OAAO,WAAW,EAAE,WAAW,KAAK,IAAI,CAAC;AAC3C,CAAC;AAwBD,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAChE,CAAC,CAAE,KAAiC;QACpC,CAAC,CAAC,EAAE,CAAC;AACT,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IACjE,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAc;IAC9C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IACjE,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACjB,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,SAAiB;IAC/C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,6BAA6B,CAAC;QAC3C,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC;YACnC,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC;YAC1B,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QACvB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC;QAC3D,OAAO,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC;YAC9B,CAAC,CAAC,GAAG,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE;YAC3C,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,6BAA6B,CAAC;QAC3C,MAAM,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC1E,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAC9B,MAAe,EACf,QAAgC,EAChC,IAAgC;IAEhC,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,aAAa,GACjB,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ;QACnC,CAAC,CAAC,GAAG,CAAC,aAAa;QACnB,CAAC,CAAC,GAAG,CAAC,KAAK,KAAK,IAAI;YAChB,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ;YAC3B,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,4BAA4B,CAAC;YAChD,CAAC,CAAC,GAAG,CAAC,GAAG;YACT,CAAC,CAAC,IAAI,CAAC;IACb,IAAI,CAAC,aAAa;QAAE,OAAO,EAAE,CAAC;IAE9B,MAAM,MAAM,GAAG,iBAAiB,CAC9B,sBAAsB,CAAC,aAAa,CAAC,EACrC,IAAI,EAAE,MAAM,CACb,CAAC;IACF,MAAM,WAAW,GACf,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;IAC/D,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,IAAI,IAAI,KAAK,CAAC;IAC/D,MAAM,KAAK,GACT,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE;QAC3C,CAAC,CAAC,QAAQ,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE;QAC1B,CAAC,CAAC,aAAa,CAAC;IACpB,MAAM,IAAI,GACR,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;QAC7C,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;QACjB,CAAC,CAAC,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;YAC/C,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;YACjB,CAAC,CAAC,SAAS,CAAC;IAClB,MAAM,eAAe,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;IAChD,MAAM,eAAe,GAAG,WAAW;QACjC,CAAC,CAAC,WAAW;QACb,CAAC,CAAC,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC;YACxD,CAAC,CAAC,GAAG,CAAC,GAAG;YACT,CAAC,CAAC,eAAe,CAAC;IACtB,MAAM,WAAW,GAAG,eAAe;QACjC,CAAC,CAAC,iBAAiB,CAAC,eAAe,EAAE,IAAI,EAAE,MAAM,CAAC;QAClD,CAAC,CAAC,IAAI,CAAC;IAET,OAAO;QACL,yBAAyB,EAAE;YACzB,QAAQ,EAAE,MAAM;YAChB,GAAG,CAAC,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ;gBACxC,CAAC,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,cAAc,EAAE;gBACnC,CAAC,CAAC,EAAE,CAAC;SACR;QACD,GAAG,CAAC,WAAW;YACb,CAAC,CAAC;gBACE,uBAAuB,EAAE;oBACvB,KAAK;oBACL,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACzB,MAAM,EAAE,WAAW;oBACnB,UAAU,EAAE,WAAW;iBACxB;aACF;YACH,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAkB,EAClB,IAAyB,EACzB,MAAW,EACX,IAAgC;IAKhC,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,EAAE,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,EAAE,EAAE,GAAG;YAAE,OAAO,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,yBAAyB,CAAC,EAAE,CAAC,GAAG,CAAC;YAC/C,CAAC,CAAC,8BAA8B,CAAC,EAAE,CAAC,GAAG,CAAC;YACxC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC;QACX,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,IAAI,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;QACrE,OAAO;YACL,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,KAAK,OAAO,WAAW,GAAG,EAAE;YACpE,KAAK,EAAE;gBACL,uBAAuB,EAAE;oBACvB,KAAK,EAAE,EAAE,CAAC,KAAK;oBACf,IAAI,EAAE,EAAE,CAAC,IAAI;oBACb,MAAM;oBACN,UAAU;iBACX;aACF;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,iBAAiB,CACxB,MAAiB,EACjB,WAAwC,EACxC,WAA4B;IAE5B,IAAI,MAAM,CAAC,oBAAoB,KAAK,KAAK;QAAE,OAAO,WAAW,CAAC;IAC9D,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAgC,EAAE,GAAG,QAAQ,EAAE,CAAC;IAC5D,wDAAwD;IACxD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IACvB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,KAAyB,EAAE,QAAgB;IAChE,MAAM,UAAU,GAAG,CAAC,KAAK,IAAI,QAAQ,CAAC;SACnC,IAAI,EAAE;SACN,WAAW,EAAE;SACb,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC;SAC9B,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAC3B,OAAO,UAAU,IAAI,QAAQ,CAAC;AAChC,CAAC;AAED,2EAA2E;AAC3E,2EAA2E;AAC3E,MAAM,8BAA8B,GAAG,WAAW,CAAC;AAEnD,SAAS,sBAAsB,CAAC,MAAiB,EAAE,UAAkB;IACnE,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACjD,OAAO,QAAQ,GAAG,IAAI,MAAM,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,wBAAwB,CAC/B,MAAc;IAEd,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAC1B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1C,MAAM,aAAa,GAAG,IAAI,8BAA8B,EAAE,CAAC;IAC3D,IAAI,YAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClD,MAAM,CAAC,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;YAC1C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,aAAa,CAAC;YAC9C,CAAC,CAAC,GAAG,IAAI,GAAG,aAAa,EAAE,CAAC;QAC9B,YAAY,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO;QACL,GAAG,EAAE,YAAY;QACjB,GAAG,CAAC,YAAY,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACvD,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,MAAiB,EACjB,UAAkB,EAClB,KAAkB;IAElB,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC;IACxC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,OAAO,GACX,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,sBAAsB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACrE,OAAO,wBAAwB,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,0BAA0B,CACjC,OAA6B,EAC7B,WAA4B;IAE5B,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,MAAM,MAAM,GAAG,WAAW,EAAE,MAAM,CAAC;IACnC,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE,CAChC,MAAM,KAAK,iCAAiC,IAAI,MAAM;QACpD,CAAC,CAAC,CAAC,MAAM,CAAC;QACV,CAAC,CAAC,CAAC,MAAM,CAAC,CACb,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CACtB,SAAsC,EACtC,WAA4B;IAE5B,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,GAAG,GAA6B,EAAE,CAAC;IACzC,MAAM,cAAc,GAAG,0BAA0B,CAC/C,SAAS,CAAC,cAAc,EACxB,WAAW,CACZ,CAAC;IACF,MAAM,eAAe,GAAG,0BAA0B,CAChD,SAAS,CAAC,eAAe,EACzB,WAAW,CACZ,CAAC;IACF,MAAM,YAAY,GAAG,0BAA0B,CAC7C,SAAS,CAAC,YAAY,EACtB,WAAW,CACZ,CAAC;IACF,IAAI,cAAc,EAAE,MAAM;QAAE,GAAG,CAAC,eAAe,GAAG,cAAc,CAAC;IACjE,IAAI,eAAe,EAAE,MAAM;QAAE,GAAG,CAAC,gBAAgB,GAAG,eAAe,CAAC;IACpE,IAAI,YAAY,EAAE,MAAM;QAAE,GAAG,CAAC,aAAa,GAAG,YAAY,CAAC;IAC3D,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,SAAS,YAAY,CACnB,QAAoC,EACpC,WAAwC,EACxC,WAA4B,EAC5B,WAAoB;IAEpB,MAAM,IAAI,GACR,QAAQ,CAAC,KAAK,IAAI,OAAO,QAAQ,CAAC,KAAK,KAAK,QAAQ;QAClD,CAAC,CAAC,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE;QACvB,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,UAAU,GACd,IAAI,CAAC,EAAE,IAAI,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/D,CAAC,CAAE,IAAI,CAAC,EAA8B;QACtC,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,EAAE,GAA4B,EAAE,GAAG,UAAU,EAAE,CAAC;IACtD,OAAO,EAAE,CAAC,MAAM,CAAC;IACjB,IAAI,WAAW,EAAE,CAAC;QAChB,EAAE,CAAC,GAAG,GAAG;YACP,GAAG,WAAW;YACd,cAAc,EAAE,0BAA0B,CACxC,WAAW,CAAC,cAAc,EAC1B,WAAW,CACZ;YACD,eAAe,EAAE,0BAA0B,CACzC,WAAW,CAAC,eAAe,EAC3B,WAAW,CACZ;YACD,YAAY,EAAE,0BAA0B,CACtC,WAAW,CAAC,YAAY,EACxB,WAAW,CACZ;YACD,cAAc,EAAE,0BAA0B,CACxC,WAAW,CAAC,cAAc,EAC1B,WAAW,CACZ;SACF,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,WAAW;QAAE,EAAE,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;IAChE,MAAM,kBAAkB,GACtB,wBAAwB,CAAC,QAAQ,CAAC,MAAM,CAAC;QACzC,wBAAwB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9C,IAAI,kBAAkB;QAAE,EAAE,CAAC,MAAM,GAAG,kBAAkB,CAAC;IACvD,MAAM,kBAAkB,GACtB,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC7B,YAAY,CAAC,EAAE,CAAC,MAAM,CAAC;QACvB,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC;QAC/B,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IACpC,IAAI,OAAO,QAAQ,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QAChD,EAAE,CAAC,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC;IAC5C,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IAC7C,IAAI,WAAW,IAAI,IAAI,CAAC,0BAA0B,CAAC,IAAI,IAAI,EAAE,CAAC;QAC5D,IAAI,CAAC,0BAA0B,CAAC,GAAG,WAAW,CAAC;IACjD,CAAC;IACD,IACE,OAAO,QAAQ,CAAC,aAAa,KAAK,SAAS;QAC3C,IAAI,CAAC,4BAA4B,CAAC,IAAI,IAAI,EAC1C,CAAC;QACD,IAAI,CAAC,4BAA4B,CAAC,GAAG,QAAQ,CAAC,aAAa,CAAC;IAC9D,CAAC;IACD,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IAC5D,IAAI,SAAS,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,IAAI,EAAE,CAAC;QAClD,IAAI,CAAC,kBAAkB,CAAC,GAAG,SAAS,CAAC;IACvC,CAAC;IACD,IAAI,kBAAkB,IAAI,IAAI,CAAC,qBAAqB,CAAC,IAAI,IAAI,EAAE,CAAC;QAC9D,IAAI,CAAC,qBAAqB,CAAC,GAAG,kBAAkB,CAAC;IACnD,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AACzD,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,QAAoC,EACpC,GAA0B;IAE1B,IAAI,CAAC,QAAQ,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IACpC,OAAO,OAAO,QAAQ,CAAC,GAAG,KAAK,UAAU;QACvC,CAAC,CAAC,MAAM,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;QACzB,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,MAAiB,EACjB,UAAkB,EAClB,KAAkB,EAClB,WAA4B;IAE5B,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC;IACxC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;IACpE,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAC9B,MAAM,WAAW,GAAG,QAAQ,CAAC,WAAW,IAAI,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;IACnE,MAAM,WAAW,GAAG,MAAM,gBAAgB,CAAC,QAAQ,EAAE;QACnD,UAAU;QACV,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,aAAa,EAAE,WAAW,EAAE,MAAM;KACnC,CAAC,CAAC;IACH,MAAM,YAAY,GAAG,YAAY,CAC/B,QAAQ,EACR,WAAW,EACX,WAAW,EACX,WAAW,CACZ,CAAC;IACF,OAAO;QACL,GAAG,EAAE,WAAW,CAAC,GAAG;QACpB,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,UAAU;QACzC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpD,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,iBAAiB;QAChD,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,MAAiB,EACjB,UAAkB,EAClB,KAAkB,EAClB,WAA4B;IAE5B,IAAI,CAAC;QACH,OAAO,MAAM,qBAAqB,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC;IAC7E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CACV,+CAA+C,UAAU,+CAA+C,EACxG,KAAK,CACN,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,MAAiB,EACjB,OAAoC,EACpC,WAA4B;IAE5B,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CACjC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAC5C,2BAA2B,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,CAAC,CAC9D,CACF,CAAC;IACF,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAsC,EAAE,CACvE,OAAO,CAAC,QAAQ,CAAC,CAClB,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,QAAgC,EAChC,UAAkB,EAClB,MAAiB,EACjB,WAA4B;IAE5B,IAAI,OAAO,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACxC,OAAO,QAAQ,CAAC,IAAI,CAAC;YACnB,UAAU;YACV,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,aAAa,EAAE,WAAW,EAAE,MAAM;SACnC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC;AACvB,CAAC;AAED,SAAS,wBAAwB,CAC/B,QAAgC;IAEhC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,IAAI,CAAC;IAC9C,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACvE,OAAO;QACL,uBAAuB,EAAE,QAAQ,CAAC,GAAG;QACrC,gCAAgC,EAAE,WAAW,KAAK,EAAE;QACpD,+BAA+B,EAAE,GAAG,KAAK,QAAQ;QACjD,yBAAyB,EAAE,IAAI;QAC/B,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC;YACnC,CAAC,CAAC,EAAE,kBAAkB,EAAE,SAAS,EAAE;YACnC,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,QAAgC;IAEhC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,IAAI,CAAC;IAC9C,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACvE,OAAO;QACL,uBAAuB,EAAE,QAAQ,CAAC,GAAG;QACrC,gCAAgC,EAAE,WAAW,KAAK,EAAE;QACpD,+BAA+B,EAAE,GAAG,KAAK,QAAQ;QACjD,yBAAyB,EAAE,IAAI;QAC/B,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC;YACnC,CAAC,CAAC,EAAE,kBAAkB,EAAE,SAAS,EAAE;YACnC,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,QAAgC,EAChC,UAAmB;IAEnB,OAAO;QACL,WAAW,EAAE,QAAQ,CAAC,GAAG;QACzB,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC;KACtE,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,OAAO,KAAK,KAAK,QAAQ;QACzB,OAAO,KAAK,KAAK,SAAS,CAC3B,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAC9B,MAAe,EACf,IAAyC;IAEzC,MAAM,GAAG,GACP,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAC5D,CAAC,CAAC,EAAE,GAAI,MAAkC,EAAE;QAC5C,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC;YACtB,CAAC,CAAC,EAAE,MAAM,EAAE;YACZ,CAAC,CAAC,EAAE,CAAC;IACX,KAAK,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,UAAU,CAAC,EAAE,CAAC;QAChD,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,eAAe,CAAC,KAAK,CAAC;YAAE,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5D,OAAO,GAAG,CAAC,GAAG,CAAC;IACjB,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,EAAE,CAAC,uBAAuB,CAAC,CAAC;IACjD,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzE,MAAM,MAAM,GAAI,QAAoC,CAAC,MAAM,CAAC;QAC5D,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1D,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QAC9D,CAAC;QACD,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACxB,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,GAAG;YAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC;IAC/D,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC9D,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa,EAAE,GAAG,GAAG,IAAI;IACjD,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC;AACvC,CAAC;AAED,SAAS,qBAAqB,CAC5B,IAAY,EACZ,MAAe,EACf,iBAA0C;IAE1C,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAChE,MAAM,OAAO,GAAG,iBAAiB,CAAC,OAAO,CAAC;IAC1C,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QAClD,OAAO,gBAAgB,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,IAAI,iBAAiB,CAAC,IAAI,CAAC;IAChE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC9C,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC;IACrC,CAAC;IACD,MAAM,EAAE,GAAG,iBAAiB,CAAC,EAAE,CAAC;IAChC,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC;QACxC,OAAO,GAAG,IAAI,kBAAkB,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC;IAC/C,CAAC;IACD,OAAO,GAAG,IAAI,aAAa,CAAC;AAC9B,CAAC;AAED,8EAA8E;AAC9E,mEAAmE;AACnE,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiB,EACjB,QAAuC,EACvC,WAA4B;IAE5B,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC7E,MAAM,EACJ,sBAAsB,EACtB,qBAAqB,EACrB,0BAA0B,EAC1B,yBAAyB,EACzB,kCAAkC,GACnC,GAAG,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAEvD,uEAAuE;IACvE,0EAA0E;IAC1E,8DAA8D;IAC9D,4EAA4E;IAC5E,6EAA6E;IAC7E,2EAA2E;IAC3E,yEAAyE;IACzE,sBAAsB;IACtB,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IAClE,MAAM,iBAAiB,GACrB,QAAQ;QACR,CAAC,YAAY;YACX,CAAC,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE;YACnD,CAAC,CAAC,SAAS,CAAC,CAAC;IAEjB,0EAA0E;IAC1E,yEAAyE;IACzE,yEAAyE;IACzE,wEAAwE;IACxE,wEAAwE;IACxE,wEAAwE;IACxE,yEAAyE;IACzE,YAAY;IACZ,MAAM,cAAc,GAAG,WAAW,EAAE,WAAW,KAAK,IAAI,IAAI,CAAC,CAAC,YAAY,CAAC;IAC3E,MAAM,WAAW,GACf,cAAc,IAAI,MAAM,CAAC,iBAAiB;QACxC,CAAC,CAAC,MAAM,CAAC,iBAAiB;QAC1B,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;IACrB,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;IACpE,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CACvC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAC3C,4BAA4B,CAAC,KAAK,EAAE,iBAAiB,EAAE,WAAW,CAAC,CACpE,CACF,CAAC;IACF,MAAM,oBAAoB,GAAG,gCAAgC,CAAC,WAAW,CAAC;QACxE,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,iBAAiB,EAAE,WAAW,CAAC;YAC5C,gBAAgB,CAAC,iBAAiB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YAC9D,CAAC,MAAM,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;YACnD,mCAAmC,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACxE,MAAM,iBAAiB,GAAG,oBAAoB;QAC5C,CAAC,CAAC,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CACtD,wCAAwC,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAC9D,CACF;QACH,CAAC,CAAC,cAAc,CAAC;IACnB,MAAM,eAAe,GACnB,oBAAoB;QACpB,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAC9C,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAChC,CAAC;IACJ,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,OAAO,EAAE,EACzD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;YACT,GAAG,CAAC,eAAe;gBACjB,CAAC,CAAC;oBACE,SAAS,EAAE,EAAE;oBACb,UAAU,EAAE;wBACV,CAAC,oBAAoB,CAAC,EAAE;4BACtB,SAAS,EAAE,CAAC,iBAAiB,CAAC;yBAC/B;qBACF;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR;KACF,CACF,CAAC;IAEF,qEAAqE;IACrE,wEAAwE;IACxE,sEAAsE;IACtE,qEAAqE;IACrE,wCAAwC;IACxC,MAAM,YAAY,GAAG,sBAAsB,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAE1E;;;;;;;;;;OAUG;IACH,KAAK,UAAU,iBAAiB,CAAI,EAAoB;QACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC;QACjC,OAAO,qBAAqB,CAC1B;YACE,SAAS,EAAE,iBAAiB,EAAE,SAAS;YACvC,KAAK;YACL,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtE,EACD,EAAE,CACW,CAAC;IAClB,CAAC;IAED,wEAAwE;IACxE,wEAAwE;IACxE,8BAA8B;IAC9B,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAC7B,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE;gBAC5D,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU,CAAC;gBACjD,MAAM,cAAc,GAAG,MAAM,2BAA2B,CACtD,MAAM,EACN,IAAI,EACJ,KAAK,EACL,WAAW,CACZ,CAAC;gBACF,MAAM,WAAW,GACd,KAAK,CAAC,IAAY,CAAC,KAAK;oBACzB,OAAQ,KAAK,CAAC,IAAY,CAAC,KAAK,KAAK,QAAQ;oBAC7C,CAAC,KAAK,CAAC,OAAO,CAAE,KAAK,CAAC,IAAY,CAAC,KAAK,CAAC;oBACvC,CAAC,CAAC,EAAE,GAAK,KAAK,CAAC,IAAY,CAAC,KAAiC,EAAE;oBAC/D,CAAC,CAAC,EAAE,CAAC;gBACT,MAAM,QAAQ,GAAG;oBACf,GAAG,WAAW;oBACd,GAAG,CAAC,cAAc;wBAChB,CAAC,CAAC;4BACE,GAAG,wBAAwB,CAAC,cAAc,CAAC;4BAC3C,CAAC,6BAA6B,CAAC,EAAE,cAAc,CAAC,GAAG;4BACnD,EAAE,EAAE,gBAAgB,CAClB,cAAc,EACd,KAAK,CAAC,MAAM,EAAE,UAAU;gCACtB,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,UAAU,CAC5C;yBACF;wBACH,CAAC,CAAC,EAAE,CAAC;iBACR,CAAC;gBACF,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;gBACvD,MAAM,WAAW,GAA4B;oBAC3C,YAAY,EAAE,KAAK,CAAC,QAAQ,KAAK,IAAI;oBACrC,eAAe,EAAE,KAAK,CAAC,WAAW,EAAE,eAAe,KAAK,IAAI;oBAC5D,aAAa,EAAE,KAAK;iBACrB,CAAC;gBACF,IAAI,OAAO;oBAAE,WAAW,CAAC,+BAA+B,CAAC,GAAG,IAAI,CAAC;gBACjE,OAAO;oBACL,IAAI;oBACJ,WAAW,EAAE,OAAO;wBAClB,CAAC,CAAC,GAAG,eAAe,sEAAsE;wBAC1F,CAAC,CAAC,eAAe;oBACnB,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI;wBACpC,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE,EAAE;qBACf;oBACD,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAChE,WAAW;iBACZ,CAAC;YACJ,CAAC,CAAC,CACH,CAAC;YAEF,IACE,CAAC,oBAAoB;gBACrB,MAAM,CAAC,QAAQ;gBACf,gBAAgB,CAAC,iBAAiB,EAAE,WAAW,EAAE,WAAW,CAAC,EAC7D,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,WAAW;oBACjB,WAAW,EACT,4EAA4E;wBAC5E,4EAA4E;wBAC5E,iCAAiC;oBACnC,WAAW,EAAE;wBACX,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE;4BACV,OAAO,EAAE;gCACP,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,kCAAkC;6BAChD;yBACF;wBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;qBACtB;oBACD,WAAW,EAAE;wBACX,YAAY,EAAE,KAAK;wBACnB,eAAe,EAAE,KAAK;wBACtB,aAAa,EAAE,KAAK;qBACrB;iBACF,CAAC,CAAC;YACL,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,CAAC;QACnB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,uEAAuE;IACvE,iEAAiE;IACjE,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACrE,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAEjD,IAAI,IAAI,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC5C,IAAI,oBAAoB,EAAE,CAAC;oBACzB,OAAO;wBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;wBAC1D,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;oBACnE,OAAO;wBACL,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,iDAAiD;6BACxD;yBACF;wBACD,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;gBACD,MAAM,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBAC9C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;gBACvD,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,OAAO;wBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;wBAC1D,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,eAAe,GAAG,oBAAoB;gBAC1C,CAAC,CAAC,iBAAiB;gBACnB,CAAC,CAAC,OAAO,CAAC;YACZ,MAAM,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YACpC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YACD,IACE,CAAC,4BAA4B,CAAC,KAAK,EAAE,iBAAiB,EAAE,WAAW,CAAC,EACpE,CAAC;gBACD,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE,8CAA8C,IAAI,EAAE;yBAC3D;qBACF;oBACD,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAE,IAA+B,IAAI,EAAE,CAAC,CAAC;gBACvE,MAAM,SAAS,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC;gBAClE,MAAM,eAAe,GAAG,iBAAiB,CAAC,MAAM,CAAC;oBAC/C,CAAC,CAAC,MAAM,CAAC,IAAI;oBACb,CAAC,CAAC,MAAM,CAAC;gBACX,MAAM,cAAc,GAAG,MAAM,2BAA2B,CACtD,MAAM,EACN,IAAI,EACJ,KAAK,EACL,WAAW,CACZ,CAAC;gBACF,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,kBAAkB,CACzC,KAAK,EACJ,IAA4B,IAAI,EAAE,EACnC,SAAS,EACT,WAAW,CACZ,CAAC;gBACF,MAAM,YAAY,GAA4B;oBAC5C,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;oBAChB,GAAG,CAAC,cAAc;wBAChB,CAAC,CAAC,uBAAuB,CAAC,SAAS,EAAE,cAAc,EAAE,WAAW,CAAC;wBACjE,CAAC,CAAC,EAAE,CAAC;oBACP,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;iBAChE,CAAC;gBACF,MAAM,iBAAiB,GAAG,cAAc;oBACtC,CAAC,CAAC,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC;oBAClD,CAAC,CAAC,SAAS,CAAC;gBACd,MAAM,IAAI,GAAG,cAAc;oBACzB,CAAC,CAAC,qBAAqB,CAAC,IAAI,EAAE,eAAe,EAAE,iBAAkB,CAAC;oBAClE,CAAC,CAAC,OAAO,eAAe,KAAK,QAAQ;wBACnC,CAAC,CAAC,eAAe;wBACjB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;gBACtC,MAAM,OAAO,GAAU,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChD,IAAI,KAAK;oBAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC/B,OAAO;oBACL,OAAO;oBACP,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACnD,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,MAAM,GAAG,CAAC;wBACtC,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE;wBACzB,CAAC,CAAC,EAAE,CAAC;iBACR,CAAC;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,CAAC,iBAAiB,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;YAC9D,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAC9C,MAAM,EACN,iBAAiB,EACjB,WAAW,CACZ,CAAC;gBACF,OAAO;oBACL,SAAS,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;wBAC5C,GAAG,EAAE,QAAQ,CAAC,GAAG;wBACjB,IAAI,EAAE,QAAQ,CAAC,IAAI;wBACnB,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACpD,GAAG,CAAC,QAAQ,CAAC,WAAW;4BACtB,CAAC,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,EAAE;4BACvC,CAAC,CAAC,EAAE,CAAC;wBACP,QAAQ,EAAE,QAAQ,CAAC,QAAQ;wBAC3B,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;qBACrD,CAAC,CAAC;iBACJ,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,iBAAiB,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YACtE,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAC9C,MAAM,EACN,iBAAiB,EACjB,WAAW,CACZ,CAAC;gBACF,OAAO;oBACL,iBAAiB,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;wBACpD,WAAW,EAAE,QAAQ,CAAC,GAAG;wBACzB,IAAI,EAAE,QAAQ,CAAC,IAAI;wBACnB,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACpD,GAAG,CAAC,QAAQ,CAAC,WAAW;4BACtB,CAAC,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,EAAE;4BACvC,CAAC,CAAC,EAAE,CAAC;wBACP,QAAQ,EAAE,QAAQ,CAAC,QAAQ;wBAC3B,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;qBACrD,CAAC,CAAC;iBACJ,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,iBAAiB,CACtB,yBAAyB,EACzB,KAAK,EAAE,OAAY,EAAE,EAAE;YACrB,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;gBAChC,IAAI,KAAK,GAGE,IAAI,CAAC;gBAChB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAC9D,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;oBAC9D,IACE,CAAC,WAAW;wBACZ,CAAC,WAAW,CAAC,GAAG,KAAK,GAAG;4BACtB,CAAC,WAAW,CAAC,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,EACzC,CAAC;wBACD,SAAS;oBACX,CAAC;oBACD,MAAM,QAAQ,GAAG,MAAM,2BAA2B,CAChD,MAAM,EACN,IAAI,EACJ,KAAK,EACL,WAAW,CACZ,CAAC;oBACF,IAAI,QAAQ,EAAE,CAAC;wBACb,KAAK,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;oBACzC,CAAC;oBACD,MAAM;gBACR,CAAC;gBACD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,EAAE,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG;4BACH,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ;4BACjC,IAAI,EAAE,gBAAgB,CACpB,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,UAAU,EAChB,MAAM,EACN,WAAW,CACZ;4BACD,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK;gCACtB,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE;gCACjC,CAAC,CAAC,EAAE,CAAC;yBACR;qBACF;iBACF,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,6EAA6E;AAC7E,gFAAgF;AAChF,8EAA8E;AAE9E,MAAM,UAAU,eAAe;IAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACxC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CACT,GAAG,KAAK;aACL,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,CACnB,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,SAAS,yBAAyB,CAChC,gBAAoC;IAEpC,MAAM,KAAK,GACT,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE;QAC5C,CAAC,OAAO,gBAAgB,KAAK,QAAQ,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACjE,EAAE,CAAC;IACL,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACpD,CAAC;AAED,SAAS,kBAAkB,CACzB,UAAoB,EACpB,MAAiC;IAEjC,MAAM,OAAO,GAAG,MAAM,EAAE,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO;IACrD,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC3B,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,KAAa;IAEb,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAClC,IAAI,iBAAiB,GAAmC,IAAI,CAAC;IAC7D,IAAI,CAAC;QACH,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAA4B,CAAC;IACvE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,kBAAkB,CAAC,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE7D,MAAM,SAAS,GACb,OAAO,iBAAiB,CAAC,UAAU,KAAK,QAAQ;QAC9C,CAAC,CAAC,iBAAiB,CAAC,UAAU;QAC9B,CAAC,CAAC,SAAS,CAAC;IAChB,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YACnE,kBAAkB,CAChB,gBAAgB,EAChB,MAAM,oBAAoB,CAAC,SAAS,CAAC,CACtC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,0EAA0E;QAC5E,CAAC;IACH,CAAC;IAED,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CACtC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CACjC,CAAC;YACF,OAAO,OAAkC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,gEAAgE;QAClE,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,gBAAqC,EACrC,UAA4D,EAAE;IAa9D,oEAAoE;IACpE,yEAAyE;IACzE,0EAA0E;IAC1E,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;IACvC,MAAM,YAAY,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAC9C,MAAM,KAAK,GAAG,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;QAC7C,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QACrB,CAAC,CAAC,SAAS,CAAC;IACd,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,aAAa,GAAG,MAAM,yBAAyB,CACnD,KAAK,EACL,OAAO,CAAC,WAAW,CACpB,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE;oBACR,SAAS,EAAE,aAAa,CAAC,SAAS;oBAClC,SAAS,EAAE,aAAa,CAAC,SAAS;oBAClC,WAAW,EAAE,aAAa,CAAC,MAAM;oBACjC,aAAa,EAAE,aAAa,CAAC,QAAQ;iBACtC;gBACD,WAAW,EAAE,IAAI;aAClB,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,KAAK,EAAE,CAAC;QACzD,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;YACnC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;YACrD,uEAAuE;YACvE,sEAAsE;YACtE,uEAAuE;YACvE,iDAAiD;YACjD,WAAW,EAAE,CAAC,CAAC,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;SAC7D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAErC,wEAAwE;IACxE,uDAAuD;IACvD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,UAAU,GACd,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAChE,IAAI,UAAU,IAAI,UAAU,KAAK,iBAAiB,EAAE,CAAC;YACnD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3B,CAAC;QAED,uEAAuE;QACvE,mEAAmE;QACnE,sEAAsE;QACtE,uDAAuD;QACvD,mEAAmE;QACnE,kDAAkD;QAClD,IAAI,UAAU,KAAK,iBAAiB,EAAE,CAAC;YACrC,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBACpD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC3B,CAAC;YACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,EAAE,YAAY,EAAE,cAAc,EAAE,GACpC,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;gBACrC,IAAI,MAAM,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC5B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;gBAC3B,CAAC;gBACD,uDAAuD;gBACvD,KAAK,cAAc,CAAC,GAAG,CAAC,CAAC;YAC3B,CAAC;YAAC,MAAM,CAAC;gBACP,gEAAgE;YAClE,CAAC;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE;gBACR,SAAS,EAAE,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;gBACpE,SAAS,EACP,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;oBACpC,CAAC,CAAE,OAAO,CAAC,UAAqB;oBAChC,CAAC,CAAC,SAAS;aAChB;YACD,mEAAmE;YACnE,WAAW,EAAE,IAAI;SAClB,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;YACnC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;YACrD,WAAW,EAAE,CAAC,CAAC,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;SAC7D,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,uEAAuE;IACvE,4DAA4D;IAC5D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;YACrD,qDAAqD;YACrD,WAAW,EAAE,IAAI;SAClB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,SAA6B;IAE7B,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAChD,OAAO,GAAG,EAAE,KAAK,IAAI,SAAS,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["/*\n Shared MCP server builder.\n \n Extracted from `server.ts` so the stateless Streamable-HTTP mount\n * (`mountMCP`) and the stdio transport (`runMCPStdio --standalone`) build the\n * same MCP server from the same `ActionEntry` registry. Both surfaces:\n \n - expose every action as an MCP tool (+ the `ask-agent` meta-tool),\n * - append the framework deep-link block / `_meta` to every tool result,\n * - wrap `run()` / `askAgent()` in `runWithRequestContext` so per-user /\n * per-org scoping (accessFilter, resolveCredential, MCP visibility) is\n * honoured.\n \n `server.ts` re-exports `createMCPServerForRequest` and the auth helpers so\n * any (future) external importer of `@agent-native/core/mcp` keeps resolving.\n \n Node-only at the SDK level, but this module itself has no Node-only imports\n * — it can be bundled into the serverless function alongside `mountMCP`.\n /\n\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport { isMcpActionResult } from \"../mcp-client/app-result.js\";\nimport {\n MCP_APP_EXTENSION_ID,\n MCP_APP_MIME_TYPE,\n MCP_APP_RESOURCE_URI_META_KEY,\n type ActionMcpAppCsp,\n type ActionMcpAppResourceConfig,\n} from \"../action.js\";\nimport { MCP_APP_REQUEST_ORIGIN_CSP_SOURCE } from \"./embed-app.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { toAbsoluteOpenUrl, toDesktopOpenUrl } from \"../server/deep-link.js\";\nimport {\n isAgentNativeOpenDeepLink,\n withCollapsedAgentSidebarParam,\n} from \"../shared/agent-sidebar-url.js\";\nimport { MCP_APP_CHAT_BRIDGE_QUERY_PARAM } from \"../shared/embed-auth.js\";\nimport { getBuiltinCrossAppTools } from \"./builtin-tools.js\";\nimport { MCP_CONNECT_SCOPE } from \"./connect-store.js\";\nimport {\n MCP_OAUTH_SCOPES,\n hasMcpOAuthScope,\n verifyMcpOAuthAccessToken,\n} from \"./oauth-token.js\";\n\nexport interface MCPConfig {\n /* App name shown in MCP server info /\n name: string;\n /\n Canonical app id (directory under `apps/`, e.g. `mail`) this MCP server\n * is mounted for. Optional & back-compat: when omitted the builtin\n * cross-app tools fall back to lowercasing `name`. Used by `open_app` /\n * `ask_app` / `create_workspace_app` to tell \"this app\" from a cross-app\n * target so they resolve the target app's origin rather than echoing the\n * current request origin.\n /\n appId?: string;\n /* App description /\n description: string;\n /* Version string (default \"1.0.0\") /\n version?: string;\n /* Action registry — same as agent chat and A2A /\n actions: Record<string, ActionEntry>;\n /\n Full (\"production\") action surface served to an *authenticated real\n caller** — a connect-minted token, an `agent-native mcp install` stdio\n * proxy (owner-email header / `AGENT_NATIVE_OWNER_EMAIL`), or a deployed /\n * `AGENT_MODE=production` app. In local dev `actions` is intentionally the\n * sparse, dev-toggled surface (builtins + read-only public-agent actions)\n * so the local agent chat and unauthenticated dev probes don't see every\n * mutating tool; but per the external-agents contract a real caller that\n * connected with a token MUST get the full surface even in dev. When unset\n * (production, where `actions` already IS the full set) the swap is a\n * no-op. See `external-agents` skill, \"Dev vs production tool surface\".\n /\n productionActions?: Record<string, ActionEntry>;\n /* Handler for the ask-agent meta-tool — runs the full agent loop /\n askAgent?: (message: string) => Promise<string>;\n /\n Disable the generic cross-app builtin tools (`list_apps`, `open_app`,\n * `ask_app`, `create_workspace_app`, `list_templates`). They are merged in\n * by default so external agents get a stable verb set; a template action of\n * the same name always wins (template precedence). Set to `false` only for\n * a constrained / locked-down mount.\n /\n builtinCrossAppTools?: boolean;\n}\n\n/\n Identity extracted from a verified MCP bearer token / JWT. Used to wrap\n * `entry.run()` and `config.askAgent()` calls in `runWithRequestContext`\n * so downstream tools (db-query, accessFilter, resolveCredential) honour\n * per-user / per-org scoping. Without this wrap the MCP endpoint would\n * silently bypass tenant isolation. See finding #6 in\n * /tmp/security-audit/12-mcp-a2a-agent.md.\n /\nexport interface MCPCallerIdentity {\n userEmail: string \| undefined;\n orgDomain: string \| undefined;\n /* Present only for standard remote MCP OAuth access tokens. /\n oauthScopes?: string[];\n /* Present only for standard remote MCP OAuth access tokens. /\n oauthClientId?: string;\n}\n\n/* Per-request context used to turn an action's relative deep link into the\n * absolute web URL (and desktop `agentnative://` URL) the external agent\n * surfaces. Derived from the inbound request headers in `mountMCP`, or from\n * the resolved local app origin in the stdio standalone path. /\nexport interface MCPRequestMeta {\n /* Origin of the running app, e.g. `http://localhost:8100`. /\n origin?: string;\n /* Optional client preference for which URL the markdown link uses. /\n target?: \"browser\" \| \"desktop\" \| \"terminal\";\n /\n Best-effort caller label derived from MCP transport headers. Chat-style\n * remote hosts should stay on the compact catalog; code/stdio clients can\n * explicitly identify themselves to keep the full action surface.\n /\n clientName?: string;\n /* Explicit framework client hint from `x-agent-native-mcp-client`. /\n clientHint?: string;\n /* Explicit opt-in to the full tool catalog for code/stdio style clients. /\n fullCatalog?: boolean;\n /\n The caller authenticated with a real credential (verified A2A/connect\n * JWT, matching ACCESS_TOKEN, or a forwarded owner-email header from\n * `agent-native mcp install`) — not the unauthenticated local dev-open\n * path. When true, `createMCPServerForRequest` serves\n * `config.productionActions` (the full surface) instead of the sparse dev\n * `config.actions`. Set by `mountMCP` from `verifyAuth`.\n /\n fullSurface?: boolean;\n}\n\ntype McpOAuthScope = (typeof MCP_OAUTH_SCOPES)[number];\n\nfunction isActionVisibleForOAuthScope(\n entry: ActionEntry,\n scopes: string[] \| undefined,\n): boolean {\n if (!scopes) return true;\n const required: McpOAuthScope =\n entry.readOnly === true ? \"mcp:read\" : \"mcp:write\";\n return hasMcpOAuthScope(scopes, required);\n}\n\nconst COMPACT_MCP_APP_CATALOG_BUILTINS = new Set([\n \"list_apps\",\n \"open_app\",\n \"ask_app\",\n \"create_embed_session\",\n]);\n\nfunction isActionAdvertisedInCompactMcpAppCatalog(\n name: string,\n entry: ActionEntry,\n config: MCPConfig,\n): boolean {\n if (COMPACT_MCP_APP_CATALOG_BUILTINS.has(name)) return true;\n if (\n (entry.mcpApp as { compactCatalog?: unknown } \| undefined)\n ?.compactCatalog === true\n ) {\n return true;\n }\n if (config.builtinCrossAppTools === false && entry.mcpApp?.resource) {\n return true;\n }\n return false;\n}\n\nconst MCP_APP_OAUTH_CLIENT_RE = /\\b(chatgpt\|openai\|claude\|anthropic)\\b/i;\nconst NON_APP_OAUTH_CLIENT_RE =\n /\\b(code\|cli\|cursor\|codex\|goose\|postman\|mcpjam\|inspector)\\b/i;\nconst MCP_APP_OAUTH_REDIRECT_HOST_RE =\n /(^\|\\.)((chatgpt\|openai)\\.com\|claude\\.ai\|anthropic\\.com)$/i;\nconst FULL_CATALOG_CLIENT_RE =\n /\\b(agent-native-mcp-(proxy\|stdio\|standalone)\|code\|cli\|cursor\|codex\|goose\|postman\|mcpjam\|inspector)\\b/i;\n\nasync function isKnownMcpAppOAuthClient(\n identity: MCPCallerIdentity \| undefined,\n): Promise<boolean> {\n const clientId = identity?.oauthClientId?.trim();\n if (!clientId) return false;\n\n function isKnownAppClientName(value: string \| undefined \| null): boolean {\n if (!value) return false;\n return (\n MCP_APP_OAUTH_CLIENT_RE.test(value) &&\n !NON_APP_OAUTH_CLIENT_RE.test(value)\n );\n }\n\n function isKnownNonAppClientName(value: string \| undefined \| null): boolean {\n return Boolean(value && NON_APP_OAUTH_CLIENT_RE.test(value));\n }\n\n function isKnownMcpAppRedirectUri(uri: string): boolean {\n try {\n const url = new URL(uri);\n return (\n url.protocol === \"https:\" &&\n MCP_APP_OAUTH_REDIRECT_HOST_RE.test(url.hostname)\n );\n } catch {\n return false;\n }\n }\n\n if (isKnownAppClientName(clientId)) return true;\n if (isKnownNonAppClientName(clientId)) return false;\n\n try {\n const { getOAuthClient } = await import(\"./oauth-store.js\");\n const client = await getOAuthClient(clientId);\n // If the token carries an OAuth client id but its registration is missing,\n // keep the model on the compact MCP Apps surface instead of exposing every\n // private action/schema.\n if (!client) return true;\n if (isKnownAppClientName(client.clientName)) return true;\n if (isKnownNonAppClientName(client.clientName)) return false;\n if (client.redirectUris.some(isKnownMcpAppRedirectUri)) return true;\n // Most OAuth hosts are UI-oriented MCP clients. Preserve the full catalog\n // only for known code/CLI clients so unknown browser hosts cannot trigger\n // massive resources/list payloads.\n return true;\n } catch {\n // On metadata lookup errors, fail compact instead of falling back to the\n // full action surface; ChatGPT/Claude old tokens otherwise get huge lists.\n return true;\n }\n}\n\nfunction explicitlyRequestsFullMcpCatalog(\n requestMeta: MCPRequestMeta \| undefined,\n): boolean {\n if (process.env.AGENT_NATIVE_MCP_FULL_CATALOG === \"1\") return true;\n if (requestMeta?.fullCatalog === true) return true;\n if (requestMeta?.clientHint) {\n return FULL_CATALOG_CLIENT_RE.test(requestMeta.clientHint);\n }\n return FULL_CATALOG_CLIENT_RE.test(requestMeta?.clientName ?? \"\");\n}\n\nfunction shouldUseCompactMcpCatalogByDefault(\n identity: MCPCallerIdentity \| undefined,\n requestMeta: MCPRequestMeta \| undefined,\n): boolean {\n if (explicitlyRequestsFullMcpCatalog(requestMeta)) return false;\n // OAuth callers are classified through `isKnownMcpAppOAuthClient`: unknown\n // OAuth clients compact by default, while known code/CLI clients stay full.\n if (identity?.oauthClientId) return false;\n // A real authenticated remote HTTP caller with no OAuth client metadata is\n // usually a chat-host static-token connector. Keep it on the app-facing\n // verbs so a host cannot dump every action schema into a giant tool card.\n return requestMeta?.fullSurface === true;\n}\n\ninterface ResolvedMcpAppResource {\n uri: string;\n legacyUris?: string[];\n name: string;\n title?: string;\n description?: string;\n html: ActionMcpAppResourceConfig[\"html\"];\n mimeType: typeof MCP_APP_MIME_TYPE;\n _meta?: Record<string, unknown>;\n}\n\ninterface McpAppResourceContext {\n actionName: string;\n appId?: string;\n requestOrigin?: string;\n}\n\ninterface VersionedMcpAppResourceUri {\n uri: string;\n legacyUris?: string[];\n}\n\nfunction metadataObject(value: unknown): Record<string, unknown> {\n return value && typeof value === \"object\" && !Array.isArray(value)\n ? (value as Record<string, unknown>)\n : {};\n}\n\nfunction originString(value: unknown): string \| undefined {\n if (typeof value !== \"string\" \|\| !value.trim()) return undefined;\n try {\n return new URL(value).origin;\n } catch {\n return undefined;\n }\n}\n\nfunction hostSpecificDomainString(value: unknown): string \| undefined {\n if (typeof value !== \"string\" \|\| !value.trim()) return undefined;\n const trimmed = value.trim();\n try {\n new URL(trimmed);\n return undefined;\n } catch {\n return trimmed;\n }\n}\n\nfunction withMcpChatBridgeParam(urlOrPath: string): string {\n try {\n const base = \"http://agent-native.invalid\";\n const url = urlOrPath.startsWith(\"/\")\n ? new URL(urlOrPath, base)\n : new URL(urlOrPath);\n url.searchParams.set(MCP_APP_CHAT_BRIDGE_QUERY_PARAM, \"1\");\n return urlOrPath.startsWith(\"/\")\n ? `${url.pathname}${url.search}${url.hash}`\n : url.toString();\n } catch {\n return urlOrPath;\n }\n}\n\nfunction isEmbedStartUrl(value: string): boolean {\n try {\n const base = \"http://agent-native.invalid\";\n const url = value.startsWith(\"/\") ? new URL(value, base) : new URL(value);\n return url.pathname.includes(\"/_agent-native/embed/start\");\n } catch {\n return value.includes(\"/_agent-native/embed/start\");\n }\n}\n\nfunction mcpAppEmbedOpenLinkMeta(\n result: unknown,\n resource: ResolvedMcpAppResource,\n meta: MCPRequestMeta \| undefined,\n): Record<string, unknown> {\n const out = metadataObject(result);\n const embedStartUrl =\n typeof out.embedStartUrl === \"string\"\n ? out.embedStartUrl\n : out.embed === true &&\n typeof out.url === \"string\" &&\n out.url.includes(\"/_agent-native/embed/start\")\n ? out.url\n : null;\n if (!embedStartUrl) return {};\n\n const webUrl = toAbsoluteOpenUrl(\n withMcpChatBridgeParam(embedStartUrl),\n meta?.origin,\n );\n const deepLinkUrl =\n typeof out.deepLinkUrl === \"string\" ? out.deepLinkUrl : null;\n const fallbackLabel = resource.title ?? resource.name ?? \"app\";\n const label =\n typeof out.app === \"string\" && out.app.trim()\n ? `Open ${out.app.trim()}`\n : fallbackLabel;\n const view =\n typeof out.view === \"string\" && out.view.trim()\n ? out.view.trim()\n : typeof out.path === \"string\" && out.path.trim()\n ? out.path.trim()\n : undefined;\n const safeViewOpenUrl = view ? view : undefined;\n const explicitOpenUrl = deepLinkUrl\n ? deepLinkUrl\n : typeof out.url === \"string\" && !isEmbedStartUrl(out.url)\n ? out.url\n : safeViewOpenUrl;\n const safeOpenUrl = explicitOpenUrl\n ? toAbsoluteOpenUrl(explicitOpenUrl, meta?.origin)\n : null;\n\n return {\n \"agent-native/embedStart\": {\n startUrl: webUrl,\n ...(typeof out.embedExpiresAt === \"number\"\n ? { expiresAt: out.embedExpiresAt }\n : {}),\n },\n ...(safeOpenUrl\n ? {\n \"agent-native/openLink\": {\n label,\n ...(view ? { view } : {}),\n webUrl: safeOpenUrl,\n desktopUrl: safeOpenUrl,\n },\n }\n : {}),\n };\n}\n\n/\n Build the deep-link content block + structured `_meta` for a tool result.\n * Best-effort: any throw / nullish link is swallowed so a bad `link` builder\n * never fails the tool call.\n /\nexport function buildLinkArtifacts(\n entry: ActionEntry,\n args: Record<string, any>,\n result: any,\n meta: MCPRequestMeta \| undefined,\n): {\n block?: { type: \"text\"; text: string };\n _meta?: Record<string, unknown>;\n} {\n if (typeof entry.link !== \"function\") return {};\n try {\n const lk = entry.link({ args: args ?? {}, result });\n if (!lk?.url) return {};\n const linkUrl = isAgentNativeOpenDeepLink(lk.url)\n ? withCollapsedAgentSidebarParam(lk.url)\n : lk.url;\n const webUrl = toAbsoluteOpenUrl(linkUrl, meta?.origin);\n const desktopUrl = toDesktopOpenUrl(linkUrl);\n const markdownUrl = meta?.target === \"desktop\" ? desktopUrl : webUrl;\n return {\n block: { type: \"text\", text: `\\n\\n[${lk.label} →](${markdownUrl})` },\n _meta: {\n \"agent-native/openLink\": {\n label: lk.label,\n view: lk.view,\n webUrl,\n desktopUrl,\n },\n },\n };\n } catch {\n return {};\n }\n}\n\n/\n Merge the generic cross-app builtin tools into the config's action\n * registry. Template actions take precedence: if a template defines an\n * action with the same name as a builtin (e.g. its own `list_apps`), the\n * template entry wins and the builtin is dropped. This mirrors the\n * template-over-workspace-core precedence in `autoDiscoverActions`.\n \n The builtins are pure-ish navigators / scaffolders; they call back into the\n * same `config.actions` / `config.askAgent` so there is no second agent loop.\n /\nfunction mergeBuiltinTools(\n config: MCPConfig,\n baseActions: Record<string, ActionEntry>,\n requestMeta?: MCPRequestMeta,\n): Record<string, ActionEntry> {\n if (config.builtinCrossAppTools === false) return baseActions;\n const builtins = getBuiltinCrossAppTools(config, requestMeta);\n const merged: Record<string, ActionEntry> = { ...builtins };\n // Template / app actions overwrite same-named builtins.\n for (const [name, entry] of Object.entries(baseActions)) {\n merged[name] = entry;\n }\n return merged;\n}\n\nfunction safeUiSegment(value: string \| undefined, fallback: string): string {\n const normalized = (value \|\| fallback)\n .trim()\n .toLowerCase()\n .replace(/[^a-z0-9._-]+/g, \"-\")\n .replace(/^-+\|-+$/g, \"\");\n return normalized \|\| fallback;\n}\n\n// ChatGPT and Claude cache MCP App resource HTML by `ui://` URI. Bump this\n// when the shared shell changes in a way that must invalidate host caches.\nconst MCP_APP_RESOURCE_SHELL_VERSION = \"shell-v26\";\n\nfunction legacyDefaultMcpAppUri(config: MCPConfig, actionName: string): string {\n const app = safeUiSegment(config.appId ?? config.name, \"agent-native\");\n const action = safeUiSegment(actionName, \"tool\");\n return `ui://${app}/${action}`;\n}\n\nfunction versionMcpAppResourceUri(\n rawUri: string,\n): VersionedMcpAppResourceUri \| null {\n const uri = rawUri.trim();\n if (!uri.startsWith(\"ui://\")) return null;\n const versionSuffix = `/${MCP_APP_RESOURCE_SHELL_VERSION}`;\n let versionedUri: string;\n try {\n const parsed = new URL(uri);\n const path = parsed.pathname.replace(/\\/+$/g, \"\");\n parsed.pathname = /\\/shell-v\\d+$/.test(path)\n ? path.replace(/\\/shell-v\\d+$/, versionSuffix)\n : `${path}${versionSuffix}`;\n versionedUri = parsed.toString();\n } catch {\n return null;\n }\n return {\n uri: versionedUri,\n ...(versionedUri !== uri ? { legacyUris: [uri] } : {}),\n };\n}\n\nfunction getMcpAppResourceUri(\n config: MCPConfig,\n actionName: string,\n entry: ActionEntry,\n): VersionedMcpAppResourceUri \| null {\n const resource = entry.mcpApp?.resource;\n if (!resource) return null;\n const baseUri =\n resource.uri?.trim() \|\| legacyDefaultMcpAppUri(config, actionName);\n return versionMcpAppResourceUri(baseUri);\n}\n\nfunction expandRequestOriginSources(\n sources: string[] \| undefined,\n requestMeta?: MCPRequestMeta,\n): string[] \| undefined {\n if (!sources) return undefined;\n const origin = requestMeta?.origin;\n return sources.flatMap((source) =>\n source === MCP_APP_REQUEST_ORIGIN_CSP_SOURCE && origin\n ? [origin]\n : [source],\n );\n}\n\nfunction openAiWidgetCsp(\n cspConfig: ActionMcpAppCsp \| undefined,\n requestMeta?: MCPRequestMeta,\n): Record<string, string[]> \| undefined {\n if (!cspConfig) return undefined;\n const csp: Record<string, string[]> = {};\n const connectDomains = expandRequestOriginSources(\n cspConfig.connectDomains,\n requestMeta,\n );\n const resourceDomains = expandRequestOriginSources(\n cspConfig.resourceDomains,\n requestMeta,\n );\n const frameDomains = expandRequestOriginSources(\n cspConfig.frameDomains,\n requestMeta,\n );\n if (connectDomains?.length) csp.connect_domains = connectDomains;\n if (resourceDomains?.length) csp.resource_domains = resourceDomains;\n if (frameDomains?.length) csp.frame_domains = frameDomains;\n return Object.keys(csp).length > 0 ? csp : undefined;\n}\n\nfunction mcpAppUiMeta(\n resource: ActionMcpAppResourceConfig,\n resolvedCsp: ActionMcpAppCsp \| undefined,\n requestMeta?: MCPRequestMeta,\n description?: string,\n): Record<string, unknown> \| undefined {\n const base =\n resource._meta && typeof resource._meta === \"object\"\n ? { ...resource._meta }\n : {};\n const existingUi =\n base.ui && typeof base.ui === \"object\" && !Array.isArray(base.ui)\n ? (base.ui as Record<string, unknown>)\n : {};\n const ui: Record<string, unknown> = { ...existingUi };\n delete ui.domain;\n if (resolvedCsp) {\n ui.csp = {\n ...resolvedCsp,\n connectDomains: expandRequestOriginSources(\n resolvedCsp.connectDomains,\n requestMeta,\n ),\n resourceDomains: expandRequestOriginSources(\n resolvedCsp.resourceDomains,\n requestMeta,\n ),\n frameDomains: expandRequestOriginSources(\n resolvedCsp.frameDomains,\n requestMeta,\n ),\n baseUriDomains: expandRequestOriginSources(\n resolvedCsp.baseUriDomains,\n requestMeta,\n ),\n };\n }\n if (resource.permissions) ui.permissions = resource.permissions;\n const hostSpecificDomain =\n hostSpecificDomainString(resource.domain) ??\n hostSpecificDomainString(existingUi.domain);\n if (hostSpecificDomain) ui.domain = hostSpecificDomain;\n const openAiWidgetDomain =\n originString(resource.domain) ??\n originString(ui.domain) ??\n originString(existingUi.domain) ??\n originString(requestMeta?.origin);\n if (typeof resource.prefersBorder === \"boolean\") {\n ui.prefersBorder = resource.prefersBorder;\n }\n if (Object.keys(ui).length > 0) base.ui = ui;\n if (description && base[\"openai/widgetDescription\"] == null) {\n base[\"openai/widgetDescription\"] = description;\n }\n if (\n typeof resource.prefersBorder === \"boolean\" &&\n base[\"openai/widgetPrefersBorder\"] == null\n ) {\n base[\"openai/widgetPrefersBorder\"] = resource.prefersBorder;\n }\n const openAiCsp = openAiWidgetCsp(resolvedCsp, requestMeta);\n if (openAiCsp && base[\"openai/widgetCSP\"] == null) {\n base[\"openai/widgetCSP\"] = openAiCsp;\n }\n if (openAiWidgetDomain && base[\"openai/widgetDomain\"] == null) {\n base[\"openai/widgetDomain\"] = openAiWidgetDomain;\n }\n return Object.keys(base).length > 0 ? base : undefined;\n}\n\nasync function resolveMcpAppCsp(\n resource: ActionMcpAppResourceConfig,\n ctx: McpAppResourceContext,\n): Promise<ActionMcpAppCsp \| undefined> {\n if (!resource.csp) return undefined;\n return typeof resource.csp === \"function\"\n ? await resource.csp(ctx)\n : resource.csp;\n}\n\nasync function resolveMcpAppResource(\n config: MCPConfig,\n actionName: string,\n entry: ActionEntry,\n requestMeta?: MCPRequestMeta,\n): Promise<ResolvedMcpAppResource \| null> {\n const resource = entry.mcpApp?.resource;\n if (!resource) return null;\n const resolvedUri = getMcpAppResourceUri(config, actionName, entry);\n if (!resolvedUri) return null;\n const description = resource.description ?? entry.tool.description;\n const resolvedCsp = await resolveMcpAppCsp(resource, {\n actionName,\n appId: config.appId,\n requestOrigin: requestMeta?.origin,\n });\n const resourceMeta = mcpAppUiMeta(\n resource,\n resolvedCsp,\n requestMeta,\n description,\n );\n return {\n uri: resolvedUri.uri,\n ...(resolvedUri.legacyUris ? { legacyUris: resolvedUri.legacyUris } : {}),\n name: resource.name?.trim() \|\| actionName,\n ...(resource.title ? { title: resource.title } : {}),\n ...(description ? { description } : {}),\n html: resource.html,\n mimeType: resource.mimeType ?? MCP_APP_MIME_TYPE,\n ...(resourceMeta ? { _meta: resourceMeta } : {}),\n };\n}\n\nasync function resolveMcpAppResourceSafely(\n config: MCPConfig,\n actionName: string,\n entry: ActionEntry,\n requestMeta?: MCPRequestMeta,\n): Promise<ResolvedMcpAppResource \| null> {\n try {\n return await resolveMcpAppResource(config, actionName, entry, requestMeta);\n } catch (error) {\n console.warn(\n `[mcp] Skipping MCP App resource for action \"${actionName}\" because its metadata could not be resolved.`,\n error,\n );\n return null;\n }\n}\n\nasync function getMcpAppResources(\n config: MCPConfig,\n actions: Record<string, ActionEntry>,\n requestMeta?: MCPRequestMeta,\n): Promise<ResolvedMcpAppResource[]> {\n const resources = await Promise.all(\n Object.entries(actions).map(([name, entry]) =>\n resolveMcpAppResourceSafely(config, name, entry, requestMeta),\n ),\n );\n return resources.filter((resource): resource is ResolvedMcpAppResource =>\n Boolean(resource),\n );\n}\n\nfunction renderMcpAppHtml(\n resource: ResolvedMcpAppResource,\n actionName: string,\n config: MCPConfig,\n requestMeta?: MCPRequestMeta,\n): string {\n if (typeof resource.html === \"function\") {\n return resource.html({\n actionName,\n appId: config.appId,\n requestOrigin: requestMeta?.origin,\n });\n }\n return resource.html;\n}\n\nfunction openAiToolDescriptorMeta(\n resource: ResolvedMcpAppResource,\n): Record<string, unknown> {\n const label = resource.title ?? resource.name;\n const widgetCsp = metadataObject(resource._meta?.[\"openai/widgetCSP\"]);\n return {\n \"openai/outputTemplate\": resource.uri,\n \"openai/toolInvocation/invoking\": `Opening ${label}`,\n \"openai/toolInvocation/invoked\": `${label} ready`,\n \"openai/widgetAccessible\": true,\n ...(Object.keys(widgetCsp).length > 0\n ? { \"openai/widgetCSP\": widgetCsp }\n : {}),\n };\n}\n\nfunction openAiToolResultMeta(\n resource: ResolvedMcpAppResource,\n): Record<string, unknown> {\n const label = resource.title ?? resource.name;\n const widgetCsp = metadataObject(resource._meta?.[\"openai/widgetCSP\"]);\n return {\n \"openai/outputTemplate\": resource.uri,\n \"openai/toolInvocation/invoking\": `Opening ${label}`,\n \"openai/toolInvocation/invoked\": `${label} ready`,\n \"openai/widgetAccessible\": true,\n ...(Object.keys(widgetCsp).length > 0\n ? { \"openai/widgetCSP\": widgetCsp }\n : {}),\n };\n}\n\nfunction mcpAppToolUiMeta(\n resource: ResolvedMcpAppResource,\n visibility: unknown,\n): Record<string, unknown> {\n return {\n resourceUri: resource.uri,\n visibility: Array.isArray(visibility) ? visibility : [\"model\", \"app\"],\n };\n}\n\nfunction primitiveValue(value: unknown): value is string \| number \| boolean {\n return (\n typeof value === \"string\" \|\|\n typeof value === \"number\" \|\|\n typeof value === \"boolean\"\n );\n}\n\nfunction mcpAppStructuredContent(\n result: unknown,\n meta: Record<string, unknown> \| undefined,\n): Record<string, unknown> {\n const out: Record<string, unknown> =\n result && typeof result === \"object\" && !Array.isArray(result)\n ? { ...(result as Record<string, unknown>) }\n : primitiveValue(result)\n ? { result }\n : {};\n for (const key of [\"embedStartUrl\", \"startUrl\"]) {\n const value = out[key];\n if (typeof value === \"string\" && isEmbedStartUrl(value)) delete out[key];\n }\n if (typeof out.url === \"string\" && isEmbedStartUrl(out.url)) {\n delete out.url;\n }\n const openLink = meta?.[\"agent-native/openLink\"];\n if (openLink && typeof openLink === \"object\" && !Array.isArray(openLink)) {\n const webUrl = (openLink as Record<string, unknown>).webUrl;\n if (typeof webUrl === \"string\" && isEmbedStartUrl(webUrl)) {\n return Object.keys(out).length > 0 ? out : { status: \"ok\" };\n }\n out.openLink = openLink;\n if (typeof webUrl === \"string\" && !out.url) out.url = webUrl;\n }\n return Object.keys(out).length > 0 ? out : { status: \"ok\" };\n}\n\nfunction truncateToolText(value: string, max = 2000): string {\n if (value.length <= max) return value;\n return `${value.slice(0, max - 1)}…`;\n}\n\nfunction conciseMcpAppToolText(\n name: string,\n result: unknown,\n structuredContent: Record<string, unknown>,\n): string {\n if (typeof result === \"string\") return truncateToolText(result);\n const message = structuredContent.message;\n if (typeof message === \"string\" && message.trim()) {\n return truncateToolText(message.trim());\n }\n const title = structuredContent.title ?? structuredContent.name;\n if (typeof title === \"string\" && title.trim()) {\n return `${title.trim()} is ready.`;\n }\n const id = structuredContent.id;\n if (typeof id === \"string\" && id.trim()) {\n return `${name} completed for ${id.trim()}.`;\n }\n return `${name} completed.`;\n}\n\n// ---------------------------------------------------------------------------\n// MCP Server creation — converts ActionEntry registry to MCP tools\n// ---------------------------------------------------------------------------\n\n/\n Build a fully-wired MCP `Server` for a single request / session.\n \n Shared by the stateless Streamable-HTTP mount (`mountMCP`) and the stdio\n * standalone transport. The HTTP mount passes the per-request origin via\n * `requestMeta`; the stdio standalone path passes the resolved local app\n * origin so deep links still become absolute URLs.\n /\nexport async function createMCPServerForRequest(\n config: MCPConfig,\n identity: MCPCallerIdentity \| undefined,\n requestMeta?: MCPRequestMeta,\n) {\n const { Server } = await import(\"@modelcontextprotocol/sdk/server/index.js\");\n const {\n ListToolsRequestSchema,\n CallToolRequestSchema,\n ListResourcesRequestSchema,\n ReadResourceRequestSchema,\n ListResourceTemplatesRequestSchema,\n } = await import(\"@modelcontextprotocol/sdk/types.js\");\n\n // Resolve the effective caller identity. JWT / header-derived identity\n // (passed by `mountMCP` via `verifyAuth`) wins. When the caller passed no\n // identity — the stdio standalone* path — fall back to the\n // `AGENT_NATIVE_OWNER_EMAIL` env the `agent-native mcp install` flow writes\n // into the `agent-native mcp serve` process env, so standalone tool runs are\n // tenant-scoped to the configured owner instead of running unscoped. Stays\n // undefined for true dev-open (no token, no secret, no owner) — behavior\n // there is unchanged.\n const ownerFromEnv = process.env.AGENT_NATIVE_OWNER_EMAIL?.trim();\n const effectiveIdentity: MCPCallerIdentity \| undefined =\n identity ??\n (ownerFromEnv\n ? { userEmail: ownerFromEnv, orgDomain: undefined }\n : undefined);\n\n // The action set the request handlers operate on = base actions + generic\n // cross-app builtins (template wins on name collision). An authenticated\n // real caller (connect-minted token / `mcp install` owner / production —\n // `requestMeta.fullSurface`, or the stdio standalone path identified by\n // `AGENT_NATIVE_OWNER_EMAIL`) gets the full `productionActions` surface\n // even in local dev; the unauthenticated dev-open path keeps the sparse\n // `config.actions`. See `external-agents` skill, \"Dev vs production tool\n // surface\".\n const useFullSurface = requestMeta?.fullSurface === true \|\| !!ownerFromEnv;\n const baseActions =\n useFullSurface && config.productionActions\n ? config.productionActions\n : config.actions;\n const actions = mergeBuiltinTools(config, baseActions, requestMeta);\n const visibleActions = Object.fromEntries(\n Object.entries(actions).filter(([, entry]) =>\n isActionVisibleForOAuthScope(entry, effectiveIdentity?.oauthScopes),\n ),\n );\n const compactMcpAppCatalog = explicitlyRequestsFullMcpCatalog(requestMeta)\n ? false\n : (Array.isArray(effectiveIdentity?.oauthScopes) &&\n hasMcpOAuthScope(effectiveIdentity.oauthScopes, \"mcp:apps\")) \|\|\n (await isKnownMcpAppOAuthClient(effectiveIdentity)) \|\|\n shouldUseCompactMcpCatalogByDefault(effectiveIdentity, requestMeta);\n const advertisedActions = compactMcpAppCatalog\n ? Object.fromEntries(\n Object.entries(visibleActions).filter(([name, entry]) =>\n isActionAdvertisedInCompactMcpAppCatalog(name, entry, config),\n ),\n )\n : visibleActions;\n const supportsMcpApps =\n compactMcpAppCatalog \|\|\n Object.values(advertisedActions).some((entry) =>\n Boolean(entry.mcpApp?.resource),\n );\n const server = new Server(\n { name: config.name, version: config.version ?? \"1.0.0\" },\n {\n capabilities: {\n tools: {},\n ...(supportsMcpApps\n ? {\n resources: {},\n extensions: {\n [MCP_APP_EXTENSION_ID]: {\n mimeTypes: [MCP_APP_MIME_TYPE],\n },\n },\n }\n : {}),\n },\n },\n );\n\n // Resolve orgId once per request (DB lookup) so subsequent wraps are\n // synchronous. The caller identity may be undefined for true dev-open —\n // in that case we run with no userEmail/orgId, which makes downstream\n // tools that require per-user scope return empty results rather than\n // cross-tenant data (the safe default).\n const orgIdPromise = resolveOrgIdFromDomain(effectiveIdentity?.orgDomain);\n\n /*\n Wrap a callback in\n * `runWithRequestContext({ userEmail, orgId, requestOrigin }, fn)`.\n * Both the tools/list and tools/call handlers go through this so\n * downstream `accessFilter`, `resolveCredential`, and per-user MCP\n * visibility checks see the verified caller's identity. `requestOrigin`\n * is the live server origin derived from the inbound request (same value\n * used to absolutize deep links) so actions that build fetchable URLs\n * (e.g. design `export-coding-handoff`'s signed raw-code URL) resolve the\n * correct local-workspace origin instead of a prod/localhost fallback.\n /\n async function withCallerContext<T>(fn: () => Promise<T>): Promise<T> {\n const orgId = await orgIdPromise;\n return runWithRequestContext(\n {\n userEmail: effectiveIdentity?.userEmail,\n orgId,\n ...(requestMeta?.origin ? { requestOrigin: requestMeta.origin } : {}),\n },\n fn,\n ) as Promise<T>;\n }\n\n // tools/list — return all actions + ask-agent meta-tool. Wrapped in the\n // request context so per-user MCP visibility (mcp-client/visibility.ts)\n // applies to the listing too.\n server.setRequestHandler(ListToolsRequestSchema, async () => {\n return withCallerContext(async () => {\n const tools = await Promise.all(\n Object.entries(advertisedActions).map(async ([name, entry]) => {\n const hasLink = typeof entry.link === \"function\";\n const mcpAppResource = await resolveMcpAppResourceSafely(\n config,\n name,\n entry,\n requestMeta,\n );\n const rawToolMeta =\n (entry.tool as any)._meta &&\n typeof (entry.tool as any)._meta === \"object\" &&\n !Array.isArray((entry.tool as any)._meta)\n ? { ...((entry.tool as any)._meta as Record<string, unknown>) }\n : {};\n const toolMeta = {\n ...rawToolMeta,\n ...(mcpAppResource\n ? {\n ...openAiToolDescriptorMeta(mcpAppResource),\n [MCP_APP_RESOURCE_URI_META_KEY]: mcpAppResource.uri,\n ui: mcpAppToolUiMeta(\n mcpAppResource,\n entry.mcpApp?.visibility ??\n metadataObject(rawToolMeta.ui).visibility,\n ),\n }\n : {}),\n };\n const baseDescription = entry.tool.description ?? name;\n const annotations: Record<string, unknown> = {\n readOnlyHint: entry.readOnly === true,\n destructiveHint: entry.publicAgent?.isConsequential === true,\n openWorldHint: false,\n };\n if (hasLink) annotations[\"agent-native/producesOpenLink\"] = true;\n return {\n name,\n description: hasLink\n ? `${baseDescription} After calling, surface the returned \"Open in … →\" link to the user.`\n : baseDescription,\n inputSchema: entry.tool.parameters ?? {\n type: \"object\" as const,\n properties: {},\n },\n ...(Object.keys(toolMeta).length > 0 ? { _meta: toolMeta } : {}),\n annotations,\n };\n }),\n );\n\n if (\n !compactMcpAppCatalog &&\n config.askAgent &&\n hasMcpOAuthScope(effectiveIdentity?.oauthScopes, \"mcp:write\")\n ) {\n tools.push({\n name: \"ask-agent\",\n description:\n \"Send a natural-language message to the app's AI agent and get a response. \" +\n \"Use this for complex, multi-step tasks that require the agent's reasoning \" +\n \"and full context about the app.\",\n inputSchema: {\n type: \"object\" as const,\n properties: {\n message: {\n type: \"string\",\n description: \"The message to send to the agent\",\n },\n },\n required: [\"message\"],\n },\n annotations: {\n readOnlyHint: false,\n destructiveHint: false,\n openWorldHint: false,\n },\n });\n }\n\n return { tools };\n });\n });\n\n // tools/call — dispatch to action registry or ask-agent. Wrapped in the\n // request context so the action's `run(args)` and `askAgent()` execute\n // with the verified caller's identity, not the platform default.\n server.setRequestHandler(CallToolRequestSchema, async (request: any) => {\n return withCallerContext(async () => {\n const { name, arguments: args } = request.params;\n\n if (name === \"ask-agent\" && config.askAgent) {\n if (compactMcpAppCatalog) {\n return {\n content: [{ type: \"text\", text: `Unknown tool: ${name}` }],\n isError: true,\n };\n }\n if (!hasMcpOAuthScope(effectiveIdentity?.oauthScopes, \"mcp:write\")) {\n return {\n content: [\n {\n type: \"text\",\n text: \"Forbidden: OAuth scope does not allow ask-agent\",\n },\n ],\n isError: true,\n };\n }\n const message = args?.message ?? \"\";\n try {\n const result = await config.askAgent(message);\n return { content: [{ type: \"text\", text: result }] };\n } catch (err: any) {\n return {\n content: [{ type: \"text\", text: `Error: ${err.message}` }],\n isError: true,\n };\n }\n }\n\n const callableActions = compactMcpAppCatalog\n ? advertisedActions\n : actions;\n const entry = callableActions[name];\n if (!entry) {\n return {\n content: [{ type: \"text\", text: `Unknown tool: ${name}` }],\n isError: true,\n };\n }\n if (\n !isActionVisibleForOAuthScope(entry, effectiveIdentity?.oauthScopes)\n ) {\n return {\n content: [\n {\n type: \"text\",\n text: `Forbidden: OAuth scope does not allow tool ${name}`,\n },\n ],\n isError: true,\n };\n }\n\n try {\n const result = await entry.run((args as Record<string, string>) ?? {});\n const rawResult = isMcpActionResult(result) ? result.raw : result;\n const resultForClient = isMcpActionResult(result)\n ? result.text\n : result;\n const mcpAppResource = await resolveMcpAppResourceSafely(\n config,\n name,\n entry,\n requestMeta,\n );\n const { block, _meta } = buildLinkArtifacts(\n entry,\n (args as Record<string, any>) ?? {},\n rawResult,\n requestMeta,\n );\n const responseMeta: Record<string, unknown> = {\n ...(_meta ?? {}),\n ...(mcpAppResource\n ? mcpAppEmbedOpenLinkMeta(rawResult, mcpAppResource, requestMeta)\n : {}),\n ...(mcpAppResource ? openAiToolResultMeta(mcpAppResource) : {}),\n };\n const structuredContent = mcpAppResource\n ? mcpAppStructuredContent(rawResult, responseMeta)\n : undefined;\n const text = mcpAppResource\n ? conciseMcpAppToolText(name, resultForClient, structuredContent!)\n : typeof resultForClient === \"string\"\n ? resultForClient\n : JSON.stringify(resultForClient);\n const content: any[] = [{ type: \"text\", text }];\n if (block) content.push(block);\n return {\n content,\n ...(structuredContent ? { structuredContent } : {}),\n ...(Object.keys(responseMeta).length > 0\n ? { _meta: responseMeta }\n : {}),\n };\n } catch (err: any) {\n return {\n content: [{ type: \"text\", text: `Error: ${err.message}` }],\n isError: true,\n };\n }\n });\n });\n\n if (supportsMcpApps) {\n server.setRequestHandler(ListResourcesRequestSchema, async () => {\n return withCallerContext(async () => {\n const mcpAppResources = await getMcpAppResources(\n config,\n advertisedActions,\n requestMeta,\n );\n return {\n resources: mcpAppResources.map((resource) => ({\n uri: resource.uri,\n name: resource.name,\n ...(resource.title ? { title: resource.title } : {}),\n ...(resource.description\n ? { description: resource.description }\n : {}),\n mimeType: resource.mimeType,\n ...(resource._meta ? { _meta: resource._meta } : {}),\n })),\n };\n });\n });\n\n server.setRequestHandler(ListResourceTemplatesRequestSchema, async () => {\n return withCallerContext(async () => {\n const mcpAppResources = await getMcpAppResources(\n config,\n advertisedActions,\n requestMeta,\n );\n return {\n resourceTemplates: mcpAppResources.map((resource) => ({\n uriTemplate: resource.uri,\n name: resource.name,\n ...(resource.title ? { title: resource.title } : {}),\n ...(resource.description\n ? { description: resource.description }\n : {}),\n mimeType: resource.mimeType,\n ...(resource._meta ? { _meta: resource._meta } : {}),\n })),\n };\n });\n });\n\n server.setRequestHandler(\n ReadResourceRequestSchema,\n async (request: any) => {\n return withCallerContext(async () => {\n const uri = request.params?.uri;\n let found: {\n actionName: string;\n resource: ResolvedMcpAppResource;\n } \| null = null;\n for (const [name, entry] of Object.entries(advertisedActions)) {\n const resourceUri = getMcpAppResourceUri(config, name, entry);\n if (\n !resourceUri \|\|\n (resourceUri.uri !== uri &&\n !resourceUri.legacyUris?.includes(uri))\n ) {\n continue;\n }\n const resource = await resolveMcpAppResourceSafely(\n config,\n name,\n entry,\n requestMeta,\n );\n if (resource) {\n found = { actionName: name, resource };\n }\n break;\n }\n if (!found) {\n throw new Error(`MCP App resource not found: ${uri}`);\n }\n return {\n contents: [\n {\n uri,\n mimeType: found.resource.mimeType,\n text: renderMcpAppHtml(\n found.resource,\n found.actionName,\n config,\n requestMeta,\n ),\n ...(found.resource._meta\n ? { _meta: found.resource._meta }\n : {}),\n },\n ],\n };\n });\n },\n );\n }\n\n return server;\n}\n\n// ---------------------------------------------------------------------------\n// Auth — reuses the same pattern as A2A (Bearer token or JWT). Shared so the\n// HTTP mount and any stdio-side auth-aware helper resolve identity identically.\n// ---------------------------------------------------------------------------\n\nexport function getAccessTokens(): string[] {\n const single = process.env.ACCESS_TOKEN;\n const multi = process.env.ACCESS_TOKENS;\n const tokens: string[] = [];\n if (single) tokens.push(single);\n if (multi) {\n tokens.push(\n ...multi\n .split(\",\")\n .map((t) => t.trim())\n .filter(Boolean),\n );\n }\n return tokens;\n}\n\n/\n Resolve the caller identity for a static-token (or dev-open) auth path.\n \n Static `ACCESS_TOKEN` / `ACCESS_TOKENS` auth carries no per-caller claims,\n * so without this the MCP endpoint would run every tool with\n * `userEmail === undefined` and per-user / per-org scoped actions\n * (`accessFilter`, `resolveAccess`, `resolveCredential`) would return\n * empty / wrong data. The `agent-native mcp install` flow writes\n * `AGENT_NATIVE_OWNER_EMAIL` into the client config env and the stdio proxy\n * forwards it as the `X-Agent-Native-Owner-Email` request header (see\n * `mcp/stdio.ts#authHeaders`). We trust that owner hint only on the\n * static-token path — JWT auth already carries a cryptographically verified\n * `sub`, so the header is ignored there and never widens JWT scope.\n \n Precedence is server-trusted-first: the server process's\n * `AGENT_NATIVE_OWNER_EMAIL` env (set out-of-band by the operator / deploy)\n * ALWAYS wins, and a client-supplied `X-Agent-Native-Owner-Email` header is\n * honored only as a fallback when that env is unset. A static `ACCESS_TOKEN`\n * is a shared bearer secret; letting a request header override a\n * server-configured owner would let anyone holding a leaked token act as any\n * user. The header path remains for the single-tenant local-dev install flow\n * where the app server process has no owner env and the token is the\n * workspace secret; multi-tenant deployments must use A2A JWT (verified `sub`),\n * not a static token, for per-user scope.\n \n Returns `undefined` when no owner email is available (true dev-open: no\n * token, no secret, no owner) so behavior there stays unchanged.\n /\nfunction deriveStaticTokenIdentity(\n ownerEmailHeader: string \| undefined,\n): MCPCallerIdentity \| undefined {\n const owner =\n process.env.AGENT_NATIVE_OWNER_EMAIL?.trim() \|\|\n (typeof ownerEmailHeader === \"string\" && ownerEmailHeader.trim()) \|\|\n \"\";\n if (!owner) return undefined;\n return { userEmail: owner, orgDomain: undefined };\n}\n\nfunction addSecretCandidate(\n candidates: string[],\n secret: string \| null \| undefined,\n): void {\n const trimmed = secret?.trim();\n if (!trimmed \|\| candidates.includes(trimmed)) return;\n candidates.push(trimmed);\n}\n\nasync function verifyA2AJwtForMcp(\n token: string,\n): Promise<Record<string, unknown> \| null> {\n const jose = await import(\"jose\");\n let unverifiedPayload: Record<string, unknown> \| null = null;\n try {\n unverifiedPayload = jose.decodeJwt(token) as Record<string, unknown>;\n } catch {\n return null;\n }\n\n const candidateSecrets: string[] = [];\n addSecretCandidate(candidateSecrets, process.env.A2A_SECRET);\n\n const orgDomain =\n typeof unverifiedPayload.org_domain === \"string\"\n ? unverifiedPayload.org_domain\n : undefined;\n if (orgDomain) {\n try {\n const { getA2ASecretByDomain } = await import(\"../org/context.js\");\n addSecretCandidate(\n candidateSecrets,\n await getA2ASecretByDomain(orgDomain),\n );\n } catch {\n // DB not ready or org lookup unavailable — fall back to other candidates.\n }\n }\n\n for (const secret of candidateSecrets) {\n try {\n const { payload } = await jose.jwtVerify(\n token,\n new TextEncoder().encode(secret),\n );\n return payload as Record<string, unknown>;\n } catch {\n // Try the next candidate without exposing which secret matched.\n }\n }\n\n return null;\n}\n\n/\n Verify the inbound auth header. Returns:\n * - { authed: true, identity } when verified — `identity` is derived from\n * the JWT (`sub` / `org_domain`) for JWT auth, or from the\n * `AGENT_NATIVE_OWNER_EMAIL` env / `X-Agent-Native-Owner-Email` header\n * for static-token auth (the `agent-native mcp install` flow). `identity`\n * is undefined only for true dev-open with no owner hint.\n * - { authed: false } on rejection.\n \n When A2A_SECRET is set we extract the JWT's `sub` (caller email) and\n * `org_domain` claims so the MCP endpoint can wrap tool runs in\n * `runWithRequestContext({ userEmail, orgId })`. Without that wrap, the\n * MCP endpoint loses tenant identity and downstream `accessFilter` /\n * `resolveCredential` calls fall back to platform-wide defaults.\n \n `ownerEmailHeader` is the forwarded `X-Agent-Native-Owner-Email` value; it\n * is consulted ONLY on the static-token / dev-open path (never to influence\n * verified JWT identity), so the install flow runs tools as the configured\n * owner instead of an unscoped anonymous caller.\n /\nexport async function verifyAuth(\n authHeader: string \| undefined,\n ownerEmailHeader?: string \| undefined,\n options: { allowDevOpen?: boolean; resourceUrl?: string } = {},\n): Promise<{\n authed: boolean;\n identity?: MCPCallerIdentity;\n /\n The caller presented a real credential — a verified A2A/connect JWT, a\n * matching ACCESS_TOKEN, or (on the no-auth-configured path) a forwarded\n * owner-email header from `agent-native mcp install`. Drives the full vs\n * sparse MCP tool surface in local dev. The pure unauthenticated dev-open\n * path (no secret, no token, no owner header) is `false`.\n */\n fullSurface?: boolean;\n}> {\n // No auth configured → allow only when the route caller has already\n // established that this is a loopback/local dev request. Still honour an\n // owner hint there so the local install/connect flow stays tenant-scoped.\n const accessTokens = getAccessTokens();\n const hasA2ASecret = !!process.env.A2A_SECRET;\n const token = authHeader?.startsWith(\"Bearer \")\n ? authHeader.slice(7)\n : undefined;\n if (token) {\n const oauthIdentity = await verifyMcpOAuthAccessToken(\n token,\n options.resourceUrl,\n );\n if (oauthIdentity) {\n return {\n authed: true,\n identity: {\n userEmail: oauthIdentity.userEmail,\n orgDomain: oauthIdentity.orgDomain,\n oauthScopes: oauthIdentity.scopes,\n oauthClientId: oauthIdentity.clientId,\n },\n fullSurface: true,\n };\n }\n }\n if (accessTokens.length === 0 && !hasA2ASecret && !token) {\n if (options.allowDevOpen === false) {\n return { authed: false };\n }\n return {\n authed: true,\n identity: deriveStaticTokenIdentity(ownerEmailHeader),\n // `mcp install`'s stdio proxy forwards an owner-email header even when\n // the local app has no secret configured — that is a real, identified\n // caller and gets the full surface. A bare browser/curl dev probe with\n // no owner hint stays on the sparse dev surface.\n fullSurface: !!(ownerEmailHeader && ownerEmailHeader.trim()),\n };\n }\n\n if (!token) return { authed: false };\n\n // Try an A2A JWT via the shared A2A_SECRET first, then the caller org's\n // synced A2A secret when the token carries org_domain.\n const payload = await verifyA2AJwtForMcp(token);\n if (payload) {\n const tokenScope =\n typeof payload.scope === \"string\" ? payload.scope : undefined;\n if (tokenScope && tokenScope !== MCP_CONNECT_SCOPE) {\n return { authed: false };\n }\n\n // Connect-minted tokens (scope === \"mcp-connect\") carry a random `jti`\n // and are individually revocable. Only these tokens hit the revoke\n // store — ordinary A2A delegation JWTs skip the DB lookup entirely so\n // the hot path is unchanged. The signature was already\n // cryptographically verified, so failing open here only widens the\n // explicit-revoke gate, never the trust boundary.\n if (tokenScope === MCP_CONNECT_SCOPE) {\n if (typeof payload.jti !== \"string\" \|\| !payload.jti) {\n return { authed: false };\n }\n const jti = payload.jti;\n try {\n const { isJtiRevoked, touchTokenUsed } =\n await import(\"./connect-store.js\");\n if (await isJtiRevoked(jti)) {\n return { authed: false };\n }\n // Best-effort usage telemetry — never blocks / throws.\n void touchTokenUsed(jti);\n } catch {\n // Store import / lookup failed — fail open (see comment above).\n }\n }\n\n return {\n authed: true,\n identity: {\n userEmail: typeof payload.sub === \"string\" ? payload.sub : undefined,\n orgDomain:\n typeof payload.org_domain === \"string\"\n ? (payload.org_domain as string)\n : undefined,\n },\n // Verified JWT (connect-minted or A2A delegation) — a real caller.\n fullSurface: true,\n };\n }\n\n if (accessTokens.length === 0 && !hasA2ASecret) {\n if (options.allowDevOpen === false) {\n return { authed: false };\n }\n return {\n authed: true,\n identity: deriveStaticTokenIdentity(ownerEmailHeader),\n fullSurface: !!(ownerEmailHeader && ownerEmailHeader.trim()),\n };\n }\n\n // Try ACCESS_TOKEN / ACCESS_TOKENS exact match. Static tokens carry no\n // per-caller claims, so derive identity from the forwarded owner-email\n // hint (install flow) — otherwise tools would run unscoped.\n if (accessTokens.length > 0 && accessTokens.includes(token)) {\n return {\n authed: true,\n identity: deriveStaticTokenIdentity(ownerEmailHeader),\n // Matched a configured ACCESS_TOKEN — a real caller.\n fullSurface: true,\n };\n }\n\n return { authed: false };\n}\n\nexport async function resolveOrgIdFromDomain(\n orgDomain: string \| undefined,\n): Promise<string \| undefined> {\n if (!orgDomain) return undefined;\n try {\n const { resolveOrgByDomain } = await import(\"../org/context.js\");\n const org = await resolveOrgByDomain(orgDomain);\n return org?.orgId ?? undefined;\n } catch {\n return undefined;\n }\n}\n"]}

package/dist/mcp/embed-app.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"embed-app.d.ts","sourceRoot":"","sources":["../../src/mcp/embed-app.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAM/D,eAAO,MAAM,iCAAiC,mBAAmB,CAAC;AAElE,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAChD,eAAO,MAAM,+BAA+B,QACkB,CAAC;AAE/D,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAUD,wBAAgB,QAAQ,CACtB,OAAO,GAAE,eAAoB,GAC5B,0BAA0B,~~CA2mC5B~~"}
1	+ {"version":3,"file":"embed-app.d.ts","sourceRoot":"","sources":["../../src/mcp/embed-app.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAM/D,eAAO,MAAM,iCAAiC,mBAAmB,CAAC;AAElE,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAChD,eAAO,MAAM,+BAA+B,QACkB,CAAC;AAE/D,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAUD,wBAAgB,QAAQ,CACtB,OAAO,GAAE,eAAoB,GAC5B,0BAA0B,CA8mC5B"}

package/dist/mcp/embed-app.js CHANGED Viewed

@@ -632,22 +632,25 @@ export function embedApp(options = {}) {
       clearFrameReadyTimer();
       clearFrameLoadTimer();
       appFrame = null;
+      const fallbackCopy = openUrl
+        ? "This chat host did not allow the embedded app frame to load inline. You can still open the same app route through the host or use the URL below."
+        : "This chat host did not allow the embedded app frame to load inline.";
       stage.innerHTML =
         '<div class="fallback">' +
           '<div class="fallback-title">Open this app in its own tab</div>' +
-          '<div class="fallback-copy">This chat host did not allow the embedded app frame to load inline. You can still open the same app route through the host or use the URL below.</div>' +
+          '<div class="fallback-copy">' + esc(fallbackCopy) + '</div>' +
           '<div class="fallback-actions">' +
             '<button type="button" data-fallback-open>Open app</button>' +
             '<button type="button" data-fallback-retry>Try inline again</button>' +
           '</div>' +
-          (openUrl || openStartUrl ? '<a class="fallback-url" href="' + esc(openUrl || openStartUrl) + '" target="_blank" rel="noreferrer">' + esc(openUrl || openStartUrl) + '</a>' : '') +
+          (openUrl ? '<a class="fallback-url" href="' + esc(openUrl) + '" target="_blank" rel="noreferrer">' + esc(openUrl) + '</a>' : '') +
         '</div>';
       const fallbackOpen = stage.querySelector("[data-fallback-open]");
       const fallbackRetry = stage.querySelector("[data-fallback-retry]");
       if (fallbackOpen) {
-        fallbackOpen.disabled = !(openUrl || openStartUrl);
+        fallbackOpen.disabled = !openUrl;
         fallbackOpen.onclick = () => {
-          if (openUrl || openStartUrl) void openFallbackExternal();
+          if (openUrl) void openFallbackExternal();
         };
       }
       if (fallbackRetry) {
@@ -659,6 +662,7 @@ export function embedApp(options = {}) {
     }
     async function openFallbackExternal() {
+      if (!openUrl) return;
       let url = withChatBridgeParam(openUrl);
       try {
         if (url) {
@@ -671,7 +675,6 @@ export function embedApp(options = {}) {
       } catch (err) {
         console.warn("[agent-native] MCP fallback could not mint a fresh app session", err);
       }
-      if (!url) url = withChatBridgeParam(openStartUrl);
       await openHostLink({ url });
     }
@@ -1008,7 +1011,7 @@ export function embedApp(options = {}) {
     }
     function updateOpenButton() {
-      const buttonUrl = openUrl || openStartUrl;
+      const buttonUrl = openUrl;
       openButton.disabled = !buttonUrl;
       openButton.onclick = () => {
         if (buttonUrl) void openHostLink({ url: buttonUrl });

package/dist/mcp/embed-app.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"embed-app.js","sourceRoot":"","sources":["../../src/mcp/embed-app.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,+BAA+B,EAAE,MAAM,yBAAyB,CAAC;AAE1E,MAAM,cAAc,GAClB,mEAAmE,CAAC;AAEtE,MAAM,CAAC,MAAM,iCAAiC,GAAG,gBAAgB,CAAC;AAClE,MAAM,6BAA6B,GAAG,EAAE,CAAC;AACzC,MAAM,CAAC,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAChD,MAAM,CAAC,MAAM,+BAA+B,GAC1C,4BAA4B,GAAG,6BAA6B,CAAC;AAa/D,SAAS,IAAI,CAAC,KAAyB;IACrC,OAAO,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,QAAQ,CACtB,UAA2B,EAAE;IAE7B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC;IAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,kBAAkB,CAAC;IAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,aAAa,CAAC;IACrD,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,sBAAsB,CAAC;IACtE,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,KAAK,KAAK,CAAC;IACxD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CACrB,GAAG,EACH,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,IAAI,4BAA4B,CAAC,CAC9D,CAAC;IACF,MAAM,cAAc,GAAG,MAAM,GAAG,6BAA6B,CAAC;IAC9D,MAAM,YAAY,GAAG;QACnB,iCAAiC;QACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;KAChC,CAAC;IAEF,OAAO;QACL,KAAK;QACL,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,IAAI,EAAE,GAAG,EAAE,CAAC;;;;;;8MAM8L,MAAM,uCAAuC,cAAc;;;;;;;;;;;;;;;;;;;;oBAoBrP,IAAI,CAAC,KAAK,CAAC;uBACR,IAAI,CAAC,WAAW,CAAC;qBACnB,IAAI,CAAC,SAAS,CAAC;qBACf,IAAI,CAAC,aAAa,CAAC;wBAChB,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;;;;4CAIN,IAAI,CAAC,KAAK,CAAC;;;mDAGJ,IAAI,CAAC,SAAS,CAAC;;;;;;;;;;;;;;;8BAepC,IAAI,CAAC,SAAS,CAAC,+BAA+B,CAAC;qCACxC,MAAM;2BAChB,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sCA++BlB,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAkC5C;QACJ,GAAG,EAAE;YACH,cAAc,EAAE;gBACd,gBAAgB;gBAChB,iCAAiC;gBACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;aAChC;YACD,eAAe,EAAE;gBACf,gBAAgB;gBAChB,iCAAiC;gBACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;aAChC;YACD,cAAc,EAAE,CAAC,iCAAiC,CAAC;YACnD,YAAY;SACb;QACD,aAAa,EAAE,KAAK;KACrB,CAAC;AACJ,CAAC","sourcesContent":["import type { ActionMcpAppResourceConfig } from \"../action.js\";\nimport { MCP_APP_CHAT_BRIDGE_QUERY_PARAM } from \"../shared/embed-auth.js\";\n\nconst MCP_APP_IMPORT =\n \"https://esm.sh/@modelcontextprotocol/ext-apps@1.7.2/app-with-deps\";\n\nexport const MCP_APP_REQUEST_ORIGIN_CSP_SOURCE = \"$requestOrigin\";\nconst MCP_APP_WRAPPER_CHROME_HEIGHT = 44;\nexport const DEFAULT_MCP_APP_SHELL_HEIGHT = 560;\nexport const DEFAULT_MCP_APP_VIEWPORT_HEIGHT =\n DEFAULT_MCP_APP_SHELL_HEIGHT - MCP_APP_WRAPPER_CHROME_HEIGHT;\n\nexport interface EmbedAppOptions {\n title?: string;\n description?: string;\n iframeTitle?: string;\n openLabel?: string;\n embedByDefault?: boolean;\n startToolName?: string;\n frameDomains?: string[];\n height?: number;\n}\n\nfunction attr(value: string \| undefined): string {\n return String(value ?? \"\")\n .replace(/&/g, \"&\")\n .replace(/\"/g, \""\")\n .replace(/</g, \"<\")\n .replace(/>/g, \">\");\n}\n\nexport function embedApp(\n options: EmbedAppOptions = {},\n): ActionMcpAppResourceConfig {\n const title = options.title ?? \"Open app\";\n const iframeTitle = options.iframeTitle ?? \"Agent Native app\";\n const openLabel = options.openLabel ?? \"Open in app\";\n const startToolName = options.startToolName ?? \"create_embed_session\";\n const embedByDefault = options.embedByDefault !== false;\n const height = Math.max(\n 320,\n Math.min(900, options.height ?? DEFAULT_MCP_APP_SHELL_HEIGHT),\n );\n const viewportHeight = height - MCP_APP_WRAPPER_CHROME_HEIGHT;\n const frameDomains = [\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ];\n\n return {\n title,\n ...(options.description ? { description: options.description } : {}),\n html: () => `<!doctype html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <style>\n :root { color-scheme: light dark; font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif; background: Canvas; color: CanvasText; --agent-native-shell-height: ${height}px; --agent-native-viewport-height: ${viewportHeight}px; }\n * { box-sizing: border-box; }\n body { margin: 0; }\n .shell { display: grid; gap: 8px; min-height: var(--agent-native-shell-height); padding: 0; }\n .bar { display: flex; align-items: center; justify-content: space-between; gap: 8px; min-height: 36px; padding: 6px 8px; border-bottom: 1px solid color-mix(in srgb, CanvasText 12%, Canvas); }\n .title { min-width: 0; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; font-size: 12px; font-weight: 700; color: color-mix(in srgb, CanvasText 72%, Canvas); }\n .actions { display: flex; align-items: center; gap: 6px; }\n button { min-height: 28px; border: 1px solid color-mix(in srgb, CanvasText 14%, Canvas); border-radius: 7px; background: Canvas; color: CanvasText; cursor: pointer; font: inherit; font-size: 12px; font-weight: 700; padding: 0 9px; }\n button:disabled { opacity: .55; cursor: default; }\n .stage { position: relative; min-height: var(--agent-native-viewport-height); }\n iframe { display: block; width: 100%; height: var(--agent-native-viewport-height); border: 0; background: Canvas; }\n .message { display: grid; place-items: center; min-height: var(--agent-native-viewport-height); padding: 18px; color: color-mix(in srgb, CanvasText 62%, Canvas); font-size: 13px; line-height: 1.45; text-align: center; }\n .fallback { display: grid; align-content: center; justify-items: center; gap: 12px; min-height: var(--agent-native-viewport-height); padding: 24px; background: Canvas; color: CanvasText; text-align: center; }\n .fallback-title { max-width: 440px; font-size: 14px; font-weight: 700; }\n .fallback-copy { max-width: 520px; color: color-mix(in srgb, CanvasText 64%, Canvas); font-size: 13px; line-height: 1.45; }\n .fallback-actions { display: flex; flex-wrap: wrap; align-items: center; justify-content: center; gap: 8px; }\n .fallback-url { max-width: min(560px, 100%); overflow-wrap: anywhere; color: color-mix(in srgb, CanvasText 76%, Canvas); font-size: 12px; }\n </style>\n</head>\n<body\n data-app-title=\"${attr(title)}\"\n data-iframe-title=\"${attr(iframeTitle)}\"\n data-open-label=\"${attr(openLabel)}\"\n data-start-tool=\"${attr(startToolName)}\"\n data-embed-default=\"${embedByDefault ? \"1\" : \"0\"}\"\n>\n <main class=\"shell\">\n <div class=\"bar\">\n <div class=\"title\" data-title-label>${attr(title)}</div>\n <div class=\"actions\">\n <button type=\"button\" data-display hidden disabled>Fullscreen</button>\n <button type=\"button\" data-open disabled>${attr(openLabel)}</button>\n </div>\n </div>\n <section class=\"stage\" data-stage>\n <div class=\"message\">Preparing app</div>\n </section>\n </main>\n <script type=\"module\">\n const body = document.body;\n const stage = document.querySelector(\"[data-stage]\");\n const titleEl = document.querySelector(\"[data-title-label]\");\n const openButton = document.querySelector(\"[data-open]\");\n const displayButton = document.querySelector(\"[data-display]\");\n const startTool = body.dataset.startTool \|\| \"create_embed_session\";\n const embedByDefault = body.dataset.embedDefault !== \"0\";\n const chatBridgeParam = ${JSON.stringify(MCP_APP_CHAT_BRIDGE_QUERY_PARAM)};\n const defaultIntrinsicHeight = ${height};\n const chromeHeight = ${MCP_APP_WRAPPER_CHROME_HEIGHT};\n const frameReadyMessageDelays = [0, 200, 500, 1500, 3000, 7000, 15000, 30000];\n const frameReadyTimeoutMs = 45000;\n const frameLoadTimeoutMs = 45000;\n let app = null;\n let openAiBridge = null;\n let toolInput = {};\n let openUrl = \"\";\n let openStartUrl = \"\";\n let startedFor = \"\";\n let appFrame = null;\n let appFrameReady = false;\n let appFrameReadyTimer = null;\n let appFrameLoadTimer = null;\n let lastFrameSrc = \"\";\n\n function esc(value) {\n return String(value ?? \"\")\n .replace(/&/g, \"&\")\n .replace(/</g, \"<\")\n .replace(/>/g, \">\")\n .replace(/\"/g, \""\");\n }\n\n function parseJson(value, fallback) {\n if (value && typeof value === \"object\") return value;\n if (typeof value !== \"string\" \|\| !value.trim()) return fallback;\n try { return JSON.parse(value); } catch { return fallback; }\n }\n\n function objectValue(value) {\n return value && typeof value === \"object\" && !Array.isArray(value)\n ? value\n : {};\n }\n\n function finiteNumber(value) {\n return typeof value === \"number\" && Number.isFinite(value) && value > 0\n ? value\n : null;\n }\n\n function contextMaxHeight(context) {\n if (!context \|\| typeof context !== \"object\") return null;\n return finiteNumber(context.maxHeight) \|\|\n finiteNumber(context.containerDimensions && context.containerDimensions.maxHeight);\n }\n\n function visibleIntrinsicHeight() {\n const context = hostState().context \|\| {};\n const hostMaxHeight = contextMaxHeight(context);\n if (hostMaxHeight) return Math.floor(hostMaxHeight);\n const viewportHeight = finiteNumber(window.visualViewport && window.visualViewport.height) \|\|\n finiteNumber(window.innerHeight);\n return Math.floor(viewportHeight \|\| defaultIntrinsicHeight);\n }\n\n function applyIntrinsicHeight(nextHeight) {\n const boundedHeight = Math.min(\n defaultIntrinsicHeight,\n Math.floor(nextHeight \|\| defaultIntrinsicHeight)\n );\n const height = Math.max(320, boundedHeight);\n const viewportHeight = Math.max(0, height - chromeHeight);\n document.documentElement.style.setProperty(\"--agent-native-shell-height\", height + \"px\");\n document.documentElement.style.setProperty(\"--agent-native-viewport-height\", viewportHeight + \"px\");\n if (appFrame) appFrame.style.height = viewportHeight + \"px\";\n return height;\n }\n\n function parseToolResult(params) {\n if (!params) return {};\n if (params.result && typeof params.result === \"object\") {\n return parseToolResult(params.result);\n }\n if (params.toolResult && typeof params.toolResult === \"object\") {\n return parseToolResult(params.toolResult);\n }\n if (params.structuredContent && typeof params.structuredContent === \"object\") {\n return params.structuredContent;\n }\n const parts = Array.isArray(params.content) ? params.content : [];\n const textPart = parts.find((part) => part && part.type === \"text\" && typeof part.text === \"string\");\n const text = textPart ? textPart.text : \"\";\n if (params.isError && typeof text === \"string\" && text.trim()) {\n return { error: text.trim() };\n }\n return parseJson(text, {});\n }\n\n function openLinkRecordFrom(value) {\n return value && typeof value === \"object\" && !Array.isArray(value)\n ? value\n : {};\n }\n\n function openLinkWebUrlFrom(value) {\n const record = openLinkRecordFrom(value);\n return typeof record.webUrl === \"string\" ? record.webUrl : \"\";\n }\n\n function firstNonEmbedStartUrl(values) {\n for (const value of values) {\n if (typeof value === \"string\" && value && !isEmbedStartUrl(value)) return value;\n }\n return \"\";\n }\n\n function firstEmbedStartUrl(values) {\n for (const value of values) {\n if (typeof value === \"string\" && value && isEmbedStartUrl(value)) {\n return withChatBridgeParam(value);\n }\n }\n return \"\";\n }\n\n function openLinkFrom(params, data) {\n const openLink = params && params._meta && params._meta[\"agent-native/openLink\"];\n const metaUrl = openLinkWebUrlFrom(openLink);\n const record = data && typeof data === \"object\" ? data : {};\n const structuredOpenLinkUrl = openLinkWebUrlFrom(record.openLink);\n return firstNonEmbedStartUrl([\n record.embedTargetPath,\n record.deepLinkUrl,\n record.deepLink,\n record.openUrl,\n record.url,\n structuredOpenLinkUrl,\n metaUrl\n ]);\n }\n\n function embedStartUrlFrom(params, data) {\n const embedStart =\n params && params._meta && params._meta[\"agent-native/embedStart\"];\n const embedStartRecord =\n embedStart && typeof embedStart === \"object\" && !Array.isArray(embedStart)\n ? embedStart\n : {};\n const openLink = params && params._meta && params._meta[\"agent-native/openLink\"];\n const metaUrl = openLinkWebUrlFrom(openLink);\n const record = data && typeof data === \"object\" ? data : {};\n return firstEmbedStartUrl([\n embedStartRecord.startUrl,\n record.embedStartUrl,\n record.startUrl,\n record.url,\n openLinkWebUrlFrom(record.openLink),\n metaUrl\n ]);\n }\n\n function hostState() {\n if (openAiBridge) {\n return {\n context: {\n displayMode: openAiBridge.displayMode,\n availableDisplayModes: typeof openAiBridge.requestDisplayMode === \"function\"\n ? [\"inline\", \"fullscreen\", \"pip\"]\n : [],\n maxHeight: openAiBridge.maxHeight,\n locale: openAiBridge.locale,\n theme: openAiBridge.theme,\n view: openAiBridge.view\n },\n capabilities: { openai: true },\n version: openAiBridge.userAgent\n };\n }\n return {\n context: app && app.getHostContext ? app.getHostContext() : undefined,\n capabilities: app && app.getHostCapabilities ? app.getHostCapabilities() : undefined,\n version: app && app.getHostVersion ? app.getHostVersion() : undefined\n };\n }\n\n function sendToAppFrame(message) {\n if (!appFrame \|\| !appFrame.contentWindow) return;\n try { appFrame.contentWindow.postMessage(message, \"\"); } catch {}\n }\n\n function sendHostContext() {\n sendToAppFrame({ type: \"agentNative.mcpHostContext\", data: hostState() });\n }\n\n function sendFrameReadyMessages(frame) {\n const originPayload = { type: \"agentNative.frameOrigin\", origin: window.location.origin };\n frameReadyMessageDelays.forEach((delay) => {\n setTimeout(() => {\n try { frame.contentWindow && frame.contentWindow.postMessage(originPayload, \"\"); } catch {}\n sendHostContext();\n }, delay);\n });\n }\n\n function withChatBridgeParam(value) {\n if (typeof value !== \"string\" \|\| !value) return value;\n try {\n const base = \"http://agent-native.invalid\";\n const url = value.startsWith(\"/\") ? new URL(value, base) : new URL(value);\n url.searchParams.set(chatBridgeParam, \"1\");\n return value.startsWith(\"/\")\n ? url.pathname + url.search + url.hash\n : url.toString();\n } catch {\n return value;\n }\n }\n\n function embedSessionArgsFor(value) {\n const chrome = typeof toolInput.chrome === \"string\" ? toolInput.chrome : \"full\";\n return typeof value === \"string\" && value.startsWith(\"/\")\n ? { path: value, chrome }\n : { url: value, chrome };\n }\n\n function isEmbedStartUrl(value) {\n if (typeof value !== \"string\" \|\| !value) return false;\n try {\n const url = new URL(value, window.location.href);\n return url.pathname.endsWith(\"/_agent-native/embed/start\");\n } catch {\n return false;\n }\n }\n\n function localPathFromUrl(url, includeToken) {\n const next = new URL(url.href);\n if (!includeToken) next.searchParams.delete(\"__an_embed_token\");\n return next.pathname + next.search + next.hash;\n }\n\n function rewriteRootRelativeHtmlUrls(html, appOrigin) {\n return String(html).replace(\n /\\\\b(src\|href\|poster\|action)\\\\s=\\\\s([\"'])\\\\/(?!\\\\/)/gi,\n (_match, name, quote) => String(name) + \"=\" + quote + appOrigin + \"/\"\n );\n }\n\n function removeHtmlCspMeta(html) {\n return String(html).replace(\n /<meta\\\\s+[^>]http-equiv\\\\s=\\\\s([\"'])?content-security-policy\\\\1?[^>]>/gi,\n \"\"\n );\n }\n\n function embedConfigForAppUrl(appUrl) {\n const sanitizedTarget = localPathFromUrl(appUrl, false);\n return {\n origin: appUrl.origin,\n href: appUrl.href,\n baseHref: appUrl.origin + appUrl.pathname,\n target: sanitizedTarget,\n token: appUrl.searchParams.get(\"__an_embed_token\") \|\| \"\",\n chatBridgeActive: appUrl.searchParams.get(chatBridgeParam) === \"1\",\n chatBridgeParam,\n embedTokenParam: \"__an_embed_token\",\n embedTargetHeader: \"x-agent-native-embed-target\"\n };\n }\n\n function installExternalEmbedRuntime(config) {\n window.__AGENT_NATIVE_EXTERNAL_EMBED = config;\n try {\n if (config.target) {\n window.history.replaceState(window.history.state, \"\", config.target);\n }\n } catch (_err) {}\n try {\n if (config.token) {\n sessionStorage.setItem(\"agent-native:embed-auth-token\", config.token);\n }\n if (config.chatBridgeActive && config.token) {\n sessionStorage.setItem(\"agent-native:mcp-chat-bridge\", config.token);\n }\n } catch (_err) {}\n if (window.__agentNativeExternalEmbedRuntimeInstalled) return;\n window.__agentNativeExternalEmbedRuntimeInstalled = true;\n function appOrigin() {\n try {\n return new URL(config.origin).origin;\n } catch (_err) {\n return \"\";\n }\n }\n function targetPath() {\n return config.target \|\| location.pathname + location.search;\n }\n function rewrittenUrl(value, appendToken) {\n const origin = appOrigin();\n if (!origin) return null;\n let url;\n try {\n url = new URL(value, location.href);\n } catch (_err) {\n return null;\n }\n if (url.origin !== location.origin && url.origin !== origin) return null;\n if (url.origin !== origin) {\n const app = new URL(origin);\n url.protocol = app.protocol;\n url.host = app.host;\n }\n if (appendToken && config.token && url.pathname === \"/_agent-native/events\") {\n url.searchParams.set(config.embedTokenParam, config.token);\n }\n return url.toString();\n }\n function authHeaders(input, init) {\n const headers = new Headers(\n init && init.headers ? init.headers : input instanceof Request ? input.headers : undefined\n );\n if (config.token && !headers.has(\"Authorization\")) {\n headers.set(\"Authorization\", \"Bearer \" + config.token);\n }\n if (!headers.has(config.embedTargetHeader)) {\n headers.set(config.embedTargetHeader, targetPath());\n }\n return headers;\n }\n if (typeof fetch === \"function\") {\n const originalFetch = fetch.bind(window);\n window.fetch = function(input, init) {\n const raw = input instanceof Request ? input.url : String(input);\n const url = rewrittenUrl(raw, false);\n if (!url) return originalFetch(input, init);\n const nextInit = Object.assign({}, init \|\| {}, {\n headers: authHeaders(input, init),\n credentials: \"omit\"\n });\n if (input instanceof Request) {\n return originalFetch(new Request(url, input), nextInit);\n }\n return originalFetch(url, nextInit);\n };\n }\n if (typeof XMLHttpRequest !== \"undefined\") {\n const originalOpen = XMLHttpRequest.prototype.open;\n const originalSend = XMLHttpRequest.prototype.send;\n XMLHttpRequest.prototype.open = function(method, url) {\n const rewritten = rewrittenUrl(url, false);\n this.__agentNativeExternalEmbed = !!rewritten;\n return originalOpen.call(\n this,\n method,\n rewritten \|\| url,\n arguments.length > 2 ? arguments[2] : true,\n arguments[3],\n arguments[4]\n );\n };\n XMLHttpRequest.prototype.send = function(body) {\n if (this.__agentNativeExternalEmbed) {\n try {\n if (config.token) this.setRequestHeader(\"Authorization\", \"Bearer \" + config.token);\n this.setRequestHeader(config.embedTargetHeader, targetPath());\n } catch (_err) {}\n }\n return originalSend.call(this, body);\n };\n }\n if (typeof EventSource !== \"undefined\") {\n const OriginalEventSource = EventSource;\n window.EventSource = function(url, options) {\n return new OriginalEventSource(rewrittenUrl(url, true) \|\| url, options);\n };\n window.EventSource.prototype = OriginalEventSource.prototype;\n }\n }\n\n function copyDocumentElementAttributes(source) {\n const target = document.documentElement;\n for (const attr of Array.from(target.attributes)) {\n target.removeAttribute(attr.name);\n }\n for (const attr of Array.from(source.attributes)) {\n target.setAttribute(attr.name, attr.value);\n }\n }\n\n function importChildren(source, target) {\n target.replaceChildren(\n ...Array.from(source.childNodes).map((node) => document.importNode(node, true))\n );\n }\n\n function isModuleScript(script) {\n return (script.getAttribute(\"type\") \|\| \"\").trim().toLowerCase() === \"module\";\n }\n\n function isRunnableClassicScript(script) {\n const type = (script.getAttribute(\"type\") \|\| \"\").trim().toLowerCase();\n return !type \|\| type === \"text/javascript\" \|\| type === \"application/javascript\";\n }\n\n function runClassicScript(script) {\n const next = document.createElement(\"script\");\n for (const attr of Array.from(script.attributes)) {\n if (attr.name === \"type\") continue;\n next.setAttribute(attr.name, attr.value);\n }\n if (script.src) {\n next.src = script.src;\n } else {\n next.textContent = script.textContent \|\| \"\";\n }\n document.body.appendChild(next);\n next.remove();\n }\n\n function rootRelativeSpecifiersToAbsolute(code, appOrigin) {\n return String(code).replace(/([\"'])\\\\/(?!\\\\/)/g, \"$1\" + appOrigin + \"/\");\n }\n\n function moduleCodeToClassicAsync(code, appOrigin) {\n return rootRelativeSpecifiersToAbsolute(code, appOrigin)\n .replace(\n /\\\\bimport\\\\s+\\\\\\\\s+as\\\\s+([A-Za-z_$][\\\\w$])\\\\s+from\\\\s+([\"'][^\"']+[\"'])\\\\s;?/g,\n \"const $1 = await import($2);\"\n )\n .replace(/\\\\bimport\\\\s+([\"'][^\"']+[\"'])\\\\s;?/g, \"await import($1);\")\n .replace(/\\\\bimport\\\$([\"'][^\"']+[\"'])\\\$\\\\s*;?/g, \"await import($1);\");\n }\n\n function runModuleScriptAsClassic(script, appOrigin) {\n const code = moduleCodeToClassicAsync(script.textContent \|\| \"\", appOrigin);\n const runner = document.createElement(\"script\");\n runner.textContent =\n \"(async()=>{\" +\n code +\n \"})().catch((err)=>{console.error('[agent-native] transplanted app module failed',err);document.body.setAttribute('data-agent-native-hydration-error',String(err&&err.message\|\|err));});\";\n document.body.appendChild(runner);\n runner.remove();\n }\n\n function mountTransplantedHtml(html, appUrl) {\n const config = embedConfigForAppUrl(appUrl);\n installExternalEmbedRuntime(config);\n const parsed = new DOMParser().parseFromString(\n rewriteRootRelativeHtmlUrls(removeHtmlCspMeta(html), appUrl.origin),\n \"text/html\"\n );\n const scripts = Array.from(parsed.querySelectorAll(\"script\"));\n copyDocumentElementAttributes(parsed.documentElement);\n importChildren(parsed.head, document.head);\n const base = document.createElement(\"base\");\n base.href = config.baseHref;\n document.head.prepend(base);\n importChildren(parsed.body, document.body);\n for (const script of scripts) {\n if (isRunnableClassicScript(script)) runClassicScript(script);\n }\n for (const script of scripts) {\n if (isModuleScript(script)) runModuleScriptAsClassic(script, appUrl.origin);\n }\n }\n\n async function transplantAppDocument(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n lastFrameSrc = src;\n setMessage(\"Loading app\");\n const response = await fetch(src, {\n credentials: \"omit\",\n redirect: \"follow\",\n headers: { Accept: \"text/html\" }\n });\n if (!response.ok) {\n throw new Error(\"Embedded app returned HTTP \" + response.status + \".\");\n }\n const html = await response.text();\n const appUrl = new URL(response.url \|\| src);\n try {\n window.history.replaceState(window.history.state, \"\", localPathFromUrl(appUrl, false));\n } catch {}\n mountTransplantedHtml(html, appUrl);\n notifyHostHeightRepeatedly();\n }\n\n function wantsEmbed() {\n if (toolInput.embed === false \|\| toolInput.embed === \"false\") return false;\n if (embedByDefault) return true;\n return toolInput.embed === true \|\| toolInput.embed === \"true\";\n }\n\n function supportedDisplayMode(mode) {\n if (openAiBridge && typeof openAiBridge.requestDisplayMode === \"function\") {\n return mode === \"inline\" \|\| mode === \"fullscreen\" \|\| mode === \"pip\";\n }\n const modes = hostState().context && hostState().context.availableDisplayModes;\n return Array.isArray(modes) && modes.includes(mode);\n }\n\n async function requestHostDisplayMode(mode) {\n let result;\n if (openAiBridge && typeof openAiBridge.requestDisplayMode === \"function\") {\n result = await openAiBridge.requestDisplayMode({ mode });\n } else {\n if (!app \|\| typeof app.requestDisplayMode !== \"function\") {\n throw new Error(\"Display mode changes are not available in this host.\");\n }\n result = await app.requestDisplayMode({ mode });\n }\n updateDisplayButton();\n sendHostContext();\n return result;\n }\n\n function updateDisplayButton() {\n const context = hostState().context \|\| {};\n const nextMode = context.displayMode === \"fullscreen\" ? \"inline\" : \"fullscreen\";\n const supported = supportedDisplayMode(nextMode);\n displayButton.hidden = !supported;\n displayButton.disabled = !supported;\n displayButton.textContent = nextMode === \"fullscreen\" ? \"Fullscreen\" : \"Inline\";\n displayButton.onclick = () => {\n if (!supportedDisplayMode(nextMode)) return;\n void requestHostDisplayMode(nextMode).catch((err) => {\n console.warn(\"[agent-native] MCP host rejected display mode request\", err);\n });\n };\n }\n\n function setMessage(message) {\n stage.innerHTML = '<div class=\"message\">' + esc(message) + '</div>';\n }\n\n function clearFrameReadyTimer() {\n if (!appFrameReadyTimer) return;\n clearTimeout(appFrameReadyTimer);\n appFrameReadyTimer = null;\n }\n\n function clearFrameLoadTimer() {\n if (!appFrameLoadTimer) return;\n clearTimeout(appFrameLoadTimer);\n appFrameLoadTimer = null;\n }\n\n function startFrameReadyTimer(frame) {\n clearFrameReadyTimer();\n appFrameReadyTimer = setTimeout(() => {\n if (!appFrameReady && appFrame === frame) renderFrameFallback();\n }, frameReadyTimeoutMs);\n }\n\n function renderFrameFallback() {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n stage.innerHTML =\n '<div class=\"fallback\">' +\n '<div class=\"fallback-title\">Open this app in its own tab</div>' +\n '<div class=\"fallback-copy\">This chat host did not allow the embedded app frame to load inline. You can still open the same app route through the host or use the URL below.</div>' +\n '<div class=\"fallback-actions\">' +\n '<button type=\"button\" data-fallback-open>Open app</button>' +\n '<button type=\"button\" data-fallback-retry>Try inline again</button>' +\n '</div>' +\n (openUrl \|\| openStartUrl ? '<a class=\"fallback-url\" href=\"' + esc(openUrl \|\| openStartUrl) + '\" target=\"_blank\" rel=\"noreferrer\">' + esc(openUrl \|\| openStartUrl) + '</a>' : '') +\n '</div>';\n const fallbackOpen = stage.querySelector(\"[data-fallback-open]\");\n const fallbackRetry = stage.querySelector(\"[data-fallback-retry]\");\n if (fallbackOpen) {\n fallbackOpen.disabled = !(openUrl \|\| openStartUrl);\n fallbackOpen.onclick = () => {\n if (openUrl \|\| openStartUrl) void openFallbackExternal();\n };\n }\n if (fallbackRetry) {\n fallbackRetry.disabled = !lastFrameSrc;\n fallbackRetry.onclick = () => {\n if (lastFrameSrc) renderFrame(lastFrameSrc);\n };\n }\n }\n\n async function openFallbackExternal() {\n let url = withChatBridgeParam(openUrl);\n try {\n if (url) {\n const result = await callEmbedSessionTool(embedSessionArgsFor(url));\n const data = parseToolResult(result);\n if (typeof data.startUrl === \"string\" && data.startUrl) {\n url = withChatBridgeParam(data.startUrl);\n }\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP fallback could not mint a fresh app session\", err);\n }\n if (!url) url = withChatBridgeParam(openStartUrl);\n await openHostLink({ url });\n }\n\n function renderFrame(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n const frame = document.createElement(\"iframe\");\n frame.title = body.dataset.iframeTitle \|\| \"Agent Native app\";\n frame.src = src;\n frame.allow = \"clipboard-read; clipboard-write\";\n appFrame = frame;\n appFrameReady = false;\n lastFrameSrc = src;\n frame.addEventListener(\"load\", () => {\n if (appFrame !== frame) return;\n clearFrameLoadTimer();\n sendFrameReadyMessages(frame);\n startFrameReadyTimer(frame);\n });\n stage.replaceChildren(frame);\n notifyHostHeight();\n appFrameLoadTimer = setTimeout(() => {\n if (!appFrameReady && appFrame === frame) renderFrameFallback();\n }, frameLoadTimeoutMs);\n }\n\n function refreshExpiredEmbedSession() {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrameReady = false;\n if (!openUrl) {\n renderFrameFallback();\n return;\n }\n openStartUrl = \"\";\n startedFor = \"\";\n lastFrameSrc = \"\";\n setMessage(\"Refreshing app session\");\n void launchEmbed();\n }\n\n function shouldSelfNavigateToApp() {\n const mode = typeof toolInput.embedMode === \"string\"\n ? toolInput.embedMode\n : typeof toolInput.renderMode === \"string\"\n ? toolInput.renderMode\n : \"\";\n if (mode === \"iframe\" \|\| mode === \"nested\") return false;\n if (toolInput.nested === true \|\| toolInput.frame === \"iframe\") return false;\n return true;\n }\n\n function shouldTransplantAppDocument() {\n const mode = typeof toolInput.embedMode === \"string\"\n ? toolInput.embedMode\n : typeof toolInput.renderMode === \"string\"\n ? toolInput.renderMode\n : \"\";\n return (\n mode === \"transplant\" \|\|\n toolInput.frame === \"transplant\" \|\|\n isClaudeMcpContentHost()\n );\n }\n\n function isClaudeMcpContentHost() {\n try {\n return /(^\|\\\\.)claudemcpcontent\\\\.com$/i.test(window.location.hostname \|\| \"\");\n } catch {\n return false;\n }\n }\n\n function isChatGptSandboxHost() {\n try {\n const host = window.location.hostname \|\| \"\";\n const appParam = new URL(window.location.href).searchParams.get(\"app\");\n return /(^\|\\\\.)oaiusercontent\\\\.com$/i.test(host) \|\| appParam === \"chatgpt\";\n } catch {\n return false;\n }\n }\n\n function shouldRenderControlledAppFrame() {\n return !!openAiBridge \|\| isChatGptSandboxHost();\n }\n\n function navigateToAppFrame(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n lastFrameSrc = src;\n setMessage(\"Opening app\");\n try {\n window.location.replace(src);\n } catch (err) {\n console.warn(\"[agent-native] MCP app self-navigation failed\", err);\n renderFrameFallback();\n }\n }\n\n async function updateHostModelContext(data) {\n const params = {};\n if (Array.isArray(data && data.content)) params.content = data.content;\n if (data && data.structuredContent && typeof data.structuredContent === \"object\") {\n params.structuredContent = data.structuredContent;\n }\n if (openAiBridge && typeof openAiBridge.setWidgetState === \"function\") {\n openAiBridge.setWidgetState({\n ...objectValue(openAiBridge.widgetState),\n agentNativeModelContext: params\n });\n return { ok: true };\n }\n if (!app \|\| typeof app.updateModelContext !== \"function\") return { ok: false };\n await app.updateModelContext(params);\n return { ok: true };\n }\n\n async function openHostLink(data) {\n const url = typeof (data && data.url) === \"string\" ? data.url : \"\";\n if (!url) return { isError: true };\n if (openAiBridge && typeof openAiBridge.openExternal === \"function\") {\n return await openAiBridge.openExternal({ href: url, redirectUrl: false });\n }\n if (app && typeof app.openLink === \"function\") {\n return await app.openLink({ url });\n }\n window.open(url, \"_blank\", \"noopener,noreferrer\");\n return { ok: true };\n }\n\n function notifyHostHeight() {\n const height = applyIntrinsicHeight(visibleIntrinsicHeight());\n if (!openAiBridge \|\| typeof openAiBridge.notifyIntrinsicHeight !== \"function\") {\n if (app && typeof app.sendSizeChanged === \"function\") {\n try {\n app.sendSizeChanged({ height });\n } catch (err) {\n console.warn(\"[agent-native] MCP host rejected size update\", err);\n }\n }\n return;\n }\n try {\n openAiBridge.notifyIntrinsicHeight({ height });\n } catch (err) {\n console.warn(\"[agent-native] ChatGPT rejected intrinsic height update\", err);\n }\n }\n\n function respondToAppFrame(requestId, work) {\n if (!requestId) return;\n Promise.resolve(work)\n .then((result) => {\n sendToAppFrame({\n type: \"agentNative.mcpHost.response\",\n data: { requestId, ok: true, result }\n });\n })\n .catch((err) => {\n sendToAppFrame({\n type: \"agentNative.mcpHost.response\",\n data: {\n requestId,\n ok: false,\n error: err && err.message ? err.message : String(err)\n }\n });\n });\n }\n\n async function sendHostChat(chat) {\n if (!chat \|\| chat.submit === false) return;\n const message = typeof chat.message === \"string\" ? chat.message : \"\";\n if (!message.trim()) return;\n const context = typeof chat.context === \"string\" ? chat.context.trim() : \"\";\n try {\n if (openAiBridge && typeof openAiBridge.setWidgetState === \"function\") {\n openAiBridge.setWidgetState({\n ...objectValue(openAiBridge.widgetState),\n agentNativeChatContext: context \|\| null\n });\n } else if (app && typeof app.updateModelContext === \"function\") {\n await app.updateModelContext({\n content: context ? [{ type: \"text\", text: context }] : []\n });\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP host rejected model context update\", err);\n }\n try {\n if (openAiBridge && typeof openAiBridge.sendFollowUpMessage === \"function\") {\n await openAiBridge.sendFollowUpMessage({\n prompt: message,\n scrollToBottom: true\n });\n return;\n }\n if (!app \|\| typeof app.sendMessage !== \"function\") return;\n const result = await app.sendMessage({\n role: \"user\",\n content: [{ type: \"text\", text: message }]\n });\n if (result && result.isError) {\n console.warn(\"[agent-native] MCP host rejected chat message\", result);\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP host chat bridge failed\", err);\n }\n }\n\n window.addEventListener(\"message\", (event) => {\n if (!appFrame \|\| event.source !== appFrame.contentWindow) return;\n if (!event.data) return;\n const data = event.data.data \|\| {};\n if (event.data.type === \"agentNative.embeddedAppReady\") {\n appFrameReady = true;\n clearFrameLoadTimer();\n clearFrameReadyTimer();\n return;\n }\n if (event.data.type === \"agentNative.embedSessionExpired\") {\n refreshExpiredEmbedSession();\n return;\n }\n if (event.data.type === \"agentNative.submitChat\") {\n void sendHostChat(data);\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.updateModelContext\") {\n respondToAppFrame(data.requestId, updateHostModelContext(data));\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.openLink\") {\n respondToAppFrame(data.requestId, openHostLink(data));\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.requestDisplayMode\") {\n respondToAppFrame(data.requestId, requestHostDisplayMode(data.mode));\n }\n });\n\n function notifyHostHeightSoon() {\n requestAnimationFrame(() => notifyHostHeight());\n }\n\n function notifyHostHeightRepeatedly() {\n notifyHostHeight();\n [0, 250, 1000, 2500].forEach((delay) => {\n setTimeout(() => notifyHostHeight(), delay);\n });\n }\n\n window.addEventListener(\"resize\", notifyHostHeightSoon, { passive: true });\n if (window.visualViewport) {\n window.visualViewport.addEventListener(\"resize\", notifyHostHeightSoon, { passive: true });\n }\n\n async function launchEmbed() {\n const launchUrl = openStartUrl \|\| openUrl;\n if (!launchUrl) {\n setMessage(\"Open link was not available.\");\n return;\n }\n if (!wantsEmbed()) {\n setMessage(\"Ready to open.\");\n return;\n }\n if (startedFor === launchUrl) return;\n startedFor = launchUrl;\n setMessage(\"Loading app\");\n try {\n const selfNavigate = shouldSelfNavigateToApp();\n const embedUrl = withChatBridgeParam(launchUrl);\n if (selfNavigate && isEmbedStartUrl(embedUrl)) {\n if (isClaudeMcpContentHost() && shouldTransplantAppDocument()) {\n await transplantAppDocument(embedUrl);\n } else if (shouldRenderControlledAppFrame()) {\n renderFrame(embedUrl);\n } else {\n navigateToAppFrame(embedUrl);\n }\n return;\n }\n if (!selfNavigate && isEmbedStartUrl(embedUrl)) {\n renderFrame(embedUrl);\n return;\n }\n const result = await callEmbedSessionTool(embedSessionArgsFor(embedUrl));\n const data = parseToolResult(result);\n if (typeof data.startUrl !== \"string\" \|\| !data.startUrl) {\n startedFor = \"\";\n setMessage(data.error \|\| \"This app can be opened, but not embedded from this MCP server.\");\n return;\n }\n const startUrl = withChatBridgeParam(data.startUrl);\n if (selfNavigate) {\n if (isClaudeMcpContentHost() && shouldTransplantAppDocument()) {\n await transplantAppDocument(startUrl);\n } else if (shouldRenderControlledAppFrame()) {\n renderFrame(startUrl);\n } else {\n navigateToAppFrame(startUrl);\n }\n } else {\n renderFrame(startUrl);\n }\n } catch (err) {\n startedFor = \"\";\n setMessage(err && err.message ? err.message : \"Could not launch embedded app.\");\n }\n }\n\n async function callEmbedSessionTool(args) {\n if (openAiBridge && typeof openAiBridge.callTool === \"function\") {\n return await openAiBridge.callTool(startTool, args);\n }\n if (!app \|\| typeof app.callServerTool !== \"function\") {\n throw new Error(\"Host tool calls are not available.\");\n }\n return await app.callServerTool({ name: startTool, arguments: args });\n }\n\n function updateHostOpenInAppUrl() {\n if (!openAiBridge \|\| !openUrl \|\| typeof openAiBridge.setOpenInAppUrl !== \"function\") {\n return;\n }\n try {\n openAiBridge.setOpenInAppUrl({ href: openUrl });\n } catch (err) {\n console.warn(\"[agent-native] ChatGPT rejected open-in-app URL\", err);\n }\n }\n\n function updateOpenButton() {\n const buttonUrl = openUrl \|\| openStartUrl;\n openButton.disabled = !buttonUrl;\n openButton.onclick = () => {\n if (buttonUrl) void openHostLink({ url: buttonUrl });\n };\n updateHostOpenInAppUrl();\n }\n\n function updateTitle(data) {\n const label = data.label \|\| data.app \|\| data.view \|\| body.dataset.appTitle \|\| \"App\";\n titleEl.textContent = String(label);\n }\n\n function readOpenAiBridge() {\n return window.openai && typeof window.openai === \"object\"\n ? window.openai\n : null;\n }\n\n function openAiToolResultParams(bridge) {\n const params = {};\n if (bridge && bridge.toolOutput !== undefined) {\n if (bridge.toolOutput && typeof bridge.toolOutput === \"object\") {\n params.structuredContent = bridge.toolOutput;\n } else {\n params.content = [{ type: \"text\", text: String(bridge.toolOutput) }];\n }\n }\n if (bridge && bridge.toolResponseMetadata && typeof bridge.toolResponseMetadata === \"object\") {\n params._meta = bridge.toolResponseMetadata;\n }\n return params;\n }\n\n function syncOpenAiBridge(bridge) {\n if (!bridge) return false;\n openAiBridge = bridge;\n toolInput = objectValue(bridge.toolInput);\n const params = openAiToolResultParams(bridge);\n const data = parseToolResult(params);\n openUrl = openLinkFrom(params, data);\n openStartUrl = embedStartUrlFrom(params, data);\n updateTitle(data);\n updateOpenButton();\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n if (openUrl \|\| openStartUrl) {\n void launchEmbed();\n } else if (!appFrame) {\n setMessage(\"Waiting for app result\");\n }\n return true;\n }\n\n function waitForOpenAiBridge() {\n const existing = readOpenAiBridge();\n if (existing) return Promise.resolve(existing);\n return new Promise((resolve) => {\n let settled = false;\n const finish = (bridge) => {\n if (settled) return;\n settled = true;\n window.removeEventListener(\"openai:set_globals\", onGlobals);\n clearTimeout(timer);\n resolve(bridge \|\| readOpenAiBridge());\n };\n const onGlobals = () => finish(readOpenAiBridge());\n const timer = setTimeout(() => finish(null), 200);\n window.addEventListener(\"openai:set_globals\", onGlobals, { passive: true });\n });\n }\n\n window.addEventListener(\"openai:set_globals\", () => {\n const bridge = readOpenAiBridge();\n if (bridge && (!appFrame \|\| openAiBridge)) syncOpenAiBridge(bridge);\n }, { passive: true });\n\n async function startMcpAppsBridge() {\n const { App } = await import(\"${MCP_APP_IMPORT}\");\n app = new App(\n { name: \"Agent Native Embed\", version: \"1.0.0\" },\n {},\n { autoResize: false }\n );\n app.ontoolinput = (params) => {\n toolInput = params.arguments \|\| {};\n };\n app.ontoolresult = (params) => {\n const data = parseToolResult(params);\n openUrl = openLinkFrom(params, data);\n openStartUrl = embedStartUrlFrom(params, data);\n updateTitle(data);\n updateOpenButton();\n void launchEmbed();\n };\n app.onhostcontextchanged = () => {\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n };\n await app.connect();\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n }\n\n const initialOpenAiBridge = await waitForOpenAiBridge();\n if (!syncOpenAiBridge(initialOpenAiBridge)) {\n await startMcpAppsBridge();\n }\n </script>\n</body>\n</html>`,\n csp: {\n connectDomains: [\n \"https://esm.sh\",\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ],\n resourceDomains: [\n \"https://esm.sh\",\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ],\n baseUriDomains: [MCP_APP_REQUEST_ORIGIN_CSP_SOURCE],\n frameDomains,\n },\n prefersBorder: false,\n };\n}\n"]}
1	+ {"version":3,"file":"embed-app.js","sourceRoot":"","sources":["../../src/mcp/embed-app.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,+BAA+B,EAAE,MAAM,yBAAyB,CAAC;AAE1E,MAAM,cAAc,GAClB,mEAAmE,CAAC;AAEtE,MAAM,CAAC,MAAM,iCAAiC,GAAG,gBAAgB,CAAC;AAClE,MAAM,6BAA6B,GAAG,EAAE,CAAC;AACzC,MAAM,CAAC,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAChD,MAAM,CAAC,MAAM,+BAA+B,GAC1C,4BAA4B,GAAG,6BAA6B,CAAC;AAa/D,SAAS,IAAI,CAAC,KAAyB;IACrC,OAAO,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,QAAQ,CACtB,UAA2B,EAAE;IAE7B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC;IAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,kBAAkB,CAAC;IAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,aAAa,CAAC;IACrD,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,sBAAsB,CAAC;IACtE,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,KAAK,KAAK,CAAC;IACxD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CACrB,GAAG,EACH,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,IAAI,4BAA4B,CAAC,CAC9D,CAAC;IACF,MAAM,cAAc,GAAG,MAAM,GAAG,6BAA6B,CAAC;IAC9D,MAAM,YAAY,GAAG;QACnB,iCAAiC;QACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;KAChC,CAAC;IAEF,OAAO;QACL,KAAK;QACL,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,IAAI,EAAE,GAAG,EAAE,CAAC;;;;;;8MAM8L,MAAM,uCAAuC,cAAc;;;;;;;;;;;;;;;;;;;;oBAoBrP,IAAI,CAAC,KAAK,CAAC;uBACR,IAAI,CAAC,WAAW,CAAC;qBACnB,IAAI,CAAC,SAAS,CAAC;qBACf,IAAI,CAAC,aAAa,CAAC;wBAChB,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;;;;4CAIN,IAAI,CAAC,KAAK,CAAC;;;mDAGJ,IAAI,CAAC,SAAS,CAAC;;;;;;;;;;;;;;;8BAepC,IAAI,CAAC,SAAS,CAAC,+BAA+B,CAAC;qCACxC,MAAM;2BAChB,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sCAk/BlB,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAkC5C;QACJ,GAAG,EAAE;YACH,cAAc,EAAE;gBACd,gBAAgB;gBAChB,iCAAiC;gBACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;aAChC;YACD,eAAe,EAAE;gBACf,gBAAgB;gBAChB,iCAAiC;gBACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;aAChC;YACD,cAAc,EAAE,CAAC,iCAAiC,CAAC;YACnD,YAAY;SACb;QACD,aAAa,EAAE,KAAK;KACrB,CAAC;AACJ,CAAC","sourcesContent":["import type { ActionMcpAppResourceConfig } from \"../action.js\";\nimport { MCP_APP_CHAT_BRIDGE_QUERY_PARAM } from \"../shared/embed-auth.js\";\n\nconst MCP_APP_IMPORT =\n \"https://esm.sh/@modelcontextprotocol/ext-apps@1.7.2/app-with-deps\";\n\nexport const MCP_APP_REQUEST_ORIGIN_CSP_SOURCE = \"$requestOrigin\";\nconst MCP_APP_WRAPPER_CHROME_HEIGHT = 44;\nexport const DEFAULT_MCP_APP_SHELL_HEIGHT = 560;\nexport const DEFAULT_MCP_APP_VIEWPORT_HEIGHT =\n DEFAULT_MCP_APP_SHELL_HEIGHT - MCP_APP_WRAPPER_CHROME_HEIGHT;\n\nexport interface EmbedAppOptions {\n title?: string;\n description?: string;\n iframeTitle?: string;\n openLabel?: string;\n embedByDefault?: boolean;\n startToolName?: string;\n frameDomains?: string[];\n height?: number;\n}\n\nfunction attr(value: string \| undefined): string {\n return String(value ?? \"\")\n .replace(/&/g, \"&\")\n .replace(/\"/g, \""\")\n .replace(/</g, \"<\")\n .replace(/>/g, \">\");\n}\n\nexport function embedApp(\n options: EmbedAppOptions = {},\n): ActionMcpAppResourceConfig {\n const title = options.title ?? \"Open app\";\n const iframeTitle = options.iframeTitle ?? \"Agent Native app\";\n const openLabel = options.openLabel ?? \"Open in app\";\n const startToolName = options.startToolName ?? \"create_embed_session\";\n const embedByDefault = options.embedByDefault !== false;\n const height = Math.max(\n 320,\n Math.min(900, options.height ?? DEFAULT_MCP_APP_SHELL_HEIGHT),\n );\n const viewportHeight = height - MCP_APP_WRAPPER_CHROME_HEIGHT;\n const frameDomains = [\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ];\n\n return {\n title,\n ...(options.description ? { description: options.description } : {}),\n html: () => `<!doctype html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <style>\n :root { color-scheme: light dark; font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif; background: Canvas; color: CanvasText; --agent-native-shell-height: ${height}px; --agent-native-viewport-height: ${viewportHeight}px; }\n * { box-sizing: border-box; }\n body { margin: 0; }\n .shell { display: grid; gap: 8px; min-height: var(--agent-native-shell-height); padding: 0; }\n .bar { display: flex; align-items: center; justify-content: space-between; gap: 8px; min-height: 36px; padding: 6px 8px; border-bottom: 1px solid color-mix(in srgb, CanvasText 12%, Canvas); }\n .title { min-width: 0; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; font-size: 12px; font-weight: 700; color: color-mix(in srgb, CanvasText 72%, Canvas); }\n .actions { display: flex; align-items: center; gap: 6px; }\n button { min-height: 28px; border: 1px solid color-mix(in srgb, CanvasText 14%, Canvas); border-radius: 7px; background: Canvas; color: CanvasText; cursor: pointer; font: inherit; font-size: 12px; font-weight: 700; padding: 0 9px; }\n button:disabled { opacity: .55; cursor: default; }\n .stage { position: relative; min-height: var(--agent-native-viewport-height); }\n iframe { display: block; width: 100%; height: var(--agent-native-viewport-height); border: 0; background: Canvas; }\n .message { display: grid; place-items: center; min-height: var(--agent-native-viewport-height); padding: 18px; color: color-mix(in srgb, CanvasText 62%, Canvas); font-size: 13px; line-height: 1.45; text-align: center; }\n .fallback { display: grid; align-content: center; justify-items: center; gap: 12px; min-height: var(--agent-native-viewport-height); padding: 24px; background: Canvas; color: CanvasText; text-align: center; }\n .fallback-title { max-width: 440px; font-size: 14px; font-weight: 700; }\n .fallback-copy { max-width: 520px; color: color-mix(in srgb, CanvasText 64%, Canvas); font-size: 13px; line-height: 1.45; }\n .fallback-actions { display: flex; flex-wrap: wrap; align-items: center; justify-content: center; gap: 8px; }\n .fallback-url { max-width: min(560px, 100%); overflow-wrap: anywhere; color: color-mix(in srgb, CanvasText 76%, Canvas); font-size: 12px; }\n </style>\n</head>\n<body\n data-app-title=\"${attr(title)}\"\n data-iframe-title=\"${attr(iframeTitle)}\"\n data-open-label=\"${attr(openLabel)}\"\n data-start-tool=\"${attr(startToolName)}\"\n data-embed-default=\"${embedByDefault ? \"1\" : \"0\"}\"\n>\n <main class=\"shell\">\n <div class=\"bar\">\n <div class=\"title\" data-title-label>${attr(title)}</div>\n <div class=\"actions\">\n <button type=\"button\" data-display hidden disabled>Fullscreen</button>\n <button type=\"button\" data-open disabled>${attr(openLabel)}</button>\n </div>\n </div>\n <section class=\"stage\" data-stage>\n <div class=\"message\">Preparing app</div>\n </section>\n </main>\n <script type=\"module\">\n const body = document.body;\n const stage = document.querySelector(\"[data-stage]\");\n const titleEl = document.querySelector(\"[data-title-label]\");\n const openButton = document.querySelector(\"[data-open]\");\n const displayButton = document.querySelector(\"[data-display]\");\n const startTool = body.dataset.startTool \|\| \"create_embed_session\";\n const embedByDefault = body.dataset.embedDefault !== \"0\";\n const chatBridgeParam = ${JSON.stringify(MCP_APP_CHAT_BRIDGE_QUERY_PARAM)};\n const defaultIntrinsicHeight = ${height};\n const chromeHeight = ${MCP_APP_WRAPPER_CHROME_HEIGHT};\n const frameReadyMessageDelays = [0, 200, 500, 1500, 3000, 7000, 15000, 30000];\n const frameReadyTimeoutMs = 45000;\n const frameLoadTimeoutMs = 45000;\n let app = null;\n let openAiBridge = null;\n let toolInput = {};\n let openUrl = \"\";\n let openStartUrl = \"\";\n let startedFor = \"\";\n let appFrame = null;\n let appFrameReady = false;\n let appFrameReadyTimer = null;\n let appFrameLoadTimer = null;\n let lastFrameSrc = \"\";\n\n function esc(value) {\n return String(value ?? \"\")\n .replace(/&/g, \"&\")\n .replace(/</g, \"<\")\n .replace(/>/g, \">\")\n .replace(/\"/g, \""\");\n }\n\n function parseJson(value, fallback) {\n if (value && typeof value === \"object\") return value;\n if (typeof value !== \"string\" \|\| !value.trim()) return fallback;\n try { return JSON.parse(value); } catch { return fallback; }\n }\n\n function objectValue(value) {\n return value && typeof value === \"object\" && !Array.isArray(value)\n ? value\n : {};\n }\n\n function finiteNumber(value) {\n return typeof value === \"number\" && Number.isFinite(value) && value > 0\n ? value\n : null;\n }\n\n function contextMaxHeight(context) {\n if (!context \|\| typeof context !== \"object\") return null;\n return finiteNumber(context.maxHeight) \|\|\n finiteNumber(context.containerDimensions && context.containerDimensions.maxHeight);\n }\n\n function visibleIntrinsicHeight() {\n const context = hostState().context \|\| {};\n const hostMaxHeight = contextMaxHeight(context);\n if (hostMaxHeight) return Math.floor(hostMaxHeight);\n const viewportHeight = finiteNumber(window.visualViewport && window.visualViewport.height) \|\|\n finiteNumber(window.innerHeight);\n return Math.floor(viewportHeight \|\| defaultIntrinsicHeight);\n }\n\n function applyIntrinsicHeight(nextHeight) {\n const boundedHeight = Math.min(\n defaultIntrinsicHeight,\n Math.floor(nextHeight \|\| defaultIntrinsicHeight)\n );\n const height = Math.max(320, boundedHeight);\n const viewportHeight = Math.max(0, height - chromeHeight);\n document.documentElement.style.setProperty(\"--agent-native-shell-height\", height + \"px\");\n document.documentElement.style.setProperty(\"--agent-native-viewport-height\", viewportHeight + \"px\");\n if (appFrame) appFrame.style.height = viewportHeight + \"px\";\n return height;\n }\n\n function parseToolResult(params) {\n if (!params) return {};\n if (params.result && typeof params.result === \"object\") {\n return parseToolResult(params.result);\n }\n if (params.toolResult && typeof params.toolResult === \"object\") {\n return parseToolResult(params.toolResult);\n }\n if (params.structuredContent && typeof params.structuredContent === \"object\") {\n return params.structuredContent;\n }\n const parts = Array.isArray(params.content) ? params.content : [];\n const textPart = parts.find((part) => part && part.type === \"text\" && typeof part.text === \"string\");\n const text = textPart ? textPart.text : \"\";\n if (params.isError && typeof text === \"string\" && text.trim()) {\n return { error: text.trim() };\n }\n return parseJson(text, {});\n }\n\n function openLinkRecordFrom(value) {\n return value && typeof value === \"object\" && !Array.isArray(value)\n ? value\n : {};\n }\n\n function openLinkWebUrlFrom(value) {\n const record = openLinkRecordFrom(value);\n return typeof record.webUrl === \"string\" ? record.webUrl : \"\";\n }\n\n function firstNonEmbedStartUrl(values) {\n for (const value of values) {\n if (typeof value === \"string\" && value && !isEmbedStartUrl(value)) return value;\n }\n return \"\";\n }\n\n function firstEmbedStartUrl(values) {\n for (const value of values) {\n if (typeof value === \"string\" && value && isEmbedStartUrl(value)) {\n return withChatBridgeParam(value);\n }\n }\n return \"\";\n }\n\n function openLinkFrom(params, data) {\n const openLink = params && params._meta && params._meta[\"agent-native/openLink\"];\n const metaUrl = openLinkWebUrlFrom(openLink);\n const record = data && typeof data === \"object\" ? data : {};\n const structuredOpenLinkUrl = openLinkWebUrlFrom(record.openLink);\n return firstNonEmbedStartUrl([\n record.embedTargetPath,\n record.deepLinkUrl,\n record.deepLink,\n record.openUrl,\n record.url,\n structuredOpenLinkUrl,\n metaUrl\n ]);\n }\n\n function embedStartUrlFrom(params, data) {\n const embedStart =\n params && params._meta && params._meta[\"agent-native/embedStart\"];\n const embedStartRecord =\n embedStart && typeof embedStart === \"object\" && !Array.isArray(embedStart)\n ? embedStart\n : {};\n const openLink = params && params._meta && params._meta[\"agent-native/openLink\"];\n const metaUrl = openLinkWebUrlFrom(openLink);\n const record = data && typeof data === \"object\" ? data : {};\n return firstEmbedStartUrl([\n embedStartRecord.startUrl,\n record.embedStartUrl,\n record.startUrl,\n record.url,\n openLinkWebUrlFrom(record.openLink),\n metaUrl\n ]);\n }\n\n function hostState() {\n if (openAiBridge) {\n return {\n context: {\n displayMode: openAiBridge.displayMode,\n availableDisplayModes: typeof openAiBridge.requestDisplayMode === \"function\"\n ? [\"inline\", \"fullscreen\", \"pip\"]\n : [],\n maxHeight: openAiBridge.maxHeight,\n locale: openAiBridge.locale,\n theme: openAiBridge.theme,\n view: openAiBridge.view\n },\n capabilities: { openai: true },\n version: openAiBridge.userAgent\n };\n }\n return {\n context: app && app.getHostContext ? app.getHostContext() : undefined,\n capabilities: app && app.getHostCapabilities ? app.getHostCapabilities() : undefined,\n version: app && app.getHostVersion ? app.getHostVersion() : undefined\n };\n }\n\n function sendToAppFrame(message) {\n if (!appFrame \|\| !appFrame.contentWindow) return;\n try { appFrame.contentWindow.postMessage(message, \"\"); } catch {}\n }\n\n function sendHostContext() {\n sendToAppFrame({ type: \"agentNative.mcpHostContext\", data: hostState() });\n }\n\n function sendFrameReadyMessages(frame) {\n const originPayload = { type: \"agentNative.frameOrigin\", origin: window.location.origin };\n frameReadyMessageDelays.forEach((delay) => {\n setTimeout(() => {\n try { frame.contentWindow && frame.contentWindow.postMessage(originPayload, \"\"); } catch {}\n sendHostContext();\n }, delay);\n });\n }\n\n function withChatBridgeParam(value) {\n if (typeof value !== \"string\" \|\| !value) return value;\n try {\n const base = \"http://agent-native.invalid\";\n const url = value.startsWith(\"/\") ? new URL(value, base) : new URL(value);\n url.searchParams.set(chatBridgeParam, \"1\");\n return value.startsWith(\"/\")\n ? url.pathname + url.search + url.hash\n : url.toString();\n } catch {\n return value;\n }\n }\n\n function embedSessionArgsFor(value) {\n const chrome = typeof toolInput.chrome === \"string\" ? toolInput.chrome : \"full\";\n return typeof value === \"string\" && value.startsWith(\"/\")\n ? { path: value, chrome }\n : { url: value, chrome };\n }\n\n function isEmbedStartUrl(value) {\n if (typeof value !== \"string\" \|\| !value) return false;\n try {\n const url = new URL(value, window.location.href);\n return url.pathname.endsWith(\"/_agent-native/embed/start\");\n } catch {\n return false;\n }\n }\n\n function localPathFromUrl(url, includeToken) {\n const next = new URL(url.href);\n if (!includeToken) next.searchParams.delete(\"__an_embed_token\");\n return next.pathname + next.search + next.hash;\n }\n\n function rewriteRootRelativeHtmlUrls(html, appOrigin) {\n return String(html).replace(\n /\\\\b(src\|href\|poster\|action)\\\\s=\\\\s([\"'])\\\\/(?!\\\\/)/gi,\n (_match, name, quote) => String(name) + \"=\" + quote + appOrigin + \"/\"\n );\n }\n\n function removeHtmlCspMeta(html) {\n return String(html).replace(\n /<meta\\\\s+[^>]http-equiv\\\\s=\\\\s([\"'])?content-security-policy\\\\1?[^>]>/gi,\n \"\"\n );\n }\n\n function embedConfigForAppUrl(appUrl) {\n const sanitizedTarget = localPathFromUrl(appUrl, false);\n return {\n origin: appUrl.origin,\n href: appUrl.href,\n baseHref: appUrl.origin + appUrl.pathname,\n target: sanitizedTarget,\n token: appUrl.searchParams.get(\"__an_embed_token\") \|\| \"\",\n chatBridgeActive: appUrl.searchParams.get(chatBridgeParam) === \"1\",\n chatBridgeParam,\n embedTokenParam: \"__an_embed_token\",\n embedTargetHeader: \"x-agent-native-embed-target\"\n };\n }\n\n function installExternalEmbedRuntime(config) {\n window.__AGENT_NATIVE_EXTERNAL_EMBED = config;\n try {\n if (config.target) {\n window.history.replaceState(window.history.state, \"\", config.target);\n }\n } catch (_err) {}\n try {\n if (config.token) {\n sessionStorage.setItem(\"agent-native:embed-auth-token\", config.token);\n }\n if (config.chatBridgeActive && config.token) {\n sessionStorage.setItem(\"agent-native:mcp-chat-bridge\", config.token);\n }\n } catch (_err) {}\n if (window.__agentNativeExternalEmbedRuntimeInstalled) return;\n window.__agentNativeExternalEmbedRuntimeInstalled = true;\n function appOrigin() {\n try {\n return new URL(config.origin).origin;\n } catch (_err) {\n return \"\";\n }\n }\n function targetPath() {\n return config.target \|\| location.pathname + location.search;\n }\n function rewrittenUrl(value, appendToken) {\n const origin = appOrigin();\n if (!origin) return null;\n let url;\n try {\n url = new URL(value, location.href);\n } catch (_err) {\n return null;\n }\n if (url.origin !== location.origin && url.origin !== origin) return null;\n if (url.origin !== origin) {\n const app = new URL(origin);\n url.protocol = app.protocol;\n url.host = app.host;\n }\n if (appendToken && config.token && url.pathname === \"/_agent-native/events\") {\n url.searchParams.set(config.embedTokenParam, config.token);\n }\n return url.toString();\n }\n function authHeaders(input, init) {\n const headers = new Headers(\n init && init.headers ? init.headers : input instanceof Request ? input.headers : undefined\n );\n if (config.token && !headers.has(\"Authorization\")) {\n headers.set(\"Authorization\", \"Bearer \" + config.token);\n }\n if (!headers.has(config.embedTargetHeader)) {\n headers.set(config.embedTargetHeader, targetPath());\n }\n return headers;\n }\n if (typeof fetch === \"function\") {\n const originalFetch = fetch.bind(window);\n window.fetch = function(input, init) {\n const raw = input instanceof Request ? input.url : String(input);\n const url = rewrittenUrl(raw, false);\n if (!url) return originalFetch(input, init);\n const nextInit = Object.assign({}, init \|\| {}, {\n headers: authHeaders(input, init),\n credentials: \"omit\"\n });\n if (input instanceof Request) {\n return originalFetch(new Request(url, input), nextInit);\n }\n return originalFetch(url, nextInit);\n };\n }\n if (typeof XMLHttpRequest !== \"undefined\") {\n const originalOpen = XMLHttpRequest.prototype.open;\n const originalSend = XMLHttpRequest.prototype.send;\n XMLHttpRequest.prototype.open = function(method, url) {\n const rewritten = rewrittenUrl(url, false);\n this.__agentNativeExternalEmbed = !!rewritten;\n return originalOpen.call(\n this,\n method,\n rewritten \|\| url,\n arguments.length > 2 ? arguments[2] : true,\n arguments[3],\n arguments[4]\n );\n };\n XMLHttpRequest.prototype.send = function(body) {\n if (this.__agentNativeExternalEmbed) {\n try {\n if (config.token) this.setRequestHeader(\"Authorization\", \"Bearer \" + config.token);\n this.setRequestHeader(config.embedTargetHeader, targetPath());\n } catch (_err) {}\n }\n return originalSend.call(this, body);\n };\n }\n if (typeof EventSource !== \"undefined\") {\n const OriginalEventSource = EventSource;\n window.EventSource = function(url, options) {\n return new OriginalEventSource(rewrittenUrl(url, true) \|\| url, options);\n };\n window.EventSource.prototype = OriginalEventSource.prototype;\n }\n }\n\n function copyDocumentElementAttributes(source) {\n const target = document.documentElement;\n for (const attr of Array.from(target.attributes)) {\n target.removeAttribute(attr.name);\n }\n for (const attr of Array.from(source.attributes)) {\n target.setAttribute(attr.name, attr.value);\n }\n }\n\n function importChildren(source, target) {\n target.replaceChildren(\n ...Array.from(source.childNodes).map((node) => document.importNode(node, true))\n );\n }\n\n function isModuleScript(script) {\n return (script.getAttribute(\"type\") \|\| \"\").trim().toLowerCase() === \"module\";\n }\n\n function isRunnableClassicScript(script) {\n const type = (script.getAttribute(\"type\") \|\| \"\").trim().toLowerCase();\n return !type \|\| type === \"text/javascript\" \|\| type === \"application/javascript\";\n }\n\n function runClassicScript(script) {\n const next = document.createElement(\"script\");\n for (const attr of Array.from(script.attributes)) {\n if (attr.name === \"type\") continue;\n next.setAttribute(attr.name, attr.value);\n }\n if (script.src) {\n next.src = script.src;\n } else {\n next.textContent = script.textContent \|\| \"\";\n }\n document.body.appendChild(next);\n next.remove();\n }\n\n function rootRelativeSpecifiersToAbsolute(code, appOrigin) {\n return String(code).replace(/([\"'])\\\\/(?!\\\\/)/g, \"$1\" + appOrigin + \"/\");\n }\n\n function moduleCodeToClassicAsync(code, appOrigin) {\n return rootRelativeSpecifiersToAbsolute(code, appOrigin)\n .replace(\n /\\\\bimport\\\\s+\\\\\\\\s+as\\\\s+([A-Za-z_$][\\\\w$])\\\\s+from\\\\s+([\"'][^\"']+[\"'])\\\\s;?/g,\n \"const $1 = await import($2);\"\n )\n .replace(/\\\\bimport\\\\s+([\"'][^\"']+[\"'])\\\\s;?/g, \"await import($1);\")\n .replace(/\\\\bimport\\\$([\"'][^\"']+[\"'])\\\$\\\\s*;?/g, \"await import($1);\");\n }\n\n function runModuleScriptAsClassic(script, appOrigin) {\n const code = moduleCodeToClassicAsync(script.textContent \|\| \"\", appOrigin);\n const runner = document.createElement(\"script\");\n runner.textContent =\n \"(async()=>{\" +\n code +\n \"})().catch((err)=>{console.error('[agent-native] transplanted app module failed',err);document.body.setAttribute('data-agent-native-hydration-error',String(err&&err.message\|\|err));});\";\n document.body.appendChild(runner);\n runner.remove();\n }\n\n function mountTransplantedHtml(html, appUrl) {\n const config = embedConfigForAppUrl(appUrl);\n installExternalEmbedRuntime(config);\n const parsed = new DOMParser().parseFromString(\n rewriteRootRelativeHtmlUrls(removeHtmlCspMeta(html), appUrl.origin),\n \"text/html\"\n );\n const scripts = Array.from(parsed.querySelectorAll(\"script\"));\n copyDocumentElementAttributes(parsed.documentElement);\n importChildren(parsed.head, document.head);\n const base = document.createElement(\"base\");\n base.href = config.baseHref;\n document.head.prepend(base);\n importChildren(parsed.body, document.body);\n for (const script of scripts) {\n if (isRunnableClassicScript(script)) runClassicScript(script);\n }\n for (const script of scripts) {\n if (isModuleScript(script)) runModuleScriptAsClassic(script, appUrl.origin);\n }\n }\n\n async function transplantAppDocument(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n lastFrameSrc = src;\n setMessage(\"Loading app\");\n const response = await fetch(src, {\n credentials: \"omit\",\n redirect: \"follow\",\n headers: { Accept: \"text/html\" }\n });\n if (!response.ok) {\n throw new Error(\"Embedded app returned HTTP \" + response.status + \".\");\n }\n const html = await response.text();\n const appUrl = new URL(response.url \|\| src);\n try {\n window.history.replaceState(window.history.state, \"\", localPathFromUrl(appUrl, false));\n } catch {}\n mountTransplantedHtml(html, appUrl);\n notifyHostHeightRepeatedly();\n }\n\n function wantsEmbed() {\n if (toolInput.embed === false \|\| toolInput.embed === \"false\") return false;\n if (embedByDefault) return true;\n return toolInput.embed === true \|\| toolInput.embed === \"true\";\n }\n\n function supportedDisplayMode(mode) {\n if (openAiBridge && typeof openAiBridge.requestDisplayMode === \"function\") {\n return mode === \"inline\" \|\| mode === \"fullscreen\" \|\| mode === \"pip\";\n }\n const modes = hostState().context && hostState().context.availableDisplayModes;\n return Array.isArray(modes) && modes.includes(mode);\n }\n\n async function requestHostDisplayMode(mode) {\n let result;\n if (openAiBridge && typeof openAiBridge.requestDisplayMode === \"function\") {\n result = await openAiBridge.requestDisplayMode({ mode });\n } else {\n if (!app \|\| typeof app.requestDisplayMode !== \"function\") {\n throw new Error(\"Display mode changes are not available in this host.\");\n }\n result = await app.requestDisplayMode({ mode });\n }\n updateDisplayButton();\n sendHostContext();\n return result;\n }\n\n function updateDisplayButton() {\n const context = hostState().context \|\| {};\n const nextMode = context.displayMode === \"fullscreen\" ? \"inline\" : \"fullscreen\";\n const supported = supportedDisplayMode(nextMode);\n displayButton.hidden = !supported;\n displayButton.disabled = !supported;\n displayButton.textContent = nextMode === \"fullscreen\" ? \"Fullscreen\" : \"Inline\";\n displayButton.onclick = () => {\n if (!supportedDisplayMode(nextMode)) return;\n void requestHostDisplayMode(nextMode).catch((err) => {\n console.warn(\"[agent-native] MCP host rejected display mode request\", err);\n });\n };\n }\n\n function setMessage(message) {\n stage.innerHTML = '<div class=\"message\">' + esc(message) + '</div>';\n }\n\n function clearFrameReadyTimer() {\n if (!appFrameReadyTimer) return;\n clearTimeout(appFrameReadyTimer);\n appFrameReadyTimer = null;\n }\n\n function clearFrameLoadTimer() {\n if (!appFrameLoadTimer) return;\n clearTimeout(appFrameLoadTimer);\n appFrameLoadTimer = null;\n }\n\n function startFrameReadyTimer(frame) {\n clearFrameReadyTimer();\n appFrameReadyTimer = setTimeout(() => {\n if (!appFrameReady && appFrame === frame) renderFrameFallback();\n }, frameReadyTimeoutMs);\n }\n\n function renderFrameFallback() {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n const fallbackCopy = openUrl\n ? \"This chat host did not allow the embedded app frame to load inline. You can still open the same app route through the host or use the URL below.\"\n : \"This chat host did not allow the embedded app frame to load inline.\";\n stage.innerHTML =\n '<div class=\"fallback\">' +\n '<div class=\"fallback-title\">Open this app in its own tab</div>' +\n '<div class=\"fallback-copy\">' + esc(fallbackCopy) + '</div>' +\n '<div class=\"fallback-actions\">' +\n '<button type=\"button\" data-fallback-open>Open app</button>' +\n '<button type=\"button\" data-fallback-retry>Try inline again</button>' +\n '</div>' +\n (openUrl ? '<a class=\"fallback-url\" href=\"' + esc(openUrl) + '\" target=\"_blank\" rel=\"noreferrer\">' + esc(openUrl) + '</a>' : '') +\n '</div>';\n const fallbackOpen = stage.querySelector(\"[data-fallback-open]\");\n const fallbackRetry = stage.querySelector(\"[data-fallback-retry]\");\n if (fallbackOpen) {\n fallbackOpen.disabled = !openUrl;\n fallbackOpen.onclick = () => {\n if (openUrl) void openFallbackExternal();\n };\n }\n if (fallbackRetry) {\n fallbackRetry.disabled = !lastFrameSrc;\n fallbackRetry.onclick = () => {\n if (lastFrameSrc) renderFrame(lastFrameSrc);\n };\n }\n }\n\n async function openFallbackExternal() {\n if (!openUrl) return;\n let url = withChatBridgeParam(openUrl);\n try {\n if (url) {\n const result = await callEmbedSessionTool(embedSessionArgsFor(url));\n const data = parseToolResult(result);\n if (typeof data.startUrl === \"string\" && data.startUrl) {\n url = withChatBridgeParam(data.startUrl);\n }\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP fallback could not mint a fresh app session\", err);\n }\n await openHostLink({ url });\n }\n\n function renderFrame(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n const frame = document.createElement(\"iframe\");\n frame.title = body.dataset.iframeTitle \|\| \"Agent Native app\";\n frame.src = src;\n frame.allow = \"clipboard-read; clipboard-write\";\n appFrame = frame;\n appFrameReady = false;\n lastFrameSrc = src;\n frame.addEventListener(\"load\", () => {\n if (appFrame !== frame) return;\n clearFrameLoadTimer();\n sendFrameReadyMessages(frame);\n startFrameReadyTimer(frame);\n });\n stage.replaceChildren(frame);\n notifyHostHeight();\n appFrameLoadTimer = setTimeout(() => {\n if (!appFrameReady && appFrame === frame) renderFrameFallback();\n }, frameLoadTimeoutMs);\n }\n\n function refreshExpiredEmbedSession() {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrameReady = false;\n if (!openUrl) {\n renderFrameFallback();\n return;\n }\n openStartUrl = \"\";\n startedFor = \"\";\n lastFrameSrc = \"\";\n setMessage(\"Refreshing app session\");\n void launchEmbed();\n }\n\n function shouldSelfNavigateToApp() {\n const mode = typeof toolInput.embedMode === \"string\"\n ? toolInput.embedMode\n : typeof toolInput.renderMode === \"string\"\n ? toolInput.renderMode\n : \"\";\n if (mode === \"iframe\" \|\| mode === \"nested\") return false;\n if (toolInput.nested === true \|\| toolInput.frame === \"iframe\") return false;\n return true;\n }\n\n function shouldTransplantAppDocument() {\n const mode = typeof toolInput.embedMode === \"string\"\n ? toolInput.embedMode\n : typeof toolInput.renderMode === \"string\"\n ? toolInput.renderMode\n : \"\";\n return (\n mode === \"transplant\" \|\|\n toolInput.frame === \"transplant\" \|\|\n isClaudeMcpContentHost()\n );\n }\n\n function isClaudeMcpContentHost() {\n try {\n return /(^\|\\\\.)claudemcpcontent\\\\.com$/i.test(window.location.hostname \|\| \"\");\n } catch {\n return false;\n }\n }\n\n function isChatGptSandboxHost() {\n try {\n const host = window.location.hostname \|\| \"\";\n const appParam = new URL(window.location.href).searchParams.get(\"app\");\n return /(^\|\\\\.)oaiusercontent\\\\.com$/i.test(host) \|\| appParam === \"chatgpt\";\n } catch {\n return false;\n }\n }\n\n function shouldRenderControlledAppFrame() {\n return !!openAiBridge \|\| isChatGptSandboxHost();\n }\n\n function navigateToAppFrame(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n lastFrameSrc = src;\n setMessage(\"Opening app\");\n try {\n window.location.replace(src);\n } catch (err) {\n console.warn(\"[agent-native] MCP app self-navigation failed\", err);\n renderFrameFallback();\n }\n }\n\n async function updateHostModelContext(data) {\n const params = {};\n if (Array.isArray(data && data.content)) params.content = data.content;\n if (data && data.structuredContent && typeof data.structuredContent === \"object\") {\n params.structuredContent = data.structuredContent;\n }\n if (openAiBridge && typeof openAiBridge.setWidgetState === \"function\") {\n openAiBridge.setWidgetState({\n ...objectValue(openAiBridge.widgetState),\n agentNativeModelContext: params\n });\n return { ok: true };\n }\n if (!app \|\| typeof app.updateModelContext !== \"function\") return { ok: false };\n await app.updateModelContext(params);\n return { ok: true };\n }\n\n async function openHostLink(data) {\n const url = typeof (data && data.url) === \"string\" ? data.url : \"\";\n if (!url) return { isError: true };\n if (openAiBridge && typeof openAiBridge.openExternal === \"function\") {\n return await openAiBridge.openExternal({ href: url, redirectUrl: false });\n }\n if (app && typeof app.openLink === \"function\") {\n return await app.openLink({ url });\n }\n window.open(url, \"_blank\", \"noopener,noreferrer\");\n return { ok: true };\n }\n\n function notifyHostHeight() {\n const height = applyIntrinsicHeight(visibleIntrinsicHeight());\n if (!openAiBridge \|\| typeof openAiBridge.notifyIntrinsicHeight !== \"function\") {\n if (app && typeof app.sendSizeChanged === \"function\") {\n try {\n app.sendSizeChanged({ height });\n } catch (err) {\n console.warn(\"[agent-native] MCP host rejected size update\", err);\n }\n }\n return;\n }\n try {\n openAiBridge.notifyIntrinsicHeight({ height });\n } catch (err) {\n console.warn(\"[agent-native] ChatGPT rejected intrinsic height update\", err);\n }\n }\n\n function respondToAppFrame(requestId, work) {\n if (!requestId) return;\n Promise.resolve(work)\n .then((result) => {\n sendToAppFrame({\n type: \"agentNative.mcpHost.response\",\n data: { requestId, ok: true, result }\n });\n })\n .catch((err) => {\n sendToAppFrame({\n type: \"agentNative.mcpHost.response\",\n data: {\n requestId,\n ok: false,\n error: err && err.message ? err.message : String(err)\n }\n });\n });\n }\n\n async function sendHostChat(chat) {\n if (!chat \|\| chat.submit === false) return;\n const message = typeof chat.message === \"string\" ? chat.message : \"\";\n if (!message.trim()) return;\n const context = typeof chat.context === \"string\" ? chat.context.trim() : \"\";\n try {\n if (openAiBridge && typeof openAiBridge.setWidgetState === \"function\") {\n openAiBridge.setWidgetState({\n ...objectValue(openAiBridge.widgetState),\n agentNativeChatContext: context \|\| null\n });\n } else if (app && typeof app.updateModelContext === \"function\") {\n await app.updateModelContext({\n content: context ? [{ type: \"text\", text: context }] : []\n });\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP host rejected model context update\", err);\n }\n try {\n if (openAiBridge && typeof openAiBridge.sendFollowUpMessage === \"function\") {\n await openAiBridge.sendFollowUpMessage({\n prompt: message,\n scrollToBottom: true\n });\n return;\n }\n if (!app \|\| typeof app.sendMessage !== \"function\") return;\n const result = await app.sendMessage({\n role: \"user\",\n content: [{ type: \"text\", text: message }]\n });\n if (result && result.isError) {\n console.warn(\"[agent-native] MCP host rejected chat message\", result);\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP host chat bridge failed\", err);\n }\n }\n\n window.addEventListener(\"message\", (event) => {\n if (!appFrame \|\| event.source !== appFrame.contentWindow) return;\n if (!event.data) return;\n const data = event.data.data \|\| {};\n if (event.data.type === \"agentNative.embeddedAppReady\") {\n appFrameReady = true;\n clearFrameLoadTimer();\n clearFrameReadyTimer();\n return;\n }\n if (event.data.type === \"agentNative.embedSessionExpired\") {\n refreshExpiredEmbedSession();\n return;\n }\n if (event.data.type === \"agentNative.submitChat\") {\n void sendHostChat(data);\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.updateModelContext\") {\n respondToAppFrame(data.requestId, updateHostModelContext(data));\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.openLink\") {\n respondToAppFrame(data.requestId, openHostLink(data));\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.requestDisplayMode\") {\n respondToAppFrame(data.requestId, requestHostDisplayMode(data.mode));\n }\n });\n\n function notifyHostHeightSoon() {\n requestAnimationFrame(() => notifyHostHeight());\n }\n\n function notifyHostHeightRepeatedly() {\n notifyHostHeight();\n [0, 250, 1000, 2500].forEach((delay) => {\n setTimeout(() => notifyHostHeight(), delay);\n });\n }\n\n window.addEventListener(\"resize\", notifyHostHeightSoon, { passive: true });\n if (window.visualViewport) {\n window.visualViewport.addEventListener(\"resize\", notifyHostHeightSoon, { passive: true });\n }\n\n async function launchEmbed() {\n const launchUrl = openStartUrl \|\| openUrl;\n if (!launchUrl) {\n setMessage(\"Open link was not available.\");\n return;\n }\n if (!wantsEmbed()) {\n setMessage(\"Ready to open.\");\n return;\n }\n if (startedFor === launchUrl) return;\n startedFor = launchUrl;\n setMessage(\"Loading app\");\n try {\n const selfNavigate = shouldSelfNavigateToApp();\n const embedUrl = withChatBridgeParam(launchUrl);\n if (selfNavigate && isEmbedStartUrl(embedUrl)) {\n if (isClaudeMcpContentHost() && shouldTransplantAppDocument()) {\n await transplantAppDocument(embedUrl);\n } else if (shouldRenderControlledAppFrame()) {\n renderFrame(embedUrl);\n } else {\n navigateToAppFrame(embedUrl);\n }\n return;\n }\n if (!selfNavigate && isEmbedStartUrl(embedUrl)) {\n renderFrame(embedUrl);\n return;\n }\n const result = await callEmbedSessionTool(embedSessionArgsFor(embedUrl));\n const data = parseToolResult(result);\n if (typeof data.startUrl !== \"string\" \|\| !data.startUrl) {\n startedFor = \"\";\n setMessage(data.error \|\| \"This app can be opened, but not embedded from this MCP server.\");\n return;\n }\n const startUrl = withChatBridgeParam(data.startUrl);\n if (selfNavigate) {\n if (isClaudeMcpContentHost() && shouldTransplantAppDocument()) {\n await transplantAppDocument(startUrl);\n } else if (shouldRenderControlledAppFrame()) {\n renderFrame(startUrl);\n } else {\n navigateToAppFrame(startUrl);\n }\n } else {\n renderFrame(startUrl);\n }\n } catch (err) {\n startedFor = \"\";\n setMessage(err && err.message ? err.message : \"Could not launch embedded app.\");\n }\n }\n\n async function callEmbedSessionTool(args) {\n if (openAiBridge && typeof openAiBridge.callTool === \"function\") {\n return await openAiBridge.callTool(startTool, args);\n }\n if (!app \|\| typeof app.callServerTool !== \"function\") {\n throw new Error(\"Host tool calls are not available.\");\n }\n return await app.callServerTool({ name: startTool, arguments: args });\n }\n\n function updateHostOpenInAppUrl() {\n if (!openAiBridge \|\| !openUrl \|\| typeof openAiBridge.setOpenInAppUrl !== \"function\") {\n return;\n }\n try {\n openAiBridge.setOpenInAppUrl({ href: openUrl });\n } catch (err) {\n console.warn(\"[agent-native] ChatGPT rejected open-in-app URL\", err);\n }\n }\n\n function updateOpenButton() {\n const buttonUrl = openUrl;\n openButton.disabled = !buttonUrl;\n openButton.onclick = () => {\n if (buttonUrl) void openHostLink({ url: buttonUrl });\n };\n updateHostOpenInAppUrl();\n }\n\n function updateTitle(data) {\n const label = data.label \|\| data.app \|\| data.view \|\| body.dataset.appTitle \|\| \"App\";\n titleEl.textContent = String(label);\n }\n\n function readOpenAiBridge() {\n return window.openai && typeof window.openai === \"object\"\n ? window.openai\n : null;\n }\n\n function openAiToolResultParams(bridge) {\n const params = {};\n if (bridge && bridge.toolOutput !== undefined) {\n if (bridge.toolOutput && typeof bridge.toolOutput === \"object\") {\n params.structuredContent = bridge.toolOutput;\n } else {\n params.content = [{ type: \"text\", text: String(bridge.toolOutput) }];\n }\n }\n if (bridge && bridge.toolResponseMetadata && typeof bridge.toolResponseMetadata === \"object\") {\n params._meta = bridge.toolResponseMetadata;\n }\n return params;\n }\n\n function syncOpenAiBridge(bridge) {\n if (!bridge) return false;\n openAiBridge = bridge;\n toolInput = objectValue(bridge.toolInput);\n const params = openAiToolResultParams(bridge);\n const data = parseToolResult(params);\n openUrl = openLinkFrom(params, data);\n openStartUrl = embedStartUrlFrom(params, data);\n updateTitle(data);\n updateOpenButton();\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n if (openUrl \|\| openStartUrl) {\n void launchEmbed();\n } else if (!appFrame) {\n setMessage(\"Waiting for app result\");\n }\n return true;\n }\n\n function waitForOpenAiBridge() {\n const existing = readOpenAiBridge();\n if (existing) return Promise.resolve(existing);\n return new Promise((resolve) => {\n let settled = false;\n const finish = (bridge) => {\n if (settled) return;\n settled = true;\n window.removeEventListener(\"openai:set_globals\", onGlobals);\n clearTimeout(timer);\n resolve(bridge \|\| readOpenAiBridge());\n };\n const onGlobals = () => finish(readOpenAiBridge());\n const timer = setTimeout(() => finish(null), 200);\n window.addEventListener(\"openai:set_globals\", onGlobals, { passive: true });\n });\n }\n\n window.addEventListener(\"openai:set_globals\", () => {\n const bridge = readOpenAiBridge();\n if (bridge && (!appFrame \|\| openAiBridge)) syncOpenAiBridge(bridge);\n }, { passive: true });\n\n async function startMcpAppsBridge() {\n const { App } = await import(\"${MCP_APP_IMPORT}\");\n app = new App(\n { name: \"Agent Native Embed\", version: \"1.0.0\" },\n {},\n { autoResize: false }\n );\n app.ontoolinput = (params) => {\n toolInput = params.arguments \|\| {};\n };\n app.ontoolresult = (params) => {\n const data = parseToolResult(params);\n openUrl = openLinkFrom(params, data);\n openStartUrl = embedStartUrlFrom(params, data);\n updateTitle(data);\n updateOpenButton();\n void launchEmbed();\n };\n app.onhostcontextchanged = () => {\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n };\n await app.connect();\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n }\n\n const initialOpenAiBridge = await waitForOpenAiBridge();\n if (!syncOpenAiBridge(initialOpenAiBridge)) {\n await startMcpAppsBridge();\n }\n </script>\n</body>\n</html>`,\n csp: {\n connectDomains: [\n \"https://esm.sh\",\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ],\n resourceDomains: [\n \"https://esm.sh\",\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ],\n baseUriDomains: [MCP_APP_REQUEST_ORIGIN_CSP_SOURCE],\n frameDomains,\n },\n prefersBorder: false,\n };\n}\n"]}

package/dist/server/embed-session.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"embed-session.d.ts","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAkBlC,QAAA,MAAM,UAAU,+BAA+B,CAAC;~~AA6BhD~~,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gCAAgC;IAC/C,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,0BAA0B;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,OAAO,UAAU,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,MAAM,6BAA6B,GACrC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,uBAAuB,CAAA;CAAE,GAC7C;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAElC,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAoTF,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,OAAO,EACd,UAAU,EAAE,MAAM,GACjB,OAAO,CAYT;AAaD,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EAC9B,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,GAAG,IAAI,CA8Bf;AAED,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC,CA8B7B;AAED,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EACjC,OAAO,GAAE,gCAAqC,GAC7C,OAAO,CAAC,0BAA0B,GAAG,IAAI,CAAC,CA6C5C;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CAeT;AAED,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAC/B,6BAA6B,CAsC/B;AAiCD,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAQzE;AAyBD,wBAAsB,8BAA8B,CAClD,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CA+BtC;AAED,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAoBjE;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAS1D"}
1	+ {"version":3,"file":"embed-session.d.ts","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAkBlC,QAAA,MAAM,UAAU,+BAA+B,CAAC;AAiChD,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gCAAgC;IAC/C,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,0BAA0B;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,OAAO,UAAU,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,MAAM,6BAA6B,GACrC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,uBAAuB,CAAA;CAAE,GAC7C;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAElC,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAoTF,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,OAAO,EACd,UAAU,EAAE,MAAM,GACjB,OAAO,CAYT;AAaD,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EAC9B,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,GAAG,IAAI,CA8Bf;AAED,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC,CA8B7B;AAED,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EACjC,OAAO,GAAE,gCAAqC,GAC7C,OAAO,CAAC,0BAA0B,GAAG,IAAI,CAAC,CA6C5C;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CAeT;AAED,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAC/B,6BAA6B,CAsC/B;AAiCD,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAQzE;AAyBD,wBAAsB,8BAA8B,CAClD,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CA+BtC;AAED,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAoBjE;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAS1D"}

package/dist/server/embed-session.js CHANGED Viewed

@@ -24,6 +24,10 @@ const OPEN_ROUTE_VIEW_PATHS = {
     settings: "/settings",
 };
 const EMBED_ROUTE_ALIASES = {
+    // Dispatch's app root redirects to /overview. A ticket minted for the root
+    // should survive that first-hop redirect instead of falling back to the
+    // private deployment token gate.
+    "/": ["/overview"],
     "/dashboard": ["/adhoc/agent-native-templates-first-party"],
     "/dashboards": ["/adhoc/agent-native-templates-first-party"],
     "/traffic": ["/adhoc/agent-native-templates-first-party"],

package/dist/server/embed-session.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"embed-session.js","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,EACL,SAAS,EACT,SAAS,EACT,QAAQ,EACR,SAAS,EACT,iBAAiB,GAClB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,UAAU,GAAG,4BAA4B,CAAC;AAChD,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,CAAC;AAC1C,MAAM,0BAA0B,GAAG,CAAC,GAAG,EAAE,CAAC;AAC1C,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,0BAA0B,CAAC,CAAC;AAC7D,MAAM,eAAe,GAAG,qBAAqB,CAAC;AAC9C,MAAM,qBAAqB,GAA2B;IACpD,GAAG,EAAE,GAAG;IACR,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,SAAS;IAClB,SAAS,EAAE,YAAY;IACvB,IAAI,EAAE,GAAG;IACT,GAAG,EAAE,MAAM;IACX,SAAS,EAAE,SAAS;IACpB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,UAAU;IAClB,OAAO,EAAE,UAAU;IACnB,QAAQ,EAAE,WAAW;CACtB,CAAC;AACF,MAAM,mBAAmB,GAA6B;IACpD,YAAY,EAAE,CAAC,2CAA2C,CAAC;IAC3D,aAAa,EAAE,CAAC,2CAA2C,CAAC;IAC5D,UAAU,EAAE,CAAC,2CAA2C,CAAC;IACzD,oBAAoB,EAAE,CAAC,2CAA2C,CAAC;CACpE,CAAC;AAEF,IAAI,YAAuC,CAAC;AAC5C,IAAI,cAAkC,CAAC;AAkDvC,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC;;;;;;;uBAOJ,OAAO,EAAE;uBACT,OAAO,EAAE;wBACR,OAAO,EAAE;;OAE1B,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,YAAY,GAAG,SAAS,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,4BAA4B,CAAC,mBAAmB,CAAC,CAAC;IACpD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,4IAA4I,CAC7I,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,SAAS,eAAe,CAAC,GAAoB;IAC3C,MAAM,CAAC,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACnE,OAAO,CAAC;SACL,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,MAAM,GAAG,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAChE,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,eAAe,CACpB,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CACtE,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACxB,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC;IAC3B,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,GAAG,CAAC;IAClC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC;QACjC,OAAO,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC;IAC5C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,UAAU,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAgC;IACvD,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACrD,IACE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QACrB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QACtB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EACrB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,wBAAwB,CAC/B,OAAoB,EACpB,IAA+B;IAE/B,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,QAAQ;QAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,wBAAwB,CAAC,UAAkB;IAClD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,uBAAuB,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,eAAe,EAAE,CAAC;QAC9D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,EAAE,GAAG,wBAAwB,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,wBAAwB,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAEtC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,IAAI,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,OAAO,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IAC1D,MAAM,YAAY,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IAE/D,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,OAAO,IAAI,WAAW,EAAE,CAAC;QACpC,wBAAwB,CACtB,OAAO,EACP,UAAU,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,IAAI,KAAK,UAAU,IAAI,UAAU,EAAE,CAAC;QACtC,wBAAwB,CACtB,OAAO,EACP,aAAa,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,YAAY,IAAI,WAAW,EAAE,CAAC;QACzC,wBAAwB,CACtB,OAAO,EACP,eAAe,kBAAkB,CAAC,WAAW,CAAC,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,QAAQ,EAAE,CAAC;QACb,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,YAAY,kBAAkB,CAAC,QAAQ,CAAC,EAAE;YAC5C,CAAC,CAAC,WAAW,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,UAAU,EAAE,CAAC;QACf,wBAAwB,CACtB,OAAO,EACP,SAAS,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/D,IAAI,MAAM,EAAE,CAAC;QACX,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,UAAU;YAC/C,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,IACE,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACpD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EACjD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,IACE,IAAI,KAAK,UAAU;QACnB,CAAC,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC/C,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EACxD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,YAAY,IAAI,QAAQ,EAAE,CAAC;QAC7B,wBAAwB,CACtB,OAAO,EACP,GAAG,YAAY,IAAI,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAClD,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,2BAA2B,CAAC,UAAkB;IACrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpB,KAAK,MAAM,WAAW,IAAI,mBAAmB,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,KAAK,MAAM,UAAU,IAAI,wBAAwB,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,eAAe,GAAI,KAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACjE,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,eAAe,EAAE,CAAC;QAC3D,OAAO,GAAG,eAAe,GAAI,KAAa,CAAC,GAAG,EAAE,MAAM,IAAI,EAAE,EAAE,CAAC;IACjE,CAAC;IACD,OAAO,CACJ,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG;QAC3B,KAAa,CAAC,GAAG,EAAE,GAA0B;QAC7C,KAAa,CAAC,OAAO,EAAE,GAA0B;QAClD,KAAa,CAAC,IAAI;QAClB,KAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;QAChC,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,MAAM,GAAG,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;QACtE,OAAO,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAC1C,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QAC1D,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QACjD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC;QACvD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,WAAW,EAAE,CAAC,CAAC;IACzE,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QAClD,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;QAC7C,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;QACpC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC;IAC1C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACtE,IAAI,CAAC;QACH,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAC5C,IAAI,GAAG,GACJ,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;QAChD,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC;QACjD,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;QACvC,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC;QACxC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO;QACzC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ;QAC3C,IAAI,CAAC;IACP,IAAI,CAAC;QACH,GAAG,GAAG,GAAG,IAAI,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,SAAS,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC;IACpB,CAAC;IACD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAChD,OAAO,gBAAgB,CAAC,GAAG,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACpE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,KAAc,EACd,UAAkB;IAElB,MAAM,OAAO,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;IACxD,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,YAAY,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IACjD,IAAI,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3D,MAAM,cAAc,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;IACrD,OAAO,CAAC,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc;IAC3C,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO,CACL,CAAC,CAAC,QAAQ;QACV,CAAC,QAAQ,KAAK,MAAM;YAClB,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;YAC5B,QAAQ,KAAK,gBAAgB;YAC7B,QAAQ,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAC1C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,GAA8B,EAC9B,aAAsB;IAEtB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,KAAK,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAErD,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YAC9B,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;gBACxC,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;YACrD,CAAC;YACD,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;YACxC,IACE,IAAI;gBACJ,MAAM,CAAC,QAAQ,KAAK,IAAI;gBACxB,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,EACvC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAC5D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7C,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACjE,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAA8B;IAE9B,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC9E,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,UAAU;QACb,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAEhE,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,0BAA0B,CAAC;IAClE,MAAM,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC;IACvD,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EACD,yCAAyC;YACzC,8FAA8F;YAC9F,iCAAiC;QACnC,IAAI,EAAE;YACJ,UAAU;YACV,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,GAAG;YACH,SAAS;YACT,IAAI;SACL;KACF,CAAC,CAAC;IACH,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiC,EACjC,UAA4C,EAAE;IAE9C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACzC,GAAG,EACD,uFAAuF;YACvF,uDAAuD;QACzD,IAAI,EAAE,CAAC,UAAU,CAAC;KACnB,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,GAAG,GAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IACzD,IAAI,UAAU,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,SAAS,IAAI,IAAI,IAAI,SAAS,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,OAAO,CAAC,aAAa,IAAI,KAAK,IAAI,KAAK,KAAK,OAAO,CAAC,aAAa,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACvC,GAAG,EACD,wDAAwD;YACxD,+CAA+C;QACjD,IAAI,EAAE,CAAC,GAAG,EAAE,UAAU,CAAC;KACxB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,YAAY,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,UAAU,GAAG,wBAAwB,CACzC,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CACrD,CAAC;IACF,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACxE,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,IAAI,SAAS,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAEjE,OAAO;QACL,UAAU;QACV,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3B,UAAU;QACV,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC;YAC9B,CAAC,CAAC,EAAE,KAAK,EAAE,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;YACzC,CAAC,CAAC,EAAE,CAAC;QACP,SAAS;KACV,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAMrC;IACC,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,IAAI,yBAAyB,CAAC,CAAC;IACvE,MAAM,MAAM,GAA4B;QACtC,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,UAAU;QACV,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,GAAG;KACf,CAAC;IACF,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,OAAO,GAAG,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAgC;IAEhC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IACD,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;IACnC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;QACnE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IAED,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IAED,IACE,CAAC,MAAM;QACP,MAAM,CAAC,IAAI,KAAK,UAAU;QAC1B,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ;QACrC,CAAC,MAAM,CAAC,UAAU;QAClB,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;QAC9B,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAC5B,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,CAAC,UAAU,GAAG,wBAAwB,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACvE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QACtD,IAAI,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC;QAC1C,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;QACxE,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;IACjD,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAK1C,OAAO,cAAc,CAAC,KAAK,CAAC;QAC1B,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;QACvD,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAc,EAAE,KAAa;IACjE,SAAS,CAAC,KAAK,EAAE,oBAAoB,EAAE,KAAK,EAAE;QAC5C,QAAQ,EAAE,IAAI;QACd,GAAG,oBAAoB,CAAC,KAAK,CAAC;QAC9B,GAAG,iBAAiB,EAAE;QACtB,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,yBAAyB;KAClC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC/C,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAChD,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,CACL,IAAI,GAAG,CACL,mBAAmB,CAAC,KAAK,CAAC,EAC1B,6BAA6B,CAC9B,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,SAAS,CACzD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,KAAc;IAEd,MAAM,UAAU,GAAG;QACjB,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE;QAC7C,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;QAC/C,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;KACpE,CAAC;IACF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,SAAS;QAC3B,MAAM,aAAa,GAAG,yBAAyB,CAC7C,KAAK,EACL,QAAQ,CAAC,MAAM,CAAC,UAAU,CAC3B,CAAC;QACF,MAAM,sBAAsB,GAC1B,SAAS,CAAC,MAAM,KAAK,QAAQ,IAAI,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAChE,IAAI,CAAC,aAAa,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC9C,SAAS;QACX,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;YACpD,qBAAqB,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9C,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACjC,KAAK,EAAE,SAAS,CAAC,KAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACtC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAc;IACtD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;YAC1D,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAC;QAC3D,KAAK,MAAM,KAAK,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;YAChD,IACE,QAAQ,CAAC,EAAE;gBACX,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAC5D,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAc;IAC/C,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,OAAO,CACL,CAAC,CAAC,sBAAsB,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,sBAAsB,CAAC,KAAK,MAAM,CAC1E,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["import crypto from \"node:crypto\";\nimport type { H3Event } from \"h3\";\nimport {\n getCookie,\n getHeader,\n getQuery,\n setCookie,\n setResponseHeader,\n} from \"h3\";\nimport { getDbExec, intType } from \"../db/client.js\";\nimport { getWorkspaceA2ADerivedSecret } from \"./derived-secret.js\";\nimport { getConfiguredAppBasePath } from \"./app-base-path.js\";\nimport {\n EMBED_MODE_QUERY_PARAM,\n EMBED_SESSION_COOKIE,\n EMBED_TARGET_HEADER,\n EMBED_TOKEN_QUERY_PARAM,\n} from \"../shared/embed-auth.js\";\n\nconst TOKEN_KIND = \"agent-native-embed-session\";\nconst DEFAULT_TOKEN_TTL_SECONDS = 60 * 60;\nconst DEFAULT_TICKET_TTL_SECONDS = 5 * 60;\nconst CONTROL_CHARS = new RegExp(\"[\\\\u0000-\\\\u001f\\\\u007f]\");\nconst OPEN_ROUTE_PATH = \"/_agent-native/open\";\nconst OPEN_ROUTE_VIEW_PATHS: Record<string, string> = {\n ask: \"/\",\n calendar: \"/\",\n capture: \"/search\",\n knowledge: \"/knowledge\",\n list: \"/\",\n ops: \"/ops\",\n proposals: \"/review\",\n review: \"/review\",\n search: \"/search\",\n source: \"/sources\",\n sources: \"/sources\",\n settings: \"/settings\",\n};\nconst EMBED_ROUTE_ALIASES: Record<string, string[]> = {\n \"/dashboard\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/dashboards\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/traffic\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/traffic-dashboard\": [\"/adhoc/agent-native-templates-first-party\"],\n};\n\nlet _initPromise: Promise<void> \| undefined;\nlet _devSigningKey: string \| undefined;\n\nexport interface EmbedSessionTicketInput {\n ownerEmail: string;\n orgId?: string \| null;\n targetPath: string;\n scope?: string \| null;\n ttlSeconds?: number;\n}\n\nexport interface EmbedSessionTicket {\n ticket: string;\n ticketHash: string;\n expiresAt: number;\n}\n\nexport interface ConsumeEmbedSessionTicketOptions {\n expectedOrgId?: string \| null;\n}\n\nexport interface ConsumedEmbedSessionTicket {\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n expiresAt: number;\n}\n\nexport interface EmbedSessionTokenClaims {\n kind: typeof TOKEN_KIND;\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n iat: number;\n exp: number;\n}\n\nexport type VerifyEmbedSessionTokenResult =\n \| { ok: true; claims: EmbedSessionTokenClaims }\n \| { ok: false; reason: string };\n\nexport type ResolvedEmbedSession = {\n email: string;\n orgId?: string;\n token: string;\n targetPath: string;\n scope?: string;\n};\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS agent_native_embed_tickets (\n ticket_hash TEXT PRIMARY KEY,\n owner_email TEXT NOT NULL,\n org_id TEXT,\n target_path TEXT NOT NULL,\n scope TEXT,\n created_at ${intType()} NOT NULL,\n expires_at ${intType()} NOT NULL,\n consumed_at ${intType()}\n )\n `);\n })().catch((err) => {\n _initPromise = undefined;\n throw err;\n });\n }\n return _initPromise;\n}\n\nfunction getSigningKey(): string {\n const secret =\n process.env.OAUTH_STATE_SECRET \|\|\n process.env.BETTER_AUTH_SECRET \|\|\n getWorkspaceA2ADerivedSecret(\"short-lived-token\");\n if (secret) return secret;\n\n if (process.env.NODE_ENV === \"production\") {\n throw new Error(\n \"Embed session signing requires a server secret. Set OAUTH_STATE_SECRET, BETTER_AUTH_SECRET, or A2A_SECRET in production workspace deploys.\",\n );\n }\n\n if (!_devSigningKey) {\n _devSigningKey = crypto.randomBytes(32).toString(\"hex\");\n }\n return _devSigningKey;\n}\n\nfunction base64UrlEncode(buf: Buffer \| string): string {\n const b = typeof buf === \"string\" ? Buffer.from(buf, \"utf8\") : buf;\n return b\n .toString(\"base64\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/g, \"\");\n}\n\nfunction base64UrlDecode(input: string): Buffer {\n const padded = input + \"=\".repeat((4 - (input.length % 4)) % 4);\n return Buffer.from(padded.replace(/-/g, \"+\").replace(/_/g, \"/\"), \"base64\");\n}\n\nfunction signPayload(payload: string): string {\n return base64UrlEncode(\n crypto.createHmac(\"sha256\", getSigningKey()).update(payload).digest(),\n );\n}\n\nfunction hashTicket(ticket: string): string {\n return crypto.createHash(\"sha256\").update(ticket).digest(\"hex\");\n}\n\nfunction numberOrNull(value: unknown): number \| null {\n if (value == null) return null;\n const n = Number(value);\n return Number.isFinite(n) ? n : null;\n}\n\nfunction stringOrUndefined(value: unknown): string \| undefined {\n return typeof value === \"string\" && value ? value : undefined;\n}\n\nfunction stripConfiguredBasePath(pathname: string): string {\n const base = getConfiguredAppBasePath();\n if (!base) return pathname;\n if (pathname === base) return \"/\";\n if (pathname.startsWith(`${base}/`))\n return pathname.slice(base.length) \|\| \"/\";\n return pathname;\n}\n\nfunction pathnameFromPath(path: string): string \| null {\n const normalized = normalizeEmbedTargetPath(path);\n if (!normalized) return null;\n try {\n return new URL(normalized, \"http://agent-native.invalid\").pathname;\n } catch {\n return null;\n }\n}\n\nfunction safePathSegment(value: string \| null \| undefined): string \| null {\n const segment = value?.trim();\n if (!segment \|\| CONTROL_CHARS.test(segment)) return null;\n if (segment === \".\" \|\| segment === \"..\") return null;\n if (\n segment.includes(\"/\") \|\|\n segment.includes(\"\\\\\") \|\|\n segment.includes(\"?\")\n ) {\n return null;\n }\n if (segment.includes(\"#\")) return null;\n return segment;\n}\n\nfunction addResolvedOpenRoutePath(\n targets: Set<string>,\n path: string \| null \| undefined,\n): void {\n if (!path) return;\n const pathname = pathnameFromPath(path);\n if (pathname) targets.add(pathname);\n}\n\nfunction openRouteTargetPathnames(targetPath: string): Set<string> {\n const targets = new Set<string>();\n let url: URL;\n try {\n url = new URL(targetPath, \"http://agent-native.invalid\");\n } catch {\n return targets;\n }\n if (stripConfiguredBasePath(url.pathname) !== OPEN_ROUTE_PATH) {\n return targets;\n }\n\n const to = normalizeEmbedTargetPath(url.searchParams.get(\"to\"));\n addResolvedOpenRoutePath(targets, to);\n\n const view = url.searchParams.get(\"view\")?.trim();\n if (!view \|\| CONTROL_CHARS.test(view)) return targets;\n const viewPath = view.startsWith(\"/\") ? view : `/${view}`;\n const viewPathname = pathnameFromPath(viewPath);\n addResolvedOpenRoutePath(targets, viewPathname);\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n\n const dashboardId = safePathSegment(url.searchParams.get(\"dashboardId\"));\n if (view === \"adhoc\" && dashboardId) {\n addResolvedOpenRoutePath(\n targets,\n `/adhoc/${encodeURIComponent(dashboardId)}`,\n );\n }\n const analysisId = safePathSegment(url.searchParams.get(\"analysisId\"));\n if (view === \"analyses\" && analysisId) {\n addResolvedOpenRoutePath(\n targets,\n `/analyses/${encodeURIComponent(analysisId)}`,\n );\n }\n const extensionId = safePathSegment(url.searchParams.get(\"extensionId\"));\n if (view === \"extensions\" && extensionId) {\n addResolvedOpenRoutePath(\n targets,\n `/extensions/${encodeURIComponent(extensionId)}`,\n );\n }\n const designId = safePathSegment(url.searchParams.get(\"designId\"));\n if (designId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/present/${encodeURIComponent(designId)}`\n : `/design/${encodeURIComponent(designId)}`,\n );\n }\n const documentId = safePathSegment(url.searchParams.get(\"documentId\"));\n if (documentId) {\n addResolvedOpenRoutePath(\n targets,\n `/page/${encodeURIComponent(documentId)}`,\n );\n }\n const deckId = safePathSegment(url.searchParams.get(\"deckId\"));\n if (deckId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/deck/${encodeURIComponent(deckId)}/present`\n : `/deck/${encodeURIComponent(deckId)}`,\n );\n }\n if (\n safePathSegment(url.searchParams.get(\"captureId\")) \|\|\n safePathSegment(url.searchParams.get(\"knowledgeId\")) \|\|\n safePathSegment(url.searchParams.get(\"sourceId\"))\n ) {\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n }\n if (\n view === \"calendar\" &&\n (safePathSegment(url.searchParams.get(\"eventId\")) \|\|\n safePathSegment(url.searchParams.get(\"eventDraftId\")))\n ) {\n addResolvedOpenRoutePath(targets, \"/\");\n }\n const threadId = safePathSegment(url.searchParams.get(\"threadId\"));\n if (viewPathname && threadId) {\n addResolvedOpenRoutePath(\n targets,\n `${viewPathname}/${encodeURIComponent(threadId)}`,\n );\n }\n\n return targets;\n}\n\nfunction allowedEmbedTargetPathnames(targetPath: string): Set<string> {\n const allowed = new Set<string>();\n const direct = pathnameFromPath(targetPath);\n if (direct) {\n allowed.add(direct);\n for (const aliasTarget of EMBED_ROUTE_ALIASES[direct] ?? []) {\n allowed.add(aliasTarget);\n }\n }\n for (const openTarget of openRouteTargetPathnames(targetPath)) {\n allowed.add(openTarget);\n }\n return allowed;\n}\n\nfunction requestUrlFromEvent(event: H3Event): string {\n const mountedPathname = (event as any).context?._mountedPathname;\n if (typeof mountedPathname === \"string\" && mountedPathname) {\n return `${mountedPathname}${(event as any).url?.search ?? \"\"}`;\n }\n return (\n (event as any).node?.req?.url ??\n ((event as any).req?.url as string \| undefined) ??\n ((event as any).request?.url as string \| undefined) ??\n (event as any).path ??\n (event as any).url?.toString?.() ??\n \"/\"\n );\n}\n\nfunction requestPathname(event: H3Event): string \| null {\n const raw = requestUrlFromEvent(event);\n try {\n const pathname = new URL(raw, \"http://agent-native.invalid\").pathname;\n return stripConfiguredBasePath(pathname);\n } catch {\n return null;\n }\n}\n\nfunction headerTargetPathname(event: H3Event): string \| null {\n const direct =\n (event as any).request?.headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER] ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER.toLowerCase()];\n if (typeof direct === \"string\") return pathnameFromPath(direct);\n try {\n const raw = getHeader(event, EMBED_TARGET_HEADER);\n return typeof raw === \"string\" ? pathnameFromPath(raw) : null;\n } catch {\n return null;\n }\n}\n\nfunction requestHost(event: H3Event): string \| null {\n const direct =\n (event as any).request?.headers?.get?.(\"host\") ??\n (event as any).headers?.get?.(\"host\") ??\n (event as any).node?.req?.headers?.host;\n if (typeof direct === \"string\" && direct.trim()) return direct.trim();\n try {\n return getHeader(event, \"host\") ?? null;\n } catch {\n return null;\n }\n}\n\nfunction referrerTargetPathname(event: H3Event): string \| null {\n let raw: string \| null =\n (event as any).request?.headers?.get?.(\"referer\") ??\n (event as any).request?.headers?.get?.(\"referrer\") ??\n (event as any).headers?.get?.(\"referer\") ??\n (event as any).headers?.get?.(\"referrer\") ??\n (event as any).node?.req?.headers?.referer ??\n (event as any).node?.req?.headers?.referrer ??\n null;\n try {\n raw = raw ?? getHeader(event, \"referer\") ?? getHeader(event, \"referrer\");\n } catch {\n raw = raw ?? null;\n }\n if (!raw) return null;\n try {\n const referrer = new URL(raw);\n const host = requestHost(event);\n if (host && referrer.host !== host) return null;\n return pathnameFromPath(`${referrer.pathname}${referrer.search}`);\n } catch {\n return pathnameFromPath(raw);\n }\n}\n\nexport function requestMatchesEmbedTarget(\n event: H3Event,\n targetPath: string,\n): boolean {\n const allowed = allowedEmbedTargetPathnames(targetPath);\n if (allowed.size === 0) return false;\n\n const current = requestPathname(event);\n if (current && allowed.has(current)) return true;\n\n const headerTarget = headerTargetPathname(event);\n if (headerTarget && allowed.has(headerTarget)) return true;\n\n const referrerTarget = referrerTargetPathname(event);\n return !!referrerTarget && allowed.has(referrerTarget);\n}\n\nfunction isEmbedRuntimeRequest(event: H3Event): boolean {\n const pathname = requestPathname(event);\n return (\n !!pathname &&\n (pathname === \"/api\" \|\|\n pathname.startsWith(\"/api/\") \|\|\n pathname === \"/_agent-native\" \|\|\n pathname.startsWith(\"/_agent-native/\"))\n );\n}\n\nexport function normalizeEmbedTargetPath(\n raw: string \| undefined \| null,\n requestOrigin?: string,\n): string \| null {\n const value = String(raw ?? \"\").trim();\n if (!value \|\| CONTROL_CHARS.test(value)) return null;\n\n let path = value;\n try {\n if (/^[a-z][a-z0-9+.-]:\\/\\//i.test(value)) {\n const parsed = new URL(value);\n if (requestOrigin) {\n const expected = new URL(requestOrigin);\n if (parsed.origin !== expected.origin) return null;\n }\n const base = getConfiguredAppBasePath();\n if (\n base &&\n parsed.pathname !== base &&\n !parsed.pathname.startsWith(`${base}/`)\n ) {\n return null;\n }\n path = `${parsed.pathname}${parsed.search}${parsed.hash}`;\n }\n } catch {\n return null;\n }\n\n if (!path.startsWith(\"/\")) path = `/${path}`;\n if (path.startsWith(\"//\") \|\| path.startsWith(\"/\\\\\")) return null;\n if (/^\\/[a-z][a-z0-9+.-]:/i.test(path)) return null;\n return stripConfiguredBasePath(path);\n}\n\nexport async function createEmbedSessionTicket(\n input: EmbedSessionTicketInput,\n): Promise<EmbedSessionTicket> {\n const ownerEmail = input.ownerEmail.trim();\n if (!ownerEmail) throw new Error(\"Embed session ticket requires ownerEmail.\");\n const targetPath = normalizeEmbedTargetPath(input.targetPath);\n if (!targetPath)\n throw new Error(\"Embed session ticket requires a safe path.\");\n\n await ensureTable();\n const ticket = crypto.randomBytes(32).toString(\"base64url\");\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const ttlSeconds = input.ttlSeconds ?? DEFAULT_TICKET_TTL_SECONDS;\n const expiresAt = now + Math.max(1, ttlSeconds) * 1000;\n await getDbExec().execute({\n sql:\n \"INSERT INTO agent_native_embed_tickets \" +\n \"(ticket_hash, owner_email, org_id, target_path, scope, created_at, expires_at, consumed_at) \" +\n \"VALUES (?, ?, ?, ?, ?, ?, ?, ?)\",\n args: [\n ticketHash,\n ownerEmail,\n input.orgId ?? null,\n targetPath,\n input.scope ?? null,\n now,\n expiresAt,\n null,\n ],\n });\n return { ticket, ticketHash, expiresAt };\n}\n\nexport async function consumeEmbedSessionTicket(\n ticket: string \| undefined \| null,\n options: ConsumeEmbedSessionTicketOptions = {},\n): Promise<ConsumedEmbedSessionTicket \| null> {\n if (!ticket) return null;\n await ensureTable();\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const { rows } = await getDbExec().execute({\n sql:\n \"SELECT ticket_hash, owner_email, org_id, target_path, scope, expires_at, consumed_at \" +\n \"FROM agent_native_embed_tickets WHERE ticket_hash = ?\",\n args: [ticketHash],\n });\n if (rows.length === 0) return null;\n const row: any = rows[0];\n const expiresAt = numberOrNull(row.expires_at ?? row.expiresAt);\n const consumedAt = numberOrNull(row.consumed_at ?? row.consumedAt);\n const orgId = stringOrUndefined(row.org_id ?? row.orgId);\n if (consumedAt != null) return null;\n if (expiresAt != null && expiresAt < now) return null;\n if (options.expectedOrgId && orgId && orgId !== options.expectedOrgId) {\n return null;\n }\n\n const result = await getDbExec().execute({\n sql:\n \"UPDATE agent_native_embed_tickets SET consumed_at = ? \" +\n \"WHERE ticket_hash = ? AND consumed_at IS NULL\",\n args: [now, ticketHash],\n });\n if (result.rowsAffected === 0) return null;\n\n const targetPath = normalizeEmbedTargetPath(\n stringOrUndefined(row.target_path ?? row.targetPath),\n );\n const ownerEmail = stringOrUndefined(row.owner_email ?? row.ownerEmail);\n if (!targetPath \|\| !ownerEmail \|\| expiresAt == null) return null;\n\n return {\n ownerEmail,\n ...(orgId ? { orgId } : {}),\n targetPath,\n ...(stringOrUndefined(row.scope)\n ? { scope: stringOrUndefined(row.scope) }\n : {}),\n expiresAt,\n };\n}\n\nexport function signEmbedSessionToken(input: {\n ownerEmail: string;\n orgId?: string \| null;\n targetPath: string;\n scope?: string \| null;\n ttlSeconds?: number;\n}): string {\n const targetPath = normalizeEmbedTargetPath(input.targetPath) ?? \"/\";\n const now = Math.floor(Date.now() / 1000);\n const ttl = Math.max(1, input.ttlSeconds ?? DEFAULT_TOKEN_TTL_SECONDS);\n const claims: EmbedSessionTokenClaims = {\n kind: TOKEN_KIND,\n ownerEmail: input.ownerEmail,\n targetPath,\n iat: now,\n exp: now + ttl,\n };\n if (input.orgId) claims.orgId = input.orgId;\n if (input.scope) claims.scope = input.scope;\n const payload = base64UrlEncode(JSON.stringify(claims));\n return `${payload}.${signPayload(payload)}`;\n}\n\nexport function verifyEmbedSessionToken(\n token: string \| undefined \| null,\n): VerifyEmbedSessionTokenResult {\n if (!token \|\| typeof token !== \"string\") {\n return { ok: false, reason: \"missing\" };\n }\n const parts = token.split(\".\");\n if (parts.length !== 2 \|\| !parts[0] \|\| !parts[1]) {\n return { ok: false, reason: \"shape\" };\n }\n const [payload, signature] = parts;\n const expected = signPayload(payload);\n const sig = Buffer.from(signature);\n const exp = Buffer.from(expected);\n if (sig.length !== exp.length \|\| !crypto.timingSafeEqual(sig, exp)) {\n return { ok: false, reason: \"signature\" };\n }\n\n let claims: EmbedSessionTokenClaims;\n try {\n claims = JSON.parse(base64UrlDecode(payload).toString(\"utf8\"));\n } catch {\n return { ok: false, reason: \"payload\" };\n }\n\n if (\n !claims \|\|\n claims.kind !== TOKEN_KIND \|\|\n typeof claims.ownerEmail !== \"string\" \|\|\n !claims.ownerEmail \|\|\n typeof claims.exp !== \"number\" \|\|\n !Number.isFinite(claims.exp)\n ) {\n return { ok: false, reason: \"claims\" };\n }\n if (claims.exp < Math.floor(Date.now() / 1000)) {\n return { ok: false, reason: \"expired\" };\n }\n claims.targetPath = normalizeEmbedTargetPath(claims.targetPath) ?? \"/\";\n return { ok: true, claims };\n}\n\nfunction isHttpsRequest(event: H3Event): boolean {\n try {\n const xfProto = getHeader(event, \"x-forwarded-proto\");\n if (xfProto && String(xfProto).split(\",\")[0].trim() === \"https\") {\n return true;\n }\n const url = event.url?.toString?.() ?? \"\";\n if (url.startsWith(\"https://\")) return true;\n const appUrl = process.env.APP_URL \|\| process.env.BETTER_AUTH_URL \|\| \"\";\n if (appUrl.startsWith(\"https://\")) return true;\n } catch {\n // ignore\n }\n return false;\n}\n\nfunction cookieDomainAttrs(): { domain?: string } {\n const domain = process.env.COOKIE_DOMAIN?.trim();\n return domain ? { domain } : {};\n}\n\nfunction crossSiteCookieAttrs(event: H3Event): {\n sameSite: \"lax\" \| \"none\";\n secure: boolean;\n partitioned?: boolean;\n} {\n return isHttpsRequest(event)\n ? { sameSite: \"none\", secure: true, partitioned: true }\n : { sameSite: \"lax\", secure: false };\n}\n\nexport function setEmbedSessionCookie(event: H3Event, token: string): void {\n setCookie(event, EMBED_SESSION_COOKIE, token, {\n httpOnly: true,\n ...crossSiteCookieAttrs(event),\n ...cookieDomainAttrs(),\n path: \"/\",\n maxAge: DEFAULT_TOKEN_TTL_SECONDS,\n });\n}\n\nfunction bearerToken(event: H3Event): string \| undefined {\n const auth = getHeader(event, \"authorization\");\n if (!auth) return undefined;\n const match = /^Bearer\\s+(.+)$/i.exec(String(auth).trim());\n return match?.[1]?.trim();\n}\n\nfunction queryToken(event: H3Event): string \| undefined {\n const raw = getQuery(event)?.[EMBED_TOKEN_QUERY_PARAM];\n const value = Array.isArray(raw) ? raw[0] : raw;\n if (value) return value;\n try {\n return (\n new URL(\n requestUrlFromEvent(event),\n \"http://agent-native.invalid\",\n ).searchParams.get(EMBED_TOKEN_QUERY_PARAM) ?? undefined\n );\n } catch {\n return undefined;\n }\n}\n\nexport async function resolveEmbedSessionFromRequest(\n event: H3Event,\n): Promise<ResolvedEmbedSession \| null> {\n const candidates = [\n { token: queryToken(event), source: \"query\" },\n { token: bearerToken(event), source: \"bearer\" },\n { token: getCookie(event, EMBED_SESSION_COOKIE), source: \"cookie\" },\n ];\n for (const candidate of candidates) {\n const verified = verifyEmbedSessionToken(candidate.token);\n if (!verified.ok) continue;\n const matchesTarget = requestMatchesEmbedTarget(\n event,\n verified.claims.targetPath,\n );\n const isRuntimeCookieRequest =\n candidate.source === \"cookie\" && isEmbedRuntimeRequest(event);\n if (!matchesTarget && !isRuntimeCookieRequest) {\n continue;\n }\n if (candidate.source === \"query\" && candidate.token) {\n setEmbedSessionCookie(event, candidate.token);\n setResponseHeader(event, \"Referrer-Policy\", \"no-referrer\");\n }\n return {\n email: verified.claims.ownerEmail,\n token: candidate.token!,\n targetPath: verified.claims.targetPath,\n ...(verified.claims.orgId ? { orgId: verified.claims.orgId } : {}),\n ...(verified.claims.scope ? { scope: verified.claims.scope } : {}),\n };\n }\n return null;\n}\n\nexport function requestHasEmbedAuthMarker(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n const queryToken = Array.isArray(q[EMBED_TOKEN_QUERY_PARAM])\n ? q[EMBED_TOKEN_QUERY_PARAM][0]\n : q[EMBED_TOKEN_QUERY_PARAM];\n const cookieToken = getCookie(event, EMBED_SESSION_COOKIE);\n for (const token of [queryToken, cookieToken]) {\n const verified = verifyEmbedSessionToken(token);\n if (\n verified.ok &&\n requestMatchesEmbedTarget(event, verified.claims.targetPath)\n ) {\n return true;\n }\n }\n } catch {\n // ignore\n }\n return false;\n}\n\nexport function isEmbedModeRequest(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n return (\n q[EMBED_MODE_QUERY_PARAM] === \"1\" \|\| q[EMBED_MODE_QUERY_PARAM] === \"true\"\n );\n } catch {\n return false;\n }\n}\n"]}
1	+ {"version":3,"file":"embed-session.js","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,EACL,SAAS,EACT,SAAS,EACT,QAAQ,EACR,SAAS,EACT,iBAAiB,GAClB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,UAAU,GAAG,4BAA4B,CAAC;AAChD,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,CAAC;AAC1C,MAAM,0BAA0B,GAAG,CAAC,GAAG,EAAE,CAAC;AAC1C,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,0BAA0B,CAAC,CAAC;AAC7D,MAAM,eAAe,GAAG,qBAAqB,CAAC;AAC9C,MAAM,qBAAqB,GAA2B;IACpD,GAAG,EAAE,GAAG;IACR,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,SAAS;IAClB,SAAS,EAAE,YAAY;IACvB,IAAI,EAAE,GAAG;IACT,GAAG,EAAE,MAAM;IACX,SAAS,EAAE,SAAS;IACpB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,UAAU;IAClB,OAAO,EAAE,UAAU;IACnB,QAAQ,EAAE,WAAW;CACtB,CAAC;AACF,MAAM,mBAAmB,GAA6B;IACpD,2EAA2E;IAC3E,wEAAwE;IACxE,iCAAiC;IACjC,GAAG,EAAE,CAAC,WAAW,CAAC;IAClB,YAAY,EAAE,CAAC,2CAA2C,CAAC;IAC3D,aAAa,EAAE,CAAC,2CAA2C,CAAC;IAC5D,UAAU,EAAE,CAAC,2CAA2C,CAAC;IACzD,oBAAoB,EAAE,CAAC,2CAA2C,CAAC;CACpE,CAAC;AAEF,IAAI,YAAuC,CAAC;AAC5C,IAAI,cAAkC,CAAC;AAkDvC,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC;;;;;;;uBAOJ,OAAO,EAAE;uBACT,OAAO,EAAE;wBACR,OAAO,EAAE;;OAE1B,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,YAAY,GAAG,SAAS,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,4BAA4B,CAAC,mBAAmB,CAAC,CAAC;IACpD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,4IAA4I,CAC7I,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,SAAS,eAAe,CAAC,GAAoB;IAC3C,MAAM,CAAC,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACnE,OAAO,CAAC;SACL,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,MAAM,GAAG,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAChE,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,eAAe,CACpB,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CACtE,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACxB,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC;IAC3B,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,GAAG,CAAC;IAClC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC;QACjC,OAAO,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC;IAC5C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,UAAU,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAgC;IACvD,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACrD,IACE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QACrB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QACtB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EACrB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,wBAAwB,CAC/B,OAAoB,EACpB,IAA+B;IAE/B,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,QAAQ;QAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,wBAAwB,CAAC,UAAkB;IAClD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,uBAAuB,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,eAAe,EAAE,CAAC;QAC9D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,EAAE,GAAG,wBAAwB,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,wBAAwB,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAEtC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,IAAI,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,OAAO,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IAC1D,MAAM,YAAY,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IAE/D,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,OAAO,IAAI,WAAW,EAAE,CAAC;QACpC,wBAAwB,CACtB,OAAO,EACP,UAAU,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,IAAI,KAAK,UAAU,IAAI,UAAU,EAAE,CAAC;QACtC,wBAAwB,CACtB,OAAO,EACP,aAAa,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,YAAY,IAAI,WAAW,EAAE,CAAC;QACzC,wBAAwB,CACtB,OAAO,EACP,eAAe,kBAAkB,CAAC,WAAW,CAAC,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,QAAQ,EAAE,CAAC;QACb,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,YAAY,kBAAkB,CAAC,QAAQ,CAAC,EAAE;YAC5C,CAAC,CAAC,WAAW,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,UAAU,EAAE,CAAC;QACf,wBAAwB,CACtB,OAAO,EACP,SAAS,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/D,IAAI,MAAM,EAAE,CAAC;QACX,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,UAAU;YAC/C,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,IACE,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACpD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EACjD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,IACE,IAAI,KAAK,UAAU;QACnB,CAAC,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC/C,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EACxD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,YAAY,IAAI,QAAQ,EAAE,CAAC;QAC7B,wBAAwB,CACtB,OAAO,EACP,GAAG,YAAY,IAAI,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAClD,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,2BAA2B,CAAC,UAAkB;IACrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpB,KAAK,MAAM,WAAW,IAAI,mBAAmB,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,KAAK,MAAM,UAAU,IAAI,wBAAwB,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,eAAe,GAAI,KAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACjE,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,eAAe,EAAE,CAAC;QAC3D,OAAO,GAAG,eAAe,GAAI,KAAa,CAAC,GAAG,EAAE,MAAM,IAAI,EAAE,EAAE,CAAC;IACjE,CAAC;IACD,OAAO,CACJ,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG;QAC3B,KAAa,CAAC,GAAG,EAAE,GAA0B;QAC7C,KAAa,CAAC,OAAO,EAAE,GAA0B;QAClD,KAAa,CAAC,IAAI;QAClB,KAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;QAChC,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,MAAM,GAAG,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;QACtE,OAAO,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAC1C,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QAC1D,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QACjD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC;QACvD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,WAAW,EAAE,CAAC,CAAC;IACzE,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QAClD,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;QAC7C,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;QACpC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC;IAC1C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACtE,IAAI,CAAC;QACH,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAC5C,IAAI,GAAG,GACJ,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;QAChD,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC;QACjD,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;QACvC,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC;QACxC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO;QACzC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ;QAC3C,IAAI,CAAC;IACP,IAAI,CAAC;QACH,GAAG,GAAG,GAAG,IAAI,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,SAAS,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC;IACpB,CAAC;IACD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAChD,OAAO,gBAAgB,CAAC,GAAG,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACpE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,KAAc,EACd,UAAkB;IAElB,MAAM,OAAO,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;IACxD,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,YAAY,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IACjD,IAAI,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3D,MAAM,cAAc,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;IACrD,OAAO,CAAC,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc;IAC3C,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO,CACL,CAAC,CAAC,QAAQ;QACV,CAAC,QAAQ,KAAK,MAAM;YAClB,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;YAC5B,QAAQ,KAAK,gBAAgB;YAC7B,QAAQ,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAC1C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,GAA8B,EAC9B,aAAsB;IAEtB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,KAAK,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAErD,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YAC9B,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;gBACxC,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;YACrD,CAAC;YACD,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;YACxC,IACE,IAAI;gBACJ,MAAM,CAAC,QAAQ,KAAK,IAAI;gBACxB,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,EACvC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAC5D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7C,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACjE,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAA8B;IAE9B,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC9E,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,UAAU;QACb,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAEhE,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,0BAA0B,CAAC;IAClE,MAAM,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC;IACvD,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EACD,yCAAyC;YACzC,8FAA8F;YAC9F,iCAAiC;QACnC,IAAI,EAAE;YACJ,UAAU;YACV,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,GAAG;YACH,SAAS;YACT,IAAI;SACL;KACF,CAAC,CAAC;IACH,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiC,EACjC,UAA4C,EAAE;IAE9C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACzC,GAAG,EACD,uFAAuF;YACvF,uDAAuD;QACzD,IAAI,EAAE,CAAC,UAAU,CAAC;KACnB,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,GAAG,GAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IACzD,IAAI,UAAU,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,SAAS,IAAI,IAAI,IAAI,SAAS,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,OAAO,CAAC,aAAa,IAAI,KAAK,IAAI,KAAK,KAAK,OAAO,CAAC,aAAa,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACvC,GAAG,EACD,wDAAwD;YACxD,+CAA+C;QACjD,IAAI,EAAE,CAAC,GAAG,EAAE,UAAU,CAAC;KACxB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,YAAY,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,UAAU,GAAG,wBAAwB,CACzC,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CACrD,CAAC;IACF,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACxE,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,IAAI,SAAS,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAEjE,OAAO;QACL,UAAU;QACV,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3B,UAAU;QACV,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC;YAC9B,CAAC,CAAC,EAAE,KAAK,EAAE,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;YACzC,CAAC,CAAC,EAAE,CAAC;QACP,SAAS;KACV,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAMrC;IACC,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,IAAI,yBAAyB,CAAC,CAAC;IACvE,MAAM,MAAM,GAA4B;QACtC,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,UAAU;QACV,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,GAAG;KACf,CAAC;IACF,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,OAAO,GAAG,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAgC;IAEhC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IACD,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;IACnC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;QACnE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IAED,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IAED,IACE,CAAC,MAAM;QACP,MAAM,CAAC,IAAI,KAAK,UAAU;QAC1B,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ;QACrC,CAAC,MAAM,CAAC,UAAU;QAClB,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;QAC9B,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAC5B,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,CAAC,UAAU,GAAG,wBAAwB,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACvE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QACtD,IAAI,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC;QAC1C,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;QACxE,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;IACjD,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAK1C,OAAO,cAAc,CAAC,KAAK,CAAC;QAC1B,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;QACvD,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAc,EAAE,KAAa;IACjE,SAAS,CAAC,KAAK,EAAE,oBAAoB,EAAE,KAAK,EAAE;QAC5C,QAAQ,EAAE,IAAI;QACd,GAAG,oBAAoB,CAAC,KAAK,CAAC;QAC9B,GAAG,iBAAiB,EAAE;QACtB,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,yBAAyB;KAClC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC/C,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAChD,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,CACL,IAAI,GAAG,CACL,mBAAmB,CAAC,KAAK,CAAC,EAC1B,6BAA6B,CAC9B,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,SAAS,CACzD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,KAAc;IAEd,MAAM,UAAU,GAAG;QACjB,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE;QAC7C,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;QAC/C,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;KACpE,CAAC;IACF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,SAAS;QAC3B,MAAM,aAAa,GAAG,yBAAyB,CAC7C,KAAK,EACL,QAAQ,CAAC,MAAM,CAAC,UAAU,CAC3B,CAAC;QACF,MAAM,sBAAsB,GAC1B,SAAS,CAAC,MAAM,KAAK,QAAQ,IAAI,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAChE,IAAI,CAAC,aAAa,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC9C,SAAS;QACX,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;YACpD,qBAAqB,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9C,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACjC,KAAK,EAAE,SAAS,CAAC,KAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACtC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAc;IACtD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;YAC1D,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAC;QAC3D,KAAK,MAAM,KAAK,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;YAChD,IACE,QAAQ,CAAC,EAAE;gBACX,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAC5D,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAc;IAC/C,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,OAAO,CACL,CAAC,CAAC,sBAAsB,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,sBAAsB,CAAC,KAAK,MAAM,CAC1E,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["import crypto from \"node:crypto\";\nimport type { H3Event } from \"h3\";\nimport {\n getCookie,\n getHeader,\n getQuery,\n setCookie,\n setResponseHeader,\n} from \"h3\";\nimport { getDbExec, intType } from \"../db/client.js\";\nimport { getWorkspaceA2ADerivedSecret } from \"./derived-secret.js\";\nimport { getConfiguredAppBasePath } from \"./app-base-path.js\";\nimport {\n EMBED_MODE_QUERY_PARAM,\n EMBED_SESSION_COOKIE,\n EMBED_TARGET_HEADER,\n EMBED_TOKEN_QUERY_PARAM,\n} from \"../shared/embed-auth.js\";\n\nconst TOKEN_KIND = \"agent-native-embed-session\";\nconst DEFAULT_TOKEN_TTL_SECONDS = 60 * 60;\nconst DEFAULT_TICKET_TTL_SECONDS = 5 * 60;\nconst CONTROL_CHARS = new RegExp(\"[\\\\u0000-\\\\u001f\\\\u007f]\");\nconst OPEN_ROUTE_PATH = \"/_agent-native/open\";\nconst OPEN_ROUTE_VIEW_PATHS: Record<string, string> = {\n ask: \"/\",\n calendar: \"/\",\n capture: \"/search\",\n knowledge: \"/knowledge\",\n list: \"/\",\n ops: \"/ops\",\n proposals: \"/review\",\n review: \"/review\",\n search: \"/search\",\n source: \"/sources\",\n sources: \"/sources\",\n settings: \"/settings\",\n};\nconst EMBED_ROUTE_ALIASES: Record<string, string[]> = {\n // Dispatch's app root redirects to /overview. A ticket minted for the root\n // should survive that first-hop redirect instead of falling back to the\n // private deployment token gate.\n \"/\": [\"/overview\"],\n \"/dashboard\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/dashboards\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/traffic\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/traffic-dashboard\": [\"/adhoc/agent-native-templates-first-party\"],\n};\n\nlet _initPromise: Promise<void> \| undefined;\nlet _devSigningKey: string \| undefined;\n\nexport interface EmbedSessionTicketInput {\n ownerEmail: string;\n orgId?: string \| null;\n targetPath: string;\n scope?: string \| null;\n ttlSeconds?: number;\n}\n\nexport interface EmbedSessionTicket {\n ticket: string;\n ticketHash: string;\n expiresAt: number;\n}\n\nexport interface ConsumeEmbedSessionTicketOptions {\n expectedOrgId?: string \| null;\n}\n\nexport interface ConsumedEmbedSessionTicket {\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n expiresAt: number;\n}\n\nexport interface EmbedSessionTokenClaims {\n kind: typeof TOKEN_KIND;\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n iat: number;\n exp: number;\n}\n\nexport type VerifyEmbedSessionTokenResult =\n \| { ok: true; claims: EmbedSessionTokenClaims }\n \| { ok: false; reason: string };\n\nexport type ResolvedEmbedSession = {\n email: string;\n orgId?: string;\n token: string;\n targetPath: string;\n scope?: string;\n};\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS agent_native_embed_tickets (\n ticket_hash TEXT PRIMARY KEY,\n owner_email TEXT NOT NULL,\n org_id TEXT,\n target_path TEXT NOT NULL,\n scope TEXT,\n created_at ${intType()} NOT NULL,\n expires_at ${intType()} NOT NULL,\n consumed_at ${intType()}\n )\n `);\n })().catch((err) => {\n _initPromise = undefined;\n throw err;\n });\n }\n return _initPromise;\n}\n\nfunction getSigningKey(): string {\n const secret =\n process.env.OAUTH_STATE_SECRET \|\|\n process.env.BETTER_AUTH_SECRET \|\|\n getWorkspaceA2ADerivedSecret(\"short-lived-token\");\n if (secret) return secret;\n\n if (process.env.NODE_ENV === \"production\") {\n throw new Error(\n \"Embed session signing requires a server secret. Set OAUTH_STATE_SECRET, BETTER_AUTH_SECRET, or A2A_SECRET in production workspace deploys.\",\n );\n }\n\n if (!_devSigningKey) {\n _devSigningKey = crypto.randomBytes(32).toString(\"hex\");\n }\n return _devSigningKey;\n}\n\nfunction base64UrlEncode(buf: Buffer \| string): string {\n const b = typeof buf === \"string\" ? Buffer.from(buf, \"utf8\") : buf;\n return b\n .toString(\"base64\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/g, \"\");\n}\n\nfunction base64UrlDecode(input: string): Buffer {\n const padded = input + \"=\".repeat((4 - (input.length % 4)) % 4);\n return Buffer.from(padded.replace(/-/g, \"+\").replace(/_/g, \"/\"), \"base64\");\n}\n\nfunction signPayload(payload: string): string {\n return base64UrlEncode(\n crypto.createHmac(\"sha256\", getSigningKey()).update(payload).digest(),\n );\n}\n\nfunction hashTicket(ticket: string): string {\n return crypto.createHash(\"sha256\").update(ticket).digest(\"hex\");\n}\n\nfunction numberOrNull(value: unknown): number \| null {\n if (value == null) return null;\n const n = Number(value);\n return Number.isFinite(n) ? n : null;\n}\n\nfunction stringOrUndefined(value: unknown): string \| undefined {\n return typeof value === \"string\" && value ? value : undefined;\n}\n\nfunction stripConfiguredBasePath(pathname: string): string {\n const base = getConfiguredAppBasePath();\n if (!base) return pathname;\n if (pathname === base) return \"/\";\n if (pathname.startsWith(`${base}/`))\n return pathname.slice(base.length) \|\| \"/\";\n return pathname;\n}\n\nfunction pathnameFromPath(path: string): string \| null {\n const normalized = normalizeEmbedTargetPath(path);\n if (!normalized) return null;\n try {\n return new URL(normalized, \"http://agent-native.invalid\").pathname;\n } catch {\n return null;\n }\n}\n\nfunction safePathSegment(value: string \| null \| undefined): string \| null {\n const segment = value?.trim();\n if (!segment \|\| CONTROL_CHARS.test(segment)) return null;\n if (segment === \".\" \|\| segment === \"..\") return null;\n if (\n segment.includes(\"/\") \|\|\n segment.includes(\"\\\\\") \|\|\n segment.includes(\"?\")\n ) {\n return null;\n }\n if (segment.includes(\"#\")) return null;\n return segment;\n}\n\nfunction addResolvedOpenRoutePath(\n targets: Set<string>,\n path: string \| null \| undefined,\n): void {\n if (!path) return;\n const pathname = pathnameFromPath(path);\n if (pathname) targets.add(pathname);\n}\n\nfunction openRouteTargetPathnames(targetPath: string): Set<string> {\n const targets = new Set<string>();\n let url: URL;\n try {\n url = new URL(targetPath, \"http://agent-native.invalid\");\n } catch {\n return targets;\n }\n if (stripConfiguredBasePath(url.pathname) !== OPEN_ROUTE_PATH) {\n return targets;\n }\n\n const to = normalizeEmbedTargetPath(url.searchParams.get(\"to\"));\n addResolvedOpenRoutePath(targets, to);\n\n const view = url.searchParams.get(\"view\")?.trim();\n if (!view \|\| CONTROL_CHARS.test(view)) return targets;\n const viewPath = view.startsWith(\"/\") ? view : `/${view}`;\n const viewPathname = pathnameFromPath(viewPath);\n addResolvedOpenRoutePath(targets, viewPathname);\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n\n const dashboardId = safePathSegment(url.searchParams.get(\"dashboardId\"));\n if (view === \"adhoc\" && dashboardId) {\n addResolvedOpenRoutePath(\n targets,\n `/adhoc/${encodeURIComponent(dashboardId)}`,\n );\n }\n const analysisId = safePathSegment(url.searchParams.get(\"analysisId\"));\n if (view === \"analyses\" && analysisId) {\n addResolvedOpenRoutePath(\n targets,\n `/analyses/${encodeURIComponent(analysisId)}`,\n );\n }\n const extensionId = safePathSegment(url.searchParams.get(\"extensionId\"));\n if (view === \"extensions\" && extensionId) {\n addResolvedOpenRoutePath(\n targets,\n `/extensions/${encodeURIComponent(extensionId)}`,\n );\n }\n const designId = safePathSegment(url.searchParams.get(\"designId\"));\n if (designId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/present/${encodeURIComponent(designId)}`\n : `/design/${encodeURIComponent(designId)}`,\n );\n }\n const documentId = safePathSegment(url.searchParams.get(\"documentId\"));\n if (documentId) {\n addResolvedOpenRoutePath(\n targets,\n `/page/${encodeURIComponent(documentId)}`,\n );\n }\n const deckId = safePathSegment(url.searchParams.get(\"deckId\"));\n if (deckId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/deck/${encodeURIComponent(deckId)}/present`\n : `/deck/${encodeURIComponent(deckId)}`,\n );\n }\n if (\n safePathSegment(url.searchParams.get(\"captureId\")) \|\|\n safePathSegment(url.searchParams.get(\"knowledgeId\")) \|\|\n safePathSegment(url.searchParams.get(\"sourceId\"))\n ) {\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n }\n if (\n view === \"calendar\" &&\n (safePathSegment(url.searchParams.get(\"eventId\")) \|\|\n safePathSegment(url.searchParams.get(\"eventDraftId\")))\n ) {\n addResolvedOpenRoutePath(targets, \"/\");\n }\n const threadId = safePathSegment(url.searchParams.get(\"threadId\"));\n if (viewPathname && threadId) {\n addResolvedOpenRoutePath(\n targets,\n `${viewPathname}/${encodeURIComponent(threadId)}`,\n );\n }\n\n return targets;\n}\n\nfunction allowedEmbedTargetPathnames(targetPath: string): Set<string> {\n const allowed = new Set<string>();\n const direct = pathnameFromPath(targetPath);\n if (direct) {\n allowed.add(direct);\n for (const aliasTarget of EMBED_ROUTE_ALIASES[direct] ?? []) {\n allowed.add(aliasTarget);\n }\n }\n for (const openTarget of openRouteTargetPathnames(targetPath)) {\n allowed.add(openTarget);\n }\n return allowed;\n}\n\nfunction requestUrlFromEvent(event: H3Event): string {\n const mountedPathname = (event as any).context?._mountedPathname;\n if (typeof mountedPathname === \"string\" && mountedPathname) {\n return `${mountedPathname}${(event as any).url?.search ?? \"\"}`;\n }\n return (\n (event as any).node?.req?.url ??\n ((event as any).req?.url as string \| undefined) ??\n ((event as any).request?.url as string \| undefined) ??\n (event as any).path ??\n (event as any).url?.toString?.() ??\n \"/\"\n );\n}\n\nfunction requestPathname(event: H3Event): string \| null {\n const raw = requestUrlFromEvent(event);\n try {\n const pathname = new URL(raw, \"http://agent-native.invalid\").pathname;\n return stripConfiguredBasePath(pathname);\n } catch {\n return null;\n }\n}\n\nfunction headerTargetPathname(event: H3Event): string \| null {\n const direct =\n (event as any).request?.headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER] ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER.toLowerCase()];\n if (typeof direct === \"string\") return pathnameFromPath(direct);\n try {\n const raw = getHeader(event, EMBED_TARGET_HEADER);\n return typeof raw === \"string\" ? pathnameFromPath(raw) : null;\n } catch {\n return null;\n }\n}\n\nfunction requestHost(event: H3Event): string \| null {\n const direct =\n (event as any).request?.headers?.get?.(\"host\") ??\n (event as any).headers?.get?.(\"host\") ??\n (event as any).node?.req?.headers?.host;\n if (typeof direct === \"string\" && direct.trim()) return direct.trim();\n try {\n return getHeader(event, \"host\") ?? null;\n } catch {\n return null;\n }\n}\n\nfunction referrerTargetPathname(event: H3Event): string \| null {\n let raw: string \| null =\n (event as any).request?.headers?.get?.(\"referer\") ??\n (event as any).request?.headers?.get?.(\"referrer\") ??\n (event as any).headers?.get?.(\"referer\") ??\n (event as any).headers?.get?.(\"referrer\") ??\n (event as any).node?.req?.headers?.referer ??\n (event as any).node?.req?.headers?.referrer ??\n null;\n try {\n raw = raw ?? getHeader(event, \"referer\") ?? getHeader(event, \"referrer\");\n } catch {\n raw = raw ?? null;\n }\n if (!raw) return null;\n try {\n const referrer = new URL(raw);\n const host = requestHost(event);\n if (host && referrer.host !== host) return null;\n return pathnameFromPath(`${referrer.pathname}${referrer.search}`);\n } catch {\n return pathnameFromPath(raw);\n }\n}\n\nexport function requestMatchesEmbedTarget(\n event: H3Event,\n targetPath: string,\n): boolean {\n const allowed = allowedEmbedTargetPathnames(targetPath);\n if (allowed.size === 0) return false;\n\n const current = requestPathname(event);\n if (current && allowed.has(current)) return true;\n\n const headerTarget = headerTargetPathname(event);\n if (headerTarget && allowed.has(headerTarget)) return true;\n\n const referrerTarget = referrerTargetPathname(event);\n return !!referrerTarget && allowed.has(referrerTarget);\n}\n\nfunction isEmbedRuntimeRequest(event: H3Event): boolean {\n const pathname = requestPathname(event);\n return (\n !!pathname &&\n (pathname === \"/api\" \|\|\n pathname.startsWith(\"/api/\") \|\|\n pathname === \"/_agent-native\" \|\|\n pathname.startsWith(\"/_agent-native/\"))\n );\n}\n\nexport function normalizeEmbedTargetPath(\n raw: string \| undefined \| null,\n requestOrigin?: string,\n): string \| null {\n const value = String(raw ?? \"\").trim();\n if (!value \|\| CONTROL_CHARS.test(value)) return null;\n\n let path = value;\n try {\n if (/^[a-z][a-z0-9+.-]:\\/\\//i.test(value)) {\n const parsed = new URL(value);\n if (requestOrigin) {\n const expected = new URL(requestOrigin);\n if (parsed.origin !== expected.origin) return null;\n }\n const base = getConfiguredAppBasePath();\n if (\n base &&\n parsed.pathname !== base &&\n !parsed.pathname.startsWith(`${base}/`)\n ) {\n return null;\n }\n path = `${parsed.pathname}${parsed.search}${parsed.hash}`;\n }\n } catch {\n return null;\n }\n\n if (!path.startsWith(\"/\")) path = `/${path}`;\n if (path.startsWith(\"//\") \|\| path.startsWith(\"/\\\\\")) return null;\n if (/^\\/[a-z][a-z0-9+.-]:/i.test(path)) return null;\n return stripConfiguredBasePath(path);\n}\n\nexport async function createEmbedSessionTicket(\n input: EmbedSessionTicketInput,\n): Promise<EmbedSessionTicket> {\n const ownerEmail = input.ownerEmail.trim();\n if (!ownerEmail) throw new Error(\"Embed session ticket requires ownerEmail.\");\n const targetPath = normalizeEmbedTargetPath(input.targetPath);\n if (!targetPath)\n throw new Error(\"Embed session ticket requires a safe path.\");\n\n await ensureTable();\n const ticket = crypto.randomBytes(32).toString(\"base64url\");\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const ttlSeconds = input.ttlSeconds ?? DEFAULT_TICKET_TTL_SECONDS;\n const expiresAt = now + Math.max(1, ttlSeconds) * 1000;\n await getDbExec().execute({\n sql:\n \"INSERT INTO agent_native_embed_tickets \" +\n \"(ticket_hash, owner_email, org_id, target_path, scope, created_at, expires_at, consumed_at) \" +\n \"VALUES (?, ?, ?, ?, ?, ?, ?, ?)\",\n args: [\n ticketHash,\n ownerEmail,\n input.orgId ?? null,\n targetPath,\n input.scope ?? null,\n now,\n expiresAt,\n null,\n ],\n });\n return { ticket, ticketHash, expiresAt };\n}\n\nexport async function consumeEmbedSessionTicket(\n ticket: string \| undefined \| null,\n options: ConsumeEmbedSessionTicketOptions = {},\n): Promise<ConsumedEmbedSessionTicket \| null> {\n if (!ticket) return null;\n await ensureTable();\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const { rows } = await getDbExec().execute({\n sql:\n \"SELECT ticket_hash, owner_email, org_id, target_path, scope, expires_at, consumed_at \" +\n \"FROM agent_native_embed_tickets WHERE ticket_hash = ?\",\n args: [ticketHash],\n });\n if (rows.length === 0) return null;\n const row: any = rows[0];\n const expiresAt = numberOrNull(row.expires_at ?? row.expiresAt);\n const consumedAt = numberOrNull(row.consumed_at ?? row.consumedAt);\n const orgId = stringOrUndefined(row.org_id ?? row.orgId);\n if (consumedAt != null) return null;\n if (expiresAt != null && expiresAt < now) return null;\n if (options.expectedOrgId && orgId && orgId !== options.expectedOrgId) {\n return null;\n }\n\n const result = await getDbExec().execute({\n sql:\n \"UPDATE agent_native_embed_tickets SET consumed_at = ? \" +\n \"WHERE ticket_hash = ? AND consumed_at IS NULL\",\n args: [now, ticketHash],\n });\n if (result.rowsAffected === 0) return null;\n\n const targetPath = normalizeEmbedTargetPath(\n stringOrUndefined(row.target_path ?? row.targetPath),\n );\n const ownerEmail = stringOrUndefined(row.owner_email ?? row.ownerEmail);\n if (!targetPath \|\| !ownerEmail \|\| expiresAt == null) return null;\n\n return {\n ownerEmail,\n ...(orgId ? { orgId } : {}),\n targetPath,\n ...(stringOrUndefined(row.scope)\n ? { scope: stringOrUndefined(row.scope) }\n : {}),\n expiresAt,\n };\n}\n\nexport function signEmbedSessionToken(input: {\n ownerEmail: string;\n orgId?: string \| null;\n targetPath: string;\n scope?: string \| null;\n ttlSeconds?: number;\n}): string {\n const targetPath = normalizeEmbedTargetPath(input.targetPath) ?? \"/\";\n const now = Math.floor(Date.now() / 1000);\n const ttl = Math.max(1, input.ttlSeconds ?? DEFAULT_TOKEN_TTL_SECONDS);\n const claims: EmbedSessionTokenClaims = {\n kind: TOKEN_KIND,\n ownerEmail: input.ownerEmail,\n targetPath,\n iat: now,\n exp: now + ttl,\n };\n if (input.orgId) claims.orgId = input.orgId;\n if (input.scope) claims.scope = input.scope;\n const payload = base64UrlEncode(JSON.stringify(claims));\n return `${payload}.${signPayload(payload)}`;\n}\n\nexport function verifyEmbedSessionToken(\n token: string \| undefined \| null,\n): VerifyEmbedSessionTokenResult {\n if (!token \|\| typeof token !== \"string\") {\n return { ok: false, reason: \"missing\" };\n }\n const parts = token.split(\".\");\n if (parts.length !== 2 \|\| !parts[0] \|\| !parts[1]) {\n return { ok: false, reason: \"shape\" };\n }\n const [payload, signature] = parts;\n const expected = signPayload(payload);\n const sig = Buffer.from(signature);\n const exp = Buffer.from(expected);\n if (sig.length !== exp.length \|\| !crypto.timingSafeEqual(sig, exp)) {\n return { ok: false, reason: \"signature\" };\n }\n\n let claims: EmbedSessionTokenClaims;\n try {\n claims = JSON.parse(base64UrlDecode(payload).toString(\"utf8\"));\n } catch {\n return { ok: false, reason: \"payload\" };\n }\n\n if (\n !claims \|\|\n claims.kind !== TOKEN_KIND \|\|\n typeof claims.ownerEmail !== \"string\" \|\|\n !claims.ownerEmail \|\|\n typeof claims.exp !== \"number\" \|\|\n !Number.isFinite(claims.exp)\n ) {\n return { ok: false, reason: \"claims\" };\n }\n if (claims.exp < Math.floor(Date.now() / 1000)) {\n return { ok: false, reason: \"expired\" };\n }\n claims.targetPath = normalizeEmbedTargetPath(claims.targetPath) ?? \"/\";\n return { ok: true, claims };\n}\n\nfunction isHttpsRequest(event: H3Event): boolean {\n try {\n const xfProto = getHeader(event, \"x-forwarded-proto\");\n if (xfProto && String(xfProto).split(\",\")[0].trim() === \"https\") {\n return true;\n }\n const url = event.url?.toString?.() ?? \"\";\n if (url.startsWith(\"https://\")) return true;\n const appUrl = process.env.APP_URL \|\| process.env.BETTER_AUTH_URL \|\| \"\";\n if (appUrl.startsWith(\"https://\")) return true;\n } catch {\n // ignore\n }\n return false;\n}\n\nfunction cookieDomainAttrs(): { domain?: string } {\n const domain = process.env.COOKIE_DOMAIN?.trim();\n return domain ? { domain } : {};\n}\n\nfunction crossSiteCookieAttrs(event: H3Event): {\n sameSite: \"lax\" \| \"none\";\n secure: boolean;\n partitioned?: boolean;\n} {\n return isHttpsRequest(event)\n ? { sameSite: \"none\", secure: true, partitioned: true }\n : { sameSite: \"lax\", secure: false };\n}\n\nexport function setEmbedSessionCookie(event: H3Event, token: string): void {\n setCookie(event, EMBED_SESSION_COOKIE, token, {\n httpOnly: true,\n ...crossSiteCookieAttrs(event),\n ...cookieDomainAttrs(),\n path: \"/\",\n maxAge: DEFAULT_TOKEN_TTL_SECONDS,\n });\n}\n\nfunction bearerToken(event: H3Event): string \| undefined {\n const auth = getHeader(event, \"authorization\");\n if (!auth) return undefined;\n const match = /^Bearer\\s+(.+)$/i.exec(String(auth).trim());\n return match?.[1]?.trim();\n}\n\nfunction queryToken(event: H3Event): string \| undefined {\n const raw = getQuery(event)?.[EMBED_TOKEN_QUERY_PARAM];\n const value = Array.isArray(raw) ? raw[0] : raw;\n if (value) return value;\n try {\n return (\n new URL(\n requestUrlFromEvent(event),\n \"http://agent-native.invalid\",\n ).searchParams.get(EMBED_TOKEN_QUERY_PARAM) ?? undefined\n );\n } catch {\n return undefined;\n }\n}\n\nexport async function resolveEmbedSessionFromRequest(\n event: H3Event,\n): Promise<ResolvedEmbedSession \| null> {\n const candidates = [\n { token: queryToken(event), source: \"query\" },\n { token: bearerToken(event), source: \"bearer\" },\n { token: getCookie(event, EMBED_SESSION_COOKIE), source: \"cookie\" },\n ];\n for (const candidate of candidates) {\n const verified = verifyEmbedSessionToken(candidate.token);\n if (!verified.ok) continue;\n const matchesTarget = requestMatchesEmbedTarget(\n event,\n verified.claims.targetPath,\n );\n const isRuntimeCookieRequest =\n candidate.source === \"cookie\" && isEmbedRuntimeRequest(event);\n if (!matchesTarget && !isRuntimeCookieRequest) {\n continue;\n }\n if (candidate.source === \"query\" && candidate.token) {\n setEmbedSessionCookie(event, candidate.token);\n setResponseHeader(event, \"Referrer-Policy\", \"no-referrer\");\n }\n return {\n email: verified.claims.ownerEmail,\n token: candidate.token!,\n targetPath: verified.claims.targetPath,\n ...(verified.claims.orgId ? { orgId: verified.claims.orgId } : {}),\n ...(verified.claims.scope ? { scope: verified.claims.scope } : {}),\n };\n }\n return null;\n}\n\nexport function requestHasEmbedAuthMarker(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n const queryToken = Array.isArray(q[EMBED_TOKEN_QUERY_PARAM])\n ? q[EMBED_TOKEN_QUERY_PARAM][0]\n : q[EMBED_TOKEN_QUERY_PARAM];\n const cookieToken = getCookie(event, EMBED_SESSION_COOKIE);\n for (const token of [queryToken, cookieToken]) {\n const verified = verifyEmbedSessionToken(token);\n if (\n verified.ok &&\n requestMatchesEmbedTarget(event, verified.claims.targetPath)\n ) {\n return true;\n }\n }\n } catch {\n // ignore\n }\n return false;\n}\n\nexport function isEmbedModeRequest(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n return (\n q[EMBED_MODE_QUERY_PARAM] === \"1\" \|\| q[EMBED_MODE_QUERY_PARAM] === \"true\"\n );\n } catch {\n return false;\n }\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agent-native/core",
-  "version": "0.22.36",
+  "version": "0.22.37",
   "type": "module",
   "description": "Framework for agent-native application development — where AI agents and UI share state via files",
   "license": "MIT",