@agent-native/core 0.30.5 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (259) hide show
  1. package/dist/a2a/client.d.ts +2 -0
  2. package/dist/a2a/client.d.ts.map +1 -1
  3. package/dist/a2a/client.js +6 -4
  4. package/dist/a2a/client.js.map +1 -1
  5. package/dist/a2a/handlers.d.ts.map +1 -1
  6. package/dist/a2a/handlers.js +3 -0
  7. package/dist/a2a/handlers.js.map +1 -1
  8. package/dist/a2a/server.d.ts.map +1 -1
  9. package/dist/a2a/server.js.map +1 -1
  10. package/dist/a2a/task-store.js.map +1 -1
  11. package/dist/agent/engine/anthropic-engine.d.ts.map +1 -1
  12. package/dist/agent/engine/anthropic-engine.js +0 -7
  13. package/dist/agent/engine/anthropic-engine.js.map +1 -1
  14. package/dist/agent/engine/registry.d.ts.map +1 -1
  15. package/dist/agent/engine/registry.js.map +1 -1
  16. package/dist/agent/engine/translate-ai-sdk.d.ts.map +1 -1
  17. package/dist/agent/engine/translate-ai-sdk.js +5 -3
  18. package/dist/agent/engine/translate-ai-sdk.js.map +1 -1
  19. package/dist/agent/production-agent.d.ts.map +1 -1
  20. package/dist/agent/production-agent.js +13 -3
  21. package/dist/agent/production-agent.js.map +1 -1
  22. package/dist/agent/run-manager.d.ts.map +1 -1
  23. package/dist/agent/run-manager.js +14 -6
  24. package/dist/agent/run-manager.js.map +1 -1
  25. package/dist/application-state/store.d.ts.map +1 -1
  26. package/dist/application-state/store.js.map +1 -1
  27. package/dist/brand-kit/brand-signals.d.ts +31 -0
  28. package/dist/brand-kit/brand-signals.d.ts.map +1 -0
  29. package/dist/brand-kit/brand-signals.js +101 -0
  30. package/dist/brand-kit/brand-signals.js.map +1 -0
  31. package/dist/brand-kit/index.d.ts +21 -0
  32. package/dist/brand-kit/index.d.ts.map +1 -0
  33. package/dist/brand-kit/index.js +34 -0
  34. package/dist/brand-kit/index.js.map +1 -0
  35. package/dist/brand-kit/types.d.ts +103 -0
  36. package/dist/brand-kit/types.d.ts.map +1 -0
  37. package/dist/brand-kit/types.js +17 -0
  38. package/dist/brand-kit/types.js.map +1 -0
  39. package/dist/cli/code-agent-executor.d.ts.map +1 -1
  40. package/dist/cli/code-agent-executor.js.map +1 -1
  41. package/dist/cli/create.d.ts.map +1 -1
  42. package/dist/cli/create.js +0 -1
  43. package/dist/cli/create.js.map +1 -1
  44. package/dist/client/AgentNative.js.map +1 -1
  45. package/dist/client/AgentPanel.d.ts.map +1 -1
  46. package/dist/client/AgentPanel.js +0 -2
  47. package/dist/client/AgentPanel.js.map +1 -1
  48. package/dist/client/AssistantChat.d.ts.map +1 -1
  49. package/dist/client/AssistantChat.js +81 -22
  50. package/dist/client/AssistantChat.js.map +1 -1
  51. package/dist/client/IframeEmbed.d.ts.map +1 -1
  52. package/dist/client/IframeEmbed.js.map +1 -1
  53. package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
  54. package/dist/client/MultiTabAssistantChat.js +1 -1
  55. package/dist/client/MultiTabAssistantChat.js.map +1 -1
  56. package/dist/client/RunStuckBanner.js.map +1 -1
  57. package/dist/client/agent-chat.d.ts.map +1 -1
  58. package/dist/client/agent-chat.js.map +1 -1
  59. package/dist/client/builder-mark.d.ts.map +1 -1
  60. package/dist/client/builder-mark.js.map +1 -1
  61. package/dist/client/components/MissingKeyCard.d.ts.map +1 -1
  62. package/dist/client/components/MissingKeyCard.js.map +1 -1
  63. package/dist/client/composer/PromptComposer.d.ts.map +1 -1
  64. package/dist/client/composer/PromptComposer.js +6 -3
  65. package/dist/client/composer/PromptComposer.js.map +1 -1
  66. package/dist/client/composer/TiptapComposer.d.ts.map +1 -1
  67. package/dist/client/composer/TiptapComposer.js +5 -0
  68. package/dist/client/composer/TiptapComposer.js.map +1 -1
  69. package/dist/client/composer/VoiceButton.d.ts.map +1 -1
  70. package/dist/client/composer/VoiceButton.js +9 -0
  71. package/dist/client/composer/VoiceButton.js.map +1 -1
  72. package/dist/client/composer/extensions/FileReference.d.ts.map +1 -1
  73. package/dist/client/composer/extensions/FileReference.js.map +1 -1
  74. package/dist/client/composer/extensions/MentionReference.d.ts.map +1 -1
  75. package/dist/client/composer/extensions/MentionReference.js.map +1 -1
  76. package/dist/client/composer/extensions/SkillReference.d.ts.map +1 -1
  77. package/dist/client/composer/extensions/SkillReference.js.map +1 -1
  78. package/dist/client/conversation/AgentConversation.js +8 -6
  79. package/dist/client/conversation/AgentConversation.js.map +1 -1
  80. package/dist/client/conversation/use-near-bottom-autoscroll.d.ts.map +1 -1
  81. package/dist/client/conversation/use-near-bottom-autoscroll.js +133 -35
  82. package/dist/client/conversation/use-near-bottom-autoscroll.js.map +1 -1
  83. package/dist/client/db-admin/DbAdminPage.js.map +1 -1
  84. package/dist/client/dev-overlay/DevOverlay.d.ts.map +1 -1
  85. package/dist/client/dev-overlay/DevOverlay.js +0 -1
  86. package/dist/client/dev-overlay/DevOverlay.js.map +1 -1
  87. package/dist/client/extensions/EmbeddedExtension.d.ts.map +1 -1
  88. package/dist/client/extensions/EmbeddedExtension.js +19 -0
  89. package/dist/client/extensions/EmbeddedExtension.js.map +1 -1
  90. package/dist/client/extensions/ExtensionViewer.d.ts.map +1 -1
  91. package/dist/client/extensions/ExtensionViewer.js +11 -3
  92. package/dist/client/extensions/ExtensionViewer.js.map +1 -1
  93. package/dist/client/integrations/IntegrationsPanel.d.ts.map +1 -1
  94. package/dist/client/integrations/IntegrationsPanel.js.map +1 -1
  95. package/dist/client/mcp-app-host.d.ts.map +1 -1
  96. package/dist/client/mcp-app-host.js +6 -1
  97. package/dist/client/mcp-app-host.js.map +1 -1
  98. package/dist/client/mcp-apps/McpAppRenderer.d.ts.map +1 -1
  99. package/dist/client/mcp-apps/McpAppRenderer.js +1 -1
  100. package/dist/client/mcp-apps/McpAppRenderer.js.map +1 -1
  101. package/dist/client/notifications/NotificationsBell.js.map +1 -1
  102. package/dist/client/onboarding/SetupButton.d.ts.map +1 -1
  103. package/dist/client/onboarding/SetupButton.js +6 -0
  104. package/dist/client/onboarding/SetupButton.js.map +1 -1
  105. package/dist/client/progress/RunsTray.js.map +1 -1
  106. package/dist/client/resources/McpServerDetail.d.ts.map +1 -1
  107. package/dist/client/resources/McpServerDetail.js.map +1 -1
  108. package/dist/client/settings/AgentsSection.d.ts.map +1 -1
  109. package/dist/client/settings/AgentsSection.js +1 -1
  110. package/dist/client/settings/AgentsSection.js.map +1 -1
  111. package/dist/client/settings/AutomationsSection.js.map +1 -1
  112. package/dist/client/sharing/ShareButton.d.ts.map +1 -1
  113. package/dist/client/sharing/ShareButton.js +0 -4
  114. package/dist/client/sharing/ShareButton.js.map +1 -1
  115. package/dist/client/terminal/AgentTerminal.d.ts.map +1 -1
  116. package/dist/client/terminal/AgentTerminal.js +1 -1
  117. package/dist/client/terminal/AgentTerminal.js.map +1 -1
  118. package/dist/client/use-agent-chat.d.ts.map +1 -1
  119. package/dist/client/use-agent-chat.js +20 -4
  120. package/dist/client/use-agent-chat.js.map +1 -1
  121. package/dist/client/use-chat-threads.d.ts.map +1 -1
  122. package/dist/client/use-chat-threads.js +39 -25
  123. package/dist/client/use-chat-threads.js.map +1 -1
  124. package/dist/client/use-db-sync.d.ts.map +1 -1
  125. package/dist/client/use-db-sync.js +8 -0
  126. package/dist/client/use-db-sync.js.map +1 -1
  127. package/dist/client/use-dev-mode.d.ts.map +1 -1
  128. package/dist/client/use-dev-mode.js +25 -9
  129. package/dist/client/use-dev-mode.js.map +1 -1
  130. package/dist/client/useProductionAgent.d.ts.map +1 -1
  131. package/dist/client/useProductionAgent.js +6 -2
  132. package/dist/client/useProductionAgent.js.map +1 -1
  133. package/dist/collab/agent-presence.d.ts.map +1 -1
  134. package/dist/collab/agent-presence.js +1 -1
  135. package/dist/collab/agent-presence.js.map +1 -1
  136. package/dist/collab/awareness.d.ts.map +1 -1
  137. package/dist/collab/awareness.js +8 -0
  138. package/dist/collab/awareness.js.map +1 -1
  139. package/dist/collab/client-struct.js.map +1 -1
  140. package/dist/deploy/build.js +0 -5
  141. package/dist/deploy/build.js.map +1 -1
  142. package/dist/extensions/fetch-tool.d.ts.map +1 -1
  143. package/dist/extensions/fetch-tool.js +4 -1
  144. package/dist/extensions/fetch-tool.js.map +1 -1
  145. package/dist/file-upload/actions/upload-image.d.ts.map +1 -1
  146. package/dist/file-upload/actions/upload-image.js +39 -4
  147. package/dist/file-upload/actions/upload-image.js.map +1 -1
  148. package/dist/integrations/adapters/slack.d.ts.map +1 -1
  149. package/dist/integrations/adapters/slack.js.map +1 -1
  150. package/dist/integrations/google-docs-poller.d.ts.map +1 -1
  151. package/dist/integrations/google-docs-poller.js +14 -1
  152. package/dist/integrations/google-docs-poller.js.map +1 -1
  153. package/dist/integrations/plugin.d.ts.map +1 -1
  154. package/dist/integrations/plugin.js.map +1 -1
  155. package/dist/integrations/webhook-handler.d.ts.map +1 -1
  156. package/dist/integrations/webhook-handler.js +10 -1
  157. package/dist/integrations/webhook-handler.js.map +1 -1
  158. package/dist/jobs/scheduler.d.ts.map +1 -1
  159. package/dist/jobs/scheduler.js.map +1 -1
  160. package/dist/mcp/build-server.d.ts.map +1 -1
  161. package/dist/mcp/build-server.js +28 -12
  162. package/dist/mcp/build-server.js.map +1 -1
  163. package/dist/mcp/connect-store.d.ts.map +1 -1
  164. package/dist/mcp/connect-store.js +1 -1
  165. package/dist/mcp/connect-store.js.map +1 -1
  166. package/dist/mcp-client/index.d.ts.map +1 -1
  167. package/dist/mcp-client/index.js +2 -3
  168. package/dist/mcp-client/index.js.map +1 -1
  169. package/dist/notifications/channels.d.ts.map +1 -1
  170. package/dist/notifications/channels.js +3 -2
  171. package/dist/notifications/channels.js.map +1 -1
  172. package/dist/oauth-tokens/store.js.map +1 -1
  173. package/dist/observability/evals.d.ts.map +1 -1
  174. package/dist/observability/evals.js +7 -7
  175. package/dist/observability/evals.js.map +1 -1
  176. package/dist/observability/traces.d.ts.map +1 -1
  177. package/dist/observability/traces.js +15 -5
  178. package/dist/observability/traces.js.map +1 -1
  179. package/dist/org/handlers.d.ts.map +1 -1
  180. package/dist/org/handlers.js +3 -2
  181. package/dist/org/handlers.js.map +1 -1
  182. package/dist/resources/handlers.d.ts +5 -5
  183. package/dist/resources/handlers.d.ts.map +1 -1
  184. package/dist/resources/handlers.js.map +1 -1
  185. package/dist/scripts/db/schema.js.map +1 -1
  186. package/dist/server/agent-chat-plugin.d.ts.map +1 -1
  187. package/dist/server/agent-chat-plugin.js +0 -6
  188. package/dist/server/agent-chat-plugin.js.map +1 -1
  189. package/dist/server/auth.d.ts.map +1 -1
  190. package/dist/server/auth.js.map +1 -1
  191. package/dist/server/better-auth-instance.d.ts.map +1 -1
  192. package/dist/server/better-auth-instance.js +0 -3
  193. package/dist/server/better-auth-instance.js.map +1 -1
  194. package/dist/server/core-routes-plugin.d.ts.map +1 -1
  195. package/dist/server/core-routes-plugin.js +1 -2
  196. package/dist/server/core-routes-plugin.js.map +1 -1
  197. package/dist/server/create-server.d.ts.map +1 -1
  198. package/dist/server/create-server.js +0 -23
  199. package/dist/server/create-server.js.map +1 -1
  200. package/dist/server/google-oauth.d.ts.map +1 -1
  201. package/dist/server/google-oauth.js +0 -3
  202. package/dist/server/google-oauth.js.map +1 -1
  203. package/dist/server/poll.d.ts.map +1 -1
  204. package/dist/server/poll.js +49 -18
  205. package/dist/server/poll.js.map +1 -1
  206. package/dist/settings/store.js.map +1 -1
  207. package/dist/sharing/access.d.ts.map +1 -1
  208. package/dist/sharing/access.js +25 -4
  209. package/dist/sharing/access.js.map +1 -1
  210. package/dist/triggers/dispatcher.d.ts.map +1 -1
  211. package/dist/triggers/dispatcher.js.map +1 -1
  212. package/dist/vite/client.d.ts.map +1 -1
  213. package/dist/vite/client.js +2 -0
  214. package/dist/vite/client.js.map +1 -1
  215. package/package.json +3 -2
  216. package/dist/client/conversation/AgentConversation.spec.d.ts +0 -2
  217. package/dist/client/conversation/AgentConversation.spec.d.ts.map +0 -1
  218. package/dist/client/conversation/AgentConversation.spec.js +0 -69
  219. package/dist/client/conversation/AgentConversation.spec.js.map +0 -1
  220. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.d.ts +0 -2
  221. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.d.ts.map +0 -1
  222. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.js +0 -110
  223. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.js.map +0 -1
  224. package/dist/client/extensions/AgentNativeExtensionFrame.spec.d.ts +0 -2
  225. package/dist/client/extensions/AgentNativeExtensionFrame.spec.d.ts.map +0 -1
  226. package/dist/client/extensions/AgentNativeExtensionFrame.spec.js +0 -68
  227. package/dist/client/extensions/AgentNativeExtensionFrame.spec.js.map +0 -1
  228. package/dist/client/extensions/ExtensionViewer.spec.d.ts +0 -2
  229. package/dist/client/extensions/ExtensionViewer.spec.d.ts.map +0 -1
  230. package/dist/client/extensions/ExtensionViewer.spec.js +0 -94
  231. package/dist/client/extensions/ExtensionViewer.spec.js.map +0 -1
  232. package/dist/client/guided-questions.flow.spec.d.ts +0 -2
  233. package/dist/client/guided-questions.flow.spec.d.ts.map +0 -1
  234. package/dist/client/guided-questions.flow.spec.js +0 -147
  235. package/dist/client/guided-questions.flow.spec.js.map +0 -1
  236. package/dist/client/settings/useBuilderStatus.spec.d.ts +0 -2
  237. package/dist/client/settings/useBuilderStatus.spec.d.ts.map +0 -1
  238. package/dist/client/settings/useBuilderStatus.spec.js +0 -487
  239. package/dist/client/settings/useBuilderStatus.spec.js.map +0 -1
  240. package/dist/client/sharing/ShareButton.spec.d.ts +0 -2
  241. package/dist/client/sharing/ShareButton.spec.d.ts.map +0 -1
  242. package/dist/client/sharing/ShareButton.spec.js +0 -196
  243. package/dist/client/sharing/ShareButton.spec.js.map +0 -1
  244. package/dist/client/use-chat-models.spec.d.ts +0 -2
  245. package/dist/client/use-chat-models.spec.d.ts.map +0 -1
  246. package/dist/client/use-chat-models.spec.js +0 -39
  247. package/dist/client/use-chat-models.spec.js.map +0 -1
  248. package/dist/client/use-chat-threads.spec.d.ts +0 -2
  249. package/dist/client/use-chat-threads.spec.d.ts.map +0 -1
  250. package/dist/client/use-chat-threads.spec.js +0 -760
  251. package/dist/client/use-chat-threads.spec.js.map +0 -1
  252. package/dist/client/use-db-sync.spec.d.ts +0 -2
  253. package/dist/client/use-db-sync.spec.d.ts.map +0 -1
  254. package/dist/client/use-db-sync.spec.js +0 -107
  255. package/dist/client/use-db-sync.spec.js.map +0 -1
  256. package/dist/server/script-discovery.d.ts +0 -6
  257. package/dist/server/script-discovery.d.ts.map +0 -1
  258. package/dist/server/script-discovery.js +0 -6
  259. package/dist/server/script-discovery.js.map +0 -1
package/dist/observability/traces.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"traces.d.ts","sourceRoot":"","sources":["../../src/observability/traces.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,EAA2B,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAiB/E;;;wEAGwE;AACxE,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAE7D;AAoBD,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAY3E;AAED,wBAAsB,mBAAmB,CAAC,IAAI,EAAE;IAC9C,YAAY,EAAE,CAAC,QAAQ,EAAE;QACvB,MAAM,EAAE,GAAG,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,YAAY,EAAE,MAAM,CAAC;QACrB,KAAK,EAAE,GAAG,EAAE,CAAC;QACb,QAAQ,EAAE,GAAG,EAAE,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC7B,IAAI,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,CAAC;QACtC,MAAM,EAAE,WAAW,CAAC;QACpB,eAAe,CAAC,EAAE,GAAG,CAAC;KACvB,KAAK,OAAO,CAAC,cAAc,CAAC,CAAC;IAC9B,QAAQ,EAAE;QACR,MAAM,EAAE,GAAG,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,YAAY,EAAE,MAAM,CAAC;QACrB,KAAK,EAAE,GAAG,EAAE,CAAC;QACb,QAAQ,EAAE,GAAG,EAAE,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC7B,IAAI,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,CAAC;QACtC,MAAM,EAAE,WAAW,CAAC;QACpB,eAAe,CAAC,EAAE,GAAG,CAAC;KACvB,CAAC;IACF,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB;;;iBAGa;IACb,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,mBAAmB,CAAC;CAC7B,GAAG,OAAO,CAAC,cAAc,CAAC,CAyL1B"}
1
+ {"version":3,"file":"traces.d.ts","sourceRoot":"","sources":["../../src/observability/traces.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,EAA2B,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAiB/E;;;wEAGwE;AACxE,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAE7D;AAoBD,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAY3E;AAED,wBAAsB,mBAAmB,CAAC,IAAI,EAAE;IAC9C,YAAY,EAAE,CAAC,QAAQ,EAAE;QACvB,MAAM,EAAE,GAAG,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,YAAY,EAAE,MAAM,CAAC;QACrB,KAAK,EAAE,GAAG,EAAE,CAAC;QACb,QAAQ,EAAE,GAAG,EAAE,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC7B,IAAI,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,CAAC;QACtC,MAAM,EAAE,WAAW,CAAC;QACpB,eAAe,CAAC,EAAE,GAAG,CAAC;KACvB,KAAK,OAAO,CAAC,cAAc,CAAC,CAAC;IAC9B,QAAQ,EAAE;QACR,MAAM,EAAE,GAAG,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,YAAY,EAAE,MAAM,CAAC;QACrB,KAAK,EAAE,GAAG,EAAE,CAAC;QACb,QAAQ,EAAE,GAAG,EAAE,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC7B,IAAI,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,CAAC;QACtC,MAAM,EAAE,WAAW,CAAC;QACpB,eAAe,CAAC,EAAE,GAAG,CAAC;KACvB,CAAC;IACF,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB;;;iBAGa;IACb,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,mBAAmB,CAAC;CAC7B,GAAG,OAAO,CAAC,cAAc,CAAC,CAiM1B"}
package/dist/observability/traces.js CHANGED
@@ -59,8 +59,12 @@ export async function instrumentAgentLoop(opts) {
59
59
  let toolInvocationCounter = 0;
60
60
  // Keyed by counter to handle concurrent calls to the same tool name
61
61
  const pendingTools = new Map();
62
- // Secondary index: tool name → latest invocation counter (for tool_done matching)
63
- const toolNameToCounter = new Map();
62
+ // Secondary index: tool name → FIFO queue of pending invocation counters.
63
+ // tool_start/tool_done events carry only the tool name (no call id), so to
64
+ // pair starts and dones correctly when the agent runs concurrent calls to the
65
+ // same tool name (read-only / parallelSafe batches via Promise.all), we keep a
66
+ // queue per name and match each done to the OLDEST still-pending start.
67
+ const toolNameToCounters = new Map();
64
68
  let toolCallCount = 0;
65
69
  let successfulTools = 0;
66
70
  let failedTools = 0;
@@ -75,14 +79,20 @@ export async function instrumentAgentLoop(opts) {
75
79
  toolName: event.tool,
76
80
  input: event.input,
77
81
  });
78
- toolNameToCounter.set(event.tool, counter);
82
+ const queue = toolNameToCounters.get(event.tool);
83
+ if (queue)
84
+ queue.push(counter);
85
+ else
86
+ toolNameToCounters.set(event.tool, [counter]);
79
87
  }
80
88
  else if (event.type === "tool_done") {
81
- const counter = toolNameToCounter.get(event.tool);
89
+ const queue = toolNameToCounters.get(event.tool);
90
+ const counter = queue?.shift();
82
91
  const pending = counter !== undefined ? pendingTools.get(counter) : undefined;
83
92
  if (counter !== undefined) {
84
93
  pendingTools.delete(counter);
85
- toolNameToCounter.delete(event.tool);
94
+ if (queue && queue.length === 0)
95
+ toolNameToCounters.delete(event.tool);
86
96
  }
87
97
  toolCallCount++;
88
98
  const isError = typeof event.result === "string" &&
package/dist/observability/traces.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"traces.js","sourceRoot":"","sources":["../../src/observability/traces.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,4BAA4B,EAAE,MAAM,YAAY,CAAC;AAE1D,SAAS,MAAM;IACb,OAAO,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AACxE,CAAC;AAED;;;;;;2BAM2B;AAC3B,MAAM,uBAAuB,GAC3B,uGAAuG,CAAC;AAE1G;;;wEAGwE;AACxE,MAAM,UAAU,qBAAqB,CAAC,KAAc;IAClD,OAAO,UAAU,CAAC,KAAK,EAAE,IAAI,OAAO,EAAU,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,UAAU,CAAC,KAAc,EAAE,IAAqB;IACvD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC9D,IAAI,IAAI,CAAC,GAAG,CAAC,KAAe,CAAC;QAAE,OAAO,YAAY,CAAC;IACnD,IAAI,CAAC,GAAG,CAAC,KAAe,CAAC,CAAC;IAC1B,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;IAC/C,CAAC;IACD,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;QACtE,IAAI,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACpC,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,IAAI,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,sBAAsB,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO;gBACL,GAAG,4BAA4B;gBAC/B,GAAG,MAAM;aACa,CAAC;QAC3B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IACV,OAAO,4BAA4B,CAAC;AACtC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,IA+BzC;IACC,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACzE,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC5B,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC;IAE9B,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,IAAI,qBAAqB,GAAG,CAAC,CAAC;IAC9B,oEAAoE;IACpE,MAAM,YAAY,GAAG,IAAI,GAAG,EAQzB,CAAC;IACJ,kFAAkF;IAClF,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEpD,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,MAAM,gBAAgB,GAAG,CAAC,KAAqB,EAAQ,EAAE;QACvD,IAAI,CAAC;YACH,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAChC,MAAM,OAAO,GAAG,qBAAqB,EAAE,CAAC;gBACxC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC;gBACrB,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE;oBACxB,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE;oBACnB,QAAQ,EAAE,KAAK,CAAC,IAAI;oBACpB,KAAK,EAAE,KAAK,CAAC,KAAK;iBACnB,CAAC,CAAC;gBACH,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC7C,CAAC;iBAAM,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;gBACtC,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAClD,MAAM,OAAO,GACX,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;gBAChE,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;oBAC1B,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;oBAC7B,iBAAiB,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACvC,CAAC;gBACD,aAAa,EAAE,CAAC;gBAEhB,MAAM,OAAO,GACX,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ;oBAChC,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;wBAC/B,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC;gBAC/C,IAAI,OAAO;oBAAE,WAAW,EAAE,CAAC;;oBACtB,eAAe,EAAE,CAAC;gBAEvB,MAAM,IAAI,GAAc;oBACtB,EAAE,EAAE,OAAO,EAAE,MAAM,IAAI,MAAM,EAAE;oBAC/B,KAAK;oBACL,QAAQ;oBACR,MAAM;oBACN,YAAY;oBACZ,QAAQ,EAAE,WAAW;oBACrB,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,WAAW,EAAE,CAAC;oBACd,YAAY,EAAE,CAAC;oBACf,eAAe,EAAE,CAAC;oBAClB,gBAAgB,EAAE,CAAC;oBACnB,aAAa,EAAE,CAAC;oBAChB,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;oBACtD,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;oBACrC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;oBAC3C,QAAQ,EACN,MAAM,CAAC,eAAe,IAAI,OAAO;wBAC/B,CAAC,CAAC,yDAAyD;4BACzD,sDAAsD;4BACtD,uDAAuD;4BACvD,oCAAoC;4BACpC;gCACE,KAAK,EAAE,qBAAqB,CAAC,OAAO,CAAC,KAAK,CAGzC;6BACF;wBACH,CAAC,CAAC,IAAI;oBACV,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC;gBACF,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC,CAAC;IAEF,IAAI,KAAiC,CAAC;IACtC,IAAI,SAAS,GAAwB,SAAS,CAAC;IAC/C,IAAI,YAAY,GAAkB,IAAI,CAAC;IACvC,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,YAAY,CAAC,EAAE,GAAG,QAAQ,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,SAAS,GAAG,OAAO,CAAC;QACpB,YAAY,GAAG,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;QAC3C,MAAM,GAAG,CAAC;IACZ,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC1B,MAAM,eAAe,GAAG,MAAM,GAAG,QAAQ,CAAC;QAE1C,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YAC5D,IAAI,KAAK,EAAE,CAAC;gBACV,aAAa,GAAG,aAAa,CAC3B,KAAK,CAAC,WAAW,EACjB,KAAK,CAAC,YAAY,EAClB,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,eAAe,EACrB,KAAK,CAAC,gBAAgB,CACvB,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,KAAK,EAAE,CAAC;YACV,YAAY,GAAG,CAAC,CAAC;YACjB,MAAM,OAAO,GAAc;gBACzB,EAAE,EAAE,MAAM,EAAE;gBACZ,KAAK;gBACL,QAAQ;gBACR,MAAM;gBACN,YAAY;gBACZ,QAAQ,EAAE,UAAU;gBACpB,IAAI,EAAE,KAAK,CAAC,KAAK;gBACjB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,eAAe,EAAE,KAAK,CAAC,eAAe;gBACtC,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;gBACxC,aAAa;gBACb,UAAU,EAAE,eAAe;gBAC3B,MAAM,EAAE,SAAS;gBACjB,YAAY;gBACZ,QAAQ,EAAE,IAAI;gBACd,SAAS,EAAE,QAAQ;aACpB,CAAC;YACF,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtB,CAAC;QAED,MAAM,UAAU,GAAc;YAC5B,EAAE,EAAE,YAAY;YAChB,KAAK;YACL,QAAQ;YACR,MAAM;YACN,YAAY,EAAE,IAAI;YAClB,QAAQ,EAAE,WAAW;YACrB,IAAI,EAAE,WAAW;YACjB,WAAW,EAAE,KAAK,EAAE,WAAW,IAAI,CAAC;YACpC,YAAY,EAAE,KAAK,EAAE,YAAY,IAAI,CAAC;YACtC,eAAe,EAAE,KAAK,EAAE,eAAe,IAAI,CAAC;YAC5C,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,IAAI,CAAC;YAC9C,aAAa;YACb,UAAU,EAAE,eAAe;YAC3B,MAAM,EAAE,SAAS;YACjB,YAAY;YACZ,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,QAAQ;SACpB,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEvB,MAAM,OAAO,GAAiB;YAC5B,KAAK;YACL,QAAQ;YACR,MAAM;YACN,UAAU,EAAE,KAAK,CAAC,MAAM;YACxB,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,aAAa;YACxB,eAAe;YACf,WAAW;YACX,eAAe;YACf,kBAAkB,EAAE,aAAa;YACjC,gBAAgB,EAAE,KAAK,EAAE,WAAW,IAAI,CAAC;YACzC,iBAAiB,EAAE,KAAK,EAAE,YAAY,IAAI,CAAC;YAC3C,KAAK,EAAE,KAAK,EAAE,KAAK,IAAI,QAAQ,CAAC,KAAK;YACrC,SAAS,EAAE,QAAQ;SACpB,CAAC;QAEF,cAAc,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,KAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,KAAkB,EAClB,OAAqB,EACrB,KAAa,EACb,MAA2B;IAE3B,MAAM,EAAE,eAAe,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IAC3E,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACxE,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAElD,qDAAqD;IACrD,IAAI,CAAC;QACH,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,WAAW,CAAC,KAAK,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;AACZ,CAAC","sourcesContent":["import type { AgentChatEvent } from \"../agent/types.js\";\nimport type { AgentLoopUsage } from \"../agent/production-agent.js\";\nimport type { TraceSpan, TraceSummary, ObservabilityConfig } from \"./types.js\";\nimport { DEFAULT_OBSERVABILITY_CONFIG } from \"./types.js\";\n\nfunction spanId(): string {\n return `span-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n}\n\n/** Keys whose values are stripped from persisted tool inputs when\n * `captureToolArgs` is enabled. Matched case-insensitively and tolerant\n * of `_` / `-` separators. M14 in the MCP/A2A audit: tool calls\n * routinely receive credentials verbatim (db-exec INSERTs, fetchTool\n * Authorization headers, ad-hoc bearer tokens) — keeping those values\n * out of agent_trace_spans.metadata avoids long-term storage of\n * short-lived secrets. */\nconst SENSITIVE_FIELD_PATTERN =\n /^(authorization|cookie|api[_-]?key|password|secret|token|access[_-]?token|refresh[_-]?token|bearer)$/i;\n\n/** Recursively walk a structured value and replace sensitive field\n * values with the literal string \"[REDACTED]\". Pure (returns a copy);\n * the original input is never mutated. Cycles are tolerated via a\n * small WeakSet seen-tracker that returns \"[Circular]\" for repeats. */\nexport function redactSensitiveFields(value: unknown): unknown {\n return redactWalk(value, new WeakSet<object>());\n}\n\nfunction redactWalk(value: unknown, seen: WeakSet<object>): unknown {\n if (value === null || typeof value !== \"object\") return value;\n if (seen.has(value as object)) return \"[Circular]\";\n seen.add(value as object);\n if (Array.isArray(value)) {\n return value.map((v) => redactWalk(v, seen));\n }\n const out: Record<string, unknown> = {};\n for (const [k, v] of Object.entries(value as Record<string, unknown>)) {\n if (SENSITIVE_FIELD_PATTERN.test(k)) {\n out[k] = \"[REDACTED]\";\n } else {\n out[k] = redactWalk(v, seen);\n }\n }\n return out;\n}\n\nexport async function getObservabilityConfig(): Promise<ObservabilityConfig> {\n try {\n const { getSetting } = await import(\"../settings/store.js\");\n const stored = await getSetting(\"observability-config\");\n if (stored) {\n return {\n ...DEFAULT_OBSERVABILITY_CONFIG,\n ...stored,\n } as ObservabilityConfig;\n }\n } catch {}\n return DEFAULT_OBSERVABILITY_CONFIG;\n}\n\nexport async function instrumentAgentLoop(opts: {\n runAgentLoop: (loopOpts: {\n engine: any;\n model: string;\n systemPrompt: string;\n tools: any[];\n messages: any[];\n actions: Record<string, any>;\n send: (event: AgentChatEvent) => void;\n signal: AbortSignal;\n providerOptions?: any;\n }) => Promise<AgentLoopUsage>;\n loopOpts: {\n engine: any;\n model: string;\n systemPrompt: string;\n tools: any[];\n messages: any[];\n actions: Record<string, any>;\n send: (event: AgentChatEvent) => void;\n signal: AbortSignal;\n providerOptions?: any;\n };\n runId: string;\n threadId: string | null;\n /** Owner of this run; persisted on every span + summary so dashboard\n * reads can filter to a single user. Null for unauthenticated callers\n * (background tasks, etc.) — those rows aren't returned by per-user\n * reads. */\n userId: string | null;\n config: ObservabilityConfig;\n}): Promise<AgentLoopUsage> {\n const { runAgentLoop, loopOpts, runId, threadId, userId, config } = opts;\n const runStart = Date.now();\n const parentSpanId = spanId();\n\n const spans: TraceSpan[] = [];\n let toolInvocationCounter = 0;\n // Keyed by counter to handle concurrent calls to the same tool name\n const pendingTools = new Map<\n number,\n {\n spanId: string;\n startMs: number;\n toolName: string;\n input: Record<string, string>;\n }\n >();\n // Secondary index: tool name → latest invocation counter (for tool_done matching)\n const toolNameToCounter = new Map<string, number>();\n\n let toolCallCount = 0;\n let successfulTools = 0;\n let failedTools = 0;\n\n const instrumentedSend = (event: AgentChatEvent): void => {\n try {\n if (event.type === \"tool_start\") {\n const counter = toolInvocationCounter++;\n const sid = spanId();\n pendingTools.set(counter, {\n spanId: sid,\n startMs: Date.now(),\n toolName: event.tool,\n input: event.input,\n });\n toolNameToCounter.set(event.tool, counter);\n } else if (event.type === \"tool_done\") {\n const counter = toolNameToCounter.get(event.tool);\n const pending =\n counter !== undefined ? pendingTools.get(counter) : undefined;\n if (counter !== undefined) {\n pendingTools.delete(counter);\n toolNameToCounter.delete(event.tool);\n }\n toolCallCount++;\n\n const isError =\n typeof event.result === \"string\" &&\n (event.result.startsWith(\"Error\") ||\n event.result.startsWith(\"Error running \"));\n if (isError) failedTools++;\n else successfulTools++;\n\n const span: TraceSpan = {\n id: pending?.spanId ?? spanId(),\n runId,\n threadId,\n userId,\n parentSpanId,\n spanType: \"tool_call\",\n name: event.tool,\n inputTokens: 0,\n outputTokens: 0,\n cacheReadTokens: 0,\n cacheWriteTokens: 0,\n costCentsX100: 0,\n durationMs: pending ? Date.now() - pending.startMs : 0,\n status: isError ? \"error\" : \"success\",\n errorMessage: isError ? event.result : null,\n metadata:\n config.captureToolArgs && pending\n ? // Strip Authorization/api-key/token-shaped values before\n // persisting (M14 in the MCP/A2A audit). Tool-runtime\n // execution still sees the unredacted input — only the\n // long-lived span row is sanitized.\n {\n input: redactSensitiveFields(pending.input) as Record<\n string,\n string\n >,\n }\n : null,\n createdAt: Date.now(),\n };\n spans.push(span);\n }\n } catch {}\n\n loopOpts.send(event);\n };\n\n let usage: AgentLoopUsage | undefined;\n let runStatus: \"success\" | \"error\" = \"success\";\n let errorMessage: string | null = null;\n try {\n usage = await runAgentLoop({ ...loopOpts, send: instrumentedSend });\n } catch (err: any) {\n runStatus = \"error\";\n errorMessage = err?.message ?? String(err);\n throw err;\n } finally {\n const runEnd = Date.now();\n const totalDurationMs = runEnd - runStart;\n\n let costCentsX100 = 0;\n try {\n const { calculateCost } = await import(\"../usage/store.js\");\n if (usage) {\n costCentsX100 = calculateCost(\n usage.inputTokens,\n usage.outputTokens,\n usage.model,\n usage.cacheReadTokens,\n usage.cacheWriteTokens,\n );\n }\n } catch {}\n\n let llmCallCount = 0;\n if (usage) {\n llmCallCount = 1;\n const llmSpan: TraceSpan = {\n id: spanId(),\n runId,\n threadId,\n userId,\n parentSpanId,\n spanType: \"llm_call\",\n name: usage.model,\n inputTokens: usage.inputTokens,\n outputTokens: usage.outputTokens,\n cacheReadTokens: usage.cacheReadTokens,\n cacheWriteTokens: usage.cacheWriteTokens,\n costCentsX100,\n durationMs: totalDurationMs,\n status: runStatus,\n errorMessage,\n metadata: null,\n createdAt: runStart,\n };\n spans.push(llmSpan);\n }\n\n const parentSpan: TraceSpan = {\n id: parentSpanId,\n runId,\n threadId,\n userId,\n parentSpanId: null,\n spanType: \"agent_run\",\n name: \"agent_run\",\n inputTokens: usage?.inputTokens ?? 0,\n outputTokens: usage?.outputTokens ?? 0,\n cacheReadTokens: usage?.cacheReadTokens ?? 0,\n cacheWriteTokens: usage?.cacheWriteTokens ?? 0,\n costCentsX100,\n durationMs: totalDurationMs,\n status: runStatus,\n errorMessage,\n metadata: null,\n createdAt: runStart,\n };\n spans.push(parentSpan);\n\n const summary: TraceSummary = {\n runId,\n threadId,\n userId,\n totalSpans: spans.length,\n llmCalls: llmCallCount,\n toolCalls: toolCallCount,\n successfulTools,\n failedTools,\n totalDurationMs,\n totalCostCentsX100: costCentsX100,\n totalInputTokens: usage?.inputTokens ?? 0,\n totalOutputTokens: usage?.outputTokens ?? 0,\n model: usage?.model ?? loopOpts.model,\n createdAt: runStart,\n };\n\n writeTraceData(spans, summary, runId, config).catch(() => {});\n }\n\n return usage!;\n}\n\nasync function writeTraceData(\n spans: TraceSpan[],\n summary: TraceSummary,\n runId: string,\n config: ObservabilityConfig,\n): Promise<void> {\n const { insertTraceSpan, upsertTraceSummary } = await import(\"./store.js\");\n await Promise.all(spans.map((s) => insertTraceSpan(s).catch(() => {})));\n await upsertTraceSummary(summary).catch(() => {});\n\n // Fire automated evals after trace data is persisted\n try {\n const { evaluateRun } = await import(\"./evals.js\");\n await evaluateRun(runId, { sampleRate: config.evalSampleRate });\n } catch {}\n}\n"]}
1
+ {"version":3,"file":"traces.js","sourceRoot":"","sources":["../../src/observability/traces.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,4BAA4B,EAAE,MAAM,YAAY,CAAC;AAE1D,SAAS,MAAM;IACb,OAAO,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AACxE,CAAC;AAED;;;;;;2BAM2B;AAC3B,MAAM,uBAAuB,GAC3B,uGAAuG,CAAC;AAE1G;;;wEAGwE;AACxE,MAAM,UAAU,qBAAqB,CAAC,KAAc;IAClD,OAAO,UAAU,CAAC,KAAK,EAAE,IAAI,OAAO,EAAU,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,UAAU,CAAC,KAAc,EAAE,IAAqB;IACvD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC9D,IAAI,IAAI,CAAC,GAAG,CAAC,KAAe,CAAC;QAAE,OAAO,YAAY,CAAC;IACnD,IAAI,CAAC,GAAG,CAAC,KAAe,CAAC,CAAC;IAC1B,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;IAC/C,CAAC;IACD,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;QACtE,IAAI,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACpC,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,IAAI,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,sBAAsB,CAAC,CAAC;QACxD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO;gBACL,GAAG,4BAA4B;gBAC/B,GAAG,MAAM;aACa,CAAC;QAC3B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IACV,OAAO,4BAA4B,CAAC;AACtC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,IA+BzC;IACC,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACzE,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC5B,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC;IAE9B,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,IAAI,qBAAqB,GAAG,CAAC,CAAC;IAC9B,oEAAoE;IACpE,MAAM,YAAY,GAAG,IAAI,GAAG,EAQzB,CAAC;IACJ,0EAA0E;IAC1E,2EAA2E;IAC3E,8EAA8E;IAC9E,+EAA+E;IAC/E,wEAAwE;IACxE,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAoB,CAAC;IAEvD,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,MAAM,gBAAgB,GAAG,CAAC,KAAqB,EAAQ,EAAE;QACvD,IAAI,CAAC;YACH,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAChC,MAAM,OAAO,GAAG,qBAAqB,EAAE,CAAC;gBACxC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC;gBACrB,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE;oBACxB,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE;oBACnB,QAAQ,EAAE,KAAK,CAAC,IAAI;oBACpB,KAAK,EAAE,KAAK,CAAC,KAAK;iBACnB,CAAC,CAAC;gBACH,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACjD,IAAI,KAAK;oBAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;;oBAC1B,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;YACrD,CAAC;iBAAM,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;gBACtC,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,KAAK,EAAE,KAAK,EAAE,CAAC;gBAC/B,MAAM,OAAO,GACX,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;gBAChE,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;oBAC1B,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;oBAC7B,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;wBAC7B,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC1C,CAAC;gBACD,aAAa,EAAE,CAAC;gBAEhB,MAAM,OAAO,GACX,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ;oBAChC,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;wBAC/B,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC;gBAC/C,IAAI,OAAO;oBAAE,WAAW,EAAE,CAAC;;oBACtB,eAAe,EAAE,CAAC;gBAEvB,MAAM,IAAI,GAAc;oBACtB,EAAE,EAAE,OAAO,EAAE,MAAM,IAAI,MAAM,EAAE;oBAC/B,KAAK;oBACL,QAAQ;oBACR,MAAM;oBACN,YAAY;oBACZ,QAAQ,EAAE,WAAW;oBACrB,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,WAAW,EAAE,CAAC;oBACd,YAAY,EAAE,CAAC;oBACf,eAAe,EAAE,CAAC;oBAClB,gBAAgB,EAAE,CAAC;oBACnB,aAAa,EAAE,CAAC;oBAChB,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;oBACtD,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;oBACrC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;oBAC3C,QAAQ,EACN,MAAM,CAAC,eAAe,IAAI,OAAO;wBAC/B,CAAC,CAAC,yDAAyD;4BACzD,sDAAsD;4BACtD,uDAAuD;4BACvD,oCAAoC;4BACpC;gCACE,KAAK,EAAE,qBAAqB,CAAC,OAAO,CAAC,KAAK,CAGzC;6BACF;wBACH,CAAC,CAAC,IAAI;oBACV,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC;gBACF,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC,CAAC;IAEF,IAAI,KAAiC,CAAC;IACtC,IAAI,SAAS,GAAwB,SAAS,CAAC;IAC/C,IAAI,YAAY,GAAkB,IAAI,CAAC;IACvC,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,YAAY,CAAC,EAAE,GAAG,QAAQ,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,SAAS,GAAG,OAAO,CAAC;QACpB,YAAY,GAAG,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;QAC3C,MAAM,GAAG,CAAC;IACZ,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC1B,MAAM,eAAe,GAAG,MAAM,GAAG,QAAQ,CAAC;QAE1C,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YAC5D,IAAI,KAAK,EAAE,CAAC;gBACV,aAAa,GAAG,aAAa,CAC3B,KAAK,CAAC,WAAW,EACjB,KAAK,CAAC,YAAY,EAClB,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,eAAe,EACrB,KAAK,CAAC,gBAAgB,CACvB,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,KAAK,EAAE,CAAC;YACV,YAAY,GAAG,CAAC,CAAC;YACjB,MAAM,OAAO,GAAc;gBACzB,EAAE,EAAE,MAAM,EAAE;gBACZ,KAAK;gBACL,QAAQ;gBACR,MAAM;gBACN,YAAY;gBACZ,QAAQ,EAAE,UAAU;gBACpB,IAAI,EAAE,KAAK,CAAC,KAAK;gBACjB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,eAAe,EAAE,KAAK,CAAC,eAAe;gBACtC,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;gBACxC,aAAa;gBACb,UAAU,EAAE,eAAe;gBAC3B,MAAM,EAAE,SAAS;gBACjB,YAAY;gBACZ,QAAQ,EAAE,IAAI;gBACd,SAAS,EAAE,QAAQ;aACpB,CAAC;YACF,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtB,CAAC;QAED,MAAM,UAAU,GAAc;YAC5B,EAAE,EAAE,YAAY;YAChB,KAAK;YACL,QAAQ;YACR,MAAM;YACN,YAAY,EAAE,IAAI;YAClB,QAAQ,EAAE,WAAW;YACrB,IAAI,EAAE,WAAW;YACjB,WAAW,EAAE,KAAK,EAAE,WAAW,IAAI,CAAC;YACpC,YAAY,EAAE,KAAK,EAAE,YAAY,IAAI,CAAC;YACtC,eAAe,EAAE,KAAK,EAAE,eAAe,IAAI,CAAC;YAC5C,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,IAAI,CAAC;YAC9C,aAAa;YACb,UAAU,EAAE,eAAe;YAC3B,MAAM,EAAE,SAAS;YACjB,YAAY;YACZ,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,QAAQ;SACpB,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEvB,MAAM,OAAO,GAAiB;YAC5B,KAAK;YACL,QAAQ;YACR,MAAM;YACN,UAAU,EAAE,KAAK,CAAC,MAAM;YACxB,QAAQ,EAAE,YAAY;YACtB,SAAS,EAAE,aAAa;YACxB,eAAe;YACf,WAAW;YACX,eAAe;YACf,kBAAkB,EAAE,aAAa;YACjC,gBAAgB,EAAE,KAAK,EAAE,WAAW,IAAI,CAAC;YACzC,iBAAiB,EAAE,KAAK,EAAE,YAAY,IAAI,CAAC;YAC3C,KAAK,EAAE,KAAK,EAAE,KAAK,IAAI,QAAQ,CAAC,KAAK;YACrC,SAAS,EAAE,QAAQ;SACpB,CAAC;QAEF,cAAc,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,KAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,KAAkB,EAClB,OAAqB,EACrB,KAAa,EACb,MAA2B;IAE3B,MAAM,EAAE,eAAe,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IAC3E,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACxE,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAElD,qDAAqD;IACrD,IAAI,CAAC;QACH,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,WAAW,CAAC,KAAK,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;AACZ,CAAC","sourcesContent":["import type { AgentChatEvent } from \"../agent/types.js\";\nimport type { AgentLoopUsage } from \"../agent/production-agent.js\";\nimport type { TraceSpan, TraceSummary, ObservabilityConfig } from \"./types.js\";\nimport { DEFAULT_OBSERVABILITY_CONFIG } from \"./types.js\";\n\nfunction spanId(): string {\n return `span-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n}\n\n/** Keys whose values are stripped from persisted tool inputs when\n * `captureToolArgs` is enabled. Matched case-insensitively and tolerant\n * of `_` / `-` separators. M14 in the MCP/A2A audit: tool calls\n * routinely receive credentials verbatim (db-exec INSERTs, fetchTool\n * Authorization headers, ad-hoc bearer tokens) — keeping those values\n * out of agent_trace_spans.metadata avoids long-term storage of\n * short-lived secrets. */\nconst SENSITIVE_FIELD_PATTERN =\n /^(authorization|cookie|api[_-]?key|password|secret|token|access[_-]?token|refresh[_-]?token|bearer)$/i;\n\n/** Recursively walk a structured value and replace sensitive field\n * values with the literal string \"[REDACTED]\". Pure (returns a copy);\n * the original input is never mutated. Cycles are tolerated via a\n * small WeakSet seen-tracker that returns \"[Circular]\" for repeats. */\nexport function redactSensitiveFields(value: unknown): unknown {\n return redactWalk(value, new WeakSet<object>());\n}\n\nfunction redactWalk(value: unknown, seen: WeakSet<object>): unknown {\n if (value === null || typeof value !== \"object\") return value;\n if (seen.has(value as object)) return \"[Circular]\";\n seen.add(value as object);\n if (Array.isArray(value)) {\n return value.map((v) => redactWalk(v, seen));\n }\n const out: Record<string, unknown> = {};\n for (const [k, v] of Object.entries(value as Record<string, unknown>)) {\n if (SENSITIVE_FIELD_PATTERN.test(k)) {\n out[k] = \"[REDACTED]\";\n } else {\n out[k] = redactWalk(v, seen);\n }\n }\n return out;\n}\n\nexport async function getObservabilityConfig(): Promise<ObservabilityConfig> {\n try {\n const { getSetting } = await import(\"../settings/store.js\");\n const stored = await getSetting(\"observability-config\");\n if (stored) {\n return {\n ...DEFAULT_OBSERVABILITY_CONFIG,\n ...stored,\n } as ObservabilityConfig;\n }\n } catch {}\n return DEFAULT_OBSERVABILITY_CONFIG;\n}\n\nexport async function instrumentAgentLoop(opts: {\n runAgentLoop: (loopOpts: {\n engine: any;\n model: string;\n systemPrompt: string;\n tools: any[];\n messages: any[];\n actions: Record<string, any>;\n send: (event: AgentChatEvent) => void;\n signal: AbortSignal;\n providerOptions?: any;\n }) => Promise<AgentLoopUsage>;\n loopOpts: {\n engine: any;\n model: string;\n systemPrompt: string;\n tools: any[];\n messages: any[];\n actions: Record<string, any>;\n send: (event: AgentChatEvent) => void;\n signal: AbortSignal;\n providerOptions?: any;\n };\n runId: string;\n threadId: string | null;\n /** Owner of this run; persisted on every span + summary so dashboard\n * reads can filter to a single user. Null for unauthenticated callers\n * (background tasks, etc.) — those rows aren't returned by per-user\n * reads. */\n userId: string | null;\n config: ObservabilityConfig;\n}): Promise<AgentLoopUsage> {\n const { runAgentLoop, loopOpts, runId, threadId, userId, config } = opts;\n const runStart = Date.now();\n const parentSpanId = spanId();\n\n const spans: TraceSpan[] = [];\n let toolInvocationCounter = 0;\n // Keyed by counter to handle concurrent calls to the same tool name\n const pendingTools = new Map<\n number,\n {\n spanId: string;\n startMs: number;\n toolName: string;\n input: Record<string, string>;\n }\n >();\n // Secondary index: tool name → FIFO queue of pending invocation counters.\n // tool_start/tool_done events carry only the tool name (no call id), so to\n // pair starts and dones correctly when the agent runs concurrent calls to the\n // same tool name (read-only / parallelSafe batches via Promise.all), we keep a\n // queue per name and match each done to the OLDEST still-pending start.\n const toolNameToCounters = new Map<string, number[]>();\n\n let toolCallCount = 0;\n let successfulTools = 0;\n let failedTools = 0;\n\n const instrumentedSend = (event: AgentChatEvent): void => {\n try {\n if (event.type === \"tool_start\") {\n const counter = toolInvocationCounter++;\n const sid = spanId();\n pendingTools.set(counter, {\n spanId: sid,\n startMs: Date.now(),\n toolName: event.tool,\n input: event.input,\n });\n const queue = toolNameToCounters.get(event.tool);\n if (queue) queue.push(counter);\n else toolNameToCounters.set(event.tool, [counter]);\n } else if (event.type === \"tool_done\") {\n const queue = toolNameToCounters.get(event.tool);\n const counter = queue?.shift();\n const pending =\n counter !== undefined ? pendingTools.get(counter) : undefined;\n if (counter !== undefined) {\n pendingTools.delete(counter);\n if (queue && queue.length === 0)\n toolNameToCounters.delete(event.tool);\n }\n toolCallCount++;\n\n const isError =\n typeof event.result === \"string\" &&\n (event.result.startsWith(\"Error\") ||\n event.result.startsWith(\"Error running \"));\n if (isError) failedTools++;\n else successfulTools++;\n\n const span: TraceSpan = {\n id: pending?.spanId ?? spanId(),\n runId,\n threadId,\n userId,\n parentSpanId,\n spanType: \"tool_call\",\n name: event.tool,\n inputTokens: 0,\n outputTokens: 0,\n cacheReadTokens: 0,\n cacheWriteTokens: 0,\n costCentsX100: 0,\n durationMs: pending ? Date.now() - pending.startMs : 0,\n status: isError ? \"error\" : \"success\",\n errorMessage: isError ? event.result : null,\n metadata:\n config.captureToolArgs && pending\n ? // Strip Authorization/api-key/token-shaped values before\n // persisting (M14 in the MCP/A2A audit). Tool-runtime\n // execution still sees the unredacted input — only the\n // long-lived span row is sanitized.\n {\n input: redactSensitiveFields(pending.input) as Record<\n string,\n string\n >,\n }\n : null,\n createdAt: Date.now(),\n };\n spans.push(span);\n }\n } catch {}\n\n loopOpts.send(event);\n };\n\n let usage: AgentLoopUsage | undefined;\n let runStatus: \"success\" | \"error\" = \"success\";\n let errorMessage: string | null = null;\n try {\n usage = await runAgentLoop({ ...loopOpts, send: instrumentedSend });\n } catch (err: any) {\n runStatus = \"error\";\n errorMessage = err?.message ?? String(err);\n throw err;\n } finally {\n const runEnd = Date.now();\n const totalDurationMs = runEnd - runStart;\n\n let costCentsX100 = 0;\n try {\n const { calculateCost } = await import(\"../usage/store.js\");\n if (usage) {\n costCentsX100 = calculateCost(\n usage.inputTokens,\n usage.outputTokens,\n usage.model,\n usage.cacheReadTokens,\n usage.cacheWriteTokens,\n );\n }\n } catch {}\n\n let llmCallCount = 0;\n if (usage) {\n llmCallCount = 1;\n const llmSpan: TraceSpan = {\n id: spanId(),\n runId,\n threadId,\n userId,\n parentSpanId,\n spanType: \"llm_call\",\n name: usage.model,\n inputTokens: usage.inputTokens,\n outputTokens: usage.outputTokens,\n cacheReadTokens: usage.cacheReadTokens,\n cacheWriteTokens: usage.cacheWriteTokens,\n costCentsX100,\n durationMs: totalDurationMs,\n status: runStatus,\n errorMessage,\n metadata: null,\n createdAt: runStart,\n };\n spans.push(llmSpan);\n }\n\n const parentSpan: TraceSpan = {\n id: parentSpanId,\n runId,\n threadId,\n userId,\n parentSpanId: null,\n spanType: \"agent_run\",\n name: \"agent_run\",\n inputTokens: usage?.inputTokens ?? 0,\n outputTokens: usage?.outputTokens ?? 0,\n cacheReadTokens: usage?.cacheReadTokens ?? 0,\n cacheWriteTokens: usage?.cacheWriteTokens ?? 0,\n costCentsX100,\n durationMs: totalDurationMs,\n status: runStatus,\n errorMessage,\n metadata: null,\n createdAt: runStart,\n };\n spans.push(parentSpan);\n\n const summary: TraceSummary = {\n runId,\n threadId,\n userId,\n totalSpans: spans.length,\n llmCalls: llmCallCount,\n toolCalls: toolCallCount,\n successfulTools,\n failedTools,\n totalDurationMs,\n totalCostCentsX100: costCentsX100,\n totalInputTokens: usage?.inputTokens ?? 0,\n totalOutputTokens: usage?.outputTokens ?? 0,\n model: usage?.model ?? loopOpts.model,\n createdAt: runStart,\n };\n\n writeTraceData(spans, summary, runId, config).catch(() => {});\n }\n\n return usage!;\n}\n\nasync function writeTraceData(\n spans: TraceSpan[],\n summary: TraceSummary,\n runId: string,\n config: ObservabilityConfig,\n): Promise<void> {\n const { insertTraceSpan, upsertTraceSummary } = await import(\"./store.js\");\n await Promise.all(spans.map((s) => insertTraceSpan(s).catch(() => {})));\n await upsertTraceSummary(summary).catch(() => {});\n\n // Fire automated evals after trace data is persisted\n try {\n const { evaluateRun } = await import(\"./evals.js\");\n await evaluateRun(runId, { sampleRate: config.evalSampleRate });\n } catch {}\n}\n"]}
package/dist/org/handlers.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/org/handlers.ts"],"names":[],"mappings":"AA+CA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AA2B1C,2FAA2F;AAC3F,eAAO,MAAM,eAAe;;;;;;;cAaA,OAAO;;;;;;;;;;eAIC,MAAM;iBAAW,MAAM;;;;GA0EzD,CAAC;AAEH,0DAA0D;AAC1D,eAAO,MAAM,gBAAgB;;;;GAe3B,CAAC;AAEH,wDAAwD;AACxD,eAAO,MAAM,kBAAkB;;;cA2CH,OAAO;;;;;GAQjC,CAAC;AAqBH,UAAU,kBAAkB;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC;IACzB,MAAM,EAAE,SAAS,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,UAAU,mBAAmB;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAsED,8EAA8E;AAC9E,eAAO,MAAM,uBAAuB;;;;GAuEnC,CAAC;AAEF,gFAAgF;AAChF,eAAO,MAAM,sBAAsB;;;;;;;;;GAyBlC,CAAC;AAEF,4EAA4E;AAC5E,eAAO,MAAM,uBAAuB;;;UAoD8B,OAAO;GAkBxE,CAAC;AAEF,oFAAoF;AACpF,eAAO,MAAM,mBAAmB;;GA2D/B,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB;;;GAqEnC,CAAC;AAEF,oFAAoF;AACpF,eAAO,MAAM,gBAAgB;;;GA4B3B,CAAC;AAEH,4EAA4E;AAC5E,eAAO,MAAM,gBAAgB;;;UAkCC,OAAO;GAEnC,CAAC;AAEH,mGAAmG;AACnG,eAAO,MAAM,mBAAmB;;;UAqDR,OAAO;GAG9B,CAAC;AAEF,+FAA+F;AAC/F,eAAO,MAAM,gBAAgB;;GAsE3B,CAAC;AAEH,oGAAoG;AACpG,eAAO,MAAM,mBAAmB;;;GA0C/B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,oBAAoB;;;;;YA2DvB,MAAM;cACJ,MAAM;aACP,MAAM;YACP,OAAO;iBACF,MAAM;gBACP,MAAM;;GAyDnB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,uBAAuB;;;GAgGnC,CAAC"}
1
+ {"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/org/handlers.ts"],"names":[],"mappings":"AAgDA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AA2B1C,2FAA2F;AAC3F,eAAO,MAAM,eAAe;;;;;;;cAaA,OAAO;;;;;;;;;;eAIC,MAAM;iBAAW,MAAM;;;;GA0EzD,CAAC;AAEH,0DAA0D;AAC1D,eAAO,MAAM,gBAAgB;;;;GAe3B,CAAC;AAEH,wDAAwD;AACxD,eAAO,MAAM,kBAAkB;;;cA2CH,OAAO;;;;;GAQjC,CAAC;AAqBH,UAAU,kBAAkB;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC;IACzB,MAAM,EAAE,SAAS,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,UAAU,mBAAmB;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAsED,8EAA8E;AAC9E,eAAO,MAAM,uBAAuB;;;;GAuEnC,CAAC;AAEF,gFAAgF;AAChF,eAAO,MAAM,sBAAsB;;;;;;;;;GAyBlC,CAAC;AAEF,4EAA4E;AAC5E,eAAO,MAAM,uBAAuB;;;UAoD8B,OAAO;GAkBxE,CAAC;AAEF,oFAAoF;AACpF,eAAO,MAAM,mBAAmB;;GA2D/B,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB;;;GAqEnC,CAAC;AAEF,oFAAoF;AACpF,eAAO,MAAM,gBAAgB;;;GA4B3B,CAAC;AAEH,4EAA4E;AAC5E,eAAO,MAAM,gBAAgB;;;UAkCC,OAAO;GAEnC,CAAC;AAEH,mGAAmG;AACnG,eAAO,MAAM,mBAAmB;;;UAqDR,OAAO;GAG9B,CAAC;AAEF,+FAA+F;AAC/F,eAAO,MAAM,gBAAgB;;GAsE3B,CAAC;AAEH,oGAAoG;AACpG,eAAO,MAAM,mBAAmB;;;GA0C/B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,oBAAoB;;;;;YA2DvB,MAAM;cACJ,MAAM;aACP,MAAM;YACP,OAAO;iBACF,MAAM;gBACP,MAAM;;GA6DnB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,uBAAuB;;;GAgGnC,CAAC"}
package/dist/org/handlers.js CHANGED
@@ -34,6 +34,7 @@ import { getDbExec } from "../db/client.js";
34
34
  import { sendEmail, isEmailConfigured } from "../server/email.js";
35
35
  import { renderInviteEmail } from "../server/email-templates.js";
36
36
  import { getAppProductionUrl } from "../server/app-url.js";
37
+ import { ssrfSafeFetch } from "../extensions/url-safety.js";
37
38
  import { getOrgContext, createOrganization } from "./context.js";
38
39
  import { isFreeEmailProvider } from "./free-email-providers.js";
39
40
  function getInviteAppUrl(event) {
@@ -820,14 +821,14 @@ export const syncA2ASecretHandler = defineEventHandler(async (event) => {
820
821
  try {
821
822
  const token = await signA2AToken(ctx.email, orgDomain, signSecret);
822
823
  const target = `${agent.url.replace(/\/$/, "")}/_agent-native/org/a2a-secret/receive`;
823
- const res = await fetch(target, {
824
+ const res = await ssrfSafeFetch(target, {
824
825
  method: "POST",
825
826
  headers: {
826
827
  "Content-Type": "application/json",
827
828
  Authorization: `Bearer ${token}`,
828
829
  },
829
830
  body: JSON.stringify({ secret, orgDomain }),
830
- });
831
+ }, { maxRedirects: 3 });
831
832
  if (!res.ok) {
832
833
  const text = await res.text().catch(() => "");
833
834
  results.push({
package/dist/org/handlers.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"handlers.js","sourceRoot":"","sources":["../../src/org/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,WAAW,GAEZ,MAAM,IAAI,CAAC;AAEZ;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC/C,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,yBAAyB,CAAC;QACrC,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;IACzD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AAED,iGAAiG;AACjG,SAAS,kBAAkB,CAAC,KAAc;IACxC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAClD,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC;QACnC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;QAC7B,IAAI,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACxD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AACD,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAGhE,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,OAAO,SAAS,EAAE,CAAC;AACrB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAkC;IAC1D,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,2FAA2F;AAC3F,MAAM,CAAC,MAAM,eAAe,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IACzE,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IAEvC,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;mCAG0B;QAC/B,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC5C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;KACzC,CAAC,CAAC,CAAC;IAEJ,IAAI,aAAa,GAA8C,EAAE,CAAC;IAClE,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IACtD,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;gBAC5B,GAAG,EAAE;;;;;;;;kBAQK;gBACV,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;aACxC,CAAC,CAAC;YACH,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;gBAC1C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnB,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;aACxB,CAAC,CAAC,CAAC;QACN,CAAC;QAAC,MAAM,CAAC;YACP,kEAAkE;QACpE,CAAC;IACH,CAAC;IAED,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;gBAC5B,GAAG,EAAE,2EAA2E;gBAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;aAClB,CAAC,CAAC;YACH,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClB,aAAa;oBACX,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;gBAC9D,SAAS,GAAG,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;YACtE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC;IAEpE,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,oEAAoE;QACpE,6DAA6D;QAC7D,kEAAkE;QAClE,+DAA+D;QAC/D,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC1D,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;QACxC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;KAC/C,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,IAAI;QACJ,kBAAkB;QAClB,aAAa;QACb,aAAa;QACb,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KAClD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,0DAA0D;AAC1D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9E,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AACzC,CAAC,CAAC,CAAC;AAEH,wDAAwD;AACxD,MAAM,CAAC,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC5E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IAEzE,MAAM,GAAG,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,CACb,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC9B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;QACzB,EAAE,CACH;SACE,IAAI,EAAE;SACN,WAAW,EAAE,CAAC;IACjB,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,IAAI,SAAS,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,cAAc;QAC1B,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC;QACzD,CAAC,CAAC,IAAI,CAAC;IACT,MAAM,MAAM,GAAG,cAAc;QAC3B,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC;QAC7D,CAAC,CAAC,CAAC,CAAC;IAEN,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,IAAI,GAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,IAAI,GAAG,GAAG,+EAA+E,CAAC;IAC1F,IAAI,MAAM,EAAE,CAAC;QACX,GAAG,IAAI,sCAAsC,CAAC;QAC9C,IAAI,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IACD,GAAG,IAAI,4BAA4B,CAAC;IACpC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,GAAG,IAAI,mBAAmB,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG;QACH,IAAI;KACL,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9D,MAAM,OAAO,GAAG,KAAK,KAAK,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,SAAS,CAAC;KAC5C,CAAC,CAAC,CAAC;IACJ,OAAO;QACL,OAAO;QACP,OAAO;QACP,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;KACrD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,YAAY,CACnB,KAAoB,EACpB,QAAgB,EAChB,GAAW,EACX,GAAW;IAEX,MAAM,KAAK,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACrE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC7C,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,OAAO,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;AAChD,CAAC;AAgBD,KAAK,UAAU,SAAS,CACtB,GAA6D,EAC7D,QAAgB,EAChB,IAAwB,EACxB,KAAc;IAEd,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9C,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kBAAkB,QAAQ,EAAE;SACtC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC;KACzB,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,GAAG,KAAK,sBAAsB;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,oGAAoG;QACzG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC;KACzB,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wCAAwC,KAAK,EAAE;SACzD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4HAA4H;QACjI,IAAI,EAAE,CAAC,EAAE,EAAE,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC;KAC1D,CAAC,CAAC;IAEH,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,IAAI,UAA8B,CAAC;IACnC,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;gBAChD,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,WAAW;gBACnC,SAAS,EAAE,eAAe,CAAC,KAAK,CAAC;gBACjC,OAAO,EAAE,GAAG,CAAC,KAAK;aACnB,CAAC,CAAC;YACH,MAAM,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,UAAU,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACvE,CAAC;AAED,8EAA8E;AAC9E,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sDAAsD;SAChE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IAEnC,sEAAsE;IACtE,+DAA+D;IAC/D,sDAAsD;IACtD,MAAM,YAAY,GAChB,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;QAC1B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC;YAC9B,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE,KAAK,IAAI,EAAE,CAAC;YAC/B,IAAI,EAAE,GAAG,EAAE,IAAI;SAChB,CAAC,CAAC;QACL,CAAC,CAAC,IAAI,CAAC;IAEX,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,SAAS,GAAyB,EAAE,CAAC;QAC3C,MAAM,MAAM,GAA0B,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAE/B,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK;gBAAE,SAAS;YACrB,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS;YAC9B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAEhB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAC5B,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,EAC5D,GAAG,CAAC,KAAK,EACT,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAC7B,KAAK,CACN,CAAC;gBACF,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACzB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAED,OAAO;YACL,SAAS;YACT,MAAM;YACN,KAAK,EAAE,SAAS,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM;SACxC,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,MAAM,IAAI,GAAG,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,SAAS,CAC5B,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,EAC5D,IAAI,EAAE,KAAK,IAAI,EAAE,EACjB,IAAI,EACJ,KAAK,CACN,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC,CACF,CAAC;AAEF,gFAAgF;AAChF,MAAM,CAAC,MAAM,sBAAsB,GAAG,kBAAkB,CACtD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAE3C,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE;;oDAEyC;QAC9C,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACxC,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;QACxB,IAAI,EACD,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAa,KAAK,OAAO;YACjD,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,QAAQ;KACf,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,WAAW,EAAE,CAAC;AACzB,CAAC,CACF,CAAC;AAEF,4EAA4E;AAC5E,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,YAAY,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,2DAA2D;QAC3D,gDAAgD;QAChD,GAAG,EAAE;6EACkE;QACvE,IAAI,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KAC1C,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,UAAU,GAAY,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEtE,MAAM,kBAAkB,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACzC,GAAG,EAAE,4EAA4E;QACjF,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACtC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,qDAAqD;QAC1D,IAAI,EAAE,CAAC,QAAQ,CAAC;KACjB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAE5D,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,CAAC,OAAO,CAAC;YACd,GAAG,EAAE,6DAA6D;YAClE,IAAI,EAAE,CAAC,YAAY,CAAC;SACrB,CAAC,CAAC;QACH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClE,OAAO;YACL,KAAK,EAAE,QAAQ;YACf,OAAO;YACP,IAAI,EAAE,MAAM,CAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAY;SAClE,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,qFAAqF;QAC1F,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC1D,CAAC,CAAC;IAEH,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,6DAA6D;QAClE,IAAI,EAAE,CAAC,YAAY,CAAC;KACrB,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;IAElE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,gEAAgE;IAChE,kEAAkE;IAClE,kEAAkE;IAClE,gEAAgE;IAChE,+DAA+D;IAC/D,mEAAmE;IACnE,uCAAuC;IACvC,MAAM,gBAAgB,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IACnD,IAAI,gBAAgB,KAAK,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACzE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,gEAAgE;IAChE,iEAAiE;IACjE,6DAA6D;IAC7D,8DAA8D;IAC9D,gEAAgE;IAChE,6DAA6D;IAC7D,gEAAgE;IAChE,2DAA2D;IAC3D,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,+DAA+D;QACpE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC,CACF,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,gBAAgB,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAEnD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEzD,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,qEAAqE;IACrE,kCAAkC;IAClC,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,4EAA4E;QACjF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,CAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAY,CAAC;IAErE,IAAI,WAAW,KAAK,OAAO,EAAE,CAAC;QAC5B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,qEAAqE;IACrE,gEAAgE;IAChE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,WAAW,KAAK,OAAO,IAAI,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;QAC1E,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+CAA+C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,sEAAsE;IACtE,iEAAiE;IACjE,qDAAqD;IACrD,IAAI,gBAAgB,KAAK,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACzE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,qDAAqD;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,uEAAuE;QAC5E,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KAC1C,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;AAC3C,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,gDAAgD;QACrD,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC;KACxB,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;AACpC,CAAC,CAAC,CAAC;AAEH,4EAA4E;AAC5E,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IAEH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACtC,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC;QAC5C,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAY;KAClC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,mGAAmG;AACnG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,CAAC;KACd,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IAEtD,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,UAAU,EAAE,CAAC;QACnD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qEAAqE;SACxE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC3C,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;QACzB,IAAI,EAAE,QAAmB;KAC1B,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,+FAA+F;AAC/F,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC;IAExD,IAAI,GAAG,IAAI,CAAC,+CAA+C,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACtE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,GAAG,EAAE,CAAC;QACR,sEAAsE;QACtE,sEAAsE;QACtE,sEAAsE;QACtE,6DAA6D;QAC7D,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EACL,2HAA2H;aAC9H,CAAC,CAAC;QACL,CAAC;QAED,mEAAmE;QACnE,iEAAiE;QACjE,oEAAoE;QACpE,mEAAmE;QACnE,gCAAgC;QAChC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QAC/D,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,iDAAiD,SAAS,IAAI;aACxE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;YAC/B,GAAG,EAAE,kFAAkF;YACvF,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;SACvB,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,+CAA+C;aACzD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,0DAA0D;QAC/D,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;KACvB,CAAC,CAAC;IAEH,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,oGAAoG;AACpG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAE1C,2CAA2C;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACpD,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,wEAAwE;IACxE,8DAA8D;IAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,2DAA2D;QAChE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,cAAc,GAClB,MAAM,CAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE7D,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC;KAC1B,CAAC,CAAC;IAEH,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;AAC/C,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,kBAAkB,CACpD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,kBAAkB,GACtB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QAC5D,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QACxB,CAAC,CAAC,IAAI,CAAC;IAEX,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,2EAA2E;QAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IACvD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE9D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2DAA2D;SACrE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,+GAA+G;SAClH,CAAC,CAAC;IACL,CAAC;IAED,MAAM,UAAU,GAAG,kBAAkB,IAAI,MAAM,CAAC;IAEhD,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;IACxE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAE1D,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;IAEtC,MAAM,OAAO,GAOR,EAAE,CAAC;IAER,MAAM,OAAO,CAAC,GAAG,CACf,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACzB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAEnE,MAAM,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,uCAAuC,CAAC;YACtF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC9B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,KAAK,EAAE;iBACjC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;aAC5C,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC;oBACX,EAAE,EAAE,KAAK,CAAC,EAAE;oBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;oBACd,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,KAAK,EAAE,IAAI,IAAI,GAAG,CAAC,UAAU;iBAC9B,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,GAAG,CAAC,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC;IACrD,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,SAAS;QACT,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,SAAS;QAClC,OAAO;KACR,CAAC;AACJ,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAElC,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5D,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEjD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7D,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,SAAS,KAAK,QAAQ;QACjC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,CAAC,CAAC,EAAE,CAAC;IACT,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,sEAAsE;IACtE,sEAAsE;IACtE,IAAI,aAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACzC,aAAa;YACV,UAAU,CAAC,UAAiC,IAAI,SAAS,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,eAAe;SACzB,CAAC,CAAC;IACL,CAAC;IACD,IACE,CAAC,aAAa;QACd,aAAa,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,WAAW,EAAE,EACvD,CAAC;QACD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,4CAA4C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,kFAAkF;QACvF,IAAI,EAAE,CAAC,SAAS,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE5D,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,qEAAqE;QACrE,8DAA8D;QAC9D,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qGAAqG;SACxG,CAAC,CAAC;IACL,CAAC;IAED,uEAAuE;IACvE,mEAAmE;IACnE,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KAC9B,CAAC,CAAC;IAEH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;AACzC,CAAC,CACF,CAAC","sourcesContent":["import {\n defineEventHandler,\n getRouterParam,\n getRequestURL,\n createError,\n type H3Event,\n} from \"h3\";\n\n/**\n * Extract the :id from invitation-accept paths. The framework request handler\n * strips the mount prefix before calling the handler, so `event.url.pathname`\n * is the relative tail — e.g. `/some-id/accept`. Falls back to matching the\n * full path for contexts that don't strip, and to the h3 router param.\n */\nfunction extractInvitationId(event: H3Event): string | undefined {\n const fromRouter = getRouterParam(event, \"id\");\n if (fromRouter) return fromRouter;\n const path = getRequestURL(event).pathname;\n const match =\n path.match(/^\\/([^\\/]+)\\/accept\\/?$/) ??\n path.match(/\\/org\\/invitations\\/([^\\/]+)\\/accept\\/?$/);\n return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\n\n/** Extract the :email from member-delete and member-role paths. Same prefix-stripping caveat. */\nfunction extractMemberEmail(event: H3Event): string | undefined {\n const fromRouter = getRouterParam(event, \"email\");\n if (fromRouter) return fromRouter;\n const path = getRequestURL(event).pathname;\n const match =\n path.match(/^\\/([^\\/]+)\\/role\\/?$/) ??\n path.match(/^\\/([^\\/]+)\\/?$/) ??\n path.match(/\\/org\\/members\\/([^\\/]+)(?:\\/role)?\\/?$/);\n return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\nconst nanoid = (): string =>\n globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n Math.random().toString(36).slice(2) + Date.now().toString(36);\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { getSession } from \"../server/auth.js\";\nimport { putUserSetting } from \"../settings/user-settings.js\";\nimport { getDbExec } from \"../db/client.js\";\nimport { sendEmail, isEmailConfigured } from \"../server/email.js\";\nimport { renderInviteEmail } from \"../server/email-templates.js\";\nimport { getAppProductionUrl } from \"../server/app-url.js\";\nimport { getOrgContext, createOrganization } from \"./context.js\";\nimport { isFreeEmailProvider } from \"./free-email-providers.js\";\nimport type { OrgRole } from \"./types.js\";\n\nfunction getInviteAppUrl(event: H3Event): string {\n return getAppProductionUrl(event);\n}\n\nfunction escapeHtml(s: string): string {\n return s\n .replace(/&/g, \"&amp;\")\n .replace(/</g, \"&lt;\")\n .replace(/>/g, \"&gt;\")\n .replace(/\"/g, \"&quot;\")\n .replace(/'/g, \"&#39;\");\n}\n\nasync function exec() {\n return getDbExec();\n}\n\nfunction requireAuthEmail(session: { email?: string } | null): string {\n const email = session?.email;\n if (!email) {\n throw createError({ statusCode: 401, message: \"Authentication required\" });\n }\n return email;\n}\n\n/** GET /_agent-native/org/me — current user's active org, all orgs, pending invitations */\nexport const getMyOrgHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n\n const e = await exec();\n const allOrgsRes = await e.execute({\n sql: `SELECT m.org_id AS \"orgId\", m.role AS role, o.name AS \"orgName\"\n FROM org_members m\n INNER JOIN organizations o ON m.org_id = o.id\n WHERE LOWER(m.email) = ?`,\n args: [ctx.email.toLowerCase()],\n });\n const orgs = allOrgsRes.rows.map((r: any) => ({\n orgId: String(r.orgId ?? r.org_id),\n role: String(r.role) as OrgRole,\n orgName: String(r.orgName ?? r.org_name),\n }));\n\n let domainMatches: Array<{ orgId: string; orgName: string }> = [];\n const domain = ctx.email.split(\"@\")[1]?.toLowerCase();\n if (domain) {\n try {\n const dmRes = await e.execute({\n sql: `SELECT o.id, o.name\n FROM organizations o\n WHERE LOWER(o.allowed_domain) = ?\n AND NOT EXISTS (\n SELECT 1\n FROM org_members m\n WHERE m.org_id = o.id\n AND LOWER(m.email) = ?\n )`,\n args: [domain, ctx.email.toLowerCase()],\n });\n domainMatches = dmRes.rows.map((r: any) => ({\n orgId: String(r.id),\n orgName: String(r.name),\n }));\n } catch {\n // allowed_domain column may not exist yet if migration hasn't run\n }\n }\n\n let allowedDomain: string | null = null;\n let a2aSecret: string | null = null;\n if (ctx.orgId) {\n try {\n const adRes = await e.execute({\n sql: `SELECT allowed_domain, a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n if (adRes.rows[0]) {\n allowedDomain =\n String((adRes.rows[0] as any).allowed_domain ?? \"\") || null;\n a2aSecret = String((adRes.rows[0] as any).a2a_secret ?? \"\") || null;\n }\n } catch {\n // Column may not exist yet\n }\n }\n\n const isOwnerOrAdmin = ctx.role === \"owner\" || ctx.role === \"admin\";\n\n const invitesRes = await e.execute({\n // Case-insensitive match: invitations are stored with whatever case\n // the inviter typed, but the session email may be normalized\n // differently by the auth provider. LOWER(both sides) keeps these\n // discoverable and matches getOrgContext.hasPendingInvitation.\n sql: `SELECT i.id AS id, i.org_id AS \"orgId\", o.name AS \"orgName\", i.invited_by AS \"invitedBy\"\n FROM org_invitations i\n INNER JOIN organizations o ON i.org_id = o.id\n WHERE LOWER(i.email) = ? AND i.status = 'pending'`,\n args: [ctx.email.toLowerCase()],\n });\n const pendingInvitations = invitesRes.rows.map((r: any) => ({\n id: String(r.id),\n orgId: String(r.orgId ?? r.org_id),\n orgName: String(r.orgName ?? r.org_name),\n invitedBy: String(r.invitedBy ?? r.invited_by),\n }));\n\n return {\n email: ctx.email,\n orgId: ctx.orgId,\n orgName: ctx.orgName,\n role: ctx.role,\n orgs,\n pendingInvitations,\n domainMatches,\n allowedDomain,\n a2aSecret: isOwnerOrAdmin ? a2aSecret : undefined,\n };\n});\n\n/** POST /_agent-native/org — create a new organization */\nexport const createOrgHandler = defineEventHandler(async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const name = body?.name?.trim();\n if (!name) {\n throw createError({\n statusCode: 400,\n message: \"Organization name is required\",\n });\n }\n\n const { id, name: createdName, role } = await createOrganization(name, email);\n return { id, name: createdName, role };\n});\n\n/** GET /_agent-native/org/members — list org members */\nexport const listMembersHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) return { members: [], hasMore: false, nextOffset: null };\n\n const url = getRequestURL(event);\n const search = (\n url.searchParams.get(\"search\") ??\n url.searchParams.get(\"q\") ??\n \"\"\n )\n .trim()\n .toLowerCase();\n const hasLimit = url.searchParams.has(\"limit\");\n const hasOffset = url.searchParams.has(\"offset\");\n const shouldPaginate = hasLimit || hasOffset || search.length > 0;\n const limit = shouldPaginate\n ? clampInteger(url.searchParams.get(\"limit\"), 25, 1, 100)\n : null;\n const offset = shouldPaginate\n ? clampInteger(url.searchParams.get(\"offset\"), 0, 0, 100_000)\n : 0;\n\n const e = await exec();\n const args: unknown[] = [ctx.orgId];\n let sql = `SELECT email, role, joined_at AS \"joinedAt\" FROM org_members WHERE org_id = ?`;\n if (search) {\n sql += ` AND LOWER(email) LIKE ? ESCAPE '\\\\'`;\n args.push(`%${escapeLike(search)}%`);\n }\n sql += ` ORDER BY LOWER(email) ASC`;\n if (limit !== null) {\n sql += ` LIMIT ? OFFSET ?`;\n args.push(limit + 1, offset);\n }\n\n const { rows } = await e.execute({\n sql,\n args,\n });\n const pageRows = limit !== null ? rows.slice(0, limit) : rows;\n const hasMore = limit !== null && rows.length > limit;\n const members = pageRows.map((r: any) => ({\n email: String(r.email),\n role: String(r.role) as OrgRole,\n joinedAt: Number(r.joinedAt ?? r.joined_at),\n }));\n return {\n members,\n hasMore,\n nextOffset: hasMore ? offset + members.length : null,\n };\n});\n\nfunction clampInteger(\n input: string | null,\n fallback: number,\n min: number,\n max: number,\n): number {\n const value = input === null ? fallback : Number.parseInt(input, 10);\n if (!Number.isFinite(value)) return fallback;\n return Math.min(max, Math.max(min, value));\n}\n\nfunction escapeLike(value: string): string {\n return value.replace(/[\\\\%_]/g, (match) => `\\\\${match}`);\n}\n\nfunction normalizeInviteRole(input: unknown): \"member\" | \"admin\" {\n return input === \"admin\" ? \"admin\" : \"member\";\n}\n\ninterface SingleInviteResult {\n id: string;\n email: string;\n role: \"member\" | \"admin\";\n status: \"pending\";\n emailSent: boolean;\n emailError?: string;\n}\n\ninterface SingleInviteFailure {\n email: string;\n error: string;\n}\n\nasync function inviteOne(\n ctx: { orgId: string; orgName: string | null; email: string },\n rawEmail: string,\n role: \"member\" | \"admin\",\n event: H3Event,\n): Promise<SingleInviteResult> {\n const email = rawEmail.trim().toLowerCase();\n if (!email) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n if (!/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/.test(email)) {\n throw createError({\n statusCode: 400,\n message: `Invalid email: ${rawEmail}`,\n });\n }\n\n const e = await exec();\n\n const existingMember = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [ctx.orgId, email],\n });\n if (existingMember.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: `${email} is already a member`,\n });\n }\n\n const existingInvite = await e.execute({\n sql: `SELECT 1 FROM org_invitations WHERE org_id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n args: [ctx.orgId, email],\n });\n if (existingInvite.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: `An invitation is already pending for ${email}`,\n });\n }\n\n const id = nanoid();\n await e.execute({\n sql: `INSERT INTO org_invitations (id, org_id, email, invited_by, created_at, status, role) VALUES (?, ?, ?, ?, ?, 'pending', ?)`,\n args: [id, ctx.orgId, email, ctx.email, Date.now(), role],\n });\n\n let emailSent = false;\n let emailError: string | undefined;\n if (isEmailConfigured()) {\n try {\n const { subject, html, text } = renderInviteEmail({\n invitee: email,\n orgName: ctx.orgName || \"your team\",\n acceptUrl: getInviteAppUrl(event),\n inviter: ctx.email,\n });\n await sendEmail({ to: email, subject, html, text });\n emailSent = true;\n } catch (err) {\n emailError = err instanceof Error ? err.message : String(err);\n console.error(\"[org/invitations] failed to send invite email\", err);\n }\n }\n\n return { id, email, role, status: \"pending\", emailSent, emailError };\n}\n\n/** POST /_agent-native/org/invitations — invite one or many users by email */\nexport const createInvitationHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"You must belong to an organization to invite members\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can invite members\",\n });\n }\n\n const body = await readBody(event);\n\n // Bulk shape: { invites: [{ email, role }, ...] } — preferred for any\n // multi-recipient flow (paste-many, CSV upload). Single shape:\n // { email, role } — kept for backwards compatibility.\n const invitesInput: Array<{ email: string; role?: string }> | null =\n Array.isArray(body?.invites)\n ? body.invites.map((inv: any) => ({\n email: String(inv?.email ?? \"\"),\n role: inv?.role,\n }))\n : null;\n\n if (invitesInput) {\n const succeeded: SingleInviteResult[] = [];\n const failed: SingleInviteFailure[] = [];\n const seen = new Set<string>();\n\n for (const inv of invitesInput) {\n const lower = inv.email.trim().toLowerCase();\n if (!lower) continue;\n if (seen.has(lower)) continue;\n seen.add(lower);\n\n try {\n const result = await inviteOne(\n { orgId: ctx.orgId, orgName: ctx.orgName, email: ctx.email },\n inv.email,\n normalizeInviteRole(inv.role),\n event,\n );\n succeeded.push(result);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n failed.push({ email: lower, error: message });\n }\n }\n\n return {\n succeeded,\n failed,\n total: succeeded.length + failed.length,\n };\n }\n\n // Single-invite shape.\n const role = normalizeInviteRole(body?.role);\n const result = await inviteOne(\n { orgId: ctx.orgId, orgName: ctx.orgName, email: ctx.email },\n body?.email ?? \"\",\n role,\n event,\n );\n return result;\n },\n);\n\n/** GET /_agent-native/org/invitations — list pending invitations for the org */\nexport const listInvitationsHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) return { invitations: [] };\n\n const e = await exec();\n const { rows } = await e.execute({\n sql: `SELECT id, email, invited_by AS \"invitedBy\", created_at AS \"createdAt\", status, role\n FROM org_invitations\n WHERE org_id = ? AND status = 'pending'`,\n args: [ctx.orgId],\n });\n const invitations = rows.map((r: any) => ({\n id: String(r.id),\n email: String(r.email),\n invitedBy: String(r.invitedBy ?? r.invited_by),\n createdAt: Number(r.createdAt ?? r.created_at),\n status: String(r.status),\n role:\n (String(r.role ?? \"member\") as OrgRole) === \"admin\"\n ? \"admin\"\n : \"member\",\n }));\n return { invitations };\n },\n);\n\n/** POST /_agent-native/org/invitations/:id/accept — accept an invitation */\nexport const acceptInvitationHandler = defineEventHandler(\n async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const invitationId = extractInvitationId(event);\n if (!invitationId) {\n throw createError({\n statusCode: 400,\n message: \"Invitation ID required\",\n });\n }\n\n const e = await exec();\n\n const invRes = await e.execute({\n // Case-insensitive on email — see comment on the analogous\n // pending-invitations query in getMyOrgHandler.\n sql: `SELECT id, org_id AS \"orgId\", role FROM org_invitations\n WHERE id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n args: [invitationId, email.toLowerCase()],\n });\n if (invRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"Invitation not found or already used\",\n });\n }\n const inv = invRes.rows[0] as any;\n const invOrgId = String(inv.orgId ?? inv.org_id);\n const inviteRole: OrgRole = inv.role === \"admin\" ? \"admin\" : \"member\";\n\n const existingMembership = await e.execute({\n sql: `SELECT role FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [invOrgId, email.toLowerCase()],\n });\n\n const orgRes = await e.execute({\n sql: `SELECT name FROM organizations WHERE id = ? LIMIT 1`,\n args: [invOrgId],\n });\n const orgName = String((orgRes.rows[0] as any)?.name ?? \"\");\n\n if (existingMembership.rows.length > 0) {\n await e.execute({\n sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n args: [invitationId],\n });\n await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n return {\n orgId: invOrgId,\n orgName,\n role: String((existingMembership.rows[0] as any).role) as OrgRole,\n };\n }\n\n await e.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, ?, ?)`,\n args: [nanoid(), invOrgId, email, inviteRole, Date.now()],\n });\n\n await e.execute({\n sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n args: [invitationId],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n\n return { orgId: invOrgId, orgName, role: inviteRole };\n },\n);\n\n/** DELETE /_agent-native/org/members/:email — remove a member (owner/admin only) */\nexport const removeMemberHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can remove members\",\n });\n }\n\n const memberEmail = extractMemberEmail(event);\n if (!memberEmail) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n\n // memberEmail comes from the URL path verbatim; org_members may\n // hold the row with any case. LOWER both sides for the lookup AND\n // the DELETE so removal works regardless of how either side cased\n // it. The self-removal guard ALSO compares case-insensitively —\n // otherwise an owner whose email was stored as Alice@... could\n // remove themselves via the lowercase URL alice@..., bypassing the\n // guard and leaving the org ownerless.\n const memberEmailLower = memberEmail.toLowerCase();\n if (memberEmailLower === ctx.email.toLowerCase() && ctx.role === \"owner\") {\n throw createError({\n statusCode: 400,\n message: \"Organization owner cannot remove themselves\",\n });\n }\n const e = await exec();\n // Look specifically for an OWNER row matching this email rather\n // than just \"any matching row\". Duplicate-case rows are possible\n // (e.g. legacy data with both \"Alice@...\" and \"alice@...\" in\n // org_members), and the prior `SELECT role ... LIMIT 1` could\n // return the non-owner duplicate, pass the role check, and then\n // the case-insensitive DELETE below would remove BOTH rows —\n // including the owner — leaving the org ownerless. Querying for\n // the owner row directly closes that case-mismatch attack.\n const ownerCheck = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? AND role = 'owner' LIMIT 1`,\n args: [ctx.orgId, memberEmailLower],\n });\n if (ownerCheck.rows.length > 0) {\n throw createError({\n statusCode: 403,\n message: \"Cannot remove the organization owner\",\n });\n }\n\n await e.execute({\n sql: `DELETE FROM org_members WHERE org_id = ? AND LOWER(email) = ?`,\n args: [ctx.orgId, memberEmailLower],\n });\n\n return { success: true };\n },\n);\n\n/**\n * PUT /_agent-native/org/members/:email/role — change a member's role\n * (owner/admin only). Body: { role: \"admin\" | \"member\" }.\n *\n * Only owners can promote/demote admins. (Admins can manage members but\n * not other admins — otherwise an admin could escalate themselves to\n * owner-equivalent control by promoting a confederate.)\n */\nexport const changeMemberRoleHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can change member roles\",\n });\n }\n\n const memberEmail = extractMemberEmail(event);\n if (!memberEmail) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n const memberEmailLower = memberEmail.toLowerCase();\n\n const body = await readBody(event);\n const role = body?.role === \"admin\" ? \"admin\" : \"member\";\n\n const e = await exec();\n\n // Look up the target member's current role to enforce sensible rules\n // about what changes are allowed.\n const current = await e.execute({\n sql: `SELECT role FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [ctx.orgId, memberEmailLower],\n });\n if (current.rows.length === 0) {\n throw createError({ statusCode: 404, message: \"Member not found\" });\n }\n const currentRole = String((current.rows[0] as any).role) as OrgRole;\n\n if (currentRole === \"owner\") {\n throw createError({\n statusCode: 400,\n message: \"Cannot change the organization owner's role\",\n });\n }\n\n // Admins are scoped to managing members. If they could promote\n // members to admin, they could grant near-owner powers without owner\n // approval. Restrict admin/admin role transitions to the owner.\n if (ctx.role === \"admin\" && (currentRole === \"admin\" || role === \"admin\")) {\n throw createError({\n statusCode: 403,\n message: \"Only the organization owner can manage admins\",\n });\n }\n\n // Self-demotion guard: prevent the only admin from removing their own\n // ability to manage things, and prevent the owner-self edge case\n // (already filtered above by the currentRole check).\n if (memberEmailLower === ctx.email.toLowerCase() && ctx.role === \"admin\") {\n throw createError({\n statusCode: 400,\n message: \"Use the owner account to change your own admin role\",\n });\n }\n\n await e.execute({\n sql: `UPDATE org_members SET role = ? WHERE org_id = ? AND LOWER(email) = ?`,\n args: [role, ctx.orgId, memberEmailLower],\n });\n\n return { email: memberEmailLower, role };\n },\n);\n\n/** PATCH /_agent-native/org — rename the current organization (owner/admin only) */\nexport const updateOrgHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can update the organization\",\n });\n }\n\n const body = await readBody(event);\n const name = body?.name?.trim();\n if (!name) {\n throw createError({\n statusCode: 400,\n message: \"Organization name is required\",\n });\n }\n\n const e = await exec();\n await e.execute({\n sql: `UPDATE organizations SET name = ? WHERE id = ?`,\n args: [name, ctx.orgId],\n });\n\n return { orgId: ctx.orgId, name };\n});\n\n/** PUT /_agent-native/org/switch — switch the user's active organization */\nexport const switchOrgHandler = defineEventHandler(async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const orgId = body?.orgId;\n\n if (!orgId) {\n await putUserSetting(email, \"active-org-id\", { orgId: null });\n return { orgId: null, orgName: null, role: null };\n }\n\n const e = await exec();\n const membership = await e.execute({\n sql: `SELECT m.role AS role, o.name AS \"orgName\"\n FROM org_members m\n INNER JOIN organizations o ON m.org_id = o.id\n WHERE m.org_id = ? AND LOWER(m.email) = ? LIMIT 1`,\n args: [orgId, email.toLowerCase()],\n });\n\n if (membership.rows.length === 0) {\n throw createError({\n statusCode: 403,\n message: \"You are not a member of that organization\",\n });\n }\n\n await putUserSetting(email, \"active-org-id\", { orgId });\n\n const row = membership.rows[0] as any;\n return {\n orgId,\n orgName: String(row.orgName ?? row.org_name),\n role: String(row.role) as OrgRole,\n };\n});\n\n/** POST /_agent-native/org/join-by-domain — join an org whose allowed_domain matches your email */\nexport const joinByDomainHandler = defineEventHandler(\n async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const orgId = body?.orgId;\n if (!orgId) {\n throw createError({ statusCode: 400, message: \"orgId is required\" });\n }\n\n const e = await exec();\n\n const orgRes = await e.execute({\n sql: `SELECT id, name, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n args: [orgId],\n });\n if (orgRes.rows.length === 0) {\n throw createError({ statusCode: 404, message: \"Organization not found\" });\n }\n const org = orgRes.rows[0] as any;\n const allowedDomain = String(org.allowed_domain || \"\").toLowerCase();\n const userDomain = email.split(\"@\")[1]?.toLowerCase();\n\n if (!allowedDomain || allowedDomain !== userDomain) {\n throw createError({\n statusCode: 403,\n message:\n \"Your email domain does not match this organization's allowed domain\",\n });\n }\n\n const existing = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [orgId, email.toLowerCase()],\n });\n if (existing.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: \"Already a member of this organization\",\n });\n }\n\n await e.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n args: [nanoid(), orgId, email, Date.now()],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId });\n\n return {\n orgId,\n orgName: String(org.name),\n role: \"member\" as OrgRole,\n };\n },\n);\n\n/** PUT /_agent-native/org/domain — set or clear the allowed email domain (owner/admin only) */\nexport const setDomainHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No active organization\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can set the allowed domain\",\n });\n }\n\n const body = await readBody(event);\n const raw = body?.domain?.trim()?.toLowerCase() || null;\n\n if (raw && !/^([a-z0-9]([a-z0-9-]*[a-z0-9])?\\.)+[a-z]{2,}$/.test(raw)) {\n throw createError({\n statusCode: 400,\n message: \"Invalid domain format\",\n });\n }\n\n if (raw) {\n // Auto-join is \"anyone with this domain joins automatically\". That is\n // safe for company domains (the company controls who gets an address)\n // and catastrophic for shared mailbox providers — anyone in the world\n // could create a matching mailbox and silently join the org.\n if (isFreeEmailProvider(raw)) {\n throw createError({\n statusCode: 400,\n message:\n \"Free email providers (gmail.com, outlook.com, etc.) cannot be used as an auto-join domain. Use your company's own domain.\",\n });\n }\n\n // Restrict to the admin's own email domain. Without this, an admin\n // could set `allowed_domain` to a domain they don't control, and\n // anyone signing up under that domain would join the org. Even with\n // the free-provider blocklist above, that would still let an admin\n // hijack a competitor's domain.\n const ownDomain = ctx.email.split(\"@\")[1]?.toLowerCase() ?? \"\";\n if (raw !== ownDomain) {\n throw createError({\n statusCode: 400,\n message: `You can only auto-join your own email domain (${ownDomain}).`,\n });\n }\n }\n\n const e = await exec();\n\n if (raw) {\n const existing = await e.execute({\n sql: `SELECT id FROM organizations WHERE LOWER(allowed_domain) = ? AND id != ? LIMIT 1`,\n args: [raw, ctx.orgId],\n });\n if (existing.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: \"Another organization already uses this domain\",\n });\n }\n }\n\n await e.execute({\n sql: `UPDATE organizations SET allowed_domain = ? WHERE id = ?`,\n args: [raw, ctx.orgId],\n });\n\n return { domain: raw };\n});\n\n/** PUT /_agent-native/org/a2a-secret — regenerate or set the org's A2A secret (owner/admin only) */\nexport const setA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"No active organization\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can manage the A2A secret\",\n });\n }\n\n const body = await readBody(event);\n let secret = body?.secret?.trim() || null;\n\n // If no secret provided, auto-generate one\n if (!secret) {\n const { randomBytes } = await import(\"node:crypto\");\n secret = randomBytes(32).toString(\"base64url\");\n }\n\n const e = await exec();\n // Read the previous secret BEFORE overwriting so the client can chain a\n // sync call that signs JWTs with the secret peers still hold.\n const prevRes = await e.execute({\n sql: `SELECT a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n const previousSecret =\n String((prevRes.rows[0] as any)?.a2a_secret ?? \"\") || null;\n\n await e.execute({\n sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n args: [secret, ctx.orgId],\n });\n\n return { a2aSecret: secret, previousSecret };\n },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/sync — push the org's A2A secret to all\n * connected apps so cross-app delegation works without manual copy/paste.\n *\n * Auth: standard session — owner/admin only.\n *\n * For each discovered agent, signs a JWT with the org's CURRENT a2a_secret\n * and POSTs to `<app>/_agent-native/org/a2a-secret/receive` with the same\n * secret + the org's domain. The receiving app verifies the JWT using its\n * own copy of the secret (peers must already share a secret to be trusted)\n * — for the first-ever sync this means at least one peer must already hold\n * the secret, which is the bootstrap. For ongoing rotation, regenerate\n * locally and call sync immediately; sync signs with the secret that's\n * currently in DB, which the peers still have.\n *\n * Body (optional): { signSecret?: string } — sign the outbound JWTs with\n * this secret instead of the org's current secret. Used by the regenerate-\n * then-sync flow: regenerate stores the NEW secret, but sync needs to\n * authenticate using the OLD one that peers still hold. Owner/admin only,\n * gated by the session.\n */\nexport const syncA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"No active organization\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can sync the A2A secret\",\n });\n }\n\n const body = await readBody(event).catch(() => null);\n const overrideSignSecret =\n typeof body?.signSecret === \"string\" && body.signSecret.trim()\n ? body.signSecret.trim()\n : null;\n\n const e = await exec();\n const orgRes = await e.execute({\n sql: `SELECT a2a_secret, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n if (orgRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"Organization not found\",\n });\n }\n const orgRow = orgRes.rows[0] as any;\n const secret = String(orgRow.a2a_secret ?? \"\") || null;\n const orgDomain = String(orgRow.allowed_domain ?? \"\") || null;\n\n if (!secret) {\n throw createError({\n statusCode: 400,\n message: \"Org has no A2A secret. Generate one first before syncing.\",\n });\n }\n if (!orgDomain) {\n throw createError({\n statusCode: 400,\n message:\n \"Org has no allowed domain set. Set the email domain first so connected apps can identify which org to update.\",\n });\n }\n\n const signSecret = overrideSignSecret || secret;\n\n const { discoverAgents } = await import(\"../server/agent-discovery.js\");\n const { signA2AToken } = await import(\"../a2a/client.js\");\n\n const agents = await discoverAgents();\n\n const results: Array<{\n id: string;\n name: string;\n url: string;\n ok: boolean;\n status?: number;\n error?: string;\n }> = [];\n\n await Promise.all(\n agents.map(async (agent) => {\n try {\n const token = await signA2AToken(ctx.email, orgDomain, signSecret);\n\n const target = `${agent.url.replace(/\\/$/, \"\")}/_agent-native/org/a2a-secret/receive`;\n const res = await fetch(target, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({ secret, orgDomain }),\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: false,\n status: res.status,\n error: text || res.statusText,\n });\n return;\n }\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: true,\n status: res.status,\n });\n } catch (err) {\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: false,\n error: err instanceof Error ? err.message : String(err),\n });\n }\n }),\n );\n\n const succeeded = results.filter((r) => r.ok).length;\n return {\n total: results.length,\n succeeded,\n failed: results.length - succeeded,\n results,\n };\n },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/receive — accept a secret push from a\n * connected agent-native app. Auth-exempt at the route guard; we verify a\n * JWT signed by the calling app using OUR copy of the org's a2a_secret. If\n * verification succeeds the calling app is a trusted peer and we overwrite\n * our local org's secret with the supplied value.\n *\n * Body: { secret: string, orgDomain: string }\n *\n * Header: Authorization: Bearer <JWT signed with the existing shared\n * a2a_secret, with `org_domain` matching the body's orgDomain>.\n */\nexport const receiveA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const { getRequestHeader } = await import(\"h3\");\n const jose = await import(\"jose\");\n\n const authHeader = getRequestHeader(event, \"authorization\");\n if (!authHeader || !authHeader.startsWith(\"Bearer \")) {\n throw createError({\n statusCode: 401,\n message: \"Bearer token required\",\n });\n }\n const token = authHeader.slice(\"Bearer \".length);\n\n const body = await readBody(event);\n const newSecret =\n typeof body?.secret === \"string\" ? body.secret.trim() : \"\";\n const orgDomain =\n typeof body?.orgDomain === \"string\"\n ? body.orgDomain.trim().toLowerCase()\n : \"\";\n if (!newSecret || !orgDomain) {\n throw createError({\n statusCode: 400,\n message: \"secret and orgDomain are required\",\n });\n }\n\n // Peek at JWT (unverified) to confirm it claims the same domain we're\n // updating. Verification still happens below with the trusted secret.\n let claimedDomain: string | undefined;\n try {\n const unverified = jose.decodeJwt(token);\n claimedDomain =\n (unverified.org_domain as string | undefined) || undefined;\n } catch {\n throw createError({\n statusCode: 401,\n message: \"Malformed JWT\",\n });\n }\n if (\n !claimedDomain ||\n claimedDomain.toLowerCase() !== orgDomain.toLowerCase()\n ) {\n throw createError({\n statusCode: 401,\n message: \"JWT org_domain does not match request body\",\n });\n }\n\n // Look up our local org by the domain and grab the existing secret.\n const e = await exec();\n const orgRes = await e.execute({\n sql: `SELECT id, a2a_secret FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n args: [orgDomain],\n });\n if (orgRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"No local org matches that domain\",\n });\n }\n const row = orgRes.rows[0] as any;\n const localOrgId = String(row.id);\n const existingSecret = String(row.a2a_secret ?? \"\") || null;\n\n if (!existingSecret) {\n // Bootstrap requires an existing shared secret to verify the caller.\n // If we have nothing on file, we can't verify trust — refuse.\n throw createError({\n statusCode: 401,\n message:\n \"Local org has no A2A secret yet — cannot verify caller. Set the secret manually for the first time.\",\n });\n }\n\n // Verify the JWT using OUR existing secret. If the caller is a trusted\n // peer they signed with the same secret and verification succeeds.\n try {\n await jose.jwtVerify(token, new TextEncoder().encode(existingSecret));\n } catch {\n throw createError({\n statusCode: 401,\n message: \"Invalid or expired JWT signature\",\n });\n }\n\n // Trusted — apply the new secret.\n await e.execute({\n sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n args: [newSecret, localOrgId],\n });\n\n return { ok: true, orgId: localOrgId };\n },\n);\n"]}
1
+ {"version":3,"file":"handlers.js","sourceRoot":"","sources":["../../src/org/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,WAAW,GAEZ,MAAM,IAAI,CAAC;AAEZ;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC/C,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,yBAAyB,CAAC;QACrC,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;IACzD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AAED,iGAAiG;AACjG,SAAS,kBAAkB,CAAC,KAAc;IACxC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAClD,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC;QACnC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;QAC7B,IAAI,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACxD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AACD,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAGhE,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,OAAO,SAAS,EAAE,CAAC;AACrB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAkC;IAC1D,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,2FAA2F;AAC3F,MAAM,CAAC,MAAM,eAAe,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IACzE,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IAEvC,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;mCAG0B;QAC/B,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC5C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;KACzC,CAAC,CAAC,CAAC;IAEJ,IAAI,aAAa,GAA8C,EAAE,CAAC;IAClE,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IACtD,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;gBAC5B,GAAG,EAAE;;;;;;;;kBAQK;gBACV,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;aACxC,CAAC,CAAC;YACH,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;gBAC1C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnB,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;aACxB,CAAC,CAAC,CAAC;QACN,CAAC;QAAC,MAAM,CAAC;YACP,kEAAkE;QACpE,CAAC;IACH,CAAC;IAED,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;gBAC5B,GAAG,EAAE,2EAA2E;gBAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;aAClB,CAAC,CAAC;YACH,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClB,aAAa;oBACX,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;gBAC9D,SAAS,GAAG,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;YACtE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC;IAEpE,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,oEAAoE;QACpE,6DAA6D;QAC7D,kEAAkE;QAClE,+DAA+D;QAC/D,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC1D,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;QACxC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;KAC/C,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,IAAI;QACJ,kBAAkB;QAClB,aAAa;QACb,aAAa;QACb,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KAClD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,0DAA0D;AAC1D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9E,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AACzC,CAAC,CAAC,CAAC;AAEH,wDAAwD;AACxD,MAAM,CAAC,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC5E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IAEzE,MAAM,GAAG,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,CACb,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC9B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;QACzB,EAAE,CACH;SACE,IAAI,EAAE;SACN,WAAW,EAAE,CAAC;IACjB,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,QAAQ,IAAI,SAAS,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,cAAc;QAC1B,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC;QACzD,CAAC,CAAC,IAAI,CAAC;IACT,MAAM,MAAM,GAAG,cAAc;QAC3B,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC;QAC7D,CAAC,CAAC,CAAC,CAAC;IAEN,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,IAAI,GAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpC,IAAI,GAAG,GAAG,+EAA+E,CAAC;IAC1F,IAAI,MAAM,EAAE,CAAC;QACX,GAAG,IAAI,sCAAsC,CAAC;QAC9C,IAAI,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IACD,GAAG,IAAI,4BAA4B,CAAC;IACpC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,GAAG,IAAI,mBAAmB,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG;QACH,IAAI;KACL,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9D,MAAM,OAAO,GAAG,KAAK,KAAK,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,SAAS,CAAC;KAC5C,CAAC,CAAC,CAAC;IACJ,OAAO;QACL,OAAO;QACP,OAAO;QACP,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;KACrD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,YAAY,CACnB,KAAoB,EACpB,QAAgB,EAChB,GAAW,EACX,GAAW;IAEX,MAAM,KAAK,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACrE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC7C,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,OAAO,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;AAChD,CAAC;AAgBD,KAAK,UAAU,SAAS,CACtB,GAA6D,EAC7D,QAAgB,EAChB,IAAwB,EACxB,KAAc;IAEd,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9C,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kBAAkB,QAAQ,EAAE;SACtC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC;KACzB,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,GAAG,KAAK,sBAAsB;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,oGAAoG;QACzG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC;KACzB,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wCAAwC,KAAK,EAAE;SACzD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4HAA4H;QACjI,IAAI,EAAE,CAAC,EAAE,EAAE,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC;KAC1D,CAAC,CAAC;IAEH,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,IAAI,UAA8B,CAAC;IACnC,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;gBAChD,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,WAAW;gBACnC,SAAS,EAAE,eAAe,CAAC,KAAK,CAAC;gBACjC,OAAO,EAAE,GAAG,CAAC,KAAK;aACnB,CAAC,CAAC;YACH,MAAM,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,UAAU,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACvE,CAAC;AAED,8EAA8E;AAC9E,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sDAAsD;SAChE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IAEnC,sEAAsE;IACtE,+DAA+D;IAC/D,sDAAsD;IACtD,MAAM,YAAY,GAChB,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;QAC1B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC;YAC9B,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE,KAAK,IAAI,EAAE,CAAC;YAC/B,IAAI,EAAE,GAAG,EAAE,IAAI;SAChB,CAAC,CAAC;QACL,CAAC,CAAC,IAAI,CAAC;IAEX,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,SAAS,GAAyB,EAAE,CAAC;QAC3C,MAAM,MAAM,GAA0B,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAE/B,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK;gBAAE,SAAS;YACrB,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS;YAC9B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAEhB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAC5B,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,EAC5D,GAAG,CAAC,KAAK,EACT,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAC7B,KAAK,CACN,CAAC;gBACF,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACzB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAED,OAAO;YACL,SAAS;YACT,MAAM;YACN,KAAK,EAAE,SAAS,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM;SACxC,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,MAAM,IAAI,GAAG,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,SAAS,CAC5B,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,EAC5D,IAAI,EAAE,KAAK,IAAI,EAAE,EACjB,IAAI,EACJ,KAAK,CACN,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC,CACF,CAAC;AAEF,gFAAgF;AAChF,MAAM,CAAC,MAAM,sBAAsB,GAAG,kBAAkB,CACtD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAE3C,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE;;oDAEyC;QAC9C,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACxC,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;QACxB,IAAI,EACD,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAa,KAAK,OAAO;YACjD,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,QAAQ;KACf,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,WAAW,EAAE,CAAC;AACzB,CAAC,CACF,CAAC;AAEF,4EAA4E;AAC5E,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,YAAY,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,2DAA2D;QAC3D,gDAAgD;QAChD,GAAG,EAAE;6EACkE;QACvE,IAAI,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KAC1C,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,UAAU,GAAY,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEtE,MAAM,kBAAkB,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACzC,GAAG,EAAE,4EAA4E;QACjF,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACtC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,qDAAqD;QAC1D,IAAI,EAAE,CAAC,QAAQ,CAAC;KACjB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAE5D,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,CAAC,OAAO,CAAC;YACd,GAAG,EAAE,6DAA6D;YAClE,IAAI,EAAE,CAAC,YAAY,CAAC;SACrB,CAAC,CAAC;QACH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClE,OAAO;YACL,KAAK,EAAE,QAAQ;YACf,OAAO;YACP,IAAI,EAAE,MAAM,CAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAY;SAClE,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,qFAAqF;QAC1F,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC1D,CAAC,CAAC;IAEH,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,6DAA6D;QAClE,IAAI,EAAE,CAAC,YAAY,CAAC;KACrB,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;IAElE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,gEAAgE;IAChE,kEAAkE;IAClE,kEAAkE;IAClE,gEAAgE;IAChE,+DAA+D;IAC/D,mEAAmE;IACnE,uCAAuC;IACvC,MAAM,gBAAgB,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IACnD,IAAI,gBAAgB,KAAK,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACzE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,gEAAgE;IAChE,iEAAiE;IACjE,6DAA6D;IAC7D,8DAA8D;IAC9D,gEAAgE;IAChE,6DAA6D;IAC7D,gEAAgE;IAChE,2DAA2D;IAC3D,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,+DAA+D;QACpE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC,CACF,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,gBAAgB,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAEnD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEzD,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,qEAAqE;IACrE,kCAAkC;IAClC,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,4EAA4E;QACjF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,CAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAY,CAAC;IAErE,IAAI,WAAW,KAAK,OAAO,EAAE,CAAC;QAC5B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,qEAAqE;IACrE,gEAAgE;IAChE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,WAAW,KAAK,OAAO,IAAI,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;QAC1E,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+CAA+C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,sEAAsE;IACtE,iEAAiE;IACjE,qDAAqD;IACrD,IAAI,gBAAgB,KAAK,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACzE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,qDAAqD;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,uEAAuE;QAC5E,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KAC1C,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;AAC3C,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,gDAAgD;QACrD,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC;KACxB,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;AACpC,CAAC,CAAC,CAAC;AAEH,4EAA4E;AAC5E,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IAEH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACtC,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC;QAC5C,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAY;KAClC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,mGAAmG;AACnG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,CAAC;KACd,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IAEtD,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,UAAU,EAAE,CAAC;QACnD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qEAAqE;SACxE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC3C,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;QACzB,IAAI,EAAE,QAAmB;KAC1B,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,+FAA+F;AAC/F,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC;IAExD,IAAI,GAAG,IAAI,CAAC,+CAA+C,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACtE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,GAAG,EAAE,CAAC;QACR,sEAAsE;QACtE,sEAAsE;QACtE,sEAAsE;QACtE,6DAA6D;QAC7D,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EACL,2HAA2H;aAC9H,CAAC,CAAC;QACL,CAAC;QAED,mEAAmE;QACnE,iEAAiE;QACjE,oEAAoE;QACpE,mEAAmE;QACnE,gCAAgC;QAChC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QAC/D,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,iDAAiD,SAAS,IAAI;aACxE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;YAC/B,GAAG,EAAE,kFAAkF;YACvF,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;SACvB,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,+CAA+C;aACzD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,0DAA0D;QAC/D,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;KACvB,CAAC,CAAC;IAEH,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,oGAAoG;AACpG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAE1C,2CAA2C;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACpD,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,wEAAwE;IACxE,8DAA8D;IAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,2DAA2D;QAChE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,cAAc,GAClB,MAAM,CAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE7D,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC;KAC1B,CAAC,CAAC;IAEH,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;AAC/C,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,kBAAkB,CACpD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,kBAAkB,GACtB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QAC5D,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QACxB,CAAC,CAAC,IAAI,CAAC;IAEX,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,2EAA2E;QAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IACvD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE9D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2DAA2D;SACrE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,+GAA+G;SAClH,CAAC,CAAC;IACL,CAAC;IAED,MAAM,UAAU,GAAG,kBAAkB,IAAI,MAAM,CAAC;IAEhD,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;IACxE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAE1D,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;IAEtC,MAAM,OAAO,GAOR,EAAE,CAAC;IAER,MAAM,OAAO,CAAC,GAAG,CACf,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACzB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAEnE,MAAM,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,uCAAuC,CAAC;YACtF,MAAM,GAAG,GAAG,MAAM,aAAa,CAC7B,MAAM,EACN;gBACE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,KAAK,EAAE;iBACjC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;aAC5C,EACD,EAAE,YAAY,EAAE,CAAC,EAAE,CACpB,CAAC;YAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC;oBACX,EAAE,EAAE,KAAK,CAAC,EAAE;oBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;oBACd,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,KAAK,EAAE,IAAI,IAAI,GAAG,CAAC,UAAU;iBAC9B,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,GAAG,CAAC,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC;IACrD,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,SAAS;QACT,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,SAAS;QAClC,OAAO;KACR,CAAC;AACJ,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAElC,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5D,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEjD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7D,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,SAAS,KAAK,QAAQ;QACjC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,CAAC,CAAC,EAAE,CAAC;IACT,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,sEAAsE;IACtE,sEAAsE;IACtE,IAAI,aAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACzC,aAAa;YACV,UAAU,CAAC,UAAiC,IAAI,SAAS,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,eAAe;SACzB,CAAC,CAAC;IACL,CAAC;IACD,IACE,CAAC,aAAa;QACd,aAAa,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,WAAW,EAAE,EACvD,CAAC;QACD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,4CAA4C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,kFAAkF;QACvF,IAAI,EAAE,CAAC,SAAS,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE5D,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,qEAAqE;QACrE,8DAA8D;QAC9D,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qGAAqG;SACxG,CAAC,CAAC;IACL,CAAC;IAED,uEAAuE;IACvE,mEAAmE;IACnE,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KAC9B,CAAC,CAAC;IAEH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;AACzC,CAAC,CACF,CAAC","sourcesContent":["import {\n defineEventHandler,\n getRouterParam,\n getRequestURL,\n createError,\n type H3Event,\n} from \"h3\";\n\n/**\n * Extract the :id from invitation-accept paths. The framework request handler\n * strips the mount prefix before calling the handler, so `event.url.pathname`\n * is the relative tail — e.g. `/some-id/accept`. Falls back to matching the\n * full path for contexts that don't strip, and to the h3 router param.\n */\nfunction extractInvitationId(event: H3Event): string | undefined {\n const fromRouter = getRouterParam(event, \"id\");\n if (fromRouter) return fromRouter;\n const path = getRequestURL(event).pathname;\n const match =\n path.match(/^\\/([^\\/]+)\\/accept\\/?$/) ??\n path.match(/\\/org\\/invitations\\/([^\\/]+)\\/accept\\/?$/);\n return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\n\n/** Extract the :email from member-delete and member-role paths. Same prefix-stripping caveat. */\nfunction extractMemberEmail(event: H3Event): string | undefined {\n const fromRouter = getRouterParam(event, \"email\");\n if (fromRouter) return fromRouter;\n const path = getRequestURL(event).pathname;\n const match =\n path.match(/^\\/([^\\/]+)\\/role\\/?$/) ??\n path.match(/^\\/([^\\/]+)\\/?$/) ??\n path.match(/\\/org\\/members\\/([^\\/]+)(?:\\/role)?\\/?$/);\n return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\nconst nanoid = (): string =>\n globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n Math.random().toString(36).slice(2) + Date.now().toString(36);\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { getSession } from \"../server/auth.js\";\nimport { putUserSetting } from \"../settings/user-settings.js\";\nimport { getDbExec } from \"../db/client.js\";\nimport { sendEmail, isEmailConfigured } from \"../server/email.js\";\nimport { renderInviteEmail } from \"../server/email-templates.js\";\nimport { getAppProductionUrl } from \"../server/app-url.js\";\nimport { ssrfSafeFetch } from \"../extensions/url-safety.js\";\nimport { getOrgContext, createOrganization } from \"./context.js\";\nimport { isFreeEmailProvider } from \"./free-email-providers.js\";\nimport type { OrgRole } from \"./types.js\";\n\nfunction getInviteAppUrl(event: H3Event): string {\n return getAppProductionUrl(event);\n}\n\nfunction escapeHtml(s: string): string {\n return s\n .replace(/&/g, \"&amp;\")\n .replace(/</g, \"&lt;\")\n .replace(/>/g, \"&gt;\")\n .replace(/\"/g, \"&quot;\")\n .replace(/'/g, \"&#39;\");\n}\n\nasync function exec() {\n return getDbExec();\n}\n\nfunction requireAuthEmail(session: { email?: string } | null): string {\n const email = session?.email;\n if (!email) {\n throw createError({ statusCode: 401, message: \"Authentication required\" });\n }\n return email;\n}\n\n/** GET /_agent-native/org/me — current user's active org, all orgs, pending invitations */\nexport const getMyOrgHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n\n const e = await exec();\n const allOrgsRes = await e.execute({\n sql: `SELECT m.org_id AS \"orgId\", m.role AS role, o.name AS \"orgName\"\n FROM org_members m\n INNER JOIN organizations o ON m.org_id = o.id\n WHERE LOWER(m.email) = ?`,\n args: [ctx.email.toLowerCase()],\n });\n const orgs = allOrgsRes.rows.map((r: any) => ({\n orgId: String(r.orgId ?? r.org_id),\n role: String(r.role) as OrgRole,\n orgName: String(r.orgName ?? r.org_name),\n }));\n\n let domainMatches: Array<{ orgId: string; orgName: string }> = [];\n const domain = ctx.email.split(\"@\")[1]?.toLowerCase();\n if (domain) {\n try {\n const dmRes = await e.execute({\n sql: `SELECT o.id, o.name\n FROM organizations o\n WHERE LOWER(o.allowed_domain) = ?\n AND NOT EXISTS (\n SELECT 1\n FROM org_members m\n WHERE m.org_id = o.id\n AND LOWER(m.email) = ?\n )`,\n args: [domain, ctx.email.toLowerCase()],\n });\n domainMatches = dmRes.rows.map((r: any) => ({\n orgId: String(r.id),\n orgName: String(r.name),\n }));\n } catch {\n // allowed_domain column may not exist yet if migration hasn't run\n }\n }\n\n let allowedDomain: string | null = null;\n let a2aSecret: string | null = null;\n if (ctx.orgId) {\n try {\n const adRes = await e.execute({\n sql: `SELECT allowed_domain, a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n if (adRes.rows[0]) {\n allowedDomain =\n String((adRes.rows[0] as any).allowed_domain ?? \"\") || null;\n a2aSecret = String((adRes.rows[0] as any).a2a_secret ?? \"\") || null;\n }\n } catch {\n // Column may not exist yet\n }\n }\n\n const isOwnerOrAdmin = ctx.role === \"owner\" || ctx.role === \"admin\";\n\n const invitesRes = await e.execute({\n // Case-insensitive match: invitations are stored with whatever case\n // the inviter typed, but the session email may be normalized\n // differently by the auth provider. LOWER(both sides) keeps these\n // discoverable and matches getOrgContext.hasPendingInvitation.\n sql: `SELECT i.id AS id, i.org_id AS \"orgId\", o.name AS \"orgName\", i.invited_by AS \"invitedBy\"\n FROM org_invitations i\n INNER JOIN organizations o ON i.org_id = o.id\n WHERE LOWER(i.email) = ? AND i.status = 'pending'`,\n args: [ctx.email.toLowerCase()],\n });\n const pendingInvitations = invitesRes.rows.map((r: any) => ({\n id: String(r.id),\n orgId: String(r.orgId ?? r.org_id),\n orgName: String(r.orgName ?? r.org_name),\n invitedBy: String(r.invitedBy ?? r.invited_by),\n }));\n\n return {\n email: ctx.email,\n orgId: ctx.orgId,\n orgName: ctx.orgName,\n role: ctx.role,\n orgs,\n pendingInvitations,\n domainMatches,\n allowedDomain,\n a2aSecret: isOwnerOrAdmin ? a2aSecret : undefined,\n };\n});\n\n/** POST /_agent-native/org — create a new organization */\nexport const createOrgHandler = defineEventHandler(async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const name = body?.name?.trim();\n if (!name) {\n throw createError({\n statusCode: 400,\n message: \"Organization name is required\",\n });\n }\n\n const { id, name: createdName, role } = await createOrganization(name, email);\n return { id, name: createdName, role };\n});\n\n/** GET /_agent-native/org/members — list org members */\nexport const listMembersHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) return { members: [], hasMore: false, nextOffset: null };\n\n const url = getRequestURL(event);\n const search = (\n url.searchParams.get(\"search\") ??\n url.searchParams.get(\"q\") ??\n \"\"\n )\n .trim()\n .toLowerCase();\n const hasLimit = url.searchParams.has(\"limit\");\n const hasOffset = url.searchParams.has(\"offset\");\n const shouldPaginate = hasLimit || hasOffset || search.length > 0;\n const limit = shouldPaginate\n ? clampInteger(url.searchParams.get(\"limit\"), 25, 1, 100)\n : null;\n const offset = shouldPaginate\n ? clampInteger(url.searchParams.get(\"offset\"), 0, 0, 100_000)\n : 0;\n\n const e = await exec();\n const args: unknown[] = [ctx.orgId];\n let sql = `SELECT email, role, joined_at AS \"joinedAt\" FROM org_members WHERE org_id = ?`;\n if (search) {\n sql += ` AND LOWER(email) LIKE ? ESCAPE '\\\\'`;\n args.push(`%${escapeLike(search)}%`);\n }\n sql += ` ORDER BY LOWER(email) ASC`;\n if (limit !== null) {\n sql += ` LIMIT ? OFFSET ?`;\n args.push(limit + 1, offset);\n }\n\n const { rows } = await e.execute({\n sql,\n args,\n });\n const pageRows = limit !== null ? rows.slice(0, limit) : rows;\n const hasMore = limit !== null && rows.length > limit;\n const members = pageRows.map((r: any) => ({\n email: String(r.email),\n role: String(r.role) as OrgRole,\n joinedAt: Number(r.joinedAt ?? r.joined_at),\n }));\n return {\n members,\n hasMore,\n nextOffset: hasMore ? offset + members.length : null,\n };\n});\n\nfunction clampInteger(\n input: string | null,\n fallback: number,\n min: number,\n max: number,\n): number {\n const value = input === null ? fallback : Number.parseInt(input, 10);\n if (!Number.isFinite(value)) return fallback;\n return Math.min(max, Math.max(min, value));\n}\n\nfunction escapeLike(value: string): string {\n return value.replace(/[\\\\%_]/g, (match) => `\\\\${match}`);\n}\n\nfunction normalizeInviteRole(input: unknown): \"member\" | \"admin\" {\n return input === \"admin\" ? \"admin\" : \"member\";\n}\n\ninterface SingleInviteResult {\n id: string;\n email: string;\n role: \"member\" | \"admin\";\n status: \"pending\";\n emailSent: boolean;\n emailError?: string;\n}\n\ninterface SingleInviteFailure {\n email: string;\n error: string;\n}\n\nasync function inviteOne(\n ctx: { orgId: string; orgName: string | null; email: string },\n rawEmail: string,\n role: \"member\" | \"admin\",\n event: H3Event,\n): Promise<SingleInviteResult> {\n const email = rawEmail.trim().toLowerCase();\n if (!email) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n if (!/^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/.test(email)) {\n throw createError({\n statusCode: 400,\n message: `Invalid email: ${rawEmail}`,\n });\n }\n\n const e = await exec();\n\n const existingMember = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [ctx.orgId, email],\n });\n if (existingMember.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: `${email} is already a member`,\n });\n }\n\n const existingInvite = await e.execute({\n sql: `SELECT 1 FROM org_invitations WHERE org_id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n args: [ctx.orgId, email],\n });\n if (existingInvite.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: `An invitation is already pending for ${email}`,\n });\n }\n\n const id = nanoid();\n await e.execute({\n sql: `INSERT INTO org_invitations (id, org_id, email, invited_by, created_at, status, role) VALUES (?, ?, ?, ?, ?, 'pending', ?)`,\n args: [id, ctx.orgId, email, ctx.email, Date.now(), role],\n });\n\n let emailSent = false;\n let emailError: string | undefined;\n if (isEmailConfigured()) {\n try {\n const { subject, html, text } = renderInviteEmail({\n invitee: email,\n orgName: ctx.orgName || \"your team\",\n acceptUrl: getInviteAppUrl(event),\n inviter: ctx.email,\n });\n await sendEmail({ to: email, subject, html, text });\n emailSent = true;\n } catch (err) {\n emailError = err instanceof Error ? err.message : String(err);\n console.error(\"[org/invitations] failed to send invite email\", err);\n }\n }\n\n return { id, email, role, status: \"pending\", emailSent, emailError };\n}\n\n/** POST /_agent-native/org/invitations — invite one or many users by email */\nexport const createInvitationHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"You must belong to an organization to invite members\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can invite members\",\n });\n }\n\n const body = await readBody(event);\n\n // Bulk shape: { invites: [{ email, role }, ...] } — preferred for any\n // multi-recipient flow (paste-many, CSV upload). Single shape:\n // { email, role } — kept for backwards compatibility.\n const invitesInput: Array<{ email: string; role?: string }> | null =\n Array.isArray(body?.invites)\n ? body.invites.map((inv: any) => ({\n email: String(inv?.email ?? \"\"),\n role: inv?.role,\n }))\n : null;\n\n if (invitesInput) {\n const succeeded: SingleInviteResult[] = [];\n const failed: SingleInviteFailure[] = [];\n const seen = new Set<string>();\n\n for (const inv of invitesInput) {\n const lower = inv.email.trim().toLowerCase();\n if (!lower) continue;\n if (seen.has(lower)) continue;\n seen.add(lower);\n\n try {\n const result = await inviteOne(\n { orgId: ctx.orgId, orgName: ctx.orgName, email: ctx.email },\n inv.email,\n normalizeInviteRole(inv.role),\n event,\n );\n succeeded.push(result);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n failed.push({ email: lower, error: message });\n }\n }\n\n return {\n succeeded,\n failed,\n total: succeeded.length + failed.length,\n };\n }\n\n // Single-invite shape.\n const role = normalizeInviteRole(body?.role);\n const result = await inviteOne(\n { orgId: ctx.orgId, orgName: ctx.orgName, email: ctx.email },\n body?.email ?? \"\",\n role,\n event,\n );\n return result;\n },\n);\n\n/** GET /_agent-native/org/invitations — list pending invitations for the org */\nexport const listInvitationsHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) return { invitations: [] };\n\n const e = await exec();\n const { rows } = await e.execute({\n sql: `SELECT id, email, invited_by AS \"invitedBy\", created_at AS \"createdAt\", status, role\n FROM org_invitations\n WHERE org_id = ? AND status = 'pending'`,\n args: [ctx.orgId],\n });\n const invitations = rows.map((r: any) => ({\n id: String(r.id),\n email: String(r.email),\n invitedBy: String(r.invitedBy ?? r.invited_by),\n createdAt: Number(r.createdAt ?? r.created_at),\n status: String(r.status),\n role:\n (String(r.role ?? \"member\") as OrgRole) === \"admin\"\n ? \"admin\"\n : \"member\",\n }));\n return { invitations };\n },\n);\n\n/** POST /_agent-native/org/invitations/:id/accept — accept an invitation */\nexport const acceptInvitationHandler = defineEventHandler(\n async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const invitationId = extractInvitationId(event);\n if (!invitationId) {\n throw createError({\n statusCode: 400,\n message: \"Invitation ID required\",\n });\n }\n\n const e = await exec();\n\n const invRes = await e.execute({\n // Case-insensitive on email — see comment on the analogous\n // pending-invitations query in getMyOrgHandler.\n sql: `SELECT id, org_id AS \"orgId\", role FROM org_invitations\n WHERE id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n args: [invitationId, email.toLowerCase()],\n });\n if (invRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"Invitation not found or already used\",\n });\n }\n const inv = invRes.rows[0] as any;\n const invOrgId = String(inv.orgId ?? inv.org_id);\n const inviteRole: OrgRole = inv.role === \"admin\" ? \"admin\" : \"member\";\n\n const existingMembership = await e.execute({\n sql: `SELECT role FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [invOrgId, email.toLowerCase()],\n });\n\n const orgRes = await e.execute({\n sql: `SELECT name FROM organizations WHERE id = ? LIMIT 1`,\n args: [invOrgId],\n });\n const orgName = String((orgRes.rows[0] as any)?.name ?? \"\");\n\n if (existingMembership.rows.length > 0) {\n await e.execute({\n sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n args: [invitationId],\n });\n await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n return {\n orgId: invOrgId,\n orgName,\n role: String((existingMembership.rows[0] as any).role) as OrgRole,\n };\n }\n\n await e.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, ?, ?)`,\n args: [nanoid(), invOrgId, email, inviteRole, Date.now()],\n });\n\n await e.execute({\n sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n args: [invitationId],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n\n return { orgId: invOrgId, orgName, role: inviteRole };\n },\n);\n\n/** DELETE /_agent-native/org/members/:email — remove a member (owner/admin only) */\nexport const removeMemberHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can remove members\",\n });\n }\n\n const memberEmail = extractMemberEmail(event);\n if (!memberEmail) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n\n // memberEmail comes from the URL path verbatim; org_members may\n // hold the row with any case. LOWER both sides for the lookup AND\n // the DELETE so removal works regardless of how either side cased\n // it. The self-removal guard ALSO compares case-insensitively —\n // otherwise an owner whose email was stored as Alice@... could\n // remove themselves via the lowercase URL alice@..., bypassing the\n // guard and leaving the org ownerless.\n const memberEmailLower = memberEmail.toLowerCase();\n if (memberEmailLower === ctx.email.toLowerCase() && ctx.role === \"owner\") {\n throw createError({\n statusCode: 400,\n message: \"Organization owner cannot remove themselves\",\n });\n }\n const e = await exec();\n // Look specifically for an OWNER row matching this email rather\n // than just \"any matching row\". Duplicate-case rows are possible\n // (e.g. legacy data with both \"Alice@...\" and \"alice@...\" in\n // org_members), and the prior `SELECT role ... LIMIT 1` could\n // return the non-owner duplicate, pass the role check, and then\n // the case-insensitive DELETE below would remove BOTH rows —\n // including the owner — leaving the org ownerless. Querying for\n // the owner row directly closes that case-mismatch attack.\n const ownerCheck = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? AND role = 'owner' LIMIT 1`,\n args: [ctx.orgId, memberEmailLower],\n });\n if (ownerCheck.rows.length > 0) {\n throw createError({\n statusCode: 403,\n message: \"Cannot remove the organization owner\",\n });\n }\n\n await e.execute({\n sql: `DELETE FROM org_members WHERE org_id = ? AND LOWER(email) = ?`,\n args: [ctx.orgId, memberEmailLower],\n });\n\n return { success: true };\n },\n);\n\n/**\n * PUT /_agent-native/org/members/:email/role — change a member's role\n * (owner/admin only). Body: { role: \"admin\" | \"member\" }.\n *\n * Only owners can promote/demote admins. (Admins can manage members but\n * not other admins — otherwise an admin could escalate themselves to\n * owner-equivalent control by promoting a confederate.)\n */\nexport const changeMemberRoleHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can change member roles\",\n });\n }\n\n const memberEmail = extractMemberEmail(event);\n if (!memberEmail) {\n throw createError({ statusCode: 400, message: \"Email is required\" });\n }\n const memberEmailLower = memberEmail.toLowerCase();\n\n const body = await readBody(event);\n const role = body?.role === \"admin\" ? \"admin\" : \"member\";\n\n const e = await exec();\n\n // Look up the target member's current role to enforce sensible rules\n // about what changes are allowed.\n const current = await e.execute({\n sql: `SELECT role FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [ctx.orgId, memberEmailLower],\n });\n if (current.rows.length === 0) {\n throw createError({ statusCode: 404, message: \"Member not found\" });\n }\n const currentRole = String((current.rows[0] as any).role) as OrgRole;\n\n if (currentRole === \"owner\") {\n throw createError({\n statusCode: 400,\n message: \"Cannot change the organization owner's role\",\n });\n }\n\n // Admins are scoped to managing members. If they could promote\n // members to admin, they could grant near-owner powers without owner\n // approval. Restrict admin/admin role transitions to the owner.\n if (ctx.role === \"admin\" && (currentRole === \"admin\" || role === \"admin\")) {\n throw createError({\n statusCode: 403,\n message: \"Only the organization owner can manage admins\",\n });\n }\n\n // Self-demotion guard: prevent the only admin from removing their own\n // ability to manage things, and prevent the owner-self edge case\n // (already filtered above by the currentRole check).\n if (memberEmailLower === ctx.email.toLowerCase() && ctx.role === \"admin\") {\n throw createError({\n statusCode: 400,\n message: \"Use the owner account to change your own admin role\",\n });\n }\n\n await e.execute({\n sql: `UPDATE org_members SET role = ? WHERE org_id = ? AND LOWER(email) = ?`,\n args: [role, ctx.orgId, memberEmailLower],\n });\n\n return { email: memberEmailLower, role };\n },\n);\n\n/** PATCH /_agent-native/org — rename the current organization (owner/admin only) */\nexport const updateOrgHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No organization found\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can update the organization\",\n });\n }\n\n const body = await readBody(event);\n const name = body?.name?.trim();\n if (!name) {\n throw createError({\n statusCode: 400,\n message: \"Organization name is required\",\n });\n }\n\n const e = await exec();\n await e.execute({\n sql: `UPDATE organizations SET name = ? WHERE id = ?`,\n args: [name, ctx.orgId],\n });\n\n return { orgId: ctx.orgId, name };\n});\n\n/** PUT /_agent-native/org/switch — switch the user's active organization */\nexport const switchOrgHandler = defineEventHandler(async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const orgId = body?.orgId;\n\n if (!orgId) {\n await putUserSetting(email, \"active-org-id\", { orgId: null });\n return { orgId: null, orgName: null, role: null };\n }\n\n const e = await exec();\n const membership = await e.execute({\n sql: `SELECT m.role AS role, o.name AS \"orgName\"\n FROM org_members m\n INNER JOIN organizations o ON m.org_id = o.id\n WHERE m.org_id = ? AND LOWER(m.email) = ? LIMIT 1`,\n args: [orgId, email.toLowerCase()],\n });\n\n if (membership.rows.length === 0) {\n throw createError({\n statusCode: 403,\n message: \"You are not a member of that organization\",\n });\n }\n\n await putUserSetting(email, \"active-org-id\", { orgId });\n\n const row = membership.rows[0] as any;\n return {\n orgId,\n orgName: String(row.orgName ?? row.org_name),\n role: String(row.role) as OrgRole,\n };\n});\n\n/** POST /_agent-native/org/join-by-domain — join an org whose allowed_domain matches your email */\nexport const joinByDomainHandler = defineEventHandler(\n async (event: H3Event) => {\n const session = await getSession(event);\n const email = requireAuthEmail(session);\n\n const body = await readBody(event);\n const orgId = body?.orgId;\n if (!orgId) {\n throw createError({ statusCode: 400, message: \"orgId is required\" });\n }\n\n const e = await exec();\n\n const orgRes = await e.execute({\n sql: `SELECT id, name, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n args: [orgId],\n });\n if (orgRes.rows.length === 0) {\n throw createError({ statusCode: 404, message: \"Organization not found\" });\n }\n const org = orgRes.rows[0] as any;\n const allowedDomain = String(org.allowed_domain || \"\").toLowerCase();\n const userDomain = email.split(\"@\")[1]?.toLowerCase();\n\n if (!allowedDomain || allowedDomain !== userDomain) {\n throw createError({\n statusCode: 403,\n message:\n \"Your email domain does not match this organization's allowed domain\",\n });\n }\n\n const existing = await e.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [orgId, email.toLowerCase()],\n });\n if (existing.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: \"Already a member of this organization\",\n });\n }\n\n await e.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n args: [nanoid(), orgId, email, Date.now()],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId });\n\n return {\n orgId,\n orgName: String(org.name),\n role: \"member\" as OrgRole,\n };\n },\n);\n\n/** PUT /_agent-native/org/domain — set or clear the allowed email domain (owner/admin only) */\nexport const setDomainHandler = defineEventHandler(async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({ statusCode: 400, message: \"No active organization\" });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can set the allowed domain\",\n });\n }\n\n const body = await readBody(event);\n const raw = body?.domain?.trim()?.toLowerCase() || null;\n\n if (raw && !/^([a-z0-9]([a-z0-9-]*[a-z0-9])?\\.)+[a-z]{2,}$/.test(raw)) {\n throw createError({\n statusCode: 400,\n message: \"Invalid domain format\",\n });\n }\n\n if (raw) {\n // Auto-join is \"anyone with this domain joins automatically\". That is\n // safe for company domains (the company controls who gets an address)\n // and catastrophic for shared mailbox providers — anyone in the world\n // could create a matching mailbox and silently join the org.\n if (isFreeEmailProvider(raw)) {\n throw createError({\n statusCode: 400,\n message:\n \"Free email providers (gmail.com, outlook.com, etc.) cannot be used as an auto-join domain. Use your company's own domain.\",\n });\n }\n\n // Restrict to the admin's own email domain. Without this, an admin\n // could set `allowed_domain` to a domain they don't control, and\n // anyone signing up under that domain would join the org. Even with\n // the free-provider blocklist above, that would still let an admin\n // hijack a competitor's domain.\n const ownDomain = ctx.email.split(\"@\")[1]?.toLowerCase() ?? \"\";\n if (raw !== ownDomain) {\n throw createError({\n statusCode: 400,\n message: `You can only auto-join your own email domain (${ownDomain}).`,\n });\n }\n }\n\n const e = await exec();\n\n if (raw) {\n const existing = await e.execute({\n sql: `SELECT id FROM organizations WHERE LOWER(allowed_domain) = ? AND id != ? LIMIT 1`,\n args: [raw, ctx.orgId],\n });\n if (existing.rows.length > 0) {\n throw createError({\n statusCode: 409,\n message: \"Another organization already uses this domain\",\n });\n }\n }\n\n await e.execute({\n sql: `UPDATE organizations SET allowed_domain = ? WHERE id = ?`,\n args: [raw, ctx.orgId],\n });\n\n return { domain: raw };\n});\n\n/** PUT /_agent-native/org/a2a-secret — regenerate or set the org's A2A secret (owner/admin only) */\nexport const setA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"No active organization\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can manage the A2A secret\",\n });\n }\n\n const body = await readBody(event);\n let secret = body?.secret?.trim() || null;\n\n // If no secret provided, auto-generate one\n if (!secret) {\n const { randomBytes } = await import(\"node:crypto\");\n secret = randomBytes(32).toString(\"base64url\");\n }\n\n const e = await exec();\n // Read the previous secret BEFORE overwriting so the client can chain a\n // sync call that signs JWTs with the secret peers still hold.\n const prevRes = await e.execute({\n sql: `SELECT a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n const previousSecret =\n String((prevRes.rows[0] as any)?.a2a_secret ?? \"\") || null;\n\n await e.execute({\n sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n args: [secret, ctx.orgId],\n });\n\n return { a2aSecret: secret, previousSecret };\n },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/sync — push the org's A2A secret to all\n * connected apps so cross-app delegation works without manual copy/paste.\n *\n * Auth: standard session — owner/admin only.\n *\n * For each discovered agent, signs a JWT with the org's CURRENT a2a_secret\n * and POSTs to `<app>/_agent-native/org/a2a-secret/receive` with the same\n * secret + the org's domain. The receiving app verifies the JWT using its\n * own copy of the secret (peers must already share a secret to be trusted)\n * — for the first-ever sync this means at least one peer must already hold\n * the secret, which is the bootstrap. For ongoing rotation, regenerate\n * locally and call sync immediately; sync signs with the secret that's\n * currently in DB, which the peers still have.\n *\n * Body (optional): { signSecret?: string } — sign the outbound JWTs with\n * this secret instead of the org's current secret. Used by the regenerate-\n * then-sync flow: regenerate stores the NEW secret, but sync needs to\n * authenticate using the OLD one that peers still hold. Owner/admin only,\n * gated by the session.\n */\nexport const syncA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const ctx = await getOrgContext(event);\n if (!ctx.orgId) {\n throw createError({\n statusCode: 400,\n message: \"No active organization\",\n });\n }\n if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n throw createError({\n statusCode: 403,\n message: \"Only owners and admins can sync the A2A secret\",\n });\n }\n\n const body = await readBody(event).catch(() => null);\n const overrideSignSecret =\n typeof body?.signSecret === \"string\" && body.signSecret.trim()\n ? body.signSecret.trim()\n : null;\n\n const e = await exec();\n const orgRes = await e.execute({\n sql: `SELECT a2a_secret, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n args: [ctx.orgId],\n });\n if (orgRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"Organization not found\",\n });\n }\n const orgRow = orgRes.rows[0] as any;\n const secret = String(orgRow.a2a_secret ?? \"\") || null;\n const orgDomain = String(orgRow.allowed_domain ?? \"\") || null;\n\n if (!secret) {\n throw createError({\n statusCode: 400,\n message: \"Org has no A2A secret. Generate one first before syncing.\",\n });\n }\n if (!orgDomain) {\n throw createError({\n statusCode: 400,\n message:\n \"Org has no allowed domain set. Set the email domain first so connected apps can identify which org to update.\",\n });\n }\n\n const signSecret = overrideSignSecret || secret;\n\n const { discoverAgents } = await import(\"../server/agent-discovery.js\");\n const { signA2AToken } = await import(\"../a2a/client.js\");\n\n const agents = await discoverAgents();\n\n const results: Array<{\n id: string;\n name: string;\n url: string;\n ok: boolean;\n status?: number;\n error?: string;\n }> = [];\n\n await Promise.all(\n agents.map(async (agent) => {\n try {\n const token = await signA2AToken(ctx.email, orgDomain, signSecret);\n\n const target = `${agent.url.replace(/\\/$/, \"\")}/_agent-native/org/a2a-secret/receive`;\n const res = await ssrfSafeFetch(\n target,\n {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({ secret, orgDomain }),\n },\n { maxRedirects: 3 },\n );\n\n if (!res.ok) {\n const text = await res.text().catch(() => \"\");\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: false,\n status: res.status,\n error: text || res.statusText,\n });\n return;\n }\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: true,\n status: res.status,\n });\n } catch (err) {\n results.push({\n id: agent.id,\n name: agent.name,\n url: agent.url,\n ok: false,\n error: err instanceof Error ? err.message : String(err),\n });\n }\n }),\n );\n\n const succeeded = results.filter((r) => r.ok).length;\n return {\n total: results.length,\n succeeded,\n failed: results.length - succeeded,\n results,\n };\n },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/receive — accept a secret push from a\n * connected agent-native app. Auth-exempt at the route guard; we verify a\n * JWT signed by the calling app using OUR copy of the org's a2a_secret. If\n * verification succeeds the calling app is a trusted peer and we overwrite\n * our local org's secret with the supplied value.\n *\n * Body: { secret: string, orgDomain: string }\n *\n * Header: Authorization: Bearer <JWT signed with the existing shared\n * a2a_secret, with `org_domain` matching the body's orgDomain>.\n */\nexport const receiveA2ASecretHandler = defineEventHandler(\n async (event: H3Event) => {\n const { getRequestHeader } = await import(\"h3\");\n const jose = await import(\"jose\");\n\n const authHeader = getRequestHeader(event, \"authorization\");\n if (!authHeader || !authHeader.startsWith(\"Bearer \")) {\n throw createError({\n statusCode: 401,\n message: \"Bearer token required\",\n });\n }\n const token = authHeader.slice(\"Bearer \".length);\n\n const body = await readBody(event);\n const newSecret =\n typeof body?.secret === \"string\" ? body.secret.trim() : \"\";\n const orgDomain =\n typeof body?.orgDomain === \"string\"\n ? body.orgDomain.trim().toLowerCase()\n : \"\";\n if (!newSecret || !orgDomain) {\n throw createError({\n statusCode: 400,\n message: \"secret and orgDomain are required\",\n });\n }\n\n // Peek at JWT (unverified) to confirm it claims the same domain we're\n // updating. Verification still happens below with the trusted secret.\n let claimedDomain: string | undefined;\n try {\n const unverified = jose.decodeJwt(token);\n claimedDomain =\n (unverified.org_domain as string | undefined) || undefined;\n } catch {\n throw createError({\n statusCode: 401,\n message: \"Malformed JWT\",\n });\n }\n if (\n !claimedDomain ||\n claimedDomain.toLowerCase() !== orgDomain.toLowerCase()\n ) {\n throw createError({\n statusCode: 401,\n message: \"JWT org_domain does not match request body\",\n });\n }\n\n // Look up our local org by the domain and grab the existing secret.\n const e = await exec();\n const orgRes = await e.execute({\n sql: `SELECT id, a2a_secret FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n args: [orgDomain],\n });\n if (orgRes.rows.length === 0) {\n throw createError({\n statusCode: 404,\n message: \"No local org matches that domain\",\n });\n }\n const row = orgRes.rows[0] as any;\n const localOrgId = String(row.id);\n const existingSecret = String(row.a2a_secret ?? \"\") || null;\n\n if (!existingSecret) {\n // Bootstrap requires an existing shared secret to verify the caller.\n // If we have nothing on file, we can't verify trust — refuse.\n throw createError({\n statusCode: 401,\n message:\n \"Local org has no A2A secret yet — cannot verify caller. Set the secret manually for the first time.\",\n });\n }\n\n // Verify the JWT using OUR existing secret. If the caller is a trusted\n // peer they signed with the same secret and verification succeeds.\n try {\n await jose.jwtVerify(token, new TextEncoder().encode(existingSecret));\n } catch {\n throw createError({\n statusCode: 401,\n message: \"Invalid or expired JWT signature\",\n });\n }\n\n // Trusted — apply the new secret.\n await e.execute({\n sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n args: [newSecret, localOrgId],\n });\n\n return { ok: true, orgId: localOrgId };\n },\n);\n"]}
package/dist/resources/handlers.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { type Resource, type ResourceMeta } from "./store.js";
1
+ import { type ResourceMeta } from "./store.js";
2
2
  import { type CustomAgentProfile, type RemoteAgentManifest, type SkillMetadata } from "./metadata.js";
3
3
  interface JobMetadata {
4
4
  schedule?: string;
@@ -36,15 +36,15 @@ export declare function handleGetEffectiveResourceContext(event: any): Promise<i
36
36
  * If the request comes from an <img>/<video>/etc tag (Accept includes the
37
37
  * resource's mime type, or query param `?raw` is set), return the raw binary
38
38
  * with the correct Content-Type so the browser can render it inline. */
39
- export declare function handleGetResource(event: any): Promise<Response | Resource | {
39
+ export declare function handleGetResource(event: any): Promise<Response | import("./store.js").Resource | {
40
40
  error: string;
41
41
  }>;
42
42
  /** POST /_agent-native/resources — create a resource */
43
- export declare function handleCreateResource(event: any): Promise<Resource | {
43
+ export declare function handleCreateResource(event: any): Promise<import("./store.js").Resource | {
44
44
  error: string;
45
45
  }>;
46
46
  /** PUT /_agent-native/resources/:id — update an existing resource */
47
- export declare function handleUpdateResource(event: any): Promise<Resource | {
47
+ export declare function handleUpdateResource(event: any): Promise<import("./store.js").Resource | {
48
48
  error: string;
49
49
  }>;
50
50
  /** DELETE /_agent-native/resources/:id — delete a resource */
@@ -56,7 +56,7 @@ export declare function handleDeleteResource(event: any): Promise<{
56
56
  error?: undefined;
57
57
  }>;
58
58
  /** POST /_agent-native/resources/upload — upload a file as a resource */
59
- export declare function handleUploadResource(event: any): Promise<Resource | {
59
+ export declare function handleUploadResource(event: any): Promise<import("./store.js").Resource | {
60
60
  error: string;
61
61
  } | {
62
62
  url: string;
package/dist/resources/handlers.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/resources/handlers.ts"],"names":[],"mappings":"AASA,OAAO,EAaL,KAAK,QAAQ,EACb,KAAK,YAAY,EAClB,MAAM,YAAY,CAAC;AACpB,OAAO,EAML,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,EACxB,KAAK,aAAa,EACnB,MAAM,eAAe,CAAC;AA4EvB,UAAU,WAAW;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,UAAU,QAAQ;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,QAAQ,CAAC;IACxB,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,KAAK,GAAG,OAAO,GAAG,cAAc,CAAC;IAC3D,QAAQ,CAAC,EAAE,QAAQ,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,SAAS,CAAC,EAAE,kBAAkB,CAAC;IAC/B,eAAe,CAAC,EAAE,mBAAmB,CAAC;CACvC;AA2DD,oDAAoD;AACpD,wBAAsB,mBAAmB,CAAC,KAAK,EAAE,GAAG;;GAmCnD;AAED,4DAA4D;AAC5D,wBAAsB,qBAAqB,CAAC,KAAK,EAAE,GAAG;;GA8CrD;AAED,+EAA+E;AAC/E,wBAAsB,iCAAiC,CAAC,KAAK,EAAE,GAAG;;GAYjE;AAwED;;;yEAGyE;AACzE,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,GAAG;;GAoDjD;AAED,wDAAwD;AACxD,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,GAAG;;GAoCpD;AAED,qEAAqE;AACrE,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,GAAG;;GAqDpD;AAED,8DAA8D;AAC9D,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,GAAG;;;;;;GA6BpD;AAED,yEAAyE;AACzE,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,GAAG;;;;;;;;;;;;;;;;;;;;GAoEpD"}
1
+ {"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/resources/handlers.ts"],"names":[],"mappings":"AAOA,OAAO,EAYL,KAAK,YAAY,EAClB,MAAM,YAAY,CAAC;AACpB,OAAO,EAML,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,EACxB,KAAK,aAAa,EACnB,MAAM,eAAe,CAAC;AA4EvB,UAAU,WAAW;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,UAAU,QAAQ;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,QAAQ,CAAC;IACxB,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,KAAK,GAAG,OAAO,GAAG,cAAc,CAAC;IAC3D,QAAQ,CAAC,EAAE,QAAQ,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,SAAS,CAAC,EAAE,kBAAkB,CAAC;IAC/B,eAAe,CAAC,EAAE,mBAAmB,CAAC;CACvC;AA2DD,oDAAoD;AACpD,wBAAsB,mBAAmB,CAAC,KAAK,EAAE,GAAG;;GAmCnD;AAED,4DAA4D;AAC5D,wBAAsB,qBAAqB,CAAC,KAAK,EAAE,GAAG;;GA8CrD;AAED,+EAA+E;AAC/E,wBAAsB,iCAAiC,CAAC,KAAK,EAAE,GAAG;;GAYjE;AAwED;;;yEAGyE;AACzE,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,GAAG;;GAoDjD;AAED,wDAAwD;AACxD,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,GAAG;;GAoCpD;AAED,qEAAqE;AACrE,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,GAAG;;GAqDpD;AAED,8DAA8D;AAC9D,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,GAAG;;;;;;GA6BpD;AAED,yEAAyE;AACzE,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,GAAG;;;;;;;;;;;;;;;;;;;;GAoEpD"}