@agent-native/core 0.7.23 → 0.7.24

package/dist/integrations/webhook-handler.js.map

@@ -1 +1 @@
-{"version":3,"file":"webhook-handler.js","sourceRoot":"","sources":["../../src/integrations/webhook-handler.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAChF,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACnE,OAAO,EACL,YAAY,EACZ,oBAAoB,GAErB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAEjE,OAAO,EAAE,QAAQ,EAAkB,MAAM,yBAAyB,CAAC;AACnE,OAAO,EACL,qBAAqB,EACrB,iBAAiB,GAClB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EACL,iBAAiB,EACjB,qBAAqB,GAEtB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAEvE;;;;;;;;;;GAUG;AACH,SAAS,kBAAkB,CAAC,QAAyB;IACnD,OAAO,GAAG,QAAQ,CAAC,QAAQ,IAAI,QAAQ,CAAC,gBAAgB,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;AACnF,CAAC;AAkCD;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAc,EACd,OAA8B;IAE9B,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IAE3C,IAAI,QAAQ,GAA2B,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC;IAEhE,0EAA0E;IAC1E,uEAAuE;IACvE,qDAAqD;IACrD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,2DAA2D;QAC3D,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC7D,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAC;QAC9D,CAAC;QAED,mCAAmC;QACnC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,2BAA2B,EAAE,EAAE,CAAC;QACvE,CAAC;QAED,qCAAqC;QACrC,QAAQ,GAAG,MAAM,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QACrD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,gFAAgF;YAChF,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACrC,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,0EAA0E;IAC1E,mEAAmE;IACnE,kEAAkE;IAClE,qEAAqE;IACrE,sDAAsD;IAEtD,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACtD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,IAAI,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,EAAE,CAAC;gBAChC,MAAM,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAClE,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACjD,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACrC,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,IAAI,CAAC;QACH,MAAM,kBAAkB,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,yDAAyD;QACzD,qEAAqE;QACrE,kEAAkE;QAClE,oEAAoE;QACpE,wDAAwD;QACxD,IAAI,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,KAAK,CACX,6CAA6C,QAAQ,CAAC,QAAQ,WAAW,EACzE,GAAG,CACJ,CAAC;QACF,qEAAqE;QACrE,sEAAsE;QACtE,yEAAyE;QACzE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE,EAAE,CAAC;IAC5D,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACrC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,KAAK,UAAU,kBAAkB,CAC/B,KAAc,EACd,QAAyB,EACzB,OAA8B;IAE9B,MAAM,MAAM,GAAG,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAE9E,2EAA2E;IAC3E,qEAAqE;IACrE,IAAI,KAAK,GAAkB,IAAI,CAAC;IAChC,IAAI,CAAC;QACH,KAAK,GAAG,CAAC,MAAM,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,IAAI,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,KAAK,GAAG,IAAI,CAAC;IACf,CAAC;IAED,qEAAqE;IACrE,wEAAwE;IACxE,kEAAkE;IAClE,wEAAwE;IACxE,oCAAoC;IACpC,IAAI,cAAkC,CAAC;IACvC,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,OAAO,CAAC,yBAAyB,EAAE,CAAC;YAC9C,MAAM,WAAW,GACf,MAAM,OAAO,CAAC,OAAO,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC;YAC5D,IAAI,WAAW,EAAE,cAAc,EAAE,CAAC;gBAChC,cAAc,GAAG,WAAW,CAAC,cAAc,CAAC;YAC9C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,kDAAkD,EAAE,GAAG,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC,CAAC;IAE7D,MAAM,iBAAiB,CAAC;QACtB,EAAE,EAAE,MAAM;QACV,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,OAAO;QACP,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,KAAK;QACL,mEAAmE;QACnE,iEAAiE;QACjE,oDAAoD;QACpD,gBAAgB,EAAE,kBAAkB,CAAC,QAAQ,CAAC;KAC/C,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,UAAU,GAAG,GAAG,OAAO,GAAG,sBAAsB,4BAA4B,CAAC;IAEnF,qEAAqE;IACrE,mEAAmE;IACnE,uEAAuE;IACvE,qEAAqE;IACrE,oEAAoE;IACpE,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;KACnC,CAAC;IACF,IAAI,CAAC;QACH,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;IACnE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,qEAAqE;QACrE,mEAAmE;QACnE,4CAA4C;QAC5C,IAAI,GAAG,YAAY,KAAK,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7D,OAAO,CAAC,KAAK,CACX,4DAA4D,MAAM,GAAG,EACrE,GAAG,CACJ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,qEAAqE;IACrE,0EAA0E;IAC1E,2EAA2E;IAC3E,oEAAoE;IACpE,yEAAyE;IACzE,iEAAiE;IACjE,MAAM,eAAe,GAAG,KAAK,CAAC,UAAU,EAAE;QACxC,MAAM,EAAE,MAAM;QACd,OAAO;QACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACf,OAAO,CAAC,KAAK,CAAC,sDAAsD,EAAE,GAAG,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,IAAI,CAAC;QACjB,eAAe;QACf,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;KACzD,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,KAAc;IAC3C,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,OAAO;QACnB,OAAO,CAAC,GAAG,CAAC,GAAG;QACf,OAAO,CAAC,GAAG,CAAC,UAAU;QACtB,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,IAAI,OAAO;QAAE,OAAO,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,OAAO,GAAI,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,IAAK,KAAa,CAAC,OAAO,CAAC;QAC5E,MAAM,GAAG,GAAG,CAAC,IAAY,EAAsB,EAAE;YAC/C,IAAI,CAAC,OAAO;gBAAE,OAAO,SAAS,CAAC;YAC/B,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;gBACtC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC;YACxC,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,OAA6C,CAAC;YAC1D,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC,CAAC;QACF,MAAM,KAAK,GAAG,GAAG,CAAC,mBAAmB,CAAC,IAAI,MAAM,CAAC;QACjD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,aAAa,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;QACpE,OAAO,yBAAyB,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,yBAAyB,CAC9B,oBAAoB,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAC/C,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,IAAiB,EACjB,OAA8B;IAE9B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAGrC,CAAC;IACF,MAAM,sBAAsB,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE;QACrD,cAAc,EAAE,MAAM,CAAC,cAAc;KACtC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,QAAyB,EACzB,OAA8B,EAC9B,OAAoC,EAAE;IAEtC,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAE9E,oCAAoC;IACpC,IAAI,OAAO,GAAG,MAAM,gBAAgB,CAClC,QAAQ,CAAC,QAAQ,EACjB,QAAQ,CAAC,gBAAgB,CAC1B,CAAC;IAEF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,UAAU,EAAE;YAC5C,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,QAAQ,IAAI,MAAM,EAAE;SACjF,CAAC,CAAC;QACH,MAAM,iBAAiB,CACrB,QAAQ,CAAC,QAAQ,EACjB,QAAQ,CAAC,gBAAgB,EACzB,MAAM,CAAC,EAAE,EACT,QAAQ,CAAC,eAAe,CACzB,CAAC;QACF,OAAO,GAAG;YACR,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;YAC3C,gBAAgB,EAAE,MAAM,CAAC,EAAE;YAC3B,eAAe,EAAE,QAAQ,CAAC,eAAe;YACzC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAE1C,2CAA2C;IAC3C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;IACzC,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,MAAM,EAAE,UAAU,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC3C,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAChC,MAAM,CAAC,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC;oBAC7B,MAAM,WAAW,GACf,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ;wBAC3B,CAAC,CAAC,CAAC,CAAC,OAAO;wBACX,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;4BACxB,CAAC,CAAC,CAAC,CAAC,OAAO;iCACN,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC;iCACrC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;iCACvB,IAAI,CAAC,IAAI,CAAC;4BACf,CAAC,CAAC,EAAE,CAAC;oBACX,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;wBACtB,gBAAgB,CAAC,IAAI,CAAC;4BACpB,IAAI,EAAE,MAAM;4BACZ,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;yBAC/C,CAAC,CAAC;oBACL,CAAC;yBAAM,IAAI,CAAC,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;wBAClC,gBAAgB,CAAC,IAAI,CAAC;4BACpB,IAAI,EAAE,WAAW;4BACjB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;yBAC/C,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACZ,CAAC;IAED,8EAA8E;IAC9E,0EAA0E;IAC1E,MAAM,aAAa,GAAG;QACpB,aAAa,QAAQ,CAAC,QAAQ,EAAE;QAChC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,gBAAgB,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,IAAI;QAClE,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,iBAAiB,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;QACrE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI;KAC7D,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAClB,MAAM,QAAQ,GACZ,aAAa,CAAC,MAAM,GAAG,CAAC;QACtB,CAAC,CAAC,0BAA0B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,+BAA+B,QAAQ,CAAC,IAAI,EAAE;QAClG,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;IAEpB,MAAM,QAAQ,GAAoB;QAChC,GAAG,gBAAgB;QACnB,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE;KAC9D,CAAC;IAEF,oEAAoE;IACpE,4EAA4E;IAC5E,wEAAwE;IACxE,+DAA+D;IAC/D,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,MAAM,GAAG,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAE5C,MAAM,KAAK,GAAG,eAAe,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAEpF,qEAAqE;IACrE,2EAA2E;IAC3E,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,QAAQ,CACN,KAAK,EACL,QAAQ,EACR,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE;YACrB,MAAM,qBAAqB,CACzB;gBACE,SAAS,EAAE,UAAU;gBACrB,KAAK,EAAE,KAAK,IAAI,SAAS;gBACzB,4DAA4D;gBAC5D,wDAAwD;gBACxD,kDAAkD;gBAClD,mBAAmB,EAAE,IAAI;aAC1B,EACD,GAAG,EAAE,CACH,YAAY,CAAC;gBACX,MAAM;gBACN,KAAK;gBACL,YAAY;gBACZ,KAAK;gBACL,QAAQ;gBACR,OAAO;gBACP,IAAI;gBACJ,MAAM;aACP,CAAC,CACL,CAAC;QACJ,CAAC,EACD,KAAK,EAAE,YAAuB,EAAE,EAAE;YAChC,IAAI,CAAC;gBACH,+DAA+D;gBAC/D,6DAA6D;gBAC7D,gEAAgE;gBAChE,EAAE;gBACF,kEAAkE;gBAClE,gEAAgE;gBAChE,gEAAgE;gBAChE,iEAAiE;gBACjE,iCAAiC;gBACjC,IAAI,WAAW,GAAG,CAAC,CAAC,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBACzD,MAAM,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;oBAC5C,IAAI,CAAC,KAAK,YAAY,IAAI,CAAC,KAAK,WAAW,EAAE,CAAC;wBAC5C,WAAW,GAAG,CAAC,CAAC;wBAChB,MAAM;oBACR,CAAC;gBACH,CAAC;gBACD,MAAM,QAAQ,GAAG,WAAW,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxD,IAAI,YAAY,GAAG,EAAE,CAAC;gBACtB,KAAK,IAAI,CAAC,GAAG,QAAQ,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3D,MAAM,EAAE,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;oBACxC,IAAI,EAAE,CAAC,IAAI,KAAK,MAAM;wBAAE,YAAY,IAAI,EAAE,CAAC,IAAI,CAAC;gBAClD,CAAC;gBACD,+DAA+D;gBAC/D,+DAA+D;gBAC/D,kBAAkB;gBAClB,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,WAAW,IAAI,CAAC,EAAE,CAAC;oBAC7C,KAAK,MAAM,QAAQ,IAAI,YAAY,CAAC,MAAM,EAAE,CAAC;wBAC3C,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;4BACnC,YAAY,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC;wBACtC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,sEAAsE;gBACtE,mEAAmE;gBACnE,qEAAqE;gBACrE,0CAA0C;gBAC1C,MAAM,UAAU,GAAG,YAAY,CAAC,MAAM,KAAK,SAAS,CAAC;gBACrD,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,UAAU,EAAE,CAAC;oBACvC,IAAI,UAAU,EAAE,CAAC;wBACf,YAAY;4BACV,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gCAClD,uDAAuD;gCACvD,oEAAoE;gCACpE,+DAA+D,CAAC;oBACpE,CAAC;yBAAM,CAAC;wBACN,YAAY,GAAG,eAAe,CAAC;oBACjC,CAAC;gBACH,CAAC;gBAED,iEAAiE;gBACjE,gEAAgE;gBAChE,iEAAiE;gBACjE,iEAAiE;gBACjE,gBAAgB;gBAChB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC;gBAC7D,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrE,MAAM,iBAAiB,GACrB,UAAU,IAAI,QAAQ;oBACpB,CAAC,CAAC,GAAG,UAAU,YAAY,QAAQ,EAAE;oBACrC,CAAC,CAAC,SAAS,CAAC;gBAEhB,4DAA4D;gBAC5D,oDAAoD;gBACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,YAAY,EAAE;oBACzD,iBAAiB;iBAClB,CAAC,CAAC;gBACH,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE;oBAC7C,cAAc,EAAE,IAAI,CAAC,cAAc;iBACpC,CAAC,CAAC;gBAEH,sBAAsB;gBACtB,MAAM,iBAAiB,CACrB,QAAQ,EACR,QAAQ,CAAC,IAAI,EACb,YAAY,EACZ,MAAM,CACP,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CACX,4CAA4C,QAAQ,CAAC,QAAQ,GAAG,EAChE,GAAG,CACJ,CAAC;gBACF,sEAAsE;gBACtE,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAC1C,kEAAkE,CACnE,CAAC;oBACF,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBACjD,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,iBAAiB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,YAAuB,EACvB,MAAW;IAEX,IAAI,CAAC;QACH,IAAI,IAAS,CAAC;QACd,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,IAAI,IAAI,CAAC,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,GAAG,EAAE,CAAC;QACZ,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QAEtD,mBAAmB;QACnB,MAAM,OAAO,GAAG;YACd,EAAE,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,OAAO;YAC5B,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;YAC3C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,0CAA0C;QAC1C,MAAM,YAAY,GAAG,qBAAqB,CACxC,YAAY,CAAC,MAAM,IAAI,EAAE,EACzB,YAAY,CAAC,KAAK,CACnB,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5B,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,gBAAgB,CACpB,QAAQ,EACR,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EACpB,IAAI,CAAC,KAAK,IAAI,MAAM,EAAE,KAAK,IAAI,kBAAkB,EACjD,IAAI,CAAC,OAAO,IAAI,MAAM,EAAE,OAAO,IAAI,EAAE,EACrC,IAAI,CAAC,QAAQ,CAAC,MAAM,CACrB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,0BAA0B;IAC5B,CAAC;AACH,CAAC","sourcesContent":["import type { H3Event } from \"h3\";\nimport type { PlatformAdapter, IncomingMessage } from \"./types.js\";\nimport { getThreadMapping, saveThreadMapping } from \"./thread-mapping-store.js\";\nimport { createThread, getThread } from \"../chat-threads/store.js\";\nimport {\n  runAgentLoop,\n  actionsToEngineTools,\n  type ActionEntry,\n} from \"../agent/production-agent.js\";\nimport { createAnthropicEngine } from \"../agent/engine/index.js\";\nimport type { EngineMessage } from \"../agent/engine/types.js\";\nimport { startRun, type ActiveRun } from \"../agent/run-manager.js\";\nimport {\n  buildAssistantMessage,\n  extractThreadMeta,\n} from \"../agent/thread-data-builder.js\";\nimport { updateThreadData } from \"../chat-threads/store.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { resolveOrgIdForEmail } from \"../org/context.js\";\nimport {\n  insertPendingTask,\n  isDuplicateEventError,\n  type PendingTask,\n} from \"./pending-tasks-store.js\";\nimport { signInternalToken } from \"./internal-token.js\";\nimport { FRAMEWORK_ROUTE_PREFIX } from \"../server/core-routes-plugin.js\";\nimport { withConfiguredAppBasePath } from \"../server/app-base-path.js\";\n\n/**\n * Build a stable per-event dedup key from the incoming message. The same\n * key is computed for every retry of the same event from the platform —\n * Slack/Telegram retry on timeout (3s for Slack), so we MUST treat the\n * second delivery as a duplicate and return 200 silently.\n *\n * The `(platform, external_event_key)` UNIQUE index in\n * `integration_pending_tasks` enforces this at the SQL layer, replacing\n * the previous in-memory Map (H3 in the webhook security audit) which\n * couldn't survive serverless cold starts.\n */\nfunction buildEventDedupKey(incoming: IncomingMessage): string {\n  return `${incoming.platform}:${incoming.externalThreadId}:${incoming.timestamp}`;\n}\n\nexport interface WebhookHandlerOptions {\n  adapter: PlatformAdapter;\n  /** Resolved system prompt string */\n  systemPrompt: string;\n  /** Action entries for the agent */\n  actions: Record<string, ActionEntry>;\n  /** Model to use */\n  model: string;\n  /** Anthropic API key */\n  apiKey: string;\n  /** Thread owner for personal/shared resource loading */\n  ownerEmail: string;\n  /**\n   * Pre-parsed incoming message. When provided, handleWebhook skips its own\n   * verification + parsing steps. Required when the caller has already read\n   * the request body (h3 doesn't reliably cache parsed bodies, so re-parsing\n   * the same event hangs on streaming providers).\n   */\n  incoming?: IncomingMessage;\n  /** Optional hook to intercept inbound commands before agent execution */\n  beforeProcess?: (\n    incoming: IncomingMessage,\n    adapter: PlatformAdapter,\n  ) => Promise<\n    | {\n        handled: true;\n        responseText?: string;\n      }\n    | { handled: false }\n  >;\n}\n\n/**\n * Process an incoming webhook from a messaging platform.\n *\n * Flow:\n * 1. Handle verification challenges (Slack url_verification, etc.)\n * 2. Verify webhook signature\n * 3. Parse incoming message (null = ignored event)\n * 4. Persist task to SQL\n * 5. Fire-and-forget POST to /_agent-native/integrations/process-task\n *    (a fresh function execution with its own timeout budget)\n * 6. Return HTTP 200 immediately (within Slack's 3s SLA)\n *\n * The processor endpoint runs the actual agent loop. This split is essential\n * for serverless platforms (Netlify Lambda, Vercel, Cloudflare Workers) which\n * freeze the function as soon as the response is returned, killing any\n * lingering background promises.\n */\nexport async function handleWebhook(\n  event: H3Event,\n  options: WebhookHandlerOptions,\n): Promise<{ status: number; body: unknown }> {\n  const { adapter, beforeProcess } = options;\n\n  let incoming: IncomingMessage | null = options.incoming ?? null;\n\n  // When the caller didn't pre-parse, run the full verify + parse pipeline.\n  // Otherwise skip it — h3's body stream has already been consumed and a\n  // second readBody call hangs on streaming providers.\n  if (!incoming) {\n    // Step 1: Handle platform-specific verification challenges\n    const verification = await adapter.handleVerification(event);\n    if (verification.handled) {\n      return { status: 200, body: verification.response ?? \"ok\" };\n    }\n\n    // Step 2: Verify webhook signature\n    const isValid = await adapter.verifyWebhook(event);\n    if (!isValid) {\n      return { status: 401, body: { error: \"Invalid webhook signature\" } };\n    }\n\n    // Step 3: Parse the incoming message\n    incoming = await adapter.parseIncomingMessage(event);\n    if (!incoming) {\n      // Not a user message (bot message, edit, reaction, etc.) — acknowledge silently\n      return { status: 200, body: \"ok\" };\n    }\n  }\n\n  // Dedup is enforced inside enqueueAndDispatch — the unique index on\n  // `(platform, external_event_key)` raises a constraint violation we treat\n  // as \"already enqueued\" and respond 200. We can't dedup BEFORE the\n  // beforeProcess hook because some templates use beforeProcess for\n  // command-style intercepts that are stateless and idempotent (e.g. a\n  // Slack `/help` command that doesn't enqueue a task).\n\n  if (beforeProcess) {\n    const result = await beforeProcess(incoming, adapter);\n    if (result.handled) {\n      if (result.responseText?.trim()) {\n        const outgoing = adapter.formatAgentResponse(result.responseText);\n        await adapter.sendResponse(outgoing, incoming);\n      }\n      return { status: 200, body: \"ok\" };\n    }\n  }\n\n  // Step 4 + 5: Enqueue to SQL and dispatch to processor in a fresh request.\n  try {\n    await enqueueAndDispatch(event, incoming, options);\n  } catch (err) {\n    // Duplicate event delivery: the SQL UNIQUE constraint on\n    // (platform, external_event_key) rejected the second insert. This is\n    // the expected path when a platform retries an event that already\n    // landed (e.g. Slack 3-second timeout) — return 200 so the platform\n    // stops retrying. See H3 in the webhook security audit.\n    if (isDuplicateEventError(err)) {\n      return { status: 200, body: \"ok\" };\n    }\n    console.error(\n      `[integrations] Failed to enqueue/dispatch ${incoming.platform} message:`,\n      err,\n    );\n    // Return 500 so the platform retries. If the SQL insert failed for a\n    // non-dup reason, the message is genuinely lost — better to let Slack\n    // retry (it will re-fire the same event_callback) than silently drop it.\n    return { status: 500, body: { error: \"enqueue failed\" } };\n  }\n\n  return { status: 200, body: \"ok\" };\n}\n\n/**\n * Persist the task to SQL and dispatch a fresh HTTP request to the processor\n * endpoint. The dispatch is fire-and-forget — we deliberately do NOT await\n * the resulting fetch, so the current handler can return immediately.\n *\n * This pattern works on every supported host:\n *   - Netlify Lambda: function returns; the dispatched request hits a fresh\n *     Lambda with its own 26s budget.\n *   - Vercel Functions: same.\n *   - Cloudflare Workers: same (no waitUntil dependency).\n *   - Self-hosted Node: a separate request comes back through the same\n *     server, but each handler still runs to completion.\n */\nasync function enqueueAndDispatch(\n  event: H3Event,\n  incoming: IncomingMessage,\n  options: WebhookHandlerOptions,\n): Promise<void> {\n  const taskId = `task-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n\n  // Resolve the org id once at enqueue-time so the processor doesn't have to\n  // re-derive it (and so we can drop it on the row for observability).\n  let orgId: string | null = null;\n  try {\n    orgId = (await resolveOrgIdForEmail(options.ownerEmail)) ?? null;\n  } catch {\n    orgId = null;\n  }\n\n  // Post a \"thinking…\" placeholder immediately if the adapter supports\n  // in-place edits. The processor flow will update this same message with\n  // the final answer, so users see one tidy thread reply instead of\n  // \"[silence] → answer\". Adapters without edit support skip this and the\n  // processor posts a fresh response.\n  let placeholderRef: string | undefined;\n  try {\n    if (options.adapter.postProcessingPlaceholder) {\n      const placeholder =\n        await options.adapter.postProcessingPlaceholder(incoming);\n      if (placeholder?.placeholderRef) {\n        placeholderRef = placeholder.placeholderRef;\n      }\n    }\n  } catch (err) {\n    console.error(\"[integrations] postProcessingPlaceholder failed:\", err);\n  }\n\n  const payload = JSON.stringify({ incoming, placeholderRef });\n\n  await insertPendingTask({\n    id: taskId,\n    platform: incoming.platform,\n    externalThreadId: incoming.externalThreadId,\n    payload,\n    ownerEmail: options.ownerEmail,\n    orgId,\n    // SQL-level dedup key — duplicate webhook deliveries from the same\n    // platform produce the same key, so the unique index rejects the\n    // second insert (H3 in the webhook security audit).\n    externalEventKey: buildEventDedupKey(incoming),\n  });\n\n  const baseUrl = resolveBaseUrl(event);\n  const processUrl = `${baseUrl}${FRAMEWORK_ROUTE_PREFIX}/integrations/process-task`;\n\n  // Sign the dispatch with an HMAC token so the processor endpoint can\n  // verify the request came from us and not the public internet. The\n  // processor refuses unsigned requests in production (C3 in the webhook\n  // security audit). In dev, dispatching unsigned is allowed and falls\n  // through to the SQL atomic claim for double-processing protection.\n  const headers: Record<string, string> = {\n    \"Content-Type\": \"application/json\",\n  };\n  try {\n    headers[\"Authorization\"] = `Bearer ${signInternalToken(taskId)}`;\n  } catch (err) {\n    // Distinguish \"secret not configured\" (the documented dev path) from\n    // a real signing failure — silently swallowing both made malformed\n    // secrets fail invisibly (L5 in the audit).\n    if (err instanceof Error && !/A2A_SECRET/i.test(err.message)) {\n      console.error(\n        `[integrations] signInternalToken failed unexpectedly for ${taskId}:`,\n        err,\n      );\n    }\n  }\n\n  // Fire-and-forget: do NOT await the full response (the processor's run\n  // takes minutes — we don't want to block the caller). BUT on Netlify\n  // Lambda, when we return immediately, the runtime can freeze the function\n  // before the outbound TCP handshake even starts, which leaves the dispatch\n  // request stuck waiting for the 60s retry-sweep job. Race the fetch\n  // against a short timer so the request gets at least ~250ms to leave the\n  // box; the trade-off is at most ~250ms of added webhook latency.\n  const dispatchPromise = fetch(processUrl, {\n    method: \"POST\",\n    headers,\n    body: JSON.stringify({ taskId }),\n  }).catch((err) => {\n    console.error(\"[integrations] Failed to dispatch processor request:\", err);\n  });\n  await Promise.race([\n    dispatchPromise,\n    new Promise<void>((resolve) => setTimeout(resolve, 250)),\n  ]);\n}\n\n/**\n * Resolve the base URL we should dispatch the processor request to.\n * Prefers explicit env vars (most reliable on serverless), falls back to the\n * inbound request's headers.\n */\nexport function resolveBaseUrl(event: H3Event): string {\n  const fromEnv =\n    process.env.APP_URL ||\n    process.env.URL ||\n    process.env.DEPLOY_URL ||\n    process.env.BETTER_AUTH_URL;\n  if (fromEnv) return withConfiguredAppBasePath(fromEnv);\n\n  try {\n    const headers = (event as any).node?.req?.headers ?? (event as any).headers;\n    const get = (name: string): string | undefined => {\n      if (!headers) return undefined;\n      if (typeof headers.get === \"function\") {\n        return headers.get(name) ?? undefined;\n      }\n      const lower = String(name).toLowerCase();\n      const map = headers as Record<string, string | undefined>;\n      return map[name] ?? map[lower];\n    };\n    const proto = get(\"x-forwarded-proto\") || \"http\";\n    const host = get(\"host\") || `localhost:${process.env.PORT || 3000}`;\n    return withConfiguredAppBasePath(`${proto}://${host}`);\n  } catch {\n    return withConfiguredAppBasePath(\n      `http://localhost:${process.env.PORT || 3000}`,\n    );\n  }\n}\n\n/**\n * Run the actual agent loop for a previously-enqueued task. Called by the\n * processor endpoint in `plugin.ts`. This is a fresh function execution, so\n * it gets its own timeout budget independent of the inbound webhook handler.\n */\nexport async function processIntegrationTask(\n  task: PendingTask,\n  options: WebhookHandlerOptions,\n): Promise<void> {\n  const parsed = JSON.parse(task.payload) as {\n    incoming: IncomingMessage;\n    placeholderRef?: string;\n  };\n  await processIncomingMessage(parsed.incoming, options, {\n    placeholderRef: parsed.placeholderRef,\n  });\n}\n\n/**\n * Resolve thread, run agent loop, post response, persist thread data.\n * Shared between the new processor endpoint and any direct callers.\n */\nasync function processIncomingMessage(\n  incoming: IncomingMessage,\n  options: WebhookHandlerOptions,\n  opts: { placeholderRef?: string } = {},\n): Promise<void> {\n  const { adapter, systemPrompt, actions, model, apiKey, ownerEmail } = options;\n\n  // Resolve or create internal thread\n  let mapping = await getThreadMapping(\n    incoming.platform,\n    incoming.externalThreadId,\n  );\n\n  if (!mapping) {\n    const thread = await createThread(ownerEmail, {\n      title: `${adapter.label}: ${incoming.senderName || incoming.senderId || \"User\"}`,\n    });\n    await saveThreadMapping(\n      incoming.platform,\n      incoming.externalThreadId,\n      thread.id,\n      incoming.platformContext,\n    );\n    mapping = {\n      platform: incoming.platform,\n      externalThreadId: incoming.externalThreadId,\n      internalThreadId: thread.id,\n      platformContext: incoming.platformContext,\n      createdAt: Date.now(),\n      updatedAt: Date.now(),\n    };\n  }\n\n  const threadId = mapping.internalThreadId;\n\n  // Load existing thread history for context\n  const thread = await getThread(threadId);\n  const existingMessages: EngineMessage[] = [];\n  if (thread?.threadData) {\n    try {\n      const data = JSON.parse(thread.threadData);\n      if (Array.isArray(data.messages)) {\n        for (const msg of data.messages) {\n          const m = msg.message ?? msg;\n          const textContent =\n            typeof m.content === \"string\"\n              ? m.content\n              : Array.isArray(m.content)\n                ? m.content\n                    .filter((c: any) => c.type === \"text\")\n                    .map((c: any) => c.text)\n                    .join(\"\\n\")\n                : \"\";\n          if (m.role === \"user\") {\n            existingMessages.push({\n              role: \"user\",\n              content: [{ type: \"text\", text: textContent }],\n            });\n          } else if (m.role === \"assistant\") {\n            existingMessages.push({\n              role: \"assistant\",\n              content: [{ type: \"text\", text: textContent }],\n            });\n          }\n        }\n      }\n    } catch {}\n  }\n\n  // Add the new user message. Include verified platform identity as lightweight\n  // context so app-specific agents can attribute requests without guessing.\n  const identityLines = [\n    `Platform: ${incoming.platform}`,\n    incoming.senderName ? `Sender name: ${incoming.senderName}` : null,\n    incoming.senderEmail ? `Sender email: ${incoming.senderEmail}` : null,\n    incoming.senderId ? `Sender ID: ${incoming.senderId}` : null,\n  ].filter(Boolean);\n  const userText =\n    identityLines.length > 1\n      ? `<integration-context>\\n${identityLines.join(\"\\n\")}\\n</integration-context>\\n\\n${incoming.text}`\n      : incoming.text;\n\n  const messages: EngineMessage[] = [\n    ...existingMessages,\n    { role: \"user\", content: [{ type: \"text\", text: userText }] },\n  ];\n\n  // Run agent loop via startRun, wrapped in a request context so that\n  // tools (especially call-agent) can resolve the caller's org for org-scoped\n  // A2A delegation. Without this, getRequestOrgId() returns undefined and\n  // call-agent can't look up the org's a2a_secret or org_domain.\n  const orgId = await resolveOrgIdForEmail(ownerEmail);\n  const engine = createAnthropicEngine({ apiKey });\n  const tools = actionsToEngineTools(actions);\n\n  const runId = `integration-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n\n  // Wait for the run to complete inside this fresh function execution.\n  // We use a Promise so the processor endpoint can await the full lifecycle.\n  await new Promise<void>((resolve) => {\n    startRun(\n      runId,\n      threadId,\n      async (send, signal) => {\n        await runWithRequestContext(\n          {\n            userEmail: ownerEmail,\n            orgId: orgId ?? undefined,\n            // Lets downstream callers (call-agent script) apply tighter\n            // budgets on integration paths without affecting normal\n            // agent-chat. See `isIntegrationCallerRequest()`.\n            isIntegrationCaller: true,\n          },\n          () =>\n            runAgentLoop({\n              engine,\n              model,\n              systemPrompt,\n              tools,\n              messages,\n              actions,\n              send,\n              signal,\n            }),\n        );\n      },\n      async (completedRun: ActiveRun) => {\n        try {\n          // Collect text events from the run, but drop any pre-tool-call\n          // preamble so the user sees just the final answer instead of\n          // \"I need to delegate this...\" run-on into the raw tool result.\n          //\n          // Heuristic: when the agent fired any tool, only keep text events\n          // that come AFTER the last tool. The preamble (\"Let me check…\")\n          // and the final answer (\"630\") are emitted as two separate text\n          // events, and concatenating them with no separator was producing\n          // \"...signup data.630\" in Slack.\n          let lastToolIdx = -1;\n          for (let i = completedRun.events.length - 1; i >= 0; i--) {\n            const t = completedRun.events[i].event.type;\n            if (t === \"tool_start\" || t === \"tool_done\") {\n              lastToolIdx = i;\n              break;\n            }\n          }\n          const startIdx = lastToolIdx >= 0 ? lastToolIdx + 1 : 0;\n          let responseText = \"\";\n          for (let i = startIdx; i < completedRun.events.length; i++) {\n            const ev = completedRun.events[i].event;\n            if (ev.type === \"text\") responseText += ev.text;\n          }\n          // If the post-tool window had no text (tool spoke for itself),\n          // fall back to all text events so we never leave the user with\n          // an empty reply.\n          if (!responseText.trim() && lastToolIdx >= 0) {\n            for (const runEvent of completedRun.events) {\n              if (runEvent.event.type === \"text\") {\n                responseText += runEvent.event.text;\n              }\n            }\n          }\n\n          // If the run errored OR produced no text, post a graceful fallback so\n          // the user isn't left wondering whether the bot saw their message.\n          // Common case: an A2A delegation timed out and the agent loop bailed\n          // before generating any user-facing text.\n          const runErrored = completedRun.status === \"errored\";\n          if (!responseText.trim() || runErrored) {\n            if (runErrored) {\n              responseText =\n                (responseText.trim() ? responseText + \"\\n\\n\" : \"\") +\n                \"I ran into a problem before I could finish that one. \" +\n                \"If it was a complex analytics question, opening the analytics app \" +\n                \"directly is the most reliable way to get an answer right now.\";\n            } else {\n              responseText = \"(No response)\";\n            }\n          }\n\n          // Compute the deep-link to the dispatch UI for this thread, then\n          // hand it to the adapter as a structured `threadDeepLinkUrl` so\n          // platforms with rich blocks (Slack) can render a button instead\n          // of inlining a `<url|text>` link that auto-unfurls into a giant\n          // preview card.\n          const baseUrl = process.env.APP_URL || process.env.URL || \"\";\n          const appBaseUrl = baseUrl ? withConfiguredAppBasePath(baseUrl) : \"\";\n          const threadDeepLinkUrl =\n            appBaseUrl && threadId\n              ? `${appBaseUrl}/?thread=${threadId}`\n              : undefined;\n\n          // Format and send back to platform — update the \"thinking…\"\n          // placeholder in place if the adapter supplied one.\n          const outgoing = adapter.formatAgentResponse(responseText, {\n            threadDeepLinkUrl,\n          });\n          await adapter.sendResponse(outgoing, incoming, {\n            placeholderRef: opts.placeholderRef,\n          });\n\n          // Persist thread data\n          await persistThreadData(\n            threadId,\n            incoming.text,\n            completedRun,\n            thread,\n          );\n        } catch (err) {\n          console.error(\n            `[integrations] Error sending response to ${incoming.platform}:`,\n            err,\n          );\n          // Last-ditch: try to post a brief apology so the thread isn't silent.\n          try {\n            const fallback = adapter.formatAgentResponse(\n              \"Something went wrong on my end while replying. Please try again.\",\n            );\n            await adapter.sendResponse(fallback, incoming);\n          } catch {}\n        } finally {\n          resolve();\n        }\n      },\n    );\n  });\n}\n\n/**\n * Persist the user message and agent response to the thread data,\n * so the conversation history is available in the web UI too.\n */\nasync function persistThreadData(\n  threadId: string,\n  userText: string,\n  completedRun: ActiveRun,\n  thread: any,\n): Promise<void> {\n  try {\n    let repo: any;\n    try {\n      repo = JSON.parse(thread?.threadData || \"{}\");\n    } catch {\n      repo = {};\n    }\n    if (!Array.isArray(repo.messages)) repo.messages = [];\n\n    // Add user message\n    const userMsg = {\n      id: `msg-${Date.now()}-user`,\n      role: \"user\",\n      content: [{ type: \"text\", text: userText }],\n      createdAt: new Date().toISOString(),\n    };\n\n    // Build assistant message from run events\n    const assistantMsg = buildAssistantMessage(\n      completedRun.events ?? [],\n      completedRun.runId,\n    );\n\n    repo.messages.push(userMsg);\n    if (assistantMsg) {\n      repo.messages.push(assistantMsg);\n    }\n\n    const meta = extractThreadMeta(repo);\n    await updateThreadData(\n      threadId,\n      JSON.stringify(repo),\n      meta.title || thread?.title || \"Integration Chat\",\n      meta.preview || thread?.preview || \"\",\n      repo.messages.length,\n    );\n  } catch {\n    // Best-effort persistence\n  }\n}\n"]}
+{"version":3,"file":"webhook-handler.js","sourceRoot":"","sources":["../../src/integrations/webhook-handler.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAChF,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACnE,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,cAAc,EACd,gBAAgB,GAEjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,MAAM,sCAAsC,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EACL,uBAAuB,EACvB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,QAAQ,EAAkB,MAAM,yBAAyB,CAAC;AACnE,OAAO,EACL,qBAAqB,EACrB,iBAAiB,GAClB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EACL,iBAAiB,EACjB,qBAAqB,GAEtB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAEvE;;;;;;;;;;GAUG;AACH,SAAS,kBAAkB,CAAC,QAAyB;IACnD,OAAO,GAAG,QAAQ,CAAC,QAAQ,IAAI,QAAQ,CAAC,gBAAgB,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;AACnF,CAAC;AAuCD,SAAS,kBAAkB,CACzB,YAA6C;IAE7C,IAAI,CAAC,YAAY;QAAE,OAAO,SAAS,CAAC;IACpC,IAAI,OAAO,YAAY,KAAK,QAAQ;QAAE,OAAO,YAAY,CAAC;IAC1D,IACE,OAAO,YAAY,KAAK,QAAQ;QAChC,CAAC,CAAC,QAAQ,IAAI,YAAY,CAAC;QAC3B,OAAO,YAAY,CAAC,IAAI,KAAK,QAAQ,EACrC,CAAC;QACD,OAAO,YAAY,CAAC,IAAI,CAAC;IAC3B,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,mBAAmB;IAC1B,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;QAAE,OAAO,KAAK,CAAC;IACxD,OAAO,CAAC,eAAe,EAAE,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,YAA6C,EAC7C,UAAkB,EAClB,cAAsB;IAEtB,MAAM,UAAU,GAAG,kBAAkB,CAAC,YAAY,CAAC,CAAC;IACpD,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC9C,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAC9D,IAAI,UAAU,IAAI,mBAAmB,EAAE;YAAE,OAAO,UAAU,CAAC;QAC3D,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC5E,OAAO,cAAc,IAAI,cAAc,CAAC,IAAI,EAAE,IAAI,SAAS,CAAC;IAC9D,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAC1D,IAAI,UAAU,IAAI,mBAAmB,EAAE;QAAE,OAAO,UAAU,CAAC;IAC3D,OAAO,cAAc,CAAC,IAAI,EAAE,IAAI,SAAS,CAAC;AAC5C,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAc,EACd,OAA8B;IAE9B,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IAE3C,IAAI,QAAQ,GAA2B,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC;IAEhE,0EAA0E;IAC1E,uEAAuE;IACvE,qDAAqD;IACrD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,2DAA2D;QAC3D,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC7D,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAC;QAC9D,CAAC;QAED,mCAAmC;QACnC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,2BAA2B,EAAE,EAAE,CAAC;QACvE,CAAC;QAED,qCAAqC;QACrC,QAAQ,GAAG,MAAM,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QACrD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,gFAAgF;YAChF,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACrC,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,0EAA0E;IAC1E,mEAAmE;IACnE,kEAAkE;IAClE,qEAAqE;IACrE,sDAAsD;IAEtD,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACtD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,IAAI,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,EAAE,CAAC;gBAChC,MAAM,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAClE,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACjD,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACrC,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,IAAI,CAAC;QACH,MAAM,kBAAkB,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,yDAAyD;QACzD,qEAAqE;QACrE,kEAAkE;QAClE,oEAAoE;QACpE,wDAAwD;QACxD,IAAI,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,KAAK,CACX,6CAA6C,QAAQ,CAAC,QAAQ,WAAW,EACzE,GAAG,CACJ,CAAC;QACF,qEAAqE;QACrE,sEAAsE;QACtE,yEAAyE;QACzE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE,EAAE,CAAC;IAC5D,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACrC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,KAAK,UAAU,kBAAkB,CAC/B,KAAc,EACd,QAAyB,EACzB,OAA8B;IAE9B,MAAM,MAAM,GAAG,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAE9E,2EAA2E;IAC3E,qEAAqE;IACrE,IAAI,KAAK,GAAkB,IAAI,CAAC;IAChC,IAAI,CAAC;QACH,KAAK,GAAG,CAAC,MAAM,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,IAAI,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,KAAK,GAAG,IAAI,CAAC;IACf,CAAC;IAED,qEAAqE;IACrE,wEAAwE;IACxE,kEAAkE;IAClE,wEAAwE;IACxE,oCAAoC;IACpC,IAAI,cAAkC,CAAC;IACvC,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,OAAO,CAAC,yBAAyB,EAAE,CAAC;YAC9C,MAAM,WAAW,GACf,MAAM,OAAO,CAAC,OAAO,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC;YAC5D,IAAI,WAAW,EAAE,cAAc,EAAE,CAAC;gBAChC,cAAc,GAAG,WAAW,CAAC,cAAc,CAAC;YAC9C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,kDAAkD,EAAE,GAAG,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC,CAAC;IAE7D,MAAM,iBAAiB,CAAC;QACtB,EAAE,EAAE,MAAM;QACV,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,OAAO;QACP,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,KAAK;QACL,mEAAmE;QACnE,iEAAiE;QACjE,oDAAoD;QACpD,gBAAgB,EAAE,kBAAkB,CAAC,QAAQ,CAAC;KAC/C,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,UAAU,GAAG,GAAG,OAAO,GAAG,sBAAsB,4BAA4B,CAAC;IAEnF,qEAAqE;IACrE,mEAAmE;IACnE,uEAAuE;IACvE,qEAAqE;IACrE,oEAAoE;IACpE,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;KACnC,CAAC;IACF,IAAI,CAAC;QACH,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;IACnE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,qEAAqE;QACrE,mEAAmE;QACnE,4CAA4C;QAC5C,IAAI,GAAG,YAAY,KAAK,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7D,OAAO,CAAC,KAAK,CACX,4DAA4D,MAAM,GAAG,EACrE,GAAG,CACJ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,qEAAqE;IACrE,0EAA0E;IAC1E,2EAA2E;IAC3E,oEAAoE;IACpE,yEAAyE;IACzE,iEAAiE;IACjE,MAAM,eAAe,GAAG,KAAK,CAAC,UAAU,EAAE;QACxC,MAAM,EAAE,MAAM;QACd,OAAO;QACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACf,OAAO,CAAC,KAAK,CAAC,sDAAsD,EAAE,GAAG,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,IAAI,CAAC;QACjB,eAAe;QACf,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;KACzD,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,KAAc;IAC3C,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,OAAO;QACnB,OAAO,CAAC,GAAG,CAAC,GAAG;QACf,OAAO,CAAC,GAAG,CAAC,UAAU;QACtB,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,IAAI,OAAO;QAAE,OAAO,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,OAAO,GAAI,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,IAAK,KAAa,CAAC,OAAO,CAAC;QAC5E,MAAM,GAAG,GAAG,CAAC,IAAY,EAAsB,EAAE;YAC/C,IAAI,CAAC,OAAO;gBAAE,OAAO,SAAS,CAAC;YAC/B,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;gBACtC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC;YACxC,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,OAA6C,CAAC;YAC1D,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC,CAAC;QACF,MAAM,KAAK,GAAG,GAAG,CAAC,mBAAmB,CAAC,IAAI,MAAM,CAAC;QACjD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,aAAa,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;QACpE,OAAO,yBAAyB,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,yBAAyB,CAC9B,oBAAoB,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAC/C,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,IAAiB,EACjB,OAA8B;IAE9B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAGrC,CAAC;IACF,MAAM,sBAAsB,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE;QACrD,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,cAAc,EAAE,MAAM,CAAC,cAAc;KACtC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,QAAyB,EACzB,OAA8B,EAC9B,OAAqD,EAAE;IAEvD,MAAM,EACJ,OAAO,EACP,YAAY,EACZ,OAAO,EACP,KAAK,EACL,MAAM,EACN,UAAU,EACV,MAAM,EAAE,YAAY,GACrB,GAAG,OAAO,CAAC;IAEZ,oCAAoC;IACpC,IAAI,OAAO,GAAG,MAAM,gBAAgB,CAClC,QAAQ,CAAC,QAAQ,EACjB,QAAQ,CAAC,gBAAgB,CAC1B,CAAC;IAEF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,UAAU,EAAE;YAC5C,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,QAAQ,IAAI,MAAM,EAAE;SACjF,CAAC,CAAC;QACH,MAAM,iBAAiB,CACrB,QAAQ,CAAC,QAAQ,EACjB,QAAQ,CAAC,gBAAgB,EACzB,MAAM,CAAC,EAAE,EACT,QAAQ,CAAC,eAAe,CACzB,CAAC;QACF,OAAO,GAAG;YACR,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;YAC3C,gBAAgB,EAAE,MAAM,CAAC,EAAE;YAC3B,eAAe,EAAE,QAAQ,CAAC,eAAe;YACzC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAE1C,2CAA2C;IAC3C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;IACzC,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,MAAM,EAAE,UAAU,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC3C,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAChC,MAAM,CAAC,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC;oBAC7B,MAAM,WAAW,GACf,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ;wBAC3B,CAAC,CAAC,CAAC,CAAC,OAAO;wBACX,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;4BACxB,CAAC,CAAC,CAAC,CAAC,OAAO;iCACN,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC;iCACrC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;iCACvB,IAAI,CAAC,IAAI,CAAC;4BACf,CAAC,CAAC,EAAE,CAAC;oBACX,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;wBACtB,gBAAgB,CAAC,IAAI,CAAC;4BACpB,IAAI,EAAE,MAAM;4BACZ,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;yBAC/C,CAAC,CAAC;oBACL,CAAC;yBAAM,IAAI,CAAC,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;wBAClC,gBAAgB,CAAC,IAAI,CAAC;4BACpB,IAAI,EAAE,WAAW;4BACjB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;yBAC/C,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACZ,CAAC;IAED,8EAA8E;IAC9E,0EAA0E;IAC1E,MAAM,aAAa,GAAG;QACpB,aAAa,QAAQ,CAAC,QAAQ,EAAE;QAChC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,gBAAgB,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,IAAI;QAClE,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,iBAAiB,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;QACrE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI;KAC7D,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAClB,MAAM,QAAQ,GACZ,aAAa,CAAC,MAAM,GAAG,CAAC;QACtB,CAAC,CAAC,0BAA0B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,+BAA+B,QAAQ,CAAC,IAAI,EAAE;QAClG,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;IAEpB,MAAM,QAAQ,GAAoB;QAChC,GAAG,gBAAgB;QACnB,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE;KAC9D,CAAC;IAEF,oEAAoE;IACpE,4EAA4E;IAC5E,wEAAwE;IACxE,+DAA+D;IAC/D,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,KAAK,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAE5C,MAAM,KAAK,GAAG,eAAe,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAEpF,qEAAqE;IACrE,2EAA2E;IAC3E,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,QAAQ,CACN,KAAK,EACL,QAAQ,EACR,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE;YACrB,MAAM,qBAAqB,CACzB;gBACE,SAAS,EAAE,UAAU;gBACrB,KAAK,EAAE,KAAK,IAAI,SAAS;gBACzB,4DAA4D;gBAC5D,wDAAwD;gBACxD,kDAAkD;gBAClD,mBAAmB,EAAE,IAAI;gBACzB,WAAW,EAAE,IAAI,CAAC,MAAM;oBACtB,CAAC,CAAC;wBACE,MAAM,EAAE,IAAI,CAAC,MAAM;wBACnB,QAAQ;wBACR,cAAc,EAAE,IAAI,CAAC,cAAc;qBACpC;oBACH,CAAC,CAAC,SAAS;aACd,EACD,KAAK,IAAI,EAAE;gBACT,MAAM,eAAe,GAAG,MAAM,wBAAwB,CACpD,YAAY,EACZ,UAAU,EACV,MAAM,CACP,CAAC;gBACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC;oBACjC,YAAY;oBACZ,MAAM,EAAE,eAAe;oBACvB,KAAK;iBACN,CAAC,CAAC;gBACH,MAAM,aAAa,GACjB,CAAC,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;oBACvC,KAAK;oBACL,MAAM,CAAC,YAAY,CAAC;gBAEtB,OAAO,YAAY,CAAC;oBAClB,MAAM;oBACN,KAAK,EAAE,aAAa;oBACpB,YAAY;oBACZ,KAAK;oBACL,QAAQ;oBACR,OAAO;oBACP,IAAI;oBACJ,MAAM;iBACP,CAAC,CAAC;YACL,CAAC,CACF,CAAC;QACJ,CAAC,EACD,KAAK,EAAE,YAAuB,EAAE,EAAE;YAChC,IAAI,CAAC;gBACH,+DAA+D;gBAC/D,6DAA6D;gBAC7D,gEAAgE;gBAChE,EAAE;gBACF,kEAAkE;gBAClE,gEAAgE;gBAChE,gEAAgE;gBAChE,iEAAiE;gBACjE,iCAAiC;gBACjC,IAAI,WAAW,GAAG,CAAC,CAAC,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBACzD,MAAM,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;oBAC5C,IAAI,CAAC,KAAK,YAAY,IAAI,CAAC,KAAK,WAAW,EAAE,CAAC;wBAC5C,WAAW,GAAG,CAAC,CAAC;wBAChB,MAAM;oBACR,CAAC;gBACH,CAAC;gBACD,MAAM,QAAQ,GAAG,WAAW,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxD,IAAI,YAAY,GAAG,EAAE,CAAC;gBACtB,KAAK,IAAI,CAAC,GAAG,QAAQ,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3D,MAAM,EAAE,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;oBACxC,IAAI,EAAE,CAAC,IAAI,KAAK,MAAM;wBAAE,YAAY,IAAI,EAAE,CAAC,IAAI,CAAC;gBAClD,CAAC;gBACD,+DAA+D;gBAC/D,+DAA+D;gBAC/D,kBAAkB;gBAClB,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,WAAW,IAAI,CAAC,EAAE,CAAC;oBAC7C,KAAK,MAAM,QAAQ,IAAI,YAAY,CAAC,MAAM,EAAE,CAAC;wBAC3C,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;4BACnC,YAAY,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC;wBACtC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,sEAAsE;gBACtE,mEAAmE;gBACnE,qEAAqE;gBACrE,0CAA0C;gBAC1C,MAAM,UAAU,GAAG,YAAY,CAAC,MAAM,KAAK,SAAS,CAAC;gBACrD,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,UAAU,EAAE,CAAC;oBACvC,IAAI,UAAU,EAAE,CAAC;wBACf,YAAY;4BACV,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gCAClD,uDAAuD;gCACvD,oEAAoE;gCACpE,+DAA+D,CAAC;oBACpE,CAAC;yBAAM,CAAC;wBACN,YAAY,GAAG,eAAe,CAAC;oBACjC,CAAC;gBACH,CAAC;gBAED,iEAAiE;gBACjE,gEAAgE;gBAChE,iEAAiE;gBACjE,iEAAiE;gBACjE,gBAAgB;gBAChB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC;gBAC7D,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrE,MAAM,iBAAiB,GACrB,UAAU,IAAI,QAAQ;oBACpB,CAAC,CAAC,GAAG,UAAU,YAAY,QAAQ,EAAE;oBACrC,CAAC,CAAC,SAAS,CAAC;gBAEhB,4DAA4D;gBAC5D,oDAAoD;gBACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,YAAY,EAAE;oBACzD,iBAAiB;iBAClB,CAAC,CAAC;gBACH,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE;oBAC7C,cAAc,EAAE,IAAI,CAAC,cAAc;iBACpC,CAAC,CAAC;gBAEH,sBAAsB;gBACtB,MAAM,iBAAiB,CACrB,QAAQ,EACR,QAAQ,CAAC,IAAI,EACb,YAAY,EACZ,MAAM,CACP,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CACX,4CAA4C,QAAQ,CAAC,QAAQ,GAAG,EAChE,GAAG,CACJ,CAAC;gBACF,sEAAsE;gBACtE,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAC1C,kEAAkE,CACnE,CAAC;oBACF,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBACjD,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;oBAAS,CAAC;gBACT,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,iBAAiB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,YAAuB,EACvB,MAAW;IAEX,IAAI,CAAC;QACH,IAAI,IAAS,CAAC;QACd,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,IAAI,IAAI,CAAC,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,GAAG,EAAE,CAAC;QACZ,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QAEtD,mBAAmB;QACnB,MAAM,OAAO,GAAG;YACd,EAAE,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,OAAO;YAC5B,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;YAC3C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,0CAA0C;QAC1C,MAAM,YAAY,GAAG,qBAAqB,CACxC,YAAY,CAAC,MAAM,IAAI,EAAE,EACzB,YAAY,CAAC,KAAK,CACnB,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5B,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,gBAAgB,CACpB,QAAQ,EACR,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EACpB,IAAI,CAAC,KAAK,IAAI,MAAM,EAAE,KAAK,IAAI,kBAAkB,EACjD,IAAI,CAAC,OAAO,IAAI,MAAM,EAAE,OAAO,IAAI,EAAE,EACrC,IAAI,CAAC,QAAQ,CAAC,MAAM,CACrB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,0BAA0B;IAC5B,CAAC;AACH,CAAC","sourcesContent":["import type { H3Event } from \"h3\";\nimport type { PlatformAdapter, IncomingMessage } from \"./types.js\";\nimport { getThreadMapping, saveThreadMapping } from \"./thread-mapping-store.js\";\nimport { createThread, getThread } from \"../chat-threads/store.js\";\nimport {\n  runAgentLoop,\n  actionsToEngineTools,\n  getOwnerActiveApiKey,\n  getOwnerApiKey,\n  engineToProvider,\n  type ActionEntry,\n} from \"../agent/production-agent.js\";\nimport { PROVIDER_TO_ENV } from \"../agent/engine/provider-env-vars.js\";\nimport { isLocalDatabase } from \"../db/client.js\";\nimport { readDeployCredentialEnv } from \"../server/credential-provider.js\";\nimport {\n  getStoredModelForEngine,\n  resolveEngine,\n} from \"../agent/engine/index.js\";\nimport type { AgentEngine } from \"../agent/engine/types.js\";\nimport type { EngineMessage } from \"../agent/engine/types.js\";\nimport { startRun, type ActiveRun } from \"../agent/run-manager.js\";\nimport {\n  buildAssistantMessage,\n  extractThreadMeta,\n} from \"../agent/thread-data-builder.js\";\nimport { updateThreadData } from \"../chat-threads/store.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { resolveOrgIdForEmail } from \"../org/context.js\";\nimport {\n  insertPendingTask,\n  isDuplicateEventError,\n  type PendingTask,\n} from \"./pending-tasks-store.js\";\nimport { signInternalToken } from \"./internal-token.js\";\nimport { FRAMEWORK_ROUTE_PREFIX } from \"../server/core-routes-plugin.js\";\nimport { withConfiguredAppBasePath } from \"../server/app-base-path.js\";\n\n/**\n * Build a stable per-event dedup key from the incoming message. The same\n * key is computed for every retry of the same event from the platform —\n * Slack/Telegram retry on timeout (3s for Slack), so we MUST treat the\n * second delivery as a duplicate and return 200 silently.\n *\n * The `(platform, external_event_key)` UNIQUE index in\n * `integration_pending_tasks` enforces this at the SQL layer, replacing\n * the previous in-memory Map (H3 in the webhook security audit) which\n * couldn't survive serverless cold starts.\n */\nfunction buildEventDedupKey(incoming: IncomingMessage): string {\n  return `${incoming.platform}:${incoming.externalThreadId}:${incoming.timestamp}`;\n}\n\nexport interface WebhookHandlerOptions {\n  adapter: PlatformAdapter;\n  /** Resolved system prompt string */\n  systemPrompt: string;\n  /** Action entries for the agent */\n  actions: Record<string, ActionEntry>;\n  /** Model to use */\n  model: string;\n  /** Anthropic API key */\n  apiKey: string;\n  /** Agent engine to use. Defaults to the same resolver as web chat. */\n  engine?:\n    | AgentEngine\n    | string\n    | { name: string; config: Record<string, unknown> };\n  /** Thread owner for personal/shared resource loading */\n  ownerEmail: string;\n  /**\n   * Pre-parsed incoming message. When provided, handleWebhook skips its own\n   * verification + parsing steps. Required when the caller has already read\n   * the request body (h3 doesn't reliably cache parsed bodies, so re-parsing\n   * the same event hangs on streaming providers).\n   */\n  incoming?: IncomingMessage;\n  /** Optional hook to intercept inbound commands before agent execution */\n  beforeProcess?: (\n    incoming: IncomingMessage,\n    adapter: PlatformAdapter,\n  ) => Promise<\n    | {\n        handled: true;\n        responseText?: string;\n      }\n    | { handled: false }\n  >;\n}\n\nfunction explicitEngineName(\n  engineOption: WebhookHandlerOptions[\"engine\"],\n): string | undefined {\n  if (!engineOption) return undefined;\n  if (typeof engineOption === \"string\") return engineOption;\n  if (\n    typeof engineOption === \"object\" &&\n    !(\"stream\" in engineOption) &&\n    typeof engineOption.name === \"string\"\n  ) {\n    return engineOption.name;\n  }\n  return undefined;\n}\n\nfunction isMultiTenantDeploy(): boolean {\n  if (process.env.NODE_ENV !== \"production\") return false;\n  return !isLocalDatabase();\n}\n\nasync function resolveIntegrationApiKey(\n  engineOption: WebhookHandlerOptions[\"engine\"],\n  ownerEmail: string,\n  fallbackApiKey: string,\n): Promise<string | undefined> {\n  const engineName = explicitEngineName(engineOption);\n  if (engineName) {\n    const provider = engineToProvider(engineName);\n    const userApiKey = await getOwnerApiKey(provider, ownerEmail);\n    if (userApiKey || isMultiTenantDeploy()) return userApiKey;\n    const envVar = PROVIDER_TO_ENV[provider];\n    const providerEnvKey = envVar ? readDeployCredentialEnv(envVar) : undefined;\n    return providerEnvKey || fallbackApiKey.trim() || undefined;\n  }\n\n  const userApiKey = await getOwnerActiveApiKey(ownerEmail);\n  if (userApiKey || isMultiTenantDeploy()) return userApiKey;\n  return fallbackApiKey.trim() || undefined;\n}\n\n/**\n * Process an incoming webhook from a messaging platform.\n *\n * Flow:\n * 1. Handle verification challenges (Slack url_verification, etc.)\n * 2. Verify webhook signature\n * 3. Parse incoming message (null = ignored event)\n * 4. Persist task to SQL\n * 5. Fire-and-forget POST to /_agent-native/integrations/process-task\n *    (a fresh function execution with its own timeout budget)\n * 6. Return HTTP 200 immediately (within Slack's 3s SLA)\n *\n * The processor endpoint runs the actual agent loop. This split is essential\n * for serverless platforms (Netlify Lambda, Vercel, Cloudflare Workers) which\n * freeze the function as soon as the response is returned, killing any\n * lingering background promises.\n */\nexport async function handleWebhook(\n  event: H3Event,\n  options: WebhookHandlerOptions,\n): Promise<{ status: number; body: unknown }> {\n  const { adapter, beforeProcess } = options;\n\n  let incoming: IncomingMessage | null = options.incoming ?? null;\n\n  // When the caller didn't pre-parse, run the full verify + parse pipeline.\n  // Otherwise skip it — h3's body stream has already been consumed and a\n  // second readBody call hangs on streaming providers.\n  if (!incoming) {\n    // Step 1: Handle platform-specific verification challenges\n    const verification = await adapter.handleVerification(event);\n    if (verification.handled) {\n      return { status: 200, body: verification.response ?? \"ok\" };\n    }\n\n    // Step 2: Verify webhook signature\n    const isValid = await adapter.verifyWebhook(event);\n    if (!isValid) {\n      return { status: 401, body: { error: \"Invalid webhook signature\" } };\n    }\n\n    // Step 3: Parse the incoming message\n    incoming = await adapter.parseIncomingMessage(event);\n    if (!incoming) {\n      // Not a user message (bot message, edit, reaction, etc.) — acknowledge silently\n      return { status: 200, body: \"ok\" };\n    }\n  }\n\n  // Dedup is enforced inside enqueueAndDispatch — the unique index on\n  // `(platform, external_event_key)` raises a constraint violation we treat\n  // as \"already enqueued\" and respond 200. We can't dedup BEFORE the\n  // beforeProcess hook because some templates use beforeProcess for\n  // command-style intercepts that are stateless and idempotent (e.g. a\n  // Slack `/help` command that doesn't enqueue a task).\n\n  if (beforeProcess) {\n    const result = await beforeProcess(incoming, adapter);\n    if (result.handled) {\n      if (result.responseText?.trim()) {\n        const outgoing = adapter.formatAgentResponse(result.responseText);\n        await adapter.sendResponse(outgoing, incoming);\n      }\n      return { status: 200, body: \"ok\" };\n    }\n  }\n\n  // Step 4 + 5: Enqueue to SQL and dispatch to processor in a fresh request.\n  try {\n    await enqueueAndDispatch(event, incoming, options);\n  } catch (err) {\n    // Duplicate event delivery: the SQL UNIQUE constraint on\n    // (platform, external_event_key) rejected the second insert. This is\n    // the expected path when a platform retries an event that already\n    // landed (e.g. Slack 3-second timeout) — return 200 so the platform\n    // stops retrying. See H3 in the webhook security audit.\n    if (isDuplicateEventError(err)) {\n      return { status: 200, body: \"ok\" };\n    }\n    console.error(\n      `[integrations] Failed to enqueue/dispatch ${incoming.platform} message:`,\n      err,\n    );\n    // Return 500 so the platform retries. If the SQL insert failed for a\n    // non-dup reason, the message is genuinely lost — better to let Slack\n    // retry (it will re-fire the same event_callback) than silently drop it.\n    return { status: 500, body: { error: \"enqueue failed\" } };\n  }\n\n  return { status: 200, body: \"ok\" };\n}\n\n/**\n * Persist the task to SQL and dispatch a fresh HTTP request to the processor\n * endpoint. The dispatch is fire-and-forget — we deliberately do NOT await\n * the resulting fetch, so the current handler can return immediately.\n *\n * This pattern works on every supported host:\n *   - Netlify Lambda: function returns; the dispatched request hits a fresh\n *     Lambda with its own function budget.\n *   - Vercel Functions: same.\n *   - Cloudflare Workers: same (no waitUntil dependency).\n *   - Self-hosted Node: a separate request comes back through the same\n *     server, but each handler still runs to completion.\n */\nasync function enqueueAndDispatch(\n  event: H3Event,\n  incoming: IncomingMessage,\n  options: WebhookHandlerOptions,\n): Promise<void> {\n  const taskId = `task-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n\n  // Resolve the org id once at enqueue-time so the processor doesn't have to\n  // re-derive it (and so we can drop it on the row for observability).\n  let orgId: string | null = null;\n  try {\n    orgId = (await resolveOrgIdForEmail(options.ownerEmail)) ?? null;\n  } catch {\n    orgId = null;\n  }\n\n  // Post a \"thinking…\" placeholder immediately if the adapter supports\n  // in-place edits. The processor flow will update this same message with\n  // the final answer, so users see one tidy thread reply instead of\n  // \"[silence] → answer\". Adapters without edit support skip this and the\n  // processor posts a fresh response.\n  let placeholderRef: string | undefined;\n  try {\n    if (options.adapter.postProcessingPlaceholder) {\n      const placeholder =\n        await options.adapter.postProcessingPlaceholder(incoming);\n      if (placeholder?.placeholderRef) {\n        placeholderRef = placeholder.placeholderRef;\n      }\n    }\n  } catch (err) {\n    console.error(\"[integrations] postProcessingPlaceholder failed:\", err);\n  }\n\n  const payload = JSON.stringify({ incoming, placeholderRef });\n\n  await insertPendingTask({\n    id: taskId,\n    platform: incoming.platform,\n    externalThreadId: incoming.externalThreadId,\n    payload,\n    ownerEmail: options.ownerEmail,\n    orgId,\n    // SQL-level dedup key — duplicate webhook deliveries from the same\n    // platform produce the same key, so the unique index rejects the\n    // second insert (H3 in the webhook security audit).\n    externalEventKey: buildEventDedupKey(incoming),\n  });\n\n  const baseUrl = resolveBaseUrl(event);\n  const processUrl = `${baseUrl}${FRAMEWORK_ROUTE_PREFIX}/integrations/process-task`;\n\n  // Sign the dispatch with an HMAC token so the processor endpoint can\n  // verify the request came from us and not the public internet. The\n  // processor refuses unsigned requests in production (C3 in the webhook\n  // security audit). In dev, dispatching unsigned is allowed and falls\n  // through to the SQL atomic claim for double-processing protection.\n  const headers: Record<string, string> = {\n    \"Content-Type\": \"application/json\",\n  };\n  try {\n    headers[\"Authorization\"] = `Bearer ${signInternalToken(taskId)}`;\n  } catch (err) {\n    // Distinguish \"secret not configured\" (the documented dev path) from\n    // a real signing failure — silently swallowing both made malformed\n    // secrets fail invisibly (L5 in the audit).\n    if (err instanceof Error && !/A2A_SECRET/i.test(err.message)) {\n      console.error(\n        `[integrations] signInternalToken failed unexpectedly for ${taskId}:`,\n        err,\n      );\n    }\n  }\n\n  // Fire-and-forget: do NOT await the full response (the processor's run\n  // takes minutes — we don't want to block the caller). BUT on Netlify\n  // Lambda, when we return immediately, the runtime can freeze the function\n  // before the outbound TCP handshake even starts, which leaves the dispatch\n  // request stuck waiting for the 60s retry-sweep job. Race the fetch\n  // against a short timer so the request gets at least ~250ms to leave the\n  // box; the trade-off is at most ~250ms of added webhook latency.\n  const dispatchPromise = fetch(processUrl, {\n    method: \"POST\",\n    headers,\n    body: JSON.stringify({ taskId }),\n  }).catch((err) => {\n    console.error(\"[integrations] Failed to dispatch processor request:\", err);\n  });\n  await Promise.race([\n    dispatchPromise,\n    new Promise<void>((resolve) => setTimeout(resolve, 250)),\n  ]);\n}\n\n/**\n * Resolve the base URL we should dispatch the processor request to.\n * Prefers explicit env vars (most reliable on serverless), falls back to the\n * inbound request's headers.\n */\nexport function resolveBaseUrl(event: H3Event): string {\n  const fromEnv =\n    process.env.APP_URL ||\n    process.env.URL ||\n    process.env.DEPLOY_URL ||\n    process.env.BETTER_AUTH_URL;\n  if (fromEnv) return withConfiguredAppBasePath(fromEnv);\n\n  try {\n    const headers = (event as any).node?.req?.headers ?? (event as any).headers;\n    const get = (name: string): string | undefined => {\n      if (!headers) return undefined;\n      if (typeof headers.get === \"function\") {\n        return headers.get(name) ?? undefined;\n      }\n      const lower = String(name).toLowerCase();\n      const map = headers as Record<string, string | undefined>;\n      return map[name] ?? map[lower];\n    };\n    const proto = get(\"x-forwarded-proto\") || \"http\";\n    const host = get(\"host\") || `localhost:${process.env.PORT || 3000}`;\n    return withConfiguredAppBasePath(`${proto}://${host}`);\n  } catch {\n    return withConfiguredAppBasePath(\n      `http://localhost:${process.env.PORT || 3000}`,\n    );\n  }\n}\n\n/**\n * Run the actual agent loop for a previously-enqueued task. Called by the\n * processor endpoint in `plugin.ts`. This is a fresh function execution, so\n * it gets its own timeout budget independent of the inbound webhook handler.\n */\nexport async function processIntegrationTask(\n  task: PendingTask,\n  options: WebhookHandlerOptions,\n): Promise<void> {\n  const parsed = JSON.parse(task.payload) as {\n    incoming: IncomingMessage;\n    placeholderRef?: string;\n  };\n  await processIncomingMessage(parsed.incoming, options, {\n    taskId: task.id,\n    placeholderRef: parsed.placeholderRef,\n  });\n}\n\n/**\n * Resolve thread, run agent loop, post response, persist thread data.\n * Shared between the new processor endpoint and any direct callers.\n */\nasync function processIncomingMessage(\n  incoming: IncomingMessage,\n  options: WebhookHandlerOptions,\n  opts: { taskId?: string; placeholderRef?: string } = {},\n): Promise<void> {\n  const {\n    adapter,\n    systemPrompt,\n    actions,\n    model,\n    apiKey,\n    ownerEmail,\n    engine: engineOption,\n  } = options;\n\n  // Resolve or create internal thread\n  let mapping = await getThreadMapping(\n    incoming.platform,\n    incoming.externalThreadId,\n  );\n\n  if (!mapping) {\n    const thread = await createThread(ownerEmail, {\n      title: `${adapter.label}: ${incoming.senderName || incoming.senderId || \"User\"}`,\n    });\n    await saveThreadMapping(\n      incoming.platform,\n      incoming.externalThreadId,\n      thread.id,\n      incoming.platformContext,\n    );\n    mapping = {\n      platform: incoming.platform,\n      externalThreadId: incoming.externalThreadId,\n      internalThreadId: thread.id,\n      platformContext: incoming.platformContext,\n      createdAt: Date.now(),\n      updatedAt: Date.now(),\n    };\n  }\n\n  const threadId = mapping.internalThreadId;\n\n  // Load existing thread history for context\n  const thread = await getThread(threadId);\n  const existingMessages: EngineMessage[] = [];\n  if (thread?.threadData) {\n    try {\n      const data = JSON.parse(thread.threadData);\n      if (Array.isArray(data.messages)) {\n        for (const msg of data.messages) {\n          const m = msg.message ?? msg;\n          const textContent =\n            typeof m.content === \"string\"\n              ? m.content\n              : Array.isArray(m.content)\n                ? m.content\n                    .filter((c: any) => c.type === \"text\")\n                    .map((c: any) => c.text)\n                    .join(\"\\n\")\n                : \"\";\n          if (m.role === \"user\") {\n            existingMessages.push({\n              role: \"user\",\n              content: [{ type: \"text\", text: textContent }],\n            });\n          } else if (m.role === \"assistant\") {\n            existingMessages.push({\n              role: \"assistant\",\n              content: [{ type: \"text\", text: textContent }],\n            });\n          }\n        }\n      }\n    } catch {}\n  }\n\n  // Add the new user message. Include verified platform identity as lightweight\n  // context so app-specific agents can attribute requests without guessing.\n  const identityLines = [\n    `Platform: ${incoming.platform}`,\n    incoming.senderName ? `Sender name: ${incoming.senderName}` : null,\n    incoming.senderEmail ? `Sender email: ${incoming.senderEmail}` : null,\n    incoming.senderId ? `Sender ID: ${incoming.senderId}` : null,\n  ].filter(Boolean);\n  const userText =\n    identityLines.length > 1\n      ? `<integration-context>\\n${identityLines.join(\"\\n\")}\\n</integration-context>\\n\\n${incoming.text}`\n      : incoming.text;\n\n  const messages: EngineMessage[] = [\n    ...existingMessages,\n    { role: \"user\", content: [{ type: \"text\", text: userText }] },\n  ];\n\n  // Run agent loop via startRun, wrapped in a request context so that\n  // tools (especially call-agent) can resolve the caller's org for org-scoped\n  // A2A delegation. Without this, getRequestOrgId() returns undefined and\n  // call-agent can't look up the org's a2a_secret or org_domain.\n  const orgId = await resolveOrgIdForEmail(ownerEmail);\n  const tools = actionsToEngineTools(actions);\n\n  const runId = `integration-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n\n  // Wait for the run to complete inside this fresh function execution.\n  // We use a Promise so the processor endpoint can await the full lifecycle.\n  await new Promise<void>((resolve) => {\n    startRun(\n      runId,\n      threadId,\n      async (send, signal) => {\n        await runWithRequestContext(\n          {\n            userEmail: ownerEmail,\n            orgId: orgId ?? undefined,\n            // Lets downstream callers (call-agent script) apply tighter\n            // budgets on integration paths without affecting normal\n            // agent-chat. See `isIntegrationCallerRequest()`.\n            isIntegrationCaller: true,\n            integration: opts.taskId\n              ? {\n                  taskId: opts.taskId,\n                  incoming,\n                  placeholderRef: opts.placeholderRef,\n                }\n              : undefined,\n          },\n          async () => {\n            const effectiveApiKey = await resolveIntegrationApiKey(\n              engineOption,\n              ownerEmail,\n              apiKey,\n            );\n            const engine = await resolveEngine({\n              engineOption,\n              apiKey: effectiveApiKey,\n              model,\n            });\n            const resolvedModel =\n              (await getStoredModelForEngine(engine)) ??\n              model ??\n              engine.defaultModel;\n\n            return runAgentLoop({\n              engine,\n              model: resolvedModel,\n              systemPrompt,\n              tools,\n              messages,\n              actions,\n              send,\n              signal,\n            });\n          },\n        );\n      },\n      async (completedRun: ActiveRun) => {\n        try {\n          // Collect text events from the run, but drop any pre-tool-call\n          // preamble so the user sees just the final answer instead of\n          // \"I need to delegate this...\" run-on into the raw tool result.\n          //\n          // Heuristic: when the agent fired any tool, only keep text events\n          // that come AFTER the last tool. The preamble (\"Let me check…\")\n          // and the final answer (\"630\") are emitted as two separate text\n          // events, and concatenating them with no separator was producing\n          // \"...signup data.630\" in Slack.\n          let lastToolIdx = -1;\n          for (let i = completedRun.events.length - 1; i >= 0; i--) {\n            const t = completedRun.events[i].event.type;\n            if (t === \"tool_start\" || t === \"tool_done\") {\n              lastToolIdx = i;\n              break;\n            }\n          }\n          const startIdx = lastToolIdx >= 0 ? lastToolIdx + 1 : 0;\n          let responseText = \"\";\n          for (let i = startIdx; i < completedRun.events.length; i++) {\n            const ev = completedRun.events[i].event;\n            if (ev.type === \"text\") responseText += ev.text;\n          }\n          // If the post-tool window had no text (tool spoke for itself),\n          // fall back to all text events so we never leave the user with\n          // an empty reply.\n          if (!responseText.trim() && lastToolIdx >= 0) {\n            for (const runEvent of completedRun.events) {\n              if (runEvent.event.type === \"text\") {\n                responseText += runEvent.event.text;\n              }\n            }\n          }\n\n          // If the run errored OR produced no text, post a graceful fallback so\n          // the user isn't left wondering whether the bot saw their message.\n          // Common case: an A2A delegation timed out and the agent loop bailed\n          // before generating any user-facing text.\n          const runErrored = completedRun.status === \"errored\";\n          if (!responseText.trim() || runErrored) {\n            if (runErrored) {\n              responseText =\n                (responseText.trim() ? responseText + \"\\n\\n\" : \"\") +\n                \"I ran into a problem before I could finish that one. \" +\n                \"If it was a complex analytics question, opening the analytics app \" +\n                \"directly is the most reliable way to get an answer right now.\";\n            } else {\n              responseText = \"(No response)\";\n            }\n          }\n\n          // Compute the deep-link to the dispatch UI for this thread, then\n          // hand it to the adapter as a structured `threadDeepLinkUrl` so\n          // platforms with rich blocks (Slack) can render a button instead\n          // of inlining a `<url|text>` link that auto-unfurls into a giant\n          // preview card.\n          const baseUrl = process.env.APP_URL || process.env.URL || \"\";\n          const appBaseUrl = baseUrl ? withConfiguredAppBasePath(baseUrl) : \"\";\n          const threadDeepLinkUrl =\n            appBaseUrl && threadId\n              ? `${appBaseUrl}/?thread=${threadId}`\n              : undefined;\n\n          // Format and send back to platform — update the \"thinking…\"\n          // placeholder in place if the adapter supplied one.\n          const outgoing = adapter.formatAgentResponse(responseText, {\n            threadDeepLinkUrl,\n          });\n          await adapter.sendResponse(outgoing, incoming, {\n            placeholderRef: opts.placeholderRef,\n          });\n\n          // Persist thread data\n          await persistThreadData(\n            threadId,\n            incoming.text,\n            completedRun,\n            thread,\n          );\n        } catch (err) {\n          console.error(\n            `[integrations] Error sending response to ${incoming.platform}:`,\n            err,\n          );\n          // Last-ditch: try to post a brief apology so the thread isn't silent.\n          try {\n            const fallback = adapter.formatAgentResponse(\n              \"Something went wrong on my end while replying. Please try again.\",\n            );\n            await adapter.sendResponse(fallback, incoming);\n          } catch {}\n        } finally {\n          resolve();\n        }\n      },\n    );\n  });\n}\n\n/**\n * Persist the user message and agent response to the thread data,\n * so the conversation history is available in the web UI too.\n */\nasync function persistThreadData(\n  threadId: string,\n  userText: string,\n  completedRun: ActiveRun,\n  thread: any,\n): Promise<void> {\n  try {\n    let repo: any;\n    try {\n      repo = JSON.parse(thread?.threadData || \"{}\");\n    } catch {\n      repo = {};\n    }\n    if (!Array.isArray(repo.messages)) repo.messages = [];\n\n    // Add user message\n    const userMsg = {\n      id: `msg-${Date.now()}-user`,\n      role: \"user\",\n      content: [{ type: \"text\", text: userText }],\n      createdAt: new Date().toISOString(),\n    };\n\n    // Build assistant message from run events\n    const assistantMsg = buildAssistantMessage(\n      completedRun.events ?? [],\n      completedRun.runId,\n    );\n\n    repo.messages.push(userMsg);\n    if (assistantMsg) {\n      repo.messages.push(assistantMsg);\n    }\n\n    const meta = extractThreadMeta(repo);\n    await updateThreadData(\n      threadId,\n      JSON.stringify(repo),\n      meta.title || thread?.title || \"Integration Chat\",\n      meta.preview || thread?.preview || \"\",\n      repo.messages.length,\n    );\n  } catch {\n    // Best-effort persistence\n  }\n}\n"]}

package/dist/org/handlers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/org/handlers.ts"],"names":[],"mappings":"AA4CA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AA2B1C,2FAA2F;AAC3F,eAAO,MAAM,eAAe;;;;;;;cAaA,OAAO;;;;;;;;;;eAIC,MAAM;iBAAW,MAAM;;;;GAoEzD,CAAC;AAEH,0DAA0D;AAC1D,eAAO,MAAM,gBAAgB;;;;GAkC3B,CAAC;AAEH,wDAAwD;AACxD,eAAO,MAAM,kBAAkB;;;cAWH,OAAO;;;GAIjC,CAAC;AAEH,mEAAmE;AACnE,eAAO,MAAM,uBAAuB;;;;;;GA+EnC,CAAC;AAEF,gFAAgF;AAChF,eAAO,MAAM,sBAAsB;;;;;;;;GAqBlC,CAAC;AAEF,4EAA4E;AAC5E,eAAO,MAAM,uBAAuB;;;UAmD8B,OAAO;GAkBxE,CAAC;AAEF,oFAAoF;AACpF,eAAO,MAAM,mBAAmB;;GA2D/B,CAAC;AAEF,oFAAoF;AACpF,eAAO,MAAM,gBAAgB;;;GA4B3B,CAAC;AAEH,4EAA4E;AAC5E,eAAO,MAAM,gBAAgB;;;UAkCC,OAAO;GAEnC,CAAC;AAEH,mGAAmG;AACnG,eAAO,MAAM,mBAAmB;;;UAqDR,OAAO;GAG9B,CAAC;AAEF,+FAA+F;AAC/F,eAAO,MAAM,gBAAgB;;GA2C3B,CAAC;AAEH,oGAAoG;AACpG,eAAO,MAAM,mBAAmB;;;GA0C/B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,oBAAoB;;;;;YA2DvB,MAAM;cACJ,MAAM;aACP,MAAM;YACP,OAAO;iBACF,MAAM;gBACP,MAAM;;GAyDnB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,uBAAuB;;;GAgGnC,CAAC"}
+{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/org/handlers.ts"],"names":[],"mappings":"AA4CA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AA2B1C,2FAA2F;AAC3F,eAAO,MAAM,eAAe;;;;;;;cAaA,OAAO;;;;;;;;;;eAIC,MAAM;iBAAW,MAAM;;;;GA0EzD,CAAC;AAEH,0DAA0D;AAC1D,eAAO,MAAM,gBAAgB;;;;GAkC3B,CAAC;AAEH,wDAAwD;AACxD,eAAO,MAAM,kBAAkB;;;cAWH,OAAO;;;GAIjC,CAAC;AAEH,mEAAmE;AACnE,eAAO,MAAM,uBAAuB;;;;;;GA+EnC,CAAC;AAEF,gFAAgF;AAChF,eAAO,MAAM,sBAAsB;;;;;;;;GAqBlC,CAAC;AAEF,4EAA4E;AAC5E,eAAO,MAAM,uBAAuB;;;UAmD8B,OAAO;GAkBxE,CAAC;AAEF,oFAAoF;AACpF,eAAO,MAAM,mBAAmB;;GA2D/B,CAAC;AAEF,oFAAoF;AACpF,eAAO,MAAM,gBAAgB;;;GA4B3B,CAAC;AAEH,4EAA4E;AAC5E,eAAO,MAAM,gBAAgB;;;UAkCC,OAAO;GAEnC,CAAC;AAEH,mGAAmG;AACnG,eAAO,MAAM,mBAAmB;;;UAqDR,OAAO;GAG9B,CAAC;AAEF,+FAA+F;AAC/F,eAAO,MAAM,gBAAgB;;GA2C3B,CAAC;AAEH,oGAAoG;AACpG,eAAO,MAAM,mBAAmB;;;GA0C/B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,oBAAoB;;;;;YA2DvB,MAAM;cACJ,MAAM;aACP,MAAM;YACP,OAAO;iBACF,MAAM;gBACP,MAAM;;GAyDnB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,uBAAuB;;;GAgGnC,CAAC"}

package/dist/org/handlers.js

@@ -71,22 +71,28 @@ export const getMyOrgHandler = defineEventHandler(async (event) => {
         orgName: String(r.orgName ?? r.org_name),
     }));
     let domainMatches = [];
-    if (!ctx.orgId) {
-        const domain = ctx.email.split("@")[1]?.toLowerCase();
-        if (domain) {
-            try {
-                const dmRes = await e.execute({
-                    sql: `SELECT id, name FROM organizations WHERE LOWER(allowed_domain) = ?`,
-                    args: [domain],
-                });
-                domainMatches = dmRes.rows.map((r) => ({
-                    orgId: String(r.id),
-                    orgName: String(r.name),
-                }));
-            }
-            catch {
-                // allowed_domain column may not exist yet if migration hasn't run
-            }
+    const domain = ctx.email.split("@")[1]?.toLowerCase();
+    if (domain) {
+        try {
+            const dmRes = await e.execute({
+                sql: `SELECT o.id, o.name
+              FROM organizations o
+              WHERE LOWER(o.allowed_domain) = ?
+                AND NOT EXISTS (
+                  SELECT 1
+                  FROM org_members m
+                  WHERE m.org_id = o.id
+                    AND LOWER(m.email) = ?
+                )`,
+                args: [domain, ctx.email.toLowerCase()],
+            });
+            domainMatches = dmRes.rows.map((r) => ({
+                orgId: String(r.id),
+                orgName: String(r.name),
+            }));
+        }
+        catch {
+            // allowed_domain column may not exist yet if migration hasn't run
         }
     }
     let allowedDomain = null;

package/dist/org/handlers.js.map

@@ -1 +1 @@
-{"version":3,"file":"handlers.js","sourceRoot":"","sources":["../../src/org/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,WAAW,GAEZ,MAAM,IAAI,CAAC;AAEZ;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC/C,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,yBAAyB,CAAC;QACrC,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;IACzD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AAED,iFAAiF;AACjF,SAAS,kBAAkB,CAAC,KAAc;IACxC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAClD,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC9E,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AACD,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7C,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,OAAO,SAAS,EAAE,CAAC;AACrB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAkC;IAC1D,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,2FAA2F;AAC3F,MAAM,CAAC,MAAM,eAAe,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IACzE,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IAEvC,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;mCAG0B;QAC/B,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC5C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;KACzC,CAAC,CAAC,CAAC;IAEJ,IAAI,aAAa,GAA8C,EAAE,CAAC;IAClE,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;QACtD,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;oBAC5B,GAAG,EAAE,oEAAoE;oBACzE,IAAI,EAAE,CAAC,MAAM,CAAC;iBACf,CAAC,CAAC;gBACH,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;oBAC1C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;oBACnB,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;iBACxB,CAAC,CAAC,CAAC;YACN,CAAC;YAAC,MAAM,CAAC;gBACP,kEAAkE;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;gBAC5B,GAAG,EAAE,2EAA2E;gBAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;aAClB,CAAC,CAAC;YACH,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClB,aAAa;oBACX,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;gBAC9D,SAAS,GAAG,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;YACtE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC;IAEpE,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,oEAAoE;QACpE,6DAA6D;QAC7D,kEAAkE;QAClE,+DAA+D;QAC/D,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC1D,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;QACxC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;KAC/C,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,IAAI;QACJ,kBAAkB;QAClB,aAAa;QACb,aAAa;QACb,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KAClD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,0DAA0D;AAC1D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,8DAA8D;IAC9D,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAExD,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,iGAAiG;QACtG,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,CAAC;KAC3C,CAAC,CAAC;IAEH,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,qFAAqF;QAC1F,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC;KAC7C,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC5C,CAAC,CAAC,CAAC;AAEH,wDAAwD;AACxD,MAAM,CAAC,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC5E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IAEvC,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,+EAA+E;QACpF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACpC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,SAAS,CAAC;KAC5C,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC,CAAC,CAAC;AAEH,mEAAmE;AACnE,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sDAAsD;SAChE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,CAAC;IACjD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,mEAAmE;IACnE,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,kEAAkE;IAClE,kEAAkE;IAClE,aAAa;IACb,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACvC,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+CAA+C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,oGAAoG;QACzG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACvC,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,mHAAmH;QACxH,IAAI,EAAE,CAAC,EAAE,EAAE,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KACpD,CAAC,CAAC;IAEH,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,IAAI,UAA8B,CAAC;IACnC,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;gBAChD,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,WAAW;gBACnC,SAAS,EAAE,eAAe,CAAC,KAAK,CAAC;gBACjC,OAAO,EAAE,GAAG,CAAC,KAAK;aACnB,CAAC,CAAC;YACH,MAAM,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,UAAU,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACjE,CAAC,CACF,CAAC;AAEF,gFAAgF;AAChF,MAAM,CAAC,MAAM,sBAAsB,GAAG,kBAAkB,CACtD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAE3C,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE;;oDAEyC;QAC9C,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACxC,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;KACzB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,WAAW,EAAE,CAAC;AACzB,CAAC,CACF,CAAC;AAEF,4EAA4E;AAC5E,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,YAAY,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,2DAA2D;QAC3D,gDAAgD;QAChD,GAAG,EAAE;6EACkE;QACvE,IAAI,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KAC1C,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAEjD,MAAM,kBAAkB,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACzC,GAAG,EAAE,4EAA4E;QACjF,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACtC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,qDAAqD;QAC1D,IAAI,EAAE,CAAC,QAAQ,CAAC;KACjB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAE5D,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,CAAC,OAAO,CAAC;YACd,GAAG,EAAE,6DAA6D;YAClE,IAAI,EAAE,CAAC,YAAY,CAAC;SACrB,CAAC,CAAC;QACH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClE,OAAO;YACL,KAAK,EAAE,QAAQ;YACf,OAAO;YACP,IAAI,EAAE,MAAM,CAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAY;SAClE,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC9C,CAAC,CAAC;IAEH,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,6DAA6D;QAClE,IAAI,EAAE,CAAC,YAAY,CAAC;KACrB,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;IAElE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAmB,EAAE,CAAC;AACjE,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,gEAAgE;IAChE,kEAAkE;IAClE,kEAAkE;IAClE,gEAAgE;IAChE,+DAA+D;IAC/D,mEAAmE;IACnE,uCAAuC;IACvC,MAAM,gBAAgB,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IACnD,IAAI,gBAAgB,KAAK,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACzE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,gEAAgE;IAChE,iEAAiE;IACjE,6DAA6D;IAC7D,8DAA8D;IAC9D,gEAAgE;IAChE,6DAA6D;IAC7D,gEAAgE;IAChE,2DAA2D;IAC3D,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,+DAA+D;QACpE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,gDAAgD;QACrD,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC;KACxB,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;AACpC,CAAC,CAAC,CAAC;AAEH,4EAA4E;AAC5E,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IAEH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACtC,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC;QAC5C,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAY;KAClC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,mGAAmG;AACnG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,CAAC;KACd,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IAEtD,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,UAAU,EAAE,CAAC;QACnD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qEAAqE;SACxE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC3C,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;QACzB,IAAI,EAAE,QAAmB;KAC1B,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,+FAA+F;AAC/F,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC;IAExD,IAAI,GAAG,IAAI,CAAC,+CAA+C,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACtE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;YAC/B,GAAG,EAAE,kFAAkF;YACvF,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;SACvB,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,+CAA+C;aACzD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,0DAA0D;QAC/D,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;KACvB,CAAC,CAAC;IAEH,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,oGAAoG;AACpG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAE1C,2CAA2C;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACpD,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,wEAAwE;IACxE,8DAA8D;IAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,2DAA2D;QAChE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,cAAc,GAClB,MAAM,CAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE7D,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC;KAC1B,CAAC,CAAC;IAEH,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;AAC/C,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,kBAAkB,CACpD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,kBAAkB,GACtB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QAC5D,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QACxB,CAAC,CAAC,IAAI,CAAC;IAEX,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,2EAA2E;QAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IACvD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE9D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2DAA2D;SACrE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,+GAA+G;SAClH,CAAC,CAAC;IACL,CAAC;IAED,MAAM,UAAU,GAAG,kBAAkB,IAAI,MAAM,CAAC;IAEhD,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;IACxE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAE1D,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;IAEtC,MAAM,OAAO,GAOR,EAAE,CAAC;IAER,MAAM,OAAO,CAAC,GAAG,CACf,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACzB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAEnE,MAAM,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,uCAAuC,CAAC;YACtF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC9B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,KAAK,EAAE;iBACjC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;aAC5C,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC;oBACX,EAAE,EAAE,KAAK,CAAC,EAAE;oBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;oBACd,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,KAAK,EAAE,IAAI,IAAI,GAAG,CAAC,UAAU;iBAC9B,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,GAAG,CAAC,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC;IACrD,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,SAAS;QACT,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,SAAS;QAClC,OAAO;KACR,CAAC;AACJ,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAElC,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5D,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEjD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7D,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,SAAS,KAAK,QAAQ;QACjC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,CAAC,CAAC,EAAE,CAAC;IACT,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,sEAAsE;IACtE,sEAAsE;IACtE,IAAI,aAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACzC,aAAa;YACV,UAAU,CAAC,UAAiC,IAAI,SAAS,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,eAAe;SACzB,CAAC,CAAC;IACL,CAAC;IACD,IACE,CAAC,aAAa;QACd,aAAa,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,WAAW,EAAE,EACvD,CAAC;QACD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,4CAA4C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,kFAAkF;QACvF,IAAI,EAAE,CAAC,SAAS,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE5D,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,qEAAqE;QACrE,8DAA8D;QAC9D,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qGAAqG;SACxG,CAAC,CAAC;IACL,CAAC;IAED,uEAAuE;IACvE,mEAAmE;IACnE,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KAC9B,CAAC,CAAC;IAEH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;AACzC,CAAC,CACF,CAAC","sourcesContent":["import {\n  defineEventHandler,\n  getRouterParam,\n  getRequestURL,\n  createError,\n  type H3Event,\n} from \"h3\";\n\n/**\n * Extract the :id from invitation-accept paths. The framework request handler\n * strips the mount prefix before calling the handler, so `event.url.pathname`\n * is the relative tail — e.g. `/some-id/accept`. Falls back to matching the\n * full path for contexts that don't strip, and to the h3 router param.\n */\nfunction extractInvitationId(event: H3Event): string | undefined {\n  const fromRouter = getRouterParam(event, \"id\");\n  if (fromRouter) return fromRouter;\n  const path = getRequestURL(event).pathname;\n  const match =\n    path.match(/^\\/([^\\/]+)\\/accept\\/?$/) ??\n    path.match(/\\/org\\/invitations\\/([^\\/]+)\\/accept\\/?$/);\n  return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\n\n/** Extract the :email from member-delete paths. Same prefix-stripping caveat. */\nfunction extractMemberEmail(event: H3Event): string | undefined {\n  const fromRouter = getRouterParam(event, \"email\");\n  if (fromRouter) return fromRouter;\n  const path = getRequestURL(event).pathname;\n  const match =\n    path.match(/^\\/([^\\/]+)\\/?$/) ?? path.match(/\\/org\\/members\\/([^\\/]+)\\/?$/);\n  return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\nconst nanoid = (): string =>\n  globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n  Math.random().toString(36).slice(2) + Date.now().toString(36);\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { getSession } from \"../server/auth.js\";\nimport { putUserSetting } from \"../settings/user-settings.js\";\nimport { getDbExec } from \"../db/client.js\";\nimport { sendEmail, isEmailConfigured } from \"../server/email.js\";\nimport { renderInviteEmail } from \"../server/email-templates.js\";\nimport { getAppProductionUrl } from \"../server/app-url.js\";\nimport { getOrgContext } from \"./context.js\";\nimport type { OrgRole } from \"./types.js\";\n\nfunction getInviteAppUrl(event: H3Event): string {\n  return getAppProductionUrl(event);\n}\n\nfunction escapeHtml(s: string): string {\n  return s\n    .replace(/&/g, \"&amp;\")\n    .replace(/</g, \"&lt;\")\n    .replace(/>/g, \"&gt;\")\n    .replace(/\"/g, \"&quot;\")\n    .replace(/'/g, \"&#39;\");\n}\n\nasync function exec() {\n  return getDbExec();\n}\n\nfunction requireAuthEmail(session: { email?: string } | null): string {\n  const email = session?.email;\n  if (!email) {\n    throw createError({ statusCode: 401, message: \"Authentication required\" });\n  }\n  return email;\n}\n\n/** GET /_agent-native/org/me — current user's active org, all orgs, pending invitations */\nexport const getMyOrgHandler = defineEventHandler(async (event: H3Event) => {\n  const ctx = await getOrgContext(event);\n\n  const e = await exec();\n  const allOrgsRes = await e.execute({\n    sql: `SELECT m.org_id AS \"orgId\", m.role AS role, o.name AS \"orgName\"\n          FROM org_members m\n          INNER JOIN organizations o ON m.org_id = o.id\n          WHERE LOWER(m.email) = ?`,\n    args: [ctx.email.toLowerCase()],\n  });\n  const orgs = allOrgsRes.rows.map((r: any) => ({\n    orgId: String(r.orgId ?? r.org_id),\n    role: String(r.role) as OrgRole,\n    orgName: String(r.orgName ?? r.org_name),\n  }));\n\n  let domainMatches: Array<{ orgId: string; orgName: string }> = [];\n  if (!ctx.orgId) {\n    const domain = ctx.email.split(\"@\")[1]?.toLowerCase();\n    if (domain) {\n      try {\n        const dmRes = await e.execute({\n          sql: `SELECT id, name FROM organizations WHERE LOWER(allowed_domain) = ?`,\n          args: [domain],\n        });\n        domainMatches = dmRes.rows.map((r: any) => ({\n          orgId: String(r.id),\n          orgName: String(r.name),\n        }));\n      } catch {\n        // allowed_domain column may not exist yet if migration hasn't run\n      }\n    }\n  }\n\n  let allowedDomain: string | null = null;\n  let a2aSecret: string | null = null;\n  if (ctx.orgId) {\n    try {\n      const adRes = await e.execute({\n        sql: `SELECT allowed_domain, a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n        args: [ctx.orgId],\n      });\n      if (adRes.rows[0]) {\n        allowedDomain =\n          String((adRes.rows[0] as any).allowed_domain ?? \"\") || null;\n        a2aSecret = String((adRes.rows[0] as any).a2a_secret ?? \"\") || null;\n      }\n    } catch {\n      // Column may not exist yet\n    }\n  }\n\n  const isOwnerOrAdmin = ctx.role === \"owner\" || ctx.role === \"admin\";\n\n  const invitesRes = await e.execute({\n    // Case-insensitive match: invitations are stored with whatever case\n    // the inviter typed, but the session email may be normalized\n    // differently by the auth provider. LOWER(both sides) keeps these\n    // discoverable and matches getOrgContext.hasPendingInvitation.\n    sql: `SELECT i.id AS id, i.org_id AS \"orgId\", o.name AS \"orgName\", i.invited_by AS \"invitedBy\"\n          FROM org_invitations i\n          INNER JOIN organizations o ON i.org_id = o.id\n          WHERE LOWER(i.email) = ? AND i.status = 'pending'`,\n    args: [ctx.email.toLowerCase()],\n  });\n  const pendingInvitations = invitesRes.rows.map((r: any) => ({\n    id: String(r.id),\n    orgId: String(r.orgId ?? r.org_id),\n    orgName: String(r.orgName ?? r.org_name),\n    invitedBy: String(r.invitedBy ?? r.invited_by),\n  }));\n\n  return {\n    email: ctx.email,\n    orgId: ctx.orgId,\n    orgName: ctx.orgName,\n    role: ctx.role,\n    orgs,\n    pendingInvitations,\n    domainMatches,\n    allowedDomain,\n    a2aSecret: isOwnerOrAdmin ? a2aSecret : undefined,\n  };\n});\n\n/** POST /_agent-native/org — create a new organization */\nexport const createOrgHandler = defineEventHandler(async (event: H3Event) => {\n  const session = await getSession(event);\n  const email = requireAuthEmail(session);\n\n  const body = await readBody(event);\n  const name = body?.name?.trim();\n  if (!name) {\n    throw createError({\n      statusCode: 400,\n      message: \"Organization name is required\",\n    });\n  }\n\n  const orgId = nanoid();\n  const now = Date.now();\n  const e = await exec();\n\n  // Auto-generate a per-org A2A secret for cross-app delegation\n  const { randomBytes } = await import(\"node:crypto\");\n  const a2aSecret = randomBytes(32).toString(\"base64url\");\n\n  await e.execute({\n    sql: `INSERT INTO organizations (id, name, created_by, created_at, a2a_secret) VALUES (?, ?, ?, ?, ?)`,\n    args: [orgId, name, email, now, a2aSecret],\n  });\n\n  await e.execute({\n    sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, ?, ?)`,\n    args: [nanoid(), orgId, email, \"owner\", now],\n  });\n\n  await putUserSetting(email, \"active-org-id\", { orgId });\n\n  return { id: orgId, name, role: \"owner\" };\n});\n\n/** GET /_agent-native/org/members — list org members */\nexport const listMembersHandler = defineEventHandler(async (event: H3Event) => {\n  const ctx = await getOrgContext(event);\n  if (!ctx.orgId) return { members: [] };\n\n  const e = await exec();\n  const { rows } = await e.execute({\n    sql: `SELECT email, role, joined_at AS \"joinedAt\" FROM org_members WHERE org_id = ?`,\n    args: [ctx.orgId],\n  });\n  const members = rows.map((r: any) => ({\n    email: String(r.email),\n    role: String(r.role) as OrgRole,\n    joinedAt: Number(r.joinedAt ?? r.joined_at),\n  }));\n  return { members };\n});\n\n/** POST /_agent-native/org/invitations — invite a user by email */\nexport const createInvitationHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const ctx = await getOrgContext(event);\n    if (!ctx.orgId) {\n      throw createError({\n        statusCode: 400,\n        message: \"You must belong to an organization to invite members\",\n      });\n    }\n    if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n      throw createError({\n        statusCode: 403,\n        message: \"Only owners and admins can invite members\",\n      });\n    }\n\n    const body = await readBody(event);\n    const email = body?.email?.trim()?.toLowerCase();\n    if (!email) {\n      throw createError({ statusCode: 400, message: \"Email is required\" });\n    }\n\n    const e = await exec();\n\n    // Existing rows in org_members / org_invitations may have any case\n    // (writes haven't been normalized historically). Compare with LOWER\n    // on both sides so an \"alice@...\" invite check correctly recognizes\n    // an existing \"Alice@...\" membership. `email` is already lowercased\n    // at parse time above, but call .toLowerCase() explicitly here so\n    // the contract at the SQL boundary matches every other handler in\n    // this file.\n    const existingMember = await e.execute({\n      sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n      args: [ctx.orgId, email.toLowerCase()],\n    });\n    if (existingMember.rows.length > 0) {\n      throw createError({\n        statusCode: 409,\n        message: \"User is already a member of this organization\",\n      });\n    }\n\n    const existingInvite = await e.execute({\n      sql: `SELECT 1 FROM org_invitations WHERE org_id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n      args: [ctx.orgId, email.toLowerCase()],\n    });\n    if (existingInvite.rows.length > 0) {\n      throw createError({\n        statusCode: 409,\n        message: \"An invitation is already pending for this email\",\n      });\n    }\n\n    const id = nanoid();\n    await e.execute({\n      sql: `INSERT INTO org_invitations (id, org_id, email, invited_by, created_at, status) VALUES (?, ?, ?, ?, ?, 'pending')`,\n      args: [id, ctx.orgId, email, ctx.email, Date.now()],\n    });\n\n    let emailSent = false;\n    let emailError: string | undefined;\n    if (isEmailConfigured()) {\n      try {\n        const { subject, html, text } = renderInviteEmail({\n          invitee: email,\n          orgName: ctx.orgName || \"your team\",\n          acceptUrl: getInviteAppUrl(event),\n          inviter: ctx.email,\n        });\n        await sendEmail({ to: email, subject, html, text });\n        emailSent = true;\n      } catch (err) {\n        emailError = err instanceof Error ? err.message : String(err);\n        console.error(\"[org/invitations] failed to send invite email\", err);\n      }\n    }\n\n    return { id, email, status: \"pending\", emailSent, emailError };\n  },\n);\n\n/** GET /_agent-native/org/invitations — list pending invitations for the org */\nexport const listInvitationsHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const ctx = await getOrgContext(event);\n    if (!ctx.orgId) return { invitations: [] };\n\n    const e = await exec();\n    const { rows } = await e.execute({\n      sql: `SELECT id, email, invited_by AS \"invitedBy\", created_at AS \"createdAt\", status\n            FROM org_invitations\n            WHERE org_id = ? AND status = 'pending'`,\n      args: [ctx.orgId],\n    });\n    const invitations = rows.map((r: any) => ({\n      id: String(r.id),\n      email: String(r.email),\n      invitedBy: String(r.invitedBy ?? r.invited_by),\n      createdAt: Number(r.createdAt ?? r.created_at),\n      status: String(r.status),\n    }));\n    return { invitations };\n  },\n);\n\n/** POST /_agent-native/org/invitations/:id/accept — accept an invitation */\nexport const acceptInvitationHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const session = await getSession(event);\n    const email = requireAuthEmail(session);\n\n    const invitationId = extractInvitationId(event);\n    if (!invitationId) {\n      throw createError({\n        statusCode: 400,\n        message: \"Invitation ID required\",\n      });\n    }\n\n    const e = await exec();\n\n    const invRes = await e.execute({\n      // Case-insensitive on email — see comment on the analogous\n      // pending-invitations query in getMyOrgHandler.\n      sql: `SELECT id, org_id AS \"orgId\" FROM org_invitations\n            WHERE id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n      args: [invitationId, email.toLowerCase()],\n    });\n    if (invRes.rows.length === 0) {\n      throw createError({\n        statusCode: 404,\n        message: \"Invitation not found or already used\",\n      });\n    }\n    const inv = invRes.rows[0] as any;\n    const invOrgId = String(inv.orgId ?? inv.org_id);\n\n    const existingMembership = await e.execute({\n      sql: `SELECT role FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n      args: [invOrgId, email.toLowerCase()],\n    });\n\n    const orgRes = await e.execute({\n      sql: `SELECT name FROM organizations WHERE id = ? LIMIT 1`,\n      args: [invOrgId],\n    });\n    const orgName = String((orgRes.rows[0] as any)?.name ?? \"\");\n\n    if (existingMembership.rows.length > 0) {\n      await e.execute({\n        sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n        args: [invitationId],\n      });\n      await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n      return {\n        orgId: invOrgId,\n        orgName,\n        role: String((existingMembership.rows[0] as any).role) as OrgRole,\n      };\n    }\n\n    await e.execute({\n      sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n      args: [nanoid(), invOrgId, email, Date.now()],\n    });\n\n    await e.execute({\n      sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n      args: [invitationId],\n    });\n\n    await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n\n    return { orgId: invOrgId, orgName, role: \"member\" as OrgRole };\n  },\n);\n\n/** DELETE /_agent-native/org/members/:email — remove a member (owner/admin only) */\nexport const removeMemberHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const ctx = await getOrgContext(event);\n    if (!ctx.orgId) {\n      throw createError({ statusCode: 400, message: \"No organization found\" });\n    }\n    if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n      throw createError({\n        statusCode: 403,\n        message: \"Only owners and admins can remove members\",\n      });\n    }\n\n    const memberEmail = extractMemberEmail(event);\n    if (!memberEmail) {\n      throw createError({ statusCode: 400, message: \"Email is required\" });\n    }\n\n    // memberEmail comes from the URL path verbatim; org_members may\n    // hold the row with any case. LOWER both sides for the lookup AND\n    // the DELETE so removal works regardless of how either side cased\n    // it. The self-removal guard ALSO compares case-insensitively —\n    // otherwise an owner whose email was stored as Alice@... could\n    // remove themselves via the lowercase URL alice@..., bypassing the\n    // guard and leaving the org ownerless.\n    const memberEmailLower = memberEmail.toLowerCase();\n    if (memberEmailLower === ctx.email.toLowerCase() && ctx.role === \"owner\") {\n      throw createError({\n        statusCode: 400,\n        message: \"Organization owner cannot remove themselves\",\n      });\n    }\n    const e = await exec();\n    // Look specifically for an OWNER row matching this email rather\n    // than just \"any matching row\". Duplicate-case rows are possible\n    // (e.g. legacy data with both \"Alice@...\" and \"alice@...\" in\n    // org_members), and the prior `SELECT role ... LIMIT 1` could\n    // return the non-owner duplicate, pass the role check, and then\n    // the case-insensitive DELETE below would remove BOTH rows —\n    // including the owner — leaving the org ownerless. Querying for\n    // the owner row directly closes that case-mismatch attack.\n    const ownerCheck = await e.execute({\n      sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? AND role = 'owner' LIMIT 1`,\n      args: [ctx.orgId, memberEmailLower],\n    });\n    if (ownerCheck.rows.length > 0) {\n      throw createError({\n        statusCode: 403,\n        message: \"Cannot remove the organization owner\",\n      });\n    }\n\n    await e.execute({\n      sql: `DELETE FROM org_members WHERE org_id = ? AND LOWER(email) = ?`,\n      args: [ctx.orgId, memberEmailLower],\n    });\n\n    return { success: true };\n  },\n);\n\n/** PATCH /_agent-native/org — rename the current organization (owner/admin only) */\nexport const updateOrgHandler = defineEventHandler(async (event: H3Event) => {\n  const ctx = await getOrgContext(event);\n  if (!ctx.orgId) {\n    throw createError({ statusCode: 400, message: \"No organization found\" });\n  }\n  if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n    throw createError({\n      statusCode: 403,\n      message: \"Only owners and admins can update the organization\",\n    });\n  }\n\n  const body = await readBody(event);\n  const name = body?.name?.trim();\n  if (!name) {\n    throw createError({\n      statusCode: 400,\n      message: \"Organization name is required\",\n    });\n  }\n\n  const e = await exec();\n  await e.execute({\n    sql: `UPDATE organizations SET name = ? WHERE id = ?`,\n    args: [name, ctx.orgId],\n  });\n\n  return { orgId: ctx.orgId, name };\n});\n\n/** PUT /_agent-native/org/switch — switch the user's active organization */\nexport const switchOrgHandler = defineEventHandler(async (event: H3Event) => {\n  const session = await getSession(event);\n  const email = requireAuthEmail(session);\n\n  const body = await readBody(event);\n  const orgId = body?.orgId;\n\n  if (!orgId) {\n    await putUserSetting(email, \"active-org-id\", { orgId: null });\n    return { orgId: null, orgName: null, role: null };\n  }\n\n  const e = await exec();\n  const membership = await e.execute({\n    sql: `SELECT m.role AS role, o.name AS \"orgName\"\n          FROM org_members m\n          INNER JOIN organizations o ON m.org_id = o.id\n          WHERE m.org_id = ? AND LOWER(m.email) = ? LIMIT 1`,\n    args: [orgId, email.toLowerCase()],\n  });\n\n  if (membership.rows.length === 0) {\n    throw createError({\n      statusCode: 403,\n      message: \"You are not a member of that organization\",\n    });\n  }\n\n  await putUserSetting(email, \"active-org-id\", { orgId });\n\n  const row = membership.rows[0] as any;\n  return {\n    orgId,\n    orgName: String(row.orgName ?? row.org_name),\n    role: String(row.role) as OrgRole,\n  };\n});\n\n/** POST /_agent-native/org/join-by-domain — join an org whose allowed_domain matches your email */\nexport const joinByDomainHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const session = await getSession(event);\n    const email = requireAuthEmail(session);\n\n    const body = await readBody(event);\n    const orgId = body?.orgId;\n    if (!orgId) {\n      throw createError({ statusCode: 400, message: \"orgId is required\" });\n    }\n\n    const e = await exec();\n\n    const orgRes = await e.execute({\n      sql: `SELECT id, name, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n      args: [orgId],\n    });\n    if (orgRes.rows.length === 0) {\n      throw createError({ statusCode: 404, message: \"Organization not found\" });\n    }\n    const org = orgRes.rows[0] as any;\n    const allowedDomain = String(org.allowed_domain || \"\").toLowerCase();\n    const userDomain = email.split(\"@\")[1]?.toLowerCase();\n\n    if (!allowedDomain || allowedDomain !== userDomain) {\n      throw createError({\n        statusCode: 403,\n        message:\n          \"Your email domain does not match this organization's allowed domain\",\n      });\n    }\n\n    const existing = await e.execute({\n      sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n      args: [orgId, email.toLowerCase()],\n    });\n    if (existing.rows.length > 0) {\n      throw createError({\n        statusCode: 409,\n        message: \"Already a member of this organization\",\n      });\n    }\n\n    await e.execute({\n      sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n      args: [nanoid(), orgId, email, Date.now()],\n    });\n\n    await putUserSetting(email, \"active-org-id\", { orgId });\n\n    return {\n      orgId,\n      orgName: String(org.name),\n      role: \"member\" as OrgRole,\n    };\n  },\n);\n\n/** PUT /_agent-native/org/domain — set or clear the allowed email domain (owner/admin only) */\nexport const setDomainHandler = defineEventHandler(async (event: H3Event) => {\n  const ctx = await getOrgContext(event);\n  if (!ctx.orgId) {\n    throw createError({ statusCode: 400, message: \"No active organization\" });\n  }\n  if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n    throw createError({\n      statusCode: 403,\n      message: \"Only owners and admins can set the allowed domain\",\n    });\n  }\n\n  const body = await readBody(event);\n  const raw = body?.domain?.trim()?.toLowerCase() || null;\n\n  if (raw && !/^([a-z0-9]([a-z0-9-]*[a-z0-9])?\\.)+[a-z]{2,}$/.test(raw)) {\n    throw createError({\n      statusCode: 400,\n      message: \"Invalid domain format\",\n    });\n  }\n\n  const e = await exec();\n\n  if (raw) {\n    const existing = await e.execute({\n      sql: `SELECT id FROM organizations WHERE LOWER(allowed_domain) = ? AND id != ? LIMIT 1`,\n      args: [raw, ctx.orgId],\n    });\n    if (existing.rows.length > 0) {\n      throw createError({\n        statusCode: 409,\n        message: \"Another organization already uses this domain\",\n      });\n    }\n  }\n\n  await e.execute({\n    sql: `UPDATE organizations SET allowed_domain = ? WHERE id = ?`,\n    args: [raw, ctx.orgId],\n  });\n\n  return { domain: raw };\n});\n\n/** PUT /_agent-native/org/a2a-secret — regenerate or set the org's A2A secret (owner/admin only) */\nexport const setA2ASecretHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const ctx = await getOrgContext(event);\n    if (!ctx.orgId) {\n      throw createError({\n        statusCode: 400,\n        message: \"No active organization\",\n      });\n    }\n    if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n      throw createError({\n        statusCode: 403,\n        message: \"Only owners and admins can manage the A2A secret\",\n      });\n    }\n\n    const body = await readBody(event);\n    let secret = body?.secret?.trim() || null;\n\n    // If no secret provided, auto-generate one\n    if (!secret) {\n      const { randomBytes } = await import(\"node:crypto\");\n      secret = randomBytes(32).toString(\"base64url\");\n    }\n\n    const e = await exec();\n    // Read the previous secret BEFORE overwriting so the client can chain a\n    // sync call that signs JWTs with the secret peers still hold.\n    const prevRes = await e.execute({\n      sql: `SELECT a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n      args: [ctx.orgId],\n    });\n    const previousSecret =\n      String((prevRes.rows[0] as any)?.a2a_secret ?? \"\") || null;\n\n    await e.execute({\n      sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n      args: [secret, ctx.orgId],\n    });\n\n    return { a2aSecret: secret, previousSecret };\n  },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/sync — push the org's A2A secret to all\n * connected apps so cross-app delegation works without manual copy/paste.\n *\n * Auth: standard session — owner/admin only.\n *\n * For each discovered agent, signs a JWT with the org's CURRENT a2a_secret\n * and POSTs to `<app>/_agent-native/org/a2a-secret/receive` with the same\n * secret + the org's domain. The receiving app verifies the JWT using its\n * own copy of the secret (peers must already share a secret to be trusted)\n * — for the first-ever sync this means at least one peer must already hold\n * the secret, which is the bootstrap. For ongoing rotation, regenerate\n * locally and call sync immediately; sync signs with the secret that's\n * currently in DB, which the peers still have.\n *\n * Body (optional): { signSecret?: string } — sign the outbound JWTs with\n * this secret instead of the org's current secret. Used by the regenerate-\n * then-sync flow: regenerate stores the NEW secret, but sync needs to\n * authenticate using the OLD one that peers still hold. Owner/admin only,\n * gated by the session.\n */\nexport const syncA2ASecretHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const ctx = await getOrgContext(event);\n    if (!ctx.orgId) {\n      throw createError({\n        statusCode: 400,\n        message: \"No active organization\",\n      });\n    }\n    if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n      throw createError({\n        statusCode: 403,\n        message: \"Only owners and admins can sync the A2A secret\",\n      });\n    }\n\n    const body = await readBody(event).catch(() => null);\n    const overrideSignSecret =\n      typeof body?.signSecret === \"string\" && body.signSecret.trim()\n        ? body.signSecret.trim()\n        : null;\n\n    const e = await exec();\n    const orgRes = await e.execute({\n      sql: `SELECT a2a_secret, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n      args: [ctx.orgId],\n    });\n    if (orgRes.rows.length === 0) {\n      throw createError({\n        statusCode: 404,\n        message: \"Organization not found\",\n      });\n    }\n    const orgRow = orgRes.rows[0] as any;\n    const secret = String(orgRow.a2a_secret ?? \"\") || null;\n    const orgDomain = String(orgRow.allowed_domain ?? \"\") || null;\n\n    if (!secret) {\n      throw createError({\n        statusCode: 400,\n        message: \"Org has no A2A secret. Generate one first before syncing.\",\n      });\n    }\n    if (!orgDomain) {\n      throw createError({\n        statusCode: 400,\n        message:\n          \"Org has no allowed domain set. Set the email domain first so connected apps can identify which org to update.\",\n      });\n    }\n\n    const signSecret = overrideSignSecret || secret;\n\n    const { discoverAgents } = await import(\"../server/agent-discovery.js\");\n    const { signA2AToken } = await import(\"../a2a/client.js\");\n\n    const agents = await discoverAgents();\n\n    const results: Array<{\n      id: string;\n      name: string;\n      url: string;\n      ok: boolean;\n      status?: number;\n      error?: string;\n    }> = [];\n\n    await Promise.all(\n      agents.map(async (agent) => {\n        try {\n          const token = await signA2AToken(ctx.email, orgDomain, signSecret);\n\n          const target = `${agent.url.replace(/\\/$/, \"\")}/_agent-native/org/a2a-secret/receive`;\n          const res = await fetch(target, {\n            method: \"POST\",\n            headers: {\n              \"Content-Type\": \"application/json\",\n              Authorization: `Bearer ${token}`,\n            },\n            body: JSON.stringify({ secret, orgDomain }),\n          });\n\n          if (!res.ok) {\n            const text = await res.text().catch(() => \"\");\n            results.push({\n              id: agent.id,\n              name: agent.name,\n              url: agent.url,\n              ok: false,\n              status: res.status,\n              error: text || res.statusText,\n            });\n            return;\n          }\n          results.push({\n            id: agent.id,\n            name: agent.name,\n            url: agent.url,\n            ok: true,\n            status: res.status,\n          });\n        } catch (err) {\n          results.push({\n            id: agent.id,\n            name: agent.name,\n            url: agent.url,\n            ok: false,\n            error: err instanceof Error ? err.message : String(err),\n          });\n        }\n      }),\n    );\n\n    const succeeded = results.filter((r) => r.ok).length;\n    return {\n      total: results.length,\n      succeeded,\n      failed: results.length - succeeded,\n      results,\n    };\n  },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/receive — accept a secret push from a\n * connected agent-native app. Auth-exempt at the route guard; we verify a\n * JWT signed by the calling app using OUR copy of the org's a2a_secret. If\n * verification succeeds the calling app is a trusted peer and we overwrite\n * our local org's secret with the supplied value.\n *\n * Body: { secret: string, orgDomain: string }\n *\n * Header: Authorization: Bearer <JWT signed with the existing shared\n * a2a_secret, with `org_domain` matching the body's orgDomain>.\n */\nexport const receiveA2ASecretHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const { getRequestHeader } = await import(\"h3\");\n    const jose = await import(\"jose\");\n\n    const authHeader = getRequestHeader(event, \"authorization\");\n    if (!authHeader || !authHeader.startsWith(\"Bearer \")) {\n      throw createError({\n        statusCode: 401,\n        message: \"Bearer token required\",\n      });\n    }\n    const token = authHeader.slice(\"Bearer \".length);\n\n    const body = await readBody(event);\n    const newSecret =\n      typeof body?.secret === \"string\" ? body.secret.trim() : \"\";\n    const orgDomain =\n      typeof body?.orgDomain === \"string\"\n        ? body.orgDomain.trim().toLowerCase()\n        : \"\";\n    if (!newSecret || !orgDomain) {\n      throw createError({\n        statusCode: 400,\n        message: \"secret and orgDomain are required\",\n      });\n    }\n\n    // Peek at JWT (unverified) to confirm it claims the same domain we're\n    // updating. Verification still happens below with the trusted secret.\n    let claimedDomain: string | undefined;\n    try {\n      const unverified = jose.decodeJwt(token);\n      claimedDomain =\n        (unverified.org_domain as string | undefined) || undefined;\n    } catch {\n      throw createError({\n        statusCode: 401,\n        message: \"Malformed JWT\",\n      });\n    }\n    if (\n      !claimedDomain ||\n      claimedDomain.toLowerCase() !== orgDomain.toLowerCase()\n    ) {\n      throw createError({\n        statusCode: 401,\n        message: \"JWT org_domain does not match request body\",\n      });\n    }\n\n    // Look up our local org by the domain and grab the existing secret.\n    const e = await exec();\n    const orgRes = await e.execute({\n      sql: `SELECT id, a2a_secret FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n      args: [orgDomain],\n    });\n    if (orgRes.rows.length === 0) {\n      throw createError({\n        statusCode: 404,\n        message: \"No local org matches that domain\",\n      });\n    }\n    const row = orgRes.rows[0] as any;\n    const localOrgId = String(row.id);\n    const existingSecret = String(row.a2a_secret ?? \"\") || null;\n\n    if (!existingSecret) {\n      // Bootstrap requires an existing shared secret to verify the caller.\n      // If we have nothing on file, we can't verify trust — refuse.\n      throw createError({\n        statusCode: 401,\n        message:\n          \"Local org has no A2A secret yet — cannot verify caller. Set the secret manually for the first time.\",\n      });\n    }\n\n    // Verify the JWT using OUR existing secret. If the caller is a trusted\n    // peer they signed with the same secret and verification succeeds.\n    try {\n      await jose.jwtVerify(token, new TextEncoder().encode(existingSecret));\n    } catch {\n      throw createError({\n        statusCode: 401,\n        message: \"Invalid or expired JWT signature\",\n      });\n    }\n\n    // Trusted — apply the new secret.\n    await e.execute({\n      sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n      args: [newSecret, localOrgId],\n    });\n\n    return { ok: true, orgId: localOrgId };\n  },\n);\n"]}
+{"version":3,"file":"handlers.js","sourceRoot":"","sources":["../../src/org/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,WAAW,GAEZ,MAAM,IAAI,CAAC;AAEZ;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC/C,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,yBAAyB,CAAC;QACrC,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;IACzD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AAED,iFAAiF;AACjF,SAAS,kBAAkB,CAAC,KAAc;IACxC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAClD,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAC3C,MAAM,KAAK,GACT,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC9E,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AACD,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7C,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,OAAO,SAAS,EAAE,CAAC;AACrB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAkC;IAC1D,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,2FAA2F;AAC3F,MAAM,CAAC,MAAM,eAAe,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IACzE,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IAEvC,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;mCAG0B;QAC/B,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC5C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;KACzC,CAAC,CAAC,CAAC;IAEJ,IAAI,aAAa,GAA8C,EAAE,CAAC;IAClE,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IACtD,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;gBAC5B,GAAG,EAAE;;;;;;;;kBAQK;gBACV,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;aACxC,CAAC,CAAC;YACH,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;gBAC1C,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnB,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;aACxB,CAAC,CAAC,CAAC;QACN,CAAC;QAAC,MAAM,CAAC;YACP,kEAAkE;QACpE,CAAC;IACH,CAAC;IAED,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;gBAC5B,GAAG,EAAE,2EAA2E;gBAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;aAClB,CAAC,CAAC;YACH,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClB,aAAa;oBACX,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;gBAC9D,SAAS,GAAG,MAAM,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;YACtE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC;IAEpE,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,oEAAoE;QACpE,6DAA6D;QAC7D,kEAAkE;QAClE,+DAA+D;QAC/D,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;KAChC,CAAC,CAAC;IACH,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QAC1D,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAClC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;QACxC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;KAC/C,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,IAAI;QACJ,kBAAkB;QAClB,aAAa;QACb,aAAa;QACb,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KAClD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,0DAA0D;AAC1D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,8DAA8D;IAC9D,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAExD,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,iGAAiG;QACtG,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,CAAC;KAC3C,CAAC,CAAC;IAEH,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,qFAAqF;QAC1F,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC;KAC7C,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC5C,CAAC,CAAC,CAAC;AAEH,wDAAwD;AACxD,MAAM,CAAC,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC5E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IAEvC,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,+EAA+E;QACpF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACpC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;QAC/B,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,SAAS,CAAC;KAC5C,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC,CAAC,CAAC;AAEH,mEAAmE;AACnE,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sDAAsD;SAChE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,CAAC;IACjD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,mEAAmE;IACnE,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,kEAAkE;IAClE,kEAAkE;IAClE,aAAa;IACb,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACvC,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+CAA+C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACrC,GAAG,EAAE,oGAAoG;QACzG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACvC,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,mHAAmH;QACxH,IAAI,EAAE,CAAC,EAAE,EAAE,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KACpD,CAAC,CAAC;IAEH,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,IAAI,UAA8B,CAAC;IACnC,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;gBAChD,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,WAAW;gBACnC,SAAS,EAAE,eAAe,CAAC,KAAK,CAAC;gBACjC,OAAO,EAAE,GAAG,CAAC,KAAK;aACnB,CAAC,CAAC;YACH,MAAM,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,SAAS,GAAG,IAAI,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,UAAU,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACjE,CAAC,CACF,CAAC;AAEF,gFAAgF;AAChF,MAAM,CAAC,MAAM,sBAAsB,GAAG,kBAAkB,CACtD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAE3C,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE;;oDAEyC;QAC9C,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;QACxC,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC;QAC9C,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;KACzB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,WAAW,EAAE,CAAC;AACzB,CAAC,CACF,CAAC;AAEF,4EAA4E;AAC5E,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,YAAY,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,2DAA2D;QAC3D,gDAAgD;QAChD,GAAG,EAAE;6EACkE;QACvE,IAAI,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KAC1C,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAEjD,MAAM,kBAAkB,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACzC,GAAG,EAAE,4EAA4E;QACjF,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACtC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,qDAAqD;QAC1D,IAAI,EAAE,CAAC,QAAQ,CAAC;KACjB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAE5D,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,CAAC,OAAO,CAAC;YACd,GAAG,EAAE,6DAA6D;YAClE,IAAI,EAAE,CAAC,YAAY,CAAC;SACrB,CAAC,CAAC;QACH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClE,OAAO;YACL,KAAK,EAAE,QAAQ;YACf,OAAO;YACP,IAAI,EAAE,MAAM,CAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAY;SAClE,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC9C,CAAC,CAAC;IAEH,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,6DAA6D;QAClE,IAAI,EAAE,CAAC,YAAY,CAAC;KACrB,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;IAElE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAmB,EAAE,CAAC;AACjE,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,gEAAgE;IAChE,kEAAkE;IAClE,kEAAkE;IAClE,gEAAgE;IAChE,+DAA+D;IAC/D,mEAAmE;IACnE,uCAAuC;IACvC,MAAM,gBAAgB,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IACnD,IAAI,gBAAgB,KAAK,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACzE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAC;IACL,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,gEAAgE;IAChE,iEAAiE;IACjE,6DAA6D;IAC7D,8DAA8D;IAC9D,gEAAgE;IAChE,6DAA6D;IAC7D,gEAAgE;IAChE,2DAA2D;IAC3D,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IACH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,+DAA+D;QACpE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;KACpC,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC,CACF,CAAC;AAEF,oFAAoF;AACpF,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,gDAAgD;QACrD,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC;KACxB,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;AACpC,CAAC,CAAC,CAAC;AAEH,4EAA4E;AAC5E,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QACjC,GAAG,EAAE;;;4DAGmD;QACxD,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IAEH,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACtC,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC;QAC5C,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAY;KAClC,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,mGAAmG;AACnG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,CAAC;KACd,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IAEtD,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,UAAU,EAAE,CAAC;QACnD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qEAAqE;SACxE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;KACnC,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC3C,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,OAAO;QACL,KAAK;QACL,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;QACzB,IAAI,EAAE,QAAmB;KAC1B,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,+FAA+F;AAC/F,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC1E,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC;IAExD,IAAI,GAAG,IAAI,CAAC,+CAA+C,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACtE,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IAEvB,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;YAC/B,GAAG,EAAE,kFAAkF;YACvF,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;SACvB,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,+CAA+C;aACzD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,0DAA0D;QAC/D,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC;KACvB,CAAC,CAAC;IAEH,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,oGAAoG;AACpG,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CACnD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAE1C,2CAA2C;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACpD,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,wEAAwE;IACxE,8DAA8D;IAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC9B,GAAG,EAAE,2DAA2D;QAChE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,MAAM,cAAc,GAClB,MAAM,CAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE7D,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC;KAC1B,CAAC,CAAC;IAEH,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;AAC/C,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,kBAAkB,CACpD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACjD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,kBAAkB,GACtB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QAC5D,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE;QACxB,CAAC,CAAC,IAAI,CAAC;IAEX,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,2EAA2E;QAChF,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,wBAAwB;SAClC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IACvD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE9D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,2DAA2D;SACrE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,+GAA+G;SAClH,CAAC,CAAC;IACL,CAAC;IAED,MAAM,UAAU,GAAG,kBAAkB,IAAI,MAAM,CAAC;IAEhD,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;IACxE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAE1D,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;IAEtC,MAAM,OAAO,GAOR,EAAE,CAAC;IAER,MAAM,OAAO,CAAC,GAAG,CACf,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACzB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAEnE,MAAM,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,uCAAuC,CAAC;YACtF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC9B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,KAAK,EAAE;iBACjC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;aAC5C,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC;oBACX,EAAE,EAAE,KAAK,CAAC,EAAE;oBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;oBACd,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,KAAK,EAAE,IAAI,IAAI,GAAG,CAAC,UAAU;iBAC9B,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,GAAG,CAAC,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC;IACrD,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,SAAS;QACT,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,SAAS;QAClC,OAAO;KACR,CAAC;AACJ,CAAC,CACF,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CACvD,KAAK,EAAE,KAAc,EAAE,EAAE;IACvB,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAElC,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5D,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEjD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7D,MAAM,SAAS,GACb,OAAO,IAAI,EAAE,SAAS,KAAK,QAAQ;QACjC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,CAAC,CAAC,EAAE,CAAC;IACT,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,sEAAsE;IACtE,sEAAsE;IACtE,IAAI,aAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACzC,aAAa;YACV,UAAU,CAAC,UAAiC,IAAI,SAAS,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,eAAe;SACzB,CAAC,CAAC;IACL,CAAC;IACD,IACE,CAAC,aAAa;QACd,aAAa,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,WAAW,EAAE,EACvD,CAAC;QACD,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,4CAA4C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,MAAM,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC;QAC7B,GAAG,EAAE,kFAAkF;QACvF,IAAI,EAAE,CAAC,SAAS,CAAC;KAClB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAQ,CAAC;IAClC,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,IAAI,IAAI,CAAC;IAE5D,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,qEAAqE;QACrE,8DAA8D;QAC9D,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EACL,qGAAqG;SACxG,CAAC,CAAC;IACL,CAAC;IAED,uEAAuE;IACvE,mEAAmE;IACnE,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,WAAW,CAAC;YAChB,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,MAAM,CAAC,CAAC,OAAO,CAAC;QACd,GAAG,EAAE,sDAAsD;QAC3D,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KAC9B,CAAC,CAAC;IAEH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;AACzC,CAAC,CACF,CAAC","sourcesContent":["import {\n  defineEventHandler,\n  getRouterParam,\n  getRequestURL,\n  createError,\n  type H3Event,\n} from \"h3\";\n\n/**\n * Extract the :id from invitation-accept paths. The framework request handler\n * strips the mount prefix before calling the handler, so `event.url.pathname`\n * is the relative tail — e.g. `/some-id/accept`. Falls back to matching the\n * full path for contexts that don't strip, and to the h3 router param.\n */\nfunction extractInvitationId(event: H3Event): string | undefined {\n  const fromRouter = getRouterParam(event, \"id\");\n  if (fromRouter) return fromRouter;\n  const path = getRequestURL(event).pathname;\n  const match =\n    path.match(/^\\/([^\\/]+)\\/accept\\/?$/) ??\n    path.match(/\\/org\\/invitations\\/([^\\/]+)\\/accept\\/?$/);\n  return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\n\n/** Extract the :email from member-delete paths. Same prefix-stripping caveat. */\nfunction extractMemberEmail(event: H3Event): string | undefined {\n  const fromRouter = getRouterParam(event, \"email\");\n  if (fromRouter) return fromRouter;\n  const path = getRequestURL(event).pathname;\n  const match =\n    path.match(/^\\/([^\\/]+)\\/?$/) ?? path.match(/\\/org\\/members\\/([^\\/]+)\\/?$/);\n  return match?.[1] ? decodeURIComponent(match[1]) : undefined;\n}\nconst nanoid = (): string =>\n  globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n  Math.random().toString(36).slice(2) + Date.now().toString(36);\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { getSession } from \"../server/auth.js\";\nimport { putUserSetting } from \"../settings/user-settings.js\";\nimport { getDbExec } from \"../db/client.js\";\nimport { sendEmail, isEmailConfigured } from \"../server/email.js\";\nimport { renderInviteEmail } from \"../server/email-templates.js\";\nimport { getAppProductionUrl } from \"../server/app-url.js\";\nimport { getOrgContext } from \"./context.js\";\nimport type { OrgRole } from \"./types.js\";\n\nfunction getInviteAppUrl(event: H3Event): string {\n  return getAppProductionUrl(event);\n}\n\nfunction escapeHtml(s: string): string {\n  return s\n    .replace(/&/g, \"&amp;\")\n    .replace(/</g, \"&lt;\")\n    .replace(/>/g, \"&gt;\")\n    .replace(/\"/g, \"&quot;\")\n    .replace(/'/g, \"&#39;\");\n}\n\nasync function exec() {\n  return getDbExec();\n}\n\nfunction requireAuthEmail(session: { email?: string } | null): string {\n  const email = session?.email;\n  if (!email) {\n    throw createError({ statusCode: 401, message: \"Authentication required\" });\n  }\n  return email;\n}\n\n/** GET /_agent-native/org/me — current user's active org, all orgs, pending invitations */\nexport const getMyOrgHandler = defineEventHandler(async (event: H3Event) => {\n  const ctx = await getOrgContext(event);\n\n  const e = await exec();\n  const allOrgsRes = await e.execute({\n    sql: `SELECT m.org_id AS \"orgId\", m.role AS role, o.name AS \"orgName\"\n          FROM org_members m\n          INNER JOIN organizations o ON m.org_id = o.id\n          WHERE LOWER(m.email) = ?`,\n    args: [ctx.email.toLowerCase()],\n  });\n  const orgs = allOrgsRes.rows.map((r: any) => ({\n    orgId: String(r.orgId ?? r.org_id),\n    role: String(r.role) as OrgRole,\n    orgName: String(r.orgName ?? r.org_name),\n  }));\n\n  let domainMatches: Array<{ orgId: string; orgName: string }> = [];\n  const domain = ctx.email.split(\"@\")[1]?.toLowerCase();\n  if (domain) {\n    try {\n      const dmRes = await e.execute({\n        sql: `SELECT o.id, o.name\n              FROM organizations o\n              WHERE LOWER(o.allowed_domain) = ?\n                AND NOT EXISTS (\n                  SELECT 1\n                  FROM org_members m\n                  WHERE m.org_id = o.id\n                    AND LOWER(m.email) = ?\n                )`,\n        args: [domain, ctx.email.toLowerCase()],\n      });\n      domainMatches = dmRes.rows.map((r: any) => ({\n        orgId: String(r.id),\n        orgName: String(r.name),\n      }));\n    } catch {\n      // allowed_domain column may not exist yet if migration hasn't run\n    }\n  }\n\n  let allowedDomain: string | null = null;\n  let a2aSecret: string | null = null;\n  if (ctx.orgId) {\n    try {\n      const adRes = await e.execute({\n        sql: `SELECT allowed_domain, a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n        args: [ctx.orgId],\n      });\n      if (adRes.rows[0]) {\n        allowedDomain =\n          String((adRes.rows[0] as any).allowed_domain ?? \"\") || null;\n        a2aSecret = String((adRes.rows[0] as any).a2a_secret ?? \"\") || null;\n      }\n    } catch {\n      // Column may not exist yet\n    }\n  }\n\n  const isOwnerOrAdmin = ctx.role === \"owner\" || ctx.role === \"admin\";\n\n  const invitesRes = await e.execute({\n    // Case-insensitive match: invitations are stored with whatever case\n    // the inviter typed, but the session email may be normalized\n    // differently by the auth provider. LOWER(both sides) keeps these\n    // discoverable and matches getOrgContext.hasPendingInvitation.\n    sql: `SELECT i.id AS id, i.org_id AS \"orgId\", o.name AS \"orgName\", i.invited_by AS \"invitedBy\"\n          FROM org_invitations i\n          INNER JOIN organizations o ON i.org_id = o.id\n          WHERE LOWER(i.email) = ? AND i.status = 'pending'`,\n    args: [ctx.email.toLowerCase()],\n  });\n  const pendingInvitations = invitesRes.rows.map((r: any) => ({\n    id: String(r.id),\n    orgId: String(r.orgId ?? r.org_id),\n    orgName: String(r.orgName ?? r.org_name),\n    invitedBy: String(r.invitedBy ?? r.invited_by),\n  }));\n\n  return {\n    email: ctx.email,\n    orgId: ctx.orgId,\n    orgName: ctx.orgName,\n    role: ctx.role,\n    orgs,\n    pendingInvitations,\n    domainMatches,\n    allowedDomain,\n    a2aSecret: isOwnerOrAdmin ? a2aSecret : undefined,\n  };\n});\n\n/** POST /_agent-native/org — create a new organization */\nexport const createOrgHandler = defineEventHandler(async (event: H3Event) => {\n  const session = await getSession(event);\n  const email = requireAuthEmail(session);\n\n  const body = await readBody(event);\n  const name = body?.name?.trim();\n  if (!name) {\n    throw createError({\n      statusCode: 400,\n      message: \"Organization name is required\",\n    });\n  }\n\n  const orgId = nanoid();\n  const now = Date.now();\n  const e = await exec();\n\n  // Auto-generate a per-org A2A secret for cross-app delegation\n  const { randomBytes } = await import(\"node:crypto\");\n  const a2aSecret = randomBytes(32).toString(\"base64url\");\n\n  await e.execute({\n    sql: `INSERT INTO organizations (id, name, created_by, created_at, a2a_secret) VALUES (?, ?, ?, ?, ?)`,\n    args: [orgId, name, email, now, a2aSecret],\n  });\n\n  await e.execute({\n    sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, ?, ?)`,\n    args: [nanoid(), orgId, email, \"owner\", now],\n  });\n\n  await putUserSetting(email, \"active-org-id\", { orgId });\n\n  return { id: orgId, name, role: \"owner\" };\n});\n\n/** GET /_agent-native/org/members — list org members */\nexport const listMembersHandler = defineEventHandler(async (event: H3Event) => {\n  const ctx = await getOrgContext(event);\n  if (!ctx.orgId) return { members: [] };\n\n  const e = await exec();\n  const { rows } = await e.execute({\n    sql: `SELECT email, role, joined_at AS \"joinedAt\" FROM org_members WHERE org_id = ?`,\n    args: [ctx.orgId],\n  });\n  const members = rows.map((r: any) => ({\n    email: String(r.email),\n    role: String(r.role) as OrgRole,\n    joinedAt: Number(r.joinedAt ?? r.joined_at),\n  }));\n  return { members };\n});\n\n/** POST /_agent-native/org/invitations — invite a user by email */\nexport const createInvitationHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const ctx = await getOrgContext(event);\n    if (!ctx.orgId) {\n      throw createError({\n        statusCode: 400,\n        message: \"You must belong to an organization to invite members\",\n      });\n    }\n    if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n      throw createError({\n        statusCode: 403,\n        message: \"Only owners and admins can invite members\",\n      });\n    }\n\n    const body = await readBody(event);\n    const email = body?.email?.trim()?.toLowerCase();\n    if (!email) {\n      throw createError({ statusCode: 400, message: \"Email is required\" });\n    }\n\n    const e = await exec();\n\n    // Existing rows in org_members / org_invitations may have any case\n    // (writes haven't been normalized historically). Compare with LOWER\n    // on both sides so an \"alice@...\" invite check correctly recognizes\n    // an existing \"Alice@...\" membership. `email` is already lowercased\n    // at parse time above, but call .toLowerCase() explicitly here so\n    // the contract at the SQL boundary matches every other handler in\n    // this file.\n    const existingMember = await e.execute({\n      sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n      args: [ctx.orgId, email.toLowerCase()],\n    });\n    if (existingMember.rows.length > 0) {\n      throw createError({\n        statusCode: 409,\n        message: \"User is already a member of this organization\",\n      });\n    }\n\n    const existingInvite = await e.execute({\n      sql: `SELECT 1 FROM org_invitations WHERE org_id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n      args: [ctx.orgId, email.toLowerCase()],\n    });\n    if (existingInvite.rows.length > 0) {\n      throw createError({\n        statusCode: 409,\n        message: \"An invitation is already pending for this email\",\n      });\n    }\n\n    const id = nanoid();\n    await e.execute({\n      sql: `INSERT INTO org_invitations (id, org_id, email, invited_by, created_at, status) VALUES (?, ?, ?, ?, ?, 'pending')`,\n      args: [id, ctx.orgId, email, ctx.email, Date.now()],\n    });\n\n    let emailSent = false;\n    let emailError: string | undefined;\n    if (isEmailConfigured()) {\n      try {\n        const { subject, html, text } = renderInviteEmail({\n          invitee: email,\n          orgName: ctx.orgName || \"your team\",\n          acceptUrl: getInviteAppUrl(event),\n          inviter: ctx.email,\n        });\n        await sendEmail({ to: email, subject, html, text });\n        emailSent = true;\n      } catch (err) {\n        emailError = err instanceof Error ? err.message : String(err);\n        console.error(\"[org/invitations] failed to send invite email\", err);\n      }\n    }\n\n    return { id, email, status: \"pending\", emailSent, emailError };\n  },\n);\n\n/** GET /_agent-native/org/invitations — list pending invitations for the org */\nexport const listInvitationsHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const ctx = await getOrgContext(event);\n    if (!ctx.orgId) return { invitations: [] };\n\n    const e = await exec();\n    const { rows } = await e.execute({\n      sql: `SELECT id, email, invited_by AS \"invitedBy\", created_at AS \"createdAt\", status\n            FROM org_invitations\n            WHERE org_id = ? AND status = 'pending'`,\n      args: [ctx.orgId],\n    });\n    const invitations = rows.map((r: any) => ({\n      id: String(r.id),\n      email: String(r.email),\n      invitedBy: String(r.invitedBy ?? r.invited_by),\n      createdAt: Number(r.createdAt ?? r.created_at),\n      status: String(r.status),\n    }));\n    return { invitations };\n  },\n);\n\n/** POST /_agent-native/org/invitations/:id/accept — accept an invitation */\nexport const acceptInvitationHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const session = await getSession(event);\n    const email = requireAuthEmail(session);\n\n    const invitationId = extractInvitationId(event);\n    if (!invitationId) {\n      throw createError({\n        statusCode: 400,\n        message: \"Invitation ID required\",\n      });\n    }\n\n    const e = await exec();\n\n    const invRes = await e.execute({\n      // Case-insensitive on email — see comment on the analogous\n      // pending-invitations query in getMyOrgHandler.\n      sql: `SELECT id, org_id AS \"orgId\" FROM org_invitations\n            WHERE id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n      args: [invitationId, email.toLowerCase()],\n    });\n    if (invRes.rows.length === 0) {\n      throw createError({\n        statusCode: 404,\n        message: \"Invitation not found or already used\",\n      });\n    }\n    const inv = invRes.rows[0] as any;\n    const invOrgId = String(inv.orgId ?? inv.org_id);\n\n    const existingMembership = await e.execute({\n      sql: `SELECT role FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n      args: [invOrgId, email.toLowerCase()],\n    });\n\n    const orgRes = await e.execute({\n      sql: `SELECT name FROM organizations WHERE id = ? LIMIT 1`,\n      args: [invOrgId],\n    });\n    const orgName = String((orgRes.rows[0] as any)?.name ?? \"\");\n\n    if (existingMembership.rows.length > 0) {\n      await e.execute({\n        sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n        args: [invitationId],\n      });\n      await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n      return {\n        orgId: invOrgId,\n        orgName,\n        role: String((existingMembership.rows[0] as any).role) as OrgRole,\n      };\n    }\n\n    await e.execute({\n      sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n      args: [nanoid(), invOrgId, email, Date.now()],\n    });\n\n    await e.execute({\n      sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n      args: [invitationId],\n    });\n\n    await putUserSetting(email, \"active-org-id\", { orgId: invOrgId });\n\n    return { orgId: invOrgId, orgName, role: \"member\" as OrgRole };\n  },\n);\n\n/** DELETE /_agent-native/org/members/:email — remove a member (owner/admin only) */\nexport const removeMemberHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const ctx = await getOrgContext(event);\n    if (!ctx.orgId) {\n      throw createError({ statusCode: 400, message: \"No organization found\" });\n    }\n    if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n      throw createError({\n        statusCode: 403,\n        message: \"Only owners and admins can remove members\",\n      });\n    }\n\n    const memberEmail = extractMemberEmail(event);\n    if (!memberEmail) {\n      throw createError({ statusCode: 400, message: \"Email is required\" });\n    }\n\n    // memberEmail comes from the URL path verbatim; org_members may\n    // hold the row with any case. LOWER both sides for the lookup AND\n    // the DELETE so removal works regardless of how either side cased\n    // it. The self-removal guard ALSO compares case-insensitively —\n    // otherwise an owner whose email was stored as Alice@... could\n    // remove themselves via the lowercase URL alice@..., bypassing the\n    // guard and leaving the org ownerless.\n    const memberEmailLower = memberEmail.toLowerCase();\n    if (memberEmailLower === ctx.email.toLowerCase() && ctx.role === \"owner\") {\n      throw createError({\n        statusCode: 400,\n        message: \"Organization owner cannot remove themselves\",\n      });\n    }\n    const e = await exec();\n    // Look specifically for an OWNER row matching this email rather\n    // than just \"any matching row\". Duplicate-case rows are possible\n    // (e.g. legacy data with both \"Alice@...\" and \"alice@...\" in\n    // org_members), and the prior `SELECT role ... LIMIT 1` could\n    // return the non-owner duplicate, pass the role check, and then\n    // the case-insensitive DELETE below would remove BOTH rows —\n    // including the owner — leaving the org ownerless. Querying for\n    // the owner row directly closes that case-mismatch attack.\n    const ownerCheck = await e.execute({\n      sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? AND role = 'owner' LIMIT 1`,\n      args: [ctx.orgId, memberEmailLower],\n    });\n    if (ownerCheck.rows.length > 0) {\n      throw createError({\n        statusCode: 403,\n        message: \"Cannot remove the organization owner\",\n      });\n    }\n\n    await e.execute({\n      sql: `DELETE FROM org_members WHERE org_id = ? AND LOWER(email) = ?`,\n      args: [ctx.orgId, memberEmailLower],\n    });\n\n    return { success: true };\n  },\n);\n\n/** PATCH /_agent-native/org — rename the current organization (owner/admin only) */\nexport const updateOrgHandler = defineEventHandler(async (event: H3Event) => {\n  const ctx = await getOrgContext(event);\n  if (!ctx.orgId) {\n    throw createError({ statusCode: 400, message: \"No organization found\" });\n  }\n  if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n    throw createError({\n      statusCode: 403,\n      message: \"Only owners and admins can update the organization\",\n    });\n  }\n\n  const body = await readBody(event);\n  const name = body?.name?.trim();\n  if (!name) {\n    throw createError({\n      statusCode: 400,\n      message: \"Organization name is required\",\n    });\n  }\n\n  const e = await exec();\n  await e.execute({\n    sql: `UPDATE organizations SET name = ? WHERE id = ?`,\n    args: [name, ctx.orgId],\n  });\n\n  return { orgId: ctx.orgId, name };\n});\n\n/** PUT /_agent-native/org/switch — switch the user's active organization */\nexport const switchOrgHandler = defineEventHandler(async (event: H3Event) => {\n  const session = await getSession(event);\n  const email = requireAuthEmail(session);\n\n  const body = await readBody(event);\n  const orgId = body?.orgId;\n\n  if (!orgId) {\n    await putUserSetting(email, \"active-org-id\", { orgId: null });\n    return { orgId: null, orgName: null, role: null };\n  }\n\n  const e = await exec();\n  const membership = await e.execute({\n    sql: `SELECT m.role AS role, o.name AS \"orgName\"\n          FROM org_members m\n          INNER JOIN organizations o ON m.org_id = o.id\n          WHERE m.org_id = ? AND LOWER(m.email) = ? LIMIT 1`,\n    args: [orgId, email.toLowerCase()],\n  });\n\n  if (membership.rows.length === 0) {\n    throw createError({\n      statusCode: 403,\n      message: \"You are not a member of that organization\",\n    });\n  }\n\n  await putUserSetting(email, \"active-org-id\", { orgId });\n\n  const row = membership.rows[0] as any;\n  return {\n    orgId,\n    orgName: String(row.orgName ?? row.org_name),\n    role: String(row.role) as OrgRole,\n  };\n});\n\n/** POST /_agent-native/org/join-by-domain — join an org whose allowed_domain matches your email */\nexport const joinByDomainHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const session = await getSession(event);\n    const email = requireAuthEmail(session);\n\n    const body = await readBody(event);\n    const orgId = body?.orgId;\n    if (!orgId) {\n      throw createError({ statusCode: 400, message: \"orgId is required\" });\n    }\n\n    const e = await exec();\n\n    const orgRes = await e.execute({\n      sql: `SELECT id, name, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n      args: [orgId],\n    });\n    if (orgRes.rows.length === 0) {\n      throw createError({ statusCode: 404, message: \"Organization not found\" });\n    }\n    const org = orgRes.rows[0] as any;\n    const allowedDomain = String(org.allowed_domain || \"\").toLowerCase();\n    const userDomain = email.split(\"@\")[1]?.toLowerCase();\n\n    if (!allowedDomain || allowedDomain !== userDomain) {\n      throw createError({\n        statusCode: 403,\n        message:\n          \"Your email domain does not match this organization's allowed domain\",\n      });\n    }\n\n    const existing = await e.execute({\n      sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n      args: [orgId, email.toLowerCase()],\n    });\n    if (existing.rows.length > 0) {\n      throw createError({\n        statusCode: 409,\n        message: \"Already a member of this organization\",\n      });\n    }\n\n    await e.execute({\n      sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n      args: [nanoid(), orgId, email, Date.now()],\n    });\n\n    await putUserSetting(email, \"active-org-id\", { orgId });\n\n    return {\n      orgId,\n      orgName: String(org.name),\n      role: \"member\" as OrgRole,\n    };\n  },\n);\n\n/** PUT /_agent-native/org/domain — set or clear the allowed email domain (owner/admin only) */\nexport const setDomainHandler = defineEventHandler(async (event: H3Event) => {\n  const ctx = await getOrgContext(event);\n  if (!ctx.orgId) {\n    throw createError({ statusCode: 400, message: \"No active organization\" });\n  }\n  if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n    throw createError({\n      statusCode: 403,\n      message: \"Only owners and admins can set the allowed domain\",\n    });\n  }\n\n  const body = await readBody(event);\n  const raw = body?.domain?.trim()?.toLowerCase() || null;\n\n  if (raw && !/^([a-z0-9]([a-z0-9-]*[a-z0-9])?\\.)+[a-z]{2,}$/.test(raw)) {\n    throw createError({\n      statusCode: 400,\n      message: \"Invalid domain format\",\n    });\n  }\n\n  const e = await exec();\n\n  if (raw) {\n    const existing = await e.execute({\n      sql: `SELECT id FROM organizations WHERE LOWER(allowed_domain) = ? AND id != ? LIMIT 1`,\n      args: [raw, ctx.orgId],\n    });\n    if (existing.rows.length > 0) {\n      throw createError({\n        statusCode: 409,\n        message: \"Another organization already uses this domain\",\n      });\n    }\n  }\n\n  await e.execute({\n    sql: `UPDATE organizations SET allowed_domain = ? WHERE id = ?`,\n    args: [raw, ctx.orgId],\n  });\n\n  return { domain: raw };\n});\n\n/** PUT /_agent-native/org/a2a-secret — regenerate or set the org's A2A secret (owner/admin only) */\nexport const setA2ASecretHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const ctx = await getOrgContext(event);\n    if (!ctx.orgId) {\n      throw createError({\n        statusCode: 400,\n        message: \"No active organization\",\n      });\n    }\n    if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n      throw createError({\n        statusCode: 403,\n        message: \"Only owners and admins can manage the A2A secret\",\n      });\n    }\n\n    const body = await readBody(event);\n    let secret = body?.secret?.trim() || null;\n\n    // If no secret provided, auto-generate one\n    if (!secret) {\n      const { randomBytes } = await import(\"node:crypto\");\n      secret = randomBytes(32).toString(\"base64url\");\n    }\n\n    const e = await exec();\n    // Read the previous secret BEFORE overwriting so the client can chain a\n    // sync call that signs JWTs with the secret peers still hold.\n    const prevRes = await e.execute({\n      sql: `SELECT a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n      args: [ctx.orgId],\n    });\n    const previousSecret =\n      String((prevRes.rows[0] as any)?.a2a_secret ?? \"\") || null;\n\n    await e.execute({\n      sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n      args: [secret, ctx.orgId],\n    });\n\n    return { a2aSecret: secret, previousSecret };\n  },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/sync — push the org's A2A secret to all\n * connected apps so cross-app delegation works without manual copy/paste.\n *\n * Auth: standard session — owner/admin only.\n *\n * For each discovered agent, signs a JWT with the org's CURRENT a2a_secret\n * and POSTs to `<app>/_agent-native/org/a2a-secret/receive` with the same\n * secret + the org's domain. The receiving app verifies the JWT using its\n * own copy of the secret (peers must already share a secret to be trusted)\n * — for the first-ever sync this means at least one peer must already hold\n * the secret, which is the bootstrap. For ongoing rotation, regenerate\n * locally and call sync immediately; sync signs with the secret that's\n * currently in DB, which the peers still have.\n *\n * Body (optional): { signSecret?: string } — sign the outbound JWTs with\n * this secret instead of the org's current secret. Used by the regenerate-\n * then-sync flow: regenerate stores the NEW secret, but sync needs to\n * authenticate using the OLD one that peers still hold. Owner/admin only,\n * gated by the session.\n */\nexport const syncA2ASecretHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const ctx = await getOrgContext(event);\n    if (!ctx.orgId) {\n      throw createError({\n        statusCode: 400,\n        message: \"No active organization\",\n      });\n    }\n    if (ctx.role !== \"owner\" && ctx.role !== \"admin\") {\n      throw createError({\n        statusCode: 403,\n        message: \"Only owners and admins can sync the A2A secret\",\n      });\n    }\n\n    const body = await readBody(event).catch(() => null);\n    const overrideSignSecret =\n      typeof body?.signSecret === \"string\" && body.signSecret.trim()\n        ? body.signSecret.trim()\n        : null;\n\n    const e = await exec();\n    const orgRes = await e.execute({\n      sql: `SELECT a2a_secret, allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n      args: [ctx.orgId],\n    });\n    if (orgRes.rows.length === 0) {\n      throw createError({\n        statusCode: 404,\n        message: \"Organization not found\",\n      });\n    }\n    const orgRow = orgRes.rows[0] as any;\n    const secret = String(orgRow.a2a_secret ?? \"\") || null;\n    const orgDomain = String(orgRow.allowed_domain ?? \"\") || null;\n\n    if (!secret) {\n      throw createError({\n        statusCode: 400,\n        message: \"Org has no A2A secret. Generate one first before syncing.\",\n      });\n    }\n    if (!orgDomain) {\n      throw createError({\n        statusCode: 400,\n        message:\n          \"Org has no allowed domain set. Set the email domain first so connected apps can identify which org to update.\",\n      });\n    }\n\n    const signSecret = overrideSignSecret || secret;\n\n    const { discoverAgents } = await import(\"../server/agent-discovery.js\");\n    const { signA2AToken } = await import(\"../a2a/client.js\");\n\n    const agents = await discoverAgents();\n\n    const results: Array<{\n      id: string;\n      name: string;\n      url: string;\n      ok: boolean;\n      status?: number;\n      error?: string;\n    }> = [];\n\n    await Promise.all(\n      agents.map(async (agent) => {\n        try {\n          const token = await signA2AToken(ctx.email, orgDomain, signSecret);\n\n          const target = `${agent.url.replace(/\\/$/, \"\")}/_agent-native/org/a2a-secret/receive`;\n          const res = await fetch(target, {\n            method: \"POST\",\n            headers: {\n              \"Content-Type\": \"application/json\",\n              Authorization: `Bearer ${token}`,\n            },\n            body: JSON.stringify({ secret, orgDomain }),\n          });\n\n          if (!res.ok) {\n            const text = await res.text().catch(() => \"\");\n            results.push({\n              id: agent.id,\n              name: agent.name,\n              url: agent.url,\n              ok: false,\n              status: res.status,\n              error: text || res.statusText,\n            });\n            return;\n          }\n          results.push({\n            id: agent.id,\n            name: agent.name,\n            url: agent.url,\n            ok: true,\n            status: res.status,\n          });\n        } catch (err) {\n          results.push({\n            id: agent.id,\n            name: agent.name,\n            url: agent.url,\n            ok: false,\n            error: err instanceof Error ? err.message : String(err),\n          });\n        }\n      }),\n    );\n\n    const succeeded = results.filter((r) => r.ok).length;\n    return {\n      total: results.length,\n      succeeded,\n      failed: results.length - succeeded,\n      results,\n    };\n  },\n);\n\n/**\n * POST /_agent-native/org/a2a-secret/receive — accept a secret push from a\n * connected agent-native app. Auth-exempt at the route guard; we verify a\n * JWT signed by the calling app using OUR copy of the org's a2a_secret. If\n * verification succeeds the calling app is a trusted peer and we overwrite\n * our local org's secret with the supplied value.\n *\n * Body: { secret: string, orgDomain: string }\n *\n * Header: Authorization: Bearer <JWT signed with the existing shared\n * a2a_secret, with `org_domain` matching the body's orgDomain>.\n */\nexport const receiveA2ASecretHandler = defineEventHandler(\n  async (event: H3Event) => {\n    const { getRequestHeader } = await import(\"h3\");\n    const jose = await import(\"jose\");\n\n    const authHeader = getRequestHeader(event, \"authorization\");\n    if (!authHeader || !authHeader.startsWith(\"Bearer \")) {\n      throw createError({\n        statusCode: 401,\n        message: \"Bearer token required\",\n      });\n    }\n    const token = authHeader.slice(\"Bearer \".length);\n\n    const body = await readBody(event);\n    const newSecret =\n      typeof body?.secret === \"string\" ? body.secret.trim() : \"\";\n    const orgDomain =\n      typeof body?.orgDomain === \"string\"\n        ? body.orgDomain.trim().toLowerCase()\n        : \"\";\n    if (!newSecret || !orgDomain) {\n      throw createError({\n        statusCode: 400,\n        message: \"secret and orgDomain are required\",\n      });\n    }\n\n    // Peek at JWT (unverified) to confirm it claims the same domain we're\n    // updating. Verification still happens below with the trusted secret.\n    let claimedDomain: string | undefined;\n    try {\n      const unverified = jose.decodeJwt(token);\n      claimedDomain =\n        (unverified.org_domain as string | undefined) || undefined;\n    } catch {\n      throw createError({\n        statusCode: 401,\n        message: \"Malformed JWT\",\n      });\n    }\n    if (\n      !claimedDomain ||\n      claimedDomain.toLowerCase() !== orgDomain.toLowerCase()\n    ) {\n      throw createError({\n        statusCode: 401,\n        message: \"JWT org_domain does not match request body\",\n      });\n    }\n\n    // Look up our local org by the domain and grab the existing secret.\n    const e = await exec();\n    const orgRes = await e.execute({\n      sql: `SELECT id, a2a_secret FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n      args: [orgDomain],\n    });\n    if (orgRes.rows.length === 0) {\n      throw createError({\n        statusCode: 404,\n        message: \"No local org matches that domain\",\n      });\n    }\n    const row = orgRes.rows[0] as any;\n    const localOrgId = String(row.id);\n    const existingSecret = String(row.a2a_secret ?? \"\") || null;\n\n    if (!existingSecret) {\n      // Bootstrap requires an existing shared secret to verify the caller.\n      // If we have nothing on file, we can't verify trust — refuse.\n      throw createError({\n        statusCode: 401,\n        message:\n          \"Local org has no A2A secret yet — cannot verify caller. Set the secret manually for the first time.\",\n      });\n    }\n\n    // Verify the JWT using OUR existing secret. If the caller is a trusted\n    // peer they signed with the same secret and verification succeeds.\n    try {\n      await jose.jwtVerify(token, new TextEncoder().encode(existingSecret));\n    } catch {\n      throw createError({\n        statusCode: 401,\n        message: \"Invalid or expired JWT signature\",\n      });\n    }\n\n    // Trusted — apply the new secret.\n    await e.execute({\n      sql: `UPDATE organizations SET a2a_secret = ? WHERE id = ?`,\n      args: [newSecret, localOrgId],\n    });\n\n    return { ok: true, orgId: localOrgId };\n  },\n);\n"]}

package/dist/scripts/call-agent.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"call-agent.d.ts","sourceRoot":"","sources":["../../src/scripts/call-agent.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAUrE,eAAO,MAAM,IAAI,EAAE,UAqBlB,CAAC;AAEF,wBAAsB,GAAG,CACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,CAAC,EAAE,gBAAgB,EAC1B,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CAqMjB;AAQD,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CASzE"}
+{"version":3,"file":"call-agent.d.ts","sourceRoot":"","sources":["../../src/scripts/call-agent.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAqDrE,eAAO,MAAM,IAAI,EAAE,UAqBlB,CAAC;AAEF,wBAAsB,GAAG,CACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,CAAC,EAAE,gBAAgB,EAC1B,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CAoMjB;AA+CD,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CASzE"}