@agent-vm/mcp-portal 0.0.79 → 0.0.81
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{agent-bearer-token-DCtpDPCZ.js → agent-bearer-token-NtEqghPk.js} +1 -1
- package/dist/{agent-bearer-token-DCtpDPCZ.js.map → agent-bearer-token-NtEqghPk.js.map} +1 -1
- package/dist/bin/mcp-portal.js +7 -7
- package/dist/cli/index.d.ts +1 -1
- package/dist/cli/index.js +1 -1
- package/dist/core/index.d.ts +28 -10
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +5 -5
- package/dist/hmac-token-B3QdUvuG.d.ts +40 -0
- package/dist/hmac-token-B3QdUvuG.d.ts.map +1 -0
- package/dist/{hmac-token-DBqWY3-w.js → hmac-token-D3c9OUTE.js} +1 -1
- package/dist/{hmac-token-DBqWY3-w.js.map → hmac-token-D3c9OUTE.js.map} +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.js +3 -3
- package/dist/mcp-proxy/index.d.ts +2 -2
- package/dist/mcp-proxy/index.js +1 -1
- package/dist/portal-auth/agent-bearer-token.js +1 -1
- package/dist/portal-auth/hmac-token.d.ts +2 -40
- package/dist/portal-auth/hmac-token.js +1 -1
- package/dist/portal-config/index.d.ts +1 -1
- package/dist/portal-config/index.js +2 -2
- package/dist/{portal-core-Ckq-Mrzb.d.ts → portal-core-B7scBU6I.d.ts} +46 -20
- package/dist/portal-core-B7scBU6I.d.ts.map +1 -0
- package/dist/{portal-core-B5cRpZMG.js → portal-core-B8HZPw3z.js} +86 -10
- package/dist/portal-core-B8HZPw3z.js.map +1 -0
- package/dist/{portal-tools-DA7j2pyv.js → portal-tools-fFyF72Nl.js} +174 -68
- package/dist/portal-tools-fFyF72Nl.js.map +1 -0
- package/dist/{resolve-agent-identity-ZMMY2Wqm.js → resolve-agent-identity-BQNGUP66.js} +34 -69
- package/dist/resolve-agent-identity-BQNGUP66.js.map +1 -0
- package/dist/{resolve-agent-identity-C9Jc2NhJ.d.ts → resolve-agent-identity-BqYlDgBX.d.ts} +4 -11
- package/dist/{resolve-agent-identity-C9Jc2NhJ.d.ts.map → resolve-agent-identity-BqYlDgBX.d.ts.map} +1 -1
- package/dist/{serve-command-Dz6nvnzQ.js → serve-command-4BNOH14H.js} +5 -5
- package/dist/{serve-command-Dz6nvnzQ.js.map → serve-command-4BNOH14H.js.map} +1 -1
- package/dist/{typescript-artifact-BVLt3Ifd.js → typescript-artifact-EQH4tZ0C.js} +2 -2
- package/dist/{typescript-artifact-BVLt3Ifd.js.map → typescript-artifact-EQH4tZ0C.js.map} +1 -1
- package/dist/{upstream-mcp-client-runtime-Be_cw6pV.js → upstream-mcp-client-runtime-vu2TiTUw.js} +3 -3
- package/dist/{upstream-mcp-client-runtime-Be_cw6pV.js.map → upstream-mcp-client-runtime-vu2TiTUw.js.map} +1 -1
- package/dist/{upstream-response-middleware-1MZnAD9C.d.ts → upstream-response-middleware-CkV-rDNO.d.ts} +1 -1
- package/dist/{upstream-response-middleware-1MZnAD9C.d.ts.map → upstream-response-middleware-CkV-rDNO.d.ts.map} +1 -1
- package/dist/{upstream-response-middleware-Cd1MxA6A.js → upstream-response-middleware-_dthoE1r.js} +2 -2
- package/dist/{upstream-response-middleware-Cd1MxA6A.js.map → upstream-response-middleware-_dthoE1r.js.map} +1 -1
- package/dist/{zod-schema-loader-DLGQpYFD.d.ts → zod-schema-loader-BubVafy-.d.ts} +9 -2
- package/dist/zod-schema-loader-BubVafy-.d.ts.map +1 -0
- package/dist/{zod-schema-loader-yNekKNpm.js → zod-schema-loader-C3I-MnWq.js} +76 -5
- package/dist/zod-schema-loader-C3I-MnWq.js.map +1 -0
- package/package.json +3 -3
- package/dist/portal-auth/hmac-token.d.ts.map +0 -1
- package/dist/portal-core-B5cRpZMG.js.map +0 -1
- package/dist/portal-core-Ckq-Mrzb.d.ts.map +0 -1
- package/dist/portal-tools-DA7j2pyv.js.map +0 -1
- package/dist/resolve-agent-identity-ZMMY2Wqm.js.map +0 -1
- package/dist/zod-schema-loader-DLGQpYFD.d.ts.map +0 -1
- package/dist/zod-schema-loader-yNekKNpm.js.map +0 -1
|
@@ -56,4 +56,4 @@ function verifyAgentBearerAuthorization(props) {
|
|
|
56
56
|
//#endregion
|
|
57
57
|
export { verifyAgentBearerAuthorization as i, deriveAgentBearerToken as n, formatMasterKeyFingerprint as r, decodePortalMasterKey as t };
|
|
58
58
|
|
|
59
|
-
//# sourceMappingURL=agent-bearer-token-
|
|
59
|
+
//# sourceMappingURL=agent-bearer-token-NtEqghPk.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-bearer-token-
|
|
1
|
+
{"version":3,"file":"agent-bearer-token-NtEqghPk.js","names":[],"sources":["../src/portal-auth/agent-bearer-token.ts"],"sourcesContent":["import { createHash, createHmac, timingSafeEqual } from 'node:crypto';\n\nexport interface DeriveAgentBearerTokenProps {\n\treadonly agentId: string;\n\treadonly credentialVersion: number;\n\treadonly masterKey: Buffer;\n}\n\nexport interface VerifyAgentBearerAuthorizationProps extends DeriveAgentBearerTokenProps {\n\treadonly authorizationHeader: string | undefined;\n}\n\nexport type VerifyAgentBearerAuthorizationResult =\n\t| { readonly ok: true }\n\t| { readonly ok: false; readonly reason: 'malformed' | 'missing' | 'signature-mismatch' };\n\nconst bearerPurposePrefix = 'mcp-proxy:agent:';\nconst minimumMasterKeyBytes = 32;\nconst base64UrlPattern = /^[A-Za-z0-9_-]+$/u;\n\nexport function decodePortalMasterKey(encodedMasterKey: string): Buffer {\n\tconst trimmedMasterKey = encodedMasterKey.trim();\n\tif (!base64UrlPattern.test(trimmedMasterKey)) {\n\t\tthrow new Error('MCP Portal masterKey must be base64url-encoded key material.');\n\t}\n\tconst masterKey = Buffer.from(trimmedMasterKey, 'base64url');\n\tif (masterKey.length < minimumMasterKeyBytes) {\n\t\tthrow new Error(\n\t\t\t`MCP Portal masterKey must decode to at least ${String(minimumMasterKeyBytes)} bytes.`,\n\t\t);\n\t}\n\tif (masterKey.toString('base64url') !== trimmedMasterKey) {\n\t\tthrow new Error('MCP Portal masterKey must be canonical base64url without padding.');\n\t}\n\treturn masterKey;\n}\n\nexport function deriveAgentBearerToken(props: DeriveAgentBearerTokenProps): string {\n\treturn createHmac('sha256', props.masterKey)\n\t\t.update(`${bearerPurposePrefix}${props.agentId}:v${String(props.credentialVersion)}`)\n\t\t.digest('base64url');\n}\n\nexport function formatMasterKeyFingerprint(masterKey: Buffer): string {\n\treturn `sha256:${createHash('sha256').update(masterKey).digest('base64url')}`;\n}\n\nfunction timingSafeEqualToken(left: string, right: string): boolean {\n\tconst leftBuffer = Buffer.from(left);\n\tconst rightBuffer = Buffer.from(right);\n\treturn leftBuffer.length === rightBuffer.length && timingSafeEqual(leftBuffer, rightBuffer);\n}\n\nfunction mismatchedTokenWithExpectedLength(expectedToken: string): string {\n\tconst replacementPrefix = expectedToken.startsWith('A') ? 'B' : 'A';\n\treturn `${replacementPrefix}${expectedToken.slice(1)}`;\n}\n\nexport function verifyAgentBearerAuthorization(\n\tprops: VerifyAgentBearerAuthorizationProps,\n): VerifyAgentBearerAuthorizationResult {\n\tconst expectedToken = deriveAgentBearerToken({\n\t\tagentId: props.agentId,\n\t\tcredentialVersion: props.credentialVersion,\n\t\tmasterKey: props.masterKey,\n\t});\n\tconst mismatchedToken = mismatchedTokenWithExpectedLength(expectedToken);\n\n\tif (props.authorizationHeader === undefined) {\n\t\ttimingSafeEqualToken(mismatchedToken, expectedToken);\n\t\treturn { ok: false, reason: 'missing' };\n\t}\n\tconst [scheme, token, extra] = props.authorizationHeader.split(/\\s+/u);\n\tif (scheme !== 'Bearer' || token === undefined || token.length === 0 || extra !== undefined) {\n\t\ttimingSafeEqualToken(mismatchedToken, expectedToken);\n\t\treturn { ok: false, reason: 'malformed' };\n\t}\n\tconst comparableToken = token.length === expectedToken.length ? token : mismatchedToken;\n\tif (!timingSafeEqualToken(comparableToken, expectedToken)) {\n\t\treturn { ok: false, reason: 'signature-mismatch' };\n\t}\n\treturn { ok: true };\n}\n"],"mappings":";;AAgBA,MAAM,sBAAsB;AAC5B,MAAM,wBAAwB;AAC9B,MAAM,mBAAmB;AAEzB,SAAgB,sBAAsB,kBAAkC;CACvE,MAAM,mBAAmB,iBAAiB,MAAM;CAChD,IAAI,CAAC,iBAAiB,KAAK,iBAAiB,EAC3C,MAAM,IAAI,MAAM,+DAA+D;CAEhF,MAAM,YAAY,OAAO,KAAK,kBAAkB,YAAY;CAC5D,IAAI,UAAU,SAAS,uBACtB,MAAM,IAAI,MACT,gDAAgD,OAAO,sBAAsB,CAAC,SAC9E;CAEF,IAAI,UAAU,SAAS,YAAY,KAAK,kBACvC,MAAM,IAAI,MAAM,oEAAoE;CAErF,OAAO;;AAGR,SAAgB,uBAAuB,OAA4C;CAClF,OAAO,WAAW,UAAU,MAAM,UAAU,CAC1C,OAAO,GAAG,sBAAsB,MAAM,QAAQ,IAAI,OAAO,MAAM,kBAAkB,GAAG,CACpF,OAAO,YAAY;;AAGtB,SAAgB,2BAA2B,WAA2B;CACrE,OAAO,UAAU,WAAW,SAAS,CAAC,OAAO,UAAU,CAAC,OAAO,YAAY;;AAG5E,SAAS,qBAAqB,MAAc,OAAwB;CACnE,MAAM,aAAa,OAAO,KAAK,KAAK;CACpC,MAAM,cAAc,OAAO,KAAK,MAAM;CACtC,OAAO,WAAW,WAAW,YAAY,UAAU,gBAAgB,YAAY,YAAY;;AAG5F,SAAS,kCAAkC,eAA+B;CAEzE,OAAO,GADmB,cAAc,WAAW,IAAI,GAAG,MAAM,MAClC,cAAc,MAAM,EAAE;;AAGrD,SAAgB,+BACf,OACuC;CACvC,MAAM,gBAAgB,uBAAuB;EAC5C,SAAS,MAAM;EACf,mBAAmB,MAAM;EACzB,WAAW,MAAM;EACjB,CAAC;CACF,MAAM,kBAAkB,kCAAkC,cAAc;CAExE,IAAI,MAAM,wBAAwB,KAAA,GAAW;EAC5C,qBAAqB,iBAAiB,cAAc;EACpD,OAAO;GAAE,IAAI;GAAO,QAAQ;GAAW;;CAExC,MAAM,CAAC,QAAQ,OAAO,SAAS,MAAM,oBAAoB,MAAM,OAAO;CACtE,IAAI,WAAW,YAAY,UAAU,KAAA,KAAa,MAAM,WAAW,KAAK,UAAU,KAAA,GAAW;EAC5F,qBAAqB,iBAAiB,cAAc;EACpD,OAAO;GAAE,IAAI;GAAO,QAAQ;GAAa;;CAG1C,IAAI,CAAC,qBADmB,MAAM,WAAW,cAAc,SAAS,QAAQ,iBAC7B,cAAc,EACxD,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAsB;CAEnD,OAAO,EAAE,IAAI,MAAM"}
|
package/dist/bin/mcp-portal.js
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
import { a as portalToolRecordSchema } from "../zod-schema-loader-
|
|
3
|
-
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-
|
|
4
|
-
import { i as resolveUpstreamServers, n as createPortalCore } from "../portal-core-
|
|
5
|
-
import { t as generateTypescriptCatalogArtifact } from "../typescript-artifact-
|
|
6
|
-
import { n as deriveAgentBearerToken, r as formatMasterKeyFingerprint, t as decodePortalMasterKey } from "../agent-bearer-token-
|
|
7
|
-
import { i as resolveAgentHmacKeys, n as createPortalApprovalVerifier, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-
|
|
8
|
-
import { c as resolveSecretValue, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer } from "../serve-command-
|
|
2
|
+
import { a as portalToolRecordSchema } from "../zod-schema-loader-C3I-MnWq.js";
|
|
3
|
+
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-vu2TiTUw.js";
|
|
4
|
+
import { i as resolveUpstreamServers, n as createPortalCore } from "../portal-core-B8HZPw3z.js";
|
|
5
|
+
import { t as generateTypescriptCatalogArtifact } from "../typescript-artifact-EQH4tZ0C.js";
|
|
6
|
+
import { n as deriveAgentBearerToken, r as formatMasterKeyFingerprint, t as decodePortalMasterKey } from "../agent-bearer-token-NtEqghPk.js";
|
|
7
|
+
import { i as resolveAgentHmacKeys, n as createPortalApprovalVerifier, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-BQNGUP66.js";
|
|
8
|
+
import { c as resolveSecretValue, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer } from "../serve-command-4BNOH14H.js";
|
|
9
9
|
import { t as parseHmacKeysFromEnv } from "../hmac-env-B4shpRRB.js";
|
|
10
10
|
import { z } from "zod";
|
|
11
11
|
import { loadMcpConfig, loadMcpPortalConfig } from "@agent-vm/config-contracts";
|
package/dist/cli/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { L as PortalToolSelector } from "../portal-session-5ksK1G9Z.js";
|
|
2
|
-
import { f as PortalHttpAuditEvent, n as PortalApprovalAuditEvent } from "../resolve-agent-identity-
|
|
2
|
+
import { f as PortalHttpAuditEvent, n as PortalApprovalAuditEvent } from "../resolve-agent-identity-BqYlDgBX.js";
|
|
3
3
|
import { McpPortalAgentConfig, McpPortalConfig, SecretValue } from "@agent-vm/config-contracts";
|
|
4
4
|
import { SecretResolver, createSecretResolver, resolveServiceAccountToken } from "@agent-vm/secret-management";
|
|
5
5
|
import { serve } from "@hono/node-server";
|
package/dist/cli/index.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { a as handlePortalServerError, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer, t as applyAgentOverrides } from "../serve-command-
|
|
1
|
+
import { a as handlePortalServerError, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer, t as applyAgentOverrides } from "../serve-command-4BNOH14H.js";
|
|
2
2
|
export { applyAgentOverrides, buildProfilePolicyMaps, createServeSecretResolver, deriveApprovalHmacKeysFromMasterKey, handlePortalServerError, parsePortalServerCliArgs, startPortalServer };
|
package/dist/core/index.d.ts
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
import { n as PortalToolRecord, s as JsonObject } from "../catalog-types-BVuB4Ynx.js";
|
|
2
|
-
import { L as PortalToolSelector } from "../portal-session-5ksK1G9Z.js";
|
|
3
|
-
import { A as
|
|
4
|
-
import { S as createUpstreamMcpClientRuntime, r as redactCredentialText, u as NormalizedUpstreamMcpServer } from "../upstream-response-middleware-
|
|
5
|
-
import {
|
|
2
|
+
import { L as PortalToolSelector, P as PortalAgentIdentity } from "../portal-session-5ksK1G9Z.js";
|
|
3
|
+
import { A as PortalToolHandlers, C as PortalApprovalEvaluation, D as PortalCallUpstreamTool, E as PortalBatchResult, F as PortalUpstreamEvent, I as createPortalToolHandlers, L as portalToolInputSchemas, M as PortalToolResultMap, N as PortalToolRuntime, O as PortalToolFailure, P as PortalToolSuccess, R as preparePortalApprovalCallDigests, S as PortalApprovalCallDigestMap, T as PortalBatchError, _ as collectPortalCoreResult, a as PortalCore, b as PortalApprovalCall, c as PortalCoreEvent, d as PortalCoreResult, f as PortalCoreRuntime, g as PortalCoreValidationIssue, h as PortalCoreToolName, i as PortalAuditEvent, j as PortalToolResult, k as PortalToolHandlerCall, l as PortalCoreItemError, m as PortalCoreToolDescriptor, n as PortalAgentScope, o as PortalCoreCollectOptions, p as PortalCoreStreamCall, r as PortalApprovalEvaluator, s as PortalCoreContentBlock, t as CreatePortalCoreProps, u as PortalCoreItemResult, v as createPortalCore, w as PortalBatchDiagnostic, x as PortalApprovalCallDecision, y as listPortalCoreToolDescriptors } from "../portal-core-B7scBU6I.js";
|
|
4
|
+
import { S as createUpstreamMcpClientRuntime, r as redactCredentialText, u as NormalizedUpstreamMcpServer } from "../upstream-response-middleware-CkV-rDNO.js";
|
|
5
|
+
import { r as InputValidationIssue } from "../zod-schema-loader-BubVafy-.js";
|
|
6
|
+
import { McpConfig, ResolvedMcpPortalProfile, SecretValue } from "@agent-vm/config-contracts";
|
|
6
7
|
|
|
7
8
|
//#region src/core/provider-runtime.d.ts
|
|
8
9
|
interface ResolveUpstreamServersProps {
|
|
@@ -11,17 +12,34 @@ interface ResolveUpstreamServersProps {
|
|
|
11
12
|
}
|
|
12
13
|
declare function resolveUpstreamServers(props: ResolveUpstreamServersProps): Promise<readonly NormalizedUpstreamMcpServer[]>;
|
|
13
14
|
//#endregion
|
|
15
|
+
//#region src/core/portal-approval-evaluator.d.ts
|
|
16
|
+
interface PortalApprovalPolicyRecord {
|
|
17
|
+
readonly hmacKey?: Buffer;
|
|
18
|
+
readonly profile: ResolvedMcpPortalProfile;
|
|
19
|
+
}
|
|
20
|
+
interface CreatePortalPolicyApprovalEvaluatorProps {
|
|
21
|
+
readonly consumeTokenId?: (agentId: string, jti: string, expiresAtMs: number) => {
|
|
22
|
+
readonly ok: true;
|
|
23
|
+
} | {
|
|
24
|
+
readonly ok: false;
|
|
25
|
+
readonly reason: 'replay-cache-full' | 'replayed';
|
|
26
|
+
};
|
|
27
|
+
readonly missingApprovalTokenDecision?: Extract<PortalApprovalCallDecision, {
|
|
28
|
+
readonly kind: 'approval_required' | 'approval_token_missing';
|
|
29
|
+
}>;
|
|
30
|
+
readonly maxLifetimeMs?: number;
|
|
31
|
+
readonly nowMs?: () => number;
|
|
32
|
+
readonly resolveRecord: (agentId: string) => PortalApprovalPolicyRecord | undefined;
|
|
33
|
+
}
|
|
34
|
+
declare function createPortalPolicyApprovalEvaluator(props: CreatePortalPolicyApprovalEvaluatorProps): (calls: readonly PortalApprovalCall[], identity: PortalAgentIdentity | string, token: string | undefined) => PortalApprovalEvaluation;
|
|
35
|
+
//#endregion
|
|
14
36
|
//#region src/core/portal-call-validation.d.ts
|
|
15
37
|
declare function validatePortalToolArguments(tool: PortalToolRecord, argumentsValue: JsonObject): {
|
|
16
38
|
readonly ok: true;
|
|
17
39
|
readonly value: unknown;
|
|
18
40
|
} | {
|
|
19
41
|
readonly error: {
|
|
20
|
-
readonly issues: readonly
|
|
21
|
-
readonly code: string;
|
|
22
|
-
readonly message: string;
|
|
23
|
-
readonly path: readonly (number | string)[];
|
|
24
|
-
}[];
|
|
42
|
+
readonly issues: readonly InputValidationIssue[];
|
|
25
43
|
readonly kind: 'input_validation';
|
|
26
44
|
readonly namespace: string;
|
|
27
45
|
readonly toolName: string;
|
|
@@ -36,5 +54,5 @@ declare function validatePortalToolArguments(tool: PortalToolRecord, argumentsVa
|
|
|
36
54
|
readonly ok: false;
|
|
37
55
|
};
|
|
38
56
|
//#endregion
|
|
39
|
-
export { CreatePortalCoreProps, PortalAgentScope, PortalApprovalCall, PortalApprovalEvaluator, PortalAuditEvent, PortalBatchDiagnostic, PortalBatchError, PortalBatchResult, PortalCallUpstreamTool, PortalCore, PortalCoreCollectOptions, PortalCoreContentBlock, PortalCoreEvent, PortalCoreItemError, PortalCoreItemResult, PortalCoreResult, PortalCoreRuntime, PortalCoreStreamCall, PortalCoreToolDescriptor, PortalCoreToolName, PortalToolFailure, PortalToolHandlerCall, PortalToolHandlers, PortalToolResult, PortalToolResultMap, PortalToolRuntime, type PortalToolSelector, PortalToolSuccess, PortalUpstreamEvent, ResolveUpstreamServersProps, collectPortalCoreResult, createPortalCore, createPortalToolHandlers, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, portalToolInputSchemas, redactCredentialText, resolveUpstreamServers, validatePortalToolArguments };
|
|
57
|
+
export { CreatePortalCoreProps, CreatePortalPolicyApprovalEvaluatorProps, PortalAgentScope, PortalApprovalCall, PortalApprovalCallDecision, PortalApprovalCallDigestMap, PortalApprovalEvaluation, PortalApprovalEvaluator, PortalApprovalPolicyRecord, PortalAuditEvent, PortalBatchDiagnostic, PortalBatchError, PortalBatchResult, PortalCallUpstreamTool, PortalCore, PortalCoreCollectOptions, PortalCoreContentBlock, PortalCoreEvent, PortalCoreItemError, PortalCoreItemResult, PortalCoreResult, PortalCoreRuntime, PortalCoreStreamCall, PortalCoreToolDescriptor, PortalCoreToolName, PortalCoreValidationIssue, PortalToolFailure, PortalToolHandlerCall, PortalToolHandlers, PortalToolResult, PortalToolResultMap, PortalToolRuntime, type PortalToolSelector, PortalToolSuccess, PortalUpstreamEvent, ResolveUpstreamServersProps, collectPortalCoreResult, createPortalCore, createPortalPolicyApprovalEvaluator, createPortalToolHandlers, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, portalToolInputSchemas, preparePortalApprovalCallDigests, redactCredentialText, resolveUpstreamServers, validatePortalToolArguments };
|
|
40
58
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/core/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/core/provider-runtime.ts","../../src/core/portal-call-validation.ts"],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/core/provider-runtime.ts","../../src/core/portal-approval-evaluator.ts","../../src/core/portal-call-validation.ts"],"mappings":";;;;;;;;UASiB,2BAAA;EAAA,SACP,MAAA,EAAQ,SAAA;EAAA,SACR,aAAA,GAAgB,MAAA,EAAQ,WAAA,KAAgB,OAAA;AAAA;AAAA,iBAsC5B,sBAAA,CACrB,KAAA,EAAO,2BAAA,GACL,OAAA,UAAiB,2BAAA;;;UCxCH,0BAAA;EAAA,SACP,OAAA,GAAU,MAAA;EAAA,SACV,OAAA,EAAS,wBAAA;AAAA;AAAA,UAGF,wCAAA;EAAA,SACP,cAAA,IACR,OAAA,UACA,GAAA,UACA,WAAA;IAAA,SAEa,EAAA;EAAA;IAAA,SACA,EAAA;IAAA,SAAoB,MAAA;EAAA;EAAA,SACzB,4BAAA,GAA+B,OAAA,CACvC,0BAAA;IAAA,SACW,IAAA;EAAA;EAAA,SAEH,aAAA;EAAA,SACA,KAAA;EAAA,SACA,aAAA,GAAgB,OAAA,aAAoB,0BAAA;AAAA;AAAA,iBAqB9B,mCAAA,CACf,KAAA,EAAO,wCAAA,IAEP,KAAA,WAAgB,kBAAA,IAChB,QAAA,EAAU,mBAAA,WACV,KAAA,yBACI,wBAAA;;;iBClDW,2BAAA,CACf,IAAA,EAAM,gBAAA,EACN,cAAA,EAAgB,UAAA;EAAA,SAEH,EAAA;EAAA,SAAmB,KAAA;AAAA;EAAA,SAErB,KAAA;IAAA,SAEG,MAAA,WAAiB,oBAAA;IAAA,SACjB,IAAA;IAAA,SACA,SAAA;IAAA,SACA,QAAA;EAAA;IAAA,SAGA,OAAA;IAAA,SACA,IAAA;IAAA,SACA,OAAA;IAAA,SACA,SAAA;IAAA,SACA,IAAA;IAAA,SACA,QAAA;EAAA;EAAA,SAEH,EAAA;AAAA"}
|
package/dist/core/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { n as redactCredentialText } from "../upstream-response-middleware-
|
|
2
|
-
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-
|
|
3
|
-
import { i as resolveUpstreamServers, n as createPortalCore, r as listPortalCoreToolDescriptors, t as collectPortalCoreResult } from "../portal-core-
|
|
4
|
-
import { n as portalToolInputSchemas, r as
|
|
5
|
-
export { collectPortalCoreResult, createPortalCore, createPortalToolHandlers, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, portalToolInputSchemas, redactCredentialText, resolveUpstreamServers, validatePortalToolArguments };
|
|
1
|
+
import { n as redactCredentialText } from "../upstream-response-middleware-_dthoE1r.js";
|
|
2
|
+
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-vu2TiTUw.js";
|
|
3
|
+
import { i as resolveUpstreamServers, n as createPortalCore, r as listPortalCoreToolDescriptors, t as collectPortalCoreResult } from "../portal-core-B8HZPw3z.js";
|
|
4
|
+
import { a as createPortalPolicyApprovalEvaluator, i as validatePortalToolArguments, n as portalToolInputSchemas, r as preparePortalApprovalCallDigests, t as createPortalToolHandlers } from "../portal-tools-fFyF72Nl.js";
|
|
5
|
+
export { collectPortalCoreResult, createPortalCore, createPortalPolicyApprovalEvaluator, createPortalToolHandlers, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, portalToolInputSchemas, preparePortalApprovalCallDigests, redactCredentialText, resolveUpstreamServers, validatePortalToolArguments };
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
//#region src/portal-auth/hmac-token.d.ts
|
|
2
|
+
interface ApprovalTokenCallDigest {
|
|
3
|
+
readonly argumentsHash: string;
|
|
4
|
+
readonly namespace: string;
|
|
5
|
+
readonly toolName: string;
|
|
6
|
+
}
|
|
7
|
+
interface SignApprovalTokenProps {
|
|
8
|
+
readonly agentId: string;
|
|
9
|
+
readonly calls: readonly ApprovalTokenCallDigest[];
|
|
10
|
+
readonly expiresAtMs: number;
|
|
11
|
+
readonly issuedAtMs?: number;
|
|
12
|
+
readonly jti?: string;
|
|
13
|
+
readonly key: Buffer;
|
|
14
|
+
}
|
|
15
|
+
interface VerifyApprovalTokenProps {
|
|
16
|
+
readonly agentId: string;
|
|
17
|
+
readonly calls: readonly ApprovalTokenCallDigest[];
|
|
18
|
+
readonly key: Buffer;
|
|
19
|
+
readonly consumeTokenId?: (jti: string, expiresAtMs: number) => {
|
|
20
|
+
readonly ok: true;
|
|
21
|
+
} | {
|
|
22
|
+
readonly ok: false;
|
|
23
|
+
readonly reason: 'replay-cache-full' | 'replayed';
|
|
24
|
+
};
|
|
25
|
+
readonly maxLifetimeMs?: number;
|
|
26
|
+
readonly nowMs: number;
|
|
27
|
+
readonly token: string;
|
|
28
|
+
}
|
|
29
|
+
type VerifyApprovalTokenResult = {
|
|
30
|
+
readonly ok: true;
|
|
31
|
+
} | {
|
|
32
|
+
readonly ok: false;
|
|
33
|
+
readonly reason: 'agent-mismatch' | 'call-mismatch' | 'expired' | 'malformed' | 'replay-cache-full' | 'replayed' | 'signature-mismatch' | 'ttl-exceeded';
|
|
34
|
+
};
|
|
35
|
+
declare function hashCallArguments(args: unknown): string;
|
|
36
|
+
declare function signApprovalToken(props: SignApprovalTokenProps): string;
|
|
37
|
+
declare function verifyApprovalToken(props: VerifyApprovalTokenProps): VerifyApprovalTokenResult;
|
|
38
|
+
//#endregion
|
|
39
|
+
export { hashCallArguments as a, VerifyApprovalTokenResult as i, SignApprovalTokenProps as n, signApprovalToken as o, VerifyApprovalTokenProps as r, verifyApprovalToken as s, ApprovalTokenCallDigest as t };
|
|
40
|
+
//# sourceMappingURL=hmac-token-B3QdUvuG.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hmac-token-B3QdUvuG.d.ts","names":[],"sources":["../src/portal-auth/hmac-token.ts"],"mappings":";UAIiB,uBAAA;EAAA,SACP,aAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;AAAA;AAAA,UAGO,sBAAA;EAAA,SACP,OAAA;EAAA,SACA,KAAA,WAAgB,uBAAA;EAAA,SAChB,WAAA;EAAA,SACA,UAAA;EAAA,SACA,GAAA;EAAA,SACA,GAAA,EAAK,MAAA;AAAA;AAAA,UAGE,wBAAA;EAAA,SACP,OAAA;EAAA,SACA,KAAA,WAAgB,uBAAA;EAAA,SAChB,GAAA,EAAK,MAAA;EAAA,SACL,cAAA,IACR,GAAA,UACA,WAAA;IAAA,SAEa,EAAA;EAAA;IAAA,SACA,EAAA;IAAA,SAAoB,MAAA;EAAA;EAAA,SACzB,aAAA;EAAA,SACA,KAAA;EAAA,SACA,KAAA;AAAA;AAAA,KAGE,yBAAA;EAAA,SACE,EAAA;AAAA;EAAA,SAEF,EAAA;EAAA,SACA,MAAA;AAAA;AAAA,iBAkDI,iBAAA,CAAkB,IAAA;AAAA,iBAIlB,iBAAA,CAAkB,KAAA,EAAO,sBAAA;AAAA,iBA6CzB,mBAAA,CAAoB,KAAA,EAAO,wBAAA,GAA2B,yBAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hmac-token-
|
|
1
|
+
{"version":3,"file":"hmac-token-D3c9OUTE.js","names":[],"sources":["../src/portal-auth/hmac-token.ts"],"sourcesContent":["import { createHash, createHmac, randomUUID, timingSafeEqual } from 'node:crypto';\n\nimport { z } from 'zod';\n\nexport interface ApprovalTokenCallDigest {\n\treadonly argumentsHash: string;\n\treadonly namespace: string;\n\treadonly toolName: string;\n}\n\nexport interface SignApprovalTokenProps {\n\treadonly agentId: string;\n\treadonly calls: readonly ApprovalTokenCallDigest[];\n\treadonly expiresAtMs: number;\n\treadonly issuedAtMs?: number;\n\treadonly jti?: string;\n\treadonly key: Buffer;\n}\n\nexport interface VerifyApprovalTokenProps {\n\treadonly agentId: string;\n\treadonly calls: readonly ApprovalTokenCallDigest[];\n\treadonly key: Buffer;\n\treadonly consumeTokenId?: (\n\t\tjti: string,\n\t\texpiresAtMs: number,\n\t) =>\n\t\t| { readonly ok: true }\n\t\t| { readonly ok: false; readonly reason: 'replay-cache-full' | 'replayed' };\n\treadonly maxLifetimeMs?: number;\n\treadonly nowMs: number;\n\treadonly token: string;\n}\n\nexport type VerifyApprovalTokenResult =\n\t| { readonly ok: true }\n\t| {\n\t\t\treadonly ok: false;\n\t\t\treadonly reason:\n\t\t\t\t| 'agent-mismatch'\n\t\t\t\t| 'call-mismatch'\n\t\t\t\t| 'expired'\n\t\t\t\t| 'malformed'\n\t\t\t\t| 'replay-cache-full'\n\t\t\t\t| 'replayed'\n\t\t\t\t| 'signature-mismatch'\n\t\t\t\t| 'ttl-exceeded';\n\t };\n\nconst approvalTokenCallDigestSchema = z\n\t.object({\n\t\targumentsHash: z.string().min(1),\n\t\tnamespace: z.string().min(1),\n\t\ttoolName: z.string().min(1),\n\t})\n\t.strict();\n\nconst approvalTokenPayloadSchema = z\n\t.object({\n\t\tagentId: z.string().min(1),\n\t\tcalls: z.array(approvalTokenCallDigestSchema),\n\t\texp: z.number().int(),\n\t\tiat: z.number().int(),\n\t\tjti: z.string().min(1),\n\t})\n\t.strict();\n\ntype ApprovalTokenPayload = z.infer<typeof approvalTokenPayloadSchema>;\n\nfunction base64UrlEncode(value: Buffer | string): string {\n\tconst buffer = typeof value === 'string' ? Buffer.from(value, 'utf8') : value;\n\treturn buffer.toString('base64url');\n}\n\nfunction canonicalize(value: unknown): string {\n\tif (value === null || typeof value !== 'object') {\n\t\treturn JSON.stringify(value ?? null);\n\t}\n\tif (Array.isArray(value)) {\n\t\treturn `[${value.map(canonicalize).join(',')}]`;\n\t}\n\tconst entries = Object.entries(value)\n\t\t.filter((entry) => entry[1] !== undefined)\n\t\t.toSorted(([leftKey], [rightKey]) => leftKey.localeCompare(rightKey))\n\t\t.map(([key, entryValue]) => `${JSON.stringify(key)}:${canonicalize(entryValue)}`);\n\treturn `{${entries.join(',')}}`;\n}\n\nexport function hashCallArguments(args: unknown): string {\n\treturn createHash('sha256').update(canonicalize(args)).digest('base64url');\n}\n\nexport function signApprovalToken(props: SignApprovalTokenProps): string {\n\tconst payload = {\n\t\tagentId: props.agentId,\n\t\tcalls: [...props.calls],\n\t\texp: props.expiresAtMs,\n\t\tiat: props.issuedAtMs ?? Date.now(),\n\t\tjti: props.jti ?? randomUUID(),\n\t} satisfies ApprovalTokenPayload;\n\tconst payloadEncoded = base64UrlEncode(canonicalize(payload));\n\tconst signature = createHmac('sha256', props.key).update(payloadEncoded).digest('base64url');\n\treturn `${payloadEncoded}.${signature}`;\n}\n\nfunction parseApprovalTokenPayload(payloadEncoded: string): ApprovalTokenPayload | null {\n\ttry {\n\t\treturn approvalTokenPayloadSchema.parse(\n\t\t\tJSON.parse(Buffer.from(payloadEncoded, 'base64url').toString('utf8')),\n\t\t);\n\t} catch {\n\t\treturn null;\n\t}\n}\n\nfunction isApprovalTokenParts(parts: readonly string[]): parts is readonly [string, string] {\n\treturn parts.length === 2;\n}\n\nfunction callsMatch(\n\tleftCalls: readonly ApprovalTokenCallDigest[],\n\trightCalls: readonly ApprovalTokenCallDigest[],\n): boolean {\n\tif (leftCalls.length !== rightCalls.length) {\n\t\treturn false;\n\t}\n\treturn leftCalls.every((leftCall, index) => {\n\t\tconst rightCall = rightCalls[index];\n\t\treturn (\n\t\t\trightCall !== undefined &&\n\t\t\tleftCall.argumentsHash === rightCall.argumentsHash &&\n\t\t\tleftCall.namespace === rightCall.namespace &&\n\t\t\tleftCall.toolName === rightCall.toolName\n\t\t);\n\t});\n}\n\nexport function verifyApprovalToken(props: VerifyApprovalTokenProps): VerifyApprovalTokenResult {\n\tconst parts = props.token.split('.');\n\tif (!isApprovalTokenParts(parts)) {\n\t\treturn { ok: false, reason: 'malformed' };\n\t}\n\tconst [payloadEncoded, signatureEncoded] = parts;\n\tconst expectedSignature = createHmac('sha256', props.key).update(payloadEncoded).digest();\n\tconst providedSignature = Buffer.from(signatureEncoded, 'base64url');\n\tif (\n\t\tprovidedSignature.length !== expectedSignature.length ||\n\t\t!timingSafeEqual(providedSignature, expectedSignature)\n\t) {\n\t\treturn { ok: false, reason: 'signature-mismatch' };\n\t}\n\n\tconst payload = parseApprovalTokenPayload(payloadEncoded);\n\tif (payload === null) {\n\t\treturn { ok: false, reason: 'malformed' };\n\t}\n\tif (payload.exp <= props.nowMs) {\n\t\treturn { ok: false, reason: 'expired' };\n\t}\n\tif (props.maxLifetimeMs !== undefined && payload.exp - payload.iat > props.maxLifetimeMs) {\n\t\treturn { ok: false, reason: 'ttl-exceeded' };\n\t}\n\tif (payload.agentId !== props.agentId) {\n\t\treturn { ok: false, reason: 'agent-mismatch' };\n\t}\n\tif (!callsMatch(payload.calls, props.calls)) {\n\t\treturn { ok: false, reason: 'call-mismatch' };\n\t}\n\tif (props.consumeTokenId !== undefined) {\n\t\tconst consumeResult = props.consumeTokenId(payload.jti, payload.exp);\n\t\tif (!consumeResult.ok) {\n\t\t\treturn { ok: false, reason: consumeResult.reason };\n\t\t}\n\t}\n\treturn { ok: true };\n}\n"],"mappings":";;;AAiDA,MAAM,gCAAgC,EACpC,OAAO;CACP,eAAe,EAAE,QAAQ,CAAC,IAAI,EAAE;CAChC,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC3B,CAAC,CACD,QAAQ;AAEV,MAAM,6BAA6B,EACjC,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC1B,OAAO,EAAE,MAAM,8BAA8B;CAC7C,KAAK,EAAE,QAAQ,CAAC,KAAK;CACrB,KAAK,EAAE,QAAQ,CAAC,KAAK;CACrB,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE;CACtB,CAAC,CACD,QAAQ;AAIV,SAAS,gBAAgB,OAAgC;CAExD,QADe,OAAO,UAAU,WAAW,OAAO,KAAK,OAAO,OAAO,GAAG,OAC1D,SAAS,YAAY;;AAGpC,SAAS,aAAa,OAAwB;CAC7C,IAAI,UAAU,QAAQ,OAAO,UAAU,UACtC,OAAO,KAAK,UAAU,SAAS,KAAK;CAErC,IAAI,MAAM,QAAQ,MAAM,EACvB,OAAO,IAAI,MAAM,IAAI,aAAa,CAAC,KAAK,IAAI,CAAC;CAM9C,OAAO,IAJS,OAAO,QAAQ,MAAM,CACnC,QAAQ,UAAU,MAAM,OAAO,KAAA,EAAU,CACzC,UAAU,CAAC,UAAU,CAAC,cAAc,QAAQ,cAAc,SAAS,CAAC,CACpE,KAAK,CAAC,KAAK,gBAAgB,GAAG,KAAK,UAAU,IAAI,CAAC,GAAG,aAAa,WAAW,GAC7D,CAAC,KAAK,IAAI,CAAC;;AAG9B,SAAgB,kBAAkB,MAAuB;CACxD,OAAO,WAAW,SAAS,CAAC,OAAO,aAAa,KAAK,CAAC,CAAC,OAAO,YAAY;;AAG3E,SAAgB,kBAAkB,OAAuC;CAQxE,MAAM,iBAAiB,gBAAgB,aAAa;EANnD,SAAS,MAAM;EACf,OAAO,CAAC,GAAG,MAAM,MAAM;EACvB,KAAK,MAAM;EACX,KAAK,MAAM,cAAc,KAAK,KAAK;EACnC,KAAK,MAAM,OAAO,YAAY;EAE4B,CAAC,CAAC;CAE7D,OAAO,GAAG,eAAe,GADP,WAAW,UAAU,MAAM,IAAI,CAAC,OAAO,eAAe,CAAC,OAAO,YAC3C;;AAGtC,SAAS,0BAA0B,gBAAqD;CACvF,IAAI;EACH,OAAO,2BAA2B,MACjC,KAAK,MAAM,OAAO,KAAK,gBAAgB,YAAY,CAAC,SAAS,OAAO,CAAC,CACrE;SACM;EACP,OAAO;;;AAIT,SAAS,qBAAqB,OAA8D;CAC3F,OAAO,MAAM,WAAW;;AAGzB,SAAS,WACR,WACA,YACU;CACV,IAAI,UAAU,WAAW,WAAW,QACnC,OAAO;CAER,OAAO,UAAU,OAAO,UAAU,UAAU;EAC3C,MAAM,YAAY,WAAW;EAC7B,OACC,cAAc,KAAA,KACd,SAAS,kBAAkB,UAAU,iBACrC,SAAS,cAAc,UAAU,aACjC,SAAS,aAAa,UAAU;GAEhC;;AAGH,SAAgB,oBAAoB,OAA4D;CAC/F,MAAM,QAAQ,MAAM,MAAM,MAAM,IAAI;CACpC,IAAI,CAAC,qBAAqB,MAAM,EAC/B,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAa;CAE1C,MAAM,CAAC,gBAAgB,oBAAoB;CAC3C,MAAM,oBAAoB,WAAW,UAAU,MAAM,IAAI,CAAC,OAAO,eAAe,CAAC,QAAQ;CACzF,MAAM,oBAAoB,OAAO,KAAK,kBAAkB,YAAY;CACpE,IACC,kBAAkB,WAAW,kBAAkB,UAC/C,CAAC,gBAAgB,mBAAmB,kBAAkB,EAEtD,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAsB;CAGnD,MAAM,UAAU,0BAA0B,eAAe;CACzD,IAAI,YAAY,MACf,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAa;CAE1C,IAAI,QAAQ,OAAO,MAAM,OACxB,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAW;CAExC,IAAI,MAAM,kBAAkB,KAAA,KAAa,QAAQ,MAAM,QAAQ,MAAM,MAAM,eAC1E,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAgB;CAE7C,IAAI,QAAQ,YAAY,MAAM,SAC7B,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAkB;CAE/C,IAAI,CAAC,WAAW,QAAQ,OAAO,MAAM,MAAM,EAC1C,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAiB;CAE9C,IAAI,MAAM,mBAAmB,KAAA,GAAW;EACvC,MAAM,gBAAgB,MAAM,eAAe,QAAQ,KAAK,QAAQ,IAAI;EACpE,IAAI,CAAC,cAAc,IAClB,OAAO;GAAE,IAAI;GAAO,QAAQ,cAAc;GAAQ;;CAGpD,OAAO,EAAE,IAAI,MAAM"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { a as safeToolMetadataSchema, c as JsonPrimitive, d as isJsonObject, f as jsonObjectSchema, i as portalToolRecordSchema, l as JsonValue, n as PortalToolRecord, o as JsonArray, p as jsonValueSchema, r as portalToolAnnotationsSchema, s as JsonObject, t as PortalToolAnnotations, u as assertJsonObject } from "./catalog-types-BVuB4Ynx.js";
|
|
2
2
|
import { A as ToolRef, B as portalAgentScopeKey, C as ToolGraph, D as ToolRelationshipType, E as ToolRelationshipEndpoint, F as PortalAgentScopeSource, I as PortalDefaultPolicy, L as PortalToolSelector, M as encodeToolRef, N as PortalAccessPolicyConfig, O as buildToolGraph, P as PortalAgentIdentity, R as ResolvedPortalAccessPolicy, S as SkillGraphInput, T as ToolRelationship, V as resolvePortalAccessPolicy, _ as ToolSchemaSummary, a as PortalSessionManagerOptions, b as summarizeJsonSchema, c as SearchIndex, d as ToolRelationshipHint, f as ToolSearchResult, g as ToolSchemaHintNext, h as ToolSchemaHint, i as PortalSessionManager, j as decodeToolRef, k as ToolIdentity, l as SearchQuery, m as ToolSafetySummary, n as PortalDiscoveryFailure, o as PortalSessionRuntime, p as createSearchIndex, r as PortalSession, s as createPortalSessionManager, t as PortalCatalogSnapshot, u as SearchResultSet, v as ToolSummary, w as ToolGraphInput, x as ScopedSkillGraphEntry, y as createToolSummary, z as createPortalAgentIdentity } from "./portal-session-5ksK1G9Z.js";
|
|
3
|
-
import { S as createUpstreamMcpClientRuntime, _ as UpstreamMcpProgress, a as redactThrownError, b as UpstreamToolCall, c as toRedactedJsonValue, d as RemoteUpstreamMcpServer, f as StdioUpstreamMcpServer, g as UpstreamMcpCloseErrorContext, h as UpstreamMcpClientRuntime, i as redactExactCredentialText, l as ListToolsCall, m as UpstreamMcpClientLike, n as isCredentialConfigKey, o as redactUpstreamCatalogValue, p as UpstreamListToolsResult, r as redactCredentialText, s as redactUpstreamResponse, t as RedactionOptions, u as NormalizedUpstreamMcpServer, v as UpstreamMcpRuntimeOptions, x as UpstreamToolEvent, y as UpstreamMcpTransportKind } from "./upstream-response-middleware-
|
|
4
|
-
import { a as SchemaValidationUnavailableError, i as PortalValidationResult, n as InputValidationError, o as buildZodValidatorFromJsonSchema, r as InputValidationIssue, t as BuiltZodValidator } from "./zod-schema-loader-
|
|
3
|
+
import { S as createUpstreamMcpClientRuntime, _ as UpstreamMcpProgress, a as redactThrownError, b as UpstreamToolCall, c as toRedactedJsonValue, d as RemoteUpstreamMcpServer, f as StdioUpstreamMcpServer, g as UpstreamMcpCloseErrorContext, h as UpstreamMcpClientRuntime, i as redactExactCredentialText, l as ListToolsCall, m as UpstreamMcpClientLike, n as isCredentialConfigKey, o as redactUpstreamCatalogValue, p as UpstreamListToolsResult, r as redactCredentialText, s as redactUpstreamResponse, t as RedactionOptions, u as NormalizedUpstreamMcpServer, v as UpstreamMcpRuntimeOptions, x as UpstreamToolEvent, y as UpstreamMcpTransportKind } from "./upstream-response-middleware-CkV-rDNO.js";
|
|
4
|
+
import { a as SchemaValidationUnavailableError, i as PortalValidationResult, n as InputValidationError, o as buildZodValidatorFromJsonSchema, r as InputValidationIssue, t as BuiltZodValidator } from "./zod-schema-loader-BubVafy-.js";
|
|
5
5
|
|
|
6
6
|
//#region src/upstream-mcp-errors.d.ts
|
|
7
7
|
type UpstreamMcpFailurePhase = 'call_tool' | 'connect' | 'list_tools';
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { a as portalToolRecordSchema, c as isJsonObject, i as portalToolAnnotationsSchema, l as jsonObjectSchema, n as decodeToolRef, o as safeToolMetadataSchema, r as encodeToolRef, s as assertJsonObject, t as buildZodValidatorFromJsonSchema, u as jsonValueSchema } from "./zod-schema-loader-
|
|
2
|
-
import { _ as createPortalAgentIdentity, a as redactUpstreamCatalogValue, c as UpstreamMcpError, d as isUpstreamMcpError, f as messageFromUnknownError, g as summarizeJsonSchema, h as createToolSummary, i as redactThrownError, l as createUpstreamMcpError, m as upstreamMcpFailureDetailsFromUnknown, n as redactCredentialText, o as redactUpstreamResponse, p as transportSummaryFromServer, r as redactExactCredentialText, s as toRedactedJsonValue, t as isCredentialConfigKey, u as formatUpstreamMcpFailureMessage, v as portalAgentScopeKey, y as resolvePortalAccessPolicy } from "./upstream-response-middleware-
|
|
3
|
-
import { i as createSearchIndex, n as createPortalSessionManager, r as buildToolGraph, t as createUpstreamMcpClientRuntime } from "./upstream-mcp-client-runtime-
|
|
1
|
+
import { a as portalToolRecordSchema, c as isJsonObject, i as portalToolAnnotationsSchema, l as jsonObjectSchema, n as decodeToolRef, o as safeToolMetadataSchema, r as encodeToolRef, s as assertJsonObject, t as buildZodValidatorFromJsonSchema, u as jsonValueSchema } from "./zod-schema-loader-C3I-MnWq.js";
|
|
2
|
+
import { _ as createPortalAgentIdentity, a as redactUpstreamCatalogValue, c as UpstreamMcpError, d as isUpstreamMcpError, f as messageFromUnknownError, g as summarizeJsonSchema, h as createToolSummary, i as redactThrownError, l as createUpstreamMcpError, m as upstreamMcpFailureDetailsFromUnknown, n as redactCredentialText, o as redactUpstreamResponse, p as transportSummaryFromServer, r as redactExactCredentialText, s as toRedactedJsonValue, t as isCredentialConfigKey, u as formatUpstreamMcpFailureMessage, v as portalAgentScopeKey, y as resolvePortalAccessPolicy } from "./upstream-response-middleware-_dthoE1r.js";
|
|
3
|
+
import { i as createSearchIndex, n as createPortalSessionManager, r as buildToolGraph, t as createUpstreamMcpClientRuntime } from "./upstream-mcp-client-runtime-vu2TiTUw.js";
|
|
4
4
|
export { UpstreamMcpError, assertJsonObject, buildToolGraph, buildZodValidatorFromJsonSchema, createPortalAgentIdentity, createPortalSessionManager, createSearchIndex, createToolSummary, createUpstreamMcpClientRuntime, createUpstreamMcpError, decodeToolRef, encodeToolRef, formatUpstreamMcpFailureMessage, isCredentialConfigKey, isJsonObject, isUpstreamMcpError, jsonObjectSchema, jsonValueSchema, messageFromUnknownError, portalAgentScopeKey, portalToolAnnotationsSchema, portalToolRecordSchema, redactCredentialText, redactExactCredentialText, redactThrownError, redactUpstreamCatalogValue, redactUpstreamResponse, resolvePortalAccessPolicy, safeToolMetadataSchema, summarizeJsonSchema, toRedactedJsonValue, transportSummaryFromServer, upstreamMcpFailureDetailsFromUnknown };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { a as PortalCore, c as PortalCoreEvent, m as PortalCoreToolDescriptor, n as PortalAgentScope } from "../portal-core-
|
|
2
|
-
import { a as createPortalApprovalVerifier, c as PortalAgentBearerAuth, d as PortalHttpAppOptions, f as PortalHttpAuditEvent, i as createPortalAgentRuntimeRecords, l as PortalHttpAgentIdentity, n as PortalApprovalAuditEvent, o as createPortalHttpAgentResolver, p as createPortalHttpApp, r as ResolveAgentHmacKeysProps, s as resolveAgentHmacKeys, t as PortalAgentRuntimeRecord, u as PortalHttpApp } from "../resolve-agent-identity-
|
|
1
|
+
import { a as PortalCore, c as PortalCoreEvent, m as PortalCoreToolDescriptor, n as PortalAgentScope } from "../portal-core-B7scBU6I.js";
|
|
2
|
+
import { a as createPortalApprovalVerifier, c as PortalAgentBearerAuth, d as PortalHttpAppOptions, f as PortalHttpAuditEvent, i as createPortalAgentRuntimeRecords, l as PortalHttpAgentIdentity, n as PortalApprovalAuditEvent, o as createPortalHttpAgentResolver, p as createPortalHttpApp, r as ResolveAgentHmacKeysProps, s as resolveAgentHmacKeys, t as PortalAgentRuntimeRecord, u as PortalHttpApp } from "../resolve-agent-identity-BqYlDgBX.js";
|
|
3
3
|
import { Tool } from "@modelcontextprotocol/sdk/types.js";
|
|
4
4
|
import { Server } from "@modelcontextprotocol/sdk/server/index.js";
|
|
5
5
|
|
package/dist/mcp-proxy/index.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { a as createPortalHttpApp, c as listPortalMcpTools, i as resolveAgentHmacKeys, l as portalMcpToolNames, n as createPortalApprovalVerifier, o as createPortalMcpServer, r as createPortalHttpAgentResolver, s as emitMcpProgress, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-
|
|
1
|
+
import { a as createPortalHttpApp, c as listPortalMcpTools, i as resolveAgentHmacKeys, l as portalMcpToolNames, n as createPortalApprovalVerifier, o as createPortalMcpServer, r as createPortalHttpAgentResolver, s as emitMcpProgress, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-BQNGUP66.js";
|
|
2
2
|
export { createPortalAgentRuntimeRecords, createPortalApprovalVerifier, createPortalHttpAgentResolver, createPortalHttpApp, createPortalMcpServer, emitMcpProgress, listPortalMcpTools, portalMcpToolNames, resolveAgentHmacKeys };
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { i as verifyAgentBearerAuthorization, n as deriveAgentBearerToken, r as formatMasterKeyFingerprint, t as decodePortalMasterKey } from "../agent-bearer-token-
|
|
1
|
+
import { i as verifyAgentBearerAuthorization, n as deriveAgentBearerToken, r as formatMasterKeyFingerprint, t as decodePortalMasterKey } from "../agent-bearer-token-NtEqghPk.js";
|
|
2
2
|
export { decodePortalMasterKey, deriveAgentBearerToken, formatMasterKeyFingerprint, verifyAgentBearerAuthorization };
|
|
@@ -1,40 +1,2 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
readonly argumentsHash: string;
|
|
4
|
-
readonly namespace: string;
|
|
5
|
-
readonly toolName: string;
|
|
6
|
-
}
|
|
7
|
-
interface SignApprovalTokenProps {
|
|
8
|
-
readonly agentId: string;
|
|
9
|
-
readonly calls: readonly ApprovalTokenCallDigest[];
|
|
10
|
-
readonly expiresAtMs: number;
|
|
11
|
-
readonly issuedAtMs?: number;
|
|
12
|
-
readonly jti?: string;
|
|
13
|
-
readonly key: Buffer;
|
|
14
|
-
}
|
|
15
|
-
interface VerifyApprovalTokenProps {
|
|
16
|
-
readonly agentId: string;
|
|
17
|
-
readonly calls: readonly ApprovalTokenCallDigest[];
|
|
18
|
-
readonly key: Buffer;
|
|
19
|
-
readonly consumeTokenId?: (jti: string, expiresAtMs: number) => {
|
|
20
|
-
readonly ok: true;
|
|
21
|
-
} | {
|
|
22
|
-
readonly ok: false;
|
|
23
|
-
readonly reason: 'replay-cache-full' | 'replayed';
|
|
24
|
-
};
|
|
25
|
-
readonly maxLifetimeMs?: number;
|
|
26
|
-
readonly nowMs: number;
|
|
27
|
-
readonly token: string;
|
|
28
|
-
}
|
|
29
|
-
type VerifyApprovalTokenResult = {
|
|
30
|
-
readonly ok: true;
|
|
31
|
-
} | {
|
|
32
|
-
readonly ok: false;
|
|
33
|
-
readonly reason: 'agent-mismatch' | 'call-mismatch' | 'expired' | 'malformed' | 'replay-cache-full' | 'replayed' | 'signature-mismatch' | 'ttl-exceeded';
|
|
34
|
-
};
|
|
35
|
-
declare function hashCallArguments(args: unknown): string;
|
|
36
|
-
declare function signApprovalToken(props: SignApprovalTokenProps): string;
|
|
37
|
-
declare function verifyApprovalToken(props: VerifyApprovalTokenProps): VerifyApprovalTokenResult;
|
|
38
|
-
//#endregion
|
|
39
|
-
export { ApprovalTokenCallDigest, SignApprovalTokenProps, VerifyApprovalTokenProps, VerifyApprovalTokenResult, hashCallArguments, signApprovalToken, verifyApprovalToken };
|
|
40
|
-
//# sourceMappingURL=hmac-token.d.ts.map
|
|
1
|
+
import { a as hashCallArguments, i as VerifyApprovalTokenResult, n as SignApprovalTokenProps, o as signApprovalToken, r as VerifyApprovalTokenProps, s as verifyApprovalToken, t as ApprovalTokenCallDigest } from "../hmac-token-B3QdUvuG.js";
|
|
2
|
+
export { ApprovalTokenCallDigest, SignApprovalTokenProps, VerifyApprovalTokenProps, VerifyApprovalTokenResult, hashCallArguments, signApprovalToken, verifyApprovalToken };
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { n as signApprovalToken, r as verifyApprovalToken, t as hashCallArguments } from "../hmac-token-
|
|
1
|
+
import { n as signApprovalToken, r as verifyApprovalToken, t as hashCallArguments } from "../hmac-token-D3c9OUTE.js";
|
|
2
2
|
export { hashCallArguments, signApprovalToken, verifyApprovalToken };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { n as PortalToolRecord } from "../catalog-types-BVuB4Ynx.js";
|
|
2
|
-
import { a as SchemaValidationUnavailableError, i as PortalValidationResult, n as InputValidationError, o as buildZodValidatorFromJsonSchema, r as InputValidationIssue, t as BuiltZodValidator } from "../zod-schema-loader-
|
|
2
|
+
import { a as SchemaValidationUnavailableError, i as PortalValidationResult, n as InputValidationError, o as buildZodValidatorFromJsonSchema, r as InputValidationIssue, t as BuiltZodValidator } from "../zod-schema-loader-BubVafy-.js";
|
|
3
3
|
|
|
4
4
|
//#region src/portal-config/typescript-artifact.d.ts
|
|
5
5
|
interface CatalogArtifactInput {
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import { t as buildZodValidatorFromJsonSchema } from "../zod-schema-loader-
|
|
2
|
-
import { t as generateTypescriptCatalogArtifact } from "../typescript-artifact-
|
|
1
|
+
import { t as buildZodValidatorFromJsonSchema } from "../zod-schema-loader-C3I-MnWq.js";
|
|
2
|
+
import { t as generateTypescriptCatalogArtifact } from "../typescript-artifact-EQH4tZ0C.js";
|
|
3
3
|
export { buildZodValidatorFromJsonSchema, generateTypescriptCatalogArtifact };
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
-
import { n as PortalToolRecord, s as JsonObject } from "./catalog-types-BVuB4Ynx.js";
|
|
1
|
+
import { l as JsonValue, n as PortalToolRecord, s as JsonObject } from "./catalog-types-BVuB4Ynx.js";
|
|
2
2
|
import { F as PortalAgentScopeSource, N as PortalAccessPolicyConfig, P as PortalAgentIdentity, S as SkillGraphInput, o as PortalSessionRuntime, r as PortalSession } from "./portal-session-5ksK1G9Z.js";
|
|
3
|
+
import { t as ApprovalTokenCallDigest } from "./hmac-token-B3QdUvuG.js";
|
|
3
4
|
import { Tool } from "@modelcontextprotocol/sdk/types.js";
|
|
4
5
|
|
|
5
6
|
//#region src/core/portal-tools.d.ts
|
|
@@ -113,26 +114,36 @@ type PortalUpstreamEvent = {
|
|
|
113
114
|
readonly kind: 'partial_content';
|
|
114
115
|
};
|
|
115
116
|
interface PortalToolRuntime {
|
|
116
|
-
readonly approval?: (calls: readonly PortalApprovalCall[], identity: PortalAgentIdentity, approvalToken: string | undefined) =>
|
|
117
|
-
readonly kind: 'allow';
|
|
118
|
-
} | {
|
|
119
|
-
readonly kind: 'approval_token_invalid';
|
|
120
|
-
readonly reason: string;
|
|
121
|
-
} | {
|
|
122
|
-
readonly kind: 'approval_token_missing';
|
|
123
|
-
} | {
|
|
124
|
-
readonly kind: 'approval_required';
|
|
125
|
-
readonly level: 'critical' | 'standard';
|
|
126
|
-
};
|
|
117
|
+
readonly approval?: (calls: readonly PortalApprovalCall[], identity: PortalAgentIdentity, approvalToken: string | undefined) => PortalApprovalEvaluation;
|
|
127
118
|
readonly callUpstreamTool: (call: PortalCallUpstreamTool) => Promise<unknown>;
|
|
128
119
|
readonly getSession: (identity: PortalAgentIdentity) => Promise<PortalSession>;
|
|
129
120
|
}
|
|
121
|
+
type PortalApprovalCallDecision = {
|
|
122
|
+
readonly kind: 'allow';
|
|
123
|
+
} | {
|
|
124
|
+
readonly kind: 'approval_configuration_missing';
|
|
125
|
+
} | {
|
|
126
|
+
readonly kind: 'approval_required';
|
|
127
|
+
readonly level: 'critical' | 'standard';
|
|
128
|
+
} | {
|
|
129
|
+
readonly kind: 'approval_token_invalid';
|
|
130
|
+
readonly reason: string;
|
|
131
|
+
} | {
|
|
132
|
+
readonly kind: 'approval_token_missing';
|
|
133
|
+
} | {
|
|
134
|
+
readonly kind: 'call_blocked';
|
|
135
|
+
};
|
|
136
|
+
interface PortalApprovalEvaluation {
|
|
137
|
+
readonly decisionsByCallId: Readonly<Record<string, PortalApprovalCallDecision>>;
|
|
138
|
+
}
|
|
139
|
+
type PortalApprovalCallDigestMap = Readonly<Record<string, ApprovalTokenCallDigest>>;
|
|
130
140
|
interface PortalToolHandlers {
|
|
131
141
|
readonly call: (call: PortalToolHandlerCall) => Promise<PortalBatchResult>;
|
|
132
142
|
readonly describe: (call: PortalToolHandlerCall) => Promise<PortalBatchResult>;
|
|
133
143
|
readonly list: (call: PortalToolHandlerCall) => Promise<PortalBatchResult>;
|
|
134
144
|
readonly search: (call: PortalToolHandlerCall) => Promise<PortalBatchResult>;
|
|
135
145
|
}
|
|
146
|
+
declare function preparePortalApprovalCallDigests(session: PortalSession, input: unknown): PortalApprovalCallDigestMap | null;
|
|
136
147
|
declare function createPortalToolHandlers(runtime: PortalToolRuntime): PortalToolHandlers;
|
|
137
148
|
//#endregion
|
|
138
149
|
//#region src/core/portal-core.d.ts
|
|
@@ -169,11 +180,26 @@ type PortalCoreItemResult = {
|
|
|
169
180
|
};
|
|
170
181
|
interface PortalCoreItemError {
|
|
171
182
|
readonly code: string;
|
|
183
|
+
readonly issues?: readonly PortalCoreValidationIssue[];
|
|
184
|
+
readonly issueCount?: number;
|
|
185
|
+
readonly issuesTruncated?: number;
|
|
172
186
|
readonly message: string;
|
|
173
187
|
readonly namespace?: string;
|
|
174
188
|
readonly toolName?: string;
|
|
175
189
|
readonly upstream?: unknown;
|
|
176
190
|
}
|
|
191
|
+
interface PortalCoreValidationIssue {
|
|
192
|
+
readonly code: string;
|
|
193
|
+
readonly expected?: string;
|
|
194
|
+
readonly keys?: readonly string[];
|
|
195
|
+
readonly message: string;
|
|
196
|
+
readonly path: readonly (number | string)[];
|
|
197
|
+
readonly received?: {
|
|
198
|
+
readonly preview?: string;
|
|
199
|
+
readonly type: string;
|
|
200
|
+
};
|
|
201
|
+
readonly values?: readonly JsonValue[];
|
|
202
|
+
}
|
|
177
203
|
type PortalCoreContentBlock = {
|
|
178
204
|
readonly text: string;
|
|
179
205
|
readonly type: 'text';
|
|
@@ -241,16 +267,16 @@ interface CreatePortalCoreBaseProps {
|
|
|
241
267
|
readonly skills?: readonly SkillGraphInput[];
|
|
242
268
|
readonly upstreamNamespaces: readonly string[];
|
|
243
269
|
}
|
|
244
|
-
|
|
270
|
+
interface CreatePortalCoreProps extends CreatePortalCoreBaseProps {
|
|
245
271
|
readonly approval: PortalApprovalEvaluator;
|
|
246
|
-
|
|
247
|
-
}) | (CreatePortalCoreBaseProps & {
|
|
248
|
-
readonly approval?: never;
|
|
249
|
-
readonly approvalTrustBoundary: 'openclaw-before-tool-call-hook';
|
|
250
|
-
});
|
|
272
|
+
}
|
|
251
273
|
interface PortalCore {
|
|
252
274
|
readonly approval: {
|
|
253
275
|
readonly evaluateCalls: (calls: readonly PortalApprovalCall[], scope: PortalAgentScope, approvalToken: string | undefined) => ReturnType<PortalApprovalEvaluator>;
|
|
276
|
+
readonly prepareCallDigests: (props: {
|
|
277
|
+
readonly input: unknown;
|
|
278
|
+
readonly scope: PortalAgentScope;
|
|
279
|
+
}) => Promise<PortalApprovalCallDigestMap | null>;
|
|
254
280
|
};
|
|
255
281
|
readonly callStream: (call: PortalCoreStreamCall) => AsyncIterable<PortalCoreEvent>;
|
|
256
282
|
readonly close: () => Promise<void>;
|
|
@@ -277,5 +303,5 @@ declare function listPortalCoreToolDescriptors(namespaces?: readonly string[]):
|
|
|
277
303
|
declare function collectPortalCoreResult(events: AsyncIterable<PortalCoreEvent>, options?: PortalCoreCollectOptions): Promise<PortalCoreResult>;
|
|
278
304
|
declare function createPortalCore(props: CreatePortalCoreProps): PortalCore;
|
|
279
305
|
//#endregion
|
|
280
|
-
export {
|
|
281
|
-
//# sourceMappingURL=portal-core-
|
|
306
|
+
export { PortalToolHandlers as A, PortalApprovalEvaluation as C, PortalCallUpstreamTool as D, PortalBatchResult as E, PortalUpstreamEvent as F, createPortalToolHandlers as I, portalToolInputSchemas as L, PortalToolResultMap as M, PortalToolRuntime as N, PortalToolFailure as O, PortalToolSuccess as P, preparePortalApprovalCallDigests as R, PortalApprovalCallDigestMap as S, PortalBatchError as T, collectPortalCoreResult as _, PortalCore as a, PortalApprovalCall as b, PortalCoreEvent as c, PortalCoreResult as d, PortalCoreRuntime as f, PortalCoreValidationIssue as g, PortalCoreToolName as h, PortalAuditEvent as i, PortalToolResult as j, PortalToolHandlerCall as k, PortalCoreItemError as l, PortalCoreToolDescriptor as m, PortalAgentScope as n, PortalCoreCollectOptions as o, PortalCoreStreamCall as p, PortalApprovalEvaluator as r, PortalCoreContentBlock as s, CreatePortalCoreProps as t, PortalCoreItemResult as u, createPortalCore as v, PortalBatchDiagnostic as w, PortalApprovalCallDecision as x, listPortalCoreToolDescriptors as y };
|
|
307
|
+
//# sourceMappingURL=portal-core-B7scBU6I.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"portal-core-B7scBU6I.d.ts","names":[],"sources":["../src/core/portal-tools.ts","../src/core/portal-core.ts"],"mappings":";;;;;;UAmBiB,iBAAA;EAAA,SACP,KAAA,EAAO,QAAA,CAAS,MAAA;EAAA,SAChB,EAAA;EAAA,SACA,MAAA,EAAQ,QAAA,CAAS,MAAA;AAAA;AAAA,UAGV,iBAAA;EAAA,SACP,KAAA;EAAA,SACA,KAAA,EAAO,QAAA,CAAS,MAAA;EAAA,SAChB,EAAA;AAAA;AAAA,KAGE,gBAAA,GAAmB,iBAAA,GAAoB,iBAAA;AAAA,KACvC,mBAAA,GAAsB,QAAA,CAAS,MAAA,SAAe,gBAAA;AAAA,UAEzC,gBAAA;EAAA,SACP,EAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA;AAAA;AAAA,UAGO,qBAAA;EAAA,SACP,YAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;EAAA,SACA,KAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA;AAAA;AAAA,UAGO,iBAAA;EAAA,SACP,WAAA,WAAsB,qBAAA;EAAA,SACtB,MAAA,WAAiB,gBAAA;EAAA,SACjB,EAAA;EAAA,SACA,OAAA,EAAS,mBAAA;AAAA;AAAA,UAGF,kBAAA;EAAA,SACP,SAAA,EAAW,UAAA;EAAA,SACX,EAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA,EAAM,gBAAA;EAAA,SACN,QAAA;AAAA;AAAA,cAyHG,sBAAA;EAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;UAOI,qBAAA;EAAA,SACP,QAAA,EAAU,mBAAA;EAAA,SACV,KAAA;AAAA;AAAA,UAGO,sBAAA;EAAA,SACP,SAAA,EAAW,UAAA;EAAA,SACX,YAAA;EAAA,SACA,SAAA;EAAA,SACA,OAAA,IAAW,KAAA,EAAO,mBAAA,KAAwB,OAAA;EAAA,SAC1C,SAAA;EAAA,SACA,MAAA,GAAS,WAAA;EAAA,SACT,QAAA;AAAA;AAAA,KAGE,mBAAA;EAAA,SAEA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,QAAA;EAAA,SACA,KAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,MAAA;EAAA,SACA,MAAA;AAAA;EAAA,SAGA,OAAA;IAAA,SACK,IAAA;IAAA,SAAuB,IAAA;EAAA;IAAA,SACvB,IAAA;IAAA,SAAuB,KAAA;EAAA;EAAA,SAC5B,IAAA;AAAA;AAAA,UAGK,iBAAA;EAAA,SACP,QAAA,IACR,KAAA,WAAgB,kBAAA,IAChB,QAAA,EAAU,mBAAA,EACV,aAAA,yBACI,wBAAA;EAAA,SACI,gBAAA,GAAmB,IAAA,EAAM,sBAAA,KAA2B,OAAA;EAAA,SACpD,UAAA,GAAa,QAAA,EAAU,mBAAA,KAAwB,OAAA,CAAQ,aAAA;AAAA;AAAA,KAGrD,0BAAA;EAAA,SACE,IAAA;AAAA;EAAA,SACA,IAAA;AAAA;EAAA,SACA,IAAA;EAAA,SAAoC,KAAA;AAAA;EAAA,SACpC,IAAA;EAAA,SAAyC,MAAA;AAAA;EAAA,SACzC,IAAA;AAAA;EAAA,SACA,IAAA;AAAA;AAAA,UAEG,wBAAA;EAAA,SACP,iBAAA,EAAmB,QAAA,CAAS,MAAA,SAAe,0BAAA;AAAA;AAAA,KAGzC,2BAAA,GAA8B,QAAA,CAAS,MAAA,SAAe,uBAAA;AAAA,UAEjD,kBAAA;EAAA,SACP,IAAA,GAAO,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;EAAA,SAC/C,QAAA,GAAW,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;EAAA,SACnD,IAAA,GAAO,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;EAAA,SAC/C,MAAA,GAAS,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;AAAA;AAAA,iBA2a3C,gCAAA,CACf,OAAA,EAAS,aAAA,EACT,KAAA,YACE,2BAAA;AAAA,iBAwCa,wBAAA,CAAyB,OAAA,EAAS,iBAAA,GAAoB,kBAAA;;;KCxrB1D,gBAAA,GAAmB,mBAAA;AAAA,KAEnB,kBAAA;AAAA,UAMK,gBAAA;EAAA,SACP,YAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;EAAA,SACA,KAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA;AAAA;AAAA,UAGO,gBAAA;EAAA,SACP,WAAA,YAAuB,gBAAA;EAAA,SACvB,OAAA,WAAkB,sBAAA;EAAA,SAClB,KAAA,WAAgB,oBAAA;EAAA,SAChB,iBAAA;AAAA;AAAA,KAGE,oBAAA;EAAA,SAEA,OAAA,WAAkB,sBAAA;EAAA,SAClB,SAAA;EAAA,SACA,MAAA;EAAA,SACA,iBAAA;AAAA;EAAA,SAGA,KAAA,EAAO,mBAAA;EAAA,SACP,SAAA;EAAA,SACA,MAAA;AAAA;AAAA,UAGK,mBAAA;EAAA,SACP,IAAA;EAAA,SACA,MAAA,YAAkB,yBAAA;EAAA,SAClB,UAAA;EAAA,SACA,eAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;EAAA,SACA,QAAA;AAAA;AAAA,UAGO,yBAAA;EAAA,SACP,IAAA;EAAA,SACA,QAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,IAAA;EAAA,SACA,QAAA;IAAA,SACC,OAAA;IAAA,SACA,IAAA;EAAA;EAAA,SAED,MAAA,YAAkB,SAAA;AAAA;AAAA,KAGhB,sBAAA;EAAA,SACE,IAAA;EAAA,SAAuB,IAAA;AAAA;EAAA,SACvB,IAAA;EAAA,SAAuB,KAAA;AAAA;AAAA,KAEzB,eAAA;EAAA,SAEA,IAAA;EAAA,SACA,QAAA,EAAU,kBAAA;AAAA;EAAA,SAGV,IAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA;EAAA,SACA,KAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,MAAA;EAAA,SACA,MAAA;EAAA,SACA,SAAA;AAAA;EAAA,SAGA,OAAA,EAAS,sBAAA;EAAA,SACT,IAAA;EAAA,SACA,SAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,SAAA;EAAA,SACA,MAAA,EAAQ,OAAA,CAAQ,oBAAA;IAAA,SAAiC,MAAA;EAAA;AAAA;EAAA,SAGjD,KAAA,EAAO,mBAAA;EAAA,SACP,IAAA;EAAA,SACA,SAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,MAAA,EAAQ,gBAAA;AAAA;EAAA,SAGR,KAAA;EAAA,SACA,IAAA;AAAA;AAAA,UAGK,oBAAA;EAAA,SACP,KAAA;EAAA,SACA,KAAA,EAAO,gBAAA;EAAA,SACP,MAAA,GAAS,WAAA;EAAA,SACT,QAAA,EAAU,kBAAA;AAAA;AAAA,UAOH,wBAAA;EAAA,SACP,OAAA,IAAW,KAAA,EAAO,eAAA,KAAoB,OAAA;AAAA;AAAA,UAG/B,iBAAA,SAA0B,oBAAA;EAAA,SACjC,gBAAA,EAAkB,iBAAA;AAAA;AAAA,KAGhB,uBAAA,GAA0B,WAAA,CAAY,iBAAA;AAAA,UAExC,yBAAA;EAAA,SACA,YAAA,EAAc,wBAAA;EAAA,SACd,YAAA;EAAA,SACA,OAAA,EAAS,iBAAA;EAAA,SACT,MAAA,YAAkB,eAAA;EAAA,SAClB,kBAAA;AAAA;AAAA,UAGO,qBAAA,SAA8B,yBAAA;EAAA,SACrC,QAAA,EAAU,uBAAA;AAAA;AAAA,UAGH,UAAA;EAAA,SACP,QAAA;IAAA,SACC,aAAA,GACR,KAAA,WAAgB,kBAAA,IAChB,KAAA,EAAO,gBAAA,EACP,aAAA,yBACI,UAAA,CAAW,uBAAA;IAAA,SACP,kBAAA,GAAqB,KAAA;MAAA,SACpB,KAAA;MAAA,SACA,KAAA,EAAO,gBAAA;IAAA,MACX,OAAA,CAAQ,2BAAA;EAAA;EAAA,SAEN,UAAA,GAAa,IAAA,EAAM,oBAAA,KAAyB,aAAA,CAAc,eAAA;EAAA,SAC1D,KAAA,QAAa,OAAA;EAAA,SACb,uBAAA,SAAgC,uBAAA;EAAA,SAChC,gBAAA,GAAmB,KAAA;IAAA,SAClB,OAAA;IAAA,SACA,YAAA;IAAA,SACA,WAAA;IAAA,SACA,SAAA;IAAA,SACA,UAAA;IAAA,SACA,MAAA,EAAQ,sBAAA;EAAA,MACZ,gBAAA;EAAA,SACG,aAAA,GAAgB,KAAA,EAAO,gBAAA,cAA8B,wBAAA;EAAA,SACrD,oBAAA,GAAuB,YAAA,aAAyB,OAAA;EAAA,SAChD,iBAAA,GAAoB,KAAA,EAAO,gBAAA,KAAqB,OAAA;EAAA,SAChD,kBAAA;AAAA;AAAA,UAGO,wBAAA;EAAA,SACP,WAAA;EAAA,SACA,WAAA,EAAa,IAAA;EAAA,SACb,IAAA,EAAM,kBAAA;AAAA;AAAA,iBAkTA,6BAAA,CACf,UAAA,gCACW,wBAAA;AAAA,iBA6BU,uBAAA,CACrB,MAAA,EAAQ,aAAA,CAAc,eAAA,GACtB,OAAA,GAAS,wBAAA,GACP,OAAA,CAAQ,gBAAA;AAAA,iBA8KK,gBAAA,CAAiB,KAAA,EAAO,qBAAA,GAAwB,UAAA"}
|