@agent-vm/mcp-portal 0.0.80 → 0.0.81
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{agent-bearer-token-DCtpDPCZ.js → agent-bearer-token-NtEqghPk.js} +1 -1
- package/dist/{agent-bearer-token-DCtpDPCZ.js.map → agent-bearer-token-NtEqghPk.js.map} +1 -1
- package/dist/bin/mcp-portal.js +7 -7
- package/dist/cli/index.d.ts +1 -1
- package/dist/cli/index.js +1 -1
- package/dist/core/index.d.ts +28 -10
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +5 -5
- package/dist/hmac-token-B3QdUvuG.d.ts +40 -0
- package/dist/hmac-token-B3QdUvuG.d.ts.map +1 -0
- package/dist/{hmac-token-DBqWY3-w.js → hmac-token-D3c9OUTE.js} +1 -1
- package/dist/{hmac-token-DBqWY3-w.js.map → hmac-token-D3c9OUTE.js.map} +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.js +3 -3
- package/dist/mcp-proxy/index.d.ts +2 -2
- package/dist/mcp-proxy/index.js +1 -1
- package/dist/portal-auth/agent-bearer-token.js +1 -1
- package/dist/portal-auth/hmac-token.d.ts +2 -40
- package/dist/portal-auth/hmac-token.js +1 -1
- package/dist/portal-config/index.d.ts +1 -1
- package/dist/portal-config/index.js +2 -2
- package/dist/{portal-core-CatZlNq_.d.ts → portal-core-B7scBU6I.d.ts} +46 -22
- package/dist/portal-core-B7scBU6I.d.ts.map +1 -0
- package/dist/{portal-core-e-qajblz.js → portal-core-B8HZPw3z.js} +86 -10
- package/dist/portal-core-B8HZPw3z.js.map +1 -0
- package/dist/{portal-tools-Ct2GuFSc.js → portal-tools-fFyF72Nl.js} +174 -83
- package/dist/portal-tools-fFyF72Nl.js.map +1 -0
- package/dist/{resolve-agent-identity-Dnqv2hAW.js → resolve-agent-identity-BQNGUP66.js} +34 -78
- package/dist/resolve-agent-identity-BQNGUP66.js.map +1 -0
- package/dist/{resolve-agent-identity-C1xp9_2R.d.ts → resolve-agent-identity-BqYlDgBX.d.ts} +4 -13
- package/dist/{resolve-agent-identity-C1xp9_2R.d.ts.map → resolve-agent-identity-BqYlDgBX.d.ts.map} +1 -1
- package/dist/{serve-command-DHkYmO6n.js → serve-command-4BNOH14H.js} +5 -5
- package/dist/{serve-command-DHkYmO6n.js.map → serve-command-4BNOH14H.js.map} +1 -1
- package/dist/{typescript-artifact-BVLt3Ifd.js → typescript-artifact-EQH4tZ0C.js} +2 -2
- package/dist/{typescript-artifact-BVLt3Ifd.js.map → typescript-artifact-EQH4tZ0C.js.map} +1 -1
- package/dist/{upstream-mcp-client-runtime-Be_cw6pV.js → upstream-mcp-client-runtime-vu2TiTUw.js} +3 -3
- package/dist/{upstream-mcp-client-runtime-Be_cw6pV.js.map → upstream-mcp-client-runtime-vu2TiTUw.js.map} +1 -1
- package/dist/{upstream-response-middleware-1MZnAD9C.d.ts → upstream-response-middleware-CkV-rDNO.d.ts} +1 -1
- package/dist/{upstream-response-middleware-1MZnAD9C.d.ts.map → upstream-response-middleware-CkV-rDNO.d.ts.map} +1 -1
- package/dist/{upstream-response-middleware-Cd1MxA6A.js → upstream-response-middleware-_dthoE1r.js} +2 -2
- package/dist/{upstream-response-middleware-Cd1MxA6A.js.map → upstream-response-middleware-_dthoE1r.js.map} +1 -1
- package/dist/{zod-schema-loader-DLGQpYFD.d.ts → zod-schema-loader-BubVafy-.d.ts} +9 -2
- package/dist/zod-schema-loader-BubVafy-.d.ts.map +1 -0
- package/dist/{zod-schema-loader-yNekKNpm.js → zod-schema-loader-C3I-MnWq.js} +76 -5
- package/dist/zod-schema-loader-C3I-MnWq.js.map +1 -0
- package/package.json +3 -3
- package/dist/portal-auth/hmac-token.d.ts.map +0 -1
- package/dist/portal-core-CatZlNq_.d.ts.map +0 -1
- package/dist/portal-core-e-qajblz.js.map +0 -1
- package/dist/portal-tools-Ct2GuFSc.js.map +0 -1
- package/dist/resolve-agent-identity-Dnqv2hAW.js.map +0 -1
- package/dist/zod-schema-loader-DLGQpYFD.d.ts.map +0 -1
- package/dist/zod-schema-loader-yNekKNpm.js.map +0 -1
|
@@ -56,4 +56,4 @@ function verifyAgentBearerAuthorization(props) {
|
|
|
56
56
|
//#endregion
|
|
57
57
|
export { verifyAgentBearerAuthorization as i, deriveAgentBearerToken as n, formatMasterKeyFingerprint as r, decodePortalMasterKey as t };
|
|
58
58
|
|
|
59
|
-
//# sourceMappingURL=agent-bearer-token-
|
|
59
|
+
//# sourceMappingURL=agent-bearer-token-NtEqghPk.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-bearer-token-
|
|
1
|
+
{"version":3,"file":"agent-bearer-token-NtEqghPk.js","names":[],"sources":["../src/portal-auth/agent-bearer-token.ts"],"sourcesContent":["import { createHash, createHmac, timingSafeEqual } from 'node:crypto';\n\nexport interface DeriveAgentBearerTokenProps {\n\treadonly agentId: string;\n\treadonly credentialVersion: number;\n\treadonly masterKey: Buffer;\n}\n\nexport interface VerifyAgentBearerAuthorizationProps extends DeriveAgentBearerTokenProps {\n\treadonly authorizationHeader: string | undefined;\n}\n\nexport type VerifyAgentBearerAuthorizationResult =\n\t| { readonly ok: true }\n\t| { readonly ok: false; readonly reason: 'malformed' | 'missing' | 'signature-mismatch' };\n\nconst bearerPurposePrefix = 'mcp-proxy:agent:';\nconst minimumMasterKeyBytes = 32;\nconst base64UrlPattern = /^[A-Za-z0-9_-]+$/u;\n\nexport function decodePortalMasterKey(encodedMasterKey: string): Buffer {\n\tconst trimmedMasterKey = encodedMasterKey.trim();\n\tif (!base64UrlPattern.test(trimmedMasterKey)) {\n\t\tthrow new Error('MCP Portal masterKey must be base64url-encoded key material.');\n\t}\n\tconst masterKey = Buffer.from(trimmedMasterKey, 'base64url');\n\tif (masterKey.length < minimumMasterKeyBytes) {\n\t\tthrow new Error(\n\t\t\t`MCP Portal masterKey must decode to at least ${String(minimumMasterKeyBytes)} bytes.`,\n\t\t);\n\t}\n\tif (masterKey.toString('base64url') !== trimmedMasterKey) {\n\t\tthrow new Error('MCP Portal masterKey must be canonical base64url without padding.');\n\t}\n\treturn masterKey;\n}\n\nexport function deriveAgentBearerToken(props: DeriveAgentBearerTokenProps): string {\n\treturn createHmac('sha256', props.masterKey)\n\t\t.update(`${bearerPurposePrefix}${props.agentId}:v${String(props.credentialVersion)}`)\n\t\t.digest('base64url');\n}\n\nexport function formatMasterKeyFingerprint(masterKey: Buffer): string {\n\treturn `sha256:${createHash('sha256').update(masterKey).digest('base64url')}`;\n}\n\nfunction timingSafeEqualToken(left: string, right: string): boolean {\n\tconst leftBuffer = Buffer.from(left);\n\tconst rightBuffer = Buffer.from(right);\n\treturn leftBuffer.length === rightBuffer.length && timingSafeEqual(leftBuffer, rightBuffer);\n}\n\nfunction mismatchedTokenWithExpectedLength(expectedToken: string): string {\n\tconst replacementPrefix = expectedToken.startsWith('A') ? 'B' : 'A';\n\treturn `${replacementPrefix}${expectedToken.slice(1)}`;\n}\n\nexport function verifyAgentBearerAuthorization(\n\tprops: VerifyAgentBearerAuthorizationProps,\n): VerifyAgentBearerAuthorizationResult {\n\tconst expectedToken = deriveAgentBearerToken({\n\t\tagentId: props.agentId,\n\t\tcredentialVersion: props.credentialVersion,\n\t\tmasterKey: props.masterKey,\n\t});\n\tconst mismatchedToken = mismatchedTokenWithExpectedLength(expectedToken);\n\n\tif (props.authorizationHeader === undefined) {\n\t\ttimingSafeEqualToken(mismatchedToken, expectedToken);\n\t\treturn { ok: false, reason: 'missing' };\n\t}\n\tconst [scheme, token, extra] = props.authorizationHeader.split(/\\s+/u);\n\tif (scheme !== 'Bearer' || token === undefined || token.length === 0 || extra !== undefined) {\n\t\ttimingSafeEqualToken(mismatchedToken, expectedToken);\n\t\treturn { ok: false, reason: 'malformed' };\n\t}\n\tconst comparableToken = token.length === expectedToken.length ? token : mismatchedToken;\n\tif (!timingSafeEqualToken(comparableToken, expectedToken)) {\n\t\treturn { ok: false, reason: 'signature-mismatch' };\n\t}\n\treturn { ok: true };\n}\n"],"mappings":";;AAgBA,MAAM,sBAAsB;AAC5B,MAAM,wBAAwB;AAC9B,MAAM,mBAAmB;AAEzB,SAAgB,sBAAsB,kBAAkC;CACvE,MAAM,mBAAmB,iBAAiB,MAAM;CAChD,IAAI,CAAC,iBAAiB,KAAK,iBAAiB,EAC3C,MAAM,IAAI,MAAM,+DAA+D;CAEhF,MAAM,YAAY,OAAO,KAAK,kBAAkB,YAAY;CAC5D,IAAI,UAAU,SAAS,uBACtB,MAAM,IAAI,MACT,gDAAgD,OAAO,sBAAsB,CAAC,SAC9E;CAEF,IAAI,UAAU,SAAS,YAAY,KAAK,kBACvC,MAAM,IAAI,MAAM,oEAAoE;CAErF,OAAO;;AAGR,SAAgB,uBAAuB,OAA4C;CAClF,OAAO,WAAW,UAAU,MAAM,UAAU,CAC1C,OAAO,GAAG,sBAAsB,MAAM,QAAQ,IAAI,OAAO,MAAM,kBAAkB,GAAG,CACpF,OAAO,YAAY;;AAGtB,SAAgB,2BAA2B,WAA2B;CACrE,OAAO,UAAU,WAAW,SAAS,CAAC,OAAO,UAAU,CAAC,OAAO,YAAY;;AAG5E,SAAS,qBAAqB,MAAc,OAAwB;CACnE,MAAM,aAAa,OAAO,KAAK,KAAK;CACpC,MAAM,cAAc,OAAO,KAAK,MAAM;CACtC,OAAO,WAAW,WAAW,YAAY,UAAU,gBAAgB,YAAY,YAAY;;AAG5F,SAAS,kCAAkC,eAA+B;CAEzE,OAAO,GADmB,cAAc,WAAW,IAAI,GAAG,MAAM,MAClC,cAAc,MAAM,EAAE;;AAGrD,SAAgB,+BACf,OACuC;CACvC,MAAM,gBAAgB,uBAAuB;EAC5C,SAAS,MAAM;EACf,mBAAmB,MAAM;EACzB,WAAW,MAAM;EACjB,CAAC;CACF,MAAM,kBAAkB,kCAAkC,cAAc;CAExE,IAAI,MAAM,wBAAwB,KAAA,GAAW;EAC5C,qBAAqB,iBAAiB,cAAc;EACpD,OAAO;GAAE,IAAI;GAAO,QAAQ;GAAW;;CAExC,MAAM,CAAC,QAAQ,OAAO,SAAS,MAAM,oBAAoB,MAAM,OAAO;CACtE,IAAI,WAAW,YAAY,UAAU,KAAA,KAAa,MAAM,WAAW,KAAK,UAAU,KAAA,GAAW;EAC5F,qBAAqB,iBAAiB,cAAc;EACpD,OAAO;GAAE,IAAI;GAAO,QAAQ;GAAa;;CAG1C,IAAI,CAAC,qBADmB,MAAM,WAAW,cAAc,SAAS,QAAQ,iBAC7B,cAAc,EACxD,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAsB;CAEnD,OAAO,EAAE,IAAI,MAAM"}
|
package/dist/bin/mcp-portal.js
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
import { a as portalToolRecordSchema } from "../zod-schema-loader-
|
|
3
|
-
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-
|
|
4
|
-
import { i as resolveUpstreamServers, n as createPortalCore } from "../portal-core-
|
|
5
|
-
import { t as generateTypescriptCatalogArtifact } from "../typescript-artifact-
|
|
6
|
-
import { n as deriveAgentBearerToken, r as formatMasterKeyFingerprint, t as decodePortalMasterKey } from "../agent-bearer-token-
|
|
7
|
-
import { i as resolveAgentHmacKeys, n as createPortalApprovalVerifier, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-
|
|
8
|
-
import { c as resolveSecretValue, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer } from "../serve-command-
|
|
2
|
+
import { a as portalToolRecordSchema } from "../zod-schema-loader-C3I-MnWq.js";
|
|
3
|
+
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-vu2TiTUw.js";
|
|
4
|
+
import { i as resolveUpstreamServers, n as createPortalCore } from "../portal-core-B8HZPw3z.js";
|
|
5
|
+
import { t as generateTypescriptCatalogArtifact } from "../typescript-artifact-EQH4tZ0C.js";
|
|
6
|
+
import { n as deriveAgentBearerToken, r as formatMasterKeyFingerprint, t as decodePortalMasterKey } from "../agent-bearer-token-NtEqghPk.js";
|
|
7
|
+
import { i as resolveAgentHmacKeys, n as createPortalApprovalVerifier, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-BQNGUP66.js";
|
|
8
|
+
import { c as resolveSecretValue, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer } from "../serve-command-4BNOH14H.js";
|
|
9
9
|
import { t as parseHmacKeysFromEnv } from "../hmac-env-B4shpRRB.js";
|
|
10
10
|
import { z } from "zod";
|
|
11
11
|
import { loadMcpConfig, loadMcpPortalConfig } from "@agent-vm/config-contracts";
|
package/dist/cli/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { L as PortalToolSelector } from "../portal-session-5ksK1G9Z.js";
|
|
2
|
-
import { f as PortalHttpAuditEvent, n as PortalApprovalAuditEvent } from "../resolve-agent-identity-
|
|
2
|
+
import { f as PortalHttpAuditEvent, n as PortalApprovalAuditEvent } from "../resolve-agent-identity-BqYlDgBX.js";
|
|
3
3
|
import { McpPortalAgentConfig, McpPortalConfig, SecretValue } from "@agent-vm/config-contracts";
|
|
4
4
|
import { SecretResolver, createSecretResolver, resolveServiceAccountToken } from "@agent-vm/secret-management";
|
|
5
5
|
import { serve } from "@hono/node-server";
|
package/dist/cli/index.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { a as handlePortalServerError, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer, t as applyAgentOverrides } from "../serve-command-
|
|
1
|
+
import { a as handlePortalServerError, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer, t as applyAgentOverrides } from "../serve-command-4BNOH14H.js";
|
|
2
2
|
export { applyAgentOverrides, buildProfilePolicyMaps, createServeSecretResolver, deriveApprovalHmacKeysFromMasterKey, handlePortalServerError, parsePortalServerCliArgs, startPortalServer };
|
package/dist/core/index.d.ts
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
import { n as PortalToolRecord, s as JsonObject } from "../catalog-types-BVuB4Ynx.js";
|
|
2
|
-
import { L as PortalToolSelector } from "../portal-session-5ksK1G9Z.js";
|
|
3
|
-
import { A as
|
|
4
|
-
import { S as createUpstreamMcpClientRuntime, r as redactCredentialText, u as NormalizedUpstreamMcpServer } from "../upstream-response-middleware-
|
|
5
|
-
import {
|
|
2
|
+
import { L as PortalToolSelector, P as PortalAgentIdentity } from "../portal-session-5ksK1G9Z.js";
|
|
3
|
+
import { A as PortalToolHandlers, C as PortalApprovalEvaluation, D as PortalCallUpstreamTool, E as PortalBatchResult, F as PortalUpstreamEvent, I as createPortalToolHandlers, L as portalToolInputSchemas, M as PortalToolResultMap, N as PortalToolRuntime, O as PortalToolFailure, P as PortalToolSuccess, R as preparePortalApprovalCallDigests, S as PortalApprovalCallDigestMap, T as PortalBatchError, _ as collectPortalCoreResult, a as PortalCore, b as PortalApprovalCall, c as PortalCoreEvent, d as PortalCoreResult, f as PortalCoreRuntime, g as PortalCoreValidationIssue, h as PortalCoreToolName, i as PortalAuditEvent, j as PortalToolResult, k as PortalToolHandlerCall, l as PortalCoreItemError, m as PortalCoreToolDescriptor, n as PortalAgentScope, o as PortalCoreCollectOptions, p as PortalCoreStreamCall, r as PortalApprovalEvaluator, s as PortalCoreContentBlock, t as CreatePortalCoreProps, u as PortalCoreItemResult, v as createPortalCore, w as PortalBatchDiagnostic, x as PortalApprovalCallDecision, y as listPortalCoreToolDescriptors } from "../portal-core-B7scBU6I.js";
|
|
4
|
+
import { S as createUpstreamMcpClientRuntime, r as redactCredentialText, u as NormalizedUpstreamMcpServer } from "../upstream-response-middleware-CkV-rDNO.js";
|
|
5
|
+
import { r as InputValidationIssue } from "../zod-schema-loader-BubVafy-.js";
|
|
6
|
+
import { McpConfig, ResolvedMcpPortalProfile, SecretValue } from "@agent-vm/config-contracts";
|
|
6
7
|
|
|
7
8
|
//#region src/core/provider-runtime.d.ts
|
|
8
9
|
interface ResolveUpstreamServersProps {
|
|
@@ -11,17 +12,34 @@ interface ResolveUpstreamServersProps {
|
|
|
11
12
|
}
|
|
12
13
|
declare function resolveUpstreamServers(props: ResolveUpstreamServersProps): Promise<readonly NormalizedUpstreamMcpServer[]>;
|
|
13
14
|
//#endregion
|
|
15
|
+
//#region src/core/portal-approval-evaluator.d.ts
|
|
16
|
+
interface PortalApprovalPolicyRecord {
|
|
17
|
+
readonly hmacKey?: Buffer;
|
|
18
|
+
readonly profile: ResolvedMcpPortalProfile;
|
|
19
|
+
}
|
|
20
|
+
interface CreatePortalPolicyApprovalEvaluatorProps {
|
|
21
|
+
readonly consumeTokenId?: (agentId: string, jti: string, expiresAtMs: number) => {
|
|
22
|
+
readonly ok: true;
|
|
23
|
+
} | {
|
|
24
|
+
readonly ok: false;
|
|
25
|
+
readonly reason: 'replay-cache-full' | 'replayed';
|
|
26
|
+
};
|
|
27
|
+
readonly missingApprovalTokenDecision?: Extract<PortalApprovalCallDecision, {
|
|
28
|
+
readonly kind: 'approval_required' | 'approval_token_missing';
|
|
29
|
+
}>;
|
|
30
|
+
readonly maxLifetimeMs?: number;
|
|
31
|
+
readonly nowMs?: () => number;
|
|
32
|
+
readonly resolveRecord: (agentId: string) => PortalApprovalPolicyRecord | undefined;
|
|
33
|
+
}
|
|
34
|
+
declare function createPortalPolicyApprovalEvaluator(props: CreatePortalPolicyApprovalEvaluatorProps): (calls: readonly PortalApprovalCall[], identity: PortalAgentIdentity | string, token: string | undefined) => PortalApprovalEvaluation;
|
|
35
|
+
//#endregion
|
|
14
36
|
//#region src/core/portal-call-validation.d.ts
|
|
15
37
|
declare function validatePortalToolArguments(tool: PortalToolRecord, argumentsValue: JsonObject): {
|
|
16
38
|
readonly ok: true;
|
|
17
39
|
readonly value: unknown;
|
|
18
40
|
} | {
|
|
19
41
|
readonly error: {
|
|
20
|
-
readonly issues: readonly
|
|
21
|
-
readonly code: string;
|
|
22
|
-
readonly message: string;
|
|
23
|
-
readonly path: readonly (number | string)[];
|
|
24
|
-
}[];
|
|
42
|
+
readonly issues: readonly InputValidationIssue[];
|
|
25
43
|
readonly kind: 'input_validation';
|
|
26
44
|
readonly namespace: string;
|
|
27
45
|
readonly toolName: string;
|
|
@@ -36,5 +54,5 @@ declare function validatePortalToolArguments(tool: PortalToolRecord, argumentsVa
|
|
|
36
54
|
readonly ok: false;
|
|
37
55
|
};
|
|
38
56
|
//#endregion
|
|
39
|
-
export { CreatePortalCoreProps, PortalAgentScope, PortalApprovalCall, PortalApprovalEvaluator, PortalAuditEvent, PortalBatchDiagnostic, PortalBatchError, PortalBatchResult, PortalCallUpstreamTool, PortalCore, PortalCoreCollectOptions, PortalCoreContentBlock, PortalCoreEvent, PortalCoreItemError, PortalCoreItemResult, PortalCoreResult, PortalCoreRuntime, PortalCoreStreamCall, PortalCoreToolDescriptor, PortalCoreToolName, PortalToolFailure, PortalToolHandlerCall, PortalToolHandlers, PortalToolResult, PortalToolResultMap, PortalToolRuntime, type PortalToolSelector, PortalToolSuccess, PortalUpstreamEvent, ResolveUpstreamServersProps, collectPortalCoreResult, createPortalCore, createPortalToolHandlers, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, portalToolInputSchemas, redactCredentialText, resolveUpstreamServers, validatePortalToolArguments };
|
|
57
|
+
export { CreatePortalCoreProps, CreatePortalPolicyApprovalEvaluatorProps, PortalAgentScope, PortalApprovalCall, PortalApprovalCallDecision, PortalApprovalCallDigestMap, PortalApprovalEvaluation, PortalApprovalEvaluator, PortalApprovalPolicyRecord, PortalAuditEvent, PortalBatchDiagnostic, PortalBatchError, PortalBatchResult, PortalCallUpstreamTool, PortalCore, PortalCoreCollectOptions, PortalCoreContentBlock, PortalCoreEvent, PortalCoreItemError, PortalCoreItemResult, PortalCoreResult, PortalCoreRuntime, PortalCoreStreamCall, PortalCoreToolDescriptor, PortalCoreToolName, PortalCoreValidationIssue, PortalToolFailure, PortalToolHandlerCall, PortalToolHandlers, PortalToolResult, PortalToolResultMap, PortalToolRuntime, type PortalToolSelector, PortalToolSuccess, PortalUpstreamEvent, ResolveUpstreamServersProps, collectPortalCoreResult, createPortalCore, createPortalPolicyApprovalEvaluator, createPortalToolHandlers, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, portalToolInputSchemas, preparePortalApprovalCallDigests, redactCredentialText, resolveUpstreamServers, validatePortalToolArguments };
|
|
40
58
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/core/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/core/provider-runtime.ts","../../src/core/portal-call-validation.ts"],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/core/provider-runtime.ts","../../src/core/portal-approval-evaluator.ts","../../src/core/portal-call-validation.ts"],"mappings":";;;;;;;;UASiB,2BAAA;EAAA,SACP,MAAA,EAAQ,SAAA;EAAA,SACR,aAAA,GAAgB,MAAA,EAAQ,WAAA,KAAgB,OAAA;AAAA;AAAA,iBAsC5B,sBAAA,CACrB,KAAA,EAAO,2BAAA,GACL,OAAA,UAAiB,2BAAA;;;UCxCH,0BAAA;EAAA,SACP,OAAA,GAAU,MAAA;EAAA,SACV,OAAA,EAAS,wBAAA;AAAA;AAAA,UAGF,wCAAA;EAAA,SACP,cAAA,IACR,OAAA,UACA,GAAA,UACA,WAAA;IAAA,SAEa,EAAA;EAAA;IAAA,SACA,EAAA;IAAA,SAAoB,MAAA;EAAA;EAAA,SACzB,4BAAA,GAA+B,OAAA,CACvC,0BAAA;IAAA,SACW,IAAA;EAAA;EAAA,SAEH,aAAA;EAAA,SACA,KAAA;EAAA,SACA,aAAA,GAAgB,OAAA,aAAoB,0BAAA;AAAA;AAAA,iBAqB9B,mCAAA,CACf,KAAA,EAAO,wCAAA,IAEP,KAAA,WAAgB,kBAAA,IAChB,QAAA,EAAU,mBAAA,WACV,KAAA,yBACI,wBAAA;;;iBClDW,2BAAA,CACf,IAAA,EAAM,gBAAA,EACN,cAAA,EAAgB,UAAA;EAAA,SAEH,EAAA;EAAA,SAAmB,KAAA;AAAA;EAAA,SAErB,KAAA;IAAA,SAEG,MAAA,WAAiB,oBAAA;IAAA,SACjB,IAAA;IAAA,SACA,SAAA;IAAA,SACA,QAAA;EAAA;IAAA,SAGA,OAAA;IAAA,SACA,IAAA;IAAA,SACA,OAAA;IAAA,SACA,SAAA;IAAA,SACA,IAAA;IAAA,SACA,QAAA;EAAA;EAAA,SAEH,EAAA;AAAA"}
|
package/dist/core/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { n as redactCredentialText } from "../upstream-response-middleware-
|
|
2
|
-
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-
|
|
3
|
-
import { i as resolveUpstreamServers, n as createPortalCore, r as listPortalCoreToolDescriptors, t as collectPortalCoreResult } from "../portal-core-
|
|
4
|
-
import { n as portalToolInputSchemas, r as
|
|
5
|
-
export { collectPortalCoreResult, createPortalCore, createPortalToolHandlers, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, portalToolInputSchemas, redactCredentialText, resolveUpstreamServers, validatePortalToolArguments };
|
|
1
|
+
import { n as redactCredentialText } from "../upstream-response-middleware-_dthoE1r.js";
|
|
2
|
+
import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-vu2TiTUw.js";
|
|
3
|
+
import { i as resolveUpstreamServers, n as createPortalCore, r as listPortalCoreToolDescriptors, t as collectPortalCoreResult } from "../portal-core-B8HZPw3z.js";
|
|
4
|
+
import { a as createPortalPolicyApprovalEvaluator, i as validatePortalToolArguments, n as portalToolInputSchemas, r as preparePortalApprovalCallDigests, t as createPortalToolHandlers } from "../portal-tools-fFyF72Nl.js";
|
|
5
|
+
export { collectPortalCoreResult, createPortalCore, createPortalPolicyApprovalEvaluator, createPortalToolHandlers, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, portalToolInputSchemas, preparePortalApprovalCallDigests, redactCredentialText, resolveUpstreamServers, validatePortalToolArguments };
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
//#region src/portal-auth/hmac-token.d.ts
|
|
2
|
+
interface ApprovalTokenCallDigest {
|
|
3
|
+
readonly argumentsHash: string;
|
|
4
|
+
readonly namespace: string;
|
|
5
|
+
readonly toolName: string;
|
|
6
|
+
}
|
|
7
|
+
interface SignApprovalTokenProps {
|
|
8
|
+
readonly agentId: string;
|
|
9
|
+
readonly calls: readonly ApprovalTokenCallDigest[];
|
|
10
|
+
readonly expiresAtMs: number;
|
|
11
|
+
readonly issuedAtMs?: number;
|
|
12
|
+
readonly jti?: string;
|
|
13
|
+
readonly key: Buffer;
|
|
14
|
+
}
|
|
15
|
+
interface VerifyApprovalTokenProps {
|
|
16
|
+
readonly agentId: string;
|
|
17
|
+
readonly calls: readonly ApprovalTokenCallDigest[];
|
|
18
|
+
readonly key: Buffer;
|
|
19
|
+
readonly consumeTokenId?: (jti: string, expiresAtMs: number) => {
|
|
20
|
+
readonly ok: true;
|
|
21
|
+
} | {
|
|
22
|
+
readonly ok: false;
|
|
23
|
+
readonly reason: 'replay-cache-full' | 'replayed';
|
|
24
|
+
};
|
|
25
|
+
readonly maxLifetimeMs?: number;
|
|
26
|
+
readonly nowMs: number;
|
|
27
|
+
readonly token: string;
|
|
28
|
+
}
|
|
29
|
+
type VerifyApprovalTokenResult = {
|
|
30
|
+
readonly ok: true;
|
|
31
|
+
} | {
|
|
32
|
+
readonly ok: false;
|
|
33
|
+
readonly reason: 'agent-mismatch' | 'call-mismatch' | 'expired' | 'malformed' | 'replay-cache-full' | 'replayed' | 'signature-mismatch' | 'ttl-exceeded';
|
|
34
|
+
};
|
|
35
|
+
declare function hashCallArguments(args: unknown): string;
|
|
36
|
+
declare function signApprovalToken(props: SignApprovalTokenProps): string;
|
|
37
|
+
declare function verifyApprovalToken(props: VerifyApprovalTokenProps): VerifyApprovalTokenResult;
|
|
38
|
+
//#endregion
|
|
39
|
+
export { hashCallArguments as a, VerifyApprovalTokenResult as i, SignApprovalTokenProps as n, signApprovalToken as o, VerifyApprovalTokenProps as r, verifyApprovalToken as s, ApprovalTokenCallDigest as t };
|
|
40
|
+
//# sourceMappingURL=hmac-token-B3QdUvuG.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hmac-token-B3QdUvuG.d.ts","names":[],"sources":["../src/portal-auth/hmac-token.ts"],"mappings":";UAIiB,uBAAA;EAAA,SACP,aAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;AAAA;AAAA,UAGO,sBAAA;EAAA,SACP,OAAA;EAAA,SACA,KAAA,WAAgB,uBAAA;EAAA,SAChB,WAAA;EAAA,SACA,UAAA;EAAA,SACA,GAAA;EAAA,SACA,GAAA,EAAK,MAAA;AAAA;AAAA,UAGE,wBAAA;EAAA,SACP,OAAA;EAAA,SACA,KAAA,WAAgB,uBAAA;EAAA,SAChB,GAAA,EAAK,MAAA;EAAA,SACL,cAAA,IACR,GAAA,UACA,WAAA;IAAA,SAEa,EAAA;EAAA;IAAA,SACA,EAAA;IAAA,SAAoB,MAAA;EAAA;EAAA,SACzB,aAAA;EAAA,SACA,KAAA;EAAA,SACA,KAAA;AAAA;AAAA,KAGE,yBAAA;EAAA,SACE,EAAA;AAAA;EAAA,SAEF,EAAA;EAAA,SACA,MAAA;AAAA;AAAA,iBAkDI,iBAAA,CAAkB,IAAA;AAAA,iBAIlB,iBAAA,CAAkB,KAAA,EAAO,sBAAA;AAAA,iBA6CzB,mBAAA,CAAoB,KAAA,EAAO,wBAAA,GAA2B,yBAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hmac-token-
|
|
1
|
+
{"version":3,"file":"hmac-token-D3c9OUTE.js","names":[],"sources":["../src/portal-auth/hmac-token.ts"],"sourcesContent":["import { createHash, createHmac, randomUUID, timingSafeEqual } from 'node:crypto';\n\nimport { z } from 'zod';\n\nexport interface ApprovalTokenCallDigest {\n\treadonly argumentsHash: string;\n\treadonly namespace: string;\n\treadonly toolName: string;\n}\n\nexport interface SignApprovalTokenProps {\n\treadonly agentId: string;\n\treadonly calls: readonly ApprovalTokenCallDigest[];\n\treadonly expiresAtMs: number;\n\treadonly issuedAtMs?: number;\n\treadonly jti?: string;\n\treadonly key: Buffer;\n}\n\nexport interface VerifyApprovalTokenProps {\n\treadonly agentId: string;\n\treadonly calls: readonly ApprovalTokenCallDigest[];\n\treadonly key: Buffer;\n\treadonly consumeTokenId?: (\n\t\tjti: string,\n\t\texpiresAtMs: number,\n\t) =>\n\t\t| { readonly ok: true }\n\t\t| { readonly ok: false; readonly reason: 'replay-cache-full' | 'replayed' };\n\treadonly maxLifetimeMs?: number;\n\treadonly nowMs: number;\n\treadonly token: string;\n}\n\nexport type VerifyApprovalTokenResult =\n\t| { readonly ok: true }\n\t| {\n\t\t\treadonly ok: false;\n\t\t\treadonly reason:\n\t\t\t\t| 'agent-mismatch'\n\t\t\t\t| 'call-mismatch'\n\t\t\t\t| 'expired'\n\t\t\t\t| 'malformed'\n\t\t\t\t| 'replay-cache-full'\n\t\t\t\t| 'replayed'\n\t\t\t\t| 'signature-mismatch'\n\t\t\t\t| 'ttl-exceeded';\n\t };\n\nconst approvalTokenCallDigestSchema = z\n\t.object({\n\t\targumentsHash: z.string().min(1),\n\t\tnamespace: z.string().min(1),\n\t\ttoolName: z.string().min(1),\n\t})\n\t.strict();\n\nconst approvalTokenPayloadSchema = z\n\t.object({\n\t\tagentId: z.string().min(1),\n\t\tcalls: z.array(approvalTokenCallDigestSchema),\n\t\texp: z.number().int(),\n\t\tiat: z.number().int(),\n\t\tjti: z.string().min(1),\n\t})\n\t.strict();\n\ntype ApprovalTokenPayload = z.infer<typeof approvalTokenPayloadSchema>;\n\nfunction base64UrlEncode(value: Buffer | string): string {\n\tconst buffer = typeof value === 'string' ? Buffer.from(value, 'utf8') : value;\n\treturn buffer.toString('base64url');\n}\n\nfunction canonicalize(value: unknown): string {\n\tif (value === null || typeof value !== 'object') {\n\t\treturn JSON.stringify(value ?? null);\n\t}\n\tif (Array.isArray(value)) {\n\t\treturn `[${value.map(canonicalize).join(',')}]`;\n\t}\n\tconst entries = Object.entries(value)\n\t\t.filter((entry) => entry[1] !== undefined)\n\t\t.toSorted(([leftKey], [rightKey]) => leftKey.localeCompare(rightKey))\n\t\t.map(([key, entryValue]) => `${JSON.stringify(key)}:${canonicalize(entryValue)}`);\n\treturn `{${entries.join(',')}}`;\n}\n\nexport function hashCallArguments(args: unknown): string {\n\treturn createHash('sha256').update(canonicalize(args)).digest('base64url');\n}\n\nexport function signApprovalToken(props: SignApprovalTokenProps): string {\n\tconst payload = {\n\t\tagentId: props.agentId,\n\t\tcalls: [...props.calls],\n\t\texp: props.expiresAtMs,\n\t\tiat: props.issuedAtMs ?? Date.now(),\n\t\tjti: props.jti ?? randomUUID(),\n\t} satisfies ApprovalTokenPayload;\n\tconst payloadEncoded = base64UrlEncode(canonicalize(payload));\n\tconst signature = createHmac('sha256', props.key).update(payloadEncoded).digest('base64url');\n\treturn `${payloadEncoded}.${signature}`;\n}\n\nfunction parseApprovalTokenPayload(payloadEncoded: string): ApprovalTokenPayload | null {\n\ttry {\n\t\treturn approvalTokenPayloadSchema.parse(\n\t\t\tJSON.parse(Buffer.from(payloadEncoded, 'base64url').toString('utf8')),\n\t\t);\n\t} catch {\n\t\treturn null;\n\t}\n}\n\nfunction isApprovalTokenParts(parts: readonly string[]): parts is readonly [string, string] {\n\treturn parts.length === 2;\n}\n\nfunction callsMatch(\n\tleftCalls: readonly ApprovalTokenCallDigest[],\n\trightCalls: readonly ApprovalTokenCallDigest[],\n): boolean {\n\tif (leftCalls.length !== rightCalls.length) {\n\t\treturn false;\n\t}\n\treturn leftCalls.every((leftCall, index) => {\n\t\tconst rightCall = rightCalls[index];\n\t\treturn (\n\t\t\trightCall !== undefined &&\n\t\t\tleftCall.argumentsHash === rightCall.argumentsHash &&\n\t\t\tleftCall.namespace === rightCall.namespace &&\n\t\t\tleftCall.toolName === rightCall.toolName\n\t\t);\n\t});\n}\n\nexport function verifyApprovalToken(props: VerifyApprovalTokenProps): VerifyApprovalTokenResult {\n\tconst parts = props.token.split('.');\n\tif (!isApprovalTokenParts(parts)) {\n\t\treturn { ok: false, reason: 'malformed' };\n\t}\n\tconst [payloadEncoded, signatureEncoded] = parts;\n\tconst expectedSignature = createHmac('sha256', props.key).update(payloadEncoded).digest();\n\tconst providedSignature = Buffer.from(signatureEncoded, 'base64url');\n\tif (\n\t\tprovidedSignature.length !== expectedSignature.length ||\n\t\t!timingSafeEqual(providedSignature, expectedSignature)\n\t) {\n\t\treturn { ok: false, reason: 'signature-mismatch' };\n\t}\n\n\tconst payload = parseApprovalTokenPayload(payloadEncoded);\n\tif (payload === null) {\n\t\treturn { ok: false, reason: 'malformed' };\n\t}\n\tif (payload.exp <= props.nowMs) {\n\t\treturn { ok: false, reason: 'expired' };\n\t}\n\tif (props.maxLifetimeMs !== undefined && payload.exp - payload.iat > props.maxLifetimeMs) {\n\t\treturn { ok: false, reason: 'ttl-exceeded' };\n\t}\n\tif (payload.agentId !== props.agentId) {\n\t\treturn { ok: false, reason: 'agent-mismatch' };\n\t}\n\tif (!callsMatch(payload.calls, props.calls)) {\n\t\treturn { ok: false, reason: 'call-mismatch' };\n\t}\n\tif (props.consumeTokenId !== undefined) {\n\t\tconst consumeResult = props.consumeTokenId(payload.jti, payload.exp);\n\t\tif (!consumeResult.ok) {\n\t\t\treturn { ok: false, reason: consumeResult.reason };\n\t\t}\n\t}\n\treturn { ok: true };\n}\n"],"mappings":";;;AAiDA,MAAM,gCAAgC,EACpC,OAAO;CACP,eAAe,EAAE,QAAQ,CAAC,IAAI,EAAE;CAChC,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC3B,CAAC,CACD,QAAQ;AAEV,MAAM,6BAA6B,EACjC,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC1B,OAAO,EAAE,MAAM,8BAA8B;CAC7C,KAAK,EAAE,QAAQ,CAAC,KAAK;CACrB,KAAK,EAAE,QAAQ,CAAC,KAAK;CACrB,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE;CACtB,CAAC,CACD,QAAQ;AAIV,SAAS,gBAAgB,OAAgC;CAExD,QADe,OAAO,UAAU,WAAW,OAAO,KAAK,OAAO,OAAO,GAAG,OAC1D,SAAS,YAAY;;AAGpC,SAAS,aAAa,OAAwB;CAC7C,IAAI,UAAU,QAAQ,OAAO,UAAU,UACtC,OAAO,KAAK,UAAU,SAAS,KAAK;CAErC,IAAI,MAAM,QAAQ,MAAM,EACvB,OAAO,IAAI,MAAM,IAAI,aAAa,CAAC,KAAK,IAAI,CAAC;CAM9C,OAAO,IAJS,OAAO,QAAQ,MAAM,CACnC,QAAQ,UAAU,MAAM,OAAO,KAAA,EAAU,CACzC,UAAU,CAAC,UAAU,CAAC,cAAc,QAAQ,cAAc,SAAS,CAAC,CACpE,KAAK,CAAC,KAAK,gBAAgB,GAAG,KAAK,UAAU,IAAI,CAAC,GAAG,aAAa,WAAW,GAC7D,CAAC,KAAK,IAAI,CAAC;;AAG9B,SAAgB,kBAAkB,MAAuB;CACxD,OAAO,WAAW,SAAS,CAAC,OAAO,aAAa,KAAK,CAAC,CAAC,OAAO,YAAY;;AAG3E,SAAgB,kBAAkB,OAAuC;CAQxE,MAAM,iBAAiB,gBAAgB,aAAa;EANnD,SAAS,MAAM;EACf,OAAO,CAAC,GAAG,MAAM,MAAM;EACvB,KAAK,MAAM;EACX,KAAK,MAAM,cAAc,KAAK,KAAK;EACnC,KAAK,MAAM,OAAO,YAAY;EAE4B,CAAC,CAAC;CAE7D,OAAO,GAAG,eAAe,GADP,WAAW,UAAU,MAAM,IAAI,CAAC,OAAO,eAAe,CAAC,OAAO,YAC3C;;AAGtC,SAAS,0BAA0B,gBAAqD;CACvF,IAAI;EACH,OAAO,2BAA2B,MACjC,KAAK,MAAM,OAAO,KAAK,gBAAgB,YAAY,CAAC,SAAS,OAAO,CAAC,CACrE;SACM;EACP,OAAO;;;AAIT,SAAS,qBAAqB,OAA8D;CAC3F,OAAO,MAAM,WAAW;;AAGzB,SAAS,WACR,WACA,YACU;CACV,IAAI,UAAU,WAAW,WAAW,QACnC,OAAO;CAER,OAAO,UAAU,OAAO,UAAU,UAAU;EAC3C,MAAM,YAAY,WAAW;EAC7B,OACC,cAAc,KAAA,KACd,SAAS,kBAAkB,UAAU,iBACrC,SAAS,cAAc,UAAU,aACjC,SAAS,aAAa,UAAU;GAEhC;;AAGH,SAAgB,oBAAoB,OAA4D;CAC/F,MAAM,QAAQ,MAAM,MAAM,MAAM,IAAI;CACpC,IAAI,CAAC,qBAAqB,MAAM,EAC/B,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAa;CAE1C,MAAM,CAAC,gBAAgB,oBAAoB;CAC3C,MAAM,oBAAoB,WAAW,UAAU,MAAM,IAAI,CAAC,OAAO,eAAe,CAAC,QAAQ;CACzF,MAAM,oBAAoB,OAAO,KAAK,kBAAkB,YAAY;CACpE,IACC,kBAAkB,WAAW,kBAAkB,UAC/C,CAAC,gBAAgB,mBAAmB,kBAAkB,EAEtD,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAsB;CAGnD,MAAM,UAAU,0BAA0B,eAAe;CACzD,IAAI,YAAY,MACf,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAa;CAE1C,IAAI,QAAQ,OAAO,MAAM,OACxB,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAW;CAExC,IAAI,MAAM,kBAAkB,KAAA,KAAa,QAAQ,MAAM,QAAQ,MAAM,MAAM,eAC1E,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAgB;CAE7C,IAAI,QAAQ,YAAY,MAAM,SAC7B,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAkB;CAE/C,IAAI,CAAC,WAAW,QAAQ,OAAO,MAAM,MAAM,EAC1C,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAiB;CAE9C,IAAI,MAAM,mBAAmB,KAAA,GAAW;EACvC,MAAM,gBAAgB,MAAM,eAAe,QAAQ,KAAK,QAAQ,IAAI;EACpE,IAAI,CAAC,cAAc,IAClB,OAAO;GAAE,IAAI;GAAO,QAAQ,cAAc;GAAQ;;CAGpD,OAAO,EAAE,IAAI,MAAM"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { a as safeToolMetadataSchema, c as JsonPrimitive, d as isJsonObject, f as jsonObjectSchema, i as portalToolRecordSchema, l as JsonValue, n as PortalToolRecord, o as JsonArray, p as jsonValueSchema, r as portalToolAnnotationsSchema, s as JsonObject, t as PortalToolAnnotations, u as assertJsonObject } from "./catalog-types-BVuB4Ynx.js";
|
|
2
2
|
import { A as ToolRef, B as portalAgentScopeKey, C as ToolGraph, D as ToolRelationshipType, E as ToolRelationshipEndpoint, F as PortalAgentScopeSource, I as PortalDefaultPolicy, L as PortalToolSelector, M as encodeToolRef, N as PortalAccessPolicyConfig, O as buildToolGraph, P as PortalAgentIdentity, R as ResolvedPortalAccessPolicy, S as SkillGraphInput, T as ToolRelationship, V as resolvePortalAccessPolicy, _ as ToolSchemaSummary, a as PortalSessionManagerOptions, b as summarizeJsonSchema, c as SearchIndex, d as ToolRelationshipHint, f as ToolSearchResult, g as ToolSchemaHintNext, h as ToolSchemaHint, i as PortalSessionManager, j as decodeToolRef, k as ToolIdentity, l as SearchQuery, m as ToolSafetySummary, n as PortalDiscoveryFailure, o as PortalSessionRuntime, p as createSearchIndex, r as PortalSession, s as createPortalSessionManager, t as PortalCatalogSnapshot, u as SearchResultSet, v as ToolSummary, w as ToolGraphInput, x as ScopedSkillGraphEntry, y as createToolSummary, z as createPortalAgentIdentity } from "./portal-session-5ksK1G9Z.js";
|
|
3
|
-
import { S as createUpstreamMcpClientRuntime, _ as UpstreamMcpProgress, a as redactThrownError, b as UpstreamToolCall, c as toRedactedJsonValue, d as RemoteUpstreamMcpServer, f as StdioUpstreamMcpServer, g as UpstreamMcpCloseErrorContext, h as UpstreamMcpClientRuntime, i as redactExactCredentialText, l as ListToolsCall, m as UpstreamMcpClientLike, n as isCredentialConfigKey, o as redactUpstreamCatalogValue, p as UpstreamListToolsResult, r as redactCredentialText, s as redactUpstreamResponse, t as RedactionOptions, u as NormalizedUpstreamMcpServer, v as UpstreamMcpRuntimeOptions, x as UpstreamToolEvent, y as UpstreamMcpTransportKind } from "./upstream-response-middleware-
|
|
4
|
-
import { a as SchemaValidationUnavailableError, i as PortalValidationResult, n as InputValidationError, o as buildZodValidatorFromJsonSchema, r as InputValidationIssue, t as BuiltZodValidator } from "./zod-schema-loader-
|
|
3
|
+
import { S as createUpstreamMcpClientRuntime, _ as UpstreamMcpProgress, a as redactThrownError, b as UpstreamToolCall, c as toRedactedJsonValue, d as RemoteUpstreamMcpServer, f as StdioUpstreamMcpServer, g as UpstreamMcpCloseErrorContext, h as UpstreamMcpClientRuntime, i as redactExactCredentialText, l as ListToolsCall, m as UpstreamMcpClientLike, n as isCredentialConfigKey, o as redactUpstreamCatalogValue, p as UpstreamListToolsResult, r as redactCredentialText, s as redactUpstreamResponse, t as RedactionOptions, u as NormalizedUpstreamMcpServer, v as UpstreamMcpRuntimeOptions, x as UpstreamToolEvent, y as UpstreamMcpTransportKind } from "./upstream-response-middleware-CkV-rDNO.js";
|
|
4
|
+
import { a as SchemaValidationUnavailableError, i as PortalValidationResult, n as InputValidationError, o as buildZodValidatorFromJsonSchema, r as InputValidationIssue, t as BuiltZodValidator } from "./zod-schema-loader-BubVafy-.js";
|
|
5
5
|
|
|
6
6
|
//#region src/upstream-mcp-errors.d.ts
|
|
7
7
|
type UpstreamMcpFailurePhase = 'call_tool' | 'connect' | 'list_tools';
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { a as portalToolRecordSchema, c as isJsonObject, i as portalToolAnnotationsSchema, l as jsonObjectSchema, n as decodeToolRef, o as safeToolMetadataSchema, r as encodeToolRef, s as assertJsonObject, t as buildZodValidatorFromJsonSchema, u as jsonValueSchema } from "./zod-schema-loader-
|
|
2
|
-
import { _ as createPortalAgentIdentity, a as redactUpstreamCatalogValue, c as UpstreamMcpError, d as isUpstreamMcpError, f as messageFromUnknownError, g as summarizeJsonSchema, h as createToolSummary, i as redactThrownError, l as createUpstreamMcpError, m as upstreamMcpFailureDetailsFromUnknown, n as redactCredentialText, o as redactUpstreamResponse, p as transportSummaryFromServer, r as redactExactCredentialText, s as toRedactedJsonValue, t as isCredentialConfigKey, u as formatUpstreamMcpFailureMessage, v as portalAgentScopeKey, y as resolvePortalAccessPolicy } from "./upstream-response-middleware-
|
|
3
|
-
import { i as createSearchIndex, n as createPortalSessionManager, r as buildToolGraph, t as createUpstreamMcpClientRuntime } from "./upstream-mcp-client-runtime-
|
|
1
|
+
import { a as portalToolRecordSchema, c as isJsonObject, i as portalToolAnnotationsSchema, l as jsonObjectSchema, n as decodeToolRef, o as safeToolMetadataSchema, r as encodeToolRef, s as assertJsonObject, t as buildZodValidatorFromJsonSchema, u as jsonValueSchema } from "./zod-schema-loader-C3I-MnWq.js";
|
|
2
|
+
import { _ as createPortalAgentIdentity, a as redactUpstreamCatalogValue, c as UpstreamMcpError, d as isUpstreamMcpError, f as messageFromUnknownError, g as summarizeJsonSchema, h as createToolSummary, i as redactThrownError, l as createUpstreamMcpError, m as upstreamMcpFailureDetailsFromUnknown, n as redactCredentialText, o as redactUpstreamResponse, p as transportSummaryFromServer, r as redactExactCredentialText, s as toRedactedJsonValue, t as isCredentialConfigKey, u as formatUpstreamMcpFailureMessage, v as portalAgentScopeKey, y as resolvePortalAccessPolicy } from "./upstream-response-middleware-_dthoE1r.js";
|
|
3
|
+
import { i as createSearchIndex, n as createPortalSessionManager, r as buildToolGraph, t as createUpstreamMcpClientRuntime } from "./upstream-mcp-client-runtime-vu2TiTUw.js";
|
|
4
4
|
export { UpstreamMcpError, assertJsonObject, buildToolGraph, buildZodValidatorFromJsonSchema, createPortalAgentIdentity, createPortalSessionManager, createSearchIndex, createToolSummary, createUpstreamMcpClientRuntime, createUpstreamMcpError, decodeToolRef, encodeToolRef, formatUpstreamMcpFailureMessage, isCredentialConfigKey, isJsonObject, isUpstreamMcpError, jsonObjectSchema, jsonValueSchema, messageFromUnknownError, portalAgentScopeKey, portalToolAnnotationsSchema, portalToolRecordSchema, redactCredentialText, redactExactCredentialText, redactThrownError, redactUpstreamCatalogValue, redactUpstreamResponse, resolvePortalAccessPolicy, safeToolMetadataSchema, summarizeJsonSchema, toRedactedJsonValue, transportSummaryFromServer, upstreamMcpFailureDetailsFromUnknown };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { a as PortalCore, c as PortalCoreEvent, m as PortalCoreToolDescriptor, n as PortalAgentScope } from "../portal-core-
|
|
2
|
-
import { a as createPortalApprovalVerifier, c as PortalAgentBearerAuth, d as PortalHttpAppOptions, f as PortalHttpAuditEvent, i as createPortalAgentRuntimeRecords, l as PortalHttpAgentIdentity, n as PortalApprovalAuditEvent, o as createPortalHttpAgentResolver, p as createPortalHttpApp, r as ResolveAgentHmacKeysProps, s as resolveAgentHmacKeys, t as PortalAgentRuntimeRecord, u as PortalHttpApp } from "../resolve-agent-identity-
|
|
1
|
+
import { a as PortalCore, c as PortalCoreEvent, m as PortalCoreToolDescriptor, n as PortalAgentScope } from "../portal-core-B7scBU6I.js";
|
|
2
|
+
import { a as createPortalApprovalVerifier, c as PortalAgentBearerAuth, d as PortalHttpAppOptions, f as PortalHttpAuditEvent, i as createPortalAgentRuntimeRecords, l as PortalHttpAgentIdentity, n as PortalApprovalAuditEvent, o as createPortalHttpAgentResolver, p as createPortalHttpApp, r as ResolveAgentHmacKeysProps, s as resolveAgentHmacKeys, t as PortalAgentRuntimeRecord, u as PortalHttpApp } from "../resolve-agent-identity-BqYlDgBX.js";
|
|
3
3
|
import { Tool } from "@modelcontextprotocol/sdk/types.js";
|
|
4
4
|
import { Server } from "@modelcontextprotocol/sdk/server/index.js";
|
|
5
5
|
|
package/dist/mcp-proxy/index.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { a as createPortalHttpApp, c as listPortalMcpTools, i as resolveAgentHmacKeys, l as portalMcpToolNames, n as createPortalApprovalVerifier, o as createPortalMcpServer, r as createPortalHttpAgentResolver, s as emitMcpProgress, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-
|
|
1
|
+
import { a as createPortalHttpApp, c as listPortalMcpTools, i as resolveAgentHmacKeys, l as portalMcpToolNames, n as createPortalApprovalVerifier, o as createPortalMcpServer, r as createPortalHttpAgentResolver, s as emitMcpProgress, t as createPortalAgentRuntimeRecords } from "../resolve-agent-identity-BQNGUP66.js";
|
|
2
2
|
export { createPortalAgentRuntimeRecords, createPortalApprovalVerifier, createPortalHttpAgentResolver, createPortalHttpApp, createPortalMcpServer, emitMcpProgress, listPortalMcpTools, portalMcpToolNames, resolveAgentHmacKeys };
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { i as verifyAgentBearerAuthorization, n as deriveAgentBearerToken, r as formatMasterKeyFingerprint, t as decodePortalMasterKey } from "../agent-bearer-token-
|
|
1
|
+
import { i as verifyAgentBearerAuthorization, n as deriveAgentBearerToken, r as formatMasterKeyFingerprint, t as decodePortalMasterKey } from "../agent-bearer-token-NtEqghPk.js";
|
|
2
2
|
export { decodePortalMasterKey, deriveAgentBearerToken, formatMasterKeyFingerprint, verifyAgentBearerAuthorization };
|
|
@@ -1,40 +1,2 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
readonly argumentsHash: string;
|
|
4
|
-
readonly namespace: string;
|
|
5
|
-
readonly toolName: string;
|
|
6
|
-
}
|
|
7
|
-
interface SignApprovalTokenProps {
|
|
8
|
-
readonly agentId: string;
|
|
9
|
-
readonly calls: readonly ApprovalTokenCallDigest[];
|
|
10
|
-
readonly expiresAtMs: number;
|
|
11
|
-
readonly issuedAtMs?: number;
|
|
12
|
-
readonly jti?: string;
|
|
13
|
-
readonly key: Buffer;
|
|
14
|
-
}
|
|
15
|
-
interface VerifyApprovalTokenProps {
|
|
16
|
-
readonly agentId: string;
|
|
17
|
-
readonly calls: readonly ApprovalTokenCallDigest[];
|
|
18
|
-
readonly key: Buffer;
|
|
19
|
-
readonly consumeTokenId?: (jti: string, expiresAtMs: number) => {
|
|
20
|
-
readonly ok: true;
|
|
21
|
-
} | {
|
|
22
|
-
readonly ok: false;
|
|
23
|
-
readonly reason: 'replay-cache-full' | 'replayed';
|
|
24
|
-
};
|
|
25
|
-
readonly maxLifetimeMs?: number;
|
|
26
|
-
readonly nowMs: number;
|
|
27
|
-
readonly token: string;
|
|
28
|
-
}
|
|
29
|
-
type VerifyApprovalTokenResult = {
|
|
30
|
-
readonly ok: true;
|
|
31
|
-
} | {
|
|
32
|
-
readonly ok: false;
|
|
33
|
-
readonly reason: 'agent-mismatch' | 'call-mismatch' | 'expired' | 'malformed' | 'replay-cache-full' | 'replayed' | 'signature-mismatch' | 'ttl-exceeded';
|
|
34
|
-
};
|
|
35
|
-
declare function hashCallArguments(args: unknown): string;
|
|
36
|
-
declare function signApprovalToken(props: SignApprovalTokenProps): string;
|
|
37
|
-
declare function verifyApprovalToken(props: VerifyApprovalTokenProps): VerifyApprovalTokenResult;
|
|
38
|
-
//#endregion
|
|
39
|
-
export { ApprovalTokenCallDigest, SignApprovalTokenProps, VerifyApprovalTokenProps, VerifyApprovalTokenResult, hashCallArguments, signApprovalToken, verifyApprovalToken };
|
|
40
|
-
//# sourceMappingURL=hmac-token.d.ts.map
|
|
1
|
+
import { a as hashCallArguments, i as VerifyApprovalTokenResult, n as SignApprovalTokenProps, o as signApprovalToken, r as VerifyApprovalTokenProps, s as verifyApprovalToken, t as ApprovalTokenCallDigest } from "../hmac-token-B3QdUvuG.js";
|
|
2
|
+
export { ApprovalTokenCallDigest, SignApprovalTokenProps, VerifyApprovalTokenProps, VerifyApprovalTokenResult, hashCallArguments, signApprovalToken, verifyApprovalToken };
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { n as signApprovalToken, r as verifyApprovalToken, t as hashCallArguments } from "../hmac-token-
|
|
1
|
+
import { n as signApprovalToken, r as verifyApprovalToken, t as hashCallArguments } from "../hmac-token-D3c9OUTE.js";
|
|
2
2
|
export { hashCallArguments, signApprovalToken, verifyApprovalToken };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { n as PortalToolRecord } from "../catalog-types-BVuB4Ynx.js";
|
|
2
|
-
import { a as SchemaValidationUnavailableError, i as PortalValidationResult, n as InputValidationError, o as buildZodValidatorFromJsonSchema, r as InputValidationIssue, t as BuiltZodValidator } from "../zod-schema-loader-
|
|
2
|
+
import { a as SchemaValidationUnavailableError, i as PortalValidationResult, n as InputValidationError, o as buildZodValidatorFromJsonSchema, r as InputValidationIssue, t as BuiltZodValidator } from "../zod-schema-loader-BubVafy-.js";
|
|
3
3
|
|
|
4
4
|
//#region src/portal-config/typescript-artifact.d.ts
|
|
5
5
|
interface CatalogArtifactInput {
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import { t as buildZodValidatorFromJsonSchema } from "../zod-schema-loader-
|
|
2
|
-
import { t as generateTypescriptCatalogArtifact } from "../typescript-artifact-
|
|
1
|
+
import { t as buildZodValidatorFromJsonSchema } from "../zod-schema-loader-C3I-MnWq.js";
|
|
2
|
+
import { t as generateTypescriptCatalogArtifact } from "../typescript-artifact-EQH4tZ0C.js";
|
|
3
3
|
export { buildZodValidatorFromJsonSchema, generateTypescriptCatalogArtifact };
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
-
import { n as PortalToolRecord, s as JsonObject } from "./catalog-types-BVuB4Ynx.js";
|
|
1
|
+
import { l as JsonValue, n as PortalToolRecord, s as JsonObject } from "./catalog-types-BVuB4Ynx.js";
|
|
2
2
|
import { F as PortalAgentScopeSource, N as PortalAccessPolicyConfig, P as PortalAgentIdentity, S as SkillGraphInput, o as PortalSessionRuntime, r as PortalSession } from "./portal-session-5ksK1G9Z.js";
|
|
3
|
+
import { t as ApprovalTokenCallDigest } from "./hmac-token-B3QdUvuG.js";
|
|
3
4
|
import { Tool } from "@modelcontextprotocol/sdk/types.js";
|
|
4
5
|
|
|
5
6
|
//#region src/core/portal-tools.d.ts
|
|
@@ -113,28 +114,36 @@ type PortalUpstreamEvent = {
|
|
|
113
114
|
readonly kind: 'partial_content';
|
|
114
115
|
};
|
|
115
116
|
interface PortalToolRuntime {
|
|
116
|
-
readonly approval?: (calls: readonly PortalApprovalCall[], identity: PortalAgentIdentity, approvalToken: string | undefined) =>
|
|
117
|
-
readonly kind: 'allow';
|
|
118
|
-
} | {
|
|
119
|
-
readonly kind: 'call_blocked';
|
|
120
|
-
} | {
|
|
121
|
-
readonly kind: 'approval_token_invalid';
|
|
122
|
-
readonly reason: string;
|
|
123
|
-
} | {
|
|
124
|
-
readonly kind: 'approval_token_missing';
|
|
125
|
-
} | {
|
|
126
|
-
readonly kind: 'approval_required';
|
|
127
|
-
readonly level: 'critical' | 'standard';
|
|
128
|
-
};
|
|
117
|
+
readonly approval?: (calls: readonly PortalApprovalCall[], identity: PortalAgentIdentity, approvalToken: string | undefined) => PortalApprovalEvaluation;
|
|
129
118
|
readonly callUpstreamTool: (call: PortalCallUpstreamTool) => Promise<unknown>;
|
|
130
119
|
readonly getSession: (identity: PortalAgentIdentity) => Promise<PortalSession>;
|
|
131
120
|
}
|
|
121
|
+
type PortalApprovalCallDecision = {
|
|
122
|
+
readonly kind: 'allow';
|
|
123
|
+
} | {
|
|
124
|
+
readonly kind: 'approval_configuration_missing';
|
|
125
|
+
} | {
|
|
126
|
+
readonly kind: 'approval_required';
|
|
127
|
+
readonly level: 'critical' | 'standard';
|
|
128
|
+
} | {
|
|
129
|
+
readonly kind: 'approval_token_invalid';
|
|
130
|
+
readonly reason: string;
|
|
131
|
+
} | {
|
|
132
|
+
readonly kind: 'approval_token_missing';
|
|
133
|
+
} | {
|
|
134
|
+
readonly kind: 'call_blocked';
|
|
135
|
+
};
|
|
136
|
+
interface PortalApprovalEvaluation {
|
|
137
|
+
readonly decisionsByCallId: Readonly<Record<string, PortalApprovalCallDecision>>;
|
|
138
|
+
}
|
|
139
|
+
type PortalApprovalCallDigestMap = Readonly<Record<string, ApprovalTokenCallDigest>>;
|
|
132
140
|
interface PortalToolHandlers {
|
|
133
141
|
readonly call: (call: PortalToolHandlerCall) => Promise<PortalBatchResult>;
|
|
134
142
|
readonly describe: (call: PortalToolHandlerCall) => Promise<PortalBatchResult>;
|
|
135
143
|
readonly list: (call: PortalToolHandlerCall) => Promise<PortalBatchResult>;
|
|
136
144
|
readonly search: (call: PortalToolHandlerCall) => Promise<PortalBatchResult>;
|
|
137
145
|
}
|
|
146
|
+
declare function preparePortalApprovalCallDigests(session: PortalSession, input: unknown): PortalApprovalCallDigestMap | null;
|
|
138
147
|
declare function createPortalToolHandlers(runtime: PortalToolRuntime): PortalToolHandlers;
|
|
139
148
|
//#endregion
|
|
140
149
|
//#region src/core/portal-core.d.ts
|
|
@@ -171,11 +180,26 @@ type PortalCoreItemResult = {
|
|
|
171
180
|
};
|
|
172
181
|
interface PortalCoreItemError {
|
|
173
182
|
readonly code: string;
|
|
183
|
+
readonly issues?: readonly PortalCoreValidationIssue[];
|
|
184
|
+
readonly issueCount?: number;
|
|
185
|
+
readonly issuesTruncated?: number;
|
|
174
186
|
readonly message: string;
|
|
175
187
|
readonly namespace?: string;
|
|
176
188
|
readonly toolName?: string;
|
|
177
189
|
readonly upstream?: unknown;
|
|
178
190
|
}
|
|
191
|
+
interface PortalCoreValidationIssue {
|
|
192
|
+
readonly code: string;
|
|
193
|
+
readonly expected?: string;
|
|
194
|
+
readonly keys?: readonly string[];
|
|
195
|
+
readonly message: string;
|
|
196
|
+
readonly path: readonly (number | string)[];
|
|
197
|
+
readonly received?: {
|
|
198
|
+
readonly preview?: string;
|
|
199
|
+
readonly type: string;
|
|
200
|
+
};
|
|
201
|
+
readonly values?: readonly JsonValue[];
|
|
202
|
+
}
|
|
179
203
|
type PortalCoreContentBlock = {
|
|
180
204
|
readonly text: string;
|
|
181
205
|
readonly type: 'text';
|
|
@@ -243,16 +267,16 @@ interface CreatePortalCoreBaseProps {
|
|
|
243
267
|
readonly skills?: readonly SkillGraphInput[];
|
|
244
268
|
readonly upstreamNamespaces: readonly string[];
|
|
245
269
|
}
|
|
246
|
-
|
|
270
|
+
interface CreatePortalCoreProps extends CreatePortalCoreBaseProps {
|
|
247
271
|
readonly approval: PortalApprovalEvaluator;
|
|
248
|
-
|
|
249
|
-
}) | (CreatePortalCoreBaseProps & {
|
|
250
|
-
readonly approval?: never;
|
|
251
|
-
readonly approvalTrustBoundary: 'openclaw-before-tool-call-hook';
|
|
252
|
-
});
|
|
272
|
+
}
|
|
253
273
|
interface PortalCore {
|
|
254
274
|
readonly approval: {
|
|
255
275
|
readonly evaluateCalls: (calls: readonly PortalApprovalCall[], scope: PortalAgentScope, approvalToken: string | undefined) => ReturnType<PortalApprovalEvaluator>;
|
|
276
|
+
readonly prepareCallDigests: (props: {
|
|
277
|
+
readonly input: unknown;
|
|
278
|
+
readonly scope: PortalAgentScope;
|
|
279
|
+
}) => Promise<PortalApprovalCallDigestMap | null>;
|
|
256
280
|
};
|
|
257
281
|
readonly callStream: (call: PortalCoreStreamCall) => AsyncIterable<PortalCoreEvent>;
|
|
258
282
|
readonly close: () => Promise<void>;
|
|
@@ -279,5 +303,5 @@ declare function listPortalCoreToolDescriptors(namespaces?: readonly string[]):
|
|
|
279
303
|
declare function collectPortalCoreResult(events: AsyncIterable<PortalCoreEvent>, options?: PortalCoreCollectOptions): Promise<PortalCoreResult>;
|
|
280
304
|
declare function createPortalCore(props: CreatePortalCoreProps): PortalCore;
|
|
281
305
|
//#endregion
|
|
282
|
-
export {
|
|
283
|
-
//# sourceMappingURL=portal-core-
|
|
306
|
+
export { PortalToolHandlers as A, PortalApprovalEvaluation as C, PortalCallUpstreamTool as D, PortalBatchResult as E, PortalUpstreamEvent as F, createPortalToolHandlers as I, portalToolInputSchemas as L, PortalToolResultMap as M, PortalToolRuntime as N, PortalToolFailure as O, PortalToolSuccess as P, preparePortalApprovalCallDigests as R, PortalApprovalCallDigestMap as S, PortalBatchError as T, collectPortalCoreResult as _, PortalCore as a, PortalApprovalCall as b, PortalCoreEvent as c, PortalCoreResult as d, PortalCoreRuntime as f, PortalCoreValidationIssue as g, PortalCoreToolName as h, PortalAuditEvent as i, PortalToolResult as j, PortalToolHandlerCall as k, PortalCoreItemError as l, PortalCoreToolDescriptor as m, PortalAgentScope as n, PortalCoreCollectOptions as o, PortalCoreStreamCall as p, PortalApprovalEvaluator as r, PortalCoreContentBlock as s, CreatePortalCoreProps as t, PortalCoreItemResult as u, createPortalCore as v, PortalBatchDiagnostic as w, PortalApprovalCallDecision as x, listPortalCoreToolDescriptors as y };
|
|
307
|
+
//# sourceMappingURL=portal-core-B7scBU6I.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"portal-core-B7scBU6I.d.ts","names":[],"sources":["../src/core/portal-tools.ts","../src/core/portal-core.ts"],"mappings":";;;;;;UAmBiB,iBAAA;EAAA,SACP,KAAA,EAAO,QAAA,CAAS,MAAA;EAAA,SAChB,EAAA;EAAA,SACA,MAAA,EAAQ,QAAA,CAAS,MAAA;AAAA;AAAA,UAGV,iBAAA;EAAA,SACP,KAAA;EAAA,SACA,KAAA,EAAO,QAAA,CAAS,MAAA;EAAA,SAChB,EAAA;AAAA;AAAA,KAGE,gBAAA,GAAmB,iBAAA,GAAoB,iBAAA;AAAA,KACvC,mBAAA,GAAsB,QAAA,CAAS,MAAA,SAAe,gBAAA;AAAA,UAEzC,gBAAA;EAAA,SACP,EAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA;AAAA;AAAA,UAGO,qBAAA;EAAA,SACP,YAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;EAAA,SACA,KAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA;AAAA;AAAA,UAGO,iBAAA;EAAA,SACP,WAAA,WAAsB,qBAAA;EAAA,SACtB,MAAA,WAAiB,gBAAA;EAAA,SACjB,EAAA;EAAA,SACA,OAAA,EAAS,mBAAA;AAAA;AAAA,UAGF,kBAAA;EAAA,SACP,SAAA,EAAW,UAAA;EAAA,SACX,EAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA,EAAM,gBAAA;EAAA,SACN,QAAA;AAAA;AAAA,cAyHG,sBAAA;EAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;UAOI,qBAAA;EAAA,SACP,QAAA,EAAU,mBAAA;EAAA,SACV,KAAA;AAAA;AAAA,UAGO,sBAAA;EAAA,SACP,SAAA,EAAW,UAAA;EAAA,SACX,YAAA;EAAA,SACA,SAAA;EAAA,SACA,OAAA,IAAW,KAAA,EAAO,mBAAA,KAAwB,OAAA;EAAA,SAC1C,SAAA;EAAA,SACA,MAAA,GAAS,WAAA;EAAA,SACT,QAAA;AAAA;AAAA,KAGE,mBAAA;EAAA,SAEA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,QAAA;EAAA,SACA,KAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,MAAA;EAAA,SACA,MAAA;AAAA;EAAA,SAGA,OAAA;IAAA,SACK,IAAA;IAAA,SAAuB,IAAA;EAAA;IAAA,SACvB,IAAA;IAAA,SAAuB,KAAA;EAAA;EAAA,SAC5B,IAAA;AAAA;AAAA,UAGK,iBAAA;EAAA,SACP,QAAA,IACR,KAAA,WAAgB,kBAAA,IAChB,QAAA,EAAU,mBAAA,EACV,aAAA,yBACI,wBAAA;EAAA,SACI,gBAAA,GAAmB,IAAA,EAAM,sBAAA,KAA2B,OAAA;EAAA,SACpD,UAAA,GAAa,QAAA,EAAU,mBAAA,KAAwB,OAAA,CAAQ,aAAA;AAAA;AAAA,KAGrD,0BAAA;EAAA,SACE,IAAA;AAAA;EAAA,SACA,IAAA;AAAA;EAAA,SACA,IAAA;EAAA,SAAoC,KAAA;AAAA;EAAA,SACpC,IAAA;EAAA,SAAyC,MAAA;AAAA;EAAA,SACzC,IAAA;AAAA;EAAA,SACA,IAAA;AAAA;AAAA,UAEG,wBAAA;EAAA,SACP,iBAAA,EAAmB,QAAA,CAAS,MAAA,SAAe,0BAAA;AAAA;AAAA,KAGzC,2BAAA,GAA8B,QAAA,CAAS,MAAA,SAAe,uBAAA;AAAA,UAEjD,kBAAA;EAAA,SACP,IAAA,GAAO,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;EAAA,SAC/C,QAAA,GAAW,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;EAAA,SACnD,IAAA,GAAO,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;EAAA,SAC/C,MAAA,GAAS,IAAA,EAAM,qBAAA,KAA0B,OAAA,CAAQ,iBAAA;AAAA;AAAA,iBA2a3C,gCAAA,CACf,OAAA,EAAS,aAAA,EACT,KAAA,YACE,2BAAA;AAAA,iBAwCa,wBAAA,CAAyB,OAAA,EAAS,iBAAA,GAAoB,kBAAA;;;KCxrB1D,gBAAA,GAAmB,mBAAA;AAAA,KAEnB,kBAAA;AAAA,UAMK,gBAAA;EAAA,SACP,YAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;EAAA,SACA,KAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA;AAAA;AAAA,UAGO,gBAAA;EAAA,SACP,WAAA,YAAuB,gBAAA;EAAA,SACvB,OAAA,WAAkB,sBAAA;EAAA,SAClB,KAAA,WAAgB,oBAAA;EAAA,SAChB,iBAAA;AAAA;AAAA,KAGE,oBAAA;EAAA,SAEA,OAAA,WAAkB,sBAAA;EAAA,SAClB,SAAA;EAAA,SACA,MAAA;EAAA,SACA,iBAAA;AAAA;EAAA,SAGA,KAAA,EAAO,mBAAA;EAAA,SACP,SAAA;EAAA,SACA,MAAA;AAAA;AAAA,UAGK,mBAAA;EAAA,SACP,IAAA;EAAA,SACA,MAAA,YAAkB,yBAAA;EAAA,SAClB,UAAA;EAAA,SACA,eAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;EAAA,SACA,QAAA;AAAA;AAAA,UAGO,yBAAA;EAAA,SACP,IAAA;EAAA,SACA,QAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,IAAA;EAAA,SACA,QAAA;IAAA,SACC,OAAA;IAAA,SACA,IAAA;EAAA;EAAA,SAED,MAAA,YAAkB,SAAA;AAAA;AAAA,KAGhB,sBAAA;EAAA,SACE,IAAA;EAAA,SAAuB,IAAA;AAAA;EAAA,SACvB,IAAA;EAAA,SAAuB,KAAA;AAAA;AAAA,KAEzB,eAAA;EAAA,SAEA,IAAA;EAAA,SACA,QAAA,EAAU,kBAAA;AAAA;EAAA,SAGV,IAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA;EAAA,SACA,KAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,MAAA;EAAA,SACA,MAAA;EAAA,SACA,SAAA;AAAA;EAAA,SAGA,OAAA,EAAS,sBAAA;EAAA,SACT,IAAA;EAAA,SACA,SAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,SAAA;EAAA,SACA,MAAA,EAAQ,OAAA,CAAQ,oBAAA;IAAA,SAAiC,MAAA;EAAA;AAAA;EAAA,SAGjD,KAAA,EAAO,mBAAA;EAAA,SACP,IAAA;EAAA,SACA,SAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,MAAA,EAAQ,gBAAA;AAAA;EAAA,SAGR,KAAA;EAAA,SACA,IAAA;AAAA;AAAA,UAGK,oBAAA;EAAA,SACP,KAAA;EAAA,SACA,KAAA,EAAO,gBAAA;EAAA,SACP,MAAA,GAAS,WAAA;EAAA,SACT,QAAA,EAAU,kBAAA;AAAA;AAAA,UAOH,wBAAA;EAAA,SACP,OAAA,IAAW,KAAA,EAAO,eAAA,KAAoB,OAAA;AAAA;AAAA,UAG/B,iBAAA,SAA0B,oBAAA;EAAA,SACjC,gBAAA,EAAkB,iBAAA;AAAA;AAAA,KAGhB,uBAAA,GAA0B,WAAA,CAAY,iBAAA;AAAA,UAExC,yBAAA;EAAA,SACA,YAAA,EAAc,wBAAA;EAAA,SACd,YAAA;EAAA,SACA,OAAA,EAAS,iBAAA;EAAA,SACT,MAAA,YAAkB,eAAA;EAAA,SAClB,kBAAA;AAAA;AAAA,UAGO,qBAAA,SAA8B,yBAAA;EAAA,SACrC,QAAA,EAAU,uBAAA;AAAA;AAAA,UAGH,UAAA;EAAA,SACP,QAAA;IAAA,SACC,aAAA,GACR,KAAA,WAAgB,kBAAA,IAChB,KAAA,EAAO,gBAAA,EACP,aAAA,yBACI,UAAA,CAAW,uBAAA;IAAA,SACP,kBAAA,GAAqB,KAAA;MAAA,SACpB,KAAA;MAAA,SACA,KAAA,EAAO,gBAAA;IAAA,MACX,OAAA,CAAQ,2BAAA;EAAA;EAAA,SAEN,UAAA,GAAa,IAAA,EAAM,oBAAA,KAAyB,aAAA,CAAc,eAAA;EAAA,SAC1D,KAAA,QAAa,OAAA;EAAA,SACb,uBAAA,SAAgC,uBAAA;EAAA,SAChC,gBAAA,GAAmB,KAAA;IAAA,SAClB,OAAA;IAAA,SACA,YAAA;IAAA,SACA,WAAA;IAAA,SACA,SAAA;IAAA,SACA,UAAA;IAAA,SACA,MAAA,EAAQ,sBAAA;EAAA,MACZ,gBAAA;EAAA,SACG,aAAA,GAAgB,KAAA,EAAO,gBAAA,cAA8B,wBAAA;EAAA,SACrD,oBAAA,GAAuB,YAAA,aAAyB,OAAA;EAAA,SAChD,iBAAA,GAAoB,KAAA,EAAO,gBAAA,KAAqB,OAAA;EAAA,SAChD,kBAAA;AAAA;AAAA,UAGO,wBAAA;EAAA,SACP,WAAA;EAAA,SACA,WAAA,EAAa,IAAA;EAAA,SACb,IAAA,EAAM,kBAAA;AAAA;AAAA,iBAkTA,6BAAA,CACf,UAAA,gCACW,wBAAA;AAAA,iBA6BU,uBAAA,CACrB,MAAA,EAAQ,aAAA,CAAc,eAAA,GACtB,OAAA,GAAS,wBAAA,GACP,OAAA,CAAQ,gBAAA;AAAA,iBA8KK,gBAAA,CAAiB,KAAA,EAAO,qBAAA,GAAwB,UAAA"}
|