@apitap/core 1.0.0

package/dist/replay/engine.d.ts

@@ -0,0 +1,53 @@
+import type { SkillFile } from '../types.js';
+import type { AuthManager } from '../auth/manager.js';
+export interface ReplayOptions {
+    /** User-provided parameters for path, query, and body substitution */
+    params?: Record<string, string>;
+    /** Auth manager for token injection (optional) */
+    authManager?: AuthManager;
+    /** Domain for auth lookups (required if authManager provided) */
+    domain?: string;
+    /** Force token refresh before replay (requires authManager) */
+    fresh?: boolean;
+    /** Maximum response size in bytes. If set, truncates large responses. */
+    maxBytes?: number;
+    /** @internal Skip SSRF check — for testing only */
+    _skipSsrfCheck?: boolean;
+}
+export interface ReplayResult {
+    status: number;
+    headers: Record<string, string>;
+    data: unknown;
+    /** Whether tokens were refreshed during this replay */
+    refreshed?: boolean;
+    /** Whether the response was truncated to fit maxBytes */
+    truncated?: boolean;
+}
+/**
+ * Replay a captured API endpoint.
+ *
+ * @param skill - Skill file containing endpoint definitions
+ * @param endpointId - ID of the endpoint to replay
+ * @param optionsOrParams - Either ReplayOptions object or params directly (for backward compat)
+ */
+export declare function replayEndpoint(skill: SkillFile, endpointId: string, optionsOrParams?: ReplayOptions | Record<string, string>): Promise<ReplayResult>;
+export interface BatchReplayRequest {
+    domain: string;
+    endpointId: string;
+    params?: Record<string, string>;
+}
+export interface BatchReplayResult {
+    domain: string;
+    endpointId: string;
+    status: number;
+    data: unknown;
+    error?: string;
+    tier?: string;
+    capturedAt?: string;
+    truncated?: boolean;
+}
+export declare function replayMultiple(requests: BatchReplayRequest[], options?: {
+    skillsDir?: string;
+    maxBytes?: number;
+    _skipSsrfCheck?: boolean;
+}): Promise<BatchReplayResult[]>;

package/dist/replay/engine.js

@@ -0,0 +1,441 @@
+import { substituteBodyVariables } from '../capture/body-variables.js';
+import { parseJwtClaims } from '../capture/entropy.js';
+import { refreshTokens } from '../auth/refresh.js';
+import { truncateResponse } from './truncate.js';
+import { resolveAndValidateUrl } from '../skill/ssrf.js';
+// Header security: prevent header injection from skill files
+const ALLOWED_SKILL_HEADERS = new Set([
+    'accept', 'accept-language', 'accept-encoding',
+    'content-type', 'content-length',
+    'x-requested-with', 'x-api-key',
+    'origin', 'referer',
+    'user-agent',
+    // Auth headers are injected separately from encrypted storage, not from skill file
+]);
+const BLOCKED_HEADERS = new Set([
+    'host', 'x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto',
+    'x-real-ip', 'forwarded', 'via',
+    'cookie', 'set-cookie',
+    'authorization', // Must come from auth manager, not skill file
+    'proxy-authorization',
+    'transfer-encoding', 'te', 'trailer',
+    'connection', 'upgrade',
+]);
+/**
+ * Extract default path param values from an example URL by comparing
+ * it to the parameterized path template.
+ */
+function extractPathDefaults(pathTemplate, exampleUrl) {
+    const defaults = {};
+    try {
+        const examplePath = new URL(exampleUrl).pathname;
+        const templateParts = pathTemplate.split('/');
+        const exampleParts = examplePath.split('/');
+        for (let i = 0; i < templateParts.length && i < exampleParts.length; i++) {
+            if (templateParts[i].startsWith(':')) {
+                const paramName = templateParts[i].slice(1);
+                defaults[paramName] = exampleParts[i];
+            }
+        }
+    }
+    catch {
+        // Invalid example URL — no defaults
+    }
+    return defaults;
+}
+/**
+ * Substitute :param placeholders in a path with values.
+ */
+function substitutePath(pathTemplate, params) {
+    return pathTemplate.replace(/:([a-zA-Z_]+)/g, (match, name) => {
+        return params[name] ?? match;
+    });
+}
+/**
+ * Detect if options object is new-style ReplayOptions or legacy params.
+ * ReplayOptions has keys like authManager, domain, fresh, or params.
+ * Legacy params only have string values.
+ */
+function normalizeOptions(optionsOrParams) {
+    if (!optionsOrParams) {
+        return {};
+    }
+    // Check for ReplayOptions signature (has known option keys or non-string values)
+    const hasOptionKeys = 'authManager' in optionsOrParams ||
+        'domain' in optionsOrParams ||
+        'fresh' in optionsOrParams ||
+        'params' in optionsOrParams ||
+        'maxBytes' in optionsOrParams ||
+        '_skipSsrfCheck' in optionsOrParams;
+    if (hasOptionKeys) {
+        return optionsOrParams;
+    }
+    // Legacy: treat entire object as params
+    return { params: optionsOrParams };
+}
+/**
+ * Wrap a 401/403 response with structured auth guidance.
+ */
+function wrapAuthError(status, originalData, domain) {
+    if (status !== 401 && status !== 403)
+        return originalData;
+    return {
+        status,
+        error: 'Authentication required',
+        suggestion: `Use apitap_auth_request to log in to ${domain}`,
+        domain,
+        originalResponse: originalData,
+    };
+}
+/**
+ * Replay a captured API endpoint.
+ *
+ * @param skill - Skill file containing endpoint definitions
+ * @param endpointId - ID of the endpoint to replay
+ * @param optionsOrParams - Either ReplayOptions object or params directly (for backward compat)
+ */
+export async function replayEndpoint(skill, endpointId, optionsOrParams) {
+    // Normalize options: support both new ReplayOptions and legacy params-only
+    const options = normalizeOptions(optionsOrParams);
+    const { params = {}, authManager, domain } = options;
+    const endpoint = skill.endpoints.find(e => e.id === endpointId);
+    if (!endpoint) {
+        throw new Error(`Endpoint "${endpointId}" not found in skill for ${skill.domain}. ` +
+            `Available: ${skill.endpoints.map(e => e.id).join(', ')}`);
+    }
+    // Resolve path: substitute :param placeholders
+    let resolvedPath = endpoint.path;
+    if (resolvedPath.includes(':')) {
+        const defaults = extractPathDefaults(endpoint.path, endpoint.examples.request.url);
+        const merged = { ...defaults, ...params };
+        resolvedPath = substitutePath(resolvedPath, merged);
+    }
+    const url = new URL(resolvedPath, skill.baseUrl);
+    // Apply query params: start with captured defaults, override with provided params
+    for (const [key, val] of Object.entries(endpoint.queryParams)) {
+        url.searchParams.set(key, val.example);
+    }
+    if (params) {
+        for (const [key, val] of Object.entries(params)) {
+            // Skip path params (already handled above)
+            if (endpoint.path.includes(`:${key}`))
+                continue;
+            // Skip body variables (they have dots in the path)
+            if (key.includes('.'))
+                continue;
+            url.searchParams.set(key, val);
+        }
+    }
+    // SSRF validation — block requests to private/internal IPs and get resolved URL
+    let fetchUrl = url.toString();
+    if (!options._skipSsrfCheck) {
+        const ssrfCheck = await resolveAndValidateUrl(url.toString());
+        if (!ssrfCheck.safe) {
+            throw new Error(`SSRF blocked: ${ssrfCheck.reason}`);
+        }
+        // Use resolved IP to prevent DNS rebinding
+        if (ssrfCheck.resolvedUrl) {
+            fetchUrl = ssrfCheck.resolvedUrl;
+        }
+    }
+    // Prepare request body if present
+    let body;
+    const headers = { ...endpoint.headers };
+    // Filter headers from skill file — block dangerous headers
+    for (const key of Object.keys(headers)) {
+        const lower = key.toLowerCase();
+        if (BLOCKED_HEADERS.has(lower) || (!ALLOWED_SKILL_HEADERS.has(lower) && !lower.startsWith('x-'))) {
+            delete headers[key];
+        }
+    }
+    // If using DNS-pinned URL, preserve original Host header
+    if (fetchUrl !== url.toString()) {
+        headers['host'] = url.hostname;
+    }
+    // Inject auth header from auth manager (if available)
+    if (authManager && domain) {
+        const auth = await authManager.retrieve(domain);
+        if (auth && auth.header && auth.value) {
+            headers[auth.header] = auth.value;
+        }
+    }
+    if (endpoint.requestBody) {
+        let processedBody = endpoint.requestBody.template;
+        // Inject refreshable tokens from storage (v0.8)
+        if (authManager && domain && endpoint.requestBody.refreshableTokens?.length) {
+            const storedTokens = await authManager.retrieveTokens(domain);
+            if (storedTokens) {
+                const tokenValues = {};
+                for (const tokenName of endpoint.requestBody.refreshableTokens) {
+                    if (storedTokens[tokenName]) {
+                        tokenValues[tokenName] = storedTokens[tokenName].value;
+                    }
+                }
+                if (Object.keys(tokenValues).length > 0) {
+                    processedBody = substituteBodyVariables(processedBody, tokenValues);
+                }
+            }
+        }
+        // Substitute user-provided variables
+        if (params && endpoint.requestBody.variables) {
+            processedBody = substituteBodyVariables(processedBody, params);
+        }
+        // Serialize to string
+        if (typeof processedBody === 'object') {
+            body = JSON.stringify(processedBody);
+        }
+        else {
+            body = processedBody;
+        }
+        // Ensure content-type is set
+        if (!headers['content-type']) {
+            headers['content-type'] = endpoint.requestBody.contentType;
+        }
+    }
+    // Proactive JWT expiry check: skip doomed request if token is expired
+    const fresh = options.fresh ?? false;
+    let refreshed = false;
+    if (authManager && domain) {
+        if (fresh) {
+            // --fresh flag: force refresh before replay
+            const refreshResult = await refreshTokens(skill, authManager, { domain, _skipSsrfCheck: options._skipSsrfCheck });
+            if (refreshResult.success) {
+                refreshed = true;
+                // Re-inject fresh auth header
+                const freshAuth = await authManager.retrieve(domain);
+                if (freshAuth) {
+                    headers[freshAuth.header] = freshAuth.value;
+                }
+            }
+        }
+        else {
+            // Proactive: check if JWT is expired (30s buffer for clock skew)
+            const currentAuth = await authManager.retrieve(domain);
+            if (currentAuth?.value) {
+                const raw = currentAuth.value.startsWith('Bearer ')
+                    ? currentAuth.value.slice(7)
+                    : currentAuth.value;
+                const jwt = parseJwtClaims(raw);
+                if (jwt?.exp && jwt.exp < Math.floor(Date.now() / 1000) + 30) {
+                    const refreshResult = await refreshTokens(skill, authManager, { domain, _skipSsrfCheck: options._skipSsrfCheck });
+                    if (refreshResult.success) {
+                        refreshed = true;
+                        const freshAuth = await authManager.retrieve(domain);
+                        if (freshAuth) {
+                            headers[freshAuth.header] = freshAuth.value;
+                        }
+                    }
+                }
+            }
+        }
+    }
+    let response = await fetch(fetchUrl, {
+        method: endpoint.method,
+        headers,
+        body,
+        signal: AbortSignal.timeout(30_000),
+        redirect: 'manual', // Don't auto-follow redirects
+    });
+    // Handle redirects with SSRF validation (single hop only)
+    if (response.status >= 300 && response.status < 400) {
+        const location = response.headers.get('location');
+        if (location) {
+            const redirectUrl = new URL(location, url);
+            let redirectFetchUrl = redirectUrl.toString();
+            if (!options._skipSsrfCheck) {
+                const redirectCheck = await resolveAndValidateUrl(redirectUrl.toString());
+                if (!redirectCheck.safe) {
+                    throw new Error(`Redirect blocked (SSRF): ${redirectCheck.reason}`);
+                }
+                if (redirectCheck.resolvedUrl) {
+                    redirectFetchUrl = redirectCheck.resolvedUrl;
+                    headers['host'] = redirectUrl.hostname;
+                }
+            }
+            // Follow the redirect manually (single hop to prevent chains)
+            response = await fetch(redirectFetchUrl, {
+                method: 'GET', // Redirects typically become GET
+                headers, // Forward headers (already filtered)
+                signal: AbortSignal.timeout(30_000),
+                redirect: 'manual', // Prevent chaining
+            });
+        }
+    }
+    // Reactive: retry on 401/403 if we haven't already refreshed
+    if ((response.status === 401 || response.status === 403) &&
+        !refreshed &&
+        authManager &&
+        domain) {
+        const refreshResult = await refreshTokens(skill, authManager, { domain, _skipSsrfCheck: options._skipSsrfCheck });
+        if (refreshResult.success) {
+            refreshed = true;
+            // Re-inject fresh auth
+            const freshAuth = await authManager.retrieve(domain);
+            if (freshAuth) {
+                headers[freshAuth.header] = freshAuth.value;
+            }
+            // Retry the request
+            let retryResponse = await fetch(fetchUrl, {
+                method: endpoint.method,
+                headers,
+                body,
+                signal: AbortSignal.timeout(30_000),
+                redirect: 'manual',
+            });
+            // Handle redirects on retry (single hop)
+            if (retryResponse.status >= 300 && retryResponse.status < 400) {
+                const location = retryResponse.headers.get('location');
+                if (location) {
+                    const redirectUrl = new URL(location, url);
+                    let retryRedirectFetchUrl = redirectUrl.toString();
+                    if (!options._skipSsrfCheck) {
+                        const redirectCheck = await resolveAndValidateUrl(redirectUrl.toString());
+                        if (!redirectCheck.safe) {
+                            throw new Error(`Redirect blocked (SSRF): ${redirectCheck.reason}`);
+                        }
+                        if (redirectCheck.resolvedUrl) {
+                            retryRedirectFetchUrl = redirectCheck.resolvedUrl;
+                            headers['host'] = redirectUrl.hostname;
+                        }
+                    }
+                    retryResponse = await fetch(retryRedirectFetchUrl, {
+                        method: 'GET',
+                        headers,
+                        signal: AbortSignal.timeout(30_000),
+                        redirect: 'manual',
+                    });
+                }
+            }
+            const retryHeaders = {};
+            retryResponse.headers.forEach((value, key) => {
+                retryHeaders[key] = value;
+            });
+            let retryData;
+            const retryCt = retryResponse.headers.get('content-type') ?? '';
+            const retryText = await retryResponse.text();
+            if (retryCt.includes('json') && retryText.length > 0) {
+                retryData = JSON.parse(retryText);
+            }
+            else {
+                retryData = retryText;
+            }
+            const retryFinalData = (retryResponse.status === 401 || retryResponse.status === 403)
+                ? wrapAuthError(retryResponse.status, retryData, skill.domain)
+                : retryData;
+            if (options.maxBytes) {
+                const truncated = truncateResponse(retryFinalData, { maxBytes: options.maxBytes });
+                return {
+                    status: retryResponse.status,
+                    headers: retryHeaders,
+                    data: truncated.data,
+                    refreshed,
+                    ...(truncated.truncated ? { truncated: true } : {}),
+                };
+            }
+            return {
+                status: retryResponse.status,
+                headers: retryHeaders,
+                data: retryFinalData,
+                refreshed,
+            };
+        }
+    }
+    const responseHeaders = {};
+    response.headers.forEach((value, key) => {
+        responseHeaders[key] = value;
+    });
+    let data;
+    const ct = response.headers.get('content-type') ?? '';
+    const text = await response.text();
+    if (ct.includes('json') && text.length > 0) {
+        data = JSON.parse(text);
+    }
+    else {
+        data = text;
+    }
+    const finalData = (response.status === 401 || response.status === 403)
+        ? wrapAuthError(response.status, data, skill.domain)
+        : data;
+    // Apply truncation if maxBytes is set
+    if (options.maxBytes) {
+        const truncated = truncateResponse(finalData, { maxBytes: options.maxBytes });
+        return {
+            status: response.status,
+            headers: responseHeaders,
+            data: truncated.data,
+            ...(refreshed ? { refreshed } : {}),
+            ...(truncated.truncated ? { truncated: true } : {}),
+        };
+    }
+    return { status: response.status, headers: responseHeaders, data: finalData, ...(refreshed ? { refreshed } : {}) };
+}
+export async function replayMultiple(requests, options = {}) {
+    if (requests.length === 0)
+        return [];
+    const { readSkillFile } = await import('../skill/store.js');
+    const { AuthManager, getMachineId } = await import('../auth/manager.js');
+    // Deduplicate skill file reads
+    const skillCache = new Map();
+    const uniqueDomains = [...new Set(requests.map(r => r.domain))];
+    await Promise.all(uniqueDomains.map(async (domain) => {
+        const skill = await readSkillFile(domain, options.skillsDir);
+        skillCache.set(domain, skill);
+    }));
+    // Shared auth manager
+    const machineId = await getMachineId();
+    const authManager = new AuthManager((await import('node:os')).homedir() + '/.apitap', machineId);
+    // Replay all in parallel
+    const settled = await Promise.allSettled(requests.map(async (req) => {
+        const skill = skillCache.get(req.domain);
+        if (!skill) {
+            return {
+                domain: req.domain,
+                endpointId: req.endpointId,
+                status: 0,
+                data: null,
+                error: `No skill file found for "${req.domain}"`,
+            };
+        }
+        const endpoint = skill.endpoints.find(e => e.id === req.endpointId);
+        const tier = endpoint?.replayability?.tier ?? 'unknown';
+        try {
+            const result = await replayEndpoint(skill, req.endpointId, {
+                params: req.params,
+                authManager,
+                domain: req.domain,
+                maxBytes: options.maxBytes,
+                _skipSsrfCheck: options._skipSsrfCheck,
+            });
+            return {
+                domain: req.domain,
+                endpointId: req.endpointId,
+                status: result.status,
+                data: result.data,
+                tier,
+                capturedAt: skill.capturedAt,
+                ...(result.truncated ? { truncated: true } : {}),
+            };
+        }
+        catch (err) {
+            return {
+                domain: req.domain,
+                endpointId: req.endpointId,
+                status: 0,
+                data: null,
+                error: err.message,
+                tier,
+                capturedAt: skill.capturedAt,
+            };
+        }
+    }));
+    return settled.map((s) => s.status === 'fulfilled'
+        ? s.value
+        : {
+            domain: '',
+            endpointId: '',
+            status: 0,
+            data: null,
+            error: s.reason?.message ?? 'Unknown error',
+        });
+}
+//# sourceMappingURL=engine.js.map

package/dist/replay/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/replay/engine.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAEzD,6DAA6D;AAC7D,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB;IAC9C,cAAc,EAAE,gBAAgB;IAChC,kBAAkB,EAAE,WAAW;IAC/B,QAAQ,EAAE,SAAS;IACnB,YAAY;IACZ,mFAAmF;CACpF,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,MAAM,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,mBAAmB;IAClE,WAAW,EAAE,WAAW,EAAE,KAAK;IAC/B,QAAQ,EAAE,YAAY;IACtB,eAAe,EAAG,8CAA8C;IAChE,qBAAqB;IACrB,mBAAmB,EAAE,IAAI,EAAE,SAAS;IACpC,YAAY,EAAE,SAAS;CACxB,CAAC,CAAC;AA2BH;;;GAGG;AACH,SAAS,mBAAmB,CAC1B,YAAoB,EACpB,UAAkB;IAElB,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC;QACjD,MAAM,aAAa,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,YAAY,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAE5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,IAAI,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzE,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrC,MAAM,SAAS,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC5C,QAAQ,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACrB,YAAoB,EACpB,MAA8B;IAE9B,OAAO,YAAY,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC5D,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;IAC/B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB,CACvB,eAAwD;IAExD,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,iFAAiF;IACjF,MAAM,aAAa,GACjB,aAAa,IAAI,eAAe;QAChC,QAAQ,IAAI,eAAe;QAC3B,OAAO,IAAI,eAAe;QAC1B,QAAQ,IAAI,eAAe;QAC3B,UAAU,IAAI,eAAe;QAC7B,gBAAgB,IAAI,eAAe,CAAC;IAEtC,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,eAAgC,CAAC;IAC1C,CAAC;IAED,wCAAwC;IACxC,OAAO,EAAE,MAAM,EAAE,eAAyC,EAAE,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,MAAc,EACd,YAAqB,EACrB,MAAc;IAEd,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,YAAY,CAAC;IAE1D,OAAO;QACL,MAAM;QACN,KAAK,EAAE,yBAAyB;QAChC,UAAU,EAAE,wCAAwC,MAAM,EAAE;QAC5D,MAAM;QACN,gBAAgB,EAAE,YAAY;KAC/B,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,KAAgB,EAChB,UAAkB,EAClB,eAAwD;IAExD,2EAA2E;IAC3E,MAAM,OAAO,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,EAAE,MAAM,GAAG,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAErD,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,UAAU,CAAC,CAAC;IAChE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CACb,aAAa,UAAU,4BAA4B,KAAK,CAAC,MAAM,IAAI;YACnE,cAAc,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1D,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC;IACjC,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnF,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE,GAAG,MAAM,EAAE,CAAC;QAC1C,YAAY,GAAG,cAAc,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IAEjD,kFAAkF;IAClF,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,EAAE,CAAC;QACX,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAChD,2CAA2C;YAC3C,IAAI,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,GAAG,EAAE,CAAC;gBAAE,SAAS;YAChD,mDAAmD;YACnD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,SAAS;YAChC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,gFAAgF;IAChF,IAAI,QAAQ,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC5B,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,iBAAiB,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;QACvD,CAAC;QACD,2CAA2C;QAC3C,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC;YAC1B,QAAQ,GAAG,SAAS,CAAC,WAAW,CAAC;QACnC,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAwB,CAAC;IAC7B,MAAM,OAAO,GAAG,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC;IAExC,2DAA2D;IAC3D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAChC,IAAI,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACjG,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,IAAI,QAAQ,KAAK,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC;IACjC,CAAC;IAED,sDAAsD;IACtD,IAAI,WAAW,IAAI,MAAM,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACtC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;QACpC,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;QACzB,IAAI,aAAa,GAAG,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC;QAElD,gDAAgD;QAChD,IAAI,WAAW,IAAI,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAAC;YAC5E,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YAC9D,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,WAAW,GAA2B,EAAE,CAAC;gBAC/C,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,WAAW,CAAC,iBAAiB,EAAE,CAAC;oBAC/D,IAAI,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;wBAC5B,WAAW,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC;oBACzD,CAAC;gBACH,CAAC;gBACD,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxC,aAAa,GAAG,uBAAuB,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,IAAI,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,SAAS,EAAE,CAAC;YAC7C,aAAa,GAAG,uBAAuB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjE,CAAC;QAED,sBAAsB;QACtB,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACtC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,aAAa,CAAC;QACvB,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,cAAc,CAAC,GAAG,QAAQ,CAAC,WAAW,CAAC,WAAW,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;IACrC,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,IAAI,WAAW,IAAI,MAAM,EAAE,CAAC;QAC1B,IAAI,KAAK,EAAE,CAAC;YACV,4CAA4C;YAC5C,MAAM,aAAa,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;YAClH,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;gBAC1B,SAAS,GAAG,IAAI,CAAC;gBACjB,8BAA8B;gBAC9B,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC;gBAC9C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,iEAAiE;YACjE,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACvD,IAAI,WAAW,EAAE,KAAK,EAAE,CAAC;gBACvB,MAAM,GAAG,GAAG,WAAW,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;oBACjD,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;oBAC5B,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC;gBACtB,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;gBAChC,IAAI,GAAG,EAAE,GAAG,IAAI,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBAC7D,MAAM,aAAa,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;oBAClH,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;wBAC1B,SAAS,GAAG,IAAI,CAAC;wBACjB,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;wBACrD,IAAI,SAAS,EAAE,CAAC;4BACd,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC;wBAC9C,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;QACnC,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,OAAO;QACP,IAAI;QACJ,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,QAAQ,EAAG,8BAA8B;KACpD,CAAC,CAAC;IAEH,0DAA0D;IAC1D,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAClD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YAC3C,IAAI,gBAAgB,GAAG,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC9C,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC5B,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC1E,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;oBACxB,MAAM,IAAI,KAAK,CAAC,4BAA4B,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;gBACtE,CAAC;gBACD,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;oBAC9B,gBAAgB,GAAG,aAAa,CAAC,WAAW,CAAC;oBAC7C,OAAO,CAAC,MAAM,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC;gBACzC,CAAC;YACH,CAAC;YACD,8DAA8D;YAC9D,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;gBACvC,MAAM,EAAE,KAAK,EAAG,iCAAiC;gBACjD,OAAO,EAAG,qCAAqC;gBAC/C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;gBACnC,QAAQ,EAAE,QAAQ,EAAG,mBAAmB;aACzC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IACE,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC;QACpD,CAAC,SAAS;QACV,WAAW;QACX,MAAM,EACN,CAAC;QACD,MAAM,aAAa,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;QAClH,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;YAC1B,SAAS,GAAG,IAAI,CAAC;YACjB,uBAAuB;YACvB,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACrD,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC;YAC9C,CAAC;YAED,oBAAoB;YACpB,IAAI,aAAa,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBACxC,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,OAAO;gBACP,IAAI;gBACJ,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;gBACnC,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;YAEH,yCAAyC;YACzC,IAAI,aAAa,CAAC,MAAM,IAAI,GAAG,IAAI,aAAa,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBAC9D,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACvD,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;oBAC3C,IAAI,qBAAqB,GAAG,WAAW,CAAC,QAAQ,EAAE,CAAC;oBACnD,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;wBAC5B,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;wBAC1E,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;4BACxB,MAAM,IAAI,KAAK,CAAC,4BAA4B,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;wBACtE,CAAC;wBACD,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;4BAC9B,qBAAqB,GAAG,aAAa,CAAC,WAAW,CAAC;4BAClD,OAAO,CAAC,MAAM,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC;wBACzC,CAAC;oBACH,CAAC;oBACD,aAAa,GAAG,MAAM,KAAK,CAAC,qBAAqB,EAAE;wBACjD,MAAM,EAAE,KAAK;wBACb,OAAO;wBACP,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;wBACnC,QAAQ,EAAE,QAAQ;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,MAAM,YAAY,GAA2B,EAAE,CAAC;YAChD,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBAC3C,YAAY,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,IAAI,SAAkB,CAAC;YACvB,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAChE,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YAC7C,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrD,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,SAAS,GAAG,SAAS,CAAC;YACxB,CAAC;YAED,MAAM,cAAc,GAAG,CAAC,aAAa,CAAC,MAAM,KAAK,GAAG,IAAI,aAAa,CAAC,MAAM,KAAK,GAAG,CAAC;gBACnF,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC;gBAC9D,CAAC,CAAC,SAAS,CAAC;YAEd,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,MAAM,SAAS,GAAG,gBAAgB,CAAC,cAAc,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACnF,OAAO;oBACL,MAAM,EAAE,aAAa,CAAC,MAAM;oBAC5B,OAAO,EAAE,YAAY;oBACrB,IAAI,EAAE,SAAS,CAAC,IAAI;oBACpB,SAAS;oBACT,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACpD,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,MAAM,EAAE,aAAa,CAAC,MAAM;gBAC5B,OAAO,EAAE,YAAY;gBACrB,IAAI,EAAE,cAAc;gBACpB,SAAS;aACV,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACtC,eAAe,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,IAAI,IAAa,CAAC;IAClB,MAAM,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACtD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,IAAI,GAAG,IAAI,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC;QACpE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;QACpD,CAAC,CAAC,IAAI,CAAC;IAET,sCAAsC;IACtC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,SAAS,GAAG,gBAAgB,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9E,OAAO;YACL,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,OAAO,EAAE,eAAe;YACxB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACnC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACpD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;AACrH,CAAC;AAqBD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAA8B,EAC9B,UAA+E,EAAE;IAEjF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAErC,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAC5D,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAEzE,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,GAAG,EAA4B,CAAC;IACvD,MAAM,aAAa,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAChE,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACnD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAC7D,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC,CAAC;IAEJ,sBAAsB;IACtB,MAAM,SAAS,GAAG,MAAM,YAAY,EAAE,CAAC;IACvC,MAAM,WAAW,GAAG,IAAI,WAAW,CACjC,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,EAAE,GAAG,UAAU,EAChD,SAAS,CACV,CAAC;IAEF,yBAAyB;IACzB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CACtC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAA8B,EAAE;QACrD,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,MAAM,EAAE,CAAC;gBACT,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,4BAA4B,GAAG,CAAC,MAAM,GAAG;aACjD,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,UAAU,CAAC,CAAC;QACpE,MAAM,IAAI,GAAG,QAAQ,EAAE,aAAa,EAAE,IAAI,IAAI,SAAS,CAAC;QAExD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,UAAU,EAAE;gBACzD,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,WAAW;gBACX,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,cAAc,EAAE,OAAO,CAAC,cAAc;aACvC,CAAC,CAAC;YACH,OAAO;gBACL,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,IAAI;gBACJ,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACjD,CAAC;QACJ,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO;gBACL,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,MAAM,EAAE,CAAC;gBACT,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,GAAG,CAAC,OAAO;gBAClB,IAAI;gBACJ,UAAU,EAAE,KAAK,CAAC,UAAU;aAC7B,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACvB,CAAC,CAAC,MAAM,KAAK,WAAW;QACtB,CAAC,CAAC,CAAC,CAAC,KAAK;QACT,CAAC,CAAC;YACE,MAAM,EAAE,EAAE;YACV,UAAU,EAAE,EAAE;YACd,MAAM,EAAE,CAAC;YACT,IAAI,EAAE,IAAI;YACV,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,OAAO,IAAI,eAAe;SAC5C,CACN,CAAC;AACJ,CAAC"}

package/dist/replay/truncate.d.ts

@@ -0,0 +1,16 @@
+export interface TruncateOptions {
+    maxBytes?: number;
+}
+export interface TruncateResult {
+    data: unknown;
+    truncated: boolean;
+}
+/**
+ * Truncate a response to fit within maxBytes when serialized as JSON.
+ *
+ * - Arrays: remove items from the end until it fits. If a single item
+ *   exceeds the limit, truncate long string fields within that item.
+ * - Objects: truncate long string fields largest-first.
+ * - Primitives/strings: returned as-is (or sliced if string).
+ */
+export declare function truncateResponse(data: unknown, options?: TruncateOptions): TruncateResult;

package/dist/replay/truncate.js

@@ -0,0 +1,92 @@
+// src/replay/truncate.ts
+const DEFAULT_MAX_BYTES = 50_000;
+const STRING_CAP = 500;
+function byteLength(s) {
+    return Buffer.byteLength(s, 'utf-8');
+}
+/**
+ * Truncate long string fields in an object, largest-first, until
+ * the serialized size is under maxBytes.
+ */
+function truncateObjectStrings(obj, maxBytes) {
+    const result = { ...obj };
+    // Collect string fields with their lengths
+    const stringFields = [];
+    for (const [key, val] of Object.entries(result)) {
+        if (typeof val === 'string' && val.length > STRING_CAP) {
+            stringFields.push({ key, len: val.length });
+        }
+    }
+    // Sort largest first
+    stringFields.sort((a, b) => b.len - a.len);
+    for (const { key } of stringFields) {
+        const val = result[key];
+        result[key] = val.slice(0, STRING_CAP) + '... [truncated]';
+        if (byteLength(JSON.stringify(result)) <= maxBytes)
+            break;
+    }
+    return result;
+}
+/**
+ * Truncate a response to fit within maxBytes when serialized as JSON.
+ *
+ * - Arrays: remove items from the end until it fits. If a single item
+ *   exceeds the limit, truncate long string fields within that item.
+ * - Objects: truncate long string fields largest-first.
+ * - Primitives/strings: returned as-is (or sliced if string).
+ */
+export function truncateResponse(data, options) {
+    const maxBytes = options?.maxBytes ?? DEFAULT_MAX_BYTES;
+    if (data === null || data === undefined) {
+        return { data, truncated: false };
+    }
+    const serialized = JSON.stringify(data);
+    if (byteLength(serialized) <= maxBytes) {
+        return { data, truncated: false };
+    }
+    // Array truncation
+    if (Array.isArray(data)) {
+        const arr = [...data];
+        // Remove items from the end until it fits
+        while (arr.length > 1 && byteLength(JSON.stringify(arr)) > maxBytes) {
+            arr.pop();
+        }
+        // If single item still exceeds limit, truncate strings within it
+        if (arr.length === 1 && byteLength(JSON.stringify(arr)) > maxBytes) {
+            const item = arr[0];
+            if (item && typeof item === 'object' && !Array.isArray(item)) {
+                arr[0] = truncateObjectStrings(item, maxBytes);
+            }
+        }
+        // If still over (e.g. array of primitives), return empty array
+        if (arr.length === 1 && byteLength(JSON.stringify(arr)) > maxBytes) {
+            return { data: [], truncated: true };
+        }
+        return { data: arr, truncated: true };
+    }
+    // Object truncation
+    if (typeof data === 'object') {
+        const result = truncateObjectStrings(data, maxBytes);
+        return { data: result, truncated: true };
+    }
+    // String truncation as last resort
+    if (typeof data === 'string') {
+        // Binary search for the right length
+        let lo = 0;
+        let hi = data.length;
+        const suffix = '... [truncated]';
+        while (lo < hi) {
+            const mid = (lo + hi + 1) >> 1;
+            if (byteLength(JSON.stringify(data.slice(0, mid) + suffix)) <= maxBytes) {
+                lo = mid;
+            }
+            else {
+                hi = mid - 1;
+            }
+        }
+        return { data: data.slice(0, lo) + suffix, truncated: true };
+    }
+    // Numbers, booleans — can't truncate further
+    return { data, truncated: false };
+}
+//# sourceMappingURL=truncate.js.map

package/dist/replay/truncate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"truncate.js","sourceRoot":"","sources":["../../src/replay/truncate.ts"],"names":[],"mappings":"AAAA,yBAAyB;AAWzB,MAAM,iBAAiB,GAAG,MAAM,CAAC;AACjC,MAAM,UAAU,GAAG,GAAG,CAAC;AAEvB,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,GAA4B,EAAE,QAAgB;IAC3E,MAAM,MAAM,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC;IAE1B,2CAA2C;IAC3C,MAAM,YAAY,GAAmC,EAAE,CAAC;IACxD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;YACvD,YAAY,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IAE3C,KAAK,MAAM,EAAE,GAAG,EAAE,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAW,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,iBAAiB,CAAC;QAC3D,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,QAAQ;YAAE,MAAM;IAC5D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAa,EAAE,OAAyB;IACvE,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,iBAAiB,CAAC;IAExD,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACxC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IACpC,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,QAAQ,EAAE,CAAC;QACvC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IACpC,CAAC;IAED,mBAAmB;IACnB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;QAEtB,0CAA0C;QAC1C,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,EAAE,CAAC;YACpE,GAAG,CAAC,GAAG,EAAE,CAAC;QACZ,CAAC;QAED,iEAAiE;QACjE,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,EAAE,CAAC;YACnE,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7D,GAAG,CAAC,CAAC,CAAC,GAAG,qBAAqB,CAAC,IAA+B,EAAE,QAAQ,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,EAAE,CAAC;YACnE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QACvC,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IACxC,CAAC;IAED,oBAAoB;IACpB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAA+B,EAAE,QAAQ,CAAC,CAAC;QAChF,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC3C,CAAC;IAED,mCAAmC;IACnC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,qCAAqC;QACrC,IAAI,EAAE,GAAG,CAAC,CAAC;QACX,IAAI,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QACrB,MAAM,MAAM,GAAG,iBAAiB,CAAC;QACjC,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACxE,EAAE,GAAG,GAAG,CAAC;YACX,CAAC;iBAAM,CAAC;gBACN,EAAE,GAAG,GAAG,GAAG,CAAC,CAAC;YACf,CAAC;QACH,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC/D,CAAC;IAED,6CAA6C;IAC7C,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AACpC,CAAC"}

package/dist/serve.d.ts

@@ -0,0 +1,31 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import type { SkillFile } from './types.js';
+export interface ServeTool {
+    name: string;
+    description: string;
+    endpointId: string;
+    inputSchema: {
+        type: 'object';
+        properties: Record<string, {
+            type: string;
+            description: string;
+        }>;
+        required: string[];
+    };
+}
+/**
+ * Build MCP tool definitions from a skill file's endpoints.
+ * Each endpoint becomes one tool named `domain_endpointId`.
+ */
+export declare function buildServeTools(skill: SkillFile): ServeTool[];
+export interface ServeOptions {
+    skillsDir?: string;
+    noAuth?: boolean;
+    /** @internal Skip SSRF validation — for testing only */
+    _skipSsrfCheck?: boolean;
+}
+/**
+ * Create an MCP server that exposes a skill file's endpoints as tools.
+ * Each endpoint becomes a callable tool that delegates to the replay engine.
+ */
+export declare function createServeServer(domain: string, options?: ServeOptions): Promise<McpServer>;