@aquaclawai/aquarium 1.0.0

package/dist/routes/oauth.js

@@ -0,0 +1,516 @@
+import { Router } from 'express';
+import { randomBytes, createHash } from 'node:crypto';
+import { requireAuth } from '../middleware/auth.js';
+import { config } from '../config.js';
+const router = Router();
+router.use(requireAuth);
+// ─── GitHub Copilot ───────────────────────────────────────────────────────────
+// VS Code Copilot extension's public OAuth client ID — must be this exact value.
+const COPILOT_CLIENT_ID = 'Iv1.b507a08c87ecfe98';
+router.post('/github/device-code', async (req, res) => {
+    try {
+        const response = await fetch('https://github.com/login/device/code', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Accept': 'application/json',
+            },
+            body: JSON.stringify({
+                client_id: COPILOT_CLIENT_ID,
+                scope: 'read:user',
+            }),
+        });
+        if (!response.ok) {
+            const text = await response.text();
+            res.status(502).json({ ok: false, error: `GitHub API error: ${text}` });
+            return;
+        }
+        const data = await response.json();
+        res.json({
+            ok: true,
+            data: {
+                deviceCode: data.device_code,
+                userCode: data.user_code,
+                verificationUri: data.verification_uri,
+                expiresIn: data.expires_in,
+                interval: data.interval,
+            },
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        res.status(500).json({ ok: false, error: message });
+    }
+});
+router.post('/github/poll', async (req, res) => {
+    try {
+        const { deviceCode } = req.body;
+        if (!deviceCode) {
+            res.status(400).json({ ok: false, error: 'Missing deviceCode' });
+            return;
+        }
+        const response = await fetch('https://github.com/login/oauth/access_token', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Accept': 'application/json',
+            },
+            body: JSON.stringify({
+                client_id: COPILOT_CLIENT_ID,
+                device_code: deviceCode,
+                grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+            }),
+        });
+        if (!response.ok) {
+            const text = await response.text();
+            res.status(502).json({ ok: false, error: `GitHub API error: ${text}` });
+            return;
+        }
+        const data = await response.json();
+        if (data.error) {
+            res.json({
+                ok: true,
+                data: {
+                    status: data.error,
+                    description: data.error_description,
+                },
+            });
+            return;
+        }
+        if (data.access_token) {
+            res.json({
+                ok: true,
+                data: {
+                    status: 'success',
+                    accessToken: data.access_token,
+                    tokenType: data.token_type,
+                    scope: data.scope,
+                },
+            });
+            return;
+        }
+        res.json({
+            ok: true,
+            data: { status: 'unknown' },
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        res.status(500).json({ ok: false, error: message });
+    }
+});
+// ─── OpenAI Codex (Device Code → Token Exchange) ─────────────────────────────
+const OPENAI_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
+router.post('/openai/device-code', async (req, res) => {
+    try {
+        const response = await fetch('https://auth.openai.com/api/accounts/deviceauth/usercode', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ client_id: OPENAI_CLIENT_ID }),
+        });
+        if (!response.ok) {
+            const text = await response.text();
+            res.status(502).json({ ok: false, error: `OpenAI API error: ${text}` });
+            return;
+        }
+        const data = await response.json();
+        res.json({
+            ok: true,
+            data: {
+                deviceAuthId: data.device_auth_id,
+                userCode: data.user_code,
+                verificationUri: 'https://auth.openai.com/codex/device',
+                interval: data.interval || 5,
+            },
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        res.status(500).json({ ok: false, error: message });
+    }
+});
+router.post('/openai/poll', async (req, res) => {
+    try {
+        const { deviceAuthId, userCode } = req.body;
+        if (!deviceAuthId || !userCode) {
+            res.status(400).json({ ok: false, error: 'Missing deviceAuthId or userCode' });
+            return;
+        }
+        const pollResponse = await fetch('https://auth.openai.com/api/accounts/deviceauth/token', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                device_auth_id: deviceAuthId,
+                user_code: userCode,
+            }),
+        });
+        // 403/404 means user hasn't authorized yet
+        if (pollResponse.status === 403 || pollResponse.status === 404) {
+            res.json({
+                ok: true,
+                data: { status: 'authorization_pending' },
+            });
+            return;
+        }
+        if (!pollResponse.ok) {
+            const text = await pollResponse.text();
+            res.json({
+                ok: true,
+                data: { status: 'error', description: `OpenAI poll error (${pollResponse.status}): ${text}` },
+            });
+            return;
+        }
+        const pollData = await pollResponse.json();
+        if (!pollData.authorization_code || !pollData.code_verifier) {
+            res.json({
+                ok: true,
+                data: { status: 'authorization_pending' },
+            });
+            return;
+        }
+        const tokenResponse = await fetch('https://auth.openai.com/oauth/token', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: new URLSearchParams({
+                grant_type: 'authorization_code',
+                client_id: OPENAI_CLIENT_ID,
+                code: pollData.authorization_code,
+                code_verifier: pollData.code_verifier,
+                redirect_uri: 'https://auth.openai.com/deviceauth/callback',
+            }),
+        });
+        if (!tokenResponse.ok) {
+            const text = await tokenResponse.text();
+            res.json({
+                ok: true,
+                data: { status: 'error', description: `OpenAI token exchange error: ${text}` },
+            });
+            return;
+        }
+        const tokenData = await tokenResponse.json();
+        res.json({
+            ok: true,
+            data: {
+                status: 'success',
+                accessToken: tokenData.access_token,
+                refreshToken: tokenData.refresh_token,
+                expiresIn: tokenData.expires_in,
+            },
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        res.status(500).json({ ok: false, error: message });
+    }
+});
+// ─── Google Antigravity (Authorization Code + PKCE) ───────────────────────────
+const GOOGLE_CLIENT_ID = process.env.GOOGLE_CLIENT_ID || '';
+const GOOGLE_CLIENT_SECRET = process.env.GOOGLE_CLIENT_SECRET || '';
+const GOOGLE_SCOPES = [
+    'https://www.googleapis.com/auth/cloud-platform',
+    'https://www.googleapis.com/auth/userinfo.email',
+    'https://www.googleapis.com/auth/userinfo.profile',
+].join(' ');
+function getGoogleRedirectUri() {
+    return process.env.GOOGLE_OAUTH_REDIRECT_URI || `${config.corsOrigin}/oauth/google/callback`;
+}
+function getSalevoiceRedirectUri() {
+    return process.env.SALEVOICE_OAUTH_REDIRECT_URI || `${config.corsOrigin}/oauth/salevoice/callback`;
+}
+function generatePKCE() {
+    const verifier = randomBytes(32).toString('base64url');
+    const challenge = createHash('sha256').update(verifier).digest('base64url');
+    return { verifier, challenge };
+}
+// In-memory PKCE verifier store, keyed by state param. Entries auto-expire after 10 minutes.
+const pkceStore = new Map();
+const PKCE_TTL_MS = 10 * 60 * 1000;
+function cleanupPkceStore() {
+    const now = Date.now();
+    for (const [key, entry] of pkceStore) {
+        if (now - entry.createdAt > PKCE_TTL_MS) {
+            pkceStore.delete(key);
+        }
+    }
+}
+/** Shared Google OAuth authorize handler -- parameterized by scopes */
+function handleGoogleAuthorize(scopes, res) {
+    try {
+        cleanupPkceStore();
+        const { verifier, challenge } = generatePKCE();
+        const state = randomBytes(16).toString('hex');
+        pkceStore.set(state, { verifier, createdAt: Date.now() });
+        const params = new URLSearchParams({
+            client_id: GOOGLE_CLIENT_ID,
+            response_type: 'code',
+            redirect_uri: getGoogleRedirectUri(),
+            scope: scopes,
+            code_challenge: challenge,
+            code_challenge_method: 'S256',
+            access_type: 'offline',
+            prompt: 'consent',
+            state,
+        });
+        const authUrl = `https://accounts.google.com/o/oauth2/v2/auth?${params.toString()}`;
+        res.json({
+            ok: true,
+            data: { authUrl, state },
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        res.status(500).json({ ok: false, error: message });
+    }
+}
+router.post('/google/authorize', async (_req, res) => {
+    handleGoogleAuthorize(GOOGLE_SCOPES, res);
+});
+/** Shared Google OAuth token exchange -- same client/secret for all Google variants */
+async function handleGoogleTokenExchange(code, state, res) {
+    try {
+        const entry = pkceStore.get(state);
+        if (!entry) {
+            res.status(400).json({ ok: false, error: 'Invalid or expired state parameter' });
+            return;
+        }
+        pkceStore.delete(state);
+        const tokenResponse = await fetch('https://oauth2.googleapis.com/token', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: new URLSearchParams({
+                client_id: GOOGLE_CLIENT_ID,
+                client_secret: GOOGLE_CLIENT_SECRET,
+                code,
+                grant_type: 'authorization_code',
+                redirect_uri: getGoogleRedirectUri(),
+                code_verifier: entry.verifier,
+            }),
+        });
+        if (!tokenResponse.ok) {
+            const text = await tokenResponse.text();
+            res.status(502).json({ ok: false, error: `Google token error: ${text}` });
+            return;
+        }
+        const tokenData = await tokenResponse.json();
+        if (tokenData.error) {
+            res.status(502).json({
+                ok: false,
+                error: `Google OAuth error: ${tokenData.error_description || tokenData.error}`,
+            });
+            return;
+        }
+        res.json({
+            ok: true,
+            data: {
+                status: 'success',
+                accessToken: tokenData.access_token,
+                refreshToken: tokenData.refresh_token || null,
+                expiresIn: tokenData.expires_in,
+            },
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        res.status(500).json({ ok: false, error: message });
+    }
+}
+router.post('/google/token', async (req, res) => {
+    const { code, state } = req.body;
+    if (!code || !state) {
+        res.status(400).json({ ok: false, error: 'Missing code or state' });
+        return;
+    }
+    await handleGoogleTokenExchange(code, state, res);
+});
+// ─── Qwen (Device Code) ─────────────────────────────────────────────────────
+const QWEN_CLIENT_ID = process.env.QWEN_CLIENT_ID || 'aquarium';
+router.post('/qwen/device-code', async (_req, res) => {
+    try {
+        const response = await fetch('https://oauth.aliyun.com/v1/oauth2/device/code', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Accept': 'application/json',
+            },
+            body: JSON.stringify({
+                client_id: QWEN_CLIENT_ID,
+                scope: 'qwen:api',
+            }),
+        });
+        if (!response.ok) {
+            const text = await response.text();
+            res.status(502).json({ ok: false, error: `Qwen API error: ${text}` });
+            return;
+        }
+        const data = await response.json();
+        res.json({
+            ok: true,
+            data: {
+                deviceCode: data.device_code,
+                userCode: data.user_code,
+                verificationUri: data.verification_uri,
+                interval: data.interval || 5,
+            },
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        res.status(500).json({ ok: false, error: message });
+    }
+});
+router.post('/qwen/poll', async (req, res) => {
+    try {
+        const { deviceCode } = req.body;
+        if (!deviceCode) {
+            res.status(400).json({ ok: false, error: 'Missing deviceCode' });
+            return;
+        }
+        const response = await fetch('https://oauth.aliyun.com/v1/oauth2/token', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Accept': 'application/json',
+            },
+            body: JSON.stringify({
+                client_id: QWEN_CLIENT_ID,
+                device_code: deviceCode,
+                grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+            }),
+        });
+        const data = await response.json();
+        // Handle pending state (error field indicates authorization_pending)
+        if (data.error) {
+            if (data.error === 'authorization_pending' || data.error === 'slow_down') {
+                res.json({
+                    ok: true,
+                    data: {
+                        status: data.error,
+                        description: data.error_description,
+                    },
+                });
+                return;
+            }
+            // Other errors (e.g., expired_token, access_denied)
+            res.json({
+                ok: true,
+                data: {
+                    status: data.error,
+                    description: data.error_description,
+                },
+            });
+            return;
+        }
+        if (data.access_token) {
+            res.json({
+                ok: true,
+                data: {
+                    status: 'success',
+                    accessToken: data.access_token,
+                    refreshToken: data.refresh_token || null,
+                    expiresIn: data.expires_in || null,
+                },
+            });
+            return;
+        }
+        res.json({
+            ok: true,
+            data: { status: 'unknown' },
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        res.status(500).json({ ok: false, error: message });
+    }
+});
+// ─── Google Gemini CLI (PKCE Redirect, Generative Language Scope) ────────────
+// Reuses the same Google OAuth infrastructure (same client ID, same redirect URI)
+// but requests the generative-language scope instead of cloud-platform.
+const GEMINI_CLI_SCOPES = [
+    'https://www.googleapis.com/auth/generativelanguage',
+    'https://www.googleapis.com/auth/userinfo.email',
+].join(' ');
+router.post('/gemini-cli/authorize', async (_req, res) => {
+    handleGoogleAuthorize(GEMINI_CLI_SCOPES, res);
+});
+router.post('/gemini-cli/token', async (req, res) => {
+    const { code, state } = req.body;
+    if (!code || !state) {
+        res.status(400).json({ ok: false, error: 'Missing code or state' });
+        return;
+    }
+    await handleGoogleTokenExchange(code, state, res);
+});
+// ─── MiniMax ─────────────────────────────────────────────────────────────────
+// MiniMax requires a registered client ID and secret that is not publicly
+// available (unlike GitHub Copilot or OpenAI). Users who need MiniMax should
+// authenticate via API key. No OAuth routes are added at this time.
+// ─── SaleVoice / GEO Platform (Authorization Code + PKCE) ─────────────────
+router.post('/salevoice/authorize', async (_req, res) => {
+    try {
+        cleanupPkceStore();
+        const { verifier, challenge } = generatePKCE();
+        const state = randomBytes(16).toString('hex');
+        pkceStore.set(state, { verifier, createdAt: Date.now() });
+        const redirectUri = getSalevoiceRedirectUri();
+        const params = new URLSearchParams({
+            client_id: config.salevoice.clientId,
+            redirect_uri: redirectUri,
+            code_challenge: challenge,
+            code_challenge_method: 'S256',
+            state,
+        });
+        const authUrl = `${config.salevoice.apiUrl}/oauth/authorize?${params.toString()}`;
+        res.json({ ok: true, data: { authUrl, state } });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        res.status(500).json({ ok: false, error: message });
+    }
+});
+router.post('/salevoice/token', async (req, res) => {
+    try {
+        const { code, state } = req.body;
+        if (!code || !state) {
+            res.status(400).json({ ok: false, error: 'Missing code or state' });
+            return;
+        }
+        const entry = pkceStore.get(state);
+        if (!entry) {
+            res.status(400).json({ ok: false, error: 'Invalid or expired state parameter' });
+            return;
+        }
+        pkceStore.delete(state);
+        const redirectUri = getSalevoiceRedirectUri();
+        const tokenResponse = await fetch(`${config.salevoice.apiUrl}/oauth/token`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                grant_type: 'authorization_code',
+                client_id: config.salevoice.clientId,
+                redirect_uri: redirectUri,
+                code,
+                code_verifier: entry.verifier,
+            }),
+        });
+        if (!tokenResponse.ok) {
+            const text = await tokenResponse.text();
+            res.status(502).json({ ok: false, error: `SaleVoice token error: ${text}` });
+            return;
+        }
+        const tokenData = await tokenResponse.json();
+        res.json({
+            ok: true,
+            data: {
+                status: 'success',
+                accessToken: tokenData.access_token,
+                tokenType: tokenData.token_type,
+            },
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        res.status(500).json({ ok: false, error: message });
+    }
+});
+export default router;
+//# sourceMappingURL=oauth.js.map

package/dist/routes/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/routes/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAGtC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;AACxB,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AAExB,iFAAiF;AAEjF,iFAAiF;AACjF,MAAM,iBAAiB,GAAG,sBAAsB,CAAC;AAkBjD,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACpD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,sCAAsC,EAAE;YACnE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;aAC7B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,iBAAiB;gBAC5B,KAAK,EAAE,WAAW;aACnB,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,IAAI,EAAE,EAAwB,CAAC,CAAC;YAC9F,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA8B,CAAC;QAC/D,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI;YACR,IAAI,EAAE;gBACJ,UAAU,EAAE,IAAI,CAAC,WAAW;gBAC5B,QAAQ,EAAE,IAAI,CAAC,SAAS;gBACxB,eAAe,EAAE,IAAI,CAAC,gBAAgB;gBACtC,SAAS,EAAE,IAAI,CAAC,UAAU;gBAC1B,QAAQ,EAAE,IAAI,CAAC,QAAQ;aACxB;SACoB,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAwB,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IAC7C,IAAI,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,IAA8B,CAAC;QAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,EAAwB,CAAC,CAAC;YACvF,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,6CAA6C,EAAE;YAC1E,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;aAC7B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,UAAU;gBACvB,UAAU,EAAE,8CAA8C;aAC3D,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,IAAI,EAAE,EAAwB,CAAC,CAAC;YAC9F,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAyB,CAAC;QAE1D,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE;oBACJ,MAAM,EAAE,IAAI,CAAC,KAAK;oBAClB,WAAW,EAAE,IAAI,CAAC,iBAAiB;iBACpC;aACoB,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE;oBACJ,MAAM,EAAE,SAAS;oBACjB,WAAW,EAAE,IAAI,CAAC,YAAY;oBAC9B,SAAS,EAAE,IAAI,CAAC,UAAU;oBAC1B,KAAK,EAAE,IAAI,CAAC,KAAK;iBAClB;aACoB,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;SACN,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAwB,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,gFAAgF;AAEhF,MAAM,gBAAgB,GAAG,8BAA8B,CAAC;AAqBxD,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACpD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,0DAA0D,EAAE;YACvF,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC;SACtD,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,IAAI,EAAE,EAAwB,CAAC,CAAC;YAC9F,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA8B,CAAC;QAC/D,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI;YACR,IAAI,EAAE;gBACJ,YAAY,EAAE,IAAI,CAAC,cAAc;gBACjC,QAAQ,EAAE,IAAI,CAAC,SAAS;gBACxB,eAAe,EAAE,sCAAsC;gBACvD,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,CAAC;aAC7B;SACoB,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAwB,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IAC7C,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAAkD,CAAC;QAC1F,IAAI,CAAC,YAAY,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,kCAAkC,EAAwB,CAAC,CAAC;YACrG,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,uDAAuD,EAAE;YACxF,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,cAAc,EAAE,YAAY;gBAC5B,SAAS,EAAE,QAAQ;aACpB,CAAC;SACH,CAAC,CAAC;QAEH,2CAA2C;QAC3C,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC/D,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,EAAE,MAAM,EAAE,uBAAuB,EAAE;aACpB,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;YACrB,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;YACvC,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,sBAAsB,YAAY,CAAC,MAAM,MAAM,IAAI,EAAE,EAAE;aACxE,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAwB,CAAC;QAEjE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC5D,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,EAAE,MAAM,EAAE,uBAAuB,EAAE;aACpB,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,qCAAqC,EAAE;YACvE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,oBAAoB;gBAChC,SAAS,EAAE,gBAAgB;gBAC3B,IAAI,EAAE,QAAQ,CAAC,kBAAkB;gBACjC,aAAa,EAAE,QAAQ,CAAC,aAAa;gBACrC,YAAY,EAAE,6CAA6C;aAC5D,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YACxC,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,gCAAgC,IAAI,EAAE,EAAE;aACzD,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,EAAyB,CAAC;QACpE,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI;YACR,IAAI,EAAE;gBACJ,MAAM,EAAE,SAAS;gBACjB,WAAW,EAAE,SAAS,CAAC,YAAY;gBACnC,YAAY,EAAE,SAAS,CAAC,aAAa;gBACrC,SAAS,EAAE,SAAS,CAAC,UAAU;aAChC;SACoB,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAwB,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,EAAE,CAAC;AAC5D,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC;AACpE,MAAM,aAAa,GAAG;IACpB,gDAAgD;IAChD,gDAAgD;IAChD,kDAAkD;CACnD,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAEZ,SAAS,oBAAoB;IAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,GAAG,MAAM,CAAC,UAAU,wBAAwB,CAAC;AAC/F,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO,OAAO,CAAC,GAAG,CAAC,4BAA4B,IAAI,GAAG,MAAM,CAAC,UAAU,2BAA2B,CAAC;AACrG,CAAC;AAED,SAAS,YAAY;IACnB,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5E,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED,6FAA6F;AAC7F,MAAM,SAAS,GAAG,IAAI,GAAG,EAAmD,CAAC;AAC7E,MAAM,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnC,SAAS,gBAAgB;IACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,SAAS,EAAE,CAAC;QACrC,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,GAAG,WAAW,EAAE,CAAC;YACxC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;AACH,CAAC;AAED,uEAAuE;AACvE,SAAS,qBAAqB,CAAC,MAAc,EAAE,GAA+B;IAC5E,IAAI,CAAC;QACH,gBAAgB,EAAE,CAAC;QAEnB,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,EAAE,CAAC;QAC/C,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE9C,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAE1D,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,gBAAgB;YAC3B,aAAa,EAAE,MAAM;YACrB,YAAY,EAAE,oBAAoB,EAAE;YACpC,KAAK,EAAE,MAAM;YACb,cAAc,EAAE,SAAS;YACzB,qBAAqB,EAAE,MAAM;YAC7B,WAAW,EAAE,SAAS;YACtB,MAAM,EAAE,SAAS;YACjB,KAAK;SACN,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,gDAAgD,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QAEpF,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;SACH,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAwB,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC;AAED,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;IACnD,qBAAqB,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;AAC5C,CAAC,CAAC,CAAC;AAYH,uFAAuF;AACvF,KAAK,UAAU,yBAAyB,CAAC,IAAY,EAAE,KAAa,EAAE,GAA+B;IACnG,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAwB,CAAC,CAAC;YACvG,OAAO;QACT,CAAC;QACD,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAExB,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,qCAAqC,EAAE;YACvE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,gBAAgB;gBAC3B,aAAa,EAAE,oBAAoB;gBACnC,IAAI;gBACJ,UAAU,EAAE,oBAAoB;gBAChC,YAAY,EAAE,oBAAoB,EAAE;gBACpC,aAAa,EAAE,KAAK,CAAC,QAAQ;aAC9B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YACxC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,IAAI,EAAE,EAAwB,CAAC,CAAC;YAChG,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,EAAyB,CAAC;QAEpE,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,uBAAuB,SAAS,CAAC,iBAAiB,IAAI,SAAS,CAAC,KAAK,EAAE;aACzD,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI;YACR,IAAI,EAAE;gBACJ,MAAM,EAAE,SAAS;gBACjB,WAAW,EAAE,SAAS,CAAC,YAAY;gBACnC,YAAY,EAAE,SAAS,CAAC,aAAa,IAAI,IAAI;gBAC7C,SAAS,EAAE,SAAS,CAAC,UAAU;aAChC;SACoB,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAwB,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC;AAED,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IAC9C,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAAuC,CAAC;IACpE,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAwB,CAAC,CAAC;QAC1F,OAAO;IACT,CAAC;IACD,MAAM,yBAAyB,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC;AAEH,+EAA+E;AAE/E,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,UAAU,CAAC;AAiBhE,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;IACnD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gDAAgD,EAAE;YAC7E,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;aAC7B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,cAAc;gBACzB,KAAK,EAAE,UAAU;aAClB,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,IAAI,EAAE,EAAwB,CAAC,CAAC;YAC5F,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA4B,CAAC;QAC7D,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI;YACR,IAAI,EAAE;gBACJ,UAAU,EAAE,IAAI,CAAC,WAAW;gBAC5B,QAAQ,EAAE,IAAI,CAAC,SAAS;gBACxB,eAAe,EAAE,IAAI,CAAC,gBAAgB;gBACtC,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,CAAC;aAC7B;SACoB,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAwB,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IAC3C,IAAI,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,IAA8B,CAAC;QAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,EAAwB,CAAC,CAAC;YACvF,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,0CAA0C,EAAE;YACvE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;aAC7B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,cAAc;gBACzB,WAAW,EAAE,UAAU;gBACvB,UAAU,EAAE,8CAA8C;aAC3D,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAuB,CAAC;QAExD,qEAAqE;QACrE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,IAAI,CAAC,KAAK,KAAK,uBAAuB,IAAI,IAAI,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;gBACzE,GAAG,CAAC,IAAI,CAAC;oBACP,EAAE,EAAE,IAAI;oBACR,IAAI,EAAE;wBACJ,MAAM,EAAE,IAAI,CAAC,KAAK;wBAClB,WAAW,EAAE,IAAI,CAAC,iBAAiB;qBACpC;iBACoB,CAAC,CAAC;gBACzB,OAAO;YACT,CAAC;YACD,oDAAoD;YACpD,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE;oBACJ,MAAM,EAAE,IAAI,CAAC,KAAK;oBAClB,WAAW,EAAE,IAAI,CAAC,iBAAiB;iBACpC;aACoB,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE;oBACJ,MAAM,EAAE,SAAS;oBACjB,WAAW,EAAE,IAAI,CAAC,YAAY;oBAC9B,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,IAAI;oBACxC,SAAS,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;iBACnC;aACoB,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;SACN,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAwB,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,gFAAgF;AAChF,kFAAkF;AAClF,wEAAwE;AAExE,MAAM,iBAAiB,GAAG;IACxB,oDAAoD;IACpD,gDAAgD;CACjD,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAEZ,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;IACvD,qBAAqB,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;AAChD,CAAC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IAClD,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAAuC,CAAC;IACpE,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAwB,CAAC,CAAC;QAC1F,OAAO;IACT,CAAC;IACD,MAAM,yBAAyB,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC;AAEH,gFAAgF;AAChF,0EAA0E;AAC1E,6EAA6E;AAC7E,oEAAoE;AAEpE,6EAA6E;AAE7E,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;IACtD,IAAI,CAAC;QACH,gBAAgB,EAAE,CAAC;QACnB,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,EAAE,CAAC;QAC/C,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9C,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAE1D,MAAM,WAAW,GAAG,uBAAuB,EAAE,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ;YACpC,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,SAAS;YACzB,qBAAqB,EAAE,MAAM;YAC7B,KAAK;SACN,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,oBAAoB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QAClF,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAwB,CAAC,CAAC;IACzE,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAwB,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC,CAAC,CAAC;AAOH,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACjD,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAAuC,CAAC;QACpE,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAwB,CAAC,CAAC;YAC1F,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAwB,CAAC,CAAC;YACvG,OAAO;QACT,CAAC;QACD,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAExB,MAAM,WAAW,GAAG,uBAAuB,EAAE,CAAC;QAC9C,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,cAAc,EAAE;YAC1E,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,oBAAoB;gBAChC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ;gBACpC,YAAY,EAAE,WAAW;gBACzB,IAAI;gBACJ,aAAa,EAAE,KAAK,CAAC,QAAQ;aAC9B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YACxC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,IAAI,EAAE,EAAwB,CAAC,CAAC;YACnG,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,EAA4B,CAAC;QACvE,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI;YACR,IAAI,EAAE;gBACJ,MAAM,EAAE,SAAS;gBACjB,WAAW,EAAE,SAAS,CAAC,YAAY;gBACnC,SAAS,EAAE,SAAS,CAAC,UAAU;aAChC;SACoB,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAwB,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,eAAe,MAAM,CAAC"}

package/dist/routes/rpc-proxy.d.ts

@@ -0,0 +1,3 @@
+declare const router: import("express-serve-static-core").Router;
+export default router;
+//# sourceMappingURL=rpc-proxy.d.ts.map

package/dist/routes/rpc-proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rpc-proxy.d.ts","sourceRoot":"","sources":["../../src/routes/rpc-proxy.ts"],"names":[],"mappings":"AA2BA,QAAA,MAAM,MAAM,4CAAW,CAAC;AAmGxB,eAAe,MAAM,CAAC"}

package/dist/routes/rpc-proxy.js

@@ -0,0 +1,116 @@
+import { Router } from 'express';
+import { requireAuth } from '../middleware/auth.js';
+import { getInstance, addSecurityEvent } from '../services/instance-manager.js';
+import { getAgentType } from '../agent-types/registry.js';
+import { scanMessage, SEVERITY_ORDER } from '../services/prompt-guard.js';
+import { getPromptGuardConfig } from '../agent-types/openclaw/security-profiles.js';
+import { broadcast } from '../ws/index.js';
+import { ALLOWED_ATTACHMENT_TYPES, MAX_ATTACHMENT_SIZE, MAX_ATTACHMENTS_PER_MESSAGE } from '@aquarium/shared';
+const ALLOWED_RPC_METHODS = new Set([
+    'chat.send',
+    'chat.abort',
+    'chat.history',
+    'sessions.list',
+    'sessions.patch',
+    'sessions.usage',
+    'sessions.delete',
+    'agents.list',
+    'agents.files.list',
+    'agents.files.get',
+    'agents.files.set',
+    'health',
+    'exec.approval.resolve',
+    'logs.tail',
+]);
+const router = Router();
+router.use(requireAuth);
+router.post('/:id/rpc', async (req, res) => {
+    try {
+        const instance = await getInstance(req.params.id, req.auth.userId);
+        if (!instance) {
+            res.status(404).json({ ok: false, error: 'Instance not found' });
+            return;
+        }
+        if (instance.status !== 'running' || !instance.controlEndpoint) {
+            res.status(400).json({ ok: false, error: 'Instance is not running' });
+            return;
+        }
+        const { method, params } = req.body;
+        if (!method) {
+            res.status(400).json({ ok: false, error: 'Missing method' });
+            return;
+        }
+        if (!ALLOWED_RPC_METHODS.has(method)) {
+            res.status(403).json({ ok: false, error: `RPC method '${method}' is not allowed by platform security policy` });
+            return;
+        }
+        if (method === 'chat.send') {
+            const rawText = params?.text;
+            if (rawText && typeof rawText === 'string') {
+                const guardConfig = getPromptGuardConfig(instance.securityProfile ?? 'standard');
+                if (guardConfig.enabled) {
+                    const scanResult = scanMessage(rawText, guardConfig.customPatterns);
+                    if (scanResult.detected && scanResult.maxSeverity && SEVERITY_ORDER[scanResult.maxSeverity] >= SEVERITY_ORDER[guardConfig.minAlertSeverity]) {
+                        if (guardConfig.logEvents) {
+                            addSecurityEvent(instance.id, scanResult).catch(() => { });
+                        }
+                        if (guardConfig.pushEvents) {
+                            broadcast(instance.id, {
+                                type: 'security_event',
+                                instanceId: instance.id,
+                                payload: {
+                                    category: 'security:prompt_injection_detected',
+                                    severity: scanResult.maxSeverity,
+                                    matchCount: scanResult.matches.length,
+                                    categories: [...new Set(scanResult.matches.map(m => m.category))],
+                                    durationMs: scanResult.durationMs,
+                                    timestamp: new Date().toISOString(),
+                                },
+                            });
+                        }
+                    }
+                }
+            }
+            const attachments = params?.attachments;
+            if (Array.isArray(attachments)) {
+                if (attachments.length > MAX_ATTACHMENTS_PER_MESSAGE) {
+                    res.status(400).json({ ok: false, error: `Too many attachments (max ${MAX_ATTACHMENTS_PER_MESSAGE})` });
+                    return;
+                }
+                for (const att of attachments) {
+                    const a = att;
+                    if (typeof a.mimeType === 'string' && !ALLOWED_ATTACHMENT_TYPES.has(a.mimeType)) {
+                        res.status(400).json({ ok: false, error: `Unsupported attachment type: ${a.mimeType}` });
+                        return;
+                    }
+                    if (typeof a.content === 'string') {
+                        const estimatedBytes = Math.ceil(a.content.length * 3 / 4);
+                        if (estimatedBytes > MAX_ATTACHMENT_SIZE) {
+                            res.status(400).json({ ok: false, error: 'Attachment too large (max 5MB)' });
+                            return;
+                        }
+                    }
+                }
+            }
+        }
+        const { adapter } = getAgentType(instance.agentType);
+        if (!adapter?.translateRPC) {
+            res.status(400).json({ ok: false, error: 'Agent type does not support RPC' });
+            return;
+        }
+        const result = await adapter.translateRPC({
+            method,
+            params: params || {},
+            endpoint: instance.controlEndpoint,
+            token: instance.authToken,
+            instanceId: instance.id,
+        });
+        res.json({ ok: true, data: result });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        res.status(500).json({ ok: false, error: message });
+    }
+});
+export default router;
+//# sourceMappingURL=rpc-proxy.js.map