@aws/lsp-codewhisperer 0.0.75 → 0.0.76

package/out/language-server/agenticChat/tools/mcp/mcpOauthClient.js

@@ -0,0 +1,422 @@
+"use strict";
+/*!
+ * Copyright Amazon.com, Inc. or its affiliates.
+ * All Rights Reserved. SPDX-License-Identifier: Apache-2.0
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthClient = void 0;
+const crypto = require("crypto");
+const path = require("path");
+const url_1 = require("url");
+const http = require("http");
+const os = require("os");
+class OAuthClient {
+    static logger;
+    static workspace;
+    static lsp;
+    static initialize(ws, logger, lsp) {
+        this.workspace = ws;
+        this.logger = logger;
+        this.lsp = lsp;
+    }
+    /**
+     * Return a valid Bearer token, reusing cache or refresh-token if possible,
+     * otherwise (when interactive) driving one PKCE flow that may launch a browser.
+     */
+    static async getValidAccessToken(mcpBase, opts = { interactive: false }) {
+        const interactive = opts?.interactive === true;
+        const key = this.computeKey(mcpBase);
+        const regPath = path.join(this.cacheDir, `${key}.registration.json`);
+        const tokPath = path.join(this.cacheDir, `${key}.token.json`);
+        // ===== Silent branch: try cached token, then refresh, never opens a browser =====
+        if (!interactive) {
+            // 1) cached access token
+            const cachedTok = await this.read(tokPath);
+            if (cachedTok) {
+                const expiry = cachedTok.obtained_at + cachedTok.expires_in * 1000;
+                if (Date.now() < expiry) {
+                    this.logger.info(`OAuth: using still-valid cached token (silent)`);
+                    return cachedTok.access_token;
+                }
+                this.logger.info(`OAuth: cached token expired → try refresh (silent)`);
+            }
+            // 2) refresh-token grant (if we have registration and refresh token)
+            const savedReg = await this.read(regPath);
+            if (cachedTok?.refresh_token && savedReg) {
+                try {
+                    const meta = await this.discoverAS(mcpBase);
+                    const refreshed = await this.refreshGrant(meta, savedReg, mcpBase, cachedTok.refresh_token);
+                    if (refreshed) {
+                        await this.write(tokPath, refreshed);
+                        this.logger.info(`OAuth: refresh grant succeeded (silent)`);
+                        return refreshed.access_token;
+                    }
+                    this.logger.info(`OAuth: refresh grant did not succeed (silent)`);
+                }
+                catch (e) {
+                    this.logger.warn(`OAuth: silent refresh failed — ${e instanceof Error ? e.message : String(e)}`);
+                }
+            }
+            // 3) no token in silent mode → caller should surface auth-required UI
+            return undefined;
+        }
+        // ===== Interactive branch: may open a browser (PKCE) =====
+        // 1) Spin up (or reuse) loopback server + redirect URI
+        let server = null;
+        let redirectUri;
+        const savedReg = await this.read(regPath);
+        if (savedReg) {
+            const port = Number(new url_1.URL(savedReg.redirect_uri).port);
+            const normalized = `http://127.0.0.1:${port}`;
+            server = http.createServer();
+            try {
+                await this.listen(server, port, '127.0.0.1');
+                redirectUri = normalized;
+                this.logger.info(`OAuth: reusing redirect URI ${redirectUri}`);
+            }
+            catch (e) {
+                if (e.code === 'EADDRINUSE') {
+                    try {
+                        server.close();
+                    }
+                    catch {
+                        /* ignore */
+                    }
+                    this.logger.warn(`Port ${port} in use; falling back to new random port`);
+                    ({ server, redirectUri } = await this.buildCallbackServer());
+                    this.logger.info(`OAuth: new redirect URI ${redirectUri}`);
+                    await this.workspace.fs.rm(regPath);
+                }
+                else {
+                    throw e;
+                }
+            }
+        }
+        else {
+            const created = await this.buildCallbackServer();
+            server = created.server;
+            redirectUri = created.redirectUri;
+            this.logger.info(`OAuth: new redirect URI ${redirectUri}`);
+        }
+        try {
+            // 2) Try still-valid cached access_token
+            const cached = await this.read(tokPath);
+            if (cached) {
+                const expiry = cached.obtained_at + cached.expires_in * 1000;
+                if (Date.now() < expiry) {
+                    this.logger.info(`OAuth: using still-valid cached token`);
+                    return cached.access_token;
+                }
+                this.logger.info(`OAuth: cached token expired → try refresh`);
+            }
+            // 3) Discover AS metadata
+            let meta;
+            try {
+                meta = await this.discoverAS(mcpBase);
+            }
+            catch (e) {
+                throw new Error(`OAuth discovery failed: ${e?.message ?? String(e)}`);
+            }
+            // 4) Register (or reuse) a dynamic client
+            const scopes = ['openid', 'offline_access'];
+            let reg;
+            try {
+                reg = await this.obtainClient(meta, regPath, scopes, redirectUri);
+            }
+            catch (e) {
+                throw new Error(`OAuth client registration failed: ${e?.message ?? String(e)}`);
+            }
+            // 5) Refresh-token grant (one shot)
+            const attemptedRefresh = !!cached?.refresh_token;
+            if (cached?.refresh_token) {
+                const refreshed = await this.refreshGrant(meta, reg, mcpBase, cached.refresh_token);
+                if (refreshed) {
+                    await this.write(tokPath, refreshed);
+                    this.logger.info(`OAuth: refresh grant succeeded`);
+                    return refreshed.access_token;
+                }
+                this.logger.info(`OAuth: refresh grant failed`);
+            }
+            // 6) PKCE interactive flow
+            try {
+                const fresh = await this.pkceGrant(meta, reg, mcpBase, scopes, redirectUri, server);
+                await this.write(tokPath, fresh);
+                return fresh.access_token;
+            }
+            catch (e) {
+                const suffix = attemptedRefresh ? ' after refresh attempt' : '';
+                throw new Error(`OAuth authorization (PKCE) failed${suffix}: ${e?.message ?? String(e)}`);
+            }
+        }
+        finally {
+            if (server) {
+                await new Promise(res => server.close(() => res()));
+            }
+        }
+    }
+    /** Spin up a one‑time HTTP listener on localhost:randomPort */
+    static async buildCallbackServer() {
+        const server = http.createServer();
+        await this.listen(server, 0, '127.0.0.1');
+        const port = server.address().port;
+        return { server, redirectUri: `http://127.0.0.1:${port}` };
+    }
+    /** Discover OAuth endpoints by HEAD/WWW‑Authenticate, well‑known, or fallback */
+    static async discoverAS(rs) {
+        // a) HEAD → WWW‑Authenticate → resource_metadata
+        try {
+            this.logger.info('MCP OAuth: attempting discovery via WWW-Authenticate header');
+            const h = await this.fetchCompat(rs.toString(), { method: 'HEAD' });
+            const header = h.headers.get('www-authenticate') || '';
+            const m = /resource_metadata=(?:"([^"]+)"|([^,\s]+))/i.exec(header);
+            if (m) {
+                const metaUrl = new url_1.URL(m[1] || m[2], rs).toString();
+                this.logger.info(`OAuth: resource_metadata → ${metaUrl}`);
+                const raw = await this.json(metaUrl);
+                return await this.fetchASFromResourceMeta(raw, metaUrl);
+            }
+        }
+        catch {
+            this.logger.info('MCP OAuth: no resource_metadata found in WWW-Authenticate header');
+        }
+        // b) well‑known on resource host
+        this.logger.info('MCP OAuth: attempting discovery via well-known endpoints');
+        const probes = [
+            new url_1.URL('.well-known/oauth-authorization-server', rs).toString(),
+            new url_1.URL('.well-known/openid-configuration', rs).toString(),
+            `${rs.origin}/.well-known/oauth-authorization-server`,
+            `${rs.origin}/.well-known/openid-configuration`,
+        ];
+        for (const url of probes) {
+            try {
+                this.logger.info(`MCP OAuth: probing well-known endpoint → ${url}`);
+                return await this.json(url);
+            }
+            catch (error) {
+                this.logger.info(`OAuth: well-known endpoint probe failed for ${url}`);
+            }
+        }
+        // c) fallback to static OAuth2 endpoints
+        const base = (rs.origin + rs.pathname).replace(/\/+$/, '');
+        this.logger.warn(`OAuth: all discovery attempts failed, synthesizing endpoints from ${base}`);
+        return {
+            authorization_endpoint: `${base}/authorize`,
+            token_endpoint: `${base}/access_token`,
+        };
+    }
+    /** Follow `authorization_server(s)` in resource_metadata JSON */
+    static async fetchASFromResourceMeta(raw, metaUrl) {
+        let asBase = raw.authorization_server;
+        if (!asBase && Array.isArray(raw.authorization_servers)) {
+            asBase = raw.authorization_servers[0];
+        }
+        if (!asBase) {
+            throw new Error(`resource_metadata at ${metaUrl} lacked authorization_server(s)`);
+        }
+        // Attempt both OAuth‑AS and OIDC well‑known
+        for (const p of ['.well-known/oauth-authorization-server', '.well-known/openid-configuration']) {
+            try {
+                return await this.json(new url_1.URL(p, asBase).toString());
+            }
+            catch {
+                // next
+            }
+        }
+        // fallback to static OAuth2 endpoints
+        this.logger.warn(`OAuth: no well-known on ${asBase}, falling back to static endpoints`);
+        return {
+            authorization_endpoint: `${asBase}/authorize`,
+            token_endpoint: `${asBase}/access_token`,
+        };
+    }
+    /** DCR: POST client metadata → client_id; cache to disk */
+    static async obtainClient(meta, file, scopes, redirectUri) {
+        const existing = await this.read(file);
+        if (existing && (!existing.expires_at || existing.expires_at * 1000 > Date.now())) {
+            this.logger.info(`OAuth: reusing client_id ${existing.client_id}`);
+            return existing;
+        }
+        if (!meta.registration_endpoint) {
+            throw new Error('OAuth: AS does not support dynamic registration');
+        }
+        const body = {
+            client_name: 'AWS MCP LSP',
+            grant_types: ['authorization_code', 'refresh_token'],
+            response_types: ['code'],
+            token_endpoint_auth_method: 'none',
+            scope: scopes.join(' '),
+            redirect_uris: [redirectUri],
+        };
+        const resp = await this.json(meta.registration_endpoint, {
+            method: 'POST',
+            headers: { 'content-type': 'application/json' },
+            body: JSON.stringify(body),
+        });
+        const reg = {
+            client_id: resp.client_id,
+            client_secret: resp.client_secret,
+            expires_at: resp.client_secret_expires_at,
+            redirect_uri: redirectUri,
+        };
+        await this.write(file, reg);
+        return reg;
+    }
+    /** Try one refresh_token grant; returns new Token or `undefined` */
+    static async refreshGrant(meta, reg, rs, refresh) {
+        const form = new url_1.URLSearchParams({
+            grant_type: 'refresh_token',
+            refresh_token: refresh,
+            client_id: reg.client_id,
+            resource: rs.toString(),
+        });
+        const res = await this.fetchCompat(meta.token_endpoint, {
+            method: 'POST',
+            headers: { 'content-type': 'application/x-www-form-urlencoded' },
+            body: form,
+        });
+        if (!res.ok) {
+            const msg = await res.text().catch(() => '');
+            this.logger.warn(`OAuth: refresh grant HTTP ${res.status} — ${msg?.slice(0, 300)}`);
+            return undefined;
+        }
+        const tokenResponse = (await res.json());
+        return { ...tokenResponse, obtained_at: Date.now() };
+    }
+    /** One PKCE flow: browser + loopback → code → token */
+    static async pkceGrant(meta, reg, rs, scopes, redirectUri, server) {
+        const DEFAULT_PKCE_TIMEOUT_MS = 90_000;
+        // a) generate PKCE params
+        const verifier = this.b64url(crypto.randomBytes(32));
+        const challenge = this.b64url(crypto.createHash('sha256').update(verifier).digest());
+        const state = this.b64url(crypto.randomBytes(16));
+        // b) build authorize URL + launch browser
+        const authz = new url_1.URL(meta.authorization_endpoint);
+        authz.search = new url_1.URLSearchParams({
+            client_id: reg.client_id,
+            response_type: 'code',
+            code_challenge: challenge,
+            code_challenge_method: 'S256',
+            resource: rs.toString(),
+            scope: scopes.join(' '),
+            redirect_uri: redirectUri,
+            state: state,
+        }).toString();
+        await this.lsp.window.showDocument({ uri: authz.toString(), external: true });
+        // c) wait for code on our loopback
+        const waitForFlow = new Promise(resolve => {
+            server.on('request', (req, res) => {
+                const u = new url_1.URL(req.url || '/', redirectUri);
+                const c = u.searchParams.get('code') || '';
+                const s = u.searchParams.get('state') || '';
+                const e = u.searchParams.get('error') || undefined;
+                const ed = u.searchParams.get('error_description') || undefined;
+                res.writeHead(200, { 'content-type': 'text/html' }).end('<h2>You may close this tab.</h2>');
+                resolve({ code: c, rxState: s, err: e, errDesc: ed });
+            });
+        });
+        const { code, rxState, err, errDesc } = await Promise.race([
+            waitForFlow,
+            new Promise((_, reject) => setTimeout(() => reject(new Error('authorization_timed_out')), DEFAULT_PKCE_TIMEOUT_MS)),
+        ]);
+        if (err) {
+            throw new Error(`Authorization error: ${err}${errDesc ? ` - ${errDesc}` : ''}`);
+        }
+        if (!code || rxState !== state)
+            throw new Error('Invalid authorization response (state mismatch)');
+        // d) exchange code for token
+        const form2 = new url_1.URLSearchParams({
+            grant_type: 'authorization_code',
+            code,
+            code_verifier: verifier,
+            client_id: reg.client_id,
+            redirect_uri: redirectUri,
+            resource: rs.toString(),
+        });
+        const res2 = await this.fetchCompat(meta.token_endpoint, {
+            method: 'POST',
+            headers: { 'content-type': 'application/x-www-form-urlencoded' },
+            body: form2,
+        });
+        if (!res2.ok) {
+            const txt = await res2.text().catch(() => '');
+            throw new Error(`Token exchange failed (HTTP ${res2.status}): ${txt?.slice(0, 300)}`);
+        }
+        const tk = (await res2.json());
+        return { ...tk, obtained_at: Date.now() };
+    }
+    /** Fetch + error‑check + parse JSON */
+    static async json(url, init) {
+        const r = await this.fetchCompat(url, init);
+        if (!r.ok) {
+            const txt = await r.text().catch(() => '');
+            throw new Error(`HTTP ${r.status}@${url} — ${txt}`);
+        }
+        return (await r.json());
+    }
+    /** Read & parse JSON file via workspace.fs */
+    static async read(file) {
+        try {
+            if (!(await this.workspace.fs.exists(file)))
+                return undefined;
+            const buf = await this.workspace.fs.readFile(file);
+            return JSON.parse(buf.toString());
+        }
+        catch {
+            return undefined;
+        }
+    }
+    /** Write JSON, then clamp file perms to 0600 (owner read/write) */
+    static async write(file, obj) {
+        const dir = path.dirname(file);
+        await this.workspace.fs.mkdir(dir, { recursive: true });
+        await this.workspace.fs.writeFile(file, JSON.stringify(obj, null, 2), { mode: 0o600 });
+    }
+    /** SHA‑256 of resourceServer URL → hex key */
+    static computeKey(rs) {
+        return crypto
+            .createHash('sha256')
+            .update(rs.origin + rs.pathname)
+            .digest('hex');
+    }
+    /** RFC‑7636 base64url without padding */
+    static b64url(buf) {
+        return buf.toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
+    }
+    /** Directory for caching registration + tokens */
+    static cacheDir = path.join(os.homedir(), '.aws', 'sso', 'cache');
+    /**
+     * Await server.listen() but reject if it emits 'error' (eg EADDRINUSE),
+     * so callers can handle it immediately instead of hanging.
+     */
+    static listen(server, port, host = '127.0.0.1') {
+        return new Promise((resolve, reject) => {
+            const onListening = () => {
+                server.off('error', onError);
+                resolve();
+            };
+            const onError = (err) => {
+                server.off('listening', onListening);
+                reject(err);
+            };
+            server.once('listening', onListening);
+            server.once('error', onError);
+            server.listen(port, host);
+        });
+    }
+    /**
+     * Fetch compatibility: use global fetch on Node >= 18, otherwise dynamically import('node-fetch').
+     * Using Function('return import(...)') avoids downleveling to require() in CJS builds.
+     */
+    static async fetchCompat(url, init) {
+        const globalObj = globalThis;
+        if (typeof globalObj.fetch === 'function') {
+            return globalObj.fetch(url, init);
+        }
+        // Dynamic import of ESM node-fetch (only when global fetch is unavailable)
+        const mod = await Function('return import("node-fetch")')();
+        const f = mod.default ?? mod;
+        return f(url, init);
+    }
+}
+exports.OAuthClient = OAuthClient;
+//# sourceMappingURL=mcpOauthClient.js.map

package/out/language-server/agenticChat/tools/mcp/mcpOauthClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcpOauthClient.js","sourceRoot":"","sources":["../../../../../src/language-server/agenticChat/tools/mcp/mcpOauthClient.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAGH,iCAAgC;AAChC,6BAA4B;AAE5B,6BAA0C;AAC1C,6BAA4B;AAC5B,yBAAwB;AAuBxB,MAAa,WAAW;IACZ,MAAM,CAAC,MAAM,CAAQ;IACrB,MAAM,CAAC,SAAS,CAAW;IAC3B,MAAM,CAAC,GAAG,CAAK;IAEhB,MAAM,CAAC,UAAU,CAAC,EAAa,EAAE,MAAc,EAAE,GAAQ;QAC5D,IAAI,CAAC,SAAS,GAAG,EAAE,CAAA;QACnB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAA;IAClB,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,mBAAmB,CACnC,OAAY,EACZ,OAAkC,EAAE,WAAW,EAAE,KAAK,EAAE;QAExD,MAAM,WAAW,GAAG,IAAI,EAAE,WAAW,KAAK,IAAI,CAAA;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,GAAG,oBAAoB,CAAC,CAAA;QACpE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,GAAG,aAAa,CAAC,CAAA;QAE7D,mFAAmF;QACnF,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,yBAAyB;YACzB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAQ,OAAO,CAAC,CAAA;YACjD,IAAI,SAAS,EAAE,CAAC;gBACZ,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,GAAG,SAAS,CAAC,UAAU,GAAG,IAAI,CAAA;gBAClE,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAA;oBAClE,OAAO,SAAS,CAAC,YAAY,CAAA;gBACjC,CAAC;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAA;YAC1E,CAAC;YAED,qEAAqE;YACrE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAe,OAAO,CAAC,CAAA;YACvD,IAAI,SAAS,EAAE,aAAa,IAAI,QAAQ,EAAE,CAAC;gBACvC,IAAI,CAAC;oBACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;oBAC3C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,aAAa,CAAC,CAAA;oBAC3F,IAAI,SAAS,EAAE,CAAC;wBACZ,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;wBACpC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAA;wBAC3D,OAAO,SAAS,CAAC,YAAY,CAAA;oBACjC,CAAC;oBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAA;gBACrE,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACT,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;gBACpG,CAAC;YACL,CAAC;YAED,sEAAsE;YACtE,OAAO,SAAS,CAAA;QACpB,CAAC;QAED,4DAA4D;QAC5D,uDAAuD;QACvD,IAAI,MAAM,GAAuB,IAAI,CAAA;QACrC,IAAI,WAAmB,CAAA;QACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAe,OAAO,CAAC,CAAA;QACvD,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,SAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,CAAA;YACxD,MAAM,UAAU,GAAG,oBAAoB,IAAI,EAAE,CAAA;YAC7C,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,CAAA;YAC5B,IAAI,CAAC;gBACD,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,CAAC,CAAA;gBAC5C,WAAW,GAAG,UAAU,CAAA;gBACxB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,WAAW,EAAE,CAAC,CAAA;YAClE,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBACd,IAAI,CAAC,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAC1B,IAAI,CAAC;wBACD,MAAM,CAAC,KAAK,EAAE,CAAA;oBAClB,CAAC;oBAAC,MAAM,CAAC;wBACL,YAAY;oBAChB,CAAC;oBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,0CAA0C,CAAC,CACvE;oBAAA,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAA;oBAC7D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,WAAW,EAAE,CAAC,CAAA;oBAC1D,MAAM,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,CAAA;gBACvC,CAAC;qBAAM,CAAC;oBACJ,MAAM,CAAC,CAAA;gBACX,CAAC;YACL,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAA;YAChD,MAAM,GAAG,OAAO,CAAC,MAAM,CAAA;YACvB,WAAW,GAAG,OAAO,CAAC,WAAW,CAAA;YACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,WAAW,EAAE,CAAC,CAAA;QAC9D,CAAC;QAED,IAAI,CAAC;YACD,yCAAyC;YACzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAQ,OAAO,CAAC,CAAA;YAC9C,IAAI,MAAM,EAAE,CAAC;gBACT,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAA;gBAC5D,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;oBACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAA;oBACzD,OAAO,MAAM,CAAC,YAAY,CAAA;gBAC9B,CAAC;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAA;YACjE,CAAC;YAED,0BAA0B;YAC1B,IAAI,IAAU,CAAA;YACd,IAAI,CAAC;gBACD,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;YACzC,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;YACzE,CAAC;YAED,0CAA0C;YAC1C,MAAM,MAAM,GAAG,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAA;YAC3C,IAAI,GAAiB,CAAA;YACrB,IAAI,CAAC;gBACD,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAA;YACrE,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;YACnF,CAAC;YAED,oCAAoC;YACpC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,EAAE,aAAa,CAAA;YAChD,IAAI,MAAM,EAAE,aAAa,EAAE,CAAC;gBACxB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,aAAa,CAAC,CAAA;gBACnF,IAAI,SAAS,EAAE,CAAC;oBACZ,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;oBACpC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAA;oBAClD,OAAO,SAAS,CAAC,YAAY,CAAA;gBACjC,CAAC;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAA;YACnD,CAAC;YAED,2BAA2B;YAC3B,IAAI,CAAC;gBACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,CAAA;gBACnF,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;gBAChC,OAAO,KAAK,CAAC,YAAY,CAAA;YAC7B,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBACd,MAAM,MAAM,GAAG,gBAAgB,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,EAAE,CAAA;gBAC/D,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,KAAK,CAAC,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;YAC7F,CAAC;QACL,CAAC;gBAAS,CAAC;YACP,IAAI,MAAM,EAAE,CAAC;gBACT,MAAM,IAAI,OAAO,CAAO,GAAG,CAAC,EAAE,CAAC,MAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;YAC9D,CAAC;QACL,CAAC;IACL,CAAC;IAED,+DAA+D;IACvD,MAAM,CAAC,KAAK,CAAC,mBAAmB;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,CAAA;QAClC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,WAAW,CAAC,CAAA;QACzC,MAAM,IAAI,GAAI,MAAM,CAAC,OAAO,EAAU,CAAC,IAAc,CAAA;QACrD,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,oBAAoB,IAAI,EAAE,EAAE,CAAA;IAC9D,CAAC;IAED,iFAAiF;IACzE,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,EAAO;QACnC,iDAAiD;QACjD,IAAI,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAA;YAC/E,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;YACnE,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAA;YACtD,MAAM,CAAC,GAAG,4CAA4C,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YACnE,IAAI,CAAC,EAAE,CAAC;gBACJ,MAAM,OAAO,GAAG,IAAI,SAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAA;gBACpD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAA;gBACzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAM,OAAO,CAAC,CAAA;gBACzC,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YAC3D,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACL,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAA;QACxF,CAAC;QAED,iCAAiC;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAA;QAC5E,MAAM,MAAM,GAAG;YACX,IAAI,SAAG,CAAC,wCAAwC,EAAE,EAAE,CAAC,CAAC,QAAQ,EAAE;YAChE,IAAI,SAAG,CAAC,kCAAkC,EAAE,EAAE,CAAC,CAAC,QAAQ,EAAE;YAC1D,GAAG,EAAE,CAAC,MAAM,yCAAyC;YACrD,GAAG,EAAE,CAAC,MAAM,mCAAmC;SAClD,CAAA;QACD,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACvB,IAAI,CAAC;gBACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,GAAG,EAAE,CAAC,CAAA;gBACnE,OAAO,MAAM,IAAI,CAAC,IAAI,CAAO,GAAG,CAAC,CAAA;YACrC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+CAA+C,GAAG,EAAE,CAAC,CAAA;YAC1E,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,MAAM,IAAI,GAAG,CAAC,EAAE,CAAC,MAAM,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;QAC1D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qEAAqE,IAAI,EAAE,CAAC,CAAA;QAC7F,OAAO;YACH,sBAAsB,EAAE,GAAG,IAAI,YAAY;YAC3C,cAAc,EAAE,GAAG,IAAI,eAAe;SACzC,CAAA;IACL,CAAC;IAED,iEAAiE;IACzD,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,GAAQ,EAAE,OAAe;QAClE,IAAI,MAAM,GAAG,GAAG,CAAC,oBAAoB,CAAA;QACrC,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACtD,MAAM,GAAG,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QACzC,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,iCAAiC,CAAC,CAAA;QACrF,CAAC;QAED,4CAA4C;QAC5C,KAAK,MAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE,kCAAkC,CAAC,EAAE,CAAC;YAC7F,IAAI,CAAC;gBACD,OAAO,MAAM,IAAI,CAAC,IAAI,CAAO,IAAI,SAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;YAC/D,CAAC;YAAC,MAAM,CAAC;gBACL,OAAO;YACX,CAAC;QACL,CAAC;QACD,sCAAsC;QACtC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,MAAM,oCAAoC,CAAC,CAAA;QACvF,OAAO;YACH,sBAAsB,EAAE,GAAG,MAAM,YAAY;YAC7C,cAAc,EAAE,GAAG,MAAM,eAAe;SAC3C,CAAA;IACL,CAAC;IAED,2DAA2D;IACnD,MAAM,CAAC,KAAK,CAAC,YAAY,CAC7B,IAAU,EACV,IAAY,EACZ,MAAgB,EAChB,WAAmB;QAEnB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAe,IAAI,CAAC,CAAA;QACpD,IAAI,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;YAChF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAA;YAClE,OAAO,QAAQ,CAAA;QACnB,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,IAAI,GAAG;YACT,WAAW,EAAE,aAAa;YAC1B,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACpD,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,0BAA0B,EAAE,MAAM;YAClC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACvB,aAAa,EAAE,CAAC,WAAW,CAAC;SAC/B,CAAA;QACD,MAAM,IAAI,GAAQ,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE;YAC1D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC7B,CAAC,CAAA;QAEF,MAAM,GAAG,GAAiB;YACtB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,UAAU,EAAE,IAAI,CAAC,wBAAwB;YACzC,YAAY,EAAE,WAAW;SAC5B,CAAA;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;QAC3B,OAAO,GAAG,CAAA;IACd,CAAC;IAED,oEAAoE;IAC5D,MAAM,CAAC,KAAK,CAAC,YAAY,CAC7B,IAAU,EACV,GAAiB,EACjB,EAAO,EACP,OAAe;QAEf,MAAM,IAAI,GAAG,IAAI,qBAAe,CAAC;YAC7B,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,OAAO;YACtB,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,QAAQ,EAAE,EAAE,CAAC,QAAQ,EAAE;SAC1B,CAAC,CAAA;QACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,cAAc,EAAE;YACpD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI;SACb,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACV,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAA;YAC5C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,GAAG,CAAC,MAAM,MAAM,GAAG,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;YACnF,OAAO,SAAS,CAAA;QACpB,CAAC;QACD,MAAM,aAAa,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAA;QACnE,OAAO,EAAE,GAAI,aAAwB,EAAE,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,EAAW,CAAA;IAC7E,CAAC;IAED,uDAAuD;IAC/C,MAAM,CAAC,KAAK,CAAC,SAAS,CAC1B,IAAU,EACV,GAAiB,EACjB,EAAO,EACP,MAAgB,EAChB,WAAmB,EACnB,MAAmB;QAEnB,MAAM,uBAAuB,GAAG,MAAM,CAAA;QACtC,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;QACpF,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QAEjD,0CAA0C;QAC1C,MAAM,KAAK,GAAG,IAAI,SAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAA;QAClD,KAAK,CAAC,MAAM,GAAG,IAAI,qBAAe,CAAC;YAC/B,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,aAAa,EAAE,MAAM;YACrB,cAAc,EAAE,SAAS;YACzB,qBAAqB,EAAE,MAAM;YAC7B,QAAQ,EAAE,EAAE,CAAC,QAAQ,EAAE;YACvB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACvB,YAAY,EAAE,WAAW;YACzB,KAAK,EAAE,KAAK;SACf,CAAC,CAAC,QAAQ,EAAE,CAAA;QAEb,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;QAE7E,mCAAmC;QACnC,MAAM,WAAW,GAAG,IAAI,OAAO,CAAoE,OAAO,CAAC,EAAE;YACzG,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC9B,MAAM,CAAC,GAAG,IAAI,SAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,WAAW,CAAC,CAAA;gBAC9C,MAAM,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAA;gBAC1C,MAAM,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAA;gBAC3C,MAAM,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAA;gBAClD,MAAM,EAAE,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,SAAS,CAAA;gBAC/D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAA;gBAC3F,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAA;YACzD,CAAC,CAAC,CAAA;QACN,CAAC,CAAC,CAAA;QACF,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;YACvD,WAAW;YACX,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC7B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,EAAE,uBAAuB,CAAC,CAC1F;SACJ,CAAC,CAAA;QACF,IAAI,GAAG,EAAE,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QACnF,CAAC;QACD,IAAI,CAAC,IAAI,IAAI,OAAO,KAAK,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAA;QAElG,6BAA6B;QAC7B,MAAM,KAAK,GAAG,IAAI,qBAAe,CAAC;YAC9B,UAAU,EAAE,oBAAoB;YAChC,IAAI;YACJ,aAAa,EAAE,QAAQ;YACvB,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,YAAY,EAAE,WAAW;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ,EAAE;SAC1B,CAAC,CAAA;QACF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,cAAc,EAAE;YACrD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,KAAK;SACd,CAAC,CAAA;QACF,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAA;YAC7C,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,MAAM,MAAM,GAAG,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;QACzF,CAAC;QACD,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA4B,CAAA;QACzD,OAAO,EAAE,GAAI,EAAa,EAAE,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,EAAW,CAAA;IAClE,CAAC;IAED,uCAAuC;IAC/B,MAAM,CAAC,KAAK,CAAC,IAAI,CAAI,GAAW,EAAE,IAAkB;QACxD,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QAC3C,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAA;YAC1C,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,MAAM,IAAI,GAAG,MAAM,GAAG,EAAE,CAAC,CAAA;QACvD,CAAC;QACD,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAM,CAAA;IAChC,CAAC;IAED,8CAA8C;IACtC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAI,IAAY;QACrC,IAAI,CAAC;YACD,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAAE,OAAO,SAAS,CAAA;YAC7D,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;YAClD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAM,CAAA;QAC1C,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,SAAS,CAAA;QACpB,CAAC;IACL,CAAC;IAED,mEAAmE;IAC3D,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAY,EAAE,GAAY;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QAC9B,MAAM,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;QACvD,MAAM,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;IAC1F,CAAC;IAED,8CAA8C;IACtC,MAAM,CAAC,UAAU,CAAC,EAAO;QAC7B,OAAO,MAAM;aACR,UAAU,CAAC,QAAQ,CAAC;aACpB,MAAM,CAAC,EAAE,CAAC,MAAM,GAAG,EAAE,CAAC,QAAQ,CAAC;aAC/B,MAAM,CAAC,KAAK,CAAC,CAAA;IACtB,CAAC;IAED,yCAAyC;IACjC,MAAM,CAAC,MAAM,CAAC,GAAW;QAC7B,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAC3F,CAAC;IAED,kDAAkD;IAC1C,MAAM,CAAU,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;IAElF;;;OAGG;IACK,MAAM,CAAC,MAAM,CAAC,MAAmB,EAAE,IAAY,EAAE,OAAe,WAAW;QAC/E,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACnC,MAAM,WAAW,GAAG,GAAG,EAAE;gBACrB,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;gBAC5B,OAAO,EAAE,CAAA;YACb,CAAC,CAAA;YACD,MAAM,OAAO,GAAG,CAAC,GAA0B,EAAE,EAAE;gBAC3C,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,CAAA;gBACpC,MAAM,CAAC,GAAG,CAAC,CAAA;YACf,CAAC,CAAA;YACD,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAA;YACrC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;YAC7B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QAC7B,CAAC,CAAC,CAAA;IACN,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,GAAW,EAAE,IAAkB;QAC5D,MAAM,SAAS,GAAG,UAAiB,CAAA;QACnC,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;YACxC,OAAO,SAAS,CAAC,KAAK,CAAC,GAAU,EAAE,IAAW,CAAC,CAAA;QACnD,CAAC;QACD,2EAA2E;QAC3E,MAAM,GAAG,GAAG,MAAO,QAAQ,CAAC,6BAA6B,CAAC,EAAmB,CAAA;QAC7E,MAAM,CAAC,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAA;QAC5B,OAAO,CAAC,CAAC,GAAU,EAAE,IAAW,CAAC,CAAA;IACrC,CAAC;;AAhcL,kCAicC"}

package/out/language-server/agenticChat/tools/mcp/mcpUtils.d.ts

@@ -74,6 +74,10 @@ export declare function normalizePathFromUri(path: string, logging?: Logger): st
  */
 export declare function migrateToAgentConfig(workspace: Workspace, logging: Logger, agent: Agent): Promise<void>;
 export declare function saveAgentConfig(workspace: Workspace, logging: Logger, config: AgentConfig, configPath: string): Promise<void>;
+/**
+ * Save only server-specific changes to agent config file
+ */
+export declare function saveServerSpecificAgentConfig(workspace: Workspace, logging: Logger, serverName: string, serverConfig: any, serverTools: string[], serverAllowedTools: string[], configPath: string): Promise<void>;
 export declare const MAX_TOOL_NAME_LENGTH = 64;
 /**
  * Create a namespaced tool name from server and tool names.

package/out/language-server/agenticChat/tools/mcp/mcpUtils.js

@@ -21,6 +21,7 @@ exports.sanitizeName = sanitizeName;
 exports.normalizePathFromUri = normalizePathFromUri;
 exports.migrateToAgentConfig = migrateToAgentConfig;
 exports.saveAgentConfig = saveAgentConfig;
+exports.saveServerSpecificAgentConfig = saveServerSpecificAgentConfig;
 exports.createNamespacedToolName = createNamespacedToolName;
 const vscode_uri_1 = require("vscode-uri");
 const mcpTypes_1 = require("./mcpTypes");
@@ -168,7 +169,9 @@ const DEFAULT_AGENT_RAW = `{
     "README.md",
     ".amazonq/rules/**/*.md"
   ],
-  "resources": []
+  "resources": [],
+  "createHooks": [],
+  "promptHooks": []
 }`;
 const DEFAULT_PERSONA_RAW = `{
   "mcpServers": [
@@ -725,43 +728,35 @@ async function migrateConfigToAgent(workspace, logging, configPath, personaPath,
     const normalizedConfigPath = normalizePathFromUri(configPath, logging);
     const normalizedPersonaPath = normalizePathFromUri(personaPath, logging);
     agentPath = normalizePathFromUri(agentPath);
-    // Check if agent config exists
+    // Check if config and agent files exist
+    const configExists = await workspace.fs.exists(normalizedConfigPath).catch(() => false);
     const agentExists = await workspace.fs.exists(agentPath).catch(() => false);
-    // Load existing agent config if it exists
-    let existingAgentConfig;
+    // Only migrate if agent file does not exist
+    // If config exists, migrate from it; if not, create default agent config
     if (agentExists) {
-        try {
-            const raw = (await workspace.fs.readFile(agentPath)).toString().trim();
-            existingAgentConfig = raw ? JSON.parse(raw) : undefined;
-        }
-        catch (err) {
-            logging.warn(`Failed to read existing agent config at ${agentPath}: ${err}`);
-        }
+        return;
     }
     // Read MCP server configs directly from file
     const serverConfigs = {};
     try {
-        const configExists = await workspace.fs.exists(normalizedConfigPath);
-        if (configExists) {
-            const raw = (await workspace.fs.readFile(normalizedConfigPath)).toString().trim();
-            if (raw) {
-                const config = JSON.parse(raw);
-                if (config.mcpServers && typeof config.mcpServers === 'object') {
-                    // Add each server to the serverConfigs
-                    for (const [name, serverConfig] of Object.entries(config.mcpServers)) {
-                        serverConfigs[name] = {
-                            command: serverConfig.command,
-                            args: Array.isArray(serverConfig.args) ? serverConfig.args : undefined,
-                            env: typeof serverConfig.env === 'object' ? serverConfig.env : undefined,
-                            initializationTimeout: typeof serverConfig.initializationTimeout === 'number'
-                                ? serverConfig.initializationTimeout
-                                : undefined,
-                            timeout: typeof serverConfig.timeout === 'number'
-                                ? serverConfig.timeout
-                                : undefined,
-                        };
-                        logging.info(`Added server ${name} to serverConfigs`);
-                    }
+        const raw = (await workspace.fs.readFile(normalizedConfigPath)).toString().trim();
+        if (raw) {
+            const config = JSON.parse(raw);
+            if (config.mcpServers && typeof config.mcpServers === 'object') {
+                // Add each server to the serverConfigs
+                for (const [name, serverConfig] of Object.entries(config.mcpServers)) {
+                    serverConfigs[name] = {
+                        command: serverConfig.command,
+                        args: Array.isArray(serverConfig.args) ? serverConfig.args : undefined,
+                        env: typeof serverConfig.env === 'object' ? serverConfig.env : undefined,
+                        initializationTimeout: typeof serverConfig.initializationTimeout === 'number'
+                            ? serverConfig.initializationTimeout
+                            : undefined,
+                        timeout: typeof serverConfig.timeout === 'number'
+                            ? serverConfig.timeout
+                            : undefined,
+                    };
+                    logging.info(`Added server ${name} to serverConfigs`);
                 }
             }
         }
@@ -787,45 +782,21 @@ async function migrateConfigToAgent(workspace, logging, configPath, personaPath,
         logging.warn(`Failed to read persona config at ${normalizedPersonaPath}: ${err}`);
     }
     // Convert to agent config
-    const newAgentConfig = convertPersonaToAgent(personaConfig, serverConfigs, agent);
-    newAgentConfig.includedFiles = ['AmazonQ.md', 'README.md', '.amazonq/rules/**/*.md'];
-    newAgentConfig.resources = []; // Initialize with empty array
-    // Merge with existing config if available
-    let finalAgentConfig;
-    if (existingAgentConfig) {
-        // Keep existing metadata
-        finalAgentConfig = {
-            ...existingAgentConfig,
-            // Merge MCP servers, keeping existing ones if they exist
-            mcpServers: {
-                ...newAgentConfig.mcpServers,
-                ...existingAgentConfig.mcpServers,
-            },
-            // Merge tools lists without duplicates
-            tools: [...new Set([...existingAgentConfig.tools, ...newAgentConfig.tools])],
-            allowedTools: [...new Set([...existingAgentConfig.allowedTools, ...newAgentConfig.allowedTools])],
-            // Merge tool settings, preferring existing ones
-            toolsSettings: {
-                ...newAgentConfig.toolsSettings,
-                ...existingAgentConfig.toolsSettings,
-            },
-            // Keep other properties from existing config
-            includedFiles: existingAgentConfig.includedFiles || newAgentConfig.includedFiles,
-            createHooks: existingAgentConfig.createHooks || newAgentConfig.createHooks,
-            promptHooks: [
-                ...new Set([...(existingAgentConfig.promptHooks || []), ...(newAgentConfig.promptHooks || [])]),
-            ],
-            resources: [...new Set([...(existingAgentConfig.resources || []), ...(newAgentConfig.resources || [])])],
-        };
-    }
-    else {
-        finalAgentConfig = newAgentConfig;
-        logging.info(`Using new config (no existing config to merge)`);
-    }
+    const agentConfig = convertPersonaToAgent(personaConfig, serverConfigs, agent);
+    // Parse default values from DEFAULT_AGENT_RAW
+    const defaultAgent = JSON.parse(DEFAULT_AGENT_RAW);
+    // Add complete agent format sections using default values
+    agentConfig.name = defaultAgent.name;
+    agentConfig.description = defaultAgent.description;
+    agentConfig.version = defaultAgent.version;
+    agentConfig.includedFiles = defaultAgent.includedFiles;
+    agentConfig.resources = defaultAgent.resources;
+    agentConfig.createHooks = defaultAgent.createHooks;
+    agentConfig.promptHooks = defaultAgent.promptHooks;
     // Save agent config
     try {
-        await saveAgentConfig(workspace, logging, finalAgentConfig, agentPath);
-        logging.info(`Successfully ${existingAgentConfig ? 'updated' : 'created'} agent config at ${agentPath}`);
+        await saveAgentConfig(workspace, logging, agentConfig, agentPath);
+        logging.info(`Successfully created agent config at ${agentPath}`);
     }
     catch (err) {
         logging.error(`Failed to save agent config to ${agentPath}: ${err}`);
@@ -844,6 +815,55 @@ async function saveAgentConfig(workspace, logging, config, configPath) {
         throw err;
     }
 }
+/**
+ * Save only server-specific changes to agent config file
+ */
+async function saveServerSpecificAgentConfig(workspace, logging, serverName, serverConfig, serverTools, serverAllowedTools, configPath) {
+    try {
+        await workspace.fs.mkdir(path.dirname(configPath), { recursive: true });
+        // Read existing config
+        let existingConfig;
+        try {
+            const raw = await workspace.fs.readFile(configPath);
+            existingConfig = JSON.parse(raw.toString());
+        }
+        catch {
+            // If file doesn't exist, create minimal config
+            existingConfig = {
+                name: 'default-agent',
+                version: '1.0.0',
+                description: 'Agent configuration',
+                mcpServers: {},
+                tools: [],
+                allowedTools: [],
+                toolsSettings: {},
+                includedFiles: [],
+                resources: [],
+            };
+        }
+        // Remove existing server tools from arrays
+        const serverPrefix = `@${serverName}`;
+        existingConfig.tools = existingConfig.tools.filter(tool => tool !== serverPrefix && !tool.startsWith(`${serverPrefix}/`));
+        existingConfig.allowedTools = existingConfig.allowedTools.filter(tool => tool !== serverPrefix && !tool.startsWith(`${serverPrefix}/`));
+        if (serverConfig === null) {
+            // Remove server entirely
+            delete existingConfig.mcpServers[serverName];
+        }
+        else {
+            // Update or add server
+            existingConfig.mcpServers[serverName] = serverConfig;
+            // Add new server tools
+            existingConfig.tools.push(...serverTools);
+            existingConfig.allowedTools.push(...serverAllowedTools);
+        }
+        await workspace.fs.writeFile(configPath, JSON.stringify(existingConfig, null, 2));
+        logging.info(`Saved server-specific agent config for ${serverName} to ${configPath}`);
+    }
+    catch (err) {
+        logging.error(`Failed to save server-specific agent config to ${configPath}: ${err.message}`);
+        throw err;
+    }
+}
 exports.MAX_TOOL_NAME_LENGTH = 64;
 /**
  * Create a namespaced tool name from server and tool names.