@codemation/host 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. package/CHANGELOG.md +43 -0
  2. package/dist/{AppConfigFactory-CvpFScwB.js → AppConfigFactory-C6q-CSKb.js} +7 -6
  3. package/dist/{AppConfigFactory-CvpFScwB.js.map → AppConfigFactory-C6q-CSKb.js.map} +1 -1
  4. package/dist/{AppConfigFactory-LK76niPc.d.ts → AppConfigFactory-YnveXE9k.d.ts} +40 -4
  5. package/dist/{AppContainerFactory-BlLrm6_h.js → AppContainerFactory-qaqc-R1D.js} +21 -13
  6. package/dist/AppContainerFactory-qaqc-R1D.js.map +1 -0
  7. package/dist/{CodemationAppContext-CvWi5gey.d.ts → CodemationAppContext-DRu1Dpri.d.ts} +3 -3
  8. package/dist/{CodemationAuthoring.types-BuKNTDC1.d.ts → CodemationAuthoring.types-fBRppnmi.d.ts} +4 -4
  9. package/dist/{CodemationConfigNormalizer-CYdR0PR5.d.ts → CodemationConfigNormalizer-DVko3cVN.d.ts} +3 -3
  10. package/dist/{CodemationConsumerConfigLoader-C3nAj9Bj.d.ts → CodemationConsumerConfigLoader-DJWr86f-.d.ts} +2 -2
  11. package/dist/{CodemationPluginListMerger-D-gwVwtw.d.ts → CodemationPluginListMerger-DGc-jfa2.d.ts} +7 -7
  12. package/dist/{CredentialContractsRegistry-D7mcPed2.d.ts → CredentialContractsRegistry-DrMIDSw8.d.ts} +2 -2
  13. package/dist/CredentialServices-CgxwguAv.js.map +1 -1
  14. package/dist/{CredentialServices-DdCEP2xt.d.ts → CredentialServices-UfvHB-rN.d.ts} +4 -4
  15. package/dist/{ItemsInputNormalizer-D1WppVMU.d.ts → ItemsInputNormalizer-C-KHg9Mo.d.ts} +20 -1
  16. package/dist/{PublicFrontendBootstrapFactory-BMWqNM9a.d.ts → PublicFrontendBootstrapFactory-Cb2pLmDd.d.ts} +2 -2
  17. package/dist/{TelemetryContracts-BsOD_Y17.d.ts → TelemetryContracts-DbaNomrH.d.ts} +2 -2
  18. package/dist/{WorkflowPolicyUiPresentationFactory-DNE5oAI6.d.ts → WorkflowPolicyUiPresentationFactory-DQEY-h_S.d.ts} +2 -2
  19. package/dist/{WorkflowViewContracts-0ZgsHQdp.d.ts → WorkflowViewContracts-CzK2KFuz.d.ts} +6 -1
  20. package/dist/authoring.d.ts +4 -4
  21. package/dist/consumer.d.ts +5 -5
  22. package/dist/credentials.d.ts +5 -5
  23. package/dist/devServerSidecar.d.ts +2 -2
  24. package/dist/dto.d.ts +5 -5
  25. package/dist/{index-BlGs9e9Q.d.ts → index-BbBk26m0.d.ts} +2 -2
  26. package/dist/index.d.ts +15 -15
  27. package/dist/index.js +4 -4
  28. package/dist/mapping.d.ts +2 -2
  29. package/dist/nextServer.d.ts +12 -12
  30. package/dist/nextServer.js +2 -2
  31. package/dist/{persistenceServer-CpNFYa_q.js → persistenceServer-CmsIKnO9.js} +2 -2
  32. package/dist/{persistenceServer-CpNFYa_q.js.map → persistenceServer-CmsIKnO9.js.map} +1 -1
  33. package/dist/{persistenceServer-CIVt3UOX.d.ts → persistenceServer-vtJAGDat.d.ts} +2 -2
  34. package/dist/persistenceServer.d.ts +6 -6
  35. package/dist/persistenceServer.js +2 -2
  36. package/dist/{server-BK43OKxW.js → server-CJFfY67o.js} +3 -3
  37. package/dist/{server-BK43OKxW.js.map → server-CJFfY67o.js.map} +1 -1
  38. package/dist/{server-CQWdkT7t.d.ts → server-MUNGsBYK.d.ts} +5 -5
  39. package/dist/server.d.ts +10 -10
  40. package/dist/server.js +4 -4
  41. package/package.json +5 -5
  42. package/prisma/migrations/20260507120000_execution_instance_child_run_id/migration.sql +5 -0
  43. package/prisma/migrations.sqlite/20260507120000_execution_instance_child_run_id/migration.sql +5 -0
  44. package/prisma/schema.postgresql.prisma +1 -0
  45. package/prisma/schema.sqlite.prisma +1 -0
  46. package/prisma-generated/prisma-postgresql-client/edge.js +6 -5
  47. package/prisma-generated/prisma-postgresql-client/index-browser.js +2 -1
  48. package/prisma-generated/prisma-postgresql-client/index.d.ts +38 -2
  49. package/prisma-generated/prisma-postgresql-client/index.js +6 -5
  50. package/prisma-generated/prisma-postgresql-client/package.json +1 -1
  51. package/prisma-generated/prisma-postgresql-client/schema.prisma +1 -0
  52. package/prisma-generated/prisma-sqlite-client/edge.js +6 -5
  53. package/prisma-generated/prisma-sqlite-client/index-browser.js +2 -1
  54. package/prisma-generated/prisma-sqlite-client/index.d.ts +38 -2
  55. package/prisma-generated/prisma-sqlite-client/index.js +6 -5
  56. package/prisma-generated/prisma-sqlite-client/package.json +1 -1
  57. package/prisma-generated/prisma-sqlite-client/schema.prisma +1 -0
  58. package/src/application/contracts/WorkflowViewContracts.ts +5 -0
  59. package/src/application/mapping/WorkflowDefinitionMapper.ts +4 -0
  60. package/src/domain/credentials/CredentialSecretCipher.ts +4 -0
  61. package/src/infrastructure/persistence/InMemoryWorkflowRunRepository.ts +1 -0
  62. package/src/infrastructure/persistence/PrismaWorkflowRunRepository.ts +7 -0
  63. package/dist/AppContainerFactory-BlLrm6_h.js.map +0 -1
package/dist/{CodemationAppContext-CvWi5gey.d.ts → CodemationAppContext-DRu1Dpri.d.ts} RENAMED
@@ -1,5 +1,5 @@
1
- import { i as DefinedCollection, r as CollectionDefinition } from "./index-BlGs9e9Q.js";
2
- import { J as WorkflowDefinition, _ as EngineExecutionLimitsPolicyConfig, ct as AnyCredentialType, g as TypeToken, h as Container } from "./ItemsInputNormalizer-D1WppVMU.js";
1
+ import { i as DefinedCollection, r as CollectionDefinition } from "./index-BbBk26m0.js";
2
+ import { J as WorkflowDefinition, _ as EngineExecutionLimitsPolicyConfig, ct as AnyCredentialType, g as TypeToken, h as Container } from "./ItemsInputNormalizer-C-KHg9Mo.js";
3
3
  import { a as CodemationAuthConfig, n as CodemationLogConfig, t as CodemationWhitelabelConfig, u as LoggerFactory } from "./CodemationWhitelabelConfig-CWbcyQqn.js";
4
4
 
5
5
  //#region src/presentation/config/CodemationClassToken.d.ts
@@ -182,4 +182,4 @@ interface CodemationAppContext extends CodemationRegistrationContextBase {
182
182
  }
183
183
  //#endregion
184
184
  export { CodemationContainerRegistration as C, CodemationWorkflowDiscovery as S, CodemationEngineExecutionLimitsConfig as _, AppPluginLoadSummary as a, CodemationSchedulerConfig as b, CodemationPluginContext as c, CodemationAppSchedulerConfig as d, CodemationAppSchedulerKind as f, CodemationDatabaseKind as g, CodemationDatabaseConfig as h, AppPersistenceConfig as i, CodemationPluginPackageMetadata as l, CodemationConfig as m, CodemationRegistrationContextBase as n, CodemationPlugin as o, CodemationApplicationRuntimeConfig as p, AppConfig as r, CodemationPluginConfig as s, CodemationAppContext as t, CodemationAppDefinition as u, CodemationEventBusConfig as v, CodemationClassToken as w, CodemationSchedulerKind as x, CodemationEventBusKind as y };
185
- //# sourceMappingURL=CodemationAppContext-CvWi5gey.d.ts.map
185
+ //# sourceMappingURL=CodemationAppContext-DRu1Dpri.d.ts.map
package/dist/{CodemationAuthoring.types-BuKNTDC1.d.ts → CodemationAuthoring.types-fBRppnmi.d.ts} RENAMED
@@ -1,6 +1,6 @@
1
- import { a as DefinedNode, i as DefinedCollection, o as DefinedNodeConfigInput } from "./index-BlGs9e9Q.js";
2
- import { C as AnyRunnableNodeConfig, I as Item, J as WorkflowDefinition, K as RunnableNodeConfig, L as Items, S as ChainCursor, ct as AnyCredentialType, g as TypeToken, ht as CredentialJsonRecord, i as ToolConfig, l as NodeExecutionContext, n as AgentMessageConfig, q as RunnableNodeOutputJson, r as ChatModelConfig, t as AgentGuardrailConfig } from "./ItemsInputNormalizer-D1WppVMU.js";
3
- import { c as CodemationPluginContext, m as CodemationConfig, o as CodemationPlugin, t as CodemationAppContext } from "./CodemationAppContext-CvWi5gey.js";
1
+ import { a as DefinedNode, i as DefinedCollection, o as DefinedNodeConfigInput } from "./index-BbBk26m0.js";
2
+ import { C as AnyRunnableNodeConfig, I as Item, J as WorkflowDefinition, K as RunnableNodeConfig, L as Items, S as ChainCursor, ct as AnyCredentialType, g as TypeToken, ht as CredentialJsonRecord, i as ToolConfig, l as NodeExecutionContext, n as AgentMessageConfig, q as RunnableNodeOutputJson, r as ChatModelConfig, t as AgentGuardrailConfig } from "./ItemsInputNormalizer-C-KHg9Mo.js";
3
+ import { c as CodemationPluginContext, m as CodemationConfig, o as CodemationPlugin, t as CodemationAppContext } from "./CodemationAppContext-DRu1Dpri.js";
4
4
  import { t as CodemationWhitelabelConfig } from "./CodemationWhitelabelConfig-CWbcyQqn.js";
5
5
  import { ZodType, z } from "zod";
6
6
  import "ai";
@@ -262,4 +262,4 @@ declare function definePlugin(options: DefinePluginOptions): CodemationPlugin &
262
262
  }>;
263
263
  //#endregion
264
264
  export { defineCodemationApp as a, FriendlyCodemationExecutionConfig as i, DefinePluginOptions as n, definePlugin as o, FriendlyCodemationDatabaseConfig as r, workflow as s, DefineCodemationAppOptions as t };
265
- //# sourceMappingURL=CodemationAuthoring.types-BuKNTDC1.d.ts.map
265
+ //# sourceMappingURL=CodemationAuthoring.types-fBRppnmi.d.ts.map
package/dist/{CodemationConfigNormalizer-CYdR0PR5.d.ts → CodemationConfigNormalizer-DVko3cVN.d.ts} RENAMED
@@ -1,5 +1,5 @@
1
- import { r as CollectionDefinition } from "./index-BlGs9e9Q.js";
2
- import { C as CodemationContainerRegistration, m as CodemationConfig } from "./CodemationAppContext-CvWi5gey.js";
1
+ import { r as CollectionDefinition } from "./index-BbBk26m0.js";
2
+ import { C as CodemationContainerRegistration, m as CodemationConfig } from "./CodemationAppContext-DRu1Dpri.js";
3
3
 
4
4
  //#region src/presentation/config/CodemationConfigNormalizer.d.ts
5
5
  type NormalizedCodemationConfig = Omit<CodemationConfig, "collections"> & Readonly<{
@@ -8,4 +8,4 @@ type NormalizedCodemationConfig = Omit<CodemationConfig, "collections"> & Readon
8
8
  }>;
9
9
  //#endregion
10
10
  export { NormalizedCodemationConfig as t };
11
- //# sourceMappingURL=CodemationConfigNormalizer-CYdR0PR5.d.ts.map
11
+ //# sourceMappingURL=CodemationConfigNormalizer-DVko3cVN.d.ts.map
package/dist/{CodemationConsumerConfigLoader-C3nAj9Bj.d.ts → CodemationConsumerConfigLoader-DJWr86f-.d.ts} RENAMED
@@ -1,4 +1,4 @@
1
- import { t as NormalizedCodemationConfig } from "./CodemationConfigNormalizer-CYdR0PR5.js";
1
+ import { t as NormalizedCodemationConfig } from "./CodemationConfigNormalizer-DVko3cVN.js";
2
2
 
3
3
  //#region src/presentation/server/CodemationConsumerAppResolver.d.ts
4
4
  type CodemationConsumerApp = Readonly<{
@@ -63,4 +63,4 @@ declare class CodemationConsumerConfigLoader {
63
63
  }
64
64
  //#endregion
65
65
  export { CodemationConsumerAppResolver as i, CodemationConsumerConfigResolution as n, CodemationConsumerApp as r, CodemationConsumerConfigLoader as t };
66
- //# sourceMappingURL=CodemationConsumerConfigLoader-C3nAj9Bj.d.ts.map
66
+ //# sourceMappingURL=CodemationConsumerConfigLoader-DJWr86f-.d.ts.map
package/dist/{CodemationPluginListMerger-D-gwVwtw.d.ts → CodemationPluginListMerger-DGc-jfa2.d.ts} RENAMED
@@ -1,11 +1,11 @@
1
- import { n as Engine, r as CollectionDefinition, s as Clock } from "./index-BlGs9e9Q.js";
2
- import { $ as RunCurrentState, Dt as WorkflowId, J as WorkflowDefinition, U as PersistedRunPolicySnapshot, W as RunId, Z as PersistedRunState, at as RunSummary, b as TestCaseRunStatus, ct as AnyCredentialType, d as NodeExecutionRequestHandler, f as NodeExecutionScheduler, g as TypeToken, h as Container, k as WorkflowRunDetailDto, o as BinaryStorage, p as WorkflowRepository, tt as RunPruneCandidate, v as RunEvent, w as WorkflowActivationPolicy, y as RunEventBus } from "./ItemsInputNormalizer-D1WppVMU.js";
3
- import { C as CodemationContainerRegistration, l as CodemationPluginPackageMetadata, o as CodemationPlugin, r as AppConfig } from "./CodemationAppContext-CvWi5gey.js";
1
+ import { n as Engine, r as CollectionDefinition, s as Clock } from "./index-BbBk26m0.js";
2
+ import { $ as RunCurrentState, Dt as WorkflowId, J as WorkflowDefinition, U as PersistedRunPolicySnapshot, W as RunId, Z as PersistedRunState, at as RunSummary, b as TestCaseRunStatus, ct as AnyCredentialType, d as NodeExecutionRequestHandler, f as NodeExecutionScheduler, g as TypeToken, h as Container, k as WorkflowRunDetailDto, o as BinaryStorage, p as WorkflowRepository, tt as RunPruneCandidate, v as RunEvent, w as WorkflowActivationPolicy, y as RunEventBus } from "./ItemsInputNormalizer-C-KHg9Mo.js";
3
+ import { C as CodemationContainerRegistration, l as CodemationPluginPackageMetadata, o as CodemationPlugin, r as AppConfig } from "./CodemationAppContext-DRu1Dpri.js";
4
4
  import { a as CodemationAuthConfig, l as Logger, t as CodemationWhitelabelConfig, u as LoggerFactory } from "./CodemationWhitelabelConfig-CWbcyQqn.js";
5
5
  import { t as LogLevelPolicyFactory } from "./LogLevelPolicyFactory-CampWO0l.js";
6
- import { t as CredentialStore } from "./CredentialServices-DdCEP2xt.js";
7
- import { i as TelemetryMetricPointStore, n as TelemetryArtifactStore, o as TelemetrySpanStore, r as TelemetryExporter, t as RunTraceContextRepository } from "./TelemetryContracts-BsOD_Y17.js";
8
- import { n as PrismaMigrationDeployer, r as PrismaDatabaseClient } from "./AppConfigFactory-LK76niPc.js";
6
+ import { t as CredentialStore } from "./CredentialServices-UfvHB-rN.js";
7
+ import { i as TelemetryMetricPointStore, n as TelemetryArtifactStore, o as TelemetrySpanStore, r as TelemetryExporter, t as RunTraceContextRepository } from "./TelemetryContracts-DbaNomrH.js";
8
+ import { n as PrismaMigrationDeployer, r as PrismaDatabaseClient } from "./AppConfigFactory-YnveXE9k.js";
9
9
  import "reflect-metadata";
10
10
  import { Hono } from "hono";
11
11
 
@@ -657,4 +657,4 @@ declare class CodemationPluginListMerger {
657
657
  }
658
658
  //#endregion
659
659
  export { WorkflowWebsocketServer as _, WorkflowDebuggerOverlayRepository as a, CommandBus as b, FrontendRuntime as c, LogFilter as d, WorkflowRunRepository as f, AppContainerFactory as g, AppContainerLifecycle as h, HonoApiRouteRegistrar as i, WorkflowRunRetentionPruneScheduler as l, DatabaseMigrations as m, CodemationBootstrapRequest as n, SessionVerifier as o, CollectionSchemaSyncerHolder as p, ApplicationTokens as r, WorkerRuntime as s, CodemationPluginListMerger as t, ServerLoggerFactory as u, QueryBus as v, Command as x, Query as y };
660
- //# sourceMappingURL=CodemationPluginListMerger-D-gwVwtw.d.ts.map
660
+ //# sourceMappingURL=CodemationPluginListMerger-DGc-jfa2.d.ts.map
package/dist/{CredentialContractsRegistry-D7mcPed2.d.ts → CredentialContractsRegistry-DrMIDSw8.d.ts} RENAMED
@@ -1,4 +1,4 @@
1
- import { ft as CredentialHealth, gt as CredentialMaterialSourceKind, pt as CredentialInstanceId, vt as CredentialRequirement, wt as CredentialTypeId, xt as CredentialSetupStatus } from "./ItemsInputNormalizer-D1WppVMU.js";
1
+ import { ft as CredentialHealth, gt as CredentialMaterialSourceKind, pt as CredentialInstanceId, vt as CredentialRequirement, wt as CredentialTypeId, xt as CredentialSetupStatus } from "./ItemsInputNormalizer-C-KHg9Mo.js";
2
2
 
3
3
  //#region src/application/contracts/CredentialContractsRegistry.d.ts
4
4
  type CredentialInstanceDto = Readonly<{
@@ -67,4 +67,4 @@ type UpsertCredentialBindingRequest = Readonly<{
67
67
  }>;
68
68
  //#endregion
69
69
  export { UpdateCredentialInstanceRequest as a, WorkflowCredentialHealthSlotDto as c, CredentialOAuth2ConnectionDto as i, CredentialInstanceDto as n, UpsertCredentialBindingRequest as o, CredentialInstanceWithSecretsDto as r, WorkflowCredentialHealthDto as s, CreateCredentialInstanceRequest as t };
70
- //# sourceMappingURL=CredentialContractsRegistry-D7mcPed2.d.ts.map
70
+ //# sourceMappingURL=CredentialContractsRegistry-DrMIDSw8.d.ts.map
package/dist/CredentialServices-CgxwguAv.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"CredentialServices-CgxwguAv.js","names":["fetchImpl: typeof globalThis.fetch","healthTester: OpenAiApiKeyCredentialHealthTester","CredentialTypeRegistryImpl","WorkflowCredentialNodeResolver","entry","labels: string[]","CredentialFieldEnvOverlayService","appConfig: AppConfig","pub: Record<string, unknown>","mat: Record<string, unknown>","CredentialSecretCipher","appConfig: AppConfig","CredentialMaterialResolver","credentialStore: CredentialStore","credentialSecretCipher: CredentialSecretCipher","appConfig: AppConfig","resolved: Record<string, unknown>","missingEnvironmentVariables: string[]","CredentialOAuth2ScopeResolver","CredentialInstanceService","credentialStore: CredentialStore","credentialTypeRegistry: CredentialTypeRegistryImpl","credentialSecretCipher: CredentialSecretCipher","credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService","credentialMaterialResolver: CredentialMaterialResolver","credentialOAuth2ScopeResolver: CredentialOAuth2ScopeResolver","credentialSessionService: MutableCredentialSessionService","instance: CredentialInstanceRecord","updatedInstance: CredentialInstanceRecord","out: Record<string, unknown>","CredentialBindingService","credentialStore: CredentialStore","credentialInstanceService: CredentialInstanceService","workflowRepository: WorkflowRepository","credentialSessionService: MutableCredentialSessionService","workflowCredentialNodeResolver: WorkflowCredentialNodeResolver","binding: CredentialBinding","slots: WorkflowCredentialHealthSlotDto[]","CredentialRuntimeMaterialService","credentialStore: CredentialStore","credentialMaterialResolver: CredentialMaterialResolver","credentialSecretCipher: CredentialSecretCipher","credentialTypeRegistry: CredentialTypeRegistryImpl","CredentialSessionServiceImpl","credentialStore: CredentialStore","credentialRuntimeMaterialService: CredentialRuntimeMaterialService","credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService","credentialTypeRegistry: CredentialTypeRegistryImpl","workflowRepository: WorkflowRepository","workflowCredentialNodeResolver: WorkflowCredentialNodeResolver","bindingKey: CredentialBindingKey","CredentialTestService","credentialInstanceService: CredentialInstanceService","credentialRuntimeMaterialService: CredentialRuntimeMaterialService","credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService","credentialTypeRegistry: CredentialTypeRegistryImpl","credentialStore: CredentialStore","credentialSessionService: MutableCredentialSessionService"],"sources":["../src/infrastructure/credentials/OpenAiApiKeyCredentialHealthTester.ts","../src/infrastructure/credentials/OpenAiApiKeyCredentialTypeFactory.ts","../src/domain/credentials/CredentialTypeRegistryImpl.ts","../src/application/ApplicationRequestError.ts","../src/applicationTokens.ts","../src/domain/credentials/WorkflowCredentialNodeResolver.ts","../src/domain/credentials/CredentialFieldEnvOverlayService.ts","../src/domain/credentials/CredentialSecretCipher.ts","../src/domain/credentials/CredentialMaterialResolver.ts","../src/domain/credentials/CredentialOAuth2ScopeResolver.ts","../src/domain/credentials/CredentialInstanceService.ts","../src/domain/credentials/CredentialBindingService.ts","../src/domain/credentials/CredentialRuntimeMaterialService.ts","../src/domain/credentials/CredentialSessionServiceImpl.ts","../src/domain/credentials/CredentialTestService.ts"],"sourcesContent":["import type { CredentialHealth, CredentialSessionFactoryArgs } from \"@codemation/core\";\n\nimport type { OpenAiApiKeyMaterial, OpenAiApiKeyPublicConfig } from \"./OpenAiApiKeyCredentialShapes.types\";\n\n/**\n * Verifies an OpenAI-compatible API key by calling the provider's models list endpoint\n * (GET `/v1/models` relative to the configured base URL).\n */\nexport class OpenAiApiKeyCredentialHealthTester {\n constructor(private readonly fetchImpl: typeof globalThis.fetch) {}\n\n async test(\n args: CredentialSessionFactoryArgs<OpenAiApiKeyPublicConfig, OpenAiApiKeyMaterial>,\n ): Promise<CredentialHealth> {\n const testedAt = new Date().toISOString();\n const apiKey = String(args.material.apiKey ?? \"\").trim();\n if (apiKey.length === 0) {\n return {\n status: \"failing\",\n message: \"OpenAI API key is empty.\",\n testedAt,\n };\n }\n\n const modelsUrl = this.resolveModelsListUrl(args.publicConfig.baseUrl);\n\n try {\n const response = await this.fetchImpl(modelsUrl, {\n method: \"GET\",\n headers: {\n Authorization: `Bearer ${apiKey}`,\n },\n signal: AbortSignal.timeout(25_000),\n });\n\n if (response.ok) {\n return {\n status: \"healthy\",\n message: \"API key verified against the models endpoint.\",\n testedAt,\n };\n }\n\n const message = await this.parseErrorMessage(response);\n return {\n status: \"failing\",\n message,\n testedAt,\n };\n } catch (error) {\n return {\n status: \"failing\",\n message: error instanceof Error ? error.message : String(error),\n testedAt,\n };\n }\n }\n\n private resolveModelsListUrl(baseUrlRaw: unknown): string {\n const defaultBase = \"https://api.openai.com/v1\";\n const raw = typeof baseUrlRaw === \"string\" ? baseUrlRaw.trim() : \"\";\n const base = raw === \"\" ? defaultBase : raw.replace(/\\/+$/, \"\");\n if (base.endsWith(\"/models\")) {\n return base;\n }\n if (base.endsWith(\"/v1\")) {\n return `${base}/models`;\n }\n return `${base}/v1/models`;\n }\n\n private async parseErrorMessage(response: Response): Promise<string> {\n const prefix = `HTTP ${response.status}`;\n try {\n const text = await response.text();\n if (text.trim() === \"\") {\n return prefix;\n }\n const parsed = JSON.parse(text) as { error?: { message?: string } };\n const fromApi = parsed.error?.message;\n if (typeof fromApi === \"string\" && fromApi.trim() !== \"\") {\n return `${prefix}: ${fromApi.trim()}`;\n }\n return `${prefix}: ${text.length > 280 ? `${text.slice(0, 280)}…` : text}`;\n } catch {\n return prefix;\n }\n }\n}\n","import type { CredentialType } from \"../../domain/credentials/CredentialServices\";\n\nimport type { OpenAiApiKeyCredentialHealthTester } from \"./OpenAiApiKeyCredentialHealthTester\";\nimport type {\n OpenAiApiKeyMaterial,\n OpenAiApiKeyPublicConfig,\n OpenAiApiKeySession,\n} from \"./OpenAiApiKeyCredentialShapes.types\";\n\n/**\n * Builds the OpenAI-compatible API key credential (`openai.apiKey`) registration.\n * Used by {@link FrameworkBuiltinCredentialTypesRegistrar} and may be listed in {@link CodemationConfig.credentialTypes}\n * so consumer apps always register the type even when bootstrap order differs.\n */\nexport class OpenAiApiKeyCredentialTypeFactory {\n constructor(private readonly healthTester: OpenAiApiKeyCredentialHealthTester) {}\n\n createCredentialType(): CredentialType<OpenAiApiKeyPublicConfig, OpenAiApiKeyMaterial, OpenAiApiKeySession> {\n return {\n definition: {\n typeId: \"openai.apiKey\",\n displayName: \"OpenAI API key\",\n description: \"API key and optional base URL for OpenAI or OpenAI-compatible chat endpoints.\",\n publicFields: [\n {\n key: \"baseUrl\",\n label: \"Base URL\",\n type: \"string\",\n placeholder: \"https://api.openai.com/v1\",\n helpText: \"Leave empty to use the default OpenAI API endpoint.\",\n },\n ],\n secretFields: [{ key: \"apiKey\", label: \"API key\", type: \"password\", required: true }],\n supportedSourceKinds: [\"db\", \"env\", \"code\"],\n },\n createSession: async (args) => {\n const baseUrlRaw = args.publicConfig.baseUrl;\n const baseUrl = typeof baseUrlRaw === \"string\" && baseUrlRaw.trim() !== \"\" ? baseUrlRaw.trim() : undefined;\n return {\n apiKey: String(args.material.apiKey ?? \"\"),\n baseUrl,\n };\n },\n test: async (args) => this.healthTester.test(args),\n };\n }\n}\n","import type { CredentialTypeDefinition, CredentialTypeId, CredentialTypeRegistry } from \"@codemation/core\";\n\nimport { injectable } from \"@codemation/core\";\n\nimport type { AnyCredentialType, CredentialType } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialTypeRegistryImpl implements CredentialTypeRegistry {\n private readonly credentialTypesById = new Map<CredentialTypeId, AnyCredentialType>();\n\n register(type: CredentialType<any, any, unknown>): void {\n if (this.credentialTypesById.has(type.definition.typeId)) {\n throw new Error(`Credential type already registered: ${type.definition.typeId}`);\n }\n this.credentialTypesById.set(type.definition.typeId, type);\n }\n\n listTypes(): ReadonlyArray<CredentialTypeDefinition> {\n return [...this.credentialTypesById.values()].map((entry) => entry.definition);\n }\n\n getType(typeId: CredentialTypeId): CredentialTypeDefinition | undefined {\n return this.credentialTypesById.get(typeId)?.definition;\n }\n\n getCredentialType(typeId: CredentialTypeId): AnyCredentialType | undefined {\n return this.credentialTypesById.get(typeId);\n }\n}\n","export class ApplicationRequestError extends Error {\n readonly status: number;\n\n readonly payload: Readonly<{ error: string; errors?: ReadonlyArray<string> }>;\n\n constructor(status: number, message: string, errors?: ReadonlyArray<string>) {\n super(message);\n this.name = \"ApplicationRequestError\";\n this.status = status;\n this.payload = errors && errors.length > 0 ? { error: message, errors } : { error: message };\n }\n}\n","import type { Clock, TypeToken } from \"@codemation/core\";\nimport type { SessionVerifier } from \"./application/auth/SessionVerifier\";\nimport type { Command } from \"./application/bus/Command\";\nimport type { CommandBus } from \"./application/bus/CommandBus\";\nimport type { CommandHandler } from \"./application/bus/CommandHandler\";\nimport type { DomainEvent } from \"./application/bus/DomainEvent\";\nimport type { DomainEventBus } from \"./application/bus/DomainEventBus\";\nimport type { DomainEventHandler } from \"./application/bus/DomainEventHandler\";\nimport type { Query } from \"./application/bus/Query\";\nimport type { QueryBus } from \"./application/bus/QueryBus\";\nimport type { QueryHandler } from \"./application/bus/QueryHandler\";\nimport type { Logger, LoggerFactory } from \"./application/logging/Logger\";\nimport type { WorkflowWebsocketPublisher } from \"./application/websocket/WorkflowWebsocketPublisher\";\nimport type { CredentialStore } from \"./domain/credentials/CredentialServices\";\nimport type {\n RunTraceContextRepository,\n TelemetryArtifactStore,\n TelemetryExporter,\n TelemetryMetricPointStore,\n TelemetrySpanStore,\n} from \"./domain/telemetry/TelemetryContracts\";\nimport type { WorkflowRunRepository } from \"./domain/runs/WorkflowRunRepository\";\nimport type { WorkflowDebuggerOverlayRepository } from \"./domain/workflows/WorkflowDebuggerOverlayRepository\";\nimport type { WorkflowDefinitionRepository } from \"./domain/workflows/WorkflowDefinitionRepository\";\nimport type { WorkflowActivationRepository } from \"./domain/workflows/WorkflowActivationRepository\";\nimport type { PrismaDatabaseClient } from \"./infrastructure/persistence/PrismaDatabaseClient\";\nimport type { WorkerRuntimeScheduler } from \"./infrastructure/scheduler/WorkerRuntimeScheduler\";\nimport type { AppConfig } from \"./presentation/config/AppConfig\";\nimport type { CodemationAuthConfig } from \"./presentation/config/CodemationAuthConfig\";\nimport type { CodemationWhitelabelConfig } from \"./presentation/config/CodemationWhitelabelConfig\";\nimport type { HonoApiRouteRegistrar } from \"./presentation/http/hono/HonoApiRouteRegistrar\";\n\nexport const ApplicationTokens = {\n CodemationAuthConfig: Symbol.for(\"codemation.application.CodemationAuthConfig\") as TypeToken<\n CodemationAuthConfig | undefined\n >,\n CodemationWhitelabelConfig: Symbol.for(\n \"codemation.application.CodemationWhitelabelConfig\",\n ) as TypeToken<CodemationWhitelabelConfig>,\n AppConfig: Symbol.for(\"codemation.application.AppConfig\") as TypeToken<AppConfig>,\n WebSocketPort: Symbol.for(\"codemation.application.WebSocketPort\") as TypeToken<number>,\n WebSocketBindHost: Symbol.for(\"codemation.application.WebSocketBindHost\") as TypeToken<string>,\n QueryBus: Symbol.for(\"codemation.application.QueryBus\") as TypeToken<QueryBus>,\n CommandBus: Symbol.for(\"codemation.application.CommandBus\") as TypeToken<CommandBus>,\n DomainEventBus: Symbol.for(\"codemation.application.DomainEventBus\") as TypeToken<DomainEventBus>,\n QueryHandler: Symbol.for(\"codemation.application.QueryHandler\") as TypeToken<QueryHandler<Query<unknown>, unknown>>,\n CommandHandler: Symbol.for(\"codemation.application.CommandHandler\") as TypeToken<\n CommandHandler<Command<unknown>, unknown>\n >,\n DomainEventHandler: Symbol.for(\"codemation.application.DomainEventHandler\") as TypeToken<\n DomainEventHandler<DomainEvent>\n >,\n HonoApiRouteRegistrar: Symbol.for(\"codemation.application.HonoApiRouteRegistrar\") as TypeToken<HonoApiRouteRegistrar>,\n WorkflowWebsocketPublisher: Symbol.for(\n \"codemation.application.WorkflowWebsocketPublisher\",\n ) as TypeToken<WorkflowWebsocketPublisher>,\n WorkerRuntimeScheduler: Symbol.for(\n \"codemation.application.WorkerRuntimeScheduler\",\n ) as TypeToken<WorkerRuntimeScheduler>,\n WorkflowDefinitionRepository: Symbol.for(\n \"codemation.application.WorkflowDefinitionRepository\",\n ) as TypeToken<WorkflowDefinitionRepository>,\n WorkflowActivationRepository: Symbol.for(\n \"codemation.application.WorkflowActivationRepository\",\n ) as TypeToken<WorkflowActivationRepository>,\n WorkflowDebuggerOverlayRepository: Symbol.for(\n \"codemation.application.WorkflowDebuggerOverlayRepository\",\n ) as TypeToken<WorkflowDebuggerOverlayRepository>,\n WorkflowRunRepository: Symbol.for(\"codemation.application.WorkflowRunRepository\") as TypeToken<WorkflowRunRepository>,\n LoggerFactory: Symbol.for(\"codemation.application.LoggerFactory\") as TypeToken<LoggerFactory>,\n /**\n * Opt-in timing/diagnostics logger (`CODEMATION_PERFORMANCE_LOGGING` + normal minimum log level).\n */\n PerformanceDiagnosticsLogger: Symbol.for(\"codemation.application.PerformanceDiagnosticsLogger\") as TypeToken<Logger>,\n CredentialStore: Symbol.for(\"codemation.application.CredentialStore\") as TypeToken<CredentialStore>,\n RunTraceContextRepository: Symbol.for(\n \"codemation.application.RunTraceContextRepository\",\n ) as TypeToken<RunTraceContextRepository>,\n TelemetrySpanStore: Symbol.for(\"codemation.application.TelemetrySpanStore\") as TypeToken<TelemetrySpanStore>,\n TelemetryArtifactStore: Symbol.for(\n \"codemation.application.TelemetryArtifactStore\",\n ) as TypeToken<TelemetryArtifactStore>,\n TelemetryMetricPointStore: Symbol.for(\n \"codemation.application.TelemetryMetricPointStore\",\n ) as TypeToken<TelemetryMetricPointStore>,\n TelemetryExporter: Symbol.for(\"codemation.application.TelemetryExporter\") as TypeToken<TelemetryExporter>,\n PrismaClient: Symbol.for(\"codemation.application.PrismaClient\") as TypeToken<PrismaDatabaseClient>,\n SessionVerifier: Symbol.for(\"codemation.application.SessionVerifier\") as TypeToken<SessionVerifier>,\n Clock: Symbol.for(\"codemation.application.Clock\") as TypeToken<Clock>,\n} as const;\n","import type { CredentialRequirement, WorkflowDefinition } from \"@codemation/core\";\nimport {\n AgentConfigInspector,\n AgentConnectionNodeCollector,\n type AgentConnectionNodeDescriptor,\n ConnectionNodeIdFactory,\n} from \"@codemation/core\";\n\nimport { injectable } from \"@codemation/core\";\n\nexport type WorkflowCredentialSlotRef = Readonly<{\n workflowId: string;\n nodeId: string;\n nodeName: string;\n requirement: CredentialRequirement;\n}>;\n\n/**\n * Resolves credential requirements for workflow node ids, including connection-owned LLM/tool children.\n */\n@injectable()\nexport class WorkflowCredentialNodeResolver {\n /**\n * Human-readable label for credential errors (workflow node name or agent › attachment).\n */\n describeCredentialNodeDisplay(workflow: WorkflowDefinition, nodeId: string): string {\n const direct = workflow.nodes.find((n) => n.id === nodeId);\n if (direct) {\n return direct.name ?? direct.config.name ?? direct.id;\n }\n const recursive = this.findRecursiveConnectionNode(workflow, nodeId);\n if (!recursive) {\n return nodeId;\n }\n return this.buildRecursiveDisplayLabel(recursive.rootAgentLabel, recursive.entry, recursive.entriesById);\n }\n\n isCredentialNodeIdInWorkflow(workflow: WorkflowDefinition, nodeId: string): boolean {\n if (workflow.nodes.some((n) => n.id === nodeId)) {\n return true;\n }\n return this.findRecursiveConnectionNode(workflow, nodeId) !== undefined;\n }\n\n findRequirement(\n workflow: WorkflowDefinition,\n nodeId: string,\n slotKey: string,\n ): Readonly<{ nodeName: string; requirement: CredentialRequirement }> | undefined {\n const direct = this.findDirectRequirement(workflow, nodeId, slotKey);\n if (direct) {\n return direct;\n }\n const recursive = this.findRecursiveConnectionNode(workflow, nodeId);\n if (!recursive) {\n return undefined;\n }\n const requirement = recursive.entry.credentialSource\n .getCredentialRequirements?.()\n ?.find((entry) => entry.slotKey === slotKey);\n return requirement ? { nodeName: recursive.entry.name, requirement } : undefined;\n }\n\n listSlots(workflow: WorkflowDefinition): ReadonlyArray<WorkflowCredentialSlotRef> {\n const slotsByKey = new Map<string, WorkflowCredentialSlotRef>();\n\n for (const node of workflow.nodes) {\n if (AgentConfigInspector.isAgentNodeConfig(node.config)) {\n this.addRecursiveAgentSlots(workflow.id, node.id, node.config, slotsByKey);\n continue;\n }\n this.addSlotsForRequirements(\n workflow.id,\n node.id,\n node.name ?? node.config.name ?? node.id,\n node.config.getCredentialRequirements?.() ?? [],\n slotsByKey,\n );\n }\n return [...slotsByKey.values()];\n }\n\n private findDirectRequirement(\n workflow: WorkflowDefinition,\n nodeId: string,\n slotKey: string,\n ): Readonly<{ nodeName: string; requirement: CredentialRequirement }> | undefined {\n const node = workflow.nodes.find((entry) => entry.id === nodeId);\n if (!node || AgentConfigInspector.isAgentNodeConfig(node.config)) {\n return undefined;\n }\n const requirement = node.config.getCredentialRequirements?.()?.find((entry) => entry.slotKey === slotKey);\n if (!requirement) {\n return undefined;\n }\n return { nodeName: node.name ?? node.config.name ?? node.id, requirement };\n }\n\n private addRecursiveAgentSlots(\n workflowId: string,\n rootAgentNodeId: string,\n agentConfig: Parameters<typeof AgentConnectionNodeCollector.collect>[1],\n slotsByKey: Map<string, WorkflowCredentialSlotRef>,\n ): void {\n for (const entry of AgentConnectionNodeCollector.collect(rootAgentNodeId, agentConfig)) {\n this.addSlotsForRequirements(\n workflowId,\n entry.nodeId,\n entry.name,\n entry.credentialSource.getCredentialRequirements?.() ?? [],\n slotsByKey,\n );\n }\n }\n\n private addSlotsForRequirements(\n workflowId: string,\n nodeId: string,\n nodeName: string,\n requirements: ReadonlyArray<CredentialRequirement>,\n slotsByKey: Map<string, WorkflowCredentialSlotRef>,\n ): void {\n for (const requirement of requirements) {\n const key = `${nodeId}\\0${requirement.slotKey}`;\n if (slotsByKey.has(key)) {\n continue;\n }\n slotsByKey.set(key, {\n workflowId,\n nodeId,\n nodeName,\n requirement,\n });\n }\n }\n\n private findRecursiveConnectionNode(\n workflow: WorkflowDefinition,\n nodeId: string,\n ):\n | Readonly<{\n rootAgentNodeId: string;\n rootAgentLabel: string;\n entry: AgentConnectionNodeDescriptor;\n entriesById: ReadonlyMap<string, AgentConnectionNodeDescriptor>;\n }>\n | undefined {\n if (\n !ConnectionNodeIdFactory.isLanguageModelConnectionNodeId(nodeId) &&\n !ConnectionNodeIdFactory.isToolConnectionNodeId(nodeId)\n ) {\n return undefined;\n }\n for (const node of workflow.nodes) {\n if (!AgentConfigInspector.isAgentNodeConfig(node.config)) {\n continue;\n }\n const entries = AgentConnectionNodeCollector.collect(node.id, node.config);\n const entriesById = new Map(entries.map((entry) => [entry.nodeId, entry]));\n const entry = entriesById.get(nodeId);\n if (!entry) {\n continue;\n }\n return {\n rootAgentNodeId: node.id,\n rootAgentLabel: node.name ?? node.config.name ?? node.id,\n entry,\n entriesById,\n };\n }\n return undefined;\n }\n\n private buildRecursiveDisplayLabel(\n rootAgentLabel: string,\n entry: AgentConnectionNodeDescriptor,\n entriesById: ReadonlyMap<string, AgentConnectionNodeDescriptor>,\n ): string {\n const labels = [rootAgentLabel, ...this.collectAncestorToolLabels(entry.parentNodeId, entriesById)];\n labels.push(entry.role === \"languageModel\" ? \"Language model\" : entry.name);\n return labels.join(\" › \");\n }\n\n private collectAncestorToolLabels(\n parentNodeId: string,\n entriesById: ReadonlyMap<string, AgentConnectionNodeDescriptor>,\n ): ReadonlyArray<string> {\n const labels: string[] = [];\n let currentNodeId = parentNodeId;\n while (true) {\n const parentEntry = entriesById.get(currentNodeId);\n if (!parentEntry) {\n return labels.reverse();\n }\n if (parentEntry.role === \"tool\" || parentEntry.role === \"nestedAgent\") {\n labels.push(parentEntry.name);\n }\n currentNodeId = parentEntry.parentNodeId;\n }\n }\n}\n","import type { CredentialFieldSchema, CredentialTypeDefinition } from \"@codemation/core\";\nimport { inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\nimport type { AppConfig } from \"../../presentation/config/AppConfig\";\n\nimport type { JsonRecord } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialFieldEnvOverlayService {\n constructor(\n @inject(ApplicationTokens.AppConfig)\n private readonly appConfig: AppConfig,\n ) {}\n\n /** True when the field declares an env var and process.env has a non-empty string for it. */\n isFieldResolvedFromEnv(field: CredentialFieldSchema): boolean {\n const name = field.envVarName?.trim();\n if (!name) {\n return false;\n }\n const v = this.appConfig.env[name];\n return typeof v === \"string\" && v.length > 0;\n }\n\n apply(\n args: Readonly<{\n definition: CredentialTypeDefinition;\n publicConfig: JsonRecord;\n material: JsonRecord;\n }>,\n ): Readonly<{ resolvedPublicConfig: JsonRecord; resolvedMaterial: JsonRecord }> {\n const pub: Record<string, unknown> = { ...args.publicConfig };\n const mat: Record<string, unknown> = { ...args.material };\n for (const field of args.definition.publicFields ?? []) {\n const name = field.envVarName?.trim();\n if (!name) {\n continue;\n }\n const v = this.appConfig.env[name];\n if (typeof v === \"string\" && v.length > 0) {\n pub[field.key] = v;\n }\n }\n for (const field of args.definition.secretFields ?? []) {\n const name = field.envVarName?.trim();\n if (!name) {\n continue;\n }\n const v = this.appConfig.env[name];\n if (typeof v === \"string\" && v.length > 0) {\n mat[field.key] = v;\n }\n }\n return Object.freeze({\n resolvedPublicConfig: Object.freeze(pub),\n resolvedMaterial: Object.freeze(mat),\n });\n }\n}\n","import { createCipheriv, createDecipheriv, createHash, randomBytes } from \"node:crypto\";\n\nimport { inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\nimport type { AppConfig } from \"../../presentation/config/AppConfig\";\n\nimport type { JsonRecord } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialSecretCipher {\n private static readonly algorithm = \"aes-256-gcm\";\n private static readonly schemaVersion = 1;\n private static readonly ivLength = 12;\n\n constructor(\n @inject(ApplicationTokens.AppConfig)\n private readonly appConfig: AppConfig,\n ) {}\n\n encrypt(value: JsonRecord): Readonly<{\n encryptedJson: string;\n encryptionKeyId: string;\n schemaVersion: number;\n }> {\n const iv = randomBytes(CredentialSecretCipher.ivLength);\n const cipher = createCipheriv(CredentialSecretCipher.algorithm, this.resolveKeyMaterial(), iv);\n const plaintext = Buffer.from(JSON.stringify(value), \"utf8\");\n const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);\n const authTag = cipher.getAuthTag();\n return {\n encryptedJson: Buffer.concat([iv, authTag, encrypted]).toString(\"base64\"),\n encryptionKeyId: this.resolveKeyId(),\n schemaVersion: CredentialSecretCipher.schemaVersion,\n };\n }\n\n decrypt(\n record: Readonly<{\n encryptedJson: string;\n encryptionKeyId: string;\n schemaVersion: number;\n }>,\n ): JsonRecord {\n const packed = Buffer.from(record.encryptedJson, \"base64\");\n const iv = packed.subarray(0, CredentialSecretCipher.ivLength);\n const authTag = packed.subarray(CredentialSecretCipher.ivLength, CredentialSecretCipher.ivLength + 16);\n const encrypted = packed.subarray(CredentialSecretCipher.ivLength + 16);\n const decipher = createDecipheriv(CredentialSecretCipher.algorithm, this.resolveKeyMaterial(), iv);\n decipher.setAuthTag(authTag);\n const plaintext = Buffer.concat([decipher.update(encrypted), decipher.final()]).toString(\"utf8\");\n return JSON.parse(plaintext) as JsonRecord;\n }\n\n private resolveKeyMaterial(): Buffer {\n const rawValue = this.appConfig.env.CODEMATION_CREDENTIALS_MASTER_KEY;\n if (!rawValue || rawValue.trim().length === 0) {\n throw new Error(\"CODEMATION_CREDENTIALS_MASTER_KEY is required to encrypt database-managed credentials.\");\n }\n return createHash(\"sha256\").update(rawValue).digest();\n }\n\n private resolveKeyId(): string {\n const rawValue = this.appConfig.env.CODEMATION_CREDENTIALS_MASTER_KEY;\n return createHash(\"sha256\")\n .update(rawValue ?? \"\")\n .digest(\"hex\")\n .slice(0, 12);\n }\n}\n","import { inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\nimport type { AppConfig } from \"../../presentation/config/AppConfig\";\n\nimport { CredentialSecretCipher } from \"./CredentialSecretCipher\";\nimport type { CredentialInstanceRecord, CredentialStore, JsonRecord } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialMaterialResolver {\n constructor(\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CredentialSecretCipher)\n private readonly credentialSecretCipher: CredentialSecretCipher,\n @inject(ApplicationTokens.AppConfig)\n private readonly appConfig: AppConfig,\n ) {}\n\n async resolveMaterial(instance: CredentialInstanceRecord): Promise<JsonRecord> {\n if (instance.secretRef.kind === \"db\") {\n const secretMaterial = await this.credentialStore.getSecretMaterial(instance.instanceId);\n if (!secretMaterial) {\n throw new Error(`Credential ${instance.instanceId} is missing encrypted secret material.`);\n }\n return this.credentialSecretCipher.decrypt(secretMaterial);\n }\n if (instance.secretRef.kind === \"env\") {\n return this.resolveEnvMaterial(instance);\n }\n return instance.secretRef.value;\n }\n\n private resolveEnvMaterial(instance: CredentialInstanceRecord): JsonRecord {\n if (instance.secretRef.kind !== \"env\") {\n throw new Error(`Credential ${instance.instanceId} is not environment-backed.`);\n }\n const resolved: Record<string, unknown> = {};\n const missingEnvironmentVariables: string[] = [];\n for (const [fieldKey, envVarName] of Object.entries(instance.secretRef.envByField)) {\n const value = this.appConfig.env[envVarName];\n if (value === undefined || value.length === 0) {\n missingEnvironmentVariables.push(envVarName);\n continue;\n }\n resolved[fieldKey] = value;\n }\n if (missingEnvironmentVariables.length > 0) {\n throw new Error(\n `Credential ${instance.instanceId} requires environment variables that are not set: ${missingEnvironmentVariables.join(\", \")}.`,\n );\n }\n return resolved;\n }\n}\n","import type { CredentialOAuth2AuthDefinition } from \"@codemation/core\";\nimport { injectable } from \"@codemation/core\";\nimport type { JsonRecord } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialOAuth2ScopeResolver {\n resolveRequestedScopes(auth: CredentialOAuth2AuthDefinition, publicConfig: JsonRecord): ReadonlyArray<string> {\n const scopesFromPublicConfig = auth.scopesFromPublicConfig;\n if (!scopesFromPublicConfig) {\n return [...auth.scopes];\n }\n const preset = this.resolveString(publicConfig[scopesFromPublicConfig.presetFieldKey]);\n if (!preset) {\n return [...auth.scopes];\n }\n const presetScopes = scopesFromPublicConfig.presetScopes[preset];\n if (presetScopes) {\n return [...presetScopes];\n }\n const customPresetKey = scopesFromPublicConfig.customPresetKey ?? \"custom\";\n if (preset !== customPresetKey) {\n return [...auth.scopes];\n }\n const customScopes = this.resolveScopeList(\n publicConfig[scopesFromPublicConfig.customScopesFieldKey ?? \"customScopes\"],\n );\n if (customScopes.length > 0) {\n return customScopes;\n }\n return [...auth.scopes];\n }\n\n private resolveString(value: unknown): string | undefined {\n if (typeof value !== \"string\") {\n return undefined;\n }\n const normalized = value.trim();\n return normalized.length > 0 ? normalized : undefined;\n }\n\n private resolveScopeList(value: unknown): ReadonlyArray<string> {\n if (Array.isArray(value)) {\n return this.dedupe(\n value.map((entry) => (typeof entry === \"string\" ? entry.trim() : \"\")).filter((entry) => entry.length > 0),\n );\n }\n if (typeof value !== \"string\") {\n return [];\n }\n return this.dedupe(\n value\n .split(/[\\s,]+/)\n .map((entry) => entry.trim())\n .filter((entry) => entry.length > 0),\n );\n }\n\n private dedupe(entries: ReadonlyArray<string>): ReadonlyArray<string> {\n return [...new Set(entries)];\n }\n}\n","import { randomUUID } from \"node:crypto\";\n\nimport type {\n CredentialFieldSchema,\n CredentialInstanceId,\n CredentialMaterialSourceKind,\n CredentialTypeId,\n} from \"@codemation/core\";\n\nimport { CoreTokens, inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationRequestError } from \"../../application/ApplicationRequestError\";\n\nimport type {\n CreateCredentialInstanceRequest,\n CredentialInstanceDto,\n CredentialInstanceWithSecretsDto,\n CredentialOAuth2ConnectionDto,\n UpdateCredentialInstanceRequest,\n} from \"../../application/contracts/CredentialContractsRegistry\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\n\nimport { CredentialFieldEnvOverlayService } from \"./CredentialFieldEnvOverlayService\";\nimport { CredentialMaterialResolver } from \"./CredentialMaterialResolver\";\nimport { CredentialOAuth2ScopeResolver } from \"./CredentialOAuth2ScopeResolver\";\nimport { CredentialSecretCipher } from \"./CredentialSecretCipher\";\nimport type {\n CredentialInstanceRecord,\n CredentialSecretMaterialRecord,\n CredentialSecretRef,\n CredentialStore,\n CredentialTestRecord,\n AnyCredentialType,\n JsonRecord,\n MutableCredentialSessionService,\n} from \"./CredentialServices\";\nimport { CredentialTypeRegistryImpl } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialInstanceService {\n constructor(\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CredentialTypeRegistryImpl)\n private readonly credentialTypeRegistry: CredentialTypeRegistryImpl,\n @inject(CredentialSecretCipher)\n private readonly credentialSecretCipher: CredentialSecretCipher,\n @inject(CredentialFieldEnvOverlayService)\n private readonly credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService,\n @inject(CredentialMaterialResolver)\n private readonly credentialMaterialResolver: CredentialMaterialResolver,\n @inject(CredentialOAuth2ScopeResolver)\n private readonly credentialOAuth2ScopeResolver: CredentialOAuth2ScopeResolver,\n @inject(CoreTokens.CredentialSessionService)\n private readonly credentialSessionService: MutableCredentialSessionService,\n ) {}\n\n async listInstances(): Promise<ReadonlyArray<CredentialInstanceDto>> {\n const instances = await this.credentialStore.listInstances();\n const latestTestResults = await this.credentialStore.getLatestTestResults(\n instances.map((instance) => instance.instanceId),\n );\n return await Promise.all(\n instances.map(async (instance) => await this.toDto(instance, latestTestResults.get(instance.instanceId))),\n );\n }\n\n async getInstance(instanceId: CredentialInstanceId): Promise<CredentialInstanceDto | undefined> {\n const instance = await this.credentialStore.getInstance(instanceId);\n if (!instance) {\n return undefined;\n }\n const latestTestResult = await this.credentialStore.getLatestTestResult(instanceId);\n return await this.toDto(instance, latestTestResult);\n }\n\n async getInstanceWithSecrets(\n instanceId: CredentialInstanceId,\n ): Promise<CredentialInstanceWithSecretsDto | undefined> {\n const instance = await this.credentialStore.getInstance(instanceId);\n if (!instance) {\n return undefined;\n }\n const latestTestResult = await this.credentialStore.getLatestTestResult(instanceId);\n const base = await this.toDto(instance, latestTestResult);\n try {\n const material = await this.credentialMaterialResolver.resolveMaterial(instance);\n const secretConfig = Object.fromEntries(Object.entries(material).map(([k, v]) => [k, String(v ?? \"\")])) as Record<\n string,\n string\n >;\n const envSecretRefs =\n instance.secretRef.kind === \"env\" ? (instance.secretRef.envByField as Record<string, string>) : undefined;\n return { ...base, secretConfig, envSecretRefs };\n } catch {\n return base;\n }\n }\n\n async create(request: CreateCredentialInstanceRequest): Promise<CredentialInstanceDto> {\n const credentialType = this.requireCredentialType(request.typeId);\n const publicFields = credentialType.definition.publicFields ?? [];\n const secretFields = credentialType.definition.secretFields ?? [];\n this.validateRequestFields({\n displayName: request.displayName,\n publicFields,\n publicConfig: request.publicConfig ?? {},\n secretFields,\n sourceKind: request.sourceKind,\n secretConfig: request.secretConfig ?? {},\n envSecretRefs: request.envSecretRefs ?? {},\n });\n const timestamp = new Date().toISOString();\n const strippedPublic = this.stripEnvManagedFieldValues(publicFields, request.publicConfig ?? {});\n const strippedSecretForRef = this.stripEnvManagedFieldValues(secretFields, request.secretConfig ?? {});\n const instance: CredentialInstanceRecord = {\n instanceId: randomUUID(),\n typeId: request.typeId,\n displayName: request.displayName.trim(),\n sourceKind: request.sourceKind,\n publicConfig: Object.freeze({ ...strippedPublic }),\n secretRef: this.createSecretRef(request.sourceKind, strippedSecretForRef, request.envSecretRefs ?? {}),\n tags: Object.freeze([...(request.tags ?? [])]),\n setupStatus: credentialType.definition.auth?.kind === \"oauth2\" ? \"draft\" : \"ready\",\n createdAt: timestamp,\n updatedAt: timestamp,\n };\n await this.credentialStore.saveInstance({\n instance,\n secretMaterial: this.createSecretMaterial(instance, strippedSecretForRef, timestamp),\n });\n this.credentialSessionService.evictInstance(instance.instanceId);\n return this.toDto(instance, undefined);\n }\n\n async update(\n instanceId: CredentialInstanceId,\n request: UpdateCredentialInstanceRequest,\n ): Promise<CredentialInstanceDto> {\n const existing = await this.requireInstance(instanceId);\n const credentialType = this.requireCredentialType(existing.typeId);\n const mergedPublicRaw = { ...(request.publicConfig ?? existing.publicConfig) };\n const updatedAt = new Date().toISOString();\n const nextSecretConfig = request.secretConfig;\n const nextEnvSecretRefs = request.envSecretRefs;\n const secretFields = credentialType.definition.secretFields ?? [];\n this.validateRequestFields({\n displayName: request.displayName ?? existing.displayName,\n publicFields: credentialType.definition.publicFields ?? [],\n publicConfig: mergedPublicRaw,\n secretFields,\n sourceKind: existing.sourceKind,\n secretConfig: nextSecretConfig ?? {},\n envSecretRefs: nextEnvSecretRefs ?? {},\n allowSecretOmission: true,\n });\n const publicConfig = Object.freeze({\n ...this.stripEnvManagedFieldValues(credentialType.definition.publicFields ?? [], mergedPublicRaw),\n });\n const mergedSecretForRef =\n nextSecretConfig !== undefined ? this.stripEnvManagedFieldValues(secretFields, nextSecretConfig) : undefined;\n const instance: CredentialInstanceRecord = {\n ...existing,\n displayName: request.displayName?.trim() || existing.displayName,\n publicConfig,\n tags: Object.freeze([...(request.tags ?? existing.tags)]),\n setupStatus: request.setupStatus ?? existing.setupStatus,\n secretRef:\n nextSecretConfig || nextEnvSecretRefs\n ? this.createSecretRef(existing.sourceKind, mergedSecretForRef ?? {}, nextEnvSecretRefs ?? {})\n : existing.secretRef,\n updatedAt,\n };\n await this.credentialStore.saveInstance({\n instance,\n secretMaterial:\n nextSecretConfig !== undefined && mergedSecretForRef !== undefined\n ? this.createSecretMaterial(instance, mergedSecretForRef, updatedAt)\n : undefined,\n });\n this.credentialSessionService.evictInstance(instance.instanceId);\n return this.toDto(instance, await this.credentialStore.getLatestTestResult(instance.instanceId));\n }\n\n async delete(instanceId: CredentialInstanceId): Promise<void> {\n await this.credentialStore.deleteInstance(instanceId);\n this.credentialSessionService.evictInstance(instanceId);\n }\n\n async disconnectOAuth2(instanceId: CredentialInstanceId): Promise<CredentialInstanceDto> {\n const instance = await this.requireInstance(instanceId);\n const credentialType = this.requireCredentialType(instance.typeId);\n if (credentialType.definition.auth?.kind !== \"oauth2\") {\n throw new ApplicationRequestError(400, `Credential instance ${instanceId} does not use OAuth2.`);\n }\n const updatedInstance: CredentialInstanceRecord = {\n ...instance,\n setupStatus: \"draft\",\n updatedAt: new Date().toISOString(),\n };\n await this.credentialStore.saveInstance({\n instance: updatedInstance,\n });\n await this.credentialStore.deleteOAuth2Material(instanceId);\n this.credentialSessionService.evictInstance(instanceId);\n return await this.toDto(updatedInstance, await this.credentialStore.getLatestTestResult(instanceId));\n }\n\n async requireInstance(instanceId: CredentialInstanceId): Promise<CredentialInstanceRecord> {\n const instance = await this.credentialStore.getInstance(instanceId);\n if (!instance) {\n throw new ApplicationRequestError(404, `Unknown credential instance: ${instanceId}`);\n }\n return instance;\n }\n\n private createSecretRef(\n sourceKind: CredentialMaterialSourceKind,\n secretConfig: JsonRecord,\n envSecretRefs: Readonly<Record<string, string>>,\n ): CredentialSecretRef {\n if (sourceKind === \"db\") {\n return { kind: \"db\" };\n }\n if (sourceKind === \"env\") {\n return {\n kind: \"env\",\n envByField: Object.freeze({ ...envSecretRefs }),\n };\n }\n return {\n kind: \"code\",\n value: Object.freeze({ ...secretConfig }),\n };\n }\n\n private createSecretMaterial(\n instance: CredentialInstanceRecord,\n secretConfig: JsonRecord,\n updatedAt: string,\n ): CredentialSecretMaterialRecord | undefined {\n if (instance.sourceKind !== \"db\") {\n return undefined;\n }\n const encrypted = this.credentialSecretCipher.encrypt(secretConfig);\n return {\n instanceId: instance.instanceId,\n encryptedJson: encrypted.encryptedJson,\n encryptionKeyId: encrypted.encryptionKeyId,\n schemaVersion: encrypted.schemaVersion,\n updatedAt,\n };\n }\n\n private validateRequestFields(\n args: Readonly<{\n displayName: string;\n publicFields: ReadonlyArray<CredentialFieldSchema>;\n publicConfig: JsonRecord;\n secretFields: ReadonlyArray<CredentialFieldSchema>;\n sourceKind: CredentialMaterialSourceKind;\n secretConfig: JsonRecord;\n envSecretRefs: Readonly<Record<string, string>>;\n allowSecretOmission?: boolean;\n }>,\n ): void {\n if (!args.displayName || args.displayName.trim().length === 0) {\n throw new ApplicationRequestError(400, \"Credential displayName is required.\");\n }\n this.assertRequiredFields(\"publicConfig\", args.publicFields, args.publicConfig);\n if (args.sourceKind === \"db\") {\n if (!args.allowSecretOmission || Object.keys(args.secretConfig).length > 0) {\n this.assertRequiredFields(\"secretConfig\", args.secretFields, args.secretConfig);\n }\n return;\n }\n if (args.sourceKind === \"env\") {\n if (!args.allowSecretOmission || Object.keys(args.envSecretRefs).length > 0) {\n this.assertRequiredEnvFields(args.secretFields, args.envSecretRefs);\n }\n return;\n }\n if (!args.allowSecretOmission || Object.keys(args.secretConfig).length > 0) {\n this.assertRequiredFields(\"secretConfig\", args.secretFields, args.secretConfig);\n }\n }\n\n private stripEnvManagedFieldValues(fields: ReadonlyArray<CredentialFieldSchema>, value: JsonRecord): JsonRecord {\n const out: Record<string, unknown> = { ...value };\n for (const field of fields) {\n if (this.credentialFieldEnvOverlayService.isFieldResolvedFromEnv(field)) {\n delete out[field.key];\n }\n }\n return Object.freeze(out);\n }\n\n private assertRequiredFields(\n fieldName: string,\n schema: ReadonlyArray<CredentialFieldSchema>,\n value: JsonRecord,\n ): void {\n const missing = schema\n .filter((field) => field.required === true)\n .filter((field) => !this.credentialFieldEnvOverlayService.isFieldResolvedFromEnv(field))\n .filter((field) => value[field.key] === undefined || value[field.key] === null || value[field.key] === \"\")\n .map((field) => field.key);\n if (missing.length > 0) {\n throw new ApplicationRequestError(400, `Missing required ${fieldName} field(s): ${missing.join(\", \")}`);\n }\n }\n\n private assertRequiredEnvFields(\n schema: ReadonlyArray<CredentialFieldSchema>,\n envSecretRefs: Readonly<Record<string, string>>,\n ): void {\n const missing = schema\n .filter((field) => field.required === true)\n .filter((field) => !this.credentialFieldEnvOverlayService.isFieldResolvedFromEnv(field))\n .filter((field) => !envSecretRefs[field.key] || envSecretRefs[field.key]!.trim().length === 0)\n .map((field) => field.key);\n if (missing.length > 0) {\n throw new ApplicationRequestError(400, `Missing required envSecretRefs field(s): ${missing.join(\", \")}`);\n }\n }\n\n private requireCredentialType(typeId: CredentialTypeId): AnyCredentialType {\n const credentialType = this.credentialTypeRegistry.getCredentialType(typeId);\n if (!credentialType) {\n throw new ApplicationRequestError(400, `Unknown credential type: ${typeId}`);\n }\n return credentialType;\n }\n\n async markOAuth2Connected(instanceId: CredentialInstanceId, connectedAt: string): Promise<void> {\n const instance = await this.requireInstance(instanceId);\n await this.credentialStore.saveInstance({\n instance: {\n ...instance,\n setupStatus: \"ready\",\n updatedAt: connectedAt,\n },\n });\n this.credentialSessionService.evictInstance(instanceId);\n }\n\n private async toDto(\n instance: CredentialInstanceRecord,\n latestTestResult: CredentialTestRecord | undefined,\n ): Promise<CredentialInstanceDto> {\n const oauth2Connection = await this.toOAuth2ConnectionDto(instance);\n return {\n instanceId: instance.instanceId,\n typeId: instance.typeId,\n displayName: instance.displayName,\n sourceKind: instance.sourceKind,\n publicConfig: instance.publicConfig,\n tags: instance.tags,\n setupStatus: instance.setupStatus,\n createdAt: instance.createdAt,\n updatedAt: instance.updatedAt,\n latestHealth: latestTestResult?.health,\n oauth2Connection,\n };\n }\n\n private async toOAuth2ConnectionDto(\n instance: CredentialInstanceRecord,\n ): Promise<CredentialOAuth2ConnectionDto | undefined> {\n const credentialType = this.credentialTypeRegistry.getCredentialType(instance.typeId);\n if (credentialType?.definition.auth?.kind !== \"oauth2\") {\n return undefined;\n }\n const providerId =\n \"providerId\" in credentialType.definition.auth ? credentialType.definition.auth.providerId : \"custom\";\n const material = await this.credentialStore.getOAuth2Material(instance.instanceId);\n if (!material) {\n const requestedScopes = this.credentialOAuth2ScopeResolver.resolveRequestedScopes(\n credentialType.definition.auth,\n instance.publicConfig,\n );\n return {\n status: \"disconnected\",\n providerId,\n scopes: [...requestedScopes],\n };\n }\n return {\n status: \"connected\",\n providerId: material.providerId,\n connectedEmail: material.connectedEmail,\n connectedAt: material.connectedAt,\n scopes: material.scopes,\n updatedAt: material.updatedAt,\n };\n }\n}\n","import type {\n CredentialBinding,\n CredentialBindingKey,\n CredentialInstanceId,\n CredentialRequirement,\n WorkflowDefinition,\n WorkflowRepository,\n} from \"@codemation/core\";\n\nimport { CoreTokens, inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationRequestError } from \"../../application/ApplicationRequestError\";\n\nimport type {\n WorkflowCredentialHealthDto,\n WorkflowCredentialHealthSlotDto,\n} from \"../../application/contracts/CredentialContractsRegistry\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\n\nimport { WorkflowCredentialNodeResolver } from \"./WorkflowCredentialNodeResolver\";\nimport { CredentialInstanceService } from \"./CredentialInstanceService\";\nimport type { CredentialStore, MutableCredentialSessionService } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialBindingService {\n constructor(\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CredentialInstanceService)\n private readonly credentialInstanceService: CredentialInstanceService,\n @inject(CoreTokens.WorkflowRepository)\n private readonly workflowRepository: WorkflowRepository,\n @inject(CoreTokens.CredentialSessionService)\n private readonly credentialSessionService: MutableCredentialSessionService,\n @inject(WorkflowCredentialNodeResolver)\n private readonly workflowCredentialNodeResolver: WorkflowCredentialNodeResolver,\n ) {}\n\n async upsertBinding(\n args: Readonly<{ workflowId: string; nodeId: string; slotKey: string; instanceId: CredentialInstanceId }>,\n ): Promise<CredentialBinding> {\n const workflow = this.requireWorkflow(args.workflowId);\n const requirement = this.requireRequirement(workflow, args.nodeId, args.slotKey);\n const instance = await this.credentialInstanceService.requireInstance(args.instanceId);\n if (!requirement.acceptedTypes.includes(instance.typeId)) {\n throw new ApplicationRequestError(\n 400,\n `Credential instance ${instance.instanceId} (${instance.typeId}) is not compatible with slot ${args.slotKey}. Accepted types: ${requirement.acceptedTypes.join(\", \")}`,\n );\n }\n const binding: CredentialBinding = {\n key: {\n workflowId: args.workflowId,\n nodeId: args.nodeId,\n slotKey: args.slotKey,\n },\n instanceId: args.instanceId,\n updatedAt: new Date().toISOString(),\n };\n await this.credentialStore.upsertBinding(binding);\n this.credentialSessionService.evictBinding(binding.key);\n return binding;\n }\n\n async listWorkflowHealth(workflowId: string): Promise<WorkflowCredentialHealthDto> {\n const workflow = this.requireWorkflow(workflowId);\n const bindings = await this.credentialStore.listBindingsByWorkflowId(workflowId);\n const bindingsByKey = new Map(bindings.map((binding) => [this.toBindingKeyString(binding.key), binding] as const));\n const slots: WorkflowCredentialHealthSlotDto[] = [];\n for (const slotRef of this.workflowCredentialNodeResolver.listSlots(workflow)) {\n const requirement = slotRef.requirement;\n const bindingKey = {\n workflowId,\n nodeId: slotRef.nodeId,\n slotKey: requirement.slotKey,\n } satisfies CredentialBindingKey;\n const binding = bindingsByKey.get(this.toBindingKeyString(bindingKey));\n if (!binding) {\n slots.push({\n workflowId,\n nodeId: slotRef.nodeId,\n nodeName: slotRef.nodeName,\n requirement,\n health: {\n status: requirement.optional ? \"optional-unbound\" : \"unbound\",\n },\n });\n continue;\n }\n const instance = await this.credentialInstanceService.requireInstance(binding.instanceId);\n const latestTestResult = await this.credentialStore.getLatestTestResult(instance.instanceId);\n slots.push({\n workflowId,\n nodeId: slotRef.nodeId,\n nodeName: slotRef.nodeName,\n requirement,\n instance: {\n instanceId: instance.instanceId,\n typeId: instance.typeId,\n displayName: instance.displayName,\n setupStatus: instance.setupStatus,\n },\n health: {\n status: latestTestResult?.health.status ?? \"unknown\",\n message: latestTestResult?.health.message,\n testedAt: latestTestResult?.health.testedAt,\n },\n });\n }\n return {\n workflowId,\n slots,\n };\n }\n\n private requireWorkflow(workflowId: string): WorkflowDefinition {\n const workflow = this.workflowRepository.get(decodeURIComponent(workflowId));\n if (!workflow) {\n throw new ApplicationRequestError(404, `Unknown workflowId: ${workflowId}`);\n }\n return workflow;\n }\n\n private requireRequirement(workflow: WorkflowDefinition, nodeId: string, slotKey: string): CredentialRequirement {\n const resolved = this.workflowCredentialNodeResolver.findRequirement(workflow, nodeId, slotKey);\n if (!resolved) {\n if (!this.workflowCredentialNodeResolver.isCredentialNodeIdInWorkflow(workflow, nodeId)) {\n throw new ApplicationRequestError(404, `Unknown workflow node: ${nodeId}`);\n }\n throw new ApplicationRequestError(400, `Node ${nodeId} does not declare credential slot ${slotKey}.`);\n }\n return resolved.requirement;\n }\n\n private toBindingKeyString(bindingKey: CredentialBindingKey): string {\n return `${bindingKey.workflowId}:${bindingKey.nodeId}:${bindingKey.slotKey}`;\n }\n}\n","import { inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\n\nimport { CredentialMaterialResolver } from \"./CredentialMaterialResolver\";\nimport { CredentialSecretCipher } from \"./CredentialSecretCipher\";\nimport type { CredentialInstanceRecord, CredentialStore, JsonRecord } from \"./CredentialServices\";\nimport { CredentialTypeRegistryImpl } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialRuntimeMaterialService {\n constructor(\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CredentialMaterialResolver)\n private readonly credentialMaterialResolver: CredentialMaterialResolver,\n @inject(CredentialSecretCipher)\n private readonly credentialSecretCipher: CredentialSecretCipher,\n @inject(CredentialTypeRegistryImpl)\n private readonly credentialTypeRegistry: CredentialTypeRegistryImpl,\n ) {}\n\n async compose(instance: CredentialInstanceRecord): Promise<JsonRecord> {\n const baseMaterial = await this.credentialMaterialResolver.resolveMaterial(instance);\n const auth = this.credentialTypeRegistry.getCredentialType(instance.typeId)?.definition.auth;\n if (auth?.kind !== \"oauth2\") {\n return baseMaterial;\n }\n const oauth2Material = await this.credentialStore.getOAuth2Material(instance.instanceId);\n if (!oauth2Material) {\n return baseMaterial;\n }\n const decryptedOauth2Material = this.credentialSecretCipher.decrypt(oauth2Material);\n return Object.freeze({\n ...baseMaterial,\n ...decryptedOauth2Material,\n });\n }\n}\n","import type {\n CredentialBindingKey,\n CredentialInstanceId,\n CredentialSessionService,\n WorkflowRepository,\n} from \"@codemation/core\";\n\nimport { CoreTokens, CredentialUnboundError, inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationRequestError } from \"../../application/ApplicationRequestError\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\n\nimport { WorkflowCredentialNodeResolver } from \"./WorkflowCredentialNodeResolver\";\nimport { CredentialFieldEnvOverlayService } from \"./CredentialFieldEnvOverlayService\";\nimport { CredentialRuntimeMaterialService } from \"./CredentialRuntimeMaterialService\";\nimport type { CredentialStore } from \"./CredentialServices\";\nimport { CredentialTypeRegistryImpl } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialSessionServiceImpl implements CredentialSessionService {\n private readonly cachedSessionsByInstanceId = new Map<CredentialInstanceId, Promise<unknown>>();\n private readonly cachedInstanceIdsByBindingKey = new Map<string, CredentialInstanceId>();\n\n constructor(\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CredentialRuntimeMaterialService)\n private readonly credentialRuntimeMaterialService: CredentialRuntimeMaterialService,\n @inject(CredentialFieldEnvOverlayService)\n private readonly credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService,\n @inject(CredentialTypeRegistryImpl)\n private readonly credentialTypeRegistry: CredentialTypeRegistryImpl,\n @inject(CoreTokens.WorkflowRepository)\n private readonly workflowRepository: WorkflowRepository,\n @inject(WorkflowCredentialNodeResolver)\n private readonly workflowCredentialNodeResolver: WorkflowCredentialNodeResolver,\n ) {}\n\n async getSession<TSession = unknown>(\n args: Readonly<{ workflowId: string; nodeId: string; slotKey: string }>,\n ): Promise<TSession> {\n const workflow = this.workflowRepository.get(decodeURIComponent(args.workflowId));\n const displayLabel = workflow\n ? this.workflowCredentialNodeResolver.describeCredentialNodeDisplay(workflow, args.nodeId)\n : undefined;\n const requirement = workflow\n ? this.workflowCredentialNodeResolver.findRequirement(workflow, args.nodeId, args.slotKey)?.requirement\n : undefined;\n const bindingKey: CredentialBindingKey = {\n workflowId: args.workflowId,\n nodeId: args.nodeId,\n slotKey: args.slotKey,\n };\n const binding = await this.credentialStore.getBinding(bindingKey);\n if (!binding) {\n const unbound = new CredentialUnboundError(bindingKey, requirement?.acceptedTypes ?? []);\n if (displayLabel) {\n throw new Error(`${displayLabel}: ${unbound.message}`, { cause: unbound });\n }\n throw unbound;\n }\n const bindingCacheKey = this.toBindingKeyString(bindingKey);\n this.cachedInstanceIdsByBindingKey.set(bindingCacheKey, binding.instanceId);\n const cachedSession = this.cachedSessionsByInstanceId.get(binding.instanceId);\n if (cachedSession) {\n return (await cachedSession) as TSession;\n }\n const nextSessionPromise = this.createSession(binding.instanceId, displayLabel).catch((error) => {\n this.cachedSessionsByInstanceId.delete(binding.instanceId);\n throw error;\n });\n this.cachedSessionsByInstanceId.set(binding.instanceId, nextSessionPromise);\n return (await nextSessionPromise) as TSession;\n }\n\n evictInstance(instanceId: CredentialInstanceId): void {\n this.cachedSessionsByInstanceId.delete(instanceId);\n }\n\n evictBinding(bindingKey: CredentialBindingKey): void {\n const cacheKey = this.toBindingKeyString(bindingKey);\n const instanceId = this.cachedInstanceIdsByBindingKey.get(cacheKey);\n if (instanceId) {\n this.cachedSessionsByInstanceId.delete(instanceId);\n }\n this.cachedInstanceIdsByBindingKey.delete(cacheKey);\n }\n\n private async createSession(instanceId: CredentialInstanceId, displayLabel?: string): Promise<unknown> {\n const instance = await this.credentialStore.getInstance(instanceId);\n if (!instance) {\n throw new ApplicationRequestError(404, `Unknown credential instance: ${instanceId}`);\n }\n const credentialType = this.credentialTypeRegistry.getCredentialType(instance.typeId);\n if (!credentialType) {\n const prefix = displayLabel ? `${displayLabel}: ` : \"\";\n throw new ApplicationRequestError(\n 400,\n `${prefix}Credential type \"${instance.typeId}\" is not registered in this runtime (binding points at an unknown type).`,\n );\n }\n const material = await this.credentialRuntimeMaterialService.compose(instance);\n const { resolvedPublicConfig, resolvedMaterial } = this.credentialFieldEnvOverlayService.apply({\n definition: credentialType.definition,\n publicConfig: instance.publicConfig,\n material,\n });\n return await credentialType.createSession({\n instance,\n material: resolvedMaterial,\n publicConfig: resolvedPublicConfig,\n });\n }\n\n private toBindingKeyString(bindingKey: CredentialBindingKey): string {\n return `${bindingKey.workflowId}:${bindingKey.nodeId}:${bindingKey.slotKey}`;\n }\n}\n","import { randomUUID } from \"node:crypto\";\n\nimport type { CredentialHealth, CredentialInstanceId, CredentialTypeId } from \"@codemation/core\";\n\nimport { CoreTokens, inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationRequestError } from \"../../application/ApplicationRequestError\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\n\nimport { CredentialFieldEnvOverlayService } from \"./CredentialFieldEnvOverlayService\";\nimport { CredentialInstanceService } from \"./CredentialInstanceService\";\nimport { CredentialRuntimeMaterialService } from \"./CredentialRuntimeMaterialService\";\nimport type { CredentialStore, AnyCredentialType, MutableCredentialSessionService } from \"./CredentialServices\";\nimport { CredentialTypeRegistryImpl } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialTestService {\n constructor(\n @inject(CredentialInstanceService)\n private readonly credentialInstanceService: CredentialInstanceService,\n @inject(CredentialRuntimeMaterialService)\n private readonly credentialRuntimeMaterialService: CredentialRuntimeMaterialService,\n @inject(CredentialFieldEnvOverlayService)\n private readonly credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService,\n @inject(CredentialTypeRegistryImpl)\n private readonly credentialTypeRegistry: CredentialTypeRegistryImpl,\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CoreTokens.CredentialSessionService)\n private readonly credentialSessionService: MutableCredentialSessionService,\n ) {}\n\n async test(instanceId: CredentialInstanceId): Promise<CredentialHealth> {\n const instance = await this.credentialInstanceService.requireInstance(instanceId);\n const credentialType = this.requireCredentialType(instance.typeId);\n const material = await this.credentialRuntimeMaterialService.compose(instance);\n const { resolvedPublicConfig, resolvedMaterial } = this.credentialFieldEnvOverlayService.apply({\n definition: credentialType.definition,\n publicConfig: instance.publicConfig,\n material,\n });\n const health = await credentialType.test({\n instance,\n material: resolvedMaterial,\n publicConfig: resolvedPublicConfig,\n });\n const testedAt = health.testedAt ?? new Date().toISOString();\n await this.credentialStore.saveTestResult({\n testId: randomUUID(),\n instanceId,\n health: {\n ...health,\n testedAt,\n },\n testedAt,\n expiresAt: health.expiresAt,\n });\n this.credentialSessionService.evictInstance(instanceId);\n return {\n ...health,\n testedAt,\n };\n }\n\n private requireCredentialType(typeId: CredentialTypeId): AnyCredentialType {\n const credentialType = this.credentialTypeRegistry.getCredentialType(typeId);\n if (!credentialType) {\n throw new ApplicationRequestError(400, `Unknown credential type: ${typeId}`);\n }\n return credentialType;\n }\n}\n"],"mappings":";;;;;;;;;;AAQA,IAAa,qCAAb,MAAgD;CAC9C,YAAY,AAAiBA,WAAoC;EAApC;;CAE7B,MAAM,KACJ,MAC2B;EAC3B,MAAM,4BAAW,IAAI,MAAM,EAAC,aAAa;EACzC,MAAM,SAAS,OAAO,KAAK,SAAS,UAAU,GAAG,CAAC,MAAM;AACxD,MAAI,OAAO,WAAW,EACpB,QAAO;GACL,QAAQ;GACR,SAAS;GACT;GACD;EAGH,MAAM,YAAY,KAAK,qBAAqB,KAAK,aAAa,QAAQ;AAEtE,MAAI;GACF,MAAM,WAAW,MAAM,KAAK,UAAU,WAAW;IAC/C,QAAQ;IACR,SAAS,EACP,eAAe,UAAU,UAC1B;IACD,QAAQ,YAAY,QAAQ,KAAO;IACpC,CAAC;AAEF,OAAI,SAAS,GACX,QAAO;IACL,QAAQ;IACR,SAAS;IACT;IACD;AAIH,UAAO;IACL,QAAQ;IACR,SAHc,MAAM,KAAK,kBAAkB,SAAS;IAIpD;IACD;WACM,OAAO;AACd,UAAO;IACL,QAAQ;IACR,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;IAC/D;IACD;;;CAIL,AAAQ,qBAAqB,YAA6B;EACxD,MAAM,cAAc;EACpB,MAAM,MAAM,OAAO,eAAe,WAAW,WAAW,MAAM,GAAG;EACjE,MAAM,OAAO,QAAQ,KAAK,cAAc,IAAI,QAAQ,QAAQ,GAAG;AAC/D,MAAI,KAAK,SAAS,UAAU,CAC1B,QAAO;AAET,MAAI,KAAK,SAAS,MAAM,CACtB,QAAO,GAAG,KAAK;AAEjB,SAAO,GAAG,KAAK;;CAGjB,MAAc,kBAAkB,UAAqC;EACnE,MAAM,SAAS,QAAQ,SAAS;AAChC,MAAI;GACF,MAAM,OAAO,MAAM,SAAS,MAAM;AAClC,OAAI,KAAK,MAAM,KAAK,GAClB,QAAO;GAGT,MAAM,UADS,KAAK,MAAM,KAAK,CACR,OAAO;AAC9B,OAAI,OAAO,YAAY,YAAY,QAAQ,MAAM,KAAK,GACpD,QAAO,GAAG,OAAO,IAAI,QAAQ,MAAM;AAErC,UAAO,GAAG,OAAO,IAAI,KAAK,SAAS,MAAM,GAAG,KAAK,MAAM,GAAG,IAAI,CAAC,KAAK;UAC9D;AACN,UAAO;;;;;;;;;;;;ACvEb,IAAa,oCAAb,MAA+C;CAC7C,YAAY,AAAiBC,cAAkD;EAAlD;;CAE7B,uBAA4G;AAC1G,SAAO;GACL,YAAY;IACV,QAAQ;IACR,aAAa;IACb,aAAa;IACb,cAAc,CACZ;KACE,KAAK;KACL,OAAO;KACP,MAAM;KACN,aAAa;KACb,UAAU;KACX,CACF;IACD,cAAc,CAAC;KAAE,KAAK;KAAU,OAAO;KAAW,MAAM;KAAY,UAAU;KAAM,CAAC;IACrF,sBAAsB;KAAC;KAAM;KAAO;KAAO;IAC5C;GACD,eAAe,OAAO,SAAS;IAC7B,MAAM,aAAa,KAAK,aAAa;IACrC,MAAM,UAAU,OAAO,eAAe,YAAY,WAAW,MAAM,KAAK,KAAK,WAAW,MAAM,GAAG;AACjG,WAAO;KACL,QAAQ,OAAO,KAAK,SAAS,UAAU,GAAG;KAC1C;KACD;;GAEH,MAAM,OAAO,SAAS,KAAK,aAAa,KAAK,KAAK;GACnD;;;;;;ACrCE,uCAAMC,6BAA6D;CACxE,AAAiB,sCAAsB,IAAI,KAA0C;CAErF,SAAS,MAA+C;AACtD,MAAI,KAAK,oBAAoB,IAAI,KAAK,WAAW,OAAO,CACtD,OAAM,IAAI,MAAM,uCAAuC,KAAK,WAAW,SAAS;AAElF,OAAK,oBAAoB,IAAI,KAAK,WAAW,QAAQ,KAAK;;CAG5D,YAAqD;AACnD,SAAO,CAAC,GAAG,KAAK,oBAAoB,QAAQ,CAAC,CAAC,KAAK,UAAU,MAAM,WAAW;;CAGhF,QAAQ,QAAgE;AACtE,SAAO,KAAK,oBAAoB,IAAI,OAAO,EAAE;;CAG/C,kBAAkB,QAAyD;AACzE,SAAO,KAAK,oBAAoB,IAAI,OAAO;;;yCApB9C,YAAY;;;;ACNb,IAAa,0BAAb,cAA6C,MAAM;CACjD,AAAS;CAET,AAAS;CAET,YAAY,QAAgB,SAAiB,QAAgC;AAC3E,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,OAAK,SAAS;AACd,OAAK,UAAU,UAAU,OAAO,SAAS,IAAI;GAAE,OAAO;GAAS;GAAQ,GAAG,EAAE,OAAO,SAAS;;;;;;ACuBhG,MAAa,oBAAoB;CAC/B,sBAAsB,OAAO,IAAI,8CAA8C;CAG/E,4BAA4B,OAAO,IACjC,oDACD;CACD,WAAW,OAAO,IAAI,mCAAmC;CACzD,eAAe,OAAO,IAAI,uCAAuC;CACjE,mBAAmB,OAAO,IAAI,2CAA2C;CACzE,UAAU,OAAO,IAAI,kCAAkC;CACvD,YAAY,OAAO,IAAI,oCAAoC;CAC3D,gBAAgB,OAAO,IAAI,wCAAwC;CACnE,cAAc,OAAO,IAAI,sCAAsC;CAC/D,gBAAgB,OAAO,IAAI,wCAAwC;CAGnE,oBAAoB,OAAO,IAAI,4CAA4C;CAG3E,uBAAuB,OAAO,IAAI,+CAA+C;CACjF,4BAA4B,OAAO,IACjC,oDACD;CACD,wBAAwB,OAAO,IAC7B,gDACD;CACD,8BAA8B,OAAO,IACnC,sDACD;CACD,8BAA8B,OAAO,IACnC,sDACD;CACD,mCAAmC,OAAO,IACxC,2DACD;CACD,uBAAuB,OAAO,IAAI,+CAA+C;CACjF,eAAe,OAAO,IAAI,uCAAuC;CAIjE,8BAA8B,OAAO,IAAI,sDAAsD;CAC/F,iBAAiB,OAAO,IAAI,yCAAyC;CACrE,2BAA2B,OAAO,IAChC,mDACD;CACD,oBAAoB,OAAO,IAAI,4CAA4C;CAC3E,wBAAwB,OAAO,IAC7B,gDACD;CACD,2BAA2B,OAAO,IAChC,mDACD;CACD,mBAAmB,OAAO,IAAI,2CAA2C;CACzE,cAAc,OAAO,IAAI,sCAAsC;CAC/D,iBAAiB,OAAO,IAAI,yCAAyC;CACrE,OAAO,OAAO,IAAI,+BAA+B;CAClD;;;;ACpEM,2CAAMC,iCAA+B;;;;CAI1C,8BAA8B,UAA8B,QAAwB;EAClF,MAAM,SAAS,SAAS,MAAM,MAAM,MAAM,EAAE,OAAO,OAAO;AAC1D,MAAI,OACF,QAAO,OAAO,QAAQ,OAAO,OAAO,QAAQ,OAAO;EAErD,MAAM,YAAY,KAAK,4BAA4B,UAAU,OAAO;AACpE,MAAI,CAAC,UACH,QAAO;AAET,SAAO,KAAK,2BAA2B,UAAU,gBAAgB,UAAU,OAAO,UAAU,YAAY;;CAG1G,6BAA6B,UAA8B,QAAyB;AAClF,MAAI,SAAS,MAAM,MAAM,MAAM,EAAE,OAAO,OAAO,CAC7C,QAAO;AAET,SAAO,KAAK,4BAA4B,UAAU,OAAO,KAAK;;CAGhE,gBACE,UACA,QACA,SACgF;EAChF,MAAM,SAAS,KAAK,sBAAsB,UAAU,QAAQ,QAAQ;AACpE,MAAI,OACF,QAAO;EAET,MAAM,YAAY,KAAK,4BAA4B,UAAU,OAAO;AACpE,MAAI,CAAC,UACH;EAEF,MAAM,cAAc,UAAU,MAAM,iBACjC,6BAA6B,EAC5B,MAAM,UAAU,MAAM,YAAY,QAAQ;AAC9C,SAAO,cAAc;GAAE,UAAU,UAAU,MAAM;GAAM;GAAa,GAAG;;CAGzE,UAAU,UAAwE;EAChF,MAAM,6BAAa,IAAI,KAAwC;AAE/D,OAAK,MAAM,QAAQ,SAAS,OAAO;AACjC,OAAI,qBAAqB,kBAAkB,KAAK,OAAO,EAAE;AACvD,SAAK,uBAAuB,SAAS,IAAI,KAAK,IAAI,KAAK,QAAQ,WAAW;AAC1E;;AAEF,QAAK,wBACH,SAAS,IACT,KAAK,IACL,KAAK,QAAQ,KAAK,OAAO,QAAQ,KAAK,IACtC,KAAK,OAAO,6BAA6B,IAAI,EAAE,EAC/C,WACD;;AAEH,SAAO,CAAC,GAAG,WAAW,QAAQ,CAAC;;CAGjC,AAAQ,sBACN,UACA,QACA,SACgF;EAChF,MAAM,OAAO,SAAS,MAAM,MAAM,UAAU,MAAM,OAAO,OAAO;AAChE,MAAI,CAAC,QAAQ,qBAAqB,kBAAkB,KAAK,OAAO,CAC9D;EAEF,MAAM,cAAc,KAAK,OAAO,6BAA6B,EAAE,MAAM,UAAU,MAAM,YAAY,QAAQ;AACzG,MAAI,CAAC,YACH;AAEF,SAAO;GAAE,UAAU,KAAK,QAAQ,KAAK,OAAO,QAAQ,KAAK;GAAI;GAAa;;CAG5E,AAAQ,uBACN,YACA,iBACA,aACA,YACM;AACN,OAAK,MAAM,SAAS,6BAA6B,QAAQ,iBAAiB,YAAY,CACpF,MAAK,wBACH,YACA,MAAM,QACN,MAAM,MACN,MAAM,iBAAiB,6BAA6B,IAAI,EAAE,EAC1D,WACD;;CAIL,AAAQ,wBACN,YACA,QACA,UACA,cACA,YACM;AACN,OAAK,MAAM,eAAe,cAAc;GACtC,MAAM,MAAM,GAAG,OAAO,IAAI,YAAY;AACtC,OAAI,WAAW,IAAI,IAAI,CACrB;AAEF,cAAW,IAAI,KAAK;IAClB;IACA;IACA;IACA;IACD,CAAC;;;CAIN,AAAQ,4BACN,UACA,QAQY;AACZ,MACE,CAAC,wBAAwB,gCAAgC,OAAO,IAChE,CAAC,wBAAwB,uBAAuB,OAAO,CAEvD;AAEF,OAAK,MAAM,QAAQ,SAAS,OAAO;AACjC,OAAI,CAAC,qBAAqB,kBAAkB,KAAK,OAAO,CACtD;GAEF,MAAM,UAAU,6BAA6B,QAAQ,KAAK,IAAI,KAAK,OAAO;GAC1E,MAAM,cAAc,IAAI,IAAI,QAAQ,KAAK,YAAU,CAACC,QAAM,QAAQA,QAAM,CAAC,CAAC;GAC1E,MAAM,QAAQ,YAAY,IAAI,OAAO;AACrC,OAAI,CAAC,MACH;AAEF,UAAO;IACL,iBAAiB,KAAK;IACtB,gBAAgB,KAAK,QAAQ,KAAK,OAAO,QAAQ,KAAK;IACtD;IACA;IACD;;;CAKL,AAAQ,2BACN,gBACA,OACA,aACQ;EACR,MAAM,SAAS,CAAC,gBAAgB,GAAG,KAAK,0BAA0B,MAAM,cAAc,YAAY,CAAC;AACnG,SAAO,KAAK,MAAM,SAAS,kBAAkB,mBAAmB,MAAM,KAAK;AAC3E,SAAO,OAAO,KAAK,MAAM;;CAG3B,AAAQ,0BACN,cACA,aACuB;EACvB,MAAMC,SAAmB,EAAE;EAC3B,IAAI,gBAAgB;AACpB,SAAO,MAAM;GACX,MAAM,cAAc,YAAY,IAAI,cAAc;AAClD,OAAI,CAAC,YACH,QAAO,OAAO,SAAS;AAEzB,OAAI,YAAY,SAAS,UAAU,YAAY,SAAS,cACtD,QAAO,KAAK,YAAY,KAAK;AAE/B,mBAAgB,YAAY;;;;6CAjLjC,YAAY;;;;ACXN,6CAAMC,mCAAiC;CAC5C,YACE,AACiBC,WACjB;EADiB;;;CAInB,uBAAuB,OAAuC;EAC5D,MAAM,OAAO,MAAM,YAAY,MAAM;AACrC,MAAI,CAAC,KACH,QAAO;EAET,MAAM,IAAI,KAAK,UAAU,IAAI;AAC7B,SAAO,OAAO,MAAM,YAAY,EAAE,SAAS;;CAG7C,MACE,MAK8E;EAC9E,MAAMC,MAA+B,EAAE,GAAG,KAAK,cAAc;EAC7D,MAAMC,MAA+B,EAAE,GAAG,KAAK,UAAU;AACzD,OAAK,MAAM,SAAS,KAAK,WAAW,gBAAgB,EAAE,EAAE;GACtD,MAAM,OAAO,MAAM,YAAY,MAAM;AACrC,OAAI,CAAC,KACH;GAEF,MAAM,IAAI,KAAK,UAAU,IAAI;AAC7B,OAAI,OAAO,MAAM,YAAY,EAAE,SAAS,EACtC,KAAI,MAAM,OAAO;;AAGrB,OAAK,MAAM,SAAS,KAAK,WAAW,gBAAgB,EAAE,EAAE;GACtD,MAAM,OAAO,MAAM,YAAY,MAAM;AACrC,OAAI,CAAC,KACH;GAEF,MAAM,IAAI,KAAK,UAAU,IAAI;AAC7B,OAAI,OAAO,MAAM,YAAY,EAAE,SAAS,EACtC,KAAI,MAAM,OAAO;;AAGrB,SAAO,OAAO,OAAO;GACnB,sBAAsB,OAAO,OAAO,IAAI;GACxC,kBAAkB,OAAO,OAAO,IAAI;GACrC,CAAC;;;;CAjDL,YAAY;oBAGR,OAAO,kBAAkB,UAAU;;;;;;;ACDjC,mCAAMC,yBAAuB;;;;CAClC,OAAwB,YAAY;CACpC,OAAwB,gBAAgB;CACxC,OAAwB,WAAW;CAEnC,YACE,AACiBC,WACjB;EADiB;;CAGnB,QAAQ,OAIL;EACD,MAAM,KAAK,oCAAmC,SAAS;EACvD,MAAM,SAAS,uCAAsC,WAAW,KAAK,oBAAoB,EAAE,GAAG;EAC9F,MAAM,YAAY,OAAO,KAAK,KAAK,UAAU,MAAM,EAAE,OAAO;EAC5D,MAAM,YAAY,OAAO,OAAO,CAAC,OAAO,OAAO,UAAU,EAAE,OAAO,OAAO,CAAC,CAAC;EAC3E,MAAM,UAAU,OAAO,YAAY;AACnC,SAAO;GACL,eAAe,OAAO,OAAO;IAAC;IAAI;IAAS;IAAU,CAAC,CAAC,SAAS,SAAS;GACzE,iBAAiB,KAAK,cAAc;GACpC,uCAAsC;GACvC;;CAGH,QACE,QAKY;EACZ,MAAM,SAAS,OAAO,KAAK,OAAO,eAAe,SAAS;EAC1D,MAAM,KAAK,OAAO,SAAS,2BAA0B,SAAS;EAC9D,MAAM,UAAU,OAAO,iCAAgC,kCAAiC,WAAW,GAAG;EACtG,MAAM,YAAY,OAAO,iCAAgC,WAAW,GAAG;EACvE,MAAM,WAAW,yCAAwC,WAAW,KAAK,oBAAoB,EAAE,GAAG;AAClG,WAAS,WAAW,QAAQ;EAC5B,MAAM,YAAY,OAAO,OAAO,CAAC,SAAS,OAAO,UAAU,EAAE,SAAS,OAAO,CAAC,CAAC,CAAC,SAAS,OAAO;AAChG,SAAO,KAAK,MAAM,UAAU;;CAG9B,AAAQ,qBAA6B;EACnC,MAAM,WAAW,KAAK,UAAU,IAAI;AACpC,MAAI,CAAC,YAAY,SAAS,MAAM,CAAC,WAAW,EAC1C,OAAM,IAAI,MAAM,yFAAyF;AAE3G,SAAO,WAAW,SAAS,CAAC,OAAO,SAAS,CAAC,QAAQ;;CAGvD,AAAQ,eAAuB;EAC7B,MAAM,WAAW,KAAK,UAAU,IAAI;AACpC,SAAO,WAAW,SAAS,CACxB,OAAO,YAAY,GAAG,CACtB,OAAO,MAAM,CACb,MAAM,GAAG,GAAG;;;;CA1DlB,YAAY;oBAOR,OAAO,kBAAkB,UAAU;;;;;;;ACPjC,uCAAMC,6BAA2B;CACtC,YACE,AACiBC,iBACjB,AACiBC,wBACjB,AACiBC,WACjB;EALiB;EAEA;EAEA;;CAGnB,MAAM,gBAAgB,UAAyD;AAC7E,MAAI,SAAS,UAAU,SAAS,MAAM;GACpC,MAAM,iBAAiB,MAAM,KAAK,gBAAgB,kBAAkB,SAAS,WAAW;AACxF,OAAI,CAAC,eACH,OAAM,IAAI,MAAM,cAAc,SAAS,WAAW,wCAAwC;AAE5F,UAAO,KAAK,uBAAuB,QAAQ,eAAe;;AAE5D,MAAI,SAAS,UAAU,SAAS,MAC9B,QAAO,KAAK,mBAAmB,SAAS;AAE1C,SAAO,SAAS,UAAU;;CAG5B,AAAQ,mBAAmB,UAAgD;AACzE,MAAI,SAAS,UAAU,SAAS,MAC9B,OAAM,IAAI,MAAM,cAAc,SAAS,WAAW,6BAA6B;EAEjF,MAAMC,WAAoC,EAAE;EAC5C,MAAMC,8BAAwC,EAAE;AAChD,OAAK,MAAM,CAAC,UAAU,eAAe,OAAO,QAAQ,SAAS,UAAU,WAAW,EAAE;GAClF,MAAM,QAAQ,KAAK,UAAU,IAAI;AACjC,OAAI,UAAU,UAAa,MAAM,WAAW,GAAG;AAC7C,gCAA4B,KAAK,WAAW;AAC5C;;AAEF,YAAS,YAAY;;AAEvB,MAAI,4BAA4B,SAAS,EACvC,OAAM,IAAI,MACR,cAAc,SAAS,WAAW,oDAAoD,4BAA4B,KAAK,KAAK,CAAC,GAC9H;AAEH,SAAO;;;;CA5CV,YAAY;oBAGR,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,uBAAuB;oBAE9B,OAAO,kBAAkB,UAAU;;;;;;;;;;ACVjC,0CAAMC,gCAA8B;CACzC,uBAAuB,MAAsC,cAAiD;EAC5G,MAAM,yBAAyB,KAAK;AACpC,MAAI,CAAC,uBACH,QAAO,CAAC,GAAG,KAAK,OAAO;EAEzB,MAAM,SAAS,KAAK,cAAc,aAAa,uBAAuB,gBAAgB;AACtF,MAAI,CAAC,OACH,QAAO,CAAC,GAAG,KAAK,OAAO;EAEzB,MAAM,eAAe,uBAAuB,aAAa;AACzD,MAAI,aACF,QAAO,CAAC,GAAG,aAAa;AAG1B,MAAI,YADoB,uBAAuB,mBAAmB,UAEhE,QAAO,CAAC,GAAG,KAAK,OAAO;EAEzB,MAAM,eAAe,KAAK,iBACxB,aAAa,uBAAuB,wBAAwB,gBAC7D;AACD,MAAI,aAAa,SAAS,EACxB,QAAO;AAET,SAAO,CAAC,GAAG,KAAK,OAAO;;CAGzB,AAAQ,cAAc,OAAoC;AACxD,MAAI,OAAO,UAAU,SACnB;EAEF,MAAM,aAAa,MAAM,MAAM;AAC/B,SAAO,WAAW,SAAS,IAAI,aAAa;;CAG9C,AAAQ,iBAAiB,OAAuC;AAC9D,MAAI,MAAM,QAAQ,MAAM,CACtB,QAAO,KAAK,OACV,MAAM,KAAK,UAAW,OAAO,UAAU,WAAW,MAAM,MAAM,GAAG,GAAI,CAAC,QAAQ,UAAU,MAAM,SAAS,EAAE,CAC1G;AAEH,MAAI,OAAO,UAAU,SACnB,QAAO,EAAE;AAEX,SAAO,KAAK,OACV,MACG,MAAM,SAAS,CACf,KAAK,UAAU,MAAM,MAAM,CAAC,CAC5B,QAAQ,UAAU,MAAM,SAAS,EAAE,CACvC;;CAGH,AAAQ,OAAO,SAAuD;AACpE,SAAO,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC;;;4CAtD/B,YAAY;;;;;ACoCN,sCAAMC,4BAA0B;CACrC,YACE,AACiBC,iBACjB,AACiBC,wBACjB,AACiBC,wBACjB,AACiBC,kCACjB,AACiBC,4BACjB,AACiBC,+BACjB,AACiBC,0BACjB;EAbiB;EAEA;EAEA;EAEA;EAEA;EAEA;EAEA;;CAGnB,MAAM,gBAA+D;EACnE,MAAM,YAAY,MAAM,KAAK,gBAAgB,eAAe;EAC5D,MAAM,oBAAoB,MAAM,KAAK,gBAAgB,qBACnD,UAAU,KAAK,aAAa,SAAS,WAAW,CACjD;AACD,SAAO,MAAM,QAAQ,IACnB,UAAU,IAAI,OAAO,aAAa,MAAM,KAAK,MAAM,UAAU,kBAAkB,IAAI,SAAS,WAAW,CAAC,CAAC,CAC1G;;CAGH,MAAM,YAAY,YAA8E;EAC9F,MAAM,WAAW,MAAM,KAAK,gBAAgB,YAAY,WAAW;AACnE,MAAI,CAAC,SACH;EAEF,MAAM,mBAAmB,MAAM,KAAK,gBAAgB,oBAAoB,WAAW;AACnF,SAAO,MAAM,KAAK,MAAM,UAAU,iBAAiB;;CAGrD,MAAM,uBACJ,YACuD;EACvD,MAAM,WAAW,MAAM,KAAK,gBAAgB,YAAY,WAAW;AACnE,MAAI,CAAC,SACH;EAEF,MAAM,mBAAmB,MAAM,KAAK,gBAAgB,oBAAoB,WAAW;EACnF,MAAM,OAAO,MAAM,KAAK,MAAM,UAAU,iBAAiB;AACzD,MAAI;GACF,MAAM,WAAW,MAAM,KAAK,2BAA2B,gBAAgB,SAAS;GAChF,MAAM,eAAe,OAAO,YAAY,OAAO,QAAQ,SAAS,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,GAAG,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC;GAIvG,MAAM,gBACJ,SAAS,UAAU,SAAS,QAAS,SAAS,UAAU,aAAwC;AAClG,UAAO;IAAE,GAAG;IAAM;IAAc;IAAe;UACzC;AACN,UAAO;;;CAIX,MAAM,OAAO,SAA0E;EACrF,MAAM,iBAAiB,KAAK,sBAAsB,QAAQ,OAAO;EACjE,MAAM,eAAe,eAAe,WAAW,gBAAgB,EAAE;EACjE,MAAM,eAAe,eAAe,WAAW,gBAAgB,EAAE;AACjE,OAAK,sBAAsB;GACzB,aAAa,QAAQ;GACrB;GACA,cAAc,QAAQ,gBAAgB,EAAE;GACxC;GACA,YAAY,QAAQ;GACpB,cAAc,QAAQ,gBAAgB,EAAE;GACxC,eAAe,QAAQ,iBAAiB,EAAE;GAC3C,CAAC;EACF,MAAM,6BAAY,IAAI,MAAM,EAAC,aAAa;EAC1C,MAAM,iBAAiB,KAAK,2BAA2B,cAAc,QAAQ,gBAAgB,EAAE,CAAC;EAChG,MAAM,uBAAuB,KAAK,2BAA2B,cAAc,QAAQ,gBAAgB,EAAE,CAAC;EACtG,MAAMC,WAAqC;GACzC,YAAY,YAAY;GACxB,QAAQ,QAAQ;GAChB,aAAa,QAAQ,YAAY,MAAM;GACvC,YAAY,QAAQ;GACpB,cAAc,OAAO,OAAO,EAAE,GAAG,gBAAgB,CAAC;GAClD,WAAW,KAAK,gBAAgB,QAAQ,YAAY,sBAAsB,QAAQ,iBAAiB,EAAE,CAAC;GACtG,MAAM,OAAO,OAAO,CAAC,GAAI,QAAQ,QAAQ,EAAE,CAAE,CAAC;GAC9C,aAAa,eAAe,WAAW,MAAM,SAAS,WAAW,UAAU;GAC3E,WAAW;GACX,WAAW;GACZ;AACD,QAAM,KAAK,gBAAgB,aAAa;GACtC;GACA,gBAAgB,KAAK,qBAAqB,UAAU,sBAAsB,UAAU;GACrF,CAAC;AACF,OAAK,yBAAyB,cAAc,SAAS,WAAW;AAChE,SAAO,KAAK,MAAM,UAAU,OAAU;;CAGxC,MAAM,OACJ,YACA,SACgC;EAChC,MAAM,WAAW,MAAM,KAAK,gBAAgB,WAAW;EACvD,MAAM,iBAAiB,KAAK,sBAAsB,SAAS,OAAO;EAClE,MAAM,kBAAkB,EAAE,GAAI,QAAQ,gBAAgB,SAAS,cAAe;EAC9E,MAAM,6BAAY,IAAI,MAAM,EAAC,aAAa;EAC1C,MAAM,mBAAmB,QAAQ;EACjC,MAAM,oBAAoB,QAAQ;EAClC,MAAM,eAAe,eAAe,WAAW,gBAAgB,EAAE;AACjE,OAAK,sBAAsB;GACzB,aAAa,QAAQ,eAAe,SAAS;GAC7C,cAAc,eAAe,WAAW,gBAAgB,EAAE;GAC1D,cAAc;GACd;GACA,YAAY,SAAS;GACrB,cAAc,oBAAoB,EAAE;GACpC,eAAe,qBAAqB,EAAE;GACtC,qBAAqB;GACtB,CAAC;EACF,MAAM,eAAe,OAAO,OAAO,EACjC,GAAG,KAAK,2BAA2B,eAAe,WAAW,gBAAgB,EAAE,EAAE,gBAAgB,EAClG,CAAC;EACF,MAAM,qBACJ,qBAAqB,SAAY,KAAK,2BAA2B,cAAc,iBAAiB,GAAG;EACrG,MAAMA,WAAqC;GACzC,GAAG;GACH,aAAa,QAAQ,aAAa,MAAM,IAAI,SAAS;GACrD;GACA,MAAM,OAAO,OAAO,CAAC,GAAI,QAAQ,QAAQ,SAAS,KAAM,CAAC;GACzD,aAAa,QAAQ,eAAe,SAAS;GAC7C,WACE,oBAAoB,oBAChB,KAAK,gBAAgB,SAAS,YAAY,sBAAsB,EAAE,EAAE,qBAAqB,EAAE,CAAC,GAC5F,SAAS;GACf;GACD;AACD,QAAM,KAAK,gBAAgB,aAAa;GACtC;GACA,gBACE,qBAAqB,UAAa,uBAAuB,SACrD,KAAK,qBAAqB,UAAU,oBAAoB,UAAU,GAClE;GACP,CAAC;AACF,OAAK,yBAAyB,cAAc,SAAS,WAAW;AAChE,SAAO,KAAK,MAAM,UAAU,MAAM,KAAK,gBAAgB,oBAAoB,SAAS,WAAW,CAAC;;CAGlG,MAAM,OAAO,YAAiD;AAC5D,QAAM,KAAK,gBAAgB,eAAe,WAAW;AACrD,OAAK,yBAAyB,cAAc,WAAW;;CAGzD,MAAM,iBAAiB,YAAkE;EACvF,MAAM,WAAW,MAAM,KAAK,gBAAgB,WAAW;AAEvD,MADuB,KAAK,sBAAsB,SAAS,OAAO,CAC/C,WAAW,MAAM,SAAS,SAC3C,OAAM,IAAI,wBAAwB,KAAK,uBAAuB,WAAW,uBAAuB;EAElG,MAAMC,kBAA4C;GAChD,GAAG;GACH,aAAa;GACb,4BAAW,IAAI,MAAM,EAAC,aAAa;GACpC;AACD,QAAM,KAAK,gBAAgB,aAAa,EACtC,UAAU,iBACX,CAAC;AACF,QAAM,KAAK,gBAAgB,qBAAqB,WAAW;AAC3D,OAAK,yBAAyB,cAAc,WAAW;AACvD,SAAO,MAAM,KAAK,MAAM,iBAAiB,MAAM,KAAK,gBAAgB,oBAAoB,WAAW,CAAC;;CAGtG,MAAM,gBAAgB,YAAqE;EACzF,MAAM,WAAW,MAAM,KAAK,gBAAgB,YAAY,WAAW;AACnE,MAAI,CAAC,SACH,OAAM,IAAI,wBAAwB,KAAK,gCAAgC,aAAa;AAEtF,SAAO;;CAGT,AAAQ,gBACN,YACA,cACA,eACqB;AACrB,MAAI,eAAe,KACjB,QAAO,EAAE,MAAM,MAAM;AAEvB,MAAI,eAAe,MACjB,QAAO;GACL,MAAM;GACN,YAAY,OAAO,OAAO,EAAE,GAAG,eAAe,CAAC;GAChD;AAEH,SAAO;GACL,MAAM;GACN,OAAO,OAAO,OAAO,EAAE,GAAG,cAAc,CAAC;GAC1C;;CAGH,AAAQ,qBACN,UACA,cACA,WAC4C;AAC5C,MAAI,SAAS,eAAe,KAC1B;EAEF,MAAM,YAAY,KAAK,uBAAuB,QAAQ,aAAa;AACnE,SAAO;GACL,YAAY,SAAS;GACrB,eAAe,UAAU;GACzB,iBAAiB,UAAU;GAC3B,eAAe,UAAU;GACzB;GACD;;CAGH,AAAQ,sBACN,MAUM;AACN,MAAI,CAAC,KAAK,eAAe,KAAK,YAAY,MAAM,CAAC,WAAW,EAC1D,OAAM,IAAI,wBAAwB,KAAK,sCAAsC;AAE/E,OAAK,qBAAqB,gBAAgB,KAAK,cAAc,KAAK,aAAa;AAC/E,MAAI,KAAK,eAAe,MAAM;AAC5B,OAAI,CAAC,KAAK,uBAAuB,OAAO,KAAK,KAAK,aAAa,CAAC,SAAS,EACvE,MAAK,qBAAqB,gBAAgB,KAAK,cAAc,KAAK,aAAa;AAEjF;;AAEF,MAAI,KAAK,eAAe,OAAO;AAC7B,OAAI,CAAC,KAAK,uBAAuB,OAAO,KAAK,KAAK,cAAc,CAAC,SAAS,EACxE,MAAK,wBAAwB,KAAK,cAAc,KAAK,cAAc;AAErE;;AAEF,MAAI,CAAC,KAAK,uBAAuB,OAAO,KAAK,KAAK,aAAa,CAAC,SAAS,EACvE,MAAK,qBAAqB,gBAAgB,KAAK,cAAc,KAAK,aAAa;;CAInF,AAAQ,2BAA2B,QAA8C,OAA+B;EAC9G,MAAMC,MAA+B,EAAE,GAAG,OAAO;AACjD,OAAK,MAAM,SAAS,OAClB,KAAI,KAAK,iCAAiC,uBAAuB,MAAM,CACrE,QAAO,IAAI,MAAM;AAGrB,SAAO,OAAO,OAAO,IAAI;;CAG3B,AAAQ,qBACN,WACA,QACA,OACM;EACN,MAAM,UAAU,OACb,QAAQ,UAAU,MAAM,aAAa,KAAK,CAC1C,QAAQ,UAAU,CAAC,KAAK,iCAAiC,uBAAuB,MAAM,CAAC,CACvF,QAAQ,UAAU,MAAM,MAAM,SAAS,UAAa,MAAM,MAAM,SAAS,QAAQ,MAAM,MAAM,SAAS,GAAG,CACzG,KAAK,UAAU,MAAM,IAAI;AAC5B,MAAI,QAAQ,SAAS,EACnB,OAAM,IAAI,wBAAwB,KAAK,oBAAoB,UAAU,aAAa,QAAQ,KAAK,KAAK,GAAG;;CAI3G,AAAQ,wBACN,QACA,eACM;EACN,MAAM,UAAU,OACb,QAAQ,UAAU,MAAM,aAAa,KAAK,CAC1C,QAAQ,UAAU,CAAC,KAAK,iCAAiC,uBAAuB,MAAM,CAAC,CACvF,QAAQ,UAAU,CAAC,cAAc,MAAM,QAAQ,cAAc,MAAM,KAAM,MAAM,CAAC,WAAW,EAAE,CAC7F,KAAK,UAAU,MAAM,IAAI;AAC5B,MAAI,QAAQ,SAAS,EACnB,OAAM,IAAI,wBAAwB,KAAK,4CAA4C,QAAQ,KAAK,KAAK,GAAG;;CAI5G,AAAQ,sBAAsB,QAA6C;EACzE,MAAM,iBAAiB,KAAK,uBAAuB,kBAAkB,OAAO;AAC5E,MAAI,CAAC,eACH,OAAM,IAAI,wBAAwB,KAAK,4BAA4B,SAAS;AAE9E,SAAO;;CAGT,MAAM,oBAAoB,YAAkC,aAAoC;EAC9F,MAAM,WAAW,MAAM,KAAK,gBAAgB,WAAW;AACvD,QAAM,KAAK,gBAAgB,aAAa,EACtC,UAAU;GACR,GAAG;GACH,aAAa;GACb,WAAW;GACZ,EACF,CAAC;AACF,OAAK,yBAAyB,cAAc,WAAW;;CAGzD,MAAc,MACZ,UACA,kBACgC;EAChC,MAAM,mBAAmB,MAAM,KAAK,sBAAsB,SAAS;AACnE,SAAO;GACL,YAAY,SAAS;GACrB,QAAQ,SAAS;GACjB,aAAa,SAAS;GACtB,YAAY,SAAS;GACrB,cAAc,SAAS;GACvB,MAAM,SAAS;GACf,aAAa,SAAS;GACtB,WAAW,SAAS;GACpB,WAAW,SAAS;GACpB,cAAc,kBAAkB;GAChC;GACD;;CAGH,MAAc,sBACZ,UACoD;EACpD,MAAM,iBAAiB,KAAK,uBAAuB,kBAAkB,SAAS,OAAO;AACrF,MAAI,gBAAgB,WAAW,MAAM,SAAS,SAC5C;EAEF,MAAM,aACJ,gBAAgB,eAAe,WAAW,OAAO,eAAe,WAAW,KAAK,aAAa;EAC/F,MAAM,WAAW,MAAM,KAAK,gBAAgB,kBAAkB,SAAS,WAAW;AAClF,MAAI,CAAC,SAKH,QAAO;GACL,QAAQ;GACR;GACA,QAAQ,CAAC,GAPa,KAAK,8BAA8B,uBACzD,eAAe,WAAW,MAC1B,SAAS,aACV,CAI6B;GAC7B;AAEH,SAAO;GACL,QAAQ;GACR,YAAY,SAAS;GACrB,gBAAgB,SAAS;GACzB,aAAa,SAAS;GACtB,QAAQ,SAAS;GACjB,WAAW,SAAS;GACrB;;;;CApWJ,YAAY;oBAGR,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,2BAA2B;oBAElC,OAAO,uBAAuB;oBAE9B,OAAO,iCAAiC;oBAExC,OAAO,2BAA2B;oBAElC,OAAO,8BAA8B;oBAErC,OAAO,WAAW,yBAAyB;;;;;;;;;;;;;;;AC7BzC,qCAAMC,2BAAyB;CACpC,YACE,AACiBC,iBACjB,AACiBC,2BACjB,AACiBC,oBACjB,AACiBC,0BACjB,AACiBC,gCACjB;EATiB;EAEA;EAEA;EAEA;EAEA;;CAGnB,MAAM,cACJ,MAC4B;EAC5B,MAAM,WAAW,KAAK,gBAAgB,KAAK,WAAW;EACtD,MAAM,cAAc,KAAK,mBAAmB,UAAU,KAAK,QAAQ,KAAK,QAAQ;EAChF,MAAM,WAAW,MAAM,KAAK,0BAA0B,gBAAgB,KAAK,WAAW;AACtF,MAAI,CAAC,YAAY,cAAc,SAAS,SAAS,OAAO,CACtD,OAAM,IAAI,wBACR,KACA,uBAAuB,SAAS,WAAW,IAAI,SAAS,OAAO,gCAAgC,KAAK,QAAQ,oBAAoB,YAAY,cAAc,KAAK,KAAK,GACrK;EAEH,MAAMC,UAA6B;GACjC,KAAK;IACH,YAAY,KAAK;IACjB,QAAQ,KAAK;IACb,SAAS,KAAK;IACf;GACD,YAAY,KAAK;GACjB,4BAAW,IAAI,MAAM,EAAC,aAAa;GACpC;AACD,QAAM,KAAK,gBAAgB,cAAc,QAAQ;AACjD,OAAK,yBAAyB,aAAa,QAAQ,IAAI;AACvD,SAAO;;CAGT,MAAM,mBAAmB,YAA0D;EACjF,MAAM,WAAW,KAAK,gBAAgB,WAAW;EACjD,MAAM,WAAW,MAAM,KAAK,gBAAgB,yBAAyB,WAAW;EAChF,MAAM,gBAAgB,IAAI,IAAI,SAAS,KAAK,YAAY,CAAC,KAAK,mBAAmB,QAAQ,IAAI,EAAE,QAAQ,CAAU,CAAC;EAClH,MAAMC,QAA2C,EAAE;AACnD,OAAK,MAAM,WAAW,KAAK,+BAA+B,UAAU,SAAS,EAAE;GAC7E,MAAM,cAAc,QAAQ;GAC5B,MAAM,aAAa;IACjB;IACA,QAAQ,QAAQ;IAChB,SAAS,YAAY;IACtB;GACD,MAAM,UAAU,cAAc,IAAI,KAAK,mBAAmB,WAAW,CAAC;AACtE,OAAI,CAAC,SAAS;AACZ,UAAM,KAAK;KACT;KACA,QAAQ,QAAQ;KAChB,UAAU,QAAQ;KAClB;KACA,QAAQ,EACN,QAAQ,YAAY,WAAW,qBAAqB,WACrD;KACF,CAAC;AACF;;GAEF,MAAM,WAAW,MAAM,KAAK,0BAA0B,gBAAgB,QAAQ,WAAW;GACzF,MAAM,mBAAmB,MAAM,KAAK,gBAAgB,oBAAoB,SAAS,WAAW;AAC5F,SAAM,KAAK;IACT;IACA,QAAQ,QAAQ;IAChB,UAAU,QAAQ;IAClB;IACA,UAAU;KACR,YAAY,SAAS;KACrB,QAAQ,SAAS;KACjB,aAAa,SAAS;KACtB,aAAa,SAAS;KACvB;IACD,QAAQ;KACN,QAAQ,kBAAkB,OAAO,UAAU;KAC3C,SAAS,kBAAkB,OAAO;KAClC,UAAU,kBAAkB,OAAO;KACpC;IACF,CAAC;;AAEJ,SAAO;GACL;GACA;GACD;;CAGH,AAAQ,gBAAgB,YAAwC;EAC9D,MAAM,WAAW,KAAK,mBAAmB,IAAI,mBAAmB,WAAW,CAAC;AAC5E,MAAI,CAAC,SACH,OAAM,IAAI,wBAAwB,KAAK,uBAAuB,aAAa;AAE7E,SAAO;;CAGT,AAAQ,mBAAmB,UAA8B,QAAgB,SAAwC;EAC/G,MAAM,WAAW,KAAK,+BAA+B,gBAAgB,UAAU,QAAQ,QAAQ;AAC/F,MAAI,CAAC,UAAU;AACb,OAAI,CAAC,KAAK,+BAA+B,6BAA6B,UAAU,OAAO,CACrF,OAAM,IAAI,wBAAwB,KAAK,0BAA0B,SAAS;AAE5E,SAAM,IAAI,wBAAwB,KAAK,QAAQ,OAAO,oCAAoC,QAAQ,GAAG;;AAEvG,SAAO,SAAS;;CAGlB,AAAQ,mBAAmB,YAA0C;AACnE,SAAO,GAAG,WAAW,WAAW,GAAG,WAAW,OAAO,GAAG,WAAW;;;;CAhHtE,YAAY;oBAGR,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,0BAA0B;oBAEjC,OAAO,WAAW,mBAAmB;oBAErC,OAAO,WAAW,yBAAyB;oBAE3C,OAAO,+BAA+B;;;;;;;;;;;;;ACzBpC,6CAAMC,mCAAiC;CAC5C,YACE,AACiBC,iBACjB,AACiBC,4BACjB,AACiBC,wBACjB,AACiBC,wBACjB;EAPiB;EAEA;EAEA;EAEA;;CAGnB,MAAM,QAAQ,UAAyD;EACrE,MAAM,eAAe,MAAM,KAAK,2BAA2B,gBAAgB,SAAS;AAEpF,OADa,KAAK,uBAAuB,kBAAkB,SAAS,OAAO,EAAE,WAAW,OAC9E,SAAS,SACjB,QAAO;EAET,MAAM,iBAAiB,MAAM,KAAK,gBAAgB,kBAAkB,SAAS,WAAW;AACxF,MAAI,CAAC,eACH,QAAO;EAET,MAAM,0BAA0B,KAAK,uBAAuB,QAAQ,eAAe;AACnF,SAAO,OAAO,OAAO;GACnB,GAAG;GACH,GAAG;GACJ,CAAC;;;;CA3BL,YAAY;oBAGR,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,2BAA2B;oBAElC,OAAO,uBAAuB;oBAE9B,OAAO,2BAA2B;;;;;;;;;;;;ACEhC,yCAAMC,+BAAiE;CAC5E,AAAiB,6CAA6B,IAAI,KAA6C;CAC/F,AAAiB,gDAAgC,IAAI,KAAmC;CAExF,YACE,AACiBC,iBACjB,AACiBC,kCACjB,AACiBC,kCACjB,AACiBC,wBACjB,AACiBC,oBACjB,AACiBC,gCACjB;EAXiB;EAEA;EAEA;EAEA;EAEA;EAEA;;CAGnB,MAAM,WACJ,MACmB;EACnB,MAAM,WAAW,KAAK,mBAAmB,IAAI,mBAAmB,KAAK,WAAW,CAAC;EACjF,MAAM,eAAe,WACjB,KAAK,+BAA+B,8BAA8B,UAAU,KAAK,OAAO,GACxF;EACJ,MAAM,cAAc,WAChB,KAAK,+BAA+B,gBAAgB,UAAU,KAAK,QAAQ,KAAK,QAAQ,EAAE,cAC1F;EACJ,MAAMC,aAAmC;GACvC,YAAY,KAAK;GACjB,QAAQ,KAAK;GACb,SAAS,KAAK;GACf;EACD,MAAM,UAAU,MAAM,KAAK,gBAAgB,WAAW,WAAW;AACjE,MAAI,CAAC,SAAS;GACZ,MAAM,UAAU,IAAI,uBAAuB,YAAY,aAAa,iBAAiB,EAAE,CAAC;AACxF,OAAI,aACF,OAAM,IAAI,MAAM,GAAG,aAAa,IAAI,QAAQ,WAAW,EAAE,OAAO,SAAS,CAAC;AAE5E,SAAM;;EAER,MAAM,kBAAkB,KAAK,mBAAmB,WAAW;AAC3D,OAAK,8BAA8B,IAAI,iBAAiB,QAAQ,WAAW;EAC3E,MAAM,gBAAgB,KAAK,2BAA2B,IAAI,QAAQ,WAAW;AAC7E,MAAI,cACF,QAAQ,MAAM;EAEhB,MAAM,qBAAqB,KAAK,cAAc,QAAQ,YAAY,aAAa,CAAC,OAAO,UAAU;AAC/F,QAAK,2BAA2B,OAAO,QAAQ,WAAW;AAC1D,SAAM;IACN;AACF,OAAK,2BAA2B,IAAI,QAAQ,YAAY,mBAAmB;AAC3E,SAAQ,MAAM;;CAGhB,cAAc,YAAwC;AACpD,OAAK,2BAA2B,OAAO,WAAW;;CAGpD,aAAa,YAAwC;EACnD,MAAM,WAAW,KAAK,mBAAmB,WAAW;EACpD,MAAM,aAAa,KAAK,8BAA8B,IAAI,SAAS;AACnE,MAAI,WACF,MAAK,2BAA2B,OAAO,WAAW;AAEpD,OAAK,8BAA8B,OAAO,SAAS;;CAGrD,MAAc,cAAc,YAAkC,cAAyC;EACrG,MAAM,WAAW,MAAM,KAAK,gBAAgB,YAAY,WAAW;AACnE,MAAI,CAAC,SACH,OAAM,IAAI,wBAAwB,KAAK,gCAAgC,aAAa;EAEtF,MAAM,iBAAiB,KAAK,uBAAuB,kBAAkB,SAAS,OAAO;AACrF,MAAI,CAAC,eAEH,OAAM,IAAI,wBACR,KACA,GAHa,eAAe,GAAG,aAAa,MAAM,GAGxC,mBAAmB,SAAS,OAAO,0EAC9C;EAEH,MAAM,WAAW,MAAM,KAAK,iCAAiC,QAAQ,SAAS;EAC9E,MAAM,EAAE,sBAAsB,qBAAqB,KAAK,iCAAiC,MAAM;GAC7F,YAAY,eAAe;GAC3B,cAAc,SAAS;GACvB;GACD,CAAC;AACF,SAAO,MAAM,eAAe,cAAc;GACxC;GACA,UAAU;GACV,cAAc;GACf,CAAC;;CAGJ,AAAQ,mBAAmB,YAA0C;AACnE,SAAO,GAAG,WAAW,WAAW,GAAG,WAAW,OAAO,GAAG,WAAW;;;;CAjGtE,YAAY;oBAMR,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,iCAAiC;oBAExC,OAAO,iCAAiC;oBAExC,OAAO,2BAA2B;oBAElC,OAAO,WAAW,mBAAmB;oBAErC,OAAO,+BAA+B;;;;;;;;;;;;;;AClBpC,kCAAMC,wBAAsB;CACjC,YACE,AACiBC,2BACjB,AACiBC,kCACjB,AACiBC,kCACjB,AACiBC,wBACjB,AACiBC,iBACjB,AACiBC,0BACjB;EAXiB;EAEA;EAEA;EAEA;EAEA;EAEA;;CAGnB,MAAM,KAAK,YAA6D;EACtE,MAAM,WAAW,MAAM,KAAK,0BAA0B,gBAAgB,WAAW;EACjF,MAAM,iBAAiB,KAAK,sBAAsB,SAAS,OAAO;EAClE,MAAM,WAAW,MAAM,KAAK,iCAAiC,QAAQ,SAAS;EAC9E,MAAM,EAAE,sBAAsB,qBAAqB,KAAK,iCAAiC,MAAM;GAC7F,YAAY,eAAe;GAC3B,cAAc,SAAS;GACvB;GACD,CAAC;EACF,MAAM,SAAS,MAAM,eAAe,KAAK;GACvC;GACA,UAAU;GACV,cAAc;GACf,CAAC;EACF,MAAM,WAAW,OAAO,6BAAY,IAAI,MAAM,EAAC,aAAa;AAC5D,QAAM,KAAK,gBAAgB,eAAe;GACxC,QAAQ,YAAY;GACpB;GACA,QAAQ;IACN,GAAG;IACH;IACD;GACD;GACA,WAAW,OAAO;GACnB,CAAC;AACF,OAAK,yBAAyB,cAAc,WAAW;AACvD,SAAO;GACL,GAAG;GACH;GACD;;CAGH,AAAQ,sBAAsB,QAA6C;EACzE,MAAM,iBAAiB,KAAK,uBAAuB,kBAAkB,OAAO;AAC5E,MAAI,CAAC,eACH,OAAM,IAAI,wBAAwB,KAAK,4BAA4B,SAAS;AAE9E,SAAO;;;;CAtDV,YAAY;oBAGR,OAAO,0BAA0B;oBAEjC,OAAO,iCAAiC;oBAExC,OAAO,iCAAiC;oBAExC,OAAO,2BAA2B;oBAElC,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,WAAW,yBAAyB"}
1
+ {"version":3,"file":"CredentialServices-CgxwguAv.js","names":["fetchImpl: typeof globalThis.fetch","healthTester: OpenAiApiKeyCredentialHealthTester","CredentialTypeRegistryImpl","WorkflowCredentialNodeResolver","entry","labels: string[]","CredentialFieldEnvOverlayService","appConfig: AppConfig","pub: Record<string, unknown>","mat: Record<string, unknown>","CredentialSecretCipher","appConfig: AppConfig","CredentialMaterialResolver","credentialStore: CredentialStore","credentialSecretCipher: CredentialSecretCipher","appConfig: AppConfig","resolved: Record<string, unknown>","missingEnvironmentVariables: string[]","CredentialOAuth2ScopeResolver","CredentialInstanceService","credentialStore: CredentialStore","credentialTypeRegistry: CredentialTypeRegistryImpl","credentialSecretCipher: CredentialSecretCipher","credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService","credentialMaterialResolver: CredentialMaterialResolver","credentialOAuth2ScopeResolver: CredentialOAuth2ScopeResolver","credentialSessionService: MutableCredentialSessionService","instance: CredentialInstanceRecord","updatedInstance: CredentialInstanceRecord","out: Record<string, unknown>","CredentialBindingService","credentialStore: CredentialStore","credentialInstanceService: CredentialInstanceService","workflowRepository: WorkflowRepository","credentialSessionService: MutableCredentialSessionService","workflowCredentialNodeResolver: WorkflowCredentialNodeResolver","binding: CredentialBinding","slots: WorkflowCredentialHealthSlotDto[]","CredentialRuntimeMaterialService","credentialStore: CredentialStore","credentialMaterialResolver: CredentialMaterialResolver","credentialSecretCipher: CredentialSecretCipher","credentialTypeRegistry: CredentialTypeRegistryImpl","CredentialSessionServiceImpl","credentialStore: CredentialStore","credentialRuntimeMaterialService: CredentialRuntimeMaterialService","credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService","credentialTypeRegistry: CredentialTypeRegistryImpl","workflowRepository: WorkflowRepository","workflowCredentialNodeResolver: WorkflowCredentialNodeResolver","bindingKey: CredentialBindingKey","CredentialTestService","credentialInstanceService: CredentialInstanceService","credentialRuntimeMaterialService: CredentialRuntimeMaterialService","credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService","credentialTypeRegistry: CredentialTypeRegistryImpl","credentialStore: CredentialStore","credentialSessionService: MutableCredentialSessionService"],"sources":["../src/infrastructure/credentials/OpenAiApiKeyCredentialHealthTester.ts","../src/infrastructure/credentials/OpenAiApiKeyCredentialTypeFactory.ts","../src/domain/credentials/CredentialTypeRegistryImpl.ts","../src/application/ApplicationRequestError.ts","../src/applicationTokens.ts","../src/domain/credentials/WorkflowCredentialNodeResolver.ts","../src/domain/credentials/CredentialFieldEnvOverlayService.ts","../src/domain/credentials/CredentialSecretCipher.ts","../src/domain/credentials/CredentialMaterialResolver.ts","../src/domain/credentials/CredentialOAuth2ScopeResolver.ts","../src/domain/credentials/CredentialInstanceService.ts","../src/domain/credentials/CredentialBindingService.ts","../src/domain/credentials/CredentialRuntimeMaterialService.ts","../src/domain/credentials/CredentialSessionServiceImpl.ts","../src/domain/credentials/CredentialTestService.ts"],"sourcesContent":["import type { CredentialHealth, CredentialSessionFactoryArgs } from \"@codemation/core\";\n\nimport type { OpenAiApiKeyMaterial, OpenAiApiKeyPublicConfig } from \"./OpenAiApiKeyCredentialShapes.types\";\n\n/**\n * Verifies an OpenAI-compatible API key by calling the provider's models list endpoint\n * (GET `/v1/models` relative to the configured base URL).\n */\nexport class OpenAiApiKeyCredentialHealthTester {\n constructor(private readonly fetchImpl: typeof globalThis.fetch) {}\n\n async test(\n args: CredentialSessionFactoryArgs<OpenAiApiKeyPublicConfig, OpenAiApiKeyMaterial>,\n ): Promise<CredentialHealth> {\n const testedAt = new Date().toISOString();\n const apiKey = String(args.material.apiKey ?? \"\").trim();\n if (apiKey.length === 0) {\n return {\n status: \"failing\",\n message: \"OpenAI API key is empty.\",\n testedAt,\n };\n }\n\n const modelsUrl = this.resolveModelsListUrl(args.publicConfig.baseUrl);\n\n try {\n const response = await this.fetchImpl(modelsUrl, {\n method: \"GET\",\n headers: {\n Authorization: `Bearer ${apiKey}`,\n },\n signal: AbortSignal.timeout(25_000),\n });\n\n if (response.ok) {\n return {\n status: \"healthy\",\n message: \"API key verified against the models endpoint.\",\n testedAt,\n };\n }\n\n const message = await this.parseErrorMessage(response);\n return {\n status: \"failing\",\n message,\n testedAt,\n };\n } catch (error) {\n return {\n status: \"failing\",\n message: error instanceof Error ? error.message : String(error),\n testedAt,\n };\n }\n }\n\n private resolveModelsListUrl(baseUrlRaw: unknown): string {\n const defaultBase = \"https://api.openai.com/v1\";\n const raw = typeof baseUrlRaw === \"string\" ? baseUrlRaw.trim() : \"\";\n const base = raw === \"\" ? defaultBase : raw.replace(/\\/+$/, \"\");\n if (base.endsWith(\"/models\")) {\n return base;\n }\n if (base.endsWith(\"/v1\")) {\n return `${base}/models`;\n }\n return `${base}/v1/models`;\n }\n\n private async parseErrorMessage(response: Response): Promise<string> {\n const prefix = `HTTP ${response.status}`;\n try {\n const text = await response.text();\n if (text.trim() === \"\") {\n return prefix;\n }\n const parsed = JSON.parse(text) as { error?: { message?: string } };\n const fromApi = parsed.error?.message;\n if (typeof fromApi === \"string\" && fromApi.trim() !== \"\") {\n return `${prefix}: ${fromApi.trim()}`;\n }\n return `${prefix}: ${text.length > 280 ? `${text.slice(0, 280)}…` : text}`;\n } catch {\n return prefix;\n }\n }\n}\n","import type { CredentialType } from \"../../domain/credentials/CredentialServices\";\n\nimport type { OpenAiApiKeyCredentialHealthTester } from \"./OpenAiApiKeyCredentialHealthTester\";\nimport type {\n OpenAiApiKeyMaterial,\n OpenAiApiKeyPublicConfig,\n OpenAiApiKeySession,\n} from \"./OpenAiApiKeyCredentialShapes.types\";\n\n/**\n * Builds the OpenAI-compatible API key credential (`openai.apiKey`) registration.\n * Used by {@link FrameworkBuiltinCredentialTypesRegistrar} and may be listed in {@link CodemationConfig.credentialTypes}\n * so consumer apps always register the type even when bootstrap order differs.\n */\nexport class OpenAiApiKeyCredentialTypeFactory {\n constructor(private readonly healthTester: OpenAiApiKeyCredentialHealthTester) {}\n\n createCredentialType(): CredentialType<OpenAiApiKeyPublicConfig, OpenAiApiKeyMaterial, OpenAiApiKeySession> {\n return {\n definition: {\n typeId: \"openai.apiKey\",\n displayName: \"OpenAI API key\",\n description: \"API key and optional base URL for OpenAI or OpenAI-compatible chat endpoints.\",\n publicFields: [\n {\n key: \"baseUrl\",\n label: \"Base URL\",\n type: \"string\",\n placeholder: \"https://api.openai.com/v1\",\n helpText: \"Leave empty to use the default OpenAI API endpoint.\",\n },\n ],\n secretFields: [{ key: \"apiKey\", label: \"API key\", type: \"password\", required: true }],\n supportedSourceKinds: [\"db\", \"env\", \"code\"],\n },\n createSession: async (args) => {\n const baseUrlRaw = args.publicConfig.baseUrl;\n const baseUrl = typeof baseUrlRaw === \"string\" && baseUrlRaw.trim() !== \"\" ? baseUrlRaw.trim() : undefined;\n return {\n apiKey: String(args.material.apiKey ?? \"\"),\n baseUrl,\n };\n },\n test: async (args) => this.healthTester.test(args),\n };\n }\n}\n","import type { CredentialTypeDefinition, CredentialTypeId, CredentialTypeRegistry } from \"@codemation/core\";\n\nimport { injectable } from \"@codemation/core\";\n\nimport type { AnyCredentialType, CredentialType } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialTypeRegistryImpl implements CredentialTypeRegistry {\n private readonly credentialTypesById = new Map<CredentialTypeId, AnyCredentialType>();\n\n register(type: CredentialType<any, any, unknown>): void {\n if (this.credentialTypesById.has(type.definition.typeId)) {\n throw new Error(`Credential type already registered: ${type.definition.typeId}`);\n }\n this.credentialTypesById.set(type.definition.typeId, type);\n }\n\n listTypes(): ReadonlyArray<CredentialTypeDefinition> {\n return [...this.credentialTypesById.values()].map((entry) => entry.definition);\n }\n\n getType(typeId: CredentialTypeId): CredentialTypeDefinition | undefined {\n return this.credentialTypesById.get(typeId)?.definition;\n }\n\n getCredentialType(typeId: CredentialTypeId): AnyCredentialType | undefined {\n return this.credentialTypesById.get(typeId);\n }\n}\n","export class ApplicationRequestError extends Error {\n readonly status: number;\n\n readonly payload: Readonly<{ error: string; errors?: ReadonlyArray<string> }>;\n\n constructor(status: number, message: string, errors?: ReadonlyArray<string>) {\n super(message);\n this.name = \"ApplicationRequestError\";\n this.status = status;\n this.payload = errors && errors.length > 0 ? { error: message, errors } : { error: message };\n }\n}\n","import type { Clock, TypeToken } from \"@codemation/core\";\nimport type { SessionVerifier } from \"./application/auth/SessionVerifier\";\nimport type { Command } from \"./application/bus/Command\";\nimport type { CommandBus } from \"./application/bus/CommandBus\";\nimport type { CommandHandler } from \"./application/bus/CommandHandler\";\nimport type { DomainEvent } from \"./application/bus/DomainEvent\";\nimport type { DomainEventBus } from \"./application/bus/DomainEventBus\";\nimport type { DomainEventHandler } from \"./application/bus/DomainEventHandler\";\nimport type { Query } from \"./application/bus/Query\";\nimport type { QueryBus } from \"./application/bus/QueryBus\";\nimport type { QueryHandler } from \"./application/bus/QueryHandler\";\nimport type { Logger, LoggerFactory } from \"./application/logging/Logger\";\nimport type { WorkflowWebsocketPublisher } from \"./application/websocket/WorkflowWebsocketPublisher\";\nimport type { CredentialStore } from \"./domain/credentials/CredentialServices\";\nimport type {\n RunTraceContextRepository,\n TelemetryArtifactStore,\n TelemetryExporter,\n TelemetryMetricPointStore,\n TelemetrySpanStore,\n} from \"./domain/telemetry/TelemetryContracts\";\nimport type { WorkflowRunRepository } from \"./domain/runs/WorkflowRunRepository\";\nimport type { WorkflowDebuggerOverlayRepository } from \"./domain/workflows/WorkflowDebuggerOverlayRepository\";\nimport type { WorkflowDefinitionRepository } from \"./domain/workflows/WorkflowDefinitionRepository\";\nimport type { WorkflowActivationRepository } from \"./domain/workflows/WorkflowActivationRepository\";\nimport type { PrismaDatabaseClient } from \"./infrastructure/persistence/PrismaDatabaseClient\";\nimport type { WorkerRuntimeScheduler } from \"./infrastructure/scheduler/WorkerRuntimeScheduler\";\nimport type { AppConfig } from \"./presentation/config/AppConfig\";\nimport type { CodemationAuthConfig } from \"./presentation/config/CodemationAuthConfig\";\nimport type { CodemationWhitelabelConfig } from \"./presentation/config/CodemationWhitelabelConfig\";\nimport type { HonoApiRouteRegistrar } from \"./presentation/http/hono/HonoApiRouteRegistrar\";\n\nexport const ApplicationTokens = {\n CodemationAuthConfig: Symbol.for(\"codemation.application.CodemationAuthConfig\") as TypeToken<\n CodemationAuthConfig | undefined\n >,\n CodemationWhitelabelConfig: Symbol.for(\n \"codemation.application.CodemationWhitelabelConfig\",\n ) as TypeToken<CodemationWhitelabelConfig>,\n AppConfig: Symbol.for(\"codemation.application.AppConfig\") as TypeToken<AppConfig>,\n WebSocketPort: Symbol.for(\"codemation.application.WebSocketPort\") as TypeToken<number>,\n WebSocketBindHost: Symbol.for(\"codemation.application.WebSocketBindHost\") as TypeToken<string>,\n QueryBus: Symbol.for(\"codemation.application.QueryBus\") as TypeToken<QueryBus>,\n CommandBus: Symbol.for(\"codemation.application.CommandBus\") as TypeToken<CommandBus>,\n DomainEventBus: Symbol.for(\"codemation.application.DomainEventBus\") as TypeToken<DomainEventBus>,\n QueryHandler: Symbol.for(\"codemation.application.QueryHandler\") as TypeToken<QueryHandler<Query<unknown>, unknown>>,\n CommandHandler: Symbol.for(\"codemation.application.CommandHandler\") as TypeToken<\n CommandHandler<Command<unknown>, unknown>\n >,\n DomainEventHandler: Symbol.for(\"codemation.application.DomainEventHandler\") as TypeToken<\n DomainEventHandler<DomainEvent>\n >,\n HonoApiRouteRegistrar: Symbol.for(\"codemation.application.HonoApiRouteRegistrar\") as TypeToken<HonoApiRouteRegistrar>,\n WorkflowWebsocketPublisher: Symbol.for(\n \"codemation.application.WorkflowWebsocketPublisher\",\n ) as TypeToken<WorkflowWebsocketPublisher>,\n WorkerRuntimeScheduler: Symbol.for(\n \"codemation.application.WorkerRuntimeScheduler\",\n ) as TypeToken<WorkerRuntimeScheduler>,\n WorkflowDefinitionRepository: Symbol.for(\n \"codemation.application.WorkflowDefinitionRepository\",\n ) as TypeToken<WorkflowDefinitionRepository>,\n WorkflowActivationRepository: Symbol.for(\n \"codemation.application.WorkflowActivationRepository\",\n ) as TypeToken<WorkflowActivationRepository>,\n WorkflowDebuggerOverlayRepository: Symbol.for(\n \"codemation.application.WorkflowDebuggerOverlayRepository\",\n ) as TypeToken<WorkflowDebuggerOverlayRepository>,\n WorkflowRunRepository: Symbol.for(\"codemation.application.WorkflowRunRepository\") as TypeToken<WorkflowRunRepository>,\n LoggerFactory: Symbol.for(\"codemation.application.LoggerFactory\") as TypeToken<LoggerFactory>,\n /**\n * Opt-in timing/diagnostics logger (`CODEMATION_PERFORMANCE_LOGGING` + normal minimum log level).\n */\n PerformanceDiagnosticsLogger: Symbol.for(\"codemation.application.PerformanceDiagnosticsLogger\") as TypeToken<Logger>,\n CredentialStore: Symbol.for(\"codemation.application.CredentialStore\") as TypeToken<CredentialStore>,\n RunTraceContextRepository: Symbol.for(\n \"codemation.application.RunTraceContextRepository\",\n ) as TypeToken<RunTraceContextRepository>,\n TelemetrySpanStore: Symbol.for(\"codemation.application.TelemetrySpanStore\") as TypeToken<TelemetrySpanStore>,\n TelemetryArtifactStore: Symbol.for(\n \"codemation.application.TelemetryArtifactStore\",\n ) as TypeToken<TelemetryArtifactStore>,\n TelemetryMetricPointStore: Symbol.for(\n \"codemation.application.TelemetryMetricPointStore\",\n ) as TypeToken<TelemetryMetricPointStore>,\n TelemetryExporter: Symbol.for(\"codemation.application.TelemetryExporter\") as TypeToken<TelemetryExporter>,\n PrismaClient: Symbol.for(\"codemation.application.PrismaClient\") as TypeToken<PrismaDatabaseClient>,\n SessionVerifier: Symbol.for(\"codemation.application.SessionVerifier\") as TypeToken<SessionVerifier>,\n Clock: Symbol.for(\"codemation.application.Clock\") as TypeToken<Clock>,\n} as const;\n","import type { CredentialRequirement, WorkflowDefinition } from \"@codemation/core\";\nimport {\n AgentConfigInspector,\n AgentConnectionNodeCollector,\n type AgentConnectionNodeDescriptor,\n ConnectionNodeIdFactory,\n} from \"@codemation/core\";\n\nimport { injectable } from \"@codemation/core\";\n\nexport type WorkflowCredentialSlotRef = Readonly<{\n workflowId: string;\n nodeId: string;\n nodeName: string;\n requirement: CredentialRequirement;\n}>;\n\n/**\n * Resolves credential requirements for workflow node ids, including connection-owned LLM/tool children.\n */\n@injectable()\nexport class WorkflowCredentialNodeResolver {\n /**\n * Human-readable label for credential errors (workflow node name or agent › attachment).\n */\n describeCredentialNodeDisplay(workflow: WorkflowDefinition, nodeId: string): string {\n const direct = workflow.nodes.find((n) => n.id === nodeId);\n if (direct) {\n return direct.name ?? direct.config.name ?? direct.id;\n }\n const recursive = this.findRecursiveConnectionNode(workflow, nodeId);\n if (!recursive) {\n return nodeId;\n }\n return this.buildRecursiveDisplayLabel(recursive.rootAgentLabel, recursive.entry, recursive.entriesById);\n }\n\n isCredentialNodeIdInWorkflow(workflow: WorkflowDefinition, nodeId: string): boolean {\n if (workflow.nodes.some((n) => n.id === nodeId)) {\n return true;\n }\n return this.findRecursiveConnectionNode(workflow, nodeId) !== undefined;\n }\n\n findRequirement(\n workflow: WorkflowDefinition,\n nodeId: string,\n slotKey: string,\n ): Readonly<{ nodeName: string; requirement: CredentialRequirement }> | undefined {\n const direct = this.findDirectRequirement(workflow, nodeId, slotKey);\n if (direct) {\n return direct;\n }\n const recursive = this.findRecursiveConnectionNode(workflow, nodeId);\n if (!recursive) {\n return undefined;\n }\n const requirement = recursive.entry.credentialSource\n .getCredentialRequirements?.()\n ?.find((entry) => entry.slotKey === slotKey);\n return requirement ? { nodeName: recursive.entry.name, requirement } : undefined;\n }\n\n listSlots(workflow: WorkflowDefinition): ReadonlyArray<WorkflowCredentialSlotRef> {\n const slotsByKey = new Map<string, WorkflowCredentialSlotRef>();\n\n for (const node of workflow.nodes) {\n if (AgentConfigInspector.isAgentNodeConfig(node.config)) {\n this.addRecursiveAgentSlots(workflow.id, node.id, node.config, slotsByKey);\n continue;\n }\n this.addSlotsForRequirements(\n workflow.id,\n node.id,\n node.name ?? node.config.name ?? node.id,\n node.config.getCredentialRequirements?.() ?? [],\n slotsByKey,\n );\n }\n return [...slotsByKey.values()];\n }\n\n private findDirectRequirement(\n workflow: WorkflowDefinition,\n nodeId: string,\n slotKey: string,\n ): Readonly<{ nodeName: string; requirement: CredentialRequirement }> | undefined {\n const node = workflow.nodes.find((entry) => entry.id === nodeId);\n if (!node || AgentConfigInspector.isAgentNodeConfig(node.config)) {\n return undefined;\n }\n const requirement = node.config.getCredentialRequirements?.()?.find((entry) => entry.slotKey === slotKey);\n if (!requirement) {\n return undefined;\n }\n return { nodeName: node.name ?? node.config.name ?? node.id, requirement };\n }\n\n private addRecursiveAgentSlots(\n workflowId: string,\n rootAgentNodeId: string,\n agentConfig: Parameters<typeof AgentConnectionNodeCollector.collect>[1],\n slotsByKey: Map<string, WorkflowCredentialSlotRef>,\n ): void {\n for (const entry of AgentConnectionNodeCollector.collect(rootAgentNodeId, agentConfig)) {\n this.addSlotsForRequirements(\n workflowId,\n entry.nodeId,\n entry.name,\n entry.credentialSource.getCredentialRequirements?.() ?? [],\n slotsByKey,\n );\n }\n }\n\n private addSlotsForRequirements(\n workflowId: string,\n nodeId: string,\n nodeName: string,\n requirements: ReadonlyArray<CredentialRequirement>,\n slotsByKey: Map<string, WorkflowCredentialSlotRef>,\n ): void {\n for (const requirement of requirements) {\n const key = `${nodeId}\\0${requirement.slotKey}`;\n if (slotsByKey.has(key)) {\n continue;\n }\n slotsByKey.set(key, {\n workflowId,\n nodeId,\n nodeName,\n requirement,\n });\n }\n }\n\n private findRecursiveConnectionNode(\n workflow: WorkflowDefinition,\n nodeId: string,\n ):\n | Readonly<{\n rootAgentNodeId: string;\n rootAgentLabel: string;\n entry: AgentConnectionNodeDescriptor;\n entriesById: ReadonlyMap<string, AgentConnectionNodeDescriptor>;\n }>\n | undefined {\n if (\n !ConnectionNodeIdFactory.isLanguageModelConnectionNodeId(nodeId) &&\n !ConnectionNodeIdFactory.isToolConnectionNodeId(nodeId)\n ) {\n return undefined;\n }\n for (const node of workflow.nodes) {\n if (!AgentConfigInspector.isAgentNodeConfig(node.config)) {\n continue;\n }\n const entries = AgentConnectionNodeCollector.collect(node.id, node.config);\n const entriesById = new Map(entries.map((entry) => [entry.nodeId, entry]));\n const entry = entriesById.get(nodeId);\n if (!entry) {\n continue;\n }\n return {\n rootAgentNodeId: node.id,\n rootAgentLabel: node.name ?? node.config.name ?? node.id,\n entry,\n entriesById,\n };\n }\n return undefined;\n }\n\n private buildRecursiveDisplayLabel(\n rootAgentLabel: string,\n entry: AgentConnectionNodeDescriptor,\n entriesById: ReadonlyMap<string, AgentConnectionNodeDescriptor>,\n ): string {\n const labels = [rootAgentLabel, ...this.collectAncestorToolLabels(entry.parentNodeId, entriesById)];\n labels.push(entry.role === \"languageModel\" ? \"Language model\" : entry.name);\n return labels.join(\" › \");\n }\n\n private collectAncestorToolLabels(\n parentNodeId: string,\n entriesById: ReadonlyMap<string, AgentConnectionNodeDescriptor>,\n ): ReadonlyArray<string> {\n const labels: string[] = [];\n let currentNodeId = parentNodeId;\n while (true) {\n const parentEntry = entriesById.get(currentNodeId);\n if (!parentEntry) {\n return labels.reverse();\n }\n if (parentEntry.role === \"tool\" || parentEntry.role === \"nestedAgent\") {\n labels.push(parentEntry.name);\n }\n currentNodeId = parentEntry.parentNodeId;\n }\n }\n}\n","import type { CredentialFieldSchema, CredentialTypeDefinition } from \"@codemation/core\";\nimport { inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\nimport type { AppConfig } from \"../../presentation/config/AppConfig\";\n\nimport type { JsonRecord } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialFieldEnvOverlayService {\n constructor(\n @inject(ApplicationTokens.AppConfig)\n private readonly appConfig: AppConfig,\n ) {}\n\n /** True when the field declares an env var and process.env has a non-empty string for it. */\n isFieldResolvedFromEnv(field: CredentialFieldSchema): boolean {\n const name = field.envVarName?.trim();\n if (!name) {\n return false;\n }\n const v = this.appConfig.env[name];\n return typeof v === \"string\" && v.length > 0;\n }\n\n apply(\n args: Readonly<{\n definition: CredentialTypeDefinition;\n publicConfig: JsonRecord;\n material: JsonRecord;\n }>,\n ): Readonly<{ resolvedPublicConfig: JsonRecord; resolvedMaterial: JsonRecord }> {\n const pub: Record<string, unknown> = { ...args.publicConfig };\n const mat: Record<string, unknown> = { ...args.material };\n for (const field of args.definition.publicFields ?? []) {\n const name = field.envVarName?.trim();\n if (!name) {\n continue;\n }\n const v = this.appConfig.env[name];\n if (typeof v === \"string\" && v.length > 0) {\n pub[field.key] = v;\n }\n }\n for (const field of args.definition.secretFields ?? []) {\n const name = field.envVarName?.trim();\n if (!name) {\n continue;\n }\n const v = this.appConfig.env[name];\n if (typeof v === \"string\" && v.length > 0) {\n mat[field.key] = v;\n }\n }\n return Object.freeze({\n resolvedPublicConfig: Object.freeze(pub),\n resolvedMaterial: Object.freeze(mat),\n });\n }\n}\n","import { createCipheriv, createDecipheriv, createHash, randomBytes } from \"node:crypto\";\n\nimport { inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\nimport type { AppConfig } from \"../../presentation/config/AppConfig\";\n\nimport type { JsonRecord } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialSecretCipher {\n private static readonly algorithm = \"aes-256-gcm\";\n private static readonly schemaVersion = 1;\n private static readonly ivLength = 12;\n\n constructor(\n @inject(ApplicationTokens.AppConfig)\n private readonly appConfig: AppConfig,\n ) {}\n\n encrypt(value: JsonRecord): Readonly<{\n encryptedJson: string;\n encryptionKeyId: string;\n schemaVersion: number;\n }> {\n const iv = randomBytes(CredentialSecretCipher.ivLength);\n const cipher = createCipheriv(CredentialSecretCipher.algorithm, this.resolveKeyMaterial(), iv);\n const plaintext = Buffer.from(JSON.stringify(value), \"utf8\");\n // eslint-disable-next-line codemation/no-buffer-everything -- AES-GCM credential cipher operates on bounded KB-sized JSON payloads; streaming crypto is not applicable here.\n const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);\n const authTag = cipher.getAuthTag();\n return {\n // eslint-disable-next-line codemation/no-buffer-everything -- AES-GCM credential cipher operates on bounded KB-sized JSON payloads; streaming crypto is not applicable here.\n encryptedJson: Buffer.concat([iv, authTag, encrypted]).toString(\"base64\"),\n encryptionKeyId: this.resolveKeyId(),\n schemaVersion: CredentialSecretCipher.schemaVersion,\n };\n }\n\n decrypt(\n record: Readonly<{\n encryptedJson: string;\n encryptionKeyId: string;\n schemaVersion: number;\n }>,\n ): JsonRecord {\n // eslint-disable-next-line codemation/no-buffer-everything -- AES-GCM credential cipher operates on bounded KB-sized JSON payloads; streaming crypto is not applicable here.\n const packed = Buffer.from(record.encryptedJson, \"base64\");\n const iv = packed.subarray(0, CredentialSecretCipher.ivLength);\n const authTag = packed.subarray(CredentialSecretCipher.ivLength, CredentialSecretCipher.ivLength + 16);\n const encrypted = packed.subarray(CredentialSecretCipher.ivLength + 16);\n const decipher = createDecipheriv(CredentialSecretCipher.algorithm, this.resolveKeyMaterial(), iv);\n decipher.setAuthTag(authTag);\n // eslint-disable-next-line codemation/no-buffer-everything -- AES-GCM credential cipher operates on bounded KB-sized JSON payloads; streaming crypto is not applicable here.\n const plaintext = Buffer.concat([decipher.update(encrypted), decipher.final()]).toString(\"utf8\");\n return JSON.parse(plaintext) as JsonRecord;\n }\n\n private resolveKeyMaterial(): Buffer {\n const rawValue = this.appConfig.env.CODEMATION_CREDENTIALS_MASTER_KEY;\n if (!rawValue || rawValue.trim().length === 0) {\n throw new Error(\"CODEMATION_CREDENTIALS_MASTER_KEY is required to encrypt database-managed credentials.\");\n }\n return createHash(\"sha256\").update(rawValue).digest();\n }\n\n private resolveKeyId(): string {\n const rawValue = this.appConfig.env.CODEMATION_CREDENTIALS_MASTER_KEY;\n return createHash(\"sha256\")\n .update(rawValue ?? \"\")\n .digest(\"hex\")\n .slice(0, 12);\n }\n}\n","import { inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\nimport type { AppConfig } from \"../../presentation/config/AppConfig\";\n\nimport { CredentialSecretCipher } from \"./CredentialSecretCipher\";\nimport type { CredentialInstanceRecord, CredentialStore, JsonRecord } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialMaterialResolver {\n constructor(\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CredentialSecretCipher)\n private readonly credentialSecretCipher: CredentialSecretCipher,\n @inject(ApplicationTokens.AppConfig)\n private readonly appConfig: AppConfig,\n ) {}\n\n async resolveMaterial(instance: CredentialInstanceRecord): Promise<JsonRecord> {\n if (instance.secretRef.kind === \"db\") {\n const secretMaterial = await this.credentialStore.getSecretMaterial(instance.instanceId);\n if (!secretMaterial) {\n throw new Error(`Credential ${instance.instanceId} is missing encrypted secret material.`);\n }\n return this.credentialSecretCipher.decrypt(secretMaterial);\n }\n if (instance.secretRef.kind === \"env\") {\n return this.resolveEnvMaterial(instance);\n }\n return instance.secretRef.value;\n }\n\n private resolveEnvMaterial(instance: CredentialInstanceRecord): JsonRecord {\n if (instance.secretRef.kind !== \"env\") {\n throw new Error(`Credential ${instance.instanceId} is not environment-backed.`);\n }\n const resolved: Record<string, unknown> = {};\n const missingEnvironmentVariables: string[] = [];\n for (const [fieldKey, envVarName] of Object.entries(instance.secretRef.envByField)) {\n const value = this.appConfig.env[envVarName];\n if (value === undefined || value.length === 0) {\n missingEnvironmentVariables.push(envVarName);\n continue;\n }\n resolved[fieldKey] = value;\n }\n if (missingEnvironmentVariables.length > 0) {\n throw new Error(\n `Credential ${instance.instanceId} requires environment variables that are not set: ${missingEnvironmentVariables.join(\", \")}.`,\n );\n }\n return resolved;\n }\n}\n","import type { CredentialOAuth2AuthDefinition } from \"@codemation/core\";\nimport { injectable } from \"@codemation/core\";\nimport type { JsonRecord } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialOAuth2ScopeResolver {\n resolveRequestedScopes(auth: CredentialOAuth2AuthDefinition, publicConfig: JsonRecord): ReadonlyArray<string> {\n const scopesFromPublicConfig = auth.scopesFromPublicConfig;\n if (!scopesFromPublicConfig) {\n return [...auth.scopes];\n }\n const preset = this.resolveString(publicConfig[scopesFromPublicConfig.presetFieldKey]);\n if (!preset) {\n return [...auth.scopes];\n }\n const presetScopes = scopesFromPublicConfig.presetScopes[preset];\n if (presetScopes) {\n return [...presetScopes];\n }\n const customPresetKey = scopesFromPublicConfig.customPresetKey ?? \"custom\";\n if (preset !== customPresetKey) {\n return [...auth.scopes];\n }\n const customScopes = this.resolveScopeList(\n publicConfig[scopesFromPublicConfig.customScopesFieldKey ?? \"customScopes\"],\n );\n if (customScopes.length > 0) {\n return customScopes;\n }\n return [...auth.scopes];\n }\n\n private resolveString(value: unknown): string | undefined {\n if (typeof value !== \"string\") {\n return undefined;\n }\n const normalized = value.trim();\n return normalized.length > 0 ? normalized : undefined;\n }\n\n private resolveScopeList(value: unknown): ReadonlyArray<string> {\n if (Array.isArray(value)) {\n return this.dedupe(\n value.map((entry) => (typeof entry === \"string\" ? entry.trim() : \"\")).filter((entry) => entry.length > 0),\n );\n }\n if (typeof value !== \"string\") {\n return [];\n }\n return this.dedupe(\n value\n .split(/[\\s,]+/)\n .map((entry) => entry.trim())\n .filter((entry) => entry.length > 0),\n );\n }\n\n private dedupe(entries: ReadonlyArray<string>): ReadonlyArray<string> {\n return [...new Set(entries)];\n }\n}\n","import { randomUUID } from \"node:crypto\";\n\nimport type {\n CredentialFieldSchema,\n CredentialInstanceId,\n CredentialMaterialSourceKind,\n CredentialTypeId,\n} from \"@codemation/core\";\n\nimport { CoreTokens, inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationRequestError } from \"../../application/ApplicationRequestError\";\n\nimport type {\n CreateCredentialInstanceRequest,\n CredentialInstanceDto,\n CredentialInstanceWithSecretsDto,\n CredentialOAuth2ConnectionDto,\n UpdateCredentialInstanceRequest,\n} from \"../../application/contracts/CredentialContractsRegistry\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\n\nimport { CredentialFieldEnvOverlayService } from \"./CredentialFieldEnvOverlayService\";\nimport { CredentialMaterialResolver } from \"./CredentialMaterialResolver\";\nimport { CredentialOAuth2ScopeResolver } from \"./CredentialOAuth2ScopeResolver\";\nimport { CredentialSecretCipher } from \"./CredentialSecretCipher\";\nimport type {\n CredentialInstanceRecord,\n CredentialSecretMaterialRecord,\n CredentialSecretRef,\n CredentialStore,\n CredentialTestRecord,\n AnyCredentialType,\n JsonRecord,\n MutableCredentialSessionService,\n} from \"./CredentialServices\";\nimport { CredentialTypeRegistryImpl } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialInstanceService {\n constructor(\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CredentialTypeRegistryImpl)\n private readonly credentialTypeRegistry: CredentialTypeRegistryImpl,\n @inject(CredentialSecretCipher)\n private readonly credentialSecretCipher: CredentialSecretCipher,\n @inject(CredentialFieldEnvOverlayService)\n private readonly credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService,\n @inject(CredentialMaterialResolver)\n private readonly credentialMaterialResolver: CredentialMaterialResolver,\n @inject(CredentialOAuth2ScopeResolver)\n private readonly credentialOAuth2ScopeResolver: CredentialOAuth2ScopeResolver,\n @inject(CoreTokens.CredentialSessionService)\n private readonly credentialSessionService: MutableCredentialSessionService,\n ) {}\n\n async listInstances(): Promise<ReadonlyArray<CredentialInstanceDto>> {\n const instances = await this.credentialStore.listInstances();\n const latestTestResults = await this.credentialStore.getLatestTestResults(\n instances.map((instance) => instance.instanceId),\n );\n return await Promise.all(\n instances.map(async (instance) => await this.toDto(instance, latestTestResults.get(instance.instanceId))),\n );\n }\n\n async getInstance(instanceId: CredentialInstanceId): Promise<CredentialInstanceDto | undefined> {\n const instance = await this.credentialStore.getInstance(instanceId);\n if (!instance) {\n return undefined;\n }\n const latestTestResult = await this.credentialStore.getLatestTestResult(instanceId);\n return await this.toDto(instance, latestTestResult);\n }\n\n async getInstanceWithSecrets(\n instanceId: CredentialInstanceId,\n ): Promise<CredentialInstanceWithSecretsDto | undefined> {\n const instance = await this.credentialStore.getInstance(instanceId);\n if (!instance) {\n return undefined;\n }\n const latestTestResult = await this.credentialStore.getLatestTestResult(instanceId);\n const base = await this.toDto(instance, latestTestResult);\n try {\n const material = await this.credentialMaterialResolver.resolveMaterial(instance);\n const secretConfig = Object.fromEntries(Object.entries(material).map(([k, v]) => [k, String(v ?? \"\")])) as Record<\n string,\n string\n >;\n const envSecretRefs =\n instance.secretRef.kind === \"env\" ? (instance.secretRef.envByField as Record<string, string>) : undefined;\n return { ...base, secretConfig, envSecretRefs };\n } catch {\n return base;\n }\n }\n\n async create(request: CreateCredentialInstanceRequest): Promise<CredentialInstanceDto> {\n const credentialType = this.requireCredentialType(request.typeId);\n const publicFields = credentialType.definition.publicFields ?? [];\n const secretFields = credentialType.definition.secretFields ?? [];\n this.validateRequestFields({\n displayName: request.displayName,\n publicFields,\n publicConfig: request.publicConfig ?? {},\n secretFields,\n sourceKind: request.sourceKind,\n secretConfig: request.secretConfig ?? {},\n envSecretRefs: request.envSecretRefs ?? {},\n });\n const timestamp = new Date().toISOString();\n const strippedPublic = this.stripEnvManagedFieldValues(publicFields, request.publicConfig ?? {});\n const strippedSecretForRef = this.stripEnvManagedFieldValues(secretFields, request.secretConfig ?? {});\n const instance: CredentialInstanceRecord = {\n instanceId: randomUUID(),\n typeId: request.typeId,\n displayName: request.displayName.trim(),\n sourceKind: request.sourceKind,\n publicConfig: Object.freeze({ ...strippedPublic }),\n secretRef: this.createSecretRef(request.sourceKind, strippedSecretForRef, request.envSecretRefs ?? {}),\n tags: Object.freeze([...(request.tags ?? [])]),\n setupStatus: credentialType.definition.auth?.kind === \"oauth2\" ? \"draft\" : \"ready\",\n createdAt: timestamp,\n updatedAt: timestamp,\n };\n await this.credentialStore.saveInstance({\n instance,\n secretMaterial: this.createSecretMaterial(instance, strippedSecretForRef, timestamp),\n });\n this.credentialSessionService.evictInstance(instance.instanceId);\n return this.toDto(instance, undefined);\n }\n\n async update(\n instanceId: CredentialInstanceId,\n request: UpdateCredentialInstanceRequest,\n ): Promise<CredentialInstanceDto> {\n const existing = await this.requireInstance(instanceId);\n const credentialType = this.requireCredentialType(existing.typeId);\n const mergedPublicRaw = { ...(request.publicConfig ?? existing.publicConfig) };\n const updatedAt = new Date().toISOString();\n const nextSecretConfig = request.secretConfig;\n const nextEnvSecretRefs = request.envSecretRefs;\n const secretFields = credentialType.definition.secretFields ?? [];\n this.validateRequestFields({\n displayName: request.displayName ?? existing.displayName,\n publicFields: credentialType.definition.publicFields ?? [],\n publicConfig: mergedPublicRaw,\n secretFields,\n sourceKind: existing.sourceKind,\n secretConfig: nextSecretConfig ?? {},\n envSecretRefs: nextEnvSecretRefs ?? {},\n allowSecretOmission: true,\n });\n const publicConfig = Object.freeze({\n ...this.stripEnvManagedFieldValues(credentialType.definition.publicFields ?? [], mergedPublicRaw),\n });\n const mergedSecretForRef =\n nextSecretConfig !== undefined ? this.stripEnvManagedFieldValues(secretFields, nextSecretConfig) : undefined;\n const instance: CredentialInstanceRecord = {\n ...existing,\n displayName: request.displayName?.trim() || existing.displayName,\n publicConfig,\n tags: Object.freeze([...(request.tags ?? existing.tags)]),\n setupStatus: request.setupStatus ?? existing.setupStatus,\n secretRef:\n nextSecretConfig || nextEnvSecretRefs\n ? this.createSecretRef(existing.sourceKind, mergedSecretForRef ?? {}, nextEnvSecretRefs ?? {})\n : existing.secretRef,\n updatedAt,\n };\n await this.credentialStore.saveInstance({\n instance,\n secretMaterial:\n nextSecretConfig !== undefined && mergedSecretForRef !== undefined\n ? this.createSecretMaterial(instance, mergedSecretForRef, updatedAt)\n : undefined,\n });\n this.credentialSessionService.evictInstance(instance.instanceId);\n return this.toDto(instance, await this.credentialStore.getLatestTestResult(instance.instanceId));\n }\n\n async delete(instanceId: CredentialInstanceId): Promise<void> {\n await this.credentialStore.deleteInstance(instanceId);\n this.credentialSessionService.evictInstance(instanceId);\n }\n\n async disconnectOAuth2(instanceId: CredentialInstanceId): Promise<CredentialInstanceDto> {\n const instance = await this.requireInstance(instanceId);\n const credentialType = this.requireCredentialType(instance.typeId);\n if (credentialType.definition.auth?.kind !== \"oauth2\") {\n throw new ApplicationRequestError(400, `Credential instance ${instanceId} does not use OAuth2.`);\n }\n const updatedInstance: CredentialInstanceRecord = {\n ...instance,\n setupStatus: \"draft\",\n updatedAt: new Date().toISOString(),\n };\n await this.credentialStore.saveInstance({\n instance: updatedInstance,\n });\n await this.credentialStore.deleteOAuth2Material(instanceId);\n this.credentialSessionService.evictInstance(instanceId);\n return await this.toDto(updatedInstance, await this.credentialStore.getLatestTestResult(instanceId));\n }\n\n async requireInstance(instanceId: CredentialInstanceId): Promise<CredentialInstanceRecord> {\n const instance = await this.credentialStore.getInstance(instanceId);\n if (!instance) {\n throw new ApplicationRequestError(404, `Unknown credential instance: ${instanceId}`);\n }\n return instance;\n }\n\n private createSecretRef(\n sourceKind: CredentialMaterialSourceKind,\n secretConfig: JsonRecord,\n envSecretRefs: Readonly<Record<string, string>>,\n ): CredentialSecretRef {\n if (sourceKind === \"db\") {\n return { kind: \"db\" };\n }\n if (sourceKind === \"env\") {\n return {\n kind: \"env\",\n envByField: Object.freeze({ ...envSecretRefs }),\n };\n }\n return {\n kind: \"code\",\n value: Object.freeze({ ...secretConfig }),\n };\n }\n\n private createSecretMaterial(\n instance: CredentialInstanceRecord,\n secretConfig: JsonRecord,\n updatedAt: string,\n ): CredentialSecretMaterialRecord | undefined {\n if (instance.sourceKind !== \"db\") {\n return undefined;\n }\n const encrypted = this.credentialSecretCipher.encrypt(secretConfig);\n return {\n instanceId: instance.instanceId,\n encryptedJson: encrypted.encryptedJson,\n encryptionKeyId: encrypted.encryptionKeyId,\n schemaVersion: encrypted.schemaVersion,\n updatedAt,\n };\n }\n\n private validateRequestFields(\n args: Readonly<{\n displayName: string;\n publicFields: ReadonlyArray<CredentialFieldSchema>;\n publicConfig: JsonRecord;\n secretFields: ReadonlyArray<CredentialFieldSchema>;\n sourceKind: CredentialMaterialSourceKind;\n secretConfig: JsonRecord;\n envSecretRefs: Readonly<Record<string, string>>;\n allowSecretOmission?: boolean;\n }>,\n ): void {\n if (!args.displayName || args.displayName.trim().length === 0) {\n throw new ApplicationRequestError(400, \"Credential displayName is required.\");\n }\n this.assertRequiredFields(\"publicConfig\", args.publicFields, args.publicConfig);\n if (args.sourceKind === \"db\") {\n if (!args.allowSecretOmission || Object.keys(args.secretConfig).length > 0) {\n this.assertRequiredFields(\"secretConfig\", args.secretFields, args.secretConfig);\n }\n return;\n }\n if (args.sourceKind === \"env\") {\n if (!args.allowSecretOmission || Object.keys(args.envSecretRefs).length > 0) {\n this.assertRequiredEnvFields(args.secretFields, args.envSecretRefs);\n }\n return;\n }\n if (!args.allowSecretOmission || Object.keys(args.secretConfig).length > 0) {\n this.assertRequiredFields(\"secretConfig\", args.secretFields, args.secretConfig);\n }\n }\n\n private stripEnvManagedFieldValues(fields: ReadonlyArray<CredentialFieldSchema>, value: JsonRecord): JsonRecord {\n const out: Record<string, unknown> = { ...value };\n for (const field of fields) {\n if (this.credentialFieldEnvOverlayService.isFieldResolvedFromEnv(field)) {\n delete out[field.key];\n }\n }\n return Object.freeze(out);\n }\n\n private assertRequiredFields(\n fieldName: string,\n schema: ReadonlyArray<CredentialFieldSchema>,\n value: JsonRecord,\n ): void {\n const missing = schema\n .filter((field) => field.required === true)\n .filter((field) => !this.credentialFieldEnvOverlayService.isFieldResolvedFromEnv(field))\n .filter((field) => value[field.key] === undefined || value[field.key] === null || value[field.key] === \"\")\n .map((field) => field.key);\n if (missing.length > 0) {\n throw new ApplicationRequestError(400, `Missing required ${fieldName} field(s): ${missing.join(\", \")}`);\n }\n }\n\n private assertRequiredEnvFields(\n schema: ReadonlyArray<CredentialFieldSchema>,\n envSecretRefs: Readonly<Record<string, string>>,\n ): void {\n const missing = schema\n .filter((field) => field.required === true)\n .filter((field) => !this.credentialFieldEnvOverlayService.isFieldResolvedFromEnv(field))\n .filter((field) => !envSecretRefs[field.key] || envSecretRefs[field.key]!.trim().length === 0)\n .map((field) => field.key);\n if (missing.length > 0) {\n throw new ApplicationRequestError(400, `Missing required envSecretRefs field(s): ${missing.join(\", \")}`);\n }\n }\n\n private requireCredentialType(typeId: CredentialTypeId): AnyCredentialType {\n const credentialType = this.credentialTypeRegistry.getCredentialType(typeId);\n if (!credentialType) {\n throw new ApplicationRequestError(400, `Unknown credential type: ${typeId}`);\n }\n return credentialType;\n }\n\n async markOAuth2Connected(instanceId: CredentialInstanceId, connectedAt: string): Promise<void> {\n const instance = await this.requireInstance(instanceId);\n await this.credentialStore.saveInstance({\n instance: {\n ...instance,\n setupStatus: \"ready\",\n updatedAt: connectedAt,\n },\n });\n this.credentialSessionService.evictInstance(instanceId);\n }\n\n private async toDto(\n instance: CredentialInstanceRecord,\n latestTestResult: CredentialTestRecord | undefined,\n ): Promise<CredentialInstanceDto> {\n const oauth2Connection = await this.toOAuth2ConnectionDto(instance);\n return {\n instanceId: instance.instanceId,\n typeId: instance.typeId,\n displayName: instance.displayName,\n sourceKind: instance.sourceKind,\n publicConfig: instance.publicConfig,\n tags: instance.tags,\n setupStatus: instance.setupStatus,\n createdAt: instance.createdAt,\n updatedAt: instance.updatedAt,\n latestHealth: latestTestResult?.health,\n oauth2Connection,\n };\n }\n\n private async toOAuth2ConnectionDto(\n instance: CredentialInstanceRecord,\n ): Promise<CredentialOAuth2ConnectionDto | undefined> {\n const credentialType = this.credentialTypeRegistry.getCredentialType(instance.typeId);\n if (credentialType?.definition.auth?.kind !== \"oauth2\") {\n return undefined;\n }\n const providerId =\n \"providerId\" in credentialType.definition.auth ? credentialType.definition.auth.providerId : \"custom\";\n const material = await this.credentialStore.getOAuth2Material(instance.instanceId);\n if (!material) {\n const requestedScopes = this.credentialOAuth2ScopeResolver.resolveRequestedScopes(\n credentialType.definition.auth,\n instance.publicConfig,\n );\n return {\n status: \"disconnected\",\n providerId,\n scopes: [...requestedScopes],\n };\n }\n return {\n status: \"connected\",\n providerId: material.providerId,\n connectedEmail: material.connectedEmail,\n connectedAt: material.connectedAt,\n scopes: material.scopes,\n updatedAt: material.updatedAt,\n };\n }\n}\n","import type {\n CredentialBinding,\n CredentialBindingKey,\n CredentialInstanceId,\n CredentialRequirement,\n WorkflowDefinition,\n WorkflowRepository,\n} from \"@codemation/core\";\n\nimport { CoreTokens, inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationRequestError } from \"../../application/ApplicationRequestError\";\n\nimport type {\n WorkflowCredentialHealthDto,\n WorkflowCredentialHealthSlotDto,\n} from \"../../application/contracts/CredentialContractsRegistry\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\n\nimport { WorkflowCredentialNodeResolver } from \"./WorkflowCredentialNodeResolver\";\nimport { CredentialInstanceService } from \"./CredentialInstanceService\";\nimport type { CredentialStore, MutableCredentialSessionService } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialBindingService {\n constructor(\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CredentialInstanceService)\n private readonly credentialInstanceService: CredentialInstanceService,\n @inject(CoreTokens.WorkflowRepository)\n private readonly workflowRepository: WorkflowRepository,\n @inject(CoreTokens.CredentialSessionService)\n private readonly credentialSessionService: MutableCredentialSessionService,\n @inject(WorkflowCredentialNodeResolver)\n private readonly workflowCredentialNodeResolver: WorkflowCredentialNodeResolver,\n ) {}\n\n async upsertBinding(\n args: Readonly<{ workflowId: string; nodeId: string; slotKey: string; instanceId: CredentialInstanceId }>,\n ): Promise<CredentialBinding> {\n const workflow = this.requireWorkflow(args.workflowId);\n const requirement = this.requireRequirement(workflow, args.nodeId, args.slotKey);\n const instance = await this.credentialInstanceService.requireInstance(args.instanceId);\n if (!requirement.acceptedTypes.includes(instance.typeId)) {\n throw new ApplicationRequestError(\n 400,\n `Credential instance ${instance.instanceId} (${instance.typeId}) is not compatible with slot ${args.slotKey}. Accepted types: ${requirement.acceptedTypes.join(\", \")}`,\n );\n }\n const binding: CredentialBinding = {\n key: {\n workflowId: args.workflowId,\n nodeId: args.nodeId,\n slotKey: args.slotKey,\n },\n instanceId: args.instanceId,\n updatedAt: new Date().toISOString(),\n };\n await this.credentialStore.upsertBinding(binding);\n this.credentialSessionService.evictBinding(binding.key);\n return binding;\n }\n\n async listWorkflowHealth(workflowId: string): Promise<WorkflowCredentialHealthDto> {\n const workflow = this.requireWorkflow(workflowId);\n const bindings = await this.credentialStore.listBindingsByWorkflowId(workflowId);\n const bindingsByKey = new Map(bindings.map((binding) => [this.toBindingKeyString(binding.key), binding] as const));\n const slots: WorkflowCredentialHealthSlotDto[] = [];\n for (const slotRef of this.workflowCredentialNodeResolver.listSlots(workflow)) {\n const requirement = slotRef.requirement;\n const bindingKey = {\n workflowId,\n nodeId: slotRef.nodeId,\n slotKey: requirement.slotKey,\n } satisfies CredentialBindingKey;\n const binding = bindingsByKey.get(this.toBindingKeyString(bindingKey));\n if (!binding) {\n slots.push({\n workflowId,\n nodeId: slotRef.nodeId,\n nodeName: slotRef.nodeName,\n requirement,\n health: {\n status: requirement.optional ? \"optional-unbound\" : \"unbound\",\n },\n });\n continue;\n }\n const instance = await this.credentialInstanceService.requireInstance(binding.instanceId);\n const latestTestResult = await this.credentialStore.getLatestTestResult(instance.instanceId);\n slots.push({\n workflowId,\n nodeId: slotRef.nodeId,\n nodeName: slotRef.nodeName,\n requirement,\n instance: {\n instanceId: instance.instanceId,\n typeId: instance.typeId,\n displayName: instance.displayName,\n setupStatus: instance.setupStatus,\n },\n health: {\n status: latestTestResult?.health.status ?? \"unknown\",\n message: latestTestResult?.health.message,\n testedAt: latestTestResult?.health.testedAt,\n },\n });\n }\n return {\n workflowId,\n slots,\n };\n }\n\n private requireWorkflow(workflowId: string): WorkflowDefinition {\n const workflow = this.workflowRepository.get(decodeURIComponent(workflowId));\n if (!workflow) {\n throw new ApplicationRequestError(404, `Unknown workflowId: ${workflowId}`);\n }\n return workflow;\n }\n\n private requireRequirement(workflow: WorkflowDefinition, nodeId: string, slotKey: string): CredentialRequirement {\n const resolved = this.workflowCredentialNodeResolver.findRequirement(workflow, nodeId, slotKey);\n if (!resolved) {\n if (!this.workflowCredentialNodeResolver.isCredentialNodeIdInWorkflow(workflow, nodeId)) {\n throw new ApplicationRequestError(404, `Unknown workflow node: ${nodeId}`);\n }\n throw new ApplicationRequestError(400, `Node ${nodeId} does not declare credential slot ${slotKey}.`);\n }\n return resolved.requirement;\n }\n\n private toBindingKeyString(bindingKey: CredentialBindingKey): string {\n return `${bindingKey.workflowId}:${bindingKey.nodeId}:${bindingKey.slotKey}`;\n }\n}\n","import { inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\n\nimport { CredentialMaterialResolver } from \"./CredentialMaterialResolver\";\nimport { CredentialSecretCipher } from \"./CredentialSecretCipher\";\nimport type { CredentialInstanceRecord, CredentialStore, JsonRecord } from \"./CredentialServices\";\nimport { CredentialTypeRegistryImpl } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialRuntimeMaterialService {\n constructor(\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CredentialMaterialResolver)\n private readonly credentialMaterialResolver: CredentialMaterialResolver,\n @inject(CredentialSecretCipher)\n private readonly credentialSecretCipher: CredentialSecretCipher,\n @inject(CredentialTypeRegistryImpl)\n private readonly credentialTypeRegistry: CredentialTypeRegistryImpl,\n ) {}\n\n async compose(instance: CredentialInstanceRecord): Promise<JsonRecord> {\n const baseMaterial = await this.credentialMaterialResolver.resolveMaterial(instance);\n const auth = this.credentialTypeRegistry.getCredentialType(instance.typeId)?.definition.auth;\n if (auth?.kind !== \"oauth2\") {\n return baseMaterial;\n }\n const oauth2Material = await this.credentialStore.getOAuth2Material(instance.instanceId);\n if (!oauth2Material) {\n return baseMaterial;\n }\n const decryptedOauth2Material = this.credentialSecretCipher.decrypt(oauth2Material);\n return Object.freeze({\n ...baseMaterial,\n ...decryptedOauth2Material,\n });\n }\n}\n","import type {\n CredentialBindingKey,\n CredentialInstanceId,\n CredentialSessionService,\n WorkflowRepository,\n} from \"@codemation/core\";\n\nimport { CoreTokens, CredentialUnboundError, inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationRequestError } from \"../../application/ApplicationRequestError\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\n\nimport { WorkflowCredentialNodeResolver } from \"./WorkflowCredentialNodeResolver\";\nimport { CredentialFieldEnvOverlayService } from \"./CredentialFieldEnvOverlayService\";\nimport { CredentialRuntimeMaterialService } from \"./CredentialRuntimeMaterialService\";\nimport type { CredentialStore } from \"./CredentialServices\";\nimport { CredentialTypeRegistryImpl } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialSessionServiceImpl implements CredentialSessionService {\n private readonly cachedSessionsByInstanceId = new Map<CredentialInstanceId, Promise<unknown>>();\n private readonly cachedInstanceIdsByBindingKey = new Map<string, CredentialInstanceId>();\n\n constructor(\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CredentialRuntimeMaterialService)\n private readonly credentialRuntimeMaterialService: CredentialRuntimeMaterialService,\n @inject(CredentialFieldEnvOverlayService)\n private readonly credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService,\n @inject(CredentialTypeRegistryImpl)\n private readonly credentialTypeRegistry: CredentialTypeRegistryImpl,\n @inject(CoreTokens.WorkflowRepository)\n private readonly workflowRepository: WorkflowRepository,\n @inject(WorkflowCredentialNodeResolver)\n private readonly workflowCredentialNodeResolver: WorkflowCredentialNodeResolver,\n ) {}\n\n async getSession<TSession = unknown>(\n args: Readonly<{ workflowId: string; nodeId: string; slotKey: string }>,\n ): Promise<TSession> {\n const workflow = this.workflowRepository.get(decodeURIComponent(args.workflowId));\n const displayLabel = workflow\n ? this.workflowCredentialNodeResolver.describeCredentialNodeDisplay(workflow, args.nodeId)\n : undefined;\n const requirement = workflow\n ? this.workflowCredentialNodeResolver.findRequirement(workflow, args.nodeId, args.slotKey)?.requirement\n : undefined;\n const bindingKey: CredentialBindingKey = {\n workflowId: args.workflowId,\n nodeId: args.nodeId,\n slotKey: args.slotKey,\n };\n const binding = await this.credentialStore.getBinding(bindingKey);\n if (!binding) {\n const unbound = new CredentialUnboundError(bindingKey, requirement?.acceptedTypes ?? []);\n if (displayLabel) {\n throw new Error(`${displayLabel}: ${unbound.message}`, { cause: unbound });\n }\n throw unbound;\n }\n const bindingCacheKey = this.toBindingKeyString(bindingKey);\n this.cachedInstanceIdsByBindingKey.set(bindingCacheKey, binding.instanceId);\n const cachedSession = this.cachedSessionsByInstanceId.get(binding.instanceId);\n if (cachedSession) {\n return (await cachedSession) as TSession;\n }\n const nextSessionPromise = this.createSession(binding.instanceId, displayLabel).catch((error) => {\n this.cachedSessionsByInstanceId.delete(binding.instanceId);\n throw error;\n });\n this.cachedSessionsByInstanceId.set(binding.instanceId, nextSessionPromise);\n return (await nextSessionPromise) as TSession;\n }\n\n evictInstance(instanceId: CredentialInstanceId): void {\n this.cachedSessionsByInstanceId.delete(instanceId);\n }\n\n evictBinding(bindingKey: CredentialBindingKey): void {\n const cacheKey = this.toBindingKeyString(bindingKey);\n const instanceId = this.cachedInstanceIdsByBindingKey.get(cacheKey);\n if (instanceId) {\n this.cachedSessionsByInstanceId.delete(instanceId);\n }\n this.cachedInstanceIdsByBindingKey.delete(cacheKey);\n }\n\n private async createSession(instanceId: CredentialInstanceId, displayLabel?: string): Promise<unknown> {\n const instance = await this.credentialStore.getInstance(instanceId);\n if (!instance) {\n throw new ApplicationRequestError(404, `Unknown credential instance: ${instanceId}`);\n }\n const credentialType = this.credentialTypeRegistry.getCredentialType(instance.typeId);\n if (!credentialType) {\n const prefix = displayLabel ? `${displayLabel}: ` : \"\";\n throw new ApplicationRequestError(\n 400,\n `${prefix}Credential type \"${instance.typeId}\" is not registered in this runtime (binding points at an unknown type).`,\n );\n }\n const material = await this.credentialRuntimeMaterialService.compose(instance);\n const { resolvedPublicConfig, resolvedMaterial } = this.credentialFieldEnvOverlayService.apply({\n definition: credentialType.definition,\n publicConfig: instance.publicConfig,\n material,\n });\n return await credentialType.createSession({\n instance,\n material: resolvedMaterial,\n publicConfig: resolvedPublicConfig,\n });\n }\n\n private toBindingKeyString(bindingKey: CredentialBindingKey): string {\n return `${bindingKey.workflowId}:${bindingKey.nodeId}:${bindingKey.slotKey}`;\n }\n}\n","import { randomUUID } from \"node:crypto\";\n\nimport type { CredentialHealth, CredentialInstanceId, CredentialTypeId } from \"@codemation/core\";\n\nimport { CoreTokens, inject, injectable } from \"@codemation/core\";\n\nimport { ApplicationRequestError } from \"../../application/ApplicationRequestError\";\n\nimport { ApplicationTokens } from \"../../applicationTokens\";\n\nimport { CredentialFieldEnvOverlayService } from \"./CredentialFieldEnvOverlayService\";\nimport { CredentialInstanceService } from \"./CredentialInstanceService\";\nimport { CredentialRuntimeMaterialService } from \"./CredentialRuntimeMaterialService\";\nimport type { CredentialStore, AnyCredentialType, MutableCredentialSessionService } from \"./CredentialServices\";\nimport { CredentialTypeRegistryImpl } from \"./CredentialServices\";\n\n@injectable()\nexport class CredentialTestService {\n constructor(\n @inject(CredentialInstanceService)\n private readonly credentialInstanceService: CredentialInstanceService,\n @inject(CredentialRuntimeMaterialService)\n private readonly credentialRuntimeMaterialService: CredentialRuntimeMaterialService,\n @inject(CredentialFieldEnvOverlayService)\n private readonly credentialFieldEnvOverlayService: CredentialFieldEnvOverlayService,\n @inject(CredentialTypeRegistryImpl)\n private readonly credentialTypeRegistry: CredentialTypeRegistryImpl,\n @inject(ApplicationTokens.CredentialStore)\n private readonly credentialStore: CredentialStore,\n @inject(CoreTokens.CredentialSessionService)\n private readonly credentialSessionService: MutableCredentialSessionService,\n ) {}\n\n async test(instanceId: CredentialInstanceId): Promise<CredentialHealth> {\n const instance = await this.credentialInstanceService.requireInstance(instanceId);\n const credentialType = this.requireCredentialType(instance.typeId);\n const material = await this.credentialRuntimeMaterialService.compose(instance);\n const { resolvedPublicConfig, resolvedMaterial } = this.credentialFieldEnvOverlayService.apply({\n definition: credentialType.definition,\n publicConfig: instance.publicConfig,\n material,\n });\n const health = await credentialType.test({\n instance,\n material: resolvedMaterial,\n publicConfig: resolvedPublicConfig,\n });\n const testedAt = health.testedAt ?? new Date().toISOString();\n await this.credentialStore.saveTestResult({\n testId: randomUUID(),\n instanceId,\n health: {\n ...health,\n testedAt,\n },\n testedAt,\n expiresAt: health.expiresAt,\n });\n this.credentialSessionService.evictInstance(instanceId);\n return {\n ...health,\n testedAt,\n };\n }\n\n private requireCredentialType(typeId: CredentialTypeId): AnyCredentialType {\n const credentialType = this.credentialTypeRegistry.getCredentialType(typeId);\n if (!credentialType) {\n throw new ApplicationRequestError(400, `Unknown credential type: ${typeId}`);\n }\n return credentialType;\n }\n}\n"],"mappings":";;;;;;;;;;AAQA,IAAa,qCAAb,MAAgD;CAC9C,YAAY,AAAiBA,WAAoC;EAApC;;CAE7B,MAAM,KACJ,MAC2B;EAC3B,MAAM,4BAAW,IAAI,MAAM,EAAC,aAAa;EACzC,MAAM,SAAS,OAAO,KAAK,SAAS,UAAU,GAAG,CAAC,MAAM;AACxD,MAAI,OAAO,WAAW,EACpB,QAAO;GACL,QAAQ;GACR,SAAS;GACT;GACD;EAGH,MAAM,YAAY,KAAK,qBAAqB,KAAK,aAAa,QAAQ;AAEtE,MAAI;GACF,MAAM,WAAW,MAAM,KAAK,UAAU,WAAW;IAC/C,QAAQ;IACR,SAAS,EACP,eAAe,UAAU,UAC1B;IACD,QAAQ,YAAY,QAAQ,KAAO;IACpC,CAAC;AAEF,OAAI,SAAS,GACX,QAAO;IACL,QAAQ;IACR,SAAS;IACT;IACD;AAIH,UAAO;IACL,QAAQ;IACR,SAHc,MAAM,KAAK,kBAAkB,SAAS;IAIpD;IACD;WACM,OAAO;AACd,UAAO;IACL,QAAQ;IACR,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;IAC/D;IACD;;;CAIL,AAAQ,qBAAqB,YAA6B;EACxD,MAAM,cAAc;EACpB,MAAM,MAAM,OAAO,eAAe,WAAW,WAAW,MAAM,GAAG;EACjE,MAAM,OAAO,QAAQ,KAAK,cAAc,IAAI,QAAQ,QAAQ,GAAG;AAC/D,MAAI,KAAK,SAAS,UAAU,CAC1B,QAAO;AAET,MAAI,KAAK,SAAS,MAAM,CACtB,QAAO,GAAG,KAAK;AAEjB,SAAO,GAAG,KAAK;;CAGjB,MAAc,kBAAkB,UAAqC;EACnE,MAAM,SAAS,QAAQ,SAAS;AAChC,MAAI;GACF,MAAM,OAAO,MAAM,SAAS,MAAM;AAClC,OAAI,KAAK,MAAM,KAAK,GAClB,QAAO;GAGT,MAAM,UADS,KAAK,MAAM,KAAK,CACR,OAAO;AAC9B,OAAI,OAAO,YAAY,YAAY,QAAQ,MAAM,KAAK,GACpD,QAAO,GAAG,OAAO,IAAI,QAAQ,MAAM;AAErC,UAAO,GAAG,OAAO,IAAI,KAAK,SAAS,MAAM,GAAG,KAAK,MAAM,GAAG,IAAI,CAAC,KAAK;UAC9D;AACN,UAAO;;;;;;;;;;;;ACvEb,IAAa,oCAAb,MAA+C;CAC7C,YAAY,AAAiBC,cAAkD;EAAlD;;CAE7B,uBAA4G;AAC1G,SAAO;GACL,YAAY;IACV,QAAQ;IACR,aAAa;IACb,aAAa;IACb,cAAc,CACZ;KACE,KAAK;KACL,OAAO;KACP,MAAM;KACN,aAAa;KACb,UAAU;KACX,CACF;IACD,cAAc,CAAC;KAAE,KAAK;KAAU,OAAO;KAAW,MAAM;KAAY,UAAU;KAAM,CAAC;IACrF,sBAAsB;KAAC;KAAM;KAAO;KAAO;IAC5C;GACD,eAAe,OAAO,SAAS;IAC7B,MAAM,aAAa,KAAK,aAAa;IACrC,MAAM,UAAU,OAAO,eAAe,YAAY,WAAW,MAAM,KAAK,KAAK,WAAW,MAAM,GAAG;AACjG,WAAO;KACL,QAAQ,OAAO,KAAK,SAAS,UAAU,GAAG;KAC1C;KACD;;GAEH,MAAM,OAAO,SAAS,KAAK,aAAa,KAAK,KAAK;GACnD;;;;;;ACrCE,uCAAMC,6BAA6D;CACxE,AAAiB,sCAAsB,IAAI,KAA0C;CAErF,SAAS,MAA+C;AACtD,MAAI,KAAK,oBAAoB,IAAI,KAAK,WAAW,OAAO,CACtD,OAAM,IAAI,MAAM,uCAAuC,KAAK,WAAW,SAAS;AAElF,OAAK,oBAAoB,IAAI,KAAK,WAAW,QAAQ,KAAK;;CAG5D,YAAqD;AACnD,SAAO,CAAC,GAAG,KAAK,oBAAoB,QAAQ,CAAC,CAAC,KAAK,UAAU,MAAM,WAAW;;CAGhF,QAAQ,QAAgE;AACtE,SAAO,KAAK,oBAAoB,IAAI,OAAO,EAAE;;CAG/C,kBAAkB,QAAyD;AACzE,SAAO,KAAK,oBAAoB,IAAI,OAAO;;;yCApB9C,YAAY;;;;ACNb,IAAa,0BAAb,cAA6C,MAAM;CACjD,AAAS;CAET,AAAS;CAET,YAAY,QAAgB,SAAiB,QAAgC;AAC3E,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,OAAK,SAAS;AACd,OAAK,UAAU,UAAU,OAAO,SAAS,IAAI;GAAE,OAAO;GAAS;GAAQ,GAAG,EAAE,OAAO,SAAS;;;;;;ACuBhG,MAAa,oBAAoB;CAC/B,sBAAsB,OAAO,IAAI,8CAA8C;CAG/E,4BAA4B,OAAO,IACjC,oDACD;CACD,WAAW,OAAO,IAAI,mCAAmC;CACzD,eAAe,OAAO,IAAI,uCAAuC;CACjE,mBAAmB,OAAO,IAAI,2CAA2C;CACzE,UAAU,OAAO,IAAI,kCAAkC;CACvD,YAAY,OAAO,IAAI,oCAAoC;CAC3D,gBAAgB,OAAO,IAAI,wCAAwC;CACnE,cAAc,OAAO,IAAI,sCAAsC;CAC/D,gBAAgB,OAAO,IAAI,wCAAwC;CAGnE,oBAAoB,OAAO,IAAI,4CAA4C;CAG3E,uBAAuB,OAAO,IAAI,+CAA+C;CACjF,4BAA4B,OAAO,IACjC,oDACD;CACD,wBAAwB,OAAO,IAC7B,gDACD;CACD,8BAA8B,OAAO,IACnC,sDACD;CACD,8BAA8B,OAAO,IACnC,sDACD;CACD,mCAAmC,OAAO,IACxC,2DACD;CACD,uBAAuB,OAAO,IAAI,+CAA+C;CACjF,eAAe,OAAO,IAAI,uCAAuC;CAIjE,8BAA8B,OAAO,IAAI,sDAAsD;CAC/F,iBAAiB,OAAO,IAAI,yCAAyC;CACrE,2BAA2B,OAAO,IAChC,mDACD;CACD,oBAAoB,OAAO,IAAI,4CAA4C;CAC3E,wBAAwB,OAAO,IAC7B,gDACD;CACD,2BAA2B,OAAO,IAChC,mDACD;CACD,mBAAmB,OAAO,IAAI,2CAA2C;CACzE,cAAc,OAAO,IAAI,sCAAsC;CAC/D,iBAAiB,OAAO,IAAI,yCAAyC;CACrE,OAAO,OAAO,IAAI,+BAA+B;CAClD;;;;ACpEM,2CAAMC,iCAA+B;;;;CAI1C,8BAA8B,UAA8B,QAAwB;EAClF,MAAM,SAAS,SAAS,MAAM,MAAM,MAAM,EAAE,OAAO,OAAO;AAC1D,MAAI,OACF,QAAO,OAAO,QAAQ,OAAO,OAAO,QAAQ,OAAO;EAErD,MAAM,YAAY,KAAK,4BAA4B,UAAU,OAAO;AACpE,MAAI,CAAC,UACH,QAAO;AAET,SAAO,KAAK,2BAA2B,UAAU,gBAAgB,UAAU,OAAO,UAAU,YAAY;;CAG1G,6BAA6B,UAA8B,QAAyB;AAClF,MAAI,SAAS,MAAM,MAAM,MAAM,EAAE,OAAO,OAAO,CAC7C,QAAO;AAET,SAAO,KAAK,4BAA4B,UAAU,OAAO,KAAK;;CAGhE,gBACE,UACA,QACA,SACgF;EAChF,MAAM,SAAS,KAAK,sBAAsB,UAAU,QAAQ,QAAQ;AACpE,MAAI,OACF,QAAO;EAET,MAAM,YAAY,KAAK,4BAA4B,UAAU,OAAO;AACpE,MAAI,CAAC,UACH;EAEF,MAAM,cAAc,UAAU,MAAM,iBACjC,6BAA6B,EAC5B,MAAM,UAAU,MAAM,YAAY,QAAQ;AAC9C,SAAO,cAAc;GAAE,UAAU,UAAU,MAAM;GAAM;GAAa,GAAG;;CAGzE,UAAU,UAAwE;EAChF,MAAM,6BAAa,IAAI,KAAwC;AAE/D,OAAK,MAAM,QAAQ,SAAS,OAAO;AACjC,OAAI,qBAAqB,kBAAkB,KAAK,OAAO,EAAE;AACvD,SAAK,uBAAuB,SAAS,IAAI,KAAK,IAAI,KAAK,QAAQ,WAAW;AAC1E;;AAEF,QAAK,wBACH,SAAS,IACT,KAAK,IACL,KAAK,QAAQ,KAAK,OAAO,QAAQ,KAAK,IACtC,KAAK,OAAO,6BAA6B,IAAI,EAAE,EAC/C,WACD;;AAEH,SAAO,CAAC,GAAG,WAAW,QAAQ,CAAC;;CAGjC,AAAQ,sBACN,UACA,QACA,SACgF;EAChF,MAAM,OAAO,SAAS,MAAM,MAAM,UAAU,MAAM,OAAO,OAAO;AAChE,MAAI,CAAC,QAAQ,qBAAqB,kBAAkB,KAAK,OAAO,CAC9D;EAEF,MAAM,cAAc,KAAK,OAAO,6BAA6B,EAAE,MAAM,UAAU,MAAM,YAAY,QAAQ;AACzG,MAAI,CAAC,YACH;AAEF,SAAO;GAAE,UAAU,KAAK,QAAQ,KAAK,OAAO,QAAQ,KAAK;GAAI;GAAa;;CAG5E,AAAQ,uBACN,YACA,iBACA,aACA,YACM;AACN,OAAK,MAAM,SAAS,6BAA6B,QAAQ,iBAAiB,YAAY,CACpF,MAAK,wBACH,YACA,MAAM,QACN,MAAM,MACN,MAAM,iBAAiB,6BAA6B,IAAI,EAAE,EAC1D,WACD;;CAIL,AAAQ,wBACN,YACA,QACA,UACA,cACA,YACM;AACN,OAAK,MAAM,eAAe,cAAc;GACtC,MAAM,MAAM,GAAG,OAAO,IAAI,YAAY;AACtC,OAAI,WAAW,IAAI,IAAI,CACrB;AAEF,cAAW,IAAI,KAAK;IAClB;IACA;IACA;IACA;IACD,CAAC;;;CAIN,AAAQ,4BACN,UACA,QAQY;AACZ,MACE,CAAC,wBAAwB,gCAAgC,OAAO,IAChE,CAAC,wBAAwB,uBAAuB,OAAO,CAEvD;AAEF,OAAK,MAAM,QAAQ,SAAS,OAAO;AACjC,OAAI,CAAC,qBAAqB,kBAAkB,KAAK,OAAO,CACtD;GAEF,MAAM,UAAU,6BAA6B,QAAQ,KAAK,IAAI,KAAK,OAAO;GAC1E,MAAM,cAAc,IAAI,IAAI,QAAQ,KAAK,YAAU,CAACC,QAAM,QAAQA,QAAM,CAAC,CAAC;GAC1E,MAAM,QAAQ,YAAY,IAAI,OAAO;AACrC,OAAI,CAAC,MACH;AAEF,UAAO;IACL,iBAAiB,KAAK;IACtB,gBAAgB,KAAK,QAAQ,KAAK,OAAO,QAAQ,KAAK;IACtD;IACA;IACD;;;CAKL,AAAQ,2BACN,gBACA,OACA,aACQ;EACR,MAAM,SAAS,CAAC,gBAAgB,GAAG,KAAK,0BAA0B,MAAM,cAAc,YAAY,CAAC;AACnG,SAAO,KAAK,MAAM,SAAS,kBAAkB,mBAAmB,MAAM,KAAK;AAC3E,SAAO,OAAO,KAAK,MAAM;;CAG3B,AAAQ,0BACN,cACA,aACuB;EACvB,MAAMC,SAAmB,EAAE;EAC3B,IAAI,gBAAgB;AACpB,SAAO,MAAM;GACX,MAAM,cAAc,YAAY,IAAI,cAAc;AAClD,OAAI,CAAC,YACH,QAAO,OAAO,SAAS;AAEzB,OAAI,YAAY,SAAS,UAAU,YAAY,SAAS,cACtD,QAAO,KAAK,YAAY,KAAK;AAE/B,mBAAgB,YAAY;;;;6CAjLjC,YAAY;;;;ACXN,6CAAMC,mCAAiC;CAC5C,YACE,AACiBC,WACjB;EADiB;;;CAInB,uBAAuB,OAAuC;EAC5D,MAAM,OAAO,MAAM,YAAY,MAAM;AACrC,MAAI,CAAC,KACH,QAAO;EAET,MAAM,IAAI,KAAK,UAAU,IAAI;AAC7B,SAAO,OAAO,MAAM,YAAY,EAAE,SAAS;;CAG7C,MACE,MAK8E;EAC9E,MAAMC,MAA+B,EAAE,GAAG,KAAK,cAAc;EAC7D,MAAMC,MAA+B,EAAE,GAAG,KAAK,UAAU;AACzD,OAAK,MAAM,SAAS,KAAK,WAAW,gBAAgB,EAAE,EAAE;GACtD,MAAM,OAAO,MAAM,YAAY,MAAM;AACrC,OAAI,CAAC,KACH;GAEF,MAAM,IAAI,KAAK,UAAU,IAAI;AAC7B,OAAI,OAAO,MAAM,YAAY,EAAE,SAAS,EACtC,KAAI,MAAM,OAAO;;AAGrB,OAAK,MAAM,SAAS,KAAK,WAAW,gBAAgB,EAAE,EAAE;GACtD,MAAM,OAAO,MAAM,YAAY,MAAM;AACrC,OAAI,CAAC,KACH;GAEF,MAAM,IAAI,KAAK,UAAU,IAAI;AAC7B,OAAI,OAAO,MAAM,YAAY,EAAE,SAAS,EACtC,KAAI,MAAM,OAAO;;AAGrB,SAAO,OAAO,OAAO;GACnB,sBAAsB,OAAO,OAAO,IAAI;GACxC,kBAAkB,OAAO,OAAO,IAAI;GACrC,CAAC;;;;CAjDL,YAAY;oBAGR,OAAO,kBAAkB,UAAU;;;;;;;ACDjC,mCAAMC,yBAAuB;;;;CAClC,OAAwB,YAAY;CACpC,OAAwB,gBAAgB;CACxC,OAAwB,WAAW;CAEnC,YACE,AACiBC,WACjB;EADiB;;CAGnB,QAAQ,OAIL;EACD,MAAM,KAAK,oCAAmC,SAAS;EACvD,MAAM,SAAS,uCAAsC,WAAW,KAAK,oBAAoB,EAAE,GAAG;EAC9F,MAAM,YAAY,OAAO,KAAK,KAAK,UAAU,MAAM,EAAE,OAAO;EAE5D,MAAM,YAAY,OAAO,OAAO,CAAC,OAAO,OAAO,UAAU,EAAE,OAAO,OAAO,CAAC,CAAC;EAC3E,MAAM,UAAU,OAAO,YAAY;AACnC,SAAO;GAEL,eAAe,OAAO,OAAO;IAAC;IAAI;IAAS;IAAU,CAAC,CAAC,SAAS,SAAS;GACzE,iBAAiB,KAAK,cAAc;GACpC,uCAAsC;GACvC;;CAGH,QACE,QAKY;EAEZ,MAAM,SAAS,OAAO,KAAK,OAAO,eAAe,SAAS;EAC1D,MAAM,KAAK,OAAO,SAAS,2BAA0B,SAAS;EAC9D,MAAM,UAAU,OAAO,iCAAgC,kCAAiC,WAAW,GAAG;EACtG,MAAM,YAAY,OAAO,iCAAgC,WAAW,GAAG;EACvE,MAAM,WAAW,yCAAwC,WAAW,KAAK,oBAAoB,EAAE,GAAG;AAClG,WAAS,WAAW,QAAQ;EAE5B,MAAM,YAAY,OAAO,OAAO,CAAC,SAAS,OAAO,UAAU,EAAE,SAAS,OAAO,CAAC,CAAC,CAAC,SAAS,OAAO;AAChG,SAAO,KAAK,MAAM,UAAU;;CAG9B,AAAQ,qBAA6B;EACnC,MAAM,WAAW,KAAK,UAAU,IAAI;AACpC,MAAI,CAAC,YAAY,SAAS,MAAM,CAAC,WAAW,EAC1C,OAAM,IAAI,MAAM,yFAAyF;AAE3G,SAAO,WAAW,SAAS,CAAC,OAAO,SAAS,CAAC,QAAQ;;CAGvD,AAAQ,eAAuB;EAC7B,MAAM,WAAW,KAAK,UAAU,IAAI;AACpC,SAAO,WAAW,SAAS,CACxB,OAAO,YAAY,GAAG,CACtB,OAAO,MAAM,CACb,MAAM,GAAG,GAAG;;;;CA9DlB,YAAY;oBAOR,OAAO,kBAAkB,UAAU;;;;;;;ACPjC,uCAAMC,6BAA2B;CACtC,YACE,AACiBC,iBACjB,AACiBC,wBACjB,AACiBC,WACjB;EALiB;EAEA;EAEA;;CAGnB,MAAM,gBAAgB,UAAyD;AAC7E,MAAI,SAAS,UAAU,SAAS,MAAM;GACpC,MAAM,iBAAiB,MAAM,KAAK,gBAAgB,kBAAkB,SAAS,WAAW;AACxF,OAAI,CAAC,eACH,OAAM,IAAI,MAAM,cAAc,SAAS,WAAW,wCAAwC;AAE5F,UAAO,KAAK,uBAAuB,QAAQ,eAAe;;AAE5D,MAAI,SAAS,UAAU,SAAS,MAC9B,QAAO,KAAK,mBAAmB,SAAS;AAE1C,SAAO,SAAS,UAAU;;CAG5B,AAAQ,mBAAmB,UAAgD;AACzE,MAAI,SAAS,UAAU,SAAS,MAC9B,OAAM,IAAI,MAAM,cAAc,SAAS,WAAW,6BAA6B;EAEjF,MAAMC,WAAoC,EAAE;EAC5C,MAAMC,8BAAwC,EAAE;AAChD,OAAK,MAAM,CAAC,UAAU,eAAe,OAAO,QAAQ,SAAS,UAAU,WAAW,EAAE;GAClF,MAAM,QAAQ,KAAK,UAAU,IAAI;AACjC,OAAI,UAAU,UAAa,MAAM,WAAW,GAAG;AAC7C,gCAA4B,KAAK,WAAW;AAC5C;;AAEF,YAAS,YAAY;;AAEvB,MAAI,4BAA4B,SAAS,EACvC,OAAM,IAAI,MACR,cAAc,SAAS,WAAW,oDAAoD,4BAA4B,KAAK,KAAK,CAAC,GAC9H;AAEH,SAAO;;;;CA5CV,YAAY;oBAGR,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,uBAAuB;oBAE9B,OAAO,kBAAkB,UAAU;;;;;;;;;;ACVjC,0CAAMC,gCAA8B;CACzC,uBAAuB,MAAsC,cAAiD;EAC5G,MAAM,yBAAyB,KAAK;AACpC,MAAI,CAAC,uBACH,QAAO,CAAC,GAAG,KAAK,OAAO;EAEzB,MAAM,SAAS,KAAK,cAAc,aAAa,uBAAuB,gBAAgB;AACtF,MAAI,CAAC,OACH,QAAO,CAAC,GAAG,KAAK,OAAO;EAEzB,MAAM,eAAe,uBAAuB,aAAa;AACzD,MAAI,aACF,QAAO,CAAC,GAAG,aAAa;AAG1B,MAAI,YADoB,uBAAuB,mBAAmB,UAEhE,QAAO,CAAC,GAAG,KAAK,OAAO;EAEzB,MAAM,eAAe,KAAK,iBACxB,aAAa,uBAAuB,wBAAwB,gBAC7D;AACD,MAAI,aAAa,SAAS,EACxB,QAAO;AAET,SAAO,CAAC,GAAG,KAAK,OAAO;;CAGzB,AAAQ,cAAc,OAAoC;AACxD,MAAI,OAAO,UAAU,SACnB;EAEF,MAAM,aAAa,MAAM,MAAM;AAC/B,SAAO,WAAW,SAAS,IAAI,aAAa;;CAG9C,AAAQ,iBAAiB,OAAuC;AAC9D,MAAI,MAAM,QAAQ,MAAM,CACtB,QAAO,KAAK,OACV,MAAM,KAAK,UAAW,OAAO,UAAU,WAAW,MAAM,MAAM,GAAG,GAAI,CAAC,QAAQ,UAAU,MAAM,SAAS,EAAE,CAC1G;AAEH,MAAI,OAAO,UAAU,SACnB,QAAO,EAAE;AAEX,SAAO,KAAK,OACV,MACG,MAAM,SAAS,CACf,KAAK,UAAU,MAAM,MAAM,CAAC,CAC5B,QAAQ,UAAU,MAAM,SAAS,EAAE,CACvC;;CAGH,AAAQ,OAAO,SAAuD;AACpE,SAAO,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC;;;4CAtD/B,YAAY;;;;;ACoCN,sCAAMC,4BAA0B;CACrC,YACE,AACiBC,iBACjB,AACiBC,wBACjB,AACiBC,wBACjB,AACiBC,kCACjB,AACiBC,4BACjB,AACiBC,+BACjB,AACiBC,0BACjB;EAbiB;EAEA;EAEA;EAEA;EAEA;EAEA;EAEA;;CAGnB,MAAM,gBAA+D;EACnE,MAAM,YAAY,MAAM,KAAK,gBAAgB,eAAe;EAC5D,MAAM,oBAAoB,MAAM,KAAK,gBAAgB,qBACnD,UAAU,KAAK,aAAa,SAAS,WAAW,CACjD;AACD,SAAO,MAAM,QAAQ,IACnB,UAAU,IAAI,OAAO,aAAa,MAAM,KAAK,MAAM,UAAU,kBAAkB,IAAI,SAAS,WAAW,CAAC,CAAC,CAC1G;;CAGH,MAAM,YAAY,YAA8E;EAC9F,MAAM,WAAW,MAAM,KAAK,gBAAgB,YAAY,WAAW;AACnE,MAAI,CAAC,SACH;EAEF,MAAM,mBAAmB,MAAM,KAAK,gBAAgB,oBAAoB,WAAW;AACnF,SAAO,MAAM,KAAK,MAAM,UAAU,iBAAiB;;CAGrD,MAAM,uBACJ,YACuD;EACvD,MAAM,WAAW,MAAM,KAAK,gBAAgB,YAAY,WAAW;AACnE,MAAI,CAAC,SACH;EAEF,MAAM,mBAAmB,MAAM,KAAK,gBAAgB,oBAAoB,WAAW;EACnF,MAAM,OAAO,MAAM,KAAK,MAAM,UAAU,iBAAiB;AACzD,MAAI;GACF,MAAM,WAAW,MAAM,KAAK,2BAA2B,gBAAgB,SAAS;GAChF,MAAM,eAAe,OAAO,YAAY,OAAO,QAAQ,SAAS,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,GAAG,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC;GAIvG,MAAM,gBACJ,SAAS,UAAU,SAAS,QAAS,SAAS,UAAU,aAAwC;AAClG,UAAO;IAAE,GAAG;IAAM;IAAc;IAAe;UACzC;AACN,UAAO;;;CAIX,MAAM,OAAO,SAA0E;EACrF,MAAM,iBAAiB,KAAK,sBAAsB,QAAQ,OAAO;EACjE,MAAM,eAAe,eAAe,WAAW,gBAAgB,EAAE;EACjE,MAAM,eAAe,eAAe,WAAW,gBAAgB,EAAE;AACjE,OAAK,sBAAsB;GACzB,aAAa,QAAQ;GACrB;GACA,cAAc,QAAQ,gBAAgB,EAAE;GACxC;GACA,YAAY,QAAQ;GACpB,cAAc,QAAQ,gBAAgB,EAAE;GACxC,eAAe,QAAQ,iBAAiB,EAAE;GAC3C,CAAC;EACF,MAAM,6BAAY,IAAI,MAAM,EAAC,aAAa;EAC1C,MAAM,iBAAiB,KAAK,2BAA2B,cAAc,QAAQ,gBAAgB,EAAE,CAAC;EAChG,MAAM,uBAAuB,KAAK,2BAA2B,cAAc,QAAQ,gBAAgB,EAAE,CAAC;EACtG,MAAMC,WAAqC;GACzC,YAAY,YAAY;GACxB,QAAQ,QAAQ;GAChB,aAAa,QAAQ,YAAY,MAAM;GACvC,YAAY,QAAQ;GACpB,cAAc,OAAO,OAAO,EAAE,GAAG,gBAAgB,CAAC;GAClD,WAAW,KAAK,gBAAgB,QAAQ,YAAY,sBAAsB,QAAQ,iBAAiB,EAAE,CAAC;GACtG,MAAM,OAAO,OAAO,CAAC,GAAI,QAAQ,QAAQ,EAAE,CAAE,CAAC;GAC9C,aAAa,eAAe,WAAW,MAAM,SAAS,WAAW,UAAU;GAC3E,WAAW;GACX,WAAW;GACZ;AACD,QAAM,KAAK,gBAAgB,aAAa;GACtC;GACA,gBAAgB,KAAK,qBAAqB,UAAU,sBAAsB,UAAU;GACrF,CAAC;AACF,OAAK,yBAAyB,cAAc,SAAS,WAAW;AAChE,SAAO,KAAK,MAAM,UAAU,OAAU;;CAGxC,MAAM,OACJ,YACA,SACgC;EAChC,MAAM,WAAW,MAAM,KAAK,gBAAgB,WAAW;EACvD,MAAM,iBAAiB,KAAK,sBAAsB,SAAS,OAAO;EAClE,MAAM,kBAAkB,EAAE,GAAI,QAAQ,gBAAgB,SAAS,cAAe;EAC9E,MAAM,6BAAY,IAAI,MAAM,EAAC,aAAa;EAC1C,MAAM,mBAAmB,QAAQ;EACjC,MAAM,oBAAoB,QAAQ;EAClC,MAAM,eAAe,eAAe,WAAW,gBAAgB,EAAE;AACjE,OAAK,sBAAsB;GACzB,aAAa,QAAQ,eAAe,SAAS;GAC7C,cAAc,eAAe,WAAW,gBAAgB,EAAE;GAC1D,cAAc;GACd;GACA,YAAY,SAAS;GACrB,cAAc,oBAAoB,EAAE;GACpC,eAAe,qBAAqB,EAAE;GACtC,qBAAqB;GACtB,CAAC;EACF,MAAM,eAAe,OAAO,OAAO,EACjC,GAAG,KAAK,2BAA2B,eAAe,WAAW,gBAAgB,EAAE,EAAE,gBAAgB,EAClG,CAAC;EACF,MAAM,qBACJ,qBAAqB,SAAY,KAAK,2BAA2B,cAAc,iBAAiB,GAAG;EACrG,MAAMA,WAAqC;GACzC,GAAG;GACH,aAAa,QAAQ,aAAa,MAAM,IAAI,SAAS;GACrD;GACA,MAAM,OAAO,OAAO,CAAC,GAAI,QAAQ,QAAQ,SAAS,KAAM,CAAC;GACzD,aAAa,QAAQ,eAAe,SAAS;GAC7C,WACE,oBAAoB,oBAChB,KAAK,gBAAgB,SAAS,YAAY,sBAAsB,EAAE,EAAE,qBAAqB,EAAE,CAAC,GAC5F,SAAS;GACf;GACD;AACD,QAAM,KAAK,gBAAgB,aAAa;GACtC;GACA,gBACE,qBAAqB,UAAa,uBAAuB,SACrD,KAAK,qBAAqB,UAAU,oBAAoB,UAAU,GAClE;GACP,CAAC;AACF,OAAK,yBAAyB,cAAc,SAAS,WAAW;AAChE,SAAO,KAAK,MAAM,UAAU,MAAM,KAAK,gBAAgB,oBAAoB,SAAS,WAAW,CAAC;;CAGlG,MAAM,OAAO,YAAiD;AAC5D,QAAM,KAAK,gBAAgB,eAAe,WAAW;AACrD,OAAK,yBAAyB,cAAc,WAAW;;CAGzD,MAAM,iBAAiB,YAAkE;EACvF,MAAM,WAAW,MAAM,KAAK,gBAAgB,WAAW;AAEvD,MADuB,KAAK,sBAAsB,SAAS,OAAO,CAC/C,WAAW,MAAM,SAAS,SAC3C,OAAM,IAAI,wBAAwB,KAAK,uBAAuB,WAAW,uBAAuB;EAElG,MAAMC,kBAA4C;GAChD,GAAG;GACH,aAAa;GACb,4BAAW,IAAI,MAAM,EAAC,aAAa;GACpC;AACD,QAAM,KAAK,gBAAgB,aAAa,EACtC,UAAU,iBACX,CAAC;AACF,QAAM,KAAK,gBAAgB,qBAAqB,WAAW;AAC3D,OAAK,yBAAyB,cAAc,WAAW;AACvD,SAAO,MAAM,KAAK,MAAM,iBAAiB,MAAM,KAAK,gBAAgB,oBAAoB,WAAW,CAAC;;CAGtG,MAAM,gBAAgB,YAAqE;EACzF,MAAM,WAAW,MAAM,KAAK,gBAAgB,YAAY,WAAW;AACnE,MAAI,CAAC,SACH,OAAM,IAAI,wBAAwB,KAAK,gCAAgC,aAAa;AAEtF,SAAO;;CAGT,AAAQ,gBACN,YACA,cACA,eACqB;AACrB,MAAI,eAAe,KACjB,QAAO,EAAE,MAAM,MAAM;AAEvB,MAAI,eAAe,MACjB,QAAO;GACL,MAAM;GACN,YAAY,OAAO,OAAO,EAAE,GAAG,eAAe,CAAC;GAChD;AAEH,SAAO;GACL,MAAM;GACN,OAAO,OAAO,OAAO,EAAE,GAAG,cAAc,CAAC;GAC1C;;CAGH,AAAQ,qBACN,UACA,cACA,WAC4C;AAC5C,MAAI,SAAS,eAAe,KAC1B;EAEF,MAAM,YAAY,KAAK,uBAAuB,QAAQ,aAAa;AACnE,SAAO;GACL,YAAY,SAAS;GACrB,eAAe,UAAU;GACzB,iBAAiB,UAAU;GAC3B,eAAe,UAAU;GACzB;GACD;;CAGH,AAAQ,sBACN,MAUM;AACN,MAAI,CAAC,KAAK,eAAe,KAAK,YAAY,MAAM,CAAC,WAAW,EAC1D,OAAM,IAAI,wBAAwB,KAAK,sCAAsC;AAE/E,OAAK,qBAAqB,gBAAgB,KAAK,cAAc,KAAK,aAAa;AAC/E,MAAI,KAAK,eAAe,MAAM;AAC5B,OAAI,CAAC,KAAK,uBAAuB,OAAO,KAAK,KAAK,aAAa,CAAC,SAAS,EACvE,MAAK,qBAAqB,gBAAgB,KAAK,cAAc,KAAK,aAAa;AAEjF;;AAEF,MAAI,KAAK,eAAe,OAAO;AAC7B,OAAI,CAAC,KAAK,uBAAuB,OAAO,KAAK,KAAK,cAAc,CAAC,SAAS,EACxE,MAAK,wBAAwB,KAAK,cAAc,KAAK,cAAc;AAErE;;AAEF,MAAI,CAAC,KAAK,uBAAuB,OAAO,KAAK,KAAK,aAAa,CAAC,SAAS,EACvE,MAAK,qBAAqB,gBAAgB,KAAK,cAAc,KAAK,aAAa;;CAInF,AAAQ,2BAA2B,QAA8C,OAA+B;EAC9G,MAAMC,MAA+B,EAAE,GAAG,OAAO;AACjD,OAAK,MAAM,SAAS,OAClB,KAAI,KAAK,iCAAiC,uBAAuB,MAAM,CACrE,QAAO,IAAI,MAAM;AAGrB,SAAO,OAAO,OAAO,IAAI;;CAG3B,AAAQ,qBACN,WACA,QACA,OACM;EACN,MAAM,UAAU,OACb,QAAQ,UAAU,MAAM,aAAa,KAAK,CAC1C,QAAQ,UAAU,CAAC,KAAK,iCAAiC,uBAAuB,MAAM,CAAC,CACvF,QAAQ,UAAU,MAAM,MAAM,SAAS,UAAa,MAAM,MAAM,SAAS,QAAQ,MAAM,MAAM,SAAS,GAAG,CACzG,KAAK,UAAU,MAAM,IAAI;AAC5B,MAAI,QAAQ,SAAS,EACnB,OAAM,IAAI,wBAAwB,KAAK,oBAAoB,UAAU,aAAa,QAAQ,KAAK,KAAK,GAAG;;CAI3G,AAAQ,wBACN,QACA,eACM;EACN,MAAM,UAAU,OACb,QAAQ,UAAU,MAAM,aAAa,KAAK,CAC1C,QAAQ,UAAU,CAAC,KAAK,iCAAiC,uBAAuB,MAAM,CAAC,CACvF,QAAQ,UAAU,CAAC,cAAc,MAAM,QAAQ,cAAc,MAAM,KAAM,MAAM,CAAC,WAAW,EAAE,CAC7F,KAAK,UAAU,MAAM,IAAI;AAC5B,MAAI,QAAQ,SAAS,EACnB,OAAM,IAAI,wBAAwB,KAAK,4CAA4C,QAAQ,KAAK,KAAK,GAAG;;CAI5G,AAAQ,sBAAsB,QAA6C;EACzE,MAAM,iBAAiB,KAAK,uBAAuB,kBAAkB,OAAO;AAC5E,MAAI,CAAC,eACH,OAAM,IAAI,wBAAwB,KAAK,4BAA4B,SAAS;AAE9E,SAAO;;CAGT,MAAM,oBAAoB,YAAkC,aAAoC;EAC9F,MAAM,WAAW,MAAM,KAAK,gBAAgB,WAAW;AACvD,QAAM,KAAK,gBAAgB,aAAa,EACtC,UAAU;GACR,GAAG;GACH,aAAa;GACb,WAAW;GACZ,EACF,CAAC;AACF,OAAK,yBAAyB,cAAc,WAAW;;CAGzD,MAAc,MACZ,UACA,kBACgC;EAChC,MAAM,mBAAmB,MAAM,KAAK,sBAAsB,SAAS;AACnE,SAAO;GACL,YAAY,SAAS;GACrB,QAAQ,SAAS;GACjB,aAAa,SAAS;GACtB,YAAY,SAAS;GACrB,cAAc,SAAS;GACvB,MAAM,SAAS;GACf,aAAa,SAAS;GACtB,WAAW,SAAS;GACpB,WAAW,SAAS;GACpB,cAAc,kBAAkB;GAChC;GACD;;CAGH,MAAc,sBACZ,UACoD;EACpD,MAAM,iBAAiB,KAAK,uBAAuB,kBAAkB,SAAS,OAAO;AACrF,MAAI,gBAAgB,WAAW,MAAM,SAAS,SAC5C;EAEF,MAAM,aACJ,gBAAgB,eAAe,WAAW,OAAO,eAAe,WAAW,KAAK,aAAa;EAC/F,MAAM,WAAW,MAAM,KAAK,gBAAgB,kBAAkB,SAAS,WAAW;AAClF,MAAI,CAAC,SAKH,QAAO;GACL,QAAQ;GACR;GACA,QAAQ,CAAC,GAPa,KAAK,8BAA8B,uBACzD,eAAe,WAAW,MAC1B,SAAS,aACV,CAI6B;GAC7B;AAEH,SAAO;GACL,QAAQ;GACR,YAAY,SAAS;GACrB,gBAAgB,SAAS;GACzB,aAAa,SAAS;GACtB,QAAQ,SAAS;GACjB,WAAW,SAAS;GACrB;;;;CApWJ,YAAY;oBAGR,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,2BAA2B;oBAElC,OAAO,uBAAuB;oBAE9B,OAAO,iCAAiC;oBAExC,OAAO,2BAA2B;oBAElC,OAAO,8BAA8B;oBAErC,OAAO,WAAW,yBAAyB;;;;;;;;;;;;;;;AC7BzC,qCAAMC,2BAAyB;CACpC,YACE,AACiBC,iBACjB,AACiBC,2BACjB,AACiBC,oBACjB,AACiBC,0BACjB,AACiBC,gCACjB;EATiB;EAEA;EAEA;EAEA;EAEA;;CAGnB,MAAM,cACJ,MAC4B;EAC5B,MAAM,WAAW,KAAK,gBAAgB,KAAK,WAAW;EACtD,MAAM,cAAc,KAAK,mBAAmB,UAAU,KAAK,QAAQ,KAAK,QAAQ;EAChF,MAAM,WAAW,MAAM,KAAK,0BAA0B,gBAAgB,KAAK,WAAW;AACtF,MAAI,CAAC,YAAY,cAAc,SAAS,SAAS,OAAO,CACtD,OAAM,IAAI,wBACR,KACA,uBAAuB,SAAS,WAAW,IAAI,SAAS,OAAO,gCAAgC,KAAK,QAAQ,oBAAoB,YAAY,cAAc,KAAK,KAAK,GACrK;EAEH,MAAMC,UAA6B;GACjC,KAAK;IACH,YAAY,KAAK;IACjB,QAAQ,KAAK;IACb,SAAS,KAAK;IACf;GACD,YAAY,KAAK;GACjB,4BAAW,IAAI,MAAM,EAAC,aAAa;GACpC;AACD,QAAM,KAAK,gBAAgB,cAAc,QAAQ;AACjD,OAAK,yBAAyB,aAAa,QAAQ,IAAI;AACvD,SAAO;;CAGT,MAAM,mBAAmB,YAA0D;EACjF,MAAM,WAAW,KAAK,gBAAgB,WAAW;EACjD,MAAM,WAAW,MAAM,KAAK,gBAAgB,yBAAyB,WAAW;EAChF,MAAM,gBAAgB,IAAI,IAAI,SAAS,KAAK,YAAY,CAAC,KAAK,mBAAmB,QAAQ,IAAI,EAAE,QAAQ,CAAU,CAAC;EAClH,MAAMC,QAA2C,EAAE;AACnD,OAAK,MAAM,WAAW,KAAK,+BAA+B,UAAU,SAAS,EAAE;GAC7E,MAAM,cAAc,QAAQ;GAC5B,MAAM,aAAa;IACjB;IACA,QAAQ,QAAQ;IAChB,SAAS,YAAY;IACtB;GACD,MAAM,UAAU,cAAc,IAAI,KAAK,mBAAmB,WAAW,CAAC;AACtE,OAAI,CAAC,SAAS;AACZ,UAAM,KAAK;KACT;KACA,QAAQ,QAAQ;KAChB,UAAU,QAAQ;KAClB;KACA,QAAQ,EACN,QAAQ,YAAY,WAAW,qBAAqB,WACrD;KACF,CAAC;AACF;;GAEF,MAAM,WAAW,MAAM,KAAK,0BAA0B,gBAAgB,QAAQ,WAAW;GACzF,MAAM,mBAAmB,MAAM,KAAK,gBAAgB,oBAAoB,SAAS,WAAW;AAC5F,SAAM,KAAK;IACT;IACA,QAAQ,QAAQ;IAChB,UAAU,QAAQ;IAClB;IACA,UAAU;KACR,YAAY,SAAS;KACrB,QAAQ,SAAS;KACjB,aAAa,SAAS;KACtB,aAAa,SAAS;KACvB;IACD,QAAQ;KACN,QAAQ,kBAAkB,OAAO,UAAU;KAC3C,SAAS,kBAAkB,OAAO;KAClC,UAAU,kBAAkB,OAAO;KACpC;IACF,CAAC;;AAEJ,SAAO;GACL;GACA;GACD;;CAGH,AAAQ,gBAAgB,YAAwC;EAC9D,MAAM,WAAW,KAAK,mBAAmB,IAAI,mBAAmB,WAAW,CAAC;AAC5E,MAAI,CAAC,SACH,OAAM,IAAI,wBAAwB,KAAK,uBAAuB,aAAa;AAE7E,SAAO;;CAGT,AAAQ,mBAAmB,UAA8B,QAAgB,SAAwC;EAC/G,MAAM,WAAW,KAAK,+BAA+B,gBAAgB,UAAU,QAAQ,QAAQ;AAC/F,MAAI,CAAC,UAAU;AACb,OAAI,CAAC,KAAK,+BAA+B,6BAA6B,UAAU,OAAO,CACrF,OAAM,IAAI,wBAAwB,KAAK,0BAA0B,SAAS;AAE5E,SAAM,IAAI,wBAAwB,KAAK,QAAQ,OAAO,oCAAoC,QAAQ,GAAG;;AAEvG,SAAO,SAAS;;CAGlB,AAAQ,mBAAmB,YAA0C;AACnE,SAAO,GAAG,WAAW,WAAW,GAAG,WAAW,OAAO,GAAG,WAAW;;;;CAhHtE,YAAY;oBAGR,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,0BAA0B;oBAEjC,OAAO,WAAW,mBAAmB;oBAErC,OAAO,WAAW,yBAAyB;oBAE3C,OAAO,+BAA+B;;;;;;;;;;;;;ACzBpC,6CAAMC,mCAAiC;CAC5C,YACE,AACiBC,iBACjB,AACiBC,4BACjB,AACiBC,wBACjB,AACiBC,wBACjB;EAPiB;EAEA;EAEA;EAEA;;CAGnB,MAAM,QAAQ,UAAyD;EACrE,MAAM,eAAe,MAAM,KAAK,2BAA2B,gBAAgB,SAAS;AAEpF,OADa,KAAK,uBAAuB,kBAAkB,SAAS,OAAO,EAAE,WAAW,OAC9E,SAAS,SACjB,QAAO;EAET,MAAM,iBAAiB,MAAM,KAAK,gBAAgB,kBAAkB,SAAS,WAAW;AACxF,MAAI,CAAC,eACH,QAAO;EAET,MAAM,0BAA0B,KAAK,uBAAuB,QAAQ,eAAe;AACnF,SAAO,OAAO,OAAO;GACnB,GAAG;GACH,GAAG;GACJ,CAAC;;;;CA3BL,YAAY;oBAGR,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,2BAA2B;oBAElC,OAAO,uBAAuB;oBAE9B,OAAO,2BAA2B;;;;;;;;;;;;ACEhC,yCAAMC,+BAAiE;CAC5E,AAAiB,6CAA6B,IAAI,KAA6C;CAC/F,AAAiB,gDAAgC,IAAI,KAAmC;CAExF,YACE,AACiBC,iBACjB,AACiBC,kCACjB,AACiBC,kCACjB,AACiBC,wBACjB,AACiBC,oBACjB,AACiBC,gCACjB;EAXiB;EAEA;EAEA;EAEA;EAEA;EAEA;;CAGnB,MAAM,WACJ,MACmB;EACnB,MAAM,WAAW,KAAK,mBAAmB,IAAI,mBAAmB,KAAK,WAAW,CAAC;EACjF,MAAM,eAAe,WACjB,KAAK,+BAA+B,8BAA8B,UAAU,KAAK,OAAO,GACxF;EACJ,MAAM,cAAc,WAChB,KAAK,+BAA+B,gBAAgB,UAAU,KAAK,QAAQ,KAAK,QAAQ,EAAE,cAC1F;EACJ,MAAMC,aAAmC;GACvC,YAAY,KAAK;GACjB,QAAQ,KAAK;GACb,SAAS,KAAK;GACf;EACD,MAAM,UAAU,MAAM,KAAK,gBAAgB,WAAW,WAAW;AACjE,MAAI,CAAC,SAAS;GACZ,MAAM,UAAU,IAAI,uBAAuB,YAAY,aAAa,iBAAiB,EAAE,CAAC;AACxF,OAAI,aACF,OAAM,IAAI,MAAM,GAAG,aAAa,IAAI,QAAQ,WAAW,EAAE,OAAO,SAAS,CAAC;AAE5E,SAAM;;EAER,MAAM,kBAAkB,KAAK,mBAAmB,WAAW;AAC3D,OAAK,8BAA8B,IAAI,iBAAiB,QAAQ,WAAW;EAC3E,MAAM,gBAAgB,KAAK,2BAA2B,IAAI,QAAQ,WAAW;AAC7E,MAAI,cACF,QAAQ,MAAM;EAEhB,MAAM,qBAAqB,KAAK,cAAc,QAAQ,YAAY,aAAa,CAAC,OAAO,UAAU;AAC/F,QAAK,2BAA2B,OAAO,QAAQ,WAAW;AAC1D,SAAM;IACN;AACF,OAAK,2BAA2B,IAAI,QAAQ,YAAY,mBAAmB;AAC3E,SAAQ,MAAM;;CAGhB,cAAc,YAAwC;AACpD,OAAK,2BAA2B,OAAO,WAAW;;CAGpD,aAAa,YAAwC;EACnD,MAAM,WAAW,KAAK,mBAAmB,WAAW;EACpD,MAAM,aAAa,KAAK,8BAA8B,IAAI,SAAS;AACnE,MAAI,WACF,MAAK,2BAA2B,OAAO,WAAW;AAEpD,OAAK,8BAA8B,OAAO,SAAS;;CAGrD,MAAc,cAAc,YAAkC,cAAyC;EACrG,MAAM,WAAW,MAAM,KAAK,gBAAgB,YAAY,WAAW;AACnE,MAAI,CAAC,SACH,OAAM,IAAI,wBAAwB,KAAK,gCAAgC,aAAa;EAEtF,MAAM,iBAAiB,KAAK,uBAAuB,kBAAkB,SAAS,OAAO;AACrF,MAAI,CAAC,eAEH,OAAM,IAAI,wBACR,KACA,GAHa,eAAe,GAAG,aAAa,MAAM,GAGxC,mBAAmB,SAAS,OAAO,0EAC9C;EAEH,MAAM,WAAW,MAAM,KAAK,iCAAiC,QAAQ,SAAS;EAC9E,MAAM,EAAE,sBAAsB,qBAAqB,KAAK,iCAAiC,MAAM;GAC7F,YAAY,eAAe;GAC3B,cAAc,SAAS;GACvB;GACD,CAAC;AACF,SAAO,MAAM,eAAe,cAAc;GACxC;GACA,UAAU;GACV,cAAc;GACf,CAAC;;CAGJ,AAAQ,mBAAmB,YAA0C;AACnE,SAAO,GAAG,WAAW,WAAW,GAAG,WAAW,OAAO,GAAG,WAAW;;;;CAjGtE,YAAY;oBAMR,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,iCAAiC;oBAExC,OAAO,iCAAiC;oBAExC,OAAO,2BAA2B;oBAElC,OAAO,WAAW,mBAAmB;oBAErC,OAAO,+BAA+B;;;;;;;;;;;;;;AClBpC,kCAAMC,wBAAsB;CACjC,YACE,AACiBC,2BACjB,AACiBC,kCACjB,AACiBC,kCACjB,AACiBC,wBACjB,AACiBC,iBACjB,AACiBC,0BACjB;EAXiB;EAEA;EAEA;EAEA;EAEA;EAEA;;CAGnB,MAAM,KAAK,YAA6D;EACtE,MAAM,WAAW,MAAM,KAAK,0BAA0B,gBAAgB,WAAW;EACjF,MAAM,iBAAiB,KAAK,sBAAsB,SAAS,OAAO;EAClE,MAAM,WAAW,MAAM,KAAK,iCAAiC,QAAQ,SAAS;EAC9E,MAAM,EAAE,sBAAsB,qBAAqB,KAAK,iCAAiC,MAAM;GAC7F,YAAY,eAAe;GAC3B,cAAc,SAAS;GACvB;GACD,CAAC;EACF,MAAM,SAAS,MAAM,eAAe,KAAK;GACvC;GACA,UAAU;GACV,cAAc;GACf,CAAC;EACF,MAAM,WAAW,OAAO,6BAAY,IAAI,MAAM,EAAC,aAAa;AAC5D,QAAM,KAAK,gBAAgB,eAAe;GACxC,QAAQ,YAAY;GACpB;GACA,QAAQ;IACN,GAAG;IACH;IACD;GACD;GACA,WAAW,OAAO;GACnB,CAAC;AACF,OAAK,yBAAyB,cAAc,WAAW;AACvD,SAAO;GACL,GAAG;GACH;GACD;;CAGH,AAAQ,sBAAsB,QAA6C;EACzE,MAAM,iBAAiB,KAAK,uBAAuB,kBAAkB,OAAO;AAC5E,MAAI,CAAC,eACH,OAAM,IAAI,wBAAwB,KAAK,4BAA4B,SAAS;AAE9E,SAAO;;;;CAtDV,YAAY;oBAGR,OAAO,0BAA0B;oBAEjC,OAAO,iCAAiC;oBAExC,OAAO,iCAAiC;oBAExC,OAAO,2BAA2B;oBAElC,OAAO,kBAAkB,gBAAgB;oBAEzC,OAAO,WAAW,yBAAyB"}
package/dist/{CredentialServices-DdCEP2xt.d.ts → CredentialServices-UfvHB-rN.d.ts} RENAMED
@@ -1,6 +1,6 @@
1
- import { Ct as CredentialTypeDefinition, J as WorkflowDefinition, St as CredentialType, Tt as CredentialTypeRegistry, _t as CredentialOAuth2AuthDefinition, bt as CredentialSessionService, ct as AnyCredentialType, dt as CredentialFieldSchema, ft as CredentialHealth, ht as CredentialJsonRecord, lt as CredentialBinding, mt as CredentialInstanceRecord, p as WorkflowRepository, pt as CredentialInstanceId, ut as CredentialBindingKey, vt as CredentialRequirement, wt as CredentialTypeId } from "./ItemsInputNormalizer-D1WppVMU.js";
2
- import { r as AppConfig } from "./CodemationAppContext-CvWi5gey.js";
3
- import { a as UpdateCredentialInstanceRequest, n as CredentialInstanceDto, r as CredentialInstanceWithSecretsDto, s as WorkflowCredentialHealthDto, t as CreateCredentialInstanceRequest } from "./CredentialContractsRegistry-D7mcPed2.js";
1
+ import { Ct as CredentialTypeDefinition, J as WorkflowDefinition, St as CredentialType, Tt as CredentialTypeRegistry, _t as CredentialOAuth2AuthDefinition, bt as CredentialSessionService, ct as AnyCredentialType, dt as CredentialFieldSchema, ft as CredentialHealth, ht as CredentialJsonRecord, lt as CredentialBinding, mt as CredentialInstanceRecord, p as WorkflowRepository, pt as CredentialInstanceId, ut as CredentialBindingKey, vt as CredentialRequirement, wt as CredentialTypeId } from "./ItemsInputNormalizer-C-KHg9Mo.js";
2
+ import { r as AppConfig } from "./CodemationAppContext-DRu1Dpri.js";
3
+ import { a as UpdateCredentialInstanceRequest, n as CredentialInstanceDto, r as CredentialInstanceWithSecretsDto, s as WorkflowCredentialHealthDto, t as CreateCredentialInstanceRequest } from "./CredentialContractsRegistry-DrMIDSw8.js";
4
4
 
5
5
  //#region src/domain/credentials/CredentialTypeRegistryImpl.d.ts
6
6
  declare class CredentialTypeRegistryImpl implements CredentialTypeRegistry {
@@ -239,4 +239,4 @@ type MutableCredentialSessionService = CredentialSessionService & Readonly<{
239
239
  }>;
240
240
  //#endregion
241
241
  export { CredentialInstanceService as a, CredentialSecretCipher as c, CredentialBindingService as i, CredentialFieldEnvOverlayService as l, CredentialType$1 as n, CredentialOAuth2ScopeResolver as o, CredentialRuntimeMaterialService as r, CredentialMaterialResolver as s, CredentialStore as t, CredentialTypeRegistryImpl as u };
242
- //# sourceMappingURL=CredentialServices-DdCEP2xt.d.ts.map
242
+ //# sourceMappingURL=CredentialServices-UfvHB-rN.d.ts.map
package/dist/{ItemsInputNormalizer-D1WppVMU.d.ts → ItemsInputNormalizer-C-KHg9Mo.d.ts} RENAMED
@@ -318,6 +318,11 @@ interface NodeExecutionSnapshot {
318
318
  inputsByPort?: NodeInputsByPort;
319
319
  outputs?: NodeOutputs;
320
320
  error?: NodeExecutionError;
321
+ /**
322
+ * When the node is a SubWorkflow invocation, the run id of the child run it spawned.
323
+ * Populated after the child run completes so the UI can deep-link to that specific execution.
324
+ */
325
+ childRunId?: RunId;
321
326
  }
322
327
  /** Stable id for a single connection invocation row in {@link ConnectionInvocationRecord}. */
323
328
  type ConnectionInvocationId = string;
@@ -968,6 +973,11 @@ interface ExecutionInstanceDto {
968
973
  readonly itemIndex?: number;
969
974
  /** Parent invocation id when this instance was emitted by a sub-agent triggered by an outer LLM/tool call. */
970
975
  readonly parentInvocationId?: string;
976
+ /**
977
+ * When this instance is a SubWorkflow node activation, the run id of the child run it spawned.
978
+ * Used by the UI to deep-link directly to the child execution.
979
+ */
980
+ readonly childRunId?: string;
971
981
  }
972
982
  //#endregion
973
983
  //#region ../core/src/contracts/webhookTypes.d.ts
@@ -1303,6 +1313,15 @@ interface NodeExecutionStatePublisher {
1303
1313
  error: Error;
1304
1314
  }): Promise<void>;
1305
1315
  appendConnectionInvocation(args: ConnectionInvocationAppendArgs): Promise<void>;
1316
+ /**
1317
+ * Annotates the current snapshot for `nodeId` with the id of the child run spawned by a
1318
+ * SubWorkflow invocation. Called from `SubWorkflowNode.execute` after `runById` resolves.
1319
+ * The engine's subsequent `markCompleted` call preserves the value via `previous.childRunId`.
1320
+ */
1321
+ setChildRunId?(args: {
1322
+ nodeId: NodeId;
1323
+ childRunId: RunId;
1324
+ }): Promise<void>;
1306
1325
  }
1307
1326
  type BinaryBody = ReadableStream<Uint8Array> | AsyncIterable<Uint8Array> | Uint8Array | ArrayBuffer;
1308
1327
  interface BinaryStorageWriteRequest {
@@ -1551,4 +1570,4 @@ interface ChatModelFactory<TConfig extends ChatModelConfig = ChatModelConfig> {
1551
1570
  }
1552
1571
  //#endregion
1553
1572
  export { RunCurrentState as $, TelemetryArtifactAttachment as A, NodeDefinition as B, AnyRunnableNodeConfig as C, CredentialTypeDefinition as Ct, WebhookTriggerMatcher as D, WorkflowId as Dt, WebhookInvocationMatch as E, NodeId as Et, BinaryAttachment as F, RunIdFactory as G, ParentExecutionRef as H, Item as I, WorkflowDefinition as J, RunnableNodeConfig as K, Items as L, TelemetryMetricRecord as M, TelemetrySpanEventRecord as N, WebhookTriggerResolution as O, ActivationIdFactory as P, PersistedWorkflowTokenRegistryLike as Q, JsonValue as R, ChainCursor as S, CredentialType as St, HttpMethod as T, CredentialTypeRegistry as Tt, PersistedRunPolicySnapshot as U, NodeOutputs as V, RunId as W, NodeInputsByPort as X, CurrentStateExecutionRequest as Y, PersistedRunState as Z, EngineExecutionLimitsPolicyConfig as _, CredentialOAuth2AuthDefinition as _t, ParamDeep as a, RunSummary as at, TestCaseRunStatus as b, CredentialSessionService as bt, NodeActivationContinuation as c, AnyCredentialType as ct, NodeExecutionRequestHandler as d, CredentialFieldSchema as dt, RunExecutionOptions as et, NodeExecutionScheduler as f, CredentialHealth as ft, TypeToken as g, CredentialMaterialSourceKind as gt, Container as h, CredentialJsonRecord as ht, ToolConfig as i, RunStopCondition as it, TelemetryAttributes as j, WorkflowRunDetailDto as k, NodeExecutionContext as l, CredentialBinding as lt, WorkflowSnapshotResolver as m, CredentialInstanceRecord as mt, AgentMessageConfig as n, RunResult as nt, BinaryStorage as o, WebhookRunResult as ot, WorkflowRepository as p, CredentialInstanceId as pt, RunnableNodeOutputJson as q, ChatModelConfig as r, RunStatus as rt, LiveWorkflowRepository as s, WorkflowExecutionRepository as st, AgentGuardrailConfig as t, RunPruneCandidate as tt, NodeExecutionRequest as u, CredentialBindingKey as ut, RunEvent as v, CredentialRequirement as vt, WorkflowActivationPolicy as w, CredentialTypeId as wt, TestSuiteRunStatus as x, CredentialSetupStatus as xt, RunEventBus as y, CredentialSessionFactoryArgs as yt, NodeActivationId as z };
1554
- //# sourceMappingURL=ItemsInputNormalizer-D1WppVMU.d.ts.map
1573
+ //# sourceMappingURL=ItemsInputNormalizer-C-KHg9Mo.d.ts.map