@codemation/host 0.7.0 → 0.9.0

package/CHANGELOG.md

@@ -1,5 +1,94 @@
 # @codemation/host
 
+## 0.9.0
+
+### Minor Changes
+
+- [#170](https://github.com/MadeRelevant/codemation/pull/170) [`0b3d2a3`](https://github.com/MadeRelevant/codemation/commit/0b3d2a3dc379c0d8a6509ae97e47f6bb880caea3) Thanks [@cblokland90](https://github.com/cblokland90)! - feat(credentials): app gallery API (framework half)
+
+  Adds the framework-side credential "app gallery" surface that the control
+  plane's credentials gallery UI consumes:
+  - `@codemation/host`: a `GET /api/credentials/apps` endpoint backed by a new
+    `GetCredentialAppsQuery` / handler and an `AppGalleryProjector` that projects
+    the configured credential types + connected instances into `AppGalleryEntry`
+    rows (`AppsResponse`). Wired through `CredentialContractsRegistry`,
+    `ApiPaths.credentialApps()`, the credential route registrar/handler, and DI.
+  - `@codemation/canvas-core`: `WorkflowCanvasApiClient.fetchCredentialApps()`,
+    the `credentialAppsQueryKey`, and a `useCredentialAppsQuery` hook.
+  - `@codemation/next-host`: `NextHostApiClientAdapter.fetchCredentialApps()` so
+    the dev shell satisfies the canvas API client contract.
+
+- [#167](https://github.com/MadeRelevant/codemation/pull/167) [`3044474`](https://github.com/MadeRelevant/codemation/commit/3044474495525490735510ff74500b53761284b6) Thanks [@cblokland90](https://github.com/cblokland90)! - feat(hitl): Human-in-the-Loop — engine suspend/resume, inbox approval node + channels (local + control-plane), agent-as-tool, decision/timeout handling, inbox decision UX (toast + node status icons + "waiting for approval"), plus the consolidated dev/canvas/host fixes shipped alongside.
+
+### Patch Changes
+
+- [#170](https://github.com/MadeRelevant/codemation/pull/170) [`0b3d2a3`](https://github.com/MadeRelevant/codemation/commit/0b3d2a3dc379c0d8a6509ae97e47f6bb880caea3) Thanks [@cblokland90](https://github.com/cblokland90)! - fix(host): allow CP_WEB_ORIGIN to be a comma-separated CORS allowlist
+
+  `ManagedCorsMiddleware` compared the request origin with `===` against the raw
+  `CP_WEB_ORIGIN` value, so when the provisioner injects more than one origin
+  (e.g. the Caddy origin plus the direct dev port) the joined string never
+  matched any real origin. Every CORS preflight 403'd, which left the control
+  plane's workspace canvas stuck on "Getting your canvas ready…". The middleware
+  now parses `CP_WEB_ORIGIN` as a comma-separated allowlist and echoes back the
+  request's own origin when it is a member.
+
+- Updated dependencies [[`3044474`](https://github.com/MadeRelevant/codemation/commit/3044474495525490735510ff74500b53761284b6)]:
+  - @codemation/core@0.12.0
+  - @codemation/core-nodes@0.9.0
+  - @codemation/eventbus-redis@0.0.40
+
+## 0.8.0
+
+### Minor Changes
+
+- [#150](https://github.com/MadeRelevant/codemation/pull/150) [`8ac207a`](https://github.com/MadeRelevant/codemation/commit/8ac207ab263542e46fad0b9e1ea584fbb71a747c) Thanks [@cblokland90](https://github.com/cblokland90)! - Add workspace-host Docker image packaging and managed template peerDeps fix.
+  - Move @codemation/\* from dependencies to peerDependencies in the managed template (avoids n8n-style dual-instance singleton trap at runtime; framework packages resolve from the base image)
+  - Add codemationVersion: "1.0.0" field to managed template codemation.config.ts and DefineCodemationAppOptions (reserved compatibility-date slot, no enforcement yet)
+  - Add packages/host/src/bin/server.ts standalone entry point for workspace pod runtime
+  - Add packaging/workspace-host/Dockerfile for the codemation-workspace-host:1.0.0 base image
+
+### Patch Changes
+
+- [#153](https://github.com/MadeRelevant/codemation/pull/153) [`a70e182`](https://github.com/MadeRelevant/codemation/commit/a70e182a852026e4f6d8f317fe9862417dc23ce6) Thanks [@cblokland90](https://github.com/cblokland90)! - Move UI-only packages (monaco-editor, react, @xyflow/react, dagre, lucide-react, rc-tree, etc.) from `dependencies` to `devDependencies` in @codemation/host. No runtime source in `packages/host/src` imports these packages — they were vestigial from before the UI was extracted to @codemation/next-host. Moving them ensures pnpm filtered installs (e.g. `--filter @codemation/host...`) no longer pull in ~1.5 GB of UI dependencies, which is required for the workspace-host container image to stay small.
+
+- [#156](https://github.com/MadeRelevant/codemation/pull/156) [`5315e23`](https://github.com/MadeRelevant/codemation/commit/5315e2361492560601ac2c97491aa58c49346fd4) Thanks [@cblokland90](https://github.com/cblokland90)! - fix(host): only throw on invalid WORKSPACE_PAIRING_SECRET in managed mode
+
+  Previously, setting WORKSPACE_PAIRING_SECRET to an invalid value (not a 32-byte base64 string) would crash the host at boot time even when running in non-managed mode (the default). Framework consumers who accidentally set this env var or left a misconfigured value would see an opaque boot error unrelated to their actual configuration.
+
+  After this fix, the invalid-secret error is only propagated in `auth.kind: "managed"` mode. In all other modes, the error is caught, a warning is logged, and the host boots normally without pairing infrastructure wired up. Managed-mode consumers continue to see the full error at startup.
+
+- [#152](https://github.com/MadeRelevant/codemation/pull/152) [`ac860a5`](https://github.com/MadeRelevant/codemation/commit/ac860a5af1df3e5766581e644fef8cc0d1b24eba) Thanks [@cblokland90](https://github.com/cblokland90)! - Fix ControlPlaneCatalogFetcher calling wrong URL path (sprint-mvp/01).
+
+  The fetcher was calling `/api/catalog/*` (session-gated in the CP) instead of
+  `/internal/catalog/*` (HMAC-gated). The CP's `/api/*` router returned 401 for
+  every HMAC-signed request because it requires a Better Auth session cookie, not a
+  workspace pairing signature.
+
+  This caused every provisioned workspace to log steady `HTTP 401 Unauthorized`
+  errors from `ControlPlaneCatalogFetcher`, blocking OAuth credential-type and MCP
+  server catalog fetches.
+
+- [#157](https://github.com/MadeRelevant/codemation/pull/157) [`3025b86`](https://github.com/MadeRelevant/codemation/commit/3025b8685b0d7ad60c506b5a0f21967e681a25ea) Thanks [@cblokland90](https://github.com/cblokland90)! - Shrink workspace-host Docker image by decoupling CLI from next-host at runtime.
+
+  `@codemation/cli`: demote `@codemation/next-host` from `dependencies` to `devDependencies`. The CLI's
+  non-headless serve path resolves the next-host package at runtime via `require.resolve()`; the
+  headless path (used by workspace-host pods) never touches it. Consumers that install `@codemation/cli`
+  from the registry and need the UI shell must add `@codemation/next-host` as a direct dependency.
+
+  `@codemation/core-nodes`: demote `lucide-react` from `dependencies` to `devDependencies`. The package
+  only references lucide icon names as strings (e.g. `"lucide:bot"`); it never imports the react library
+  at runtime. This removes ~46 MB from runtime installs of `@codemation/core-nodes`.
+
+  `@codemation/host`: promote `execa` and `dotenv` from `devDependencies` to `dependencies`. Both are
+  required at Dockerfile build time by `scripts/generate-prisma-clients.mjs` (imports `execaSync` from
+  `execa`) and `prisma.config.ts` (imports `dotenv/config`). These files run during `prisma:generate`
+  which executes in the production builder stage with `--prod` install (no devDeps available).
+
+- Updated dependencies [[`e0933eb`](https://github.com/MadeRelevant/codemation/commit/e0933ebc51806a9593f94758860c591b8346a7a5), [`3025b86`](https://github.com/MadeRelevant/codemation/commit/3025b8685b0d7ad60c506b5a0f21967e681a25ea)]:
+  - @codemation/core@0.11.1
+  - @codemation/core-nodes@0.8.1
+  - @codemation/eventbus-redis@0.0.39
+
 ## 0.7.0
 
 ### Minor Changes

package/LICENSE

@@ -1 +1,37 @@
-../../LICENSE
+Codemation Pre-Stable License
+
+Copyright (c) Made Relevant B.V. All rights reserved.
+
+1. Definitions
+
+   "Software" means the Codemation source code, documentation, and artifacts in this repository and any published npm packages in the Codemation monorepo.
+
+   "Stable Version" means the first published release of the package `@codemation/core` on the public npm registry with version 1.0.0 or higher.
+
+2. Permitted use (before Stable Version)
+
+   Until a Stable Version exists, you may use, copy, modify, and distribute the Software only for non-commercial purposes, including personal learning, research, evaluation, and internal use within your organization that does not charge third parties for access to the Software or a product or service whose primary value is the Software.
+
+3. Restrictions (before Stable Version)
+
+   Until a Stable Version exists, you must not:
+
+   a) Sell, rent, lease, or sublicense the Software or a derivative work for a fee;
+
+   b) Offer the Software or a derivative work as part of a paid product or service (including hosting, support, or consulting) where the Software is a material part of the offering;
+
+   c) Use the Software or a derivative work primarily to generate revenue or commercial advantage for you or others.
+
+   These restrictions apply to all versions published before a Stable Version, even if a later Stable Version is released under different terms.
+
+4. After Stable Version
+
+   The maintainers may publish a Stable Version under different license terms. If they do, those terms apply only to that Stable Version and subsequent releases they designate; they do not automatically apply to earlier pre-stable versions.
+
+5. No warranty
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+6. Third-party components
+
+   The Software may include third-party components under their own licenses. Those licenses govern those components.

package/dist/{ApiPaths-Dv1dcHu_.js → ApiPaths-DCvrlIjg.js}

@@ -120,6 +120,9 @@ var ApiPaths = class {
 	static credentialInstances() {
 		return `${this.credentialsBasePath}/instances`;
 	}
+	static credentialApps() {
+		return `${this.credentialsBasePath}/apps`;
+	}
 	static credentialInstance(instanceId, withSecrets) {
 		const base = `${this.credentialInstances()}/${encodeURIComponent(instanceId)}`;
 		return withSecrets ? `${base}?withSecrets=1` : base;
@@ -231,8 +234,16 @@ var ApiPaths = class {
 	static internalAuthBootstrap() {
 		return `${this.bootstrapBasePath}/auth/internal`;
 	}
+	/** Token-authenticated: resume a suspended HITL task. */
+	static hitlTaskResume(taskId) {
+		return `${this.apiBasePath}/hitl/tasks/${encodeURIComponent(taskId)}/resume`;
+	}
+	/** Session-authenticated: record a decision on a suspended HITL task. */
+	static hitlTaskDecide(taskId) {
+		return `${this.apiBasePath}/hitl/tasks/${encodeURIComponent(taskId)}/decide`;
+	}
 };
 
 //#endregion
 export { InAppCallbackUrlPolicy as n, ApiPaths as t };
-//# sourceMappingURL=ApiPaths-Dv1dcHu_.js.map
+//# sourceMappingURL=ApiPaths-DCvrlIjg.js.map

package/dist/{ApiPaths-Dv1dcHu_.js.map → ApiPaths-DCvrlIjg.js.map}

@@ -1 +1 @@
-{"version":3,"file":"ApiPaths-Dv1dcHu_.js","names":[],"sources":["../src/infrastructure/auth/InAppCallbackUrlPolicy.ts","../src/presentation/http/ApiPaths.ts"],"sourcesContent":["/**\n * Restricts post-login navigation targets to same-origin relative paths (no open redirects).\n */\nexport class InAppCallbackUrlPolicy {\n  private static readonly fallbackPath = \"/\";\n\n  resolveSafeRelativeCallbackUrl(raw: string | undefined | null): string {\n    if (raw === undefined || raw === null) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    if (this.containsAsciiControl(raw)) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    const trimmed = raw.trim();\n    if (trimmed.length === 0) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    if (!trimmed.startsWith(\"/\")) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    if (trimmed.startsWith(\"//\")) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    if (trimmed.includes(\"\\\\\")) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    return trimmed;\n  }\n\n  private containsAsciiControl(value: string): boolean {\n    for (let index = 0; index < value.length; index += 1) {\n      const code = value.charCodeAt(index);\n      if (code <= 0x1f || code === 0x7f) {\n        return true;\n      }\n    }\n    return false;\n  }\n}\n","export class ApiPaths {\n  private static readonly apiBasePath = \"/api\";\n\n  private static readonly workflowsBasePath = `${this.apiBasePath}/workflows`;\n\n  private static readonly runsBasePath = `${this.apiBasePath}/runs`;\n\n  private static readonly credentialsBasePath = `${this.apiBasePath}/credentials`;\n\n  private static readonly oauth2BasePath = `${this.apiBasePath}/oauth2`;\n\n  private static readonly webhooksBasePath = `${this.apiBasePath}/webhooks`;\n\n  private static readonly usersBasePath = `${this.apiBasePath}/users`;\n\n  private static readonly telemetryBasePath = `${this.apiBasePath}/telemetry`;\n\n  private static readonly whitelabelBasePath = `${this.apiBasePath}/whitelabel`;\n\n  private static readonly bootstrapBasePath = `${this.apiBasePath}/bootstrap`;\n\n  private static readonly authBasePath = `${this.apiBasePath}/auth`;\n\n  private static readonly collectionsBasePath = `${this.apiBasePath}/collections`;\n\n  static collections(): string {\n    return this.collectionsBasePath;\n  }\n\n  static collection(name: string): string {\n    return `${this.collectionsBasePath}/${encodeURIComponent(name)}`;\n  }\n\n  static collectionRows(name: string): string {\n    return `${this.collection(name)}/rows`;\n  }\n\n  static collectionRow(name: string, id: string): string {\n    return `${this.collectionRows(name)}/${encodeURIComponent(id)}`;\n  }\n\n  static syncCollections(): string {\n    return `${this.collectionsBasePath}/sync`;\n  }\n\n  static workflows(): string {\n    return this.workflowsBasePath;\n  }\n\n  static workflow(workflowId: string): string {\n    return `${this.workflowsBasePath}/${encodeURIComponent(workflowId)}`;\n  }\n\n  static workflowActivation(workflowId: string): string {\n    return `${this.workflow(workflowId)}/activation`;\n  }\n\n  static workflowRuns(workflowId: string): string {\n    return `${this.workflow(workflowId)}/runs`;\n  }\n\n  static workflowTestSuiteRuns(workflowId: string): string {\n    return `${this.workflow(workflowId)}/test-suite-runs`;\n  }\n\n  /**\n   * `GET` returns per-assertion-metric trends across the workflow's recent suite runs. With\n   * no `names` arg, every distinct assertion name is returned (so the multi-select can populate);\n   * with `names`, only the requested subset is returned (order preserved).\n   */\n  static workflowAssertionMetricTrends(workflowId: string, names?: ReadonlyArray<string>): string {\n    const base = `${this.workflow(workflowId)}/assertion-metric-trends`;\n    if (!names || names.length === 0) {\n      return base;\n    }\n    return `${base}?names=${names.map((n) => encodeURIComponent(n)).join(\",\")}`;\n  }\n\n  static testSuiteRun(testSuiteRunId: string): string {\n    return `${this.apiBasePath}/test-suite-runs/${encodeURIComponent(testSuiteRunId)}`;\n  }\n\n  static testSuiteRunAssertions(testSuiteRunId: string): string {\n    return `${this.testSuiteRun(testSuiteRunId)}/assertions`;\n  }\n\n  static testSuiteRunChildRuns(testSuiteRunId: string): string {\n    return `${this.testSuiteRun(testSuiteRunId)}/runs`;\n  }\n\n  static runAssertions(runId: string): string {\n    return `${this.runState(runId)}/assertions`;\n  }\n\n  static workflowCredentialHealth(workflowId: string): string {\n    return `${this.workflow(workflowId)}/credential-health`;\n  }\n\n  static workflowDebuggerOverlay(workflowId: string): string {\n    return `${this.workflow(workflowId)}/debugger-overlay`;\n  }\n\n  static workflowDebuggerOverlayCopyRun(workflowId: string): string {\n    return `${this.workflowDebuggerOverlay(workflowId)}/copy-run`;\n  }\n\n  static workflowDebuggerOverlayBinaryUpload(workflowId: string): string {\n    return `${this.workflowDebuggerOverlay(workflowId)}/binary/upload`;\n  }\n\n  static workflowOverlayBinaryContent(workflowId: string, binaryId: string): string {\n    return `${this.workflow(workflowId)}/debugger-overlay/binary/${encodeURIComponent(binaryId)}/content`;\n  }\n\n  static runs(): string {\n    return this.runsBasePath;\n  }\n\n  static run(): string {\n    return this.runs();\n  }\n\n  static credentialTypes(): string {\n    return `${this.credentialsBasePath}/types`;\n  }\n\n  static credentialsEnvStatus(): string {\n    return `${this.credentialsBasePath}/env-status`;\n  }\n\n  static credentialInstances(): string {\n    return `${this.credentialsBasePath}/instances`;\n  }\n\n  static credentialInstance(instanceId: string, withSecrets?: boolean): string {\n    const base = `${this.credentialInstances()}/${encodeURIComponent(instanceId)}`;\n    return withSecrets ? `${base}?withSecrets=1` : base;\n  }\n\n  static credentialInstanceTest(instanceId: string): string {\n    return `${this.credentialInstance(instanceId)}/test`;\n  }\n\n  static credentialBindings(): string {\n    return `${this.apiBasePath}/credential-bindings`;\n  }\n\n  static oauth2RedirectUri(): string {\n    return `${this.oauth2BasePath}/redirect-uri`;\n  }\n\n  static oauth2Disconnect(instanceId: string): string {\n    return `${this.oauth2BasePath}/disconnect?instanceId=${encodeURIComponent(instanceId)}`;\n  }\n\n  static credentialOAuthStart(): string {\n    return `${this.credentialsBasePath}/oauth/start`;\n  }\n\n  static workflowWebsocket(): string {\n    return `${this.workflowsBasePath}/ws`;\n  }\n\n  /** Dev gateway: stable browser WebSocket for build lifecycle (CLI → gateway → browser). */\n  static devGatewaySocket(): string {\n    return `${this.apiBasePath}/dev/socket`;\n  }\n\n  /** Dev gateway: HTTP notify endpoint used by the Codemation CLI during consumer rebuilds. */\n  static devGatewayNotify(): string {\n    return `${this.apiBasePath}/dev/notify`;\n  }\n\n  static webhooks(): string {\n    return this.webhooksBasePath;\n  }\n\n  static users(): string {\n    return this.usersBasePath;\n  }\n\n  static telemetryDashboardSummary(): string {\n    return `${this.telemetryBasePath}/dashboard/summary`;\n  }\n\n  static telemetryDashboardTimeseries(): string {\n    return `${this.telemetryBasePath}/dashboard/timeseries`;\n  }\n\n  static telemetryDashboardDimensions(): string {\n    return `${this.telemetryBasePath}/dashboard/dimensions`;\n  }\n\n  static telemetryDashboardRuns(): string {\n    return `${this.telemetryBasePath}/dashboard/runs`;\n  }\n\n  static telemetryRunTrace(runId: string): string {\n    return `${this.telemetryBasePath}/runs/${runId}/trace`;\n  }\n\n  static authSession(): string {\n    return `${this.authBasePath}/session`;\n  }\n\n  static authLogin(): string {\n    return `${this.authBasePath}/login`;\n  }\n\n  static authLogout(): string {\n    return `${this.authBasePath}/logout`;\n  }\n\n  static authOAuthStart(providerId: string, callbackUrl?: string): string {\n    const base = `${this.authBasePath}/oauth/${encodeURIComponent(providerId)}/start`;\n    if (!callbackUrl) {\n      return base;\n    }\n    return `${base}?callbackUrl=${encodeURIComponent(callbackUrl)}`;\n  }\n\n  static authOAuthCallback(providerId: string): string {\n    return `${this.authBasePath}/oauth/${encodeURIComponent(providerId)}/callback`;\n  }\n\n  static userInviteVerify(): string {\n    return `${this.usersBasePath}/invites/verify`;\n  }\n\n  static userInviteAccept(): string {\n    return `${this.usersBasePath}/invites/accept`;\n  }\n\n  static userInvites(): string {\n    return `${this.usersBasePath}/invites`;\n  }\n\n  static userInviteRegenerate(userId: string): string {\n    return `${this.usersBasePath}/${encodeURIComponent(userId)}/invites/regenerate`;\n  }\n\n  static userStatus(userId: string): string {\n    return `${this.usersBasePath}/${encodeURIComponent(userId)}/status`;\n  }\n\n  static runState(runId: string): string {\n    return `${this.runsBasePath}/${encodeURIComponent(runId)}`;\n  }\n\n  static runDetail(runId: string): string {\n    return `${this.runState(runId)}/detail`;\n  }\n\n  static runWorkflowSnapshot(runId: string): string {\n    return `${this.runState(runId)}/workflow-snapshot`;\n  }\n\n  static runNodePin(runId: string, nodeId: string): string {\n    return `${this.runState(runId)}/nodes/${encodeURIComponent(nodeId)}/pin`;\n  }\n\n  static runNode(runId: string, nodeId: string): string {\n    return `${this.runState(runId)}/nodes/${encodeURIComponent(nodeId)}/run`;\n  }\n\n  static runBinaryContent(runId: string, binaryId: string): string {\n    return `${this.runState(runId)}/binary/${encodeURIComponent(binaryId)}/content`;\n  }\n\n  /** Anonymous: consumer logo from `codemation.config.ts` whitelabel.logoPath. */\n  static whitelabelLogo(): string {\n    return `${this.whitelabelBasePath}/logo`;\n  }\n\n  static frontendBootstrap(): string {\n    return `${this.bootstrapBasePath}/frontend`;\n  }\n\n  static internalAuthBootstrap(): string {\n    return `${this.bootstrapBasePath}/auth/internal`;\n  }\n}\n"],"mappings":";;;;AAGA,IAAa,yBAAb,MAAa,uBAAuB;CAClC,OAAwB,eAAe;CAEvC,+BAA+B,KAAwC;AACrE,MAAI,QAAQ,UAAa,QAAQ,KAC/B,QAAO,uBAAuB;AAEhC,MAAI,KAAK,qBAAqB,IAAI,CAChC,QAAO,uBAAuB;EAEhC,MAAM,UAAU,IAAI,MAAM;AAC1B,MAAI,QAAQ,WAAW,EACrB,QAAO,uBAAuB;AAEhC,MAAI,CAAC,QAAQ,WAAW,IAAI,CAC1B,QAAO,uBAAuB;AAEhC,MAAI,QAAQ,WAAW,KAAK,CAC1B,QAAO,uBAAuB;AAEhC,MAAI,QAAQ,SAAS,KAAK,CACxB,QAAO,uBAAuB;AAEhC,SAAO;;CAGT,AAAQ,qBAAqB,OAAwB;AACnD,OAAK,IAAI,QAAQ,GAAG,QAAQ,MAAM,QAAQ,SAAS,GAAG;GACpD,MAAM,OAAO,MAAM,WAAW,MAAM;AACpC,OAAI,QAAQ,MAAQ,SAAS,IAC3B,QAAO;;AAGX,SAAO;;;;;;ACpCX,IAAa,WAAb,MAAsB;CACpB,OAAwB,cAAc;CAEtC,OAAwB,oBAAoB,GAAG,KAAK,YAAY;CAEhE,OAAwB,eAAe,GAAG,KAAK,YAAY;CAE3D,OAAwB,sBAAsB,GAAG,KAAK,YAAY;CAElE,OAAwB,iBAAiB,GAAG,KAAK,YAAY;CAE7D,OAAwB,mBAAmB,GAAG,KAAK,YAAY;CAE/D,OAAwB,gBAAgB,GAAG,KAAK,YAAY;CAE5D,OAAwB,oBAAoB,GAAG,KAAK,YAAY;CAEhE,OAAwB,qBAAqB,GAAG,KAAK,YAAY;CAEjE,OAAwB,oBAAoB,GAAG,KAAK,YAAY;CAEhE,OAAwB,eAAe,GAAG,KAAK,YAAY;CAE3D,OAAwB,sBAAsB,GAAG,KAAK,YAAY;CAElE,OAAO,cAAsB;AAC3B,SAAO,KAAK;;CAGd,OAAO,WAAW,MAAsB;AACtC,SAAO,GAAG,KAAK,oBAAoB,GAAG,mBAAmB,KAAK;;CAGhE,OAAO,eAAe,MAAsB;AAC1C,SAAO,GAAG,KAAK,WAAW,KAAK,CAAC;;CAGlC,OAAO,cAAc,MAAc,IAAoB;AACrD,SAAO,GAAG,KAAK,eAAe,KAAK,CAAC,GAAG,mBAAmB,GAAG;;CAG/D,OAAO,kBAA0B;AAC/B,SAAO,GAAG,KAAK,oBAAoB;;CAGrC,OAAO,YAAoB;AACzB,SAAO,KAAK;;CAGd,OAAO,SAAS,YAA4B;AAC1C,SAAO,GAAG,KAAK,kBAAkB,GAAG,mBAAmB,WAAW;;CAGpE,OAAO,mBAAmB,YAA4B;AACpD,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC;;CAGtC,OAAO,aAAa,YAA4B;AAC9C,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC;;CAGtC,OAAO,sBAAsB,YAA4B;AACvD,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC;;;;;;;CAQtC,OAAO,8BAA8B,YAAoB,OAAuC;EAC9F,MAAM,OAAO,GAAG,KAAK,SAAS,WAAW,CAAC;AAC1C,MAAI,CAAC,SAAS,MAAM,WAAW,EAC7B,QAAO;AAET,SAAO,GAAG,KAAK,SAAS,MAAM,KAAK,MAAM,mBAAmB,EAAE,CAAC,CAAC,KAAK,IAAI;;CAG3E,OAAO,aAAa,gBAAgC;AAClD,SAAO,GAAG,KAAK,YAAY,mBAAmB,mBAAmB,eAAe;;CAGlF,OAAO,uBAAuB,gBAAgC;AAC5D,SAAO,GAAG,KAAK,aAAa,eAAe,CAAC;;CAG9C,OAAO,sBAAsB,gBAAgC;AAC3D,SAAO,GAAG,KAAK,aAAa,eAAe,CAAC;;CAG9C,OAAO,cAAc,OAAuB;AAC1C,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC;;CAGjC,OAAO,yBAAyB,YAA4B;AAC1D,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC;;CAGtC,OAAO,wBAAwB,YAA4B;AACzD,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC;;CAGtC,OAAO,+BAA+B,YAA4B;AAChE,SAAO,GAAG,KAAK,wBAAwB,WAAW,CAAC;;CAGrD,OAAO,oCAAoC,YAA4B;AACrE,SAAO,GAAG,KAAK,wBAAwB,WAAW,CAAC;;CAGrD,OAAO,6BAA6B,YAAoB,UAA0B;AAChF,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC,2BAA2B,mBAAmB,SAAS,CAAC;;CAG9F,OAAO,OAAe;AACpB,SAAO,KAAK;;CAGd,OAAO,MAAc;AACnB,SAAO,KAAK,MAAM;;CAGpB,OAAO,kBAA0B;AAC/B,SAAO,GAAG,KAAK,oBAAoB;;CAGrC,OAAO,uBAA+B;AACpC,SAAO,GAAG,KAAK,oBAAoB;;CAGrC,OAAO,sBAA8B;AACnC,SAAO,GAAG,KAAK,oBAAoB;;CAGrC,OAAO,mBAAmB,YAAoB,aAA+B;EAC3E,MAAM,OAAO,GAAG,KAAK,qBAAqB,CAAC,GAAG,mBAAmB,WAAW;AAC5E,SAAO,cAAc,GAAG,KAAK,kBAAkB;;CAGjD,OAAO,uBAAuB,YAA4B;AACxD,SAAO,GAAG,KAAK,mBAAmB,WAAW,CAAC;;CAGhD,OAAO,qBAA6B;AAClC,SAAO,GAAG,KAAK,YAAY;;CAG7B,OAAO,oBAA4B;AACjC,SAAO,GAAG,KAAK,eAAe;;CAGhC,OAAO,iBAAiB,YAA4B;AAClD,SAAO,GAAG,KAAK,eAAe,yBAAyB,mBAAmB,WAAW;;CAGvF,OAAO,uBAA+B;AACpC,SAAO,GAAG,KAAK,oBAAoB;;CAGrC,OAAO,oBAA4B;AACjC,SAAO,GAAG,KAAK,kBAAkB;;;CAInC,OAAO,mBAA2B;AAChC,SAAO,GAAG,KAAK,YAAY;;;CAI7B,OAAO,mBAA2B;AAChC,SAAO,GAAG,KAAK,YAAY;;CAG7B,OAAO,WAAmB;AACxB,SAAO,KAAK;;CAGd,OAAO,QAAgB;AACrB,SAAO,KAAK;;CAGd,OAAO,4BAAoC;AACzC,SAAO,GAAG,KAAK,kBAAkB;;CAGnC,OAAO,+BAAuC;AAC5C,SAAO,GAAG,KAAK,kBAAkB;;CAGnC,OAAO,+BAAuC;AAC5C,SAAO,GAAG,KAAK,kBAAkB;;CAGnC,OAAO,yBAAiC;AACtC,SAAO,GAAG,KAAK,kBAAkB;;CAGnC,OAAO,kBAAkB,OAAuB;AAC9C,SAAO,GAAG,KAAK,kBAAkB,QAAQ,MAAM;;CAGjD,OAAO,cAAsB;AAC3B,SAAO,GAAG,KAAK,aAAa;;CAG9B,OAAO,YAAoB;AACzB,SAAO,GAAG,KAAK,aAAa;;CAG9B,OAAO,aAAqB;AAC1B,SAAO,GAAG,KAAK,aAAa;;CAG9B,OAAO,eAAe,YAAoB,aAA8B;EACtE,MAAM,OAAO,GAAG,KAAK,aAAa,SAAS,mBAAmB,WAAW,CAAC;AAC1E,MAAI,CAAC,YACH,QAAO;AAET,SAAO,GAAG,KAAK,eAAe,mBAAmB,YAAY;;CAG/D,OAAO,kBAAkB,YAA4B;AACnD,SAAO,GAAG,KAAK,aAAa,SAAS,mBAAmB,WAAW,CAAC;;CAGtE,OAAO,mBAA2B;AAChC,SAAO,GAAG,KAAK,cAAc;;CAG/B,OAAO,mBAA2B;AAChC,SAAO,GAAG,KAAK,cAAc;;CAG/B,OAAO,cAAsB;AAC3B,SAAO,GAAG,KAAK,cAAc;;CAG/B,OAAO,qBAAqB,QAAwB;AAClD,SAAO,GAAG,KAAK,cAAc,GAAG,mBAAmB,OAAO,CAAC;;CAG7D,OAAO,WAAW,QAAwB;AACxC,SAAO,GAAG,KAAK,cAAc,GAAG,mBAAmB,OAAO,CAAC;;CAG7D,OAAO,SAAS,OAAuB;AACrC,SAAO,GAAG,KAAK,aAAa,GAAG,mBAAmB,MAAM;;CAG1D,OAAO,UAAU,OAAuB;AACtC,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC;;CAGjC,OAAO,oBAAoB,OAAuB;AAChD,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC;;CAGjC,OAAO,WAAW,OAAe,QAAwB;AACvD,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC,SAAS,mBAAmB,OAAO,CAAC;;CAGrE,OAAO,QAAQ,OAAe,QAAwB;AACpD,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC,SAAS,mBAAmB,OAAO,CAAC;;CAGrE,OAAO,iBAAiB,OAAe,UAA0B;AAC/D,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC,UAAU,mBAAmB,SAAS,CAAC;;;CAIxE,OAAO,iBAAyB;AAC9B,SAAO,GAAG,KAAK,mBAAmB;;CAGpC,OAAO,oBAA4B;AACjC,SAAO,GAAG,KAAK,kBAAkB;;CAGnC,OAAO,wBAAgC;AACrC,SAAO,GAAG,KAAK,kBAAkB"}
+{"version":3,"file":"ApiPaths-DCvrlIjg.js","names":[],"sources":["../src/infrastructure/auth/InAppCallbackUrlPolicy.ts","../src/presentation/http/ApiPaths.ts"],"sourcesContent":["/**\n * Restricts post-login navigation targets to same-origin relative paths (no open redirects).\n */\nexport class InAppCallbackUrlPolicy {\n  private static readonly fallbackPath = \"/\";\n\n  resolveSafeRelativeCallbackUrl(raw: string | undefined | null): string {\n    if (raw === undefined || raw === null) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    if (this.containsAsciiControl(raw)) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    const trimmed = raw.trim();\n    if (trimmed.length === 0) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    if (!trimmed.startsWith(\"/\")) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    if (trimmed.startsWith(\"//\")) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    if (trimmed.includes(\"\\\\\")) {\n      return InAppCallbackUrlPolicy.fallbackPath;\n    }\n    return trimmed;\n  }\n\n  private containsAsciiControl(value: string): boolean {\n    for (let index = 0; index < value.length; index += 1) {\n      const code = value.charCodeAt(index);\n      if (code <= 0x1f || code === 0x7f) {\n        return true;\n      }\n    }\n    return false;\n  }\n}\n","export class ApiPaths {\n  private static readonly apiBasePath = \"/api\";\n\n  private static readonly workflowsBasePath = `${this.apiBasePath}/workflows`;\n\n  private static readonly runsBasePath = `${this.apiBasePath}/runs`;\n\n  private static readonly credentialsBasePath = `${this.apiBasePath}/credentials`;\n\n  private static readonly oauth2BasePath = `${this.apiBasePath}/oauth2`;\n\n  private static readonly webhooksBasePath = `${this.apiBasePath}/webhooks`;\n\n  private static readonly usersBasePath = `${this.apiBasePath}/users`;\n\n  private static readonly telemetryBasePath = `${this.apiBasePath}/telemetry`;\n\n  private static readonly whitelabelBasePath = `${this.apiBasePath}/whitelabel`;\n\n  private static readonly bootstrapBasePath = `${this.apiBasePath}/bootstrap`;\n\n  private static readonly authBasePath = `${this.apiBasePath}/auth`;\n\n  private static readonly collectionsBasePath = `${this.apiBasePath}/collections`;\n\n  static collections(): string {\n    return this.collectionsBasePath;\n  }\n\n  static collection(name: string): string {\n    return `${this.collectionsBasePath}/${encodeURIComponent(name)}`;\n  }\n\n  static collectionRows(name: string): string {\n    return `${this.collection(name)}/rows`;\n  }\n\n  static collectionRow(name: string, id: string): string {\n    return `${this.collectionRows(name)}/${encodeURIComponent(id)}`;\n  }\n\n  static syncCollections(): string {\n    return `${this.collectionsBasePath}/sync`;\n  }\n\n  static workflows(): string {\n    return this.workflowsBasePath;\n  }\n\n  static workflow(workflowId: string): string {\n    return `${this.workflowsBasePath}/${encodeURIComponent(workflowId)}`;\n  }\n\n  static workflowActivation(workflowId: string): string {\n    return `${this.workflow(workflowId)}/activation`;\n  }\n\n  static workflowRuns(workflowId: string): string {\n    return `${this.workflow(workflowId)}/runs`;\n  }\n\n  static workflowTestSuiteRuns(workflowId: string): string {\n    return `${this.workflow(workflowId)}/test-suite-runs`;\n  }\n\n  /**\n   * `GET` returns per-assertion-metric trends across the workflow's recent suite runs. With\n   * no `names` arg, every distinct assertion name is returned (so the multi-select can populate);\n   * with `names`, only the requested subset is returned (order preserved).\n   */\n  static workflowAssertionMetricTrends(workflowId: string, names?: ReadonlyArray<string>): string {\n    const base = `${this.workflow(workflowId)}/assertion-metric-trends`;\n    if (!names || names.length === 0) {\n      return base;\n    }\n    return `${base}?names=${names.map((n) => encodeURIComponent(n)).join(\",\")}`;\n  }\n\n  static testSuiteRun(testSuiteRunId: string): string {\n    return `${this.apiBasePath}/test-suite-runs/${encodeURIComponent(testSuiteRunId)}`;\n  }\n\n  static testSuiteRunAssertions(testSuiteRunId: string): string {\n    return `${this.testSuiteRun(testSuiteRunId)}/assertions`;\n  }\n\n  static testSuiteRunChildRuns(testSuiteRunId: string): string {\n    return `${this.testSuiteRun(testSuiteRunId)}/runs`;\n  }\n\n  static runAssertions(runId: string): string {\n    return `${this.runState(runId)}/assertions`;\n  }\n\n  static workflowCredentialHealth(workflowId: string): string {\n    return `${this.workflow(workflowId)}/credential-health`;\n  }\n\n  static workflowDebuggerOverlay(workflowId: string): string {\n    return `${this.workflow(workflowId)}/debugger-overlay`;\n  }\n\n  static workflowDebuggerOverlayCopyRun(workflowId: string): string {\n    return `${this.workflowDebuggerOverlay(workflowId)}/copy-run`;\n  }\n\n  static workflowDebuggerOverlayBinaryUpload(workflowId: string): string {\n    return `${this.workflowDebuggerOverlay(workflowId)}/binary/upload`;\n  }\n\n  static workflowOverlayBinaryContent(workflowId: string, binaryId: string): string {\n    return `${this.workflow(workflowId)}/debugger-overlay/binary/${encodeURIComponent(binaryId)}/content`;\n  }\n\n  static runs(): string {\n    return this.runsBasePath;\n  }\n\n  static run(): string {\n    return this.runs();\n  }\n\n  static credentialTypes(): string {\n    return `${this.credentialsBasePath}/types`;\n  }\n\n  static credentialsEnvStatus(): string {\n    return `${this.credentialsBasePath}/env-status`;\n  }\n\n  static credentialInstances(): string {\n    return `${this.credentialsBasePath}/instances`;\n  }\n\n  static credentialApps(): string {\n    return `${this.credentialsBasePath}/apps`;\n  }\n\n  static credentialInstance(instanceId: string, withSecrets?: boolean): string {\n    const base = `${this.credentialInstances()}/${encodeURIComponent(instanceId)}`;\n    return withSecrets ? `${base}?withSecrets=1` : base;\n  }\n\n  static credentialInstanceTest(instanceId: string): string {\n    return `${this.credentialInstance(instanceId)}/test`;\n  }\n\n  static credentialBindings(): string {\n    return `${this.apiBasePath}/credential-bindings`;\n  }\n\n  static oauth2RedirectUri(): string {\n    return `${this.oauth2BasePath}/redirect-uri`;\n  }\n\n  static oauth2Disconnect(instanceId: string): string {\n    return `${this.oauth2BasePath}/disconnect?instanceId=${encodeURIComponent(instanceId)}`;\n  }\n\n  static credentialOAuthStart(): string {\n    return `${this.credentialsBasePath}/oauth/start`;\n  }\n\n  static workflowWebsocket(): string {\n    return `${this.workflowsBasePath}/ws`;\n  }\n\n  /** Dev gateway: stable browser WebSocket for build lifecycle (CLI → gateway → browser). */\n  static devGatewaySocket(): string {\n    return `${this.apiBasePath}/dev/socket`;\n  }\n\n  /** Dev gateway: HTTP notify endpoint used by the Codemation CLI during consumer rebuilds. */\n  static devGatewayNotify(): string {\n    return `${this.apiBasePath}/dev/notify`;\n  }\n\n  static webhooks(): string {\n    return this.webhooksBasePath;\n  }\n\n  static users(): string {\n    return this.usersBasePath;\n  }\n\n  static telemetryDashboardSummary(): string {\n    return `${this.telemetryBasePath}/dashboard/summary`;\n  }\n\n  static telemetryDashboardTimeseries(): string {\n    return `${this.telemetryBasePath}/dashboard/timeseries`;\n  }\n\n  static telemetryDashboardDimensions(): string {\n    return `${this.telemetryBasePath}/dashboard/dimensions`;\n  }\n\n  static telemetryDashboardRuns(): string {\n    return `${this.telemetryBasePath}/dashboard/runs`;\n  }\n\n  static telemetryRunTrace(runId: string): string {\n    return `${this.telemetryBasePath}/runs/${runId}/trace`;\n  }\n\n  static authSession(): string {\n    return `${this.authBasePath}/session`;\n  }\n\n  static authLogin(): string {\n    return `${this.authBasePath}/login`;\n  }\n\n  static authLogout(): string {\n    return `${this.authBasePath}/logout`;\n  }\n\n  static authOAuthStart(providerId: string, callbackUrl?: string): string {\n    const base = `${this.authBasePath}/oauth/${encodeURIComponent(providerId)}/start`;\n    if (!callbackUrl) {\n      return base;\n    }\n    return `${base}?callbackUrl=${encodeURIComponent(callbackUrl)}`;\n  }\n\n  static authOAuthCallback(providerId: string): string {\n    return `${this.authBasePath}/oauth/${encodeURIComponent(providerId)}/callback`;\n  }\n\n  static userInviteVerify(): string {\n    return `${this.usersBasePath}/invites/verify`;\n  }\n\n  static userInviteAccept(): string {\n    return `${this.usersBasePath}/invites/accept`;\n  }\n\n  static userInvites(): string {\n    return `${this.usersBasePath}/invites`;\n  }\n\n  static userInviteRegenerate(userId: string): string {\n    return `${this.usersBasePath}/${encodeURIComponent(userId)}/invites/regenerate`;\n  }\n\n  static userStatus(userId: string): string {\n    return `${this.usersBasePath}/${encodeURIComponent(userId)}/status`;\n  }\n\n  static runState(runId: string): string {\n    return `${this.runsBasePath}/${encodeURIComponent(runId)}`;\n  }\n\n  static runDetail(runId: string): string {\n    return `${this.runState(runId)}/detail`;\n  }\n\n  static runWorkflowSnapshot(runId: string): string {\n    return `${this.runState(runId)}/workflow-snapshot`;\n  }\n\n  static runNodePin(runId: string, nodeId: string): string {\n    return `${this.runState(runId)}/nodes/${encodeURIComponent(nodeId)}/pin`;\n  }\n\n  static runNode(runId: string, nodeId: string): string {\n    return `${this.runState(runId)}/nodes/${encodeURIComponent(nodeId)}/run`;\n  }\n\n  static runBinaryContent(runId: string, binaryId: string): string {\n    return `${this.runState(runId)}/binary/${encodeURIComponent(binaryId)}/content`;\n  }\n\n  /** Anonymous: consumer logo from `codemation.config.ts` whitelabel.logoPath. */\n  static whitelabelLogo(): string {\n    return `${this.whitelabelBasePath}/logo`;\n  }\n\n  static frontendBootstrap(): string {\n    return `${this.bootstrapBasePath}/frontend`;\n  }\n\n  static internalAuthBootstrap(): string {\n    return `${this.bootstrapBasePath}/auth/internal`;\n  }\n\n  /** Token-authenticated: resume a suspended HITL task. */\n  static hitlTaskResume(taskId: string): string {\n    return `${this.apiBasePath}/hitl/tasks/${encodeURIComponent(taskId)}/resume`;\n  }\n\n  /** Session-authenticated: record a decision on a suspended HITL task. */\n  static hitlTaskDecide(taskId: string): string {\n    return `${this.apiBasePath}/hitl/tasks/${encodeURIComponent(taskId)}/decide`;\n  }\n}\n"],"mappings":";;;;AAGA,IAAa,yBAAb,MAAa,uBAAuB;CAClC,OAAwB,eAAe;CAEvC,+BAA+B,KAAwC;AACrE,MAAI,QAAQ,UAAa,QAAQ,KAC/B,QAAO,uBAAuB;AAEhC,MAAI,KAAK,qBAAqB,IAAI,CAChC,QAAO,uBAAuB;EAEhC,MAAM,UAAU,IAAI,MAAM;AAC1B,MAAI,QAAQ,WAAW,EACrB,QAAO,uBAAuB;AAEhC,MAAI,CAAC,QAAQ,WAAW,IAAI,CAC1B,QAAO,uBAAuB;AAEhC,MAAI,QAAQ,WAAW,KAAK,CAC1B,QAAO,uBAAuB;AAEhC,MAAI,QAAQ,SAAS,KAAK,CACxB,QAAO,uBAAuB;AAEhC,SAAO;;CAGT,AAAQ,qBAAqB,OAAwB;AACnD,OAAK,IAAI,QAAQ,GAAG,QAAQ,MAAM,QAAQ,SAAS,GAAG;GACpD,MAAM,OAAO,MAAM,WAAW,MAAM;AACpC,OAAI,QAAQ,MAAQ,SAAS,IAC3B,QAAO;;AAGX,SAAO;;;;;;ACpCX,IAAa,WAAb,MAAsB;CACpB,OAAwB,cAAc;CAEtC,OAAwB,oBAAoB,GAAG,KAAK,YAAY;CAEhE,OAAwB,eAAe,GAAG,KAAK,YAAY;CAE3D,OAAwB,sBAAsB,GAAG,KAAK,YAAY;CAElE,OAAwB,iBAAiB,GAAG,KAAK,YAAY;CAE7D,OAAwB,mBAAmB,GAAG,KAAK,YAAY;CAE/D,OAAwB,gBAAgB,GAAG,KAAK,YAAY;CAE5D,OAAwB,oBAAoB,GAAG,KAAK,YAAY;CAEhE,OAAwB,qBAAqB,GAAG,KAAK,YAAY;CAEjE,OAAwB,oBAAoB,GAAG,KAAK,YAAY;CAEhE,OAAwB,eAAe,GAAG,KAAK,YAAY;CAE3D,OAAwB,sBAAsB,GAAG,KAAK,YAAY;CAElE,OAAO,cAAsB;AAC3B,SAAO,KAAK;;CAGd,OAAO,WAAW,MAAsB;AACtC,SAAO,GAAG,KAAK,oBAAoB,GAAG,mBAAmB,KAAK;;CAGhE,OAAO,eAAe,MAAsB;AAC1C,SAAO,GAAG,KAAK,WAAW,KAAK,CAAC;;CAGlC,OAAO,cAAc,MAAc,IAAoB;AACrD,SAAO,GAAG,KAAK,eAAe,KAAK,CAAC,GAAG,mBAAmB,GAAG;;CAG/D,OAAO,kBAA0B;AAC/B,SAAO,GAAG,KAAK,oBAAoB;;CAGrC,OAAO,YAAoB;AACzB,SAAO,KAAK;;CAGd,OAAO,SAAS,YAA4B;AAC1C,SAAO,GAAG,KAAK,kBAAkB,GAAG,mBAAmB,WAAW;;CAGpE,OAAO,mBAAmB,YAA4B;AACpD,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC;;CAGtC,OAAO,aAAa,YAA4B;AAC9C,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC;;CAGtC,OAAO,sBAAsB,YAA4B;AACvD,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC;;;;;;;CAQtC,OAAO,8BAA8B,YAAoB,OAAuC;EAC9F,MAAM,OAAO,GAAG,KAAK,SAAS,WAAW,CAAC;AAC1C,MAAI,CAAC,SAAS,MAAM,WAAW,EAC7B,QAAO;AAET,SAAO,GAAG,KAAK,SAAS,MAAM,KAAK,MAAM,mBAAmB,EAAE,CAAC,CAAC,KAAK,IAAI;;CAG3E,OAAO,aAAa,gBAAgC;AAClD,SAAO,GAAG,KAAK,YAAY,mBAAmB,mBAAmB,eAAe;;CAGlF,OAAO,uBAAuB,gBAAgC;AAC5D,SAAO,GAAG,KAAK,aAAa,eAAe,CAAC;;CAG9C,OAAO,sBAAsB,gBAAgC;AAC3D,SAAO,GAAG,KAAK,aAAa,eAAe,CAAC;;CAG9C,OAAO,cAAc,OAAuB;AAC1C,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC;;CAGjC,OAAO,yBAAyB,YAA4B;AAC1D,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC;;CAGtC,OAAO,wBAAwB,YAA4B;AACzD,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC;;CAGtC,OAAO,+BAA+B,YAA4B;AAChE,SAAO,GAAG,KAAK,wBAAwB,WAAW,CAAC;;CAGrD,OAAO,oCAAoC,YAA4B;AACrE,SAAO,GAAG,KAAK,wBAAwB,WAAW,CAAC;;CAGrD,OAAO,6BAA6B,YAAoB,UAA0B;AAChF,SAAO,GAAG,KAAK,SAAS,WAAW,CAAC,2BAA2B,mBAAmB,SAAS,CAAC;;CAG9F,OAAO,OAAe;AACpB,SAAO,KAAK;;CAGd,OAAO,MAAc;AACnB,SAAO,KAAK,MAAM;;CAGpB,OAAO,kBAA0B;AAC/B,SAAO,GAAG,KAAK,oBAAoB;;CAGrC,OAAO,uBAA+B;AACpC,SAAO,GAAG,KAAK,oBAAoB;;CAGrC,OAAO,sBAA8B;AACnC,SAAO,GAAG,KAAK,oBAAoB;;CAGrC,OAAO,iBAAyB;AAC9B,SAAO,GAAG,KAAK,oBAAoB;;CAGrC,OAAO,mBAAmB,YAAoB,aAA+B;EAC3E,MAAM,OAAO,GAAG,KAAK,qBAAqB,CAAC,GAAG,mBAAmB,WAAW;AAC5E,SAAO,cAAc,GAAG,KAAK,kBAAkB;;CAGjD,OAAO,uBAAuB,YAA4B;AACxD,SAAO,GAAG,KAAK,mBAAmB,WAAW,CAAC;;CAGhD,OAAO,qBAA6B;AAClC,SAAO,GAAG,KAAK,YAAY;;CAG7B,OAAO,oBAA4B;AACjC,SAAO,GAAG,KAAK,eAAe;;CAGhC,OAAO,iBAAiB,YAA4B;AAClD,SAAO,GAAG,KAAK,eAAe,yBAAyB,mBAAmB,WAAW;;CAGvF,OAAO,uBAA+B;AACpC,SAAO,GAAG,KAAK,oBAAoB;;CAGrC,OAAO,oBAA4B;AACjC,SAAO,GAAG,KAAK,kBAAkB;;;CAInC,OAAO,mBAA2B;AAChC,SAAO,GAAG,KAAK,YAAY;;;CAI7B,OAAO,mBAA2B;AAChC,SAAO,GAAG,KAAK,YAAY;;CAG7B,OAAO,WAAmB;AACxB,SAAO,KAAK;;CAGd,OAAO,QAAgB;AACrB,SAAO,KAAK;;CAGd,OAAO,4BAAoC;AACzC,SAAO,GAAG,KAAK,kBAAkB;;CAGnC,OAAO,+BAAuC;AAC5C,SAAO,GAAG,KAAK,kBAAkB;;CAGnC,OAAO,+BAAuC;AAC5C,SAAO,GAAG,KAAK,kBAAkB;;CAGnC,OAAO,yBAAiC;AACtC,SAAO,GAAG,KAAK,kBAAkB;;CAGnC,OAAO,kBAAkB,OAAuB;AAC9C,SAAO,GAAG,KAAK,kBAAkB,QAAQ,MAAM;;CAGjD,OAAO,cAAsB;AAC3B,SAAO,GAAG,KAAK,aAAa;;CAG9B,OAAO,YAAoB;AACzB,SAAO,GAAG,KAAK,aAAa;;CAG9B,OAAO,aAAqB;AAC1B,SAAO,GAAG,KAAK,aAAa;;CAG9B,OAAO,eAAe,YAAoB,aAA8B;EACtE,MAAM,OAAO,GAAG,KAAK,aAAa,SAAS,mBAAmB,WAAW,CAAC;AAC1E,MAAI,CAAC,YACH,QAAO;AAET,SAAO,GAAG,KAAK,eAAe,mBAAmB,YAAY;;CAG/D,OAAO,kBAAkB,YAA4B;AACnD,SAAO,GAAG,KAAK,aAAa,SAAS,mBAAmB,WAAW,CAAC;;CAGtE,OAAO,mBAA2B;AAChC,SAAO,GAAG,KAAK,cAAc;;CAG/B,OAAO,mBAA2B;AAChC,SAAO,GAAG,KAAK,cAAc;;CAG/B,OAAO,cAAsB;AAC3B,SAAO,GAAG,KAAK,cAAc;;CAG/B,OAAO,qBAAqB,QAAwB;AAClD,SAAO,GAAG,KAAK,cAAc,GAAG,mBAAmB,OAAO,CAAC;;CAG7D,OAAO,WAAW,QAAwB;AACxC,SAAO,GAAG,KAAK,cAAc,GAAG,mBAAmB,OAAO,CAAC;;CAG7D,OAAO,SAAS,OAAuB;AACrC,SAAO,GAAG,KAAK,aAAa,GAAG,mBAAmB,MAAM;;CAG1D,OAAO,UAAU,OAAuB;AACtC,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC;;CAGjC,OAAO,oBAAoB,OAAuB;AAChD,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC;;CAGjC,OAAO,WAAW,OAAe,QAAwB;AACvD,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC,SAAS,mBAAmB,OAAO,CAAC;;CAGrE,OAAO,QAAQ,OAAe,QAAwB;AACpD,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC,SAAS,mBAAmB,OAAO,CAAC;;CAGrE,OAAO,iBAAiB,OAAe,UAA0B;AAC/D,SAAO,GAAG,KAAK,SAAS,MAAM,CAAC,UAAU,mBAAmB,SAAS,CAAC;;;CAIxE,OAAO,iBAAyB;AAC9B,SAAO,GAAG,KAAK,mBAAmB;;CAGpC,OAAO,oBAA4B;AACjC,SAAO,GAAG,KAAK,kBAAkB;;CAGnC,OAAO,wBAAgC;AACrC,SAAO,GAAG,KAAK,kBAAkB;;;CAInC,OAAO,eAAe,QAAwB;AAC5C,SAAO,GAAG,KAAK,YAAY,cAAc,mBAAmB,OAAO,CAAC;;;CAItE,OAAO,eAAe,QAAwB;AAC5C,SAAO,GAAG,KAAK,YAAY,cAAc,mBAAmB,OAAO,CAAC"}