@commandable/mcp-core 0.2.0

package/dist/integrations/proxy.js

@@ -0,0 +1,377 @@
+import { Buffer } from 'node:buffer';
+import { HttpError } from '../errors/httpError.js';
+import { PROVIDERS } from './providerRegistry.js';
+import { getBuiltInIntegrationTypeConfig } from './fileIntegrationTypeConfigStore.js';
+import { getGoogleAccessToken } from './googleServiceAccount.js';
+function getErrorHint(status, provider, bodyText) {
+    const isGoogle = provider.startsWith('google-');
+    if (status === 401) {
+        if (isGoogle)
+            return 'Authentication failed. Check that the credential token is valid and not expired. For service accounts, verify the service account has been granted access to the resource.';
+        return 'Authentication failed. Check that the credential is valid and not expired.';
+    }
+    if (status === 403) {
+        if (isGoogle)
+            return 'Permission denied. The credential does not have sufficient scopes or access to this resource. Ensure the required API scopes are enabled and the service account has been shared access to the resource.';
+        return 'Permission denied. The credential does not have sufficient scopes or access to this resource.';
+    }
+    if (status === 404) {
+        if (isGoogle)
+            return 'Resource not found. The ID may be invalid or the resource may have been deleted. Use the appropriate list or search tool to find valid IDs. For Google Drive, ensure the service account has been granted access to the file or folder.';
+        return 'Resource not found. Verify the ID is correct and the resource exists.';
+    }
+    if (status === 409)
+        return 'Conflict. The resource already exists or there is a version conflict. Try fetching the current state before retrying.';
+    if (status === 429)
+        return 'Rate limit exceeded. The API quota has been reached. Wait a moment before retrying the request.';
+    if (status === 400) {
+        if (bodyText.includes('invalidQuery') || bodyText.includes('Invalid query'))
+            return 'Invalid query syntax. Check the query parameter format for this API.';
+        if (bodyText.includes('Invalid value') || bodyText.includes('invalid value'))
+            return 'A parameter value is invalid. Check enum values, required fields, and data formats (e.g. RFC3339 for dates).';
+        if (bodyText.includes('required'))
+            return 'A required parameter is missing. Check that all required fields are provided.';
+        return 'Bad request. Check that all required parameters are provided, values are in the correct format, and the request body matches the expected schema.';
+    }
+    if (status === 500 || status === 503)
+        return 'The upstream API returned a server error. This is likely a temporary issue -- retry the request after a short delay.';
+    return '';
+}
+function buildCredentialUrl(integrationId) {
+    const portRaw = process.env.COMMANDABLE_UI_PORT;
+    const port = portRaw && /^\d+$/.test(portRaw) ? Number(portRaw) : 23432;
+    return `http://127.0.0.1:${port}/integrations/${encodeURIComponent(integrationId)}`;
+}
+export class IntegrationProxy {
+    opts;
+    constructor(opts = {}) {
+        this.opts = opts;
+    }
+    async call(integration, path, init = {}) {
+        const { type: provider, connectionId } = integration;
+        if (!provider || !path)
+            throw new HttpError(400, 'provider and path are required.');
+        const joinWithoutDuplicateSegments = (baseUrl, rawPath) => {
+            let pathOnly = rawPath || '';
+            let queryPart = '';
+            const qIndex = pathOnly.indexOf('?');
+            if (qIndex >= 0) {
+                queryPart = pathOnly.slice(qIndex + 1);
+                pathOnly = pathOnly.slice(0, qIndex);
+            }
+            try {
+                const base = new URL(baseUrl);
+                const baseSegs = base.pathname.split('/').filter(Boolean);
+                const pathSegs = (pathOnly || '/').split('/').filter(Boolean);
+                let overlap = 0;
+                const maxK = Math.min(baseSegs.length, pathSegs.length);
+                for (let k = maxK; k >= 1; k--) {
+                    let ok = true;
+                    for (let i = 0; i < k; i++) {
+                        if (baseSegs[baseSegs.length - k + i] !== pathSegs[i]) {
+                            ok = false;
+                            break;
+                        }
+                    }
+                    if (ok) {
+                        overlap = k;
+                        break;
+                    }
+                }
+                const normalizedPath = `/${[...baseSegs, ...pathSegs.slice(overlap)].join('/')}`;
+                const baseOrigin = base.origin;
+                const urlNoQuery = `${baseOrigin}${normalizedPath}`;
+                return queryPart ? `${urlNoQuery}?${queryPart}` : urlNoQuery;
+            }
+            catch {
+                const cleanedBase = baseUrl.replace(/\/+$/, '');
+                const cleanedPath = (`/${(pathOnly || '').replace(/^\/+/, '')}`);
+                const baseParts = cleanedBase.split('/').filter(Boolean);
+                const pathParts = cleanedPath.split('/').filter(Boolean);
+                let overlap = 0;
+                const maxK = Math.min(baseParts.length, pathParts.length);
+                for (let k = maxK; k >= 1; k--) {
+                    let ok = true;
+                    for (let i = 0; i < k; i++) {
+                        if (baseParts[baseParts.length - k + i] !== pathParts[i]) {
+                            ok = false;
+                            break;
+                        }
+                    }
+                    if (ok) {
+                        overlap = k;
+                        break;
+                    }
+                }
+                const joined = `/${[...baseParts, ...pathParts.slice(overlap)].join('/')}`;
+                return queryPart ? `${joined}?${queryPart}` : joined;
+            }
+        };
+        const usesCredentials = integration.connectionMethod === 'credentials';
+        if (usesCredentials) {
+            if (!this.opts.credentialStore)
+                throw new HttpError(500, 'Credential storage is not configured.');
+            const spaceId = integration.spaceId;
+            if (!spaceId)
+                throw new HttpError(400, 'spaceId is required for credentials-based integrations.');
+            const credentialId = integration.credentialId;
+            if (!credentialId)
+                throw new HttpError(400, 'credentialId is required for credentials-based integrations.');
+            // Resolve integration type config — file-backed built-ins first, then in-memory DB cache.
+            const fileTypeCfg = getBuiltInIntegrationTypeConfig(provider);
+            const typeCfg = fileTypeCfg
+                ?? (this.opts.integrationTypeConfigsRef?.current.find(c => c.spaceId === spaceId && c.typeSlug === provider) ?? null);
+            if (!typeCfg)
+                throw new HttpError(501, `Provider '${provider}' does not support credentials-based auth yet.`);
+            const variantKey = integration.credentialVariant || typeCfg.defaultVariant;
+            const variant = typeCfg.variants[variantKey]
+                ?? typeCfg.variants[typeCfg.defaultVariant];
+            if (!variant)
+                throw new HttpError(501, `Variant '${variantKey}' not found for provider '${provider}'.`);
+            const creds = await this.opts.credentialStore.getCredentials(spaceId, credentialId);
+            if (!creds) {
+                const credentialUrl = buildCredentialUrl(integration.id);
+                throw new HttpError(400, `No credentials are configured for this integration. Open ${credentialUrl} to configure them.`, {
+                    reason: 'missing_credentials',
+                    credential_url: credentialUrl,
+                });
+            }
+            const resolveTemplate = (template) => {
+                return String(template).replace(/\{\{\s*([^}]+?)\s*\}\}/g, (_m, expr) => {
+                    const trimmed = expr.trim();
+                    // base64(...) transform: supports field refs and string literals joined with +
+                    // e.g. {{base64(email + ":" + apiToken)}}
+                    const base64Match = trimmed.match(/^base64\((.+)\)$/);
+                    if (base64Match) {
+                        const base64Expr = base64Match[1];
+                        if (base64Expr === undefined)
+                            throw new HttpError(400, `Invalid base64 template expression '${trimmed}'.`);
+                        const parts = base64Expr.split(/\s*\+\s*/);
+                        const resolved = parts.map(part => {
+                            const p = part.trim();
+                            if ((p.startsWith('"') && p.endsWith('"')) || (p.startsWith("'") && p.endsWith("'")))
+                                return p.slice(1, -1);
+                            const v = creds[p];
+                            if (v === undefined || v === null)
+                                throw new HttpError(400, `Missing credential field '${p}'.`);
+                            return String(v);
+                        }).join('');
+                        return Buffer.from(resolved).toString('base64');
+                    }
+                    // Simple field reference
+                    const v = creds[trimmed];
+                    if (v === undefined || v === null)
+                        throw new HttpError(400, `Missing credential field '${trimmed}'.`);
+                    return String(v);
+                });
+            };
+            // Resolve base URL: template takes priority over fixed URL, then PROVIDERS registry fallback.
+            const baseUrl = (() => {
+                if (variant.baseUrlTemplate)
+                    return resolveTemplate(variant.baseUrlTemplate);
+                if (variant.baseUrl)
+                    return variant.baseUrl;
+                // Fallback: PROVIDERS registry (used by built-ins that derive URL from provider config).
+                const providerCfg = PROVIDERS[provider];
+                if (providerCfg) {
+                    return typeof providerCfg.baseUrl === 'function'
+                        ? providerCfg.baseUrl(integration, creds, variant)
+                        : providerCfg.baseUrl;
+                }
+                throw new HttpError(501, `No base URL configured for provider '${provider}'.`);
+            })();
+            const typeConfig = { baseUrl, auth: variant.auth, preprocess: variant.preprocess ?? null };
+            // Preprocess steps (e.g. service account token exchange, Basic Auth encoding).
+            if (typeConfig.preprocess === 'google_service_account') {
+                const serviceAccountJson = creds.serviceAccountJson;
+                if (!serviceAccountJson)
+                    throw new HttpError(400, `Integration '${provider}' requires a 'serviceAccountJson' credential for the service_account variant.`);
+                const subject = typeof creds.subject === 'string' ? creds.subject : undefined;
+                const rawScopes = creds.scopes;
+                const scopesFromCreds = Array.isArray(rawScopes)
+                    ? rawScopes.map((s) => String(s)).filter(Boolean)
+                    : (typeof rawScopes === 'string'
+                        ? rawScopes.split(/[,\s]+/g).map(s => s.trim()).filter(Boolean)
+                        : []);
+                const defaultScopes = {
+                    'google-sheet': ['https://www.googleapis.com/auth/spreadsheets'],
+                    'google-docs': ['https://www.googleapis.com/auth/documents', 'https://www.googleapis.com/auth/drive'],
+                    'google-slides': ['https://www.googleapis.com/auth/presentations', 'https://www.googleapis.com/auth/drive'],
+                    'google-calendar': ['https://www.googleapis.com/auth/calendar'],
+                    'google-drive': ['https://www.googleapis.com/auth/drive'],
+                    'google-gmail': ['https://mail.google.com/'],
+                };
+                const scopes = scopesFromCreds.length ? scopesFromCreds : (defaultScopes[provider] || []);
+                if (!scopes.length)
+                    throw new HttpError(400, `Missing OAuth scopes for Google integration '${provider}'.`);
+                const token = await getGoogleAccessToken({ serviceAccountJson, scopes, subject });
+                creds.token = token;
+            }
+            const resolvedHeaders = {};
+            const resolvedQuery = new URLSearchParams();
+            if (typeConfig.auth.kind === 'basic') {
+                const username = creds[typeConfig.auth.usernameField];
+                const password = creds[typeConfig.auth.passwordField];
+                if (username == null || password == null) {
+                    throw new HttpError(400, `Missing credential fields for basic auth: '${typeConfig.auth.usernameField}' and/or '${typeConfig.auth.passwordField}'.`);
+                }
+                const token = Buffer.from(`${username}:${password}`).toString('base64');
+                resolvedHeaders.Authorization = `Basic ${token}`;
+            }
+            else {
+                for (const [k, v] of Object.entries(typeConfig.auth.injection?.headers || {}))
+                    resolvedHeaders[k] = resolveTemplate(v);
+                for (const [k, v] of Object.entries(typeConfig.auth.injection?.query || {}))
+                    resolvedQuery.set(k, resolveTemplate(v));
+            }
+            let finalUrl = joinWithoutDuplicateSegments(typeConfig.baseUrl, path);
+            const queryString = resolvedQuery.toString();
+            if (queryString)
+                finalUrl = finalUrl + (finalUrl.includes('?') ? '&' : '?') + queryString;
+            const preparedInit = { ...init };
+            if (preparedInit.body !== undefined && typeof preparedInit.body !== 'string') {
+                preparedInit.body = JSON.stringify(preparedInit.body);
+                preparedInit.headers = {
+                    'Content-Type': 'application/json',
+                    ...preparedInit.headers,
+                };
+            }
+            const redact = (s) => {
+                let out = s;
+                for (const val of Object.values(creds)) {
+                    if (typeof val === 'string' && val.length)
+                        out = out.split(val).join('***');
+                }
+                return out;
+            };
+            const response = await fetch(finalUrl, {
+                ...preparedInit,
+                method: preparedInit.method || 'GET',
+                headers: {
+                    ...preparedInit.headers,
+                    ...resolvedHeaders,
+                },
+            });
+            if (!response.ok) {
+                const contentType = response.headers.get('content-type') || '';
+                let bodyText = '';
+                try {
+                    bodyText = contentType.includes('json') ? JSON.stringify(await response.json()) : await response.text();
+                }
+                catch { }
+                const hint = getErrorHint(response.status, provider, bodyText);
+                const hintSuffix = hint ? ` ${hint}` : '';
+                const credentialUrl = buildCredentialUrl(integration.id);
+                const hintWithUrl = response.status === 401
+                    ? `${hint} Open ${credentialUrl} to reconfigure.`
+                    : hint;
+                const hintWithUrlSuffix = hintWithUrl ? ` ${hintWithUrl}` : '';
+                throw new HttpError(response.status, `Failed to proxy request to ${provider} (${response.status})${bodyText ? `: ${bodyText.slice(0, 500)}` : ''}.${response.status === 401 ? hintWithUrlSuffix : hintSuffix}`, {
+                    status: response.status,
+                    url: redact(finalUrl),
+                    contentType,
+                    body: bodyText?.slice(0, 4000),
+                    ...(response.status === 401 ? { reason: 'invalid_credentials', credential_url: credentialUrl } : {}),
+                });
+            }
+            return response;
+        }
+        // Managed OAuth branch: used by hosted deployments / CI.
+        if (!connectionId)
+            throw new HttpError(400, 'connectionId is required.');
+        if (!this.opts.managedOAuthBaseUrl || !this.opts.managedOAuthSecretKey)
+            throw new HttpError(501, 'Managed OAuth is not configured for this server.');
+        let managedConnection;
+        try {
+            const managedUrl = `${this.opts.managedOAuthBaseUrl}/connection/${encodeURIComponent(connectionId)}?provider_config_key=${encodeURIComponent(provider)}`;
+            const resp = await fetch(managedUrl, {
+                headers: { Authorization: `Bearer ${this.opts.managedOAuthSecretKey}` },
+            });
+            if (!resp.ok)
+                throw new Error(`Managed OAuth connection lookup failed (${resp.status})`);
+            managedConnection = await resp.json();
+        }
+        catch (error) {
+            console.error('Failed to fetch connection details from managed OAuth gateway:', error);
+            throw new HttpError(502, 'Failed to retrieve connection details from managed OAuth gateway.');
+        }
+        const providerId = provider;
+        const providerCfg = PROVIDERS[providerId];
+        const creds = managedConnection.credentials || {};
+        const userAccessToken = creds.access_token || creds.oauth_token || creds.token;
+        if (!providerCfg)
+            throw new HttpError(501, `Provider '${providerId}' is not configured in the server proxy.`);
+        const baseUrl = typeof providerCfg.baseUrl === 'function'
+            ? providerCfg.baseUrl(integration, creds)
+            : providerCfg.baseUrl;
+        const finalUrl = joinWithoutDuplicateSegments(baseUrl, path);
+        try {
+            const preparedInit = { ...init };
+            if (preparedInit.body !== undefined && typeof preparedInit.body !== 'string') {
+                preparedInit.body = JSON.stringify(preparedInit.body);
+                preparedInit.headers = {
+                    'Content-Type': 'application/json',
+                    ...preparedInit.headers,
+                };
+            }
+            if (providerId === 'trello') {
+                if (!this.opts.trelloApiKey)
+                    throw new HttpError(500, 'Trello API key is not configured.');
+                const queryParams = new URLSearchParams({
+                    ...providerCfg.makeAuth(userAccessToken, this.opts.trelloApiKey),
+                }).toString();
+                const urlWithAuth = finalUrl + (finalUrl.includes('?') ? '&' : '?') + queryParams;
+                const response = await fetch(urlWithAuth, { ...preparedInit, method: preparedInit.method || 'GET' });
+                if (!response.ok) {
+                    const contentType = response.headers.get('content-type') || '';
+                    let bodyText = '';
+                    try {
+                        bodyText = contentType.includes('json') ? JSON.stringify(await response.json()) : await response.text();
+                    }
+                    catch { }
+                    const hint = getErrorHint(response.status, providerId, bodyText);
+                    const hintSuffix = hint ? ` ${hint}` : '';
+                    throw new HttpError(response.status, `Failed to proxy request to ${providerId}.${hintSuffix}`, {
+                        status: response.status,
+                        url: urlWithAuth,
+                        contentType,
+                        body: bodyText?.slice(0, 4000),
+                    });
+                }
+                return response;
+            }
+            const response = await fetch(finalUrl, {
+                ...preparedInit,
+                method: preparedInit.method || 'GET',
+                headers: {
+                    ...preparedInit.headers,
+                    ...providerCfg.makeAuth(userAccessToken),
+                },
+            });
+            if (!response.ok) {
+                const contentType = response.headers.get('content-type') || '';
+                let bodyText = '';
+                try {
+                    bodyText = contentType.includes('json') ? JSON.stringify(await response.json()) : await response.text();
+                }
+                catch { }
+                const hint = getErrorHint(response.status, providerId, bodyText);
+                const hintSuffix = hint ? ` ${hint}` : '';
+                throw new HttpError(response.status, `Failed to proxy request to ${providerId}.${hintSuffix}`, {
+                    status: response.status,
+                    url: finalUrl,
+                    contentType,
+                    body: bodyText?.slice(0, 4000),
+                });
+            }
+            return response;
+        }
+        catch (error) {
+            console.error(`Error proxying request to ${providerId}:`, error);
+            if (error && typeof error === 'object' && 'statusCode' in error)
+                throw error;
+            throw new HttpError(500, `Failed to proxy request to ${providerId}.`, error?.message);
+        }
+    }
+}
+//# sourceMappingURL=proxy.js.map

package/dist/integrations/proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy.js","sourceRoot":"","sources":["../../src/integrations/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAElD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AACjD,OAAO,EAAE,+BAA+B,EAAE,MAAM,qCAAqC,CAAA;AACrF,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAgBhE,SAAS,YAAY,CAAC,MAAc,EAAE,QAAgB,EAAE,QAAgB;IACtE,MAAM,QAAQ,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;IAC/C,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACnB,IAAI,QAAQ;YACV,OAAO,4KAA4K,CAAA;QACrL,OAAO,4EAA4E,CAAA;IACrF,CAAC;IACD,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACnB,IAAI,QAAQ;YACV,OAAO,0MAA0M,CAAA;QACnN,OAAO,+FAA+F,CAAA;IACxG,CAAC;IACD,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACnB,IAAI,QAAQ;YACV,OAAO,yOAAyO,CAAA;QAClP,OAAO,uEAAuE,CAAA;IAChF,CAAC;IACD,IAAI,MAAM,KAAK,GAAG;QAChB,OAAO,uHAAuH,CAAA;IAChI,IAAI,MAAM,KAAK,GAAG;QAChB,OAAO,iGAAiG,CAAA;IAC1G,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACnB,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC;YACzE,OAAO,sEAAsE,CAAA;QAC/E,IAAI,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC;YAC1E,OAAO,8GAA8G,CAAA;QACvH,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC/B,OAAO,+EAA+E,CAAA;QACxF,OAAO,mJAAmJ,CAAA;IAC5J,CAAC;IACD,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;QAClC,OAAO,sHAAsH,CAAA;IAC/H,OAAO,EAAE,CAAA;AACX,CAAC;AAED,SAAS,kBAAkB,CAAC,aAAqB;IAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAA;IAC/C,MAAM,IAAI,GAAG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;IACvE,OAAO,oBAAoB,IAAI,iBAAiB,kBAAkB,CAAC,aAAa,CAAC,EAAE,CAAA;AACrF,CAAC;AAED,MAAM,OAAO,gBAAgB;IACE;IAA7B,YAA6B,OAAgC,EAAE;QAAlC,SAAI,GAAJ,IAAI,CAA8B;IAAG,CAAC;IAEnE,KAAK,CAAC,IAAI,CAAC,WAA4B,EAAE,IAAY,EAAE,OAAoB,EAAE;QAC3E,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,WAAW,CAAA;QAEpD,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI;YACpB,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,iCAAiC,CAAC,CAAA;QAE7D,MAAM,4BAA4B,GAAG,CAAC,OAAe,EAAE,OAAe,EAAU,EAAE;YAChF,IAAI,QAAQ,GAAG,OAAO,IAAI,EAAE,CAAA;YAC5B,IAAI,SAAS,GAAG,EAAE,CAAA;YAClB,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YACpC,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;gBAChB,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;gBACtC,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;YACtC,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAA;gBAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;gBACzD,MAAM,QAAQ,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;gBAE7D,IAAI,OAAO,GAAG,CAAC,CAAA;gBACf,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAA;gBACvD,KAAK,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC/B,IAAI,EAAE,GAAG,IAAI,CAAA;oBACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC3B,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;4BAAC,EAAE,GAAG,KAAK,CAAC;4BAAC,MAAK;wBAAC,CAAC;oBAC9E,CAAC;oBACD,IAAI,EAAE,EAAE,CAAC;wBAAC,OAAO,GAAG,CAAC,CAAC;wBAAC,MAAK;oBAAC,CAAC;gBAChC,CAAC;gBAED,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA;gBAChF,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAA;gBAC9B,MAAM,UAAU,GAAG,GAAG,UAAU,GAAG,cAAc,EAAE,CAAA;gBACnD,OAAO,SAAS,CAAC,CAAC,CAAC,GAAG,UAAU,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,UAAU,CAAA;YAC9D,CAAC;YACD,MAAM,CAAC;gBACL,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;gBAC/C,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;gBAChE,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;gBACxD,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;gBACxD,IAAI,OAAO,GAAG,CAAC,CAAA;gBACf,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAA;gBACzD,KAAK,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC/B,IAAI,EAAE,GAAG,IAAI,CAAA;oBACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC3B,IAAI,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;4BAAC,EAAE,GAAG,KAAK,CAAC;4BAAC,MAAK;wBAAC,CAAC;oBACjF,CAAC;oBACD,IAAI,EAAE,EAAE,CAAC;wBAAC,OAAO,GAAG,CAAC,CAAC;wBAAC,MAAK;oBAAC,CAAC;gBAChC,CAAC;gBACD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,SAAS,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA;gBAC1E,OAAO,SAAS,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,MAAM,CAAA;YACtD,CAAC;QACH,CAAC,CAAA;QAED,MAAM,eAAe,GAAG,WAAW,CAAC,gBAAgB,KAAK,aAAa,CAAA;QACtE,IAAI,eAAe,EAAE,CAAC;YACpB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe;gBAC5B,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,uCAAuC,CAAC,CAAA;YAEnE,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAA;YACnC,IAAI,CAAC,OAAO;gBACV,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,yDAAyD,CAAC,CAAA;YAErF,MAAM,YAAY,GAAG,WAAW,CAAC,YAAY,CAAA;YAC7C,IAAI,CAAC,YAAY;gBACf,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,8DAA8D,CAAC,CAAA;YAE1F,0FAA0F;YAC1F,MAAM,WAAW,GAAG,+BAA+B,CAAC,QAAQ,CAAC,CAAA;YAC7D,MAAM,OAAO,GAAiC,WAAW;mBACpD,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,EAAE,OAAO,CAAC,IAAI,CACnD,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAA;YACnE,IAAI,CAAC,OAAO;gBACV,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,aAAa,QAAQ,gDAAgD,CAAC,CAAA;YAEjG,MAAM,UAAU,GAAG,WAAW,CAAC,iBAAiB,IAAI,OAAO,CAAC,cAAc,CAAA;YAC1E,MAAM,OAAO,GAA6C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;mBACjF,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;YAC7C,IAAI,CAAC,OAAO;gBACV,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,YAAY,UAAU,6BAA6B,QAAQ,IAAI,CAAC,CAAA;YAE3F,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;YACnF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,aAAa,GAAG,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;gBACxD,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,4DAA4D,aAAa,qBAAqB,EAAE;oBACvH,MAAM,EAAE,qBAAqB;oBAC7B,cAAc,EAAE,aAAa;iBAC9B,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,eAAe,GAAG,CAAC,QAAgB,EAAU,EAAE;gBACnD,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,yBAAyB,EAAE,CAAC,EAAU,EAAE,IAAY,EAAE,EAAE;oBACtF,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;oBAC3B,+EAA+E;oBAC/E,0CAA0C;oBAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAA;oBACrD,IAAI,WAAW,EAAE,CAAC;wBAChB,MAAM,UAAU,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;wBACjC,IAAI,UAAU,KAAK,SAAS;4BAC1B,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,uCAAuC,OAAO,IAAI,CAAC,CAAA;wBAC9E,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;wBAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;4BAChC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;4BACrB,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gCAClF,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;4BACvB,MAAM,CAAC,GAAI,KAAa,CAAC,CAAC,CAAC,CAAA;4BAC3B,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI;gCAC/B,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,6BAA6B,CAAC,IAAI,CAAC,CAAA;4BAC9D,OAAO,MAAM,CAAC,CAAC,CAAC,CAAA;wBAClB,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;wBACX,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;oBACjD,CAAC;oBACD,yBAAyB;oBACzB,MAAM,CAAC,GAAI,KAAa,CAAC,OAAO,CAAC,CAAA;oBACjC,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI;wBAC/B,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,6BAA6B,OAAO,IAAI,CAAC,CAAA;oBACpE,OAAO,MAAM,CAAC,CAAC,CAAC,CAAA;gBAClB,CAAC,CAAC,CAAA;YACJ,CAAC,CAAA;YAED,8FAA8F;YAC9F,MAAM,OAAO,GAAG,CAAC,GAAG,EAAE;gBACpB,IAAI,OAAO,CAAC,eAAe;oBACzB,OAAO,eAAe,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;gBACjD,IAAI,OAAO,CAAC,OAAO;oBACjB,OAAO,OAAO,CAAC,OAAO,CAAA;gBACxB,yFAAyF;gBACzF,MAAM,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAA;gBACvC,IAAI,WAAW,EAAE,CAAC;oBAChB,OAAO,OAAO,WAAW,CAAC,OAAO,KAAK,UAAU;wBAC9C,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,EAAE,OAAc,CAAC;wBACzD,CAAC,CAAC,WAAW,CAAC,OAAO,CAAA;gBACzB,CAAC;gBACD,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,wCAAwC,QAAQ,IAAI,CAAC,CAAA;YAChF,CAAC,CAAC,EAAE,CAAA;YAEJ,MAAM,UAAU,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI,EAAE,CAAA;YAE1F,+EAA+E;YAC/E,IAAI,UAAU,CAAC,UAAU,KAAK,wBAAwB,EAAE,CAAC;gBACvD,MAAM,kBAAkB,GAAI,KAAa,CAAC,kBAAkB,CAAA;gBAC5D,IAAI,CAAC,kBAAkB;oBACrB,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,gBAAgB,QAAQ,+EAA+E,CAAC,CAAA;gBAEnI,MAAM,OAAO,GAAG,OAAQ,KAAa,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAE,KAAa,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;gBAE/F,MAAM,SAAS,GAAI,KAAa,CAAC,MAAM,CAAA;gBACvC,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;oBAC9C,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;oBACtD,CAAC,CAAC,CAAC,OAAO,SAAS,KAAK,QAAQ;wBAC5B,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;wBAC/D,CAAC,CAAC,EAAE,CAAC,CAAA;gBAEX,MAAM,aAAa,GAA6B;oBAC9C,cAAc,EAAE,CAAC,8CAA8C,CAAC;oBAChE,aAAa,EAAE,CAAC,2CAA2C,EAAE,uCAAuC,CAAC;oBACrG,eAAe,EAAE,CAAC,+CAA+C,EAAE,uCAAuC,CAAC;oBAC3G,iBAAiB,EAAE,CAAC,0CAA0C,CAAC;oBAC/D,cAAc,EAAE,CAAC,uCAAuC,CAAC;oBACzD,cAAc,EAAE,CAAC,0BAA0B,CAAC;iBAC7C,CAAA;gBACD,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAA;gBACzF,IAAI,CAAC,MAAM,CAAC,MAAM;oBAChB,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,gDAAgD,QAAQ,IAAI,CAAC,CAAA;gBAExF,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAChF;gBAAC,KAAa,CAAC,KAAK,GAAG,KAAK,CAAA;YAC/B,CAAC;YAED,MAAM,eAAe,GAA2B,EAAE,CAAA;YAClD,MAAM,aAAa,GAAG,IAAI,eAAe,EAAE,CAAA;YAE3C,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBACrC,MAAM,QAAQ,GAAI,KAAa,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;gBAC9D,MAAM,QAAQ,GAAI,KAAa,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;gBAC9D,IAAI,QAAQ,IAAI,IAAI,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;oBACzC,MAAM,IAAI,SAAS,CACjB,GAAG,EACH,8CAA8C,UAAU,CAAC,IAAI,CAAC,aAAa,aAAa,UAAU,CAAC,IAAI,CAAC,aAAa,IAAI,CAC1H,CAAA;gBACH,CAAC;gBACD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;gBACvE,eAAe,CAAC,aAAa,GAAG,SAAS,KAAK,EAAE,CAAA;YAClD,CAAC;iBACI,CAAC;gBACJ,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,IAAI,EAAE,CAAC;oBAC3E,eAAe,CAAC,CAAC,CAAC,GAAG,eAAe,CAAC,CAAQ,CAAC,CAAA;gBAChD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE,CAAC;oBACzE,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,eAAe,CAAC,CAAQ,CAAC,CAAC,CAAA;YACnD,CAAC;YAED,IAAI,QAAQ,GAAG,4BAA4B,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;YAErE,MAAM,WAAW,GAAG,aAAa,CAAC,QAAQ,EAAE,CAAA;YAC5C,IAAI,WAAW;gBACb,QAAQ,GAAG,QAAQ,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,WAAW,CAAA;YAE1E,MAAM,YAAY,GAAgB,EAAE,GAAG,IAAI,EAAE,CAAA;YAC7C,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,YAAY,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7E,YAAY,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;gBACrD,YAAY,CAAC,OAAO,GAAG;oBACrB,cAAc,EAAE,kBAAkB;oBAClC,GAAG,YAAY,CAAC,OAAO;iBACxB,CAAA;YACH,CAAC;YAED,MAAM,MAAM,GAAG,CAAC,CAAS,EAAU,EAAE;gBACnC,IAAI,GAAG,GAAG,CAAC,CAAA;gBACX,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;oBACvC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM;wBACvC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;gBACpC,CAAC;gBACD,OAAO,GAAG,CAAA;YACZ,CAAC,CAAA;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBACrC,GAAG,YAAY;gBACf,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,KAAK;gBACpC,OAAO,EAAE;oBACP,GAAG,YAAY,CAAC,OAAO;oBACvB,GAAG,eAAe;iBACnB;aACF,CAAC,CAAA;YACF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;gBAC9D,IAAI,QAAQ,GAAG,EAAE,CAAA;gBACjB,IAAI,CAAC;oBACH,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;gBACzG,CAAC;gBACD,MAAM,CAAC,CAAA,CAAC;gBACR,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAA;gBAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;gBACzC,MAAM,aAAa,GAAG,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;gBACxD,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,KAAK,GAAG;oBACzC,CAAC,CAAC,GAAG,IAAI,SAAS,aAAa,kBAAkB;oBACjD,CAAC,CAAC,IAAI,CAAA;gBACR,MAAM,iBAAiB,GAAG,WAAW,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;gBAC9D,MAAM,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,8BAA8B,QAAQ,KAAK,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU,EAAE,EAAE;oBAC9M,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC;oBACrB,WAAW;oBACX,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;oBAC9B,GAAG,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,qBAAqB,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACrG,CAAC,CAAA;YACJ,CAAC;YACD,OAAO,QAAQ,CAAA;QACjB,CAAC;QAED,yDAAyD;QACzD,IAAI,CAAC,YAAY;YACf,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,2BAA2B,CAAC,CAAA;QACvD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB;YACpE,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,kDAAkD,CAAC,CAAA;QAE9E,IAAI,iBAAsB,CAAA;QAC1B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,mBAAmB,eAAe,kBAAkB,CAAC,YAAY,CAAC,wBAAwB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAA;YACxJ,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;gBACnC,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE;aACxE,CAAC,CAAA;YACF,IAAI,CAAC,IAAI,CAAC,EAAE;gBACV,MAAM,IAAI,KAAK,CAAC,2CAA2C,IAAI,CAAC,MAAM,GAAG,CAAC,CAAA;YAC5E,iBAAiB,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAA;QACvC,CAAC;QACD,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,gEAAgE,EAAE,KAAK,CAAC,CAAA;YACtF,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,mEAAmE,CAAC,CAAA;QAC/F,CAAC;QAED,MAAM,UAAU,GAAG,QAAQ,CAAA;QAC3B,MAAM,WAAW,GAAG,SAAS,CAAC,UAAU,CAAC,CAAA;QACzC,MAAM,KAAK,GAAG,iBAAiB,CAAC,WAAW,IAAI,EAAE,CAAA;QACjD,MAAM,eAAe,GAAG,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,KAAK,CAAA;QAE9E,IAAI,CAAC,WAAW;YACd,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,aAAa,UAAU,0CAA0C,CAAC,CAAA;QAE7F,MAAM,OAAO,GAAG,OAAO,WAAW,CAAC,OAAO,KAAK,UAAU;YACvD,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,CAAC;YACzC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAA;QACvB,MAAM,QAAQ,GAAG,4BAA4B,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;QAE5D,IAAI,CAAC;YACH,MAAM,YAAY,GAAgB,EAAE,GAAG,IAAI,EAAE,CAAA;YAE7C,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,YAAY,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7E,YAAY,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;gBACrD,YAAY,CAAC,OAAO,GAAG;oBACrB,cAAc,EAAE,kBAAkB;oBAClC,GAAG,YAAY,CAAC,OAAO;iBACxB,CAAA;YACH,CAAC;YAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;gBAC5B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY;oBACzB,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,mCAAmC,CAAC,CAAA;gBAE/D,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC;oBACtC,GAAG,WAAW,CAAC,QAAQ,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC;iBACjE,CAAC,CAAC,QAAQ,EAAE,CAAA;gBAEb,MAAM,WAAW,GAAG,QAAQ,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,WAAW,CAAA;gBACjF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,GAAG,YAAY,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,CAAA;gBACpG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;oBAC9D,IAAI,QAAQ,GAAG,EAAE,CAAA;oBACjB,IAAI,CAAC;wBACH,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;oBACzG,CAAC;oBACD,MAAM,CAAC,CAAA,CAAC;oBACR,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAA;oBAChE,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;oBACzC,MAAM,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,8BAA8B,UAAU,IAAI,UAAU,EAAE,EAAE;wBAC7F,MAAM,EAAE,QAAQ,CAAC,MAAM;wBACvB,GAAG,EAAE,WAAW;wBAChB,WAAW;wBACX,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;qBAC/B,CAAC,CAAA;gBACJ,CAAC;gBACD,OAAO,QAAQ,CAAA;YACjB,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBACrC,GAAG,YAAY;gBACf,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,KAAK;gBACpC,OAAO,EAAE;oBACP,GAAG,YAAY,CAAC,OAAO;oBACvB,GAAG,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC;iBACzC;aACF,CAAC,CAAA;YACF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;gBAC9D,IAAI,QAAQ,GAAG,EAAE,CAAA;gBACjB,IAAI,CAAC;oBACH,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;gBACzG,CAAC;gBACD,MAAM,CAAC,CAAA,CAAC;gBACR,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAA;gBAChE,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;gBACzC,MAAM,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,8BAA8B,UAAU,IAAI,UAAU,EAAE,EAAE;oBAC7F,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,GAAG,EAAE,QAAQ;oBACb,WAAW;oBACX,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;iBAC/B,CAAC,CAAA;YACJ,CAAC;YACD,OAAO,QAAQ,CAAA;QACjB,CAAC;QACD,OAAO,KAAU,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,6BAA6B,UAAU,GAAG,EAAE,KAAK,CAAC,CAAA;YAChE,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,YAAY,IAAI,KAAK;gBAC7D,MAAM,KAAK,CAAA;YACb,MAAM,IAAI,SAAS,CAAC,GAAG,EAAE,8BAA8B,UAAU,GAAG,EAAG,KAAa,EAAE,OAAO,CAAC,CAAA;QAChG,CAAC;IACH,CAAC;CACF"}

package/dist/integrations/sandbox.d.ts

@@ -0,0 +1,8 @@
+import type { SandboxUtils } from './sandboxUtils.js';
+export declare function loadWorkflowModule(source: string, getIntegration?: Function): Promise<any>;
+export declare function createSafeHandlerFromString(handlerString: string, getIntegration: Function, utils?: SandboxUtils): (args: any) => Promise<{
+    success: boolean;
+    result: any;
+    logs: string[];
+}>;
+//# sourceMappingURL=sandbox.d.ts.map

package/dist/integrations/sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../src/integrations/sandbox.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAerD,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAkFhG;AAED,wBAAgB,2BAA2B,CACzC,aAAa,EAAE,MAAM,EACrB,cAAc,EAAE,QAAQ,EACxB,KAAK,CAAC,EAAE,YAAY,GACnB,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,GAAG,CAAC;IAAC,IAAI,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CA0E3E"}

package/dist/integrations/sandbox.js

@@ -0,0 +1,221 @@
+import { URL, URLSearchParams } from 'node:url';
+import vm from 'node:vm';
+import * as zodLib from 'zod';
+function makeSyntheticFromObject(pkg, context) {
+    const exportNames = Array.from(new Set(['default', ...Object.keys(pkg)]));
+    return new vm.SyntheticModule(exportNames, function () {
+        this.setExport('default', pkg);
+        for (const key of Object.keys(pkg))
+            this.setExport(key, pkg[key]);
+    }, { context });
+}
+const ALLOWED_PACKAGES = {
+    zod: zodLib,
+};
+export async function loadWorkflowModule(source, getIntegration) {
+    const realConsole = console;
+    const isolatedConsole = {
+        log: (...args) => realConsole.log(...args),
+        info: (...args) => realConsole.info(...args),
+        warn: (...args) => realConsole.warn(...args),
+        error: (...args) => realConsole.error(...args),
+        debug: (...args) => realConsole.debug?.(...args) ?? realConsole.log(...args),
+    };
+    const safeAtob = (base64String) => {
+        if (typeof base64String !== 'string')
+            throw new TypeError('atob expects a string');
+        try {
+            const buffer = Buffer.from(base64String, 'base64');
+            return buffer.toString('binary');
+        }
+        catch {
+            throw new Error('Invalid base64 string');
+        }
+    };
+    const safeEscape = (str) => {
+        return encodeURIComponent(str).replace(/[!'()*]/g, (c) => {
+            return `%${c.charCodeAt(0).toString(16).toUpperCase()}`;
+        });
+    };
+    const safeBtoa = (binaryString) => {
+        if (typeof binaryString !== 'string')
+            throw new TypeError('btoa expects a string');
+        try {
+            const buffer = Buffer.from(binaryString, 'binary');
+            return buffer.toString('base64');
+        }
+        catch {
+            throw new Error('Invalid binary string');
+        }
+    };
+    const context = vm.createContext({
+        console: isolatedConsole,
+        getIntegration: getIntegration || (() => ({ fetch: undefined, post: undefined })),
+        URL,
+        URLSearchParams,
+        atob: safeAtob,
+        btoa: safeBtoa,
+        escape: safeEscape,
+        unescape,
+        decodeURIComponent,
+        encodeURIComponent,
+        fetch: undefined,
+        integrationFetch: undefined,
+        process: undefined,
+        require: undefined,
+        Buffer: undefined,
+        global: undefined,
+        globalThis: undefined,
+        setImmediate: undefined,
+        setInterval: undefined,
+        setTimeout: undefined,
+        clearImmediate: undefined,
+        clearInterval: undefined,
+        clearTimeout: undefined,
+        eval: undefined,
+        Function: undefined,
+    });
+    const userModule = new vm.SourceTextModule(source, { context });
+    const moduleCache = {};
+    await userModule.link((specifier) => {
+        const pkg = ALLOWED_PACKAGES[specifier];
+        if (!pkg)
+            throw new Error(`Import "${specifier}" is not allowed in workflow modules.`);
+        if (!moduleCache[specifier])
+            moduleCache[specifier] = makeSyntheticFromObject(pkg, context);
+        return moduleCache[specifier];
+    });
+    await userModule.evaluate({ timeout: 5000 });
+    return userModule.namespace;
+}
+export function createSafeHandlerFromString(handlerString, getIntegration, utils) {
+    const realConsole = console;
+    const isolatedConsole = {
+        log: (...args) => realConsole.log(...args),
+        info: (...args) => realConsole.info(...args),
+        warn: (...args) => realConsole.warn(...args),
+        error: (...args) => realConsole.error(...args),
+        debug: (...args) => realConsole.debug?.(...args) ?? realConsole.log(...args),
+    };
+    const safeAtob = (base64String) => {
+        if (typeof base64String !== 'string')
+            throw new TypeError('atob expects a string');
+        try {
+            const buffer = Buffer.from(base64String, 'base64');
+            return buffer.toString('binary');
+        }
+        catch {
+            throw new Error('Invalid base64 string');
+        }
+    };
+    const safeBtoa = (binaryString) => {
+        if (typeof binaryString !== 'string')
+            throw new TypeError('btoa expects a string');
+        try {
+            const buffer = Buffer.from(binaryString, 'binary');
+            return buffer.toString('base64');
+        }
+        catch {
+            throw new Error('Invalid binary string');
+        }
+    };
+    const safeEscape = (str) => {
+        return encodeURIComponent(str).replace(/[!'()*]/g, (c) => {
+            return `%${c.charCodeAt(0).toString(16).toUpperCase()}`;
+        });
+    };
+    const context = vm.createContext({
+        console: isolatedConsole,
+        getIntegration,
+        utils: utils || {},
+        module: {},
+        URL,
+        URLSearchParams,
+        atob: safeAtob,
+        btoa: safeBtoa,
+        escape: safeEscape,
+        unescape,
+        decodeURIComponent,
+        encodeURIComponent,
+        fetch: undefined,
+        integrationFetch: undefined,
+        process: undefined,
+        require: undefined,
+        Buffer: undefined,
+        global: undefined,
+        globalThis: undefined,
+        setImmediate: undefined,
+        setInterval: undefined,
+        setTimeout: undefined,
+        clearImmediate: undefined,
+        clearInterval: undefined,
+        clearTimeout: undefined,
+        eval: undefined,
+        Function: undefined,
+    });
+    const code = `module.exports = async function(input) { return (${handlerString})(input) }`;
+    const script = new vm.Script(code);
+    script.runInContext(context);
+    return withLogging(context.module.exports, isolatedConsole);
+}
+function withLogging(handler, vmConsole) {
+    function safeSerializeForLog(value) {
+        if (typeof value === 'string')
+            return value;
+        try {
+            if (value && typeof value === 'object' && typeof value.json === 'function' && typeof value.text === 'function') {
+                const resp = value;
+                const summary = {
+                    type: 'FetchResponse',
+                    ok: !!resp.ok,
+                    status: resp.status,
+                    statusText: resp.statusText,
+                    url: resp.url,
+                    bodyUsed: !!resp.bodyUsed,
+                };
+                return JSON.stringify(summary);
+            }
+            return JSON.stringify(value);
+        }
+        catch {
+            try {
+                return String(value);
+            }
+            catch {
+                return '[Unserializable]';
+            }
+        }
+    }
+    return async function wrappedHandler(args) {
+        const logs = [];
+        const originalLog = vmConsole.log;
+        try {
+            vmConsole.log = (...args2) => {
+                const line = args2.map(a => safeSerializeForLog(a)).join(' ');
+                if (logs.join('\n').length < 10_000)
+                    logs.push(line);
+                originalLog.apply(vmConsole, args2);
+            };
+            const result = await handler(args);
+            return { success: true, result, logs };
+        }
+        catch (err) {
+            logs.push(err?.stack || String(err));
+            // Serialize Error objects into plain objects so JSON.stringify captures all fields
+            // including message (which is non-enumerable on Error).
+            const result = (err && typeof err === 'object')
+                ? {
+                    ...err,
+                    message: err.message,
+                    ...(err.statusCode !== undefined ? { statusCode: err.statusCode } : {}),
+                    ...(err.data !== undefined ? { data: err.data } : {}),
+                }
+                : err;
+            return { success: false, result, logs };
+        }
+        finally {
+            vmConsole.log = originalLog;
+        }
+    };
+}
+//# sourceMappingURL=sandbox.js.map