@cyanheads/mcp-ts-core 0.8.7 → 0.8.9

package/dist/canvas/core/DataCanvas.js

@@ -0,0 +1,85 @@
+/**
+ * @fileoverview User-facing DataCanvas service. Wraps the provider and registry
+ * with debug logging and tenant-id resolution; the registry handles TTL,
+ * caps, and provider-keying. Mirrors the StorageService surface pattern but
+ * stays OTel-free in v1 (per issue #97 scope).
+ * @module src/canvas/core/DataCanvas
+ */
+import { JsonRpcErrorCode, McpError } from '../../types-global/errors.js';
+import { logger } from '../../utils/internal/logger.js';
+import { CanvasInstance } from './CanvasInstance.js';
+/**
+ * Resolve the effective tenant ID from the context, throwing when absent.
+ * Mirrors `requireTenantId` in StorageService — canvas operations are
+ * tenant-scoped by construction.
+ */
+function requireTenantId(context) {
+    const tenantId = context.tenantId;
+    if (tenantId === undefined || tenantId === null || tenantId === '') {
+        throw new McpError(JsonRpcErrorCode.InternalError, 'Tenant ID is required for canvas operations but was not found in the request context.', { operation: context.operation || 'DataCanvas.acquire', requestId: context.requestId });
+    }
+    return tenantId;
+}
+/**
+ * Service entry point for the DataCanvas primitive. Returned from
+ * `core.canvas` on `CoreServices` when a canvas provider is configured.
+ *
+ * @example
+ * ```ts
+ * const canvas = await core.canvas!.acquire(input.canvas_id, ctx);
+ * await canvas.registerTable('germplasm', rows);
+ * const result = await canvas.query('SELECT name FROM germplasm LIMIT 10');
+ * return { canvas_id: canvas.canvasId, expires_at: canvas.expiresAt, ... };
+ * ```
+ */
+export class DataCanvas {
+    provider;
+    registry;
+    constructor(provider, registry) {
+        this.provider = provider;
+        this.registry = registry;
+        logger.info(`DataCanvas initialized with provider: ${provider.name}`);
+    }
+    /**
+     * Resolve an existing canvas or create a new one. The returned
+     * {@link CanvasInstance} captures `(canvasId, tenantId)` so subsequent
+     * operations don't need to repeat them.
+     */
+    async acquire(maybeId, context, _options) {
+        const tenantId = requireTenantId(context);
+        const result = await this.registry.acquire(maybeId, tenantId, context);
+        logger.debug('Canvas acquired.', {
+            ...context,
+            canvasId: result.canvasId,
+            tenantId,
+            isNew: result.isNew,
+        });
+        return new CanvasInstance(result.canvasId, result.tenantId, result.isNew, result.expiresAt, this.registry, this.provider, context);
+    }
+    /**
+     * Drop a canvas explicitly. Returns true when the canvas existed and was
+     * destroyed.
+     */
+    async drop(canvasId, context) {
+        const tenantId = requireTenantId(context);
+        return await this.registry.drop(canvasId, tenantId, context);
+    }
+    /** Active canvas count for the calling tenant. */
+    countForTenant(context) {
+        const tenantId = requireTenantId(context);
+        return this.registry.countForTenant(tenantId);
+    }
+    /** Liveness check on the underlying provider. */
+    healthCheck() {
+        return this.provider.healthCheck();
+    }
+    /** Tear down the registry and provider. Called from `ServerHandle.shutdown()`. */
+    async shutdown(context) {
+        await this.registry.shutdown(context);
+    }
+    /** @internal Surface the underlying provider for advanced use cases. */
+    getProvider() {
+        return this.provider;
+    }
+}
+//# sourceMappingURL=DataCanvas.js.map

package/dist/canvas/core/DataCanvas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DataCanvas.js","sourceRoot":"","sources":["../../../src/canvas/core/DataCanvas.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAGpD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAIrD;;;;GAIG;AACH,SAAS,eAAe,CAAC,OAAuB;IAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,IAAI,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;QACnE,MAAM,IAAI,QAAQ,CAChB,gBAAgB,CAAC,aAAa,EAC9B,uFAAuF,EACvF,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,oBAAoB,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CACvF,CAAC;IACJ,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,UAAU;IAEF;IACA;IAFnB,YACmB,QAA6B,EAC7B,QAAwB;QADxB,aAAQ,GAAR,QAAQ,CAAqB;QAC7B,aAAQ,GAAR,QAAQ,CAAgB;QAEzC,MAAM,CAAC,IAAI,CAAC,yCAAyC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IACxE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CACX,OAA2B,EAC3B,OAAuB,EACvB,QAAyB;QAEzB,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE;YAC/B,GAAG,OAAO;YACV,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ;YACR,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,cAAc,CACvB,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,KAAK,EACZ,MAAM,CAAC,SAAS,EAChB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,QAAgB,EAAE,OAAuB;QAClD,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC1C,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC/D,CAAC;IAED,kDAAkD;IAClD,cAAc,CAAC,OAAuB;QACpC,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,iDAAiD;IACjD,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACrC,CAAC;IAED,kFAAkF;IAClF,KAAK,CAAC,QAAQ,CAAC,OAAuB;QACpC,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IAED,wEAAwE;IACxE,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CACF"}

package/dist/canvas/core/IDataCanvasProvider.d.ts

@@ -0,0 +1,47 @@
+/**
+ * @fileoverview Engine-level provider interface for the DataCanvas primitive.
+ * Implementations own the physical resources backing each canvas (e.g. one
+ * DuckDB instance per canvasId) and expose register/query/export/describe
+ * operations keyed by canvasId. The lifecycle wrapper ({@link CanvasRegistry})
+ * keys these calls by `(tenantId, canvasId)` and enforces TTL/caps.
+ * @module src/canvas/core/IDataCanvasProvider
+ */
+import type { RequestContext } from '../../utils/internal/requestContext.js';
+import type { DescribeOptions, ExportOptions, ExportResult, ExportTarget, QueryOptions, QueryResult, RegisterRows, RegisterTableOptions, RegisterTableResult, TableInfo } from '../types.js';
+/**
+ * Engine-level contract. The lifecycle wrapper guarantees `canvasId` is
+ * already validated and authorized for the caller's tenant before any of
+ * these methods are invoked, so providers may treat `canvasId` as opaque
+ * and trusted.
+ */
+export interface IDataCanvasProvider {
+    /** Drop every table on the canvas. Returns the number dropped. */
+    clear(canvasId: string, context: RequestContext): Promise<number>;
+    /** Describe one or all tables on the canvas. */
+    describe(canvasId: string, context: RequestContext, options?: DescribeOptions): Promise<TableInfo[]>;
+    /**
+     * Release engine resources for a canvas. After this call, further ops on
+     * the canvas throw `NotFound`.
+     */
+    destroyCanvas(canvasId: string, context: RequestContext): Promise<void>;
+    /** Drop a single canvas table. Returns `true` when found and removed. */
+    drop(canvasId: string, name: string, context: RequestContext): Promise<boolean>;
+    /** Export a canvas table to a file or stream target. */
+    export(canvasId: string, tableName: string, target: ExportTarget, context: RequestContext, options?: ExportOptions): Promise<ExportResult>;
+    /** Liveness check on the underlying engine. */
+    healthCheck(): Promise<boolean>;
+    /**
+     * Allocate engine resources for a new canvas. Idempotent — calling twice
+     * with the same id is a no-op.
+     */
+    initCanvas(canvasId: string, context: RequestContext): Promise<void>;
+    /** Provider name (e.g. `'duckdb'`). Used in logs and health output. */
+    readonly name: string;
+    /** Run a SQL query against the canvas. Read-only enforcement is the gate's job. */
+    query(canvasId: string, sql: string, context: RequestContext, options?: QueryOptions): Promise<QueryResult>;
+    /** Register a table on the canvas from in-memory or async iterator rows. */
+    registerTable(canvasId: string, name: string, rows: RegisterRows, context: RequestContext, options?: RegisterTableOptions): Promise<RegisterTableResult>;
+    /** Tear down all engine resources. Called from `ServerHandle.shutdown()`. */
+    shutdown(): Promise<void>;
+}
+//# sourceMappingURL=IDataCanvasProvider.d.ts.map

package/dist/canvas/core/IDataCanvasProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IDataCanvasProvider.d.ts","sourceRoot":"","sources":["../../../src/canvas/core/IDataCanvasProvider.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,KAAK,EACV,eAAe,EACf,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACV,MAAM,aAAa,CAAC;AAErB;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,kEAAkE;IAClE,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAElE,gDAAgD;IAChD,QAAQ,CACN,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,cAAc,EACvB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAExB;;;OAGG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAExE,yEAAyE;IACzE,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEhF,wDAAwD;IACxD,MAAM,CACJ,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE,cAAc,EACvB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,YAAY,CAAC,CAAC;IAEzB,+CAA+C;IAC/C,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAEhC;;;OAGG;IACH,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACrE,uEAAuE;IACvE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,mFAAmF;IACnF,KAAK,CACH,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,cAAc,EACvB,OAAO,CAAC,EAAE,YAAY,GACrB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB,4EAA4E;IAC5E,aAAa,CACX,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,YAAY,EAClB,OAAO,EAAE,cAAc,EACvB,OAAO,CAAC,EAAE,oBAAoB,GAC7B,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEhC,6EAA6E;IAC7E,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B"}

package/dist/canvas/core/IDataCanvasProvider.js

@@ -0,0 +1,10 @@
+/**
+ * @fileoverview Engine-level provider interface for the DataCanvas primitive.
+ * Implementations own the physical resources backing each canvas (e.g. one
+ * DuckDB instance per canvasId) and expose register/query/export/describe
+ * operations keyed by canvasId. The lifecycle wrapper ({@link CanvasRegistry})
+ * keys these calls by `(tenantId, canvasId)` and enforces TTL/caps.
+ * @module src/canvas/core/IDataCanvasProvider
+ */
+export {};
+//# sourceMappingURL=IDataCanvasProvider.js.map

package/dist/canvas/core/IDataCanvasProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IDataCanvasProvider.js","sourceRoot":"","sources":["../../../src/canvas/core/IDataCanvasProvider.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG"}

package/dist/canvas/core/canvasFactory.d.ts

@@ -0,0 +1,26 @@
+/**
+ * @fileoverview Factory for the optional DataCanvas service. Mirrors the
+ * pattern in `createStorageProvider` — switches on `config.canvas.providerType`,
+ * fails closed in serverless environments for `duckdb`, and returns
+ * `undefined` when canvas is disabled (`'none'`).
+ *
+ * The factory does NOT eager-load `@duckdb/node-api`; the provider lazy-loads
+ * on first use via `lazyImport`. Servers that set `CANVAS_PROVIDER_TYPE=none`
+ * (the default) pay zero install cost.
+ *
+ * @module src/canvas/core/canvasFactory
+ */
+import type { AppConfig } from '../../config/index.js';
+import { DataCanvas } from './DataCanvas.js';
+/**
+ * Construct the canvas service from configuration. Returns `undefined` when
+ * canvas is disabled (`CANVAS_PROVIDER_TYPE=none`), keeping `core.canvas`
+ * `undefined` on `CoreServices` for that case.
+ *
+ * In serverless environments, an explicit `CANVAS_PROVIDER_TYPE=duckdb`
+ * fails closed with a clear ConfigurationError — DuckDB has no V8-isolate
+ * build, so canvas is unavailable on Workers. (Refinement #1 in issue #97 is
+ * about export-path sandboxing, separate from this Worker fail-closed.)
+ */
+export declare function createCanvasService(config: AppConfig): DataCanvas | undefined;
+//# sourceMappingURL=canvasFactory.d.ts.map

package/dist/canvas/core/canvasFactory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canvasFactory.d.ts","sourceRoot":"","sources":["../../../src/canvas/core/canvasFactory.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAOnD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAO7C;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,SAAS,CAkC7E"}

package/dist/canvas/core/canvasFactory.js

@@ -0,0 +1,63 @@
+/**
+ * @fileoverview Factory for the optional DataCanvas service. Mirrors the
+ * pattern in `createStorageProvider` — switches on `config.canvas.providerType`,
+ * fails closed in serverless environments for `duckdb`, and returns
+ * `undefined` when canvas is disabled (`'none'`).
+ *
+ * The factory does NOT eager-load `@duckdb/node-api`; the provider lazy-loads
+ * on first use via `lazyImport`. Servers that set `CANVAS_PROVIDER_TYPE=none`
+ * (the default) pay zero install cost.
+ *
+ * @module src/canvas/core/canvasFactory
+ */
+import { configurationError } from '../../types-global/errors.js';
+import { logger } from '../../utils/internal/logger.js';
+import { requestContextService } from '../../utils/internal/requestContext.js';
+import { DuckdbProvider } from '../providers/duckdb/DuckdbProvider.js';
+import { CanvasRegistry } from './CanvasRegistry.js';
+import { DataCanvas } from './DataCanvas.js';
+/** Evaluated at call time so worker.ts can set IS_SERVERLESS before first use. */
+function isServerless() {
+    return typeof process === 'undefined' || process.env.IS_SERVERLESS === 'true';
+}
+/**
+ * Construct the canvas service from configuration. Returns `undefined` when
+ * canvas is disabled (`CANVAS_PROVIDER_TYPE=none`), keeping `core.canvas`
+ * `undefined` on `CoreServices` for that case.
+ *
+ * In serverless environments, an explicit `CANVAS_PROVIDER_TYPE=duckdb`
+ * fails closed with a clear ConfigurationError — DuckDB has no V8-isolate
+ * build, so canvas is unavailable on Workers. (Refinement #1 in issue #97 is
+ * about export-path sandboxing, separate from this Worker fail-closed.)
+ */
+export function createCanvasService(config) {
+    const providerType = config.canvas.providerType;
+    if (providerType === 'none')
+        return;
+    const context = requestContextService.createRequestContext({
+        operation: 'createCanvasService',
+    });
+    if (providerType === 'duckdb') {
+        if (isServerless()) {
+            throw configurationError('DuckDB canvas requires Node.js or Bun. Set CANVAS_PROVIDER_TYPE=none or omit it for Cloudflare Workers deployment.', context);
+        }
+        logger.info('Creating DuckDB canvas provider', context);
+        const provider = new DuckdbProvider({
+            memoryLimitMb: config.canvas.defaultMemoryLimitMb,
+            exportRootPath: config.canvas.exportRootPath,
+            defaultRowLimit: config.canvas.defaultRowLimit,
+            schemaSniffRows: config.canvas.schemaSniffRows,
+        });
+        const registry = new CanvasRegistry(provider, {
+            ttlMs: config.canvas.ttlMs,
+            absoluteCapMs: config.canvas.absoluteCapMs,
+            maxCanvasesPerTenant: config.canvas.maxCanvasesPerTenant,
+            sweeperIntervalMs: config.canvas.sweeperIntervalMs,
+        });
+        return new DataCanvas(provider, registry);
+    }
+    // Exhaustive check for the providerType union.
+    const exhaustive = providerType;
+    throw configurationError(`Unhandled canvas provider type: ${String(exhaustive)}`, context);
+}
+//# sourceMappingURL=canvasFactory.js.map

package/dist/canvas/core/canvasFactory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canvasFactory.js","sourceRoot":"","sources":["../../../src/canvas/core/canvasFactory.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAE3E,OAAO,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,kFAAkF;AAClF,SAAS,YAAY;IACnB,OAAO,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,MAAM,CAAC;AAChF,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAiB;IACnD,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC;IAChD,IAAI,YAAY,KAAK,MAAM;QAAE,OAAO;IAEpC,MAAM,OAAO,GAAG,qBAAqB,CAAC,oBAAoB,CAAC;QACzD,SAAS,EAAE,qBAAqB;KACjC,CAAC,CAAC;IAEH,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,YAAY,EAAE,EAAE,CAAC;YACnB,MAAM,kBAAkB,CACtB,oHAAoH,EACpH,OAAO,CACR,CAAC;QACJ,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,IAAI,cAAc,CAAC;YAClC,aAAa,EAAE,MAAM,CAAC,MAAM,CAAC,oBAAoB;YACjD,cAAc,EAAE,MAAM,CAAC,MAAM,CAAC,cAAc;YAC5C,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe;YAC9C,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe;SAC/C,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,cAAc,CAAC,QAAQ,EAAE;YAC5C,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK;YAC1B,aAAa,EAAE,MAAM,CAAC,MAAM,CAAC,aAAa;YAC1C,oBAAoB,EAAE,MAAM,CAAC,MAAM,CAAC,oBAAoB;YACxD,iBAAiB,EAAE,MAAM,CAAC,MAAM,CAAC,iBAAiB;SACnD,CAAC,CAAC;QACH,OAAO,IAAI,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAED,+CAA+C;IAC/C,MAAM,UAAU,GAAU,YAAY,CAAC;IACvC,MAAM,kBAAkB,CAAC,mCAAmC,MAAM,CAAC,UAAU,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;AAC7F,CAAC"}

package/dist/canvas/core/sqlGate.d.ts

@@ -0,0 +1,107 @@
+/**
+ * @fileoverview Read-only SQL gate for the DataCanvas primitive. Engine-agnostic
+ * pure validators that the provider invokes after pulling DuckDB-specific
+ * metadata (statement extraction, prepared-statement type, EXPLAIN plan JSON).
+ *
+ * Three layers of enforcement, each authoritative on its own:
+ *
+ * 1. **Single-statement check.** The provider parses the input via DuckDB's
+ *    `extractStatements` and passes the count here. Anything other than 1 is
+ *    rejected — comment-hidden second statements, multi-statement smuggling,
+ *    and Unicode tricks all collapse here because DuckDB's parser is the
+ *    arbiter, not a regex.
+ * 2. **Statement-type check.** The provider prepares the single statement and
+ *    passes the resulting `statementType`. We require `SELECT`. Any DDL, DML,
+ *    or utility (PRAGMA/ATTACH/COPY/INSTALL/LOAD/SET/EXECUTE) fails to type as
+ *    SELECT and is rejected here.
+ * 3. **Plan-walk allowlist.** The provider runs `EXPLAIN (FORMAT JSON)` and
+ *    passes the plan JSON. We walk every node and reject if any operator
+ *    name is outside the curated allowlist — defense-in-depth against future
+ *    DuckDB additions that might smuggle work into a SELECT envelope.
+ *
+ * Rejection paths throw `ValidationError` with a structured `data.reason`
+ * suitable for surfacing to the agent.
+ *
+ * @module src/canvas/core/sqlGate
+ */
+/**
+ * DuckDB statement-type strings emitted by the Neo client. Only `SELECT` is
+ * accepted by the canvas. Other values (`INSERT`, `UPDATE`, `DELETE`,
+ * `CREATE`, `DROP`, `ALTER`, `COPY`, `PRAGMA`, `ATTACH`, `DETACH`, `LOAD`,
+ * `INSTALL`, `SET`, `RESET`, `EXECUTE`, `EXPLAIN`, `TRANSACTION`, `VACUUM`,
+ * `CHECKPOINT`, `CALL`, …) are rejected outright. This is a surface — not
+ * an enum we own — so the gate matches on the literal string emitted.
+ */
+export type DuckdbStatementType = string;
+/** Subset of statement types the gate permits. */
+export declare const ALLOWED_STATEMENT_TYPES: ReadonlySet<DuckdbStatementType>;
+/**
+ * Curated allowlist of operator names that can appear in an EXPLAIN plan.
+ * Sourced from DuckDB's logical/physical-plan node families (1.5.x). Not
+ * every member is reachable from a SELECT — but every member is read-only.
+ *
+ * Pinned by `tests/canvas/sqlGate.fixtures.test.ts` against live DuckDB
+ * EXPLAIN output so version bumps that add operators are caught in CI rather
+ * than silently widening the gate.
+ *
+ * Operators **not** in this list cause rejection. Notable exclusions:
+ *
+ * - `READ_CSV`, `READ_PARQUET`, `READ_JSON` — bypass canvas, read external files.
+ * - `INSERT`, `UPDATE`, `DELETE`, `MERGE`, `CREATE_*`, `DROP_*`, `ALTER_*` — writes.
+ * - `COPY_TO_FILE`, `BATCH_COPY_TO_FILE` — exports a SELECT to a file.
+ * - `ATTACH`, `DETACH`, `LOAD`, `INSTALL`, `PRAGMA`, `SET`, `RESET` — utility.
+ */
+export declare const ALLOWED_PLAN_OPERATORS: ReadonlySet<string>;
+/**
+ * Public entry point — validates the trio of `(statementCount, statementType,
+ * planJson)`. Throws on the first violation, leaving the provider to pass
+ * results back to the caller untouched on success.
+ */
+export declare function assertReadOnlyQuery(input: {
+    /** Number of statements DuckDB extracted from the user-supplied SQL. */
+    statementCount: number;
+    /** DuckDB statement type for the (single) prepared statement. */
+    statementType: DuckdbStatementType;
+    /** Parsed `EXPLAIN (FORMAT JSON)` payload. */
+    planJson: unknown;
+}): void;
+/**
+ * Pre-EXPLAIN gate: validate statement count and type. Run before the EXPLAIN
+ * call so non-SELECT statements (which DuckDB's EXPLAIN can't always wrap —
+ * e.g. ATTACH/PRAGMA/COPY/INSTALL) fail with a structured ValidationError
+ * here rather than a confusing parser error from EXPLAIN itself.
+ */
+export declare function assertSelectOnly(input: {
+    statementCount: number;
+    statementType: DuckdbStatementType;
+}): void;
+/**
+ * Post-EXPLAIN gate: walk the plan tree and reject any operator outside the
+ * curated allowlist. Defense-in-depth against future DuckDB additions that
+ * smuggle work into a SELECT envelope.
+ */
+export declare function assertPlanReadOnly(planJson: unknown): void;
+/**
+ * Walks the EXPLAIN plan and returns the set of operator names not in
+ * `ALLOWED_PLAN_OPERATORS`. Exported for fixture-driven tests that want
+ * to inspect the gate's view of a plan without throwing.
+ *
+ * Tolerant of structural variation — DuckDB emits operator identity under
+ * either `name` (logical plan) or `operator_type` (physical/profile plan)
+ * depending on the EXPLAIN flavor. We honor both. Children traversal
+ * supports `children`, `child`, and `inputs` arrays.
+ */
+export declare function collectDisallowedOperators(planJson: unknown): Set<string>;
+/**
+ * Validate an identifier for use as a canvas-local table or column name.
+ * Throws `ValidationError` on rejection.
+ */
+export declare function assertValidIdentifier(value: string, kind: 'table' | 'column'): void;
+/**
+ * Wrap an identifier in double quotes for safe inclusion in SQL. Internal
+ * double quotes are doubled per the SQL standard. Callers should still
+ * validate via {@link assertValidIdentifier} before quoting — this helper
+ * only escapes; it does not validate shape.
+ */
+export declare function quoteIdentifier(value: string): string;
+//# sourceMappingURL=sqlGate.d.ts.map

package/dist/canvas/core/sqlGate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlGate.d.ts","sourceRoot":"","sources":["../../../src/canvas/core/sqlGate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAIH;;;;;;;GAOG;AACH,MAAM,MAAM,mBAAmB,GAAG,MAAM,CAAC;AAEzC,kDAAkD;AAClD,eAAO,MAAM,uBAAuB,EAAE,WAAW,CAAC,mBAAmB,CAAuB,CAAC;AAE7F;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,sBAAsB,EAAE,WAAW,CAAC,MAAM,CAwDrD,CAAC;AAEH;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE;IACzC,wEAAwE;IACxE,cAAc,EAAE,MAAM,CAAC;IACvB,iEAAiE;IACjE,aAAa,EAAE,mBAAmB,CAAC;IACnC,8CAA8C;IAC9C,QAAQ,EAAE,OAAO,CAAC;CACnB,GAAG,IAAI,CAGP;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE;IACtC,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,mBAAmB,CAAC;CACpC,GAAG,IAAI,CAaP;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,OAAO,GAAG,IAAI,CAW1D;AAED;;;;;;;;;GASG;AACH,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,CAIzE;AAsFD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,IAAI,CAmBnF;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAErD"}

package/dist/canvas/core/sqlGate.js

@@ -0,0 +1,267 @@
+/**
+ * @fileoverview Read-only SQL gate for the DataCanvas primitive. Engine-agnostic
+ * pure validators that the provider invokes after pulling DuckDB-specific
+ * metadata (statement extraction, prepared-statement type, EXPLAIN plan JSON).
+ *
+ * Three layers of enforcement, each authoritative on its own:
+ *
+ * 1. **Single-statement check.** The provider parses the input via DuckDB's
+ *    `extractStatements` and passes the count here. Anything other than 1 is
+ *    rejected — comment-hidden second statements, multi-statement smuggling,
+ *    and Unicode tricks all collapse here because DuckDB's parser is the
+ *    arbiter, not a regex.
+ * 2. **Statement-type check.** The provider prepares the single statement and
+ *    passes the resulting `statementType`. We require `SELECT`. Any DDL, DML,
+ *    or utility (PRAGMA/ATTACH/COPY/INSTALL/LOAD/SET/EXECUTE) fails to type as
+ *    SELECT and is rejected here.
+ * 3. **Plan-walk allowlist.** The provider runs `EXPLAIN (FORMAT JSON)` and
+ *    passes the plan JSON. We walk every node and reject if any operator
+ *    name is outside the curated allowlist — defense-in-depth against future
+ *    DuckDB additions that might smuggle work into a SELECT envelope.
+ *
+ * Rejection paths throw `ValidationError` with a structured `data.reason`
+ * suitable for surfacing to the agent.
+ *
+ * @module src/canvas/core/sqlGate
+ */
+import { validationError } from '../../types-global/errors.js';
+/** Subset of statement types the gate permits. */
+export const ALLOWED_STATEMENT_TYPES = new Set(['SELECT']);
+/**
+ * Curated allowlist of operator names that can appear in an EXPLAIN plan.
+ * Sourced from DuckDB's logical/physical-plan node families (1.5.x). Not
+ * every member is reachable from a SELECT — but every member is read-only.
+ *
+ * Pinned by `tests/canvas/sqlGate.fixtures.test.ts` against live DuckDB
+ * EXPLAIN output so version bumps that add operators are caught in CI rather
+ * than silently widening the gate.
+ *
+ * Operators **not** in this list cause rejection. Notable exclusions:
+ *
+ * - `READ_CSV`, `READ_PARQUET`, `READ_JSON` — bypass canvas, read external files.
+ * - `INSERT`, `UPDATE`, `DELETE`, `MERGE`, `CREATE_*`, `DROP_*`, `ALTER_*` — writes.
+ * - `COPY_TO_FILE`, `BATCH_COPY_TO_FILE` — exports a SELECT to a file.
+ * - `ATTACH`, `DETACH`, `LOAD`, `INSTALL`, `PRAGMA`, `SET`, `RESET` — utility.
+ */
+export const ALLOWED_PLAN_OPERATORS = new Set([
+    // Scans (registered tables only — file scans like READ_CSV are excluded)
+    'SEQ_SCAN',
+    'COLUMN_DATA_SCAN',
+    'CHUNK_SCAN',
+    'EXPRESSION_SCAN',
+    'DUMMY_SCAN',
+    'EMPTY_RESULT',
+    'IN_MEMORY_TABLE_SCAN',
+    // Projection / filter
+    'PROJECTION',
+    'FILTER',
+    // Joins
+    'HASH_JOIN',
+    'NESTED_LOOP_JOIN',
+    'BLOCKWISE_NL_JOIN',
+    'IE_JOIN',
+    'PIECEWISE_MERGE_JOIN',
+    'CROSS_PRODUCT',
+    'POSITIONAL_JOIN',
+    'ASOF_JOIN',
+    'DELIM_JOIN',
+    // Aggregates
+    'HASH_GROUP_BY',
+    'PERFECT_HASH_GROUP_BY',
+    'UNGROUPED_AGGREGATE',
+    'SIMPLE_AGGREGATE',
+    'PARTITIONED_AGGREGATE',
+    // Distinct / set ops
+    'HASH_DISTINCT',
+    'DISTINCT',
+    'UNION',
+    // Sorting / limits
+    'ORDER_BY',
+    'TOP_N',
+    'LIMIT',
+    'LIMIT_PERCENT',
+    'STREAMING_LIMIT',
+    // Window
+    'WINDOW',
+    // Nested
+    'UNNEST',
+    // CTEs
+    'CTE',
+    'CTE_REF',
+    'RECURSIVE_CTE',
+    'MATERIALIZED_CTE',
+    // Sampling
+    'RESERVOIR_SAMPLE',
+    'SAMPLE',
+    'STREAMING_SAMPLE',
+    // Result framing
+    'RESULT_COLLECTOR',
+    'EXPLAIN',
+    // Pivot/unpivot collapsed planner forms
+    'PIVOT',
+]);
+/**
+ * Public entry point — validates the trio of `(statementCount, statementType,
+ * planJson)`. Throws on the first violation, leaving the provider to pass
+ * results back to the caller untouched on success.
+ */
+export function assertReadOnlyQuery(input) {
+    assertSelectOnly(input);
+    assertPlanReadOnly(input.planJson);
+}
+/**
+ * Pre-EXPLAIN gate: validate statement count and type. Run before the EXPLAIN
+ * call so non-SELECT statements (which DuckDB's EXPLAIN can't always wrap —
+ * e.g. ATTACH/PRAGMA/COPY/INSTALL) fail with a structured ValidationError
+ * here rather than a confusing parser error from EXPLAIN itself.
+ */
+export function assertSelectOnly(input) {
+    if (input.statementCount !== 1) {
+        throw validationError('Canvas query must contain exactly one SQL statement.', {
+            reason: 'multi_statement',
+            statementCount: input.statementCount,
+        });
+    }
+    if (!ALLOWED_STATEMENT_TYPES.has(input.statementType)) {
+        throw validationError(`Canvas query must be SELECT; got ${input.statementType}. Mutations must use registerTable, drop, or clear.`, { reason: 'non_select_statement', statementType: input.statementType });
+    }
+}
+/**
+ * Post-EXPLAIN gate: walk the plan tree and reject any operator outside the
+ * curated allowlist. Defense-in-depth against future DuckDB additions that
+ * smuggle work into a SELECT envelope.
+ */
+export function assertPlanReadOnly(planJson) {
+    const offending = collectDisallowedOperators(planJson);
+    if (offending.size > 0) {
+        throw validationError(`Canvas query contains disallowed operators: ${[...offending].sort().join(', ')}.`, {
+            reason: 'plan_operator_not_allowed',
+            operators: [...offending].sort(),
+        });
+    }
+}
+/**
+ * Walks the EXPLAIN plan and returns the set of operator names not in
+ * `ALLOWED_PLAN_OPERATORS`. Exported for fixture-driven tests that want
+ * to inspect the gate's view of a plan without throwing.
+ *
+ * Tolerant of structural variation — DuckDB emits operator identity under
+ * either `name` (logical plan) or `operator_type` (physical/profile plan)
+ * depending on the EXPLAIN flavor. We honor both. Children traversal
+ * supports `children`, `child`, and `inputs` arrays.
+ */
+export function collectDisallowedOperators(planJson) {
+    const offending = new Set();
+    walk(planJson, offending);
+    return offending;
+}
+function walk(node, offending) {
+    if (node === null || typeof node !== 'object')
+        return;
+    if (Array.isArray(node)) {
+        for (const child of node)
+            walk(child, offending);
+        return;
+    }
+    const obj = node;
+    const operator = readOperatorName(obj);
+    if (operator !== undefined && !ALLOWED_PLAN_OPERATORS.has(operator)) {
+        offending.add(operator);
+    }
+    // Traverse known child slots; ignore string/number leaves.
+    for (const key of ['children', 'child', 'inputs', 'plan', 'root']) {
+        if (key in obj)
+            walk(obj[key], offending);
+    }
+}
+function readOperatorName(obj) {
+    const candidates = ['name', 'operator_type', 'operator', 'type'];
+    for (const key of candidates) {
+        const value = obj[key];
+        if (typeof value === 'string' && value !== '') {
+            return value.toUpperCase();
+        }
+    }
+    return;
+}
+// ---------------------------------------------------------------------------
+// Identifier validation and quoting
+// ---------------------------------------------------------------------------
+/**
+ * Allowed shape for canvas-local table and column names. Matches the
+ * conservative SQL identifier convention: starts with letter/underscore,
+ * followed by letters/digits/underscores, max 63 chars (PostgreSQL/DuckDB cap).
+ */
+const IDENTIFIER_REGEX = /^[A-Za-z_][A-Za-z0-9_]{0,62}$/;
+/**
+ * DuckDB reserved words that must not be used as bare identifiers. Not
+ * exhaustive — this is a courtesy guard so misnamed tables fail at register
+ * time rather than confusing-error time. The `IDENTIFIER_REGEX` is the
+ * authoritative shape gate.
+ */
+const RESERVED_IDENTIFIERS = new Set([
+    'select',
+    'from',
+    'where',
+    'order',
+    'group',
+    'having',
+    'limit',
+    'offset',
+    'union',
+    'intersect',
+    'except',
+    'all',
+    'distinct',
+    'as',
+    'and',
+    'or',
+    'not',
+    'null',
+    'true',
+    'false',
+    'case',
+    'when',
+    'then',
+    'else',
+    'end',
+    'join',
+    'inner',
+    'outer',
+    'left',
+    'right',
+    'full',
+    'cross',
+    'on',
+    'using',
+    'with',
+    'recursive',
+]);
+/**
+ * Validate an identifier for use as a canvas-local table or column name.
+ * Throws `ValidationError` on rejection.
+ */
+export function assertValidIdentifier(value, kind) {
+    if (typeof value !== 'string' || value.length === 0) {
+        throw validationError(`Canvas ${kind} name must be a non-empty string.`, {
+            reason: 'identifier_empty',
+            kind,
+        });
+    }
+    if (!IDENTIFIER_REGEX.test(value)) {
+        throw validationError(`Canvas ${kind} name "${value}" is invalid. Use letters, digits, and underscores; must start with a letter or underscore; max 63 chars.`, { reason: 'identifier_shape', kind, value });
+    }
+    if (RESERVED_IDENTIFIERS.has(value.toLowerCase())) {
+        throw validationError(`Canvas ${kind} name "${value}" is a reserved SQL keyword. Choose another name.`, { reason: 'identifier_reserved', kind, value });
+    }
+}
+/**
+ * Wrap an identifier in double quotes for safe inclusion in SQL. Internal
+ * double quotes are doubled per the SQL standard. Callers should still
+ * validate via {@link assertValidIdentifier} before quoting — this helper
+ * only escapes; it does not validate shape.
+ */
+export function quoteIdentifier(value) {
+    return `"${value.replace(/"/g, '""')}"`;
+}
+//# sourceMappingURL=sqlGate.js.map

package/dist/canvas/core/sqlGate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlGate.js","sourceRoot":"","sources":["../../../src/canvas/core/sqlGate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAY3D,kDAAkD;AAClD,MAAM,CAAC,MAAM,uBAAuB,GAAqC,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;AAE7F;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAwB,IAAI,GAAG,CAAC;IACjE,yEAAyE;IACzE,UAAU;IACV,kBAAkB;IAClB,YAAY;IACZ,iBAAiB;IACjB,YAAY;IACZ,cAAc;IACd,sBAAsB;IACtB,sBAAsB;IACtB,YAAY;IACZ,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,kBAAkB;IAClB,mBAAmB;IACnB,SAAS;IACT,sBAAsB;IACtB,eAAe;IACf,iBAAiB;IACjB,WAAW;IACX,YAAY;IACZ,aAAa;IACb,eAAe;IACf,uBAAuB;IACvB,qBAAqB;IACrB,kBAAkB;IAClB,uBAAuB;IACvB,qBAAqB;IACrB,eAAe;IACf,UAAU;IACV,OAAO;IACP,mBAAmB;IACnB,UAAU;IACV,OAAO;IACP,OAAO;IACP,eAAe;IACf,iBAAiB;IACjB,SAAS;IACT,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,OAAO;IACP,KAAK;IACL,SAAS;IACT,eAAe;IACf,kBAAkB;IAClB,WAAW;IACX,kBAAkB;IAClB,QAAQ;IACR,kBAAkB;IAClB,iBAAiB;IACjB,kBAAkB;IAClB,SAAS;IACT,wCAAwC;IACxC,OAAO;CACR,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAOnC;IACC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxB,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAGhC;IACC,IAAI,KAAK,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,eAAe,CAAC,sDAAsD,EAAE;YAC5E,MAAM,EAAE,iBAAiB;YACzB,cAAc,EAAE,KAAK,CAAC,cAAc;SACrC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;QACtD,MAAM,eAAe,CACnB,oCAAoC,KAAK,CAAC,aAAa,qDAAqD,EAC5G,EAAE,MAAM,EAAE,sBAAsB,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,CACvE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAiB;IAClD,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;IACvD,IAAI,SAAS,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,eAAe,CACnB,+CAA+C,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAClF;YACE,MAAM,EAAE,2BAA2B;YACnC,SAAS,EAAE,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE;SACjC,CACF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,0BAA0B,CAAC,QAAiB;IAC1D,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC1B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,IAAI,CAAC,IAAa,EAAE,SAAsB;IACjD,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO;IACtD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,KAAK,MAAM,KAAK,IAAI,IAAI;YAAE,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACjD,OAAO;IACT,CAAC;IACD,MAAM,GAAG,GAAG,IAA+B,CAAC;IAC5C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,QAAQ,KAAK,SAAS,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpE,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IACD,2DAA2D;IAC3D,KAAK,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;QAClE,IAAI,GAAG,IAAI,GAAG;YAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA4B;IACpD,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACjE,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,OAAO;AACT,CAAC;AAED,8EAA8E;AAC9E,oCAAoC;AACpC,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,gBAAgB,GAAG,+BAA+B,CAAC;AAEzD;;;;;GAKG;AACH,MAAM,oBAAoB,GAAwB,IAAI,GAAG,CAAC;IACxD,QAAQ;IACR,MAAM;IACN,OAAO;IACP,OAAO;IACP,OAAO;IACP,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,OAAO;IACP,WAAW;IACX,QAAQ;IACR,KAAK;IACL,UAAU;IACV,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,KAAK;IACL,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,KAAK;IACL,MAAM;IACN,OAAO;IACP,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,OAAO;IACP,IAAI;IACJ,OAAO;IACP,MAAM;IACN,WAAW;CACZ,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAa,EAAE,IAAwB;IAC3E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,eAAe,CAAC,UAAU,IAAI,mCAAmC,EAAE;YACvE,MAAM,EAAE,kBAAkB;YAC1B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClC,MAAM,eAAe,CACnB,UAAU,IAAI,UAAU,KAAK,2GAA2G,EACxI,EAAE,MAAM,EAAE,kBAAkB,EAAE,IAAI,EAAE,KAAK,EAAE,CAC5C,CAAC;IACJ,CAAC;IACD,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QAClD,MAAM,eAAe,CACnB,UAAU,IAAI,UAAU,KAAK,mDAAmD,EAChF,EAAE,MAAM,EAAE,qBAAqB,EAAE,IAAI,EAAE,KAAK,EAAE,CAC/C,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;AAC1C,CAAC"}