@decocms/runtime 0.0.1-testing-beta.1

package/dist/index.js

@@ -0,0 +1,507 @@
+import { DeconfigResource, MCPClient } from './chunk-NMXOC7PT.js';
+export { createMCPFetchStub } from './chunk-NMXOC7PT.js';
+import './chunk-IB3KGSMB.js';
+import './chunk-F6XZPFWM.js';
+import { DECO_MCP_CLIENT_HEADER } from './chunk-4XSQKJLU.js';
+import './chunk-UHR3BLMF.js';
+import { createMCPServer, State } from './chunk-OSSKGDAG.js';
+import './chunk-NKUMVYKI.js';
+import './chunk-AOFOWQXY.js';
+import { decodeJwt, jwtVerify } from 'jose';
+
+var DECO_APP_AUTH_COOKIE_NAME = "deco_page_auth";
+var MAX_COOKIE_SIZE = 4e3;
+var StateParser = {
+  parse: (state) => {
+    return JSON.parse(decodeURIComponent(atob(state)));
+  },
+  stringify: (state) => {
+    return btoa(encodeURIComponent(JSON.stringify(state)));
+  }
+};
+var chunkValue = (value) => {
+  if (value.length <= MAX_COOKIE_SIZE) {
+    return [value];
+  }
+  const chunks = [];
+  for (let i = 0; i < value.length; i += MAX_COOKIE_SIZE) {
+    chunks.push(value.slice(i, i + MAX_COOKIE_SIZE));
+  }
+  return chunks;
+};
+var reassembleChunkedCookies = (cookies, baseName) => {
+  if (cookies[baseName]) {
+    return cookies[baseName];
+  }
+  const chunks = [];
+  let index = 0;
+  while (true) {
+    const chunkName = `${baseName}_${index}`;
+    if (!cookies[chunkName]) {
+      break;
+    }
+    chunks.push(cookies[chunkName]);
+    index++;
+  }
+  return chunks.length > 0 ? chunks.join("") : void 0;
+};
+var parseCookies = (cookieHeader) => {
+  const cookies = {};
+  if (!cookieHeader) return cookies;
+  cookieHeader.split(";").forEach((cookie) => {
+    const [name, ...rest] = cookie.trim().split("=");
+    if (name && rest.length > 0) {
+      cookies[name] = decodeURIComponent(rest.join("="));
+    }
+  });
+  return cookies;
+};
+var parseJWK = (jwk) => JSON.parse(atob(jwk));
+var getReqToken = async (req, env) => {
+  const token = () => {
+    const authHeader = req.headers.get("Authorization");
+    if (authHeader) {
+      return authHeader.split(" ")[1];
+    }
+    const cookieHeader = req.headers.get("Cookie");
+    if (cookieHeader) {
+      const cookies = parseCookies(cookieHeader);
+      return reassembleChunkedCookies(cookies, DECO_APP_AUTH_COOKIE_NAME);
+    }
+    return void 0;
+  };
+  const authToken = token();
+  if (!authToken) {
+    return void 0;
+  }
+  env.DECO_API_JWT_PUBLIC_KEY && await jwtVerify(authToken, parseJWK(env.DECO_API_JWT_PUBLIC_KEY), {
+    issuer: "https://api.decocms.com",
+    algorithms: ["RS256"],
+    typ: "JWT"
+  }).catch((err) => {
+    console.error(
+      `[auth-token]: error validating: ${err} ${env.DECO_API_JWT_PUBLIC_KEY}`
+    );
+  });
+  return authToken;
+};
+var handleAuthCallback = async (req, options) => {
+  const url = new URL(req.url);
+  const code = url.searchParams.get("code");
+  const state = url.searchParams.get("state");
+  if (!code) {
+    return new Response("Missing authorization code", { status: 400 });
+  }
+  let next = "/";
+  if (state) {
+    try {
+      const parsedState = StateParser.parse(state);
+      next = parsedState.next || "/";
+    } catch {
+    }
+  }
+  try {
+    const apiUrl = options.apiUrl ?? "https://api.decocms.com";
+    const exchangeResponse = await fetch(`${apiUrl}/apps/code-exchange`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        code,
+        client_id: options.appName
+      })
+    });
+    if (!exchangeResponse.ok) {
+      console.error(
+        "authentication failed",
+        code,
+        options.appName,
+        await exchangeResponse.text().catch((_) => "")
+      );
+      return new Response("Authentication failed", { status: 401 });
+    }
+    const { access_token } = await exchangeResponse.json();
+    if (!access_token) {
+      return new Response("No access token received", { status: 401 });
+    }
+    const chunks = chunkValue(access_token);
+    const headers = new Headers();
+    headers.set("Location", next);
+    if (chunks.length === 1) {
+      headers.set(
+        "Set-Cookie",
+        `${DECO_APP_AUTH_COOKIE_NAME}=${access_token}; HttpOnly; SameSite=None; Secure; Path=/`
+      );
+    } else {
+      chunks.forEach((chunk, index) => {
+        headers.append(
+          "Set-Cookie",
+          `${DECO_APP_AUTH_COOKIE_NAME}_${index}=${chunk}; HttpOnly; SameSite=None; Secure; Path=/`
+        );
+      });
+    }
+    return new Response(null, {
+      status: 302,
+      headers
+    });
+  } catch (err) {
+    return new Response(`Authentication failed ${err}`, { status: 500 });
+  }
+};
+var removeAuthCookie = (headers) => {
+  headers.append(
+    "Set-Cookie",
+    `${DECO_APP_AUTH_COOKIE_NAME}=; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=0`
+  );
+  for (let i = 0; i < 10; i++) {
+    headers.append(
+      "Set-Cookie",
+      `${DECO_APP_AUTH_COOKIE_NAME}_${i}=; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=0`
+    );
+  }
+};
+var handleLogout = (req) => {
+  const url = new URL(req.url);
+  const next = url.searchParams.get("next");
+  const redirectTo = new URL("/", url);
+  const headers = new Headers();
+  removeAuthCookie(headers);
+  headers.set("Location", next ?? redirectTo.href);
+  return new Response(null, {
+    status: 302,
+    headers
+  });
+};
+
+// src/bindings.ts
+var normalizeWorkspace = (workspace) => {
+  if (workspace.startsWith("/users")) {
+    return workspace;
+  }
+  if (workspace.startsWith("/shared")) {
+    return workspace;
+  }
+  if (workspace.includes("/")) {
+    return workspace;
+  }
+  return `/shared/${workspace}`;
+};
+var createAppsUrl = ({
+  appName,
+  decoChatApiUrl
+}) => new URL(
+  `/apps/mcp?appName=${appName}`,
+  decoChatApiUrl ?? "https://api.decocms.com"
+).href;
+var createIntegrationsUrl = ({
+  integrationId,
+  workspace,
+  decoCmsApiUrl,
+  branch
+}) => {
+  const base = `${normalizeWorkspace(workspace)}/${integrationId}/mcp`;
+  const url = new URL(base, decoCmsApiUrl ?? "https://api.decocms.com");
+  branch && url.searchParams.set("branch", branch);
+  return url.href;
+};
+var workspaceClient = (ctx, decocmsApiUrl) => {
+  return MCPClient.forWorkspace(ctx.workspace, ctx.token, decocmsApiUrl);
+};
+var mcpClientForAppName = (appName, decoChatApiUrl) => {
+  const mcpConnection = {
+    type: "HTTP",
+    url: createAppsUrl({
+      appName,
+      decoChatApiUrl
+    })
+  };
+  return MCPClient.forConnection(mcpConnection, decoChatApiUrl);
+};
+var proxyConnectionForId = (integrationId, ctx, decocmsApiUrl, appName) => {
+  let headers = appName ? { "x-caller-app": appName } : void 0;
+  if (ctx.cookie) {
+    headers ??= {};
+    headers.cookie = ctx.cookie;
+  }
+  return {
+    type: "HTTP",
+    url: createIntegrationsUrl({
+      integrationId,
+      workspace: ctx.workspace,
+      decoCmsApiUrl: decocmsApiUrl,
+      branch: ctx.branch
+    }),
+    token: ctx.token,
+    headers
+  };
+};
+var mcpClientForIntegrationId = (integrationId, ctx, decocmsApiUrl, appName) => {
+  const mcpConnection = proxyConnectionForId(
+    integrationId,
+    ctx,
+    decocmsApiUrl,
+    appName
+  );
+  return MCPClient.forConnection(mcpConnection, decocmsApiUrl);
+};
+function mcpClientFromState(binding, env) {
+  const ctx = env.DECO_REQUEST_CONTEXT;
+  const bindingFromState = ctx?.state?.[binding.name];
+  const integrationId = bindingFromState && typeof bindingFromState === "object" && "value" in bindingFromState ? bindingFromState.value : void 0;
+  if (typeof integrationId !== "string" && "integration_name" in binding) {
+    return mcpClientForAppName(binding.integration_name, env.DECO_API_URL);
+  }
+  return mcpClientForIntegrationId(
+    integrationId,
+    ctx,
+    env.DECO_API_URL,
+    env.DECO_APP_NAME
+  );
+}
+var createContractBinding = (binding, env) => {
+  return mcpClientFromState(binding, env);
+};
+var createIntegrationBinding = (binding, env) => {
+  const integrationId = "integration_id" in binding ? binding.integration_id : void 0;
+  if (!integrationId) {
+    return mcpClientFromState(binding, env);
+  }
+  return mcpClientForIntegrationId(
+    integrationId,
+    {
+      workspace: env.DECO_WORKSPACE,
+      token: env.DECO_API_TOKEN,
+      branch: env.DECO_REQUEST_CONTEXT?.branch
+    },
+    env.DECO_API_URL,
+    env.DECO_APP_NAME
+  );
+};
+
+// src/index.ts
+var WorkersMCPBindings = {
+  parse: (bindings) => {
+    if (!bindings) return [];
+    try {
+      return JSON.parse(atob(bindings));
+    } catch {
+      return [];
+    }
+  },
+  stringify: (bindings) => {
+    return btoa(JSON.stringify(bindings));
+  }
+};
+var creatorByType = {
+  mcp: createIntegrationBinding,
+  contract: createContractBinding
+};
+var withDefaultBindings = ({
+  env,
+  server,
+  ctx,
+  url
+}) => {
+  const client = workspaceClient(ctx, env.DECO_API_URL);
+  const createWorkspaceDB = (ctx2) => {
+    const client2 = workspaceClient(ctx2, env.DECO_API_URL);
+    return {
+      query: ({ sql, params }) => {
+        return client2.DATABASES_RUN_SQL({
+          sql,
+          params
+        });
+      }
+    };
+  };
+  env["SELF"] = new Proxy(
+    {},
+    {
+      get: (_, prop) => {
+        if (prop === "toJSON") {
+          return null;
+        }
+        return async (args) => {
+          return await server.callTool({
+            toolCallId: prop,
+            toolCallInput: args
+          });
+        };
+      }
+    }
+  );
+  const workspaceDbBinding = {
+    ...createWorkspaceDB(ctx),
+    forContext: createWorkspaceDB
+  };
+  env["DECO_API"] = MCPClient;
+  env["DECO_WORKSPACE_API"] = client;
+  env["DECO_WORKSPACE_DB"] = workspaceDbBinding;
+  env["IS_LOCAL"] = (url?.startsWith("http://localhost") || url?.startsWith("http://127.0.0.1")) ?? false;
+};
+var UnauthorizedError = class extends Error {
+  constructor(message, redirectTo) {
+    super(message);
+    this.redirectTo = redirectTo;
+    this.name = "UnauthorizedError";
+  }
+};
+var AUTH_CALLBACK_ENDPOINT = "/oauth/callback";
+var AUTH_START_ENDPOINT = "/oauth/start";
+var AUTH_LOGOUT_ENDPOINT = "/oauth/logout";
+var AUTHENTICATED = (user, workspace) => () => {
+  return {
+    ...user ?? {},
+    workspace
+  };
+};
+var withBindings = ({
+  env: _env,
+  server,
+  tokenOrContext,
+  origin,
+  url,
+  branch
+}) => {
+  branch ??= void 0;
+  const env = _env;
+  const apiUrl = env.DECO_API_URL ?? "https://api.decocms.com";
+  let context;
+  if (typeof tokenOrContext === "string") {
+    const decoded = decodeJwt(tokenOrContext);
+    const workspace = decoded.aud;
+    context = {
+      state: decoded.state,
+      token: tokenOrContext,
+      integrationId: decoded.integrationId,
+      workspace,
+      ensureAuthenticated: AUTHENTICATED(decoded.user, workspace),
+      branch
+    };
+  } else if (typeof tokenOrContext === "object") {
+    context = tokenOrContext;
+    const decoded = decodeJwt(tokenOrContext.token);
+    const workspace = decoded.aud;
+    const appName = decoded.appName;
+    context.callerApp = appName;
+    context.integrationId ??= decoded.integrationId;
+    context.ensureAuthenticated = AUTHENTICATED(decoded.user, workspace);
+  } else {
+    context = {
+      state: void 0,
+      token: env.DECO_API_TOKEN,
+      workspace: env.DECO_WORKSPACE,
+      branch,
+      ensureAuthenticated: (options) => {
+        const workspaceHint = options?.workspaceHint ?? env.DECO_WORKSPACE;
+        const authUri = new URL("/apps/oauth", apiUrl);
+        authUri.searchParams.set("client_id", env.DECO_APP_NAME);
+        authUri.searchParams.set(
+          "redirect_uri",
+          new URL(AUTH_CALLBACK_ENDPOINT, origin ?? env.DECO_APP_ENTRYPOINT).href
+        );
+        workspaceHint && authUri.searchParams.set("workspace_hint", workspaceHint);
+        throw new UnauthorizedError("Unauthorized", authUri);
+      }
+    };
+  }
+  env.DECO_REQUEST_CONTEXT = context;
+  const bindings = WorkersMCPBindings.parse(env.DECO_BINDINGS);
+  for (const binding of bindings) {
+    env[binding.name] = creatorByType[binding.type](binding, env);
+  }
+  withDefaultBindings({
+    env,
+    server,
+    ctx: env.DECO_REQUEST_CONTEXT,
+    url
+  });
+  return env;
+};
+var withRuntime = (userFns) => {
+  const server = createMCPServer(userFns);
+  const fetcher = async (req, env, ctx) => {
+    const url = new URL(req.url);
+    if (url.pathname === AUTH_CALLBACK_ENDPOINT) {
+      return handleAuthCallback(req, {
+        apiUrl: env.DECO_API_URL,
+        appName: env.DECO_APP_NAME
+      });
+    }
+    if (url.pathname === AUTH_START_ENDPOINT) {
+      env.DECO_REQUEST_CONTEXT.ensureAuthenticated();
+      const redirectTo = new URL("/", url);
+      const next = url.searchParams.get("next");
+      return Response.redirect(next ?? redirectTo, 302);
+    }
+    if (url.pathname === AUTH_LOGOUT_ENDPOINT) {
+      return handleLogout(req);
+    }
+    if (url.pathname === "/mcp") {
+      return server.fetch(req, env, ctx);
+    }
+    if (url.pathname.startsWith("/mcp/call-tool")) {
+      const toolCallId = url.pathname.split("/").pop();
+      if (!toolCallId) {
+        return new Response("Not found", { status: 404 });
+      }
+      const toolCallInput = await req.json();
+      const result = await server.callTool({
+        toolCallId,
+        toolCallInput
+      });
+      if (result instanceof Response) {
+        return result;
+      }
+      return new Response(JSON.stringify(result), {
+        headers: {
+          "Content-Type": "application/json"
+        }
+      });
+    }
+    if (url.pathname.startsWith(DeconfigResource.WatchPathNameBase)) {
+      return DeconfigResource.watchAPI(req, env);
+    }
+    return userFns.fetch?.(req, env, ctx) || new Response("Not found", { status: 404 });
+  };
+  return {
+    fetch: async (req, env, ctx) => {
+      const referer = req.headers.get("referer");
+      const isFetchRequest = req.headers.has(DECO_MCP_CLIENT_HEADER);
+      try {
+        const bindings = withBindings({
+          env,
+          server,
+          branch: req.headers.get("x-deco-branch") ?? new URL(req.url).searchParams.get("__b"),
+          tokenOrContext: await getReqToken(req, env),
+          origin: referer ?? req.headers.get("origin") ?? new URL(req.url).origin,
+          url: req.url
+        });
+        return await State.run(
+          { req, env: bindings, ctx },
+          async () => await fetcher(req, bindings, ctx)
+        );
+      } catch (error) {
+        if (error instanceof UnauthorizedError) {
+          if (!isFetchRequest) {
+            const url = new URL(req.url);
+            error.redirectTo.searchParams.set(
+              "state",
+              StateParser.stringify({
+                next: url.searchParams.get("next") ?? referer ?? req.url
+              })
+            );
+            return Response.redirect(error.redirectTo, 302);
+          }
+          return new Response(null, { status: 401 });
+        }
+        throw error;
+      }
+    }
+  };
+};
+
+export { UnauthorizedError, WorkersMCPBindings, proxyConnectionForId, withBindings, withRuntime };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/auth.ts","../src/bindings.ts","../src/index.ts"],"names":["ctx","client"],"mappings":";;;;;;;;;;;AAGA,IAAM,yBAAA,GAA4B,gBAAA;AAClC,IAAM,eAAA,GAAkB,GAAA;AAMjB,IAAM,WAAA,GAAc;AAAA,EACzB,KAAA,EAAO,CAAC,KAAA,KAAkB;AACxB,IAAA,OAAO,KAAK,KAAA,CAAM,kBAAA,CAAmB,IAAA,CAAK,KAAK,CAAC,CAAC,CAAA;AAAA,EACnD,CAAA;AAAA,EACA,SAAA,EAAW,CAAC,KAAA,KAAiB;AAC3B,IAAA,OAAO,KAAK,kBAAA,CAAmB,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAC,CAAA;AAAA,EACvD;AACF,CAAA;AAGA,IAAM,UAAA,GAAa,CAAC,KAAA,KAA4B;AAC9C,EAAA,IAAI,KAAA,CAAM,UAAU,eAAA,EAAiB;AACnC,IAAA,OAAO,CAAC,KAAK,CAAA;AAAA,EACf;AAEA,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,MAAA,EAAQ,KAAK,eAAA,EAAiB;AACtD,IAAA,MAAA,CAAO,KAAK,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,CAAA,GAAI,eAAe,CAAC,CAAA;AAAA,EACjD;AACA,EAAA,OAAO,MAAA;AACT,CAAA;AAGA,IAAM,wBAAA,GAA2B,CAC/B,OAAA,EACA,QAAA,KACuB;AAEvB,EAAA,IAAI,OAAA,CAAQ,QAAQ,CAAA,EAAG;AACrB,IAAA,OAAO,QAAQ,QAAQ,CAAA;AAAA,EACzB;AAGA,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,IAAI,KAAA,GAAQ,CAAA;AAEZ,EAAA,OAAO,IAAA,EAAM;AACX,IAAA,MAAM,SAAA,GAAY,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA;AACtC,IAAA,IAAI,CAAC,OAAA,CAAQ,SAAS,CAAA,EAAG;AACvB,MAAA;AAAA,IACF;AACA,IAAA,MAAA,CAAO,IAAA,CAAK,OAAA,CAAQ,SAAS,CAAC,CAAA;AAC9B,IAAA,KAAA,EAAA;AAAA,EACF;AAEA,EAAA,OAAO,OAAO,MAAA,GAAS,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,EAAE,CAAA,GAAI,MAAA;AAC/C,CAAA;AAGA,IAAM,YAAA,GAAe,CAAC,YAAA,KAAiD;AACrE,EAAA,MAAM,UAAkC,EAAC;AACzC,EAAA,IAAI,CAAC,cAAc,OAAO,OAAA;AAE1B,EAAA,YAAA,CAAa,KAAA,CAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,CAAC,MAAA,KAAW;AAC1C,IAAA,MAAM,CAAC,MAAM,GAAG,IAAI,IAAI,MAAA,CAAO,IAAA,EAAK,CAAE,KAAA,CAAM,GAAG,CAAA;AAC/C,IAAA,IAAI,IAAA,IAAQ,IAAA,CAAK,MAAA,GAAS,CAAA,EAAG;AAC3B,MAAA,OAAA,CAAQ,IAAI,CAAA,GAAI,kBAAA,CAAmB,IAAA,CAAK,IAAA,CAAK,GAAG,CAAC,CAAA;AAAA,IACnD;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAO,OAAA;AACT,CAAA;AAEA,IAAM,WAAW,CAAC,GAAA,KAAqB,KAAK,KAAA,CAAM,IAAA,CAAK,GAAG,CAAC,CAAA;AAEpD,IAAM,WAAA,GAAc,OAAO,GAAA,EAAc,GAAA,KAAoB;AAClE,EAAA,MAAM,QAAQ,MAAM;AAElB,IAAA,MAAM,UAAA,GAAa,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AAClD,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,OAAO,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA;AAAA,IAChC;AAGA,IAAA,MAAM,YAAA,GAAe,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AAC7C,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,MAAM,OAAA,GAAU,aAAa,YAAY,CAAA;AACzC,MAAA,OAAO,wBAAA,CAAyB,SAAS,yBAAyB,CAAA;AAAA,IACpE;AAEA,IAAA,OAAO,MAAA;AAAA,EACT,CAAA;AAEA,EAAA,MAAM,YAAY,KAAA,EAAM;AACxB,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,2BACD,MAAM,SAAA,CAAU,WAAW,QAAA,CAAS,GAAA,CAAI,uBAAuB,CAAA,EAAG;AAAA,IACjE,MAAA,EAAQ,yBAAA;AAAA,IACR,UAAA,EAAY,CAAC,OAAO,CAAA;AAAA,IACpB,GAAA,EAAK;AAAA,GACN,CAAA,CAAE,KAAA,CAAM,CAAC,GAAA,KAAQ;AAChB,IAAA,OAAA,CAAQ,KAAA;AAAA,MACN,CAAA,gCAAA,EAAmC,GAAG,CAAA,CAAA,EAAI,GAAA,CAAI,uBAAuB,CAAA;AAAA,KACvE;AAAA,EACF,CAAC,CAAA;AAEH,EAAA,OAAO,SAAA;AACT,CAAA;AAOO,IAAM,kBAAA,GAAqB,OAChC,GAAA,EACA,OAAA,KACsB;AACtB,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA;AAC3B,EAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAE1C,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,IAAI,QAAA,CAAS,4BAAA,EAA8B,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,EACnE;AAGA,EAAA,IAAI,IAAA,GAAO,GAAA;AACX,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,IAAI;AACF,MAAA,MAAM,WAAA,GAAc,WAAA,CAAY,KAAA,CAAM,KAAK,CAAA;AAC3C,MAAA,IAAA,GAAO,YAAY,IAAA,IAAQ,GAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,IAAI;AAEF,IAAA,MAAM,MAAA,GAAS,QAAQ,MAAA,IAAU,yBAAA;AACjC,IAAA,MAAM,gBAAA,GAAmB,MAAM,KAAA,CAAM,CAAA,EAAG,MAAM,CAAA,mBAAA,CAAA,EAAuB;AAAA,MACnE,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACnB,IAAA;AAAA,QACA,WAAW,OAAA,CAAQ;AAAA,OACpB;AAAA,KACF,CAAA;AAED,IAAA,IAAI,CAAC,iBAAiB,EAAA,EAAI;AACxB,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN,uBAAA;AAAA,QACA,IAAA;AAAA,QACA,OAAA,CAAQ,OAAA;AAAA,QACR,MAAM,gBAAA,CAAiB,IAAA,GAAO,KAAA,CAAM,CAAC,MAAM,EAAE;AAAA,OAC/C;AACA,MAAA,OAAO,IAAI,QAAA,CAAS,uBAAA,EAAyB,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,IAC9D;AAEA,IAAA,MAAM,EAAE,YAAA,EAAa,GAAK,MAAM,iBAAiB,IAAA,EAAK;AAItD,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAO,IAAI,QAAA,CAAS,0BAAA,EAA4B,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,IACjE;AAGA,IAAA,MAAM,MAAA,GAAS,WAAW,YAAY,CAAA;AACtC,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAC5B,IAAA,OAAA,CAAQ,GAAA,CAAI,YAAY,IAAI,CAAA;AAG5B,IAAA,IAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AAEvB,MAAA,OAAA,CAAQ,GAAA;AAAA,QACN,YAAA;AAAA,QACA,CAAA,EAAG,yBAAyB,CAAA,CAAA,EAAI,YAAY,CAAA,yCAAA;AAAA,OAC9C;AAAA,IACF,CAAA,MAAO;AAEL,MAAA,MAAA,CAAO,OAAA,CAAQ,CAAC,KAAA,EAAO,KAAA,KAAU;AAC/B,QAAA,OAAA,CAAQ,MAAA;AAAA,UACN,YAAA;AAAA,UACA,CAAA,EAAG,yBAAyB,CAAA,CAAA,EAAI,KAAK,IAAI,KAAK,CAAA,yCAAA;AAAA,SAChD;AAAA,MACF,CAAC,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,MACxB,MAAA,EAAQ,GAAA;AAAA,MACR;AAAA,KACD,CAAA;AAAA,EACH,SAAS,GAAA,EAAK;AACZ,IAAA,OAAO,IAAI,SAAS,CAAA,sBAAA,EAAyB,GAAG,IAAI,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,EACrE;AACF,CAAA;AAEA,IAAM,gBAAA,GAAmB,CAAC,OAAA,KAAqB;AAE7C,EAAA,OAAA,CAAQ,MAAA;AAAA,IACN,YAAA;AAAA,IACA,GAAG,yBAAyB,CAAA,qDAAA;AAAA,GAC9B;AAKA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,IAAA,OAAA,CAAQ,MAAA;AAAA,MACN,YAAA;AAAA,MACA,CAAA,EAAG,yBAAyB,CAAA,CAAA,EAAI,CAAC,CAAA,qDAAA;AAAA,KACnC;AAAA,EACF;AACF,CAAA;AAEO,IAAM,YAAA,GAAe,CAAC,GAAA,KAAiB;AAC5C,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA;AAC3B,EAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,EAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,GAAA,EAAK,GAAG,CAAA;AACnC,EAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAC5B,EAAA,gBAAA,CAAiB,OAAO,CAAA;AACxB,EAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY,IAAA,IAAQ,UAAA,CAAW,IAAI,CAAA;AAC/C,EAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,IACxB,MAAA,EAAQ,GAAA;AAAA,IACR;AAAA,GACD,CAAA;AACH,CAAA;;;ACvNA,IAAM,kBAAA,GAAqB,CAAC,SAAA,KAAsB;AAChD,EAAA,IAAI,SAAA,CAAU,UAAA,CAAW,QAAQ,CAAA,EAAG;AAClC,IAAA,OAAO,SAAA;AAAA,EACT;AACA,EAAA,IAAI,SAAA,CAAU,UAAA,CAAW,SAAS,CAAA,EAAG;AACnC,IAAA,OAAO,SAAA;AAAA,EACT;AACA,EAAA,IAAI,SAAA,CAAU,QAAA,CAAS,GAAG,CAAA,EAAG;AAC3B,IAAA,OAAO,SAAA;AAAA,EACT;AACA,EAAA,OAAO,WAAW,SAAS,CAAA,CAAA;AAC7B,CAAA;AAKA,IAAM,gBAAgB,CAAC;AAAA,EACrB,OAAA;AAAA,EACA;AACF,CAAA,KAIE,IAAI,GAAA;AAAA,EACF,qBAAqB,OAAO,CAAA,CAAA;AAAA,EAC5B,cAAA,IAAkB;AACpB,CAAA,CAAE,IAAA;AAIJ,IAAM,wBAAwB,CAAC;AAAA,EAC7B,aAAA;AAAA,EACA,SAAA;AAAA,EACA,aAAA;AAAA,EACA;AACF,CAAA,KAA0B;AACxB,EAAA,MAAM,OAAO,CAAA,EAAG,kBAAA,CAAmB,SAAS,CAAC,IAAI,aAAa,CAAA,IAAA,CAAA;AAC9D,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,EAAM,iBAAiB,yBAAyB,CAAA;AACpE,EAAA,MAAA,IAAU,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,QAAA,EAAU,MAAM,CAAA;AAC/C,EAAA,OAAO,GAAA,CAAI,IAAA;AACb,CAAA;AAMO,IAAM,eAAA,GAAkB,CAC7B,GAAA,EACA,aAAA,KACmD;AACnD,EAAA,OAAO,UAAU,YAAA,CAAa,GAAA,CAAI,SAAA,EAAW,GAAA,CAAI,OAAO,aAAa,CAAA;AACvE,CAAA;AAEA,IAAM,mBAAA,GAAsB,CAAC,OAAA,EAAiB,cAAA,KAA4B;AACxE,EAAA,MAAM,aAAA,GAA+B;AAAA,IACnC,IAAA,EAAM,MAAA;AAAA,IACN,KAAK,aAAA,CAAc;AAAA,MACjB,OAAA;AAAA,MACA;AAAA,KACD;AAAA,GACH;AAEA,EAAA,OAAO,SAAA,CAAU,aAAA,CAAc,aAAA,EAAe,cAAc,CAAA;AAC9D,CAAA;AAEO,IAAM,oBAAA,GAAuB,CAClC,aAAA,EACA,GAAA,EAIA,eACA,OAAA,KACkB;AAClB,EAAA,IAAI,OAAA,GAA8C,OAAA,GAC9C,EAAE,cAAA,EAAgB,SAAQ,GAC1B,MAAA;AACJ,EAAA,IAAI,IAAI,MAAA,EAAQ;AACd,IAAA,OAAA,KAAY,EAAC;AACb,IAAA,OAAA,CAAQ,SAAS,GAAA,CAAI,MAAA;AAAA,EACvB;AACA,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,MAAA;AAAA,IACN,KAAK,qBAAA,CAAsB;AAAA,MACzB,aAAA;AAAA,MACA,WAAW,GAAA,CAAI,SAAA;AAAA,MACf,aAAA,EAAe,aAAA;AAAA,MACf,QAAQ,GAAA,CAAI;AAAA,KACb,CAAA;AAAA,IACD,OAAO,GAAA,CAAI,KAAA;AAAA,IACX;AAAA,GACF;AACF;AACA,IAAM,yBAAA,GAA4B,CAChC,aAAA,EACA,GAAA,EACA,eACA,OAAA,KACG;AACH,EAAA,MAAM,aAAA,GAAgB,oBAAA;AAAA,IACpB,aAAA;AAAA,IACA,GAAA;AAAA,IACA,aAAA;AAAA,IACA;AAAA,GACF;AAGA,EAAA,OAAO,SAAA,CAAU,aAAA,CAAc,aAAA,EAAe,aAAa,CAAA;AAC7D,CAAA;AAEA,SAAS,kBAAA,CACP,SACA,GAAA,EACA;AACA,EAAA,MAAM,MAAM,GAAA,CAAI,oBAAA;AAChB,EAAA,MAAM,gBAAA,GAAmB,GAAA,EAAK,KAAA,GAAQ,OAAA,CAAQ,IAAI,CAAA;AAClD,EAAA,MAAM,aAAA,GACJ,oBACA,OAAO,gBAAA,KAAqB,YAC5B,OAAA,IAAW,gBAAA,GACP,iBAAiB,KAAA,GACjB,MAAA;AACN,EAAA,IAAI,OAAO,aAAA,KAAkB,QAAA,IAAY,kBAAA,IAAsB,OAAA,EAAS;AAEtE,IAAA,OAAO,mBAAA,CAAoB,OAAA,CAAQ,gBAAA,EAAkB,GAAA,CAAI,YAAY,CAAA;AAAA,EACvE;AACA,EAAA,OAAO,yBAAA;AAAA,IACL,aAAA;AAAA,IACA,GAAA;AAAA,IACA,GAAA,CAAI,YAAA;AAAA,IACJ,GAAA,CAAI;AAAA,GACN;AACF;AAEO,IAAM,qBAAA,GAAwB,CACnC,OAAA,EACA,GAAA,KACG;AACH,EAAA,OAAO,kBAAA,CAAmB,SAAS,GAAG,CAAA;AACxC,CAAA;AAEO,IAAM,wBAAA,GAA2B,CACtC,OAAA,EACA,GAAA,KACG;AACH,EAAA,MAAM,aAAA,GACJ,gBAAA,IAAoB,OAAA,GAAU,OAAA,CAAQ,cAAA,GAAiB,MAAA;AACzD,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,OAAO,kBAAA,CAAmB,SAAS,GAAG,CAAA;AAAA,EACxC;AAEA,EAAA,OAAO,yBAAA;AAAA,IACL,aAAA;AAAA,IACA;AAAA,MACE,WAAW,GAAA,CAAI,cAAA;AAAA,MACf,OAAO,GAAA,CAAI,cAAA;AAAA,MACX,MAAA,EAAQ,IAAI,oBAAA,EAAsB;AAAA,KACpC;AAAA,IACA,GAAA,CAAI,YAAA;AAAA,IACJ,GAAA,CAAI;AAAA,GACN;AACF,CAAA;;;ACtHO,IAAM,kBAAA,GAAqB;AAAA,EAChC,KAAA,EAAO,CAAC,QAAA,KAAiC;AACvC,IAAA,IAAI,CAAC,QAAA,EAAU,OAAO,EAAC;AACvB,IAAA,IAAI;AACF,MAAA,OAAO,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,QAAQ,CAAC,CAAA;AAAA,IAClC,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,EAAC;AAAA,IACV;AAAA,EACF,CAAA;AAAA,EACA,SAAA,EAAW,CAAC,QAAA,KAAgC;AAC1C,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AAAA,EACtC;AACF;AAqDA,IAAM,aAAA,GAA+B;AAAA,EACnC,GAAA,EAAK,wBAAA;AAAA,EACL,QAAA,EAAU;AACZ,CAAA;AAEA,IAAM,sBAAsB,CAAC;AAAA,EAC3B,GAAA;AAAA,EACA,MAAA;AAAA,EACA,GAAA;AAAA,EACA;AACF,CAAA,KAKM;AACJ,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,GAAA,EAAK,GAAA,CAAI,YAAY,CAAA;AACpD,EAAA,MAAM,iBAAA,GAAoB,CAACA,IAAAA,KAAqC;AAC9D,IAAA,MAAMC,OAAAA,GAAS,eAAA,CAAgBD,IAAAA,EAAK,GAAA,CAAI,YAAY,CAAA;AACpD,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,CAAC,EAAE,GAAA,EAAK,QAAO,KAAM;AAC1B,QAAA,OAAOC,QAAO,iBAAA,CAAkB;AAAA,UAC9B,GAAA;AAAA,UACA;AAAA,SACD,CAAA;AAAA,MACH;AAAA,KACF;AAAA,EACF,CAAA;AACA,EAAA,GAAA,CAAI,MAAM,IAAI,IAAI,KAAA;AAAA,IAChB,EAAC;AAAA,IACD;AAAA,MACE,GAAA,EAAK,CAAC,CAAA,EAAG,IAAA,KAAS;AAChB,QAAA,IAAI,SAAS,QAAA,EAAU;AACrB,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,OAAO,OAAO,IAAA,KAAkB;AAC9B,UAAA,OAAO,MAAM,OAAO,QAAA,CAAS;AAAA,YAC3B,UAAA,EAAY,IAAA;AAAA,YACZ,aAAA,EAAe;AAAA,WAChB,CAAA;AAAA,QACH,CAAA;AAAA,MACF;AAAA;AACF,GACF;AAEA,EAAA,MAAM,kBAAA,GAAqB;AAAA,IACzB,GAAG,kBAAkB,GAAG,CAAA;AAAA,IACxB,UAAA,EAAY;AAAA,GACd;AAEA,EAAA,GAAA,CAAI,UAAU,CAAA,GAAI,SAAA;AAClB,EAAA,GAAA,CAAI,oBAAoB,CAAA,GAAI,MAAA;AAC5B,EAAA,GAAA,CAAI,mBAAmB,CAAA,GAAI,kBAAA;AAE3B,EAAA,GAAA,CAAI,UAAU,KACX,GAAA,EAAK,UAAA,CAAW,kBAAkB,CAAA,IACjC,GAAA,EAAK,UAAA,CAAW,kBAAkB,CAAA,KACpC,KAAA;AACJ,CAAA;AAEO,IAAM,iBAAA,GAAN,cAAgC,KAAA,CAAM;AAAA,EAC3C,WAAA,CACE,SACO,UAAA,EACP;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFN,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAGP,IAAA,IAAA,CAAK,IAAA,GAAO,mBAAA;AAAA,EACd;AACF;AAEA,IAAM,sBAAA,GAAyB,iBAAA;AAC/B,IAAM,mBAAA,GAAsB,cAAA;AAC5B,IAAM,oBAAA,GAAuB,eAAA;AAC7B,IAAM,aAAA,GAAgB,CAAC,IAAA,EAAgB,SAAA,KAAuB,MAAM;AAClE,EAAA,OAAO;AAAA,IACL,GAAK,QAAiB,EAAC;AAAA,IACvB;AAAA,GACF;AACF,CAAA;AAEO,IAAM,eAAe,CAAO;AAAA,EACjC,GAAA,EAAK,IAAA;AAAA,EACL,MAAA;AAAA,EACA,cAAA;AAAA,EACA,MAAA;AAAA,EACA,GAAA;AAAA,EACA;AACF,CAAA,KAOY;AACV,EAAA,MAAA,KAAW,MAAA;AACX,EAAA,MAAM,GAAA,GAAM,IAAA;AAEZ,EAAA,MAAM,MAAA,GAAS,IAAI,YAAA,IAAgB,yBAAA;AACnC,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI,OAAO,mBAAmB,QAAA,EAAU;AACtC,IAAA,MAAM,OAAA,GAAU,UAAU,cAAc,CAAA;AACxC,IAAA,MAAM,YAAY,OAAA,CAAQ,GAAA;AAE1B,IAAA,OAAA,GAAU;AAAA,MACR,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,KAAA,EAAO,cAAA;AAAA,MACP,eAAe,OAAA,CAAQ,aAAA;AAAA,MACvB,SAAA;AAAA,MACA,mBAAA,EAAqB,aAAA,CAAc,OAAA,CAAQ,IAAA,EAAM,SAAS,CAAA;AAAA,MAC1D;AAAA,KACF;AAAA,EACF,CAAA,MAAA,IAAW,OAAO,cAAA,KAAmB,QAAA,EAAU;AAC7C,IAAA,OAAA,GAAU,cAAA;AACV,IAAA,MAAM,OAAA,GAAU,SAAA,CAAU,cAAA,CAAe,KAAK,CAAA;AAC9C,IAAA,MAAM,YAAY,OAAA,CAAQ,GAAA;AAC1B,IAAA,MAAM,UAAU,OAAA,CAAQ,OAAA;AACxB,IAAA,OAAA,CAAQ,SAAA,GAAY,OAAA;AACpB,IAAA,OAAA,CAAQ,kBAAkB,OAAA,CAAQ,aAAA;AAClC,IAAA,OAAA,CAAQ,mBAAA,GAAsB,aAAA,CAAc,OAAA,CAAQ,IAAA,EAAM,SAAS,CAAA;AAAA,EACrE,CAAA,MAAO;AACL,IAAA,OAAA,GAAU;AAAA,MACR,KAAA,EAAO,MAAA;AAAA,MACP,OAAO,GAAA,CAAI,cAAA;AAAA,MACX,WAAW,GAAA,CAAI,cAAA;AAAA,MACf,MAAA;AAAA,MACA,mBAAA,EAAqB,CAAC,OAAA,KAAyC;AAC7D,QAAA,MAAM,aAAA,GAAgB,OAAA,EAAS,aAAA,IAAiB,GAAA,CAAI,cAAA;AACpD,QAAA,MAAM,OAAA,GAAU,IAAI,GAAA,CAAI,aAAA,EAAe,MAAM,CAAA;AAC7C,QAAA,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,GAAA,CAAI,aAAa,CAAA;AACvD,QAAA,OAAA,CAAQ,YAAA,CAAa,GAAA;AAAA,UACnB,cAAA;AAAA,UACA,IAAI,GAAA,CAAI,sBAAA,EAAwB,MAAA,IAAU,GAAA,CAAI,mBAAmB,CAAA,CAC9D;AAAA,SACL;AACA,QAAA,aAAA,IACE,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,aAAa,CAAA;AAC1D,QAAA,MAAM,IAAI,iBAAA,CAAkB,cAAA,EAAgB,OAAO,CAAA;AAAA,MACrD;AAAA,KACF;AAAA,EACF;AAEA,EAAA,GAAA,CAAI,oBAAA,GAAuB,OAAA;AAC3B,EAAA,MAAM,QAAA,GAAW,kBAAA,CAAmB,KAAA,CAAM,GAAA,CAAI,aAAa,CAAA;AAE3D,EAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,IAAA,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA,GAAI,aAAA,CAAc,QAAQ,IAAI,CAAA,CAAE,SAAgB,GAAG,CAAA;AAAA,EACrE;AAEA,EAAA,mBAAA,CAAoB;AAAA,IAClB,GAAA;AAAA,IACA,MAAA;AAAA,IACA,KAAK,GAAA,CAAI,oBAAA;AAAA,IACT;AAAA,GACD,CAAA;AAED,EAAA,OAAO,GAAA;AACT;AAEO,IAAM,WAAA,GAAc,CACzB,OAAA,KACgD;AAChD,EAAA,MAAM,MAAA,GAAS,gBAA+B,OAAO,CAAA;AACrD,EAAA,MAAM,OAAA,GAAU,OACd,GAAA,EACA,GAAA,EACA,GAAA,KACG;AACH,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA;AAC3B,IAAA,IAAI,GAAA,CAAI,aAAa,sBAAA,EAAwB;AAC3C,MAAA,OAAO,mBAAmB,GAAA,EAAK;AAAA,QAC7B,QAAQ,GAAA,CAAI,YAAA;AAAA,QACZ,SAAS,GAAA,CAAI;AAAA,OACd,CAAA;AAAA,IACH;AACA,IAAA,IAAI,GAAA,CAAI,aAAa,mBAAA,EAAqB;AACxC,MAAA,GAAA,CAAI,qBAAqB,mBAAA,EAAoB;AAC7C,MAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,GAAA,EAAK,GAAG,CAAA;AACnC,MAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,MAAA,OAAO,QAAA,CAAS,QAAA,CAAS,IAAA,IAAQ,UAAA,EAAY,GAAG,CAAA;AAAA,IAClD;AACA,IAAA,IAAI,GAAA,CAAI,aAAa,oBAAA,EAAsB;AACzC,MAAA,OAAO,aAAa,GAAG,CAAA;AAAA,IACzB;AACA,IAAA,IAAI,GAAA,CAAI,aAAa,MAAA,EAAQ;AAC3B,MAAA,OAAO,MAAA,CAAO,KAAA,CAAM,GAAA,EAAK,GAAA,EAAK,GAAG,CAAA;AAAA,IACnC;AAEA,IAAA,IAAI,GAAA,CAAI,QAAA,CAAS,UAAA,CAAW,gBAAgB,CAAA,EAAG;AAC7C,MAAA,MAAM,aAAa,GAAA,CAAI,QAAA,CAAS,KAAA,CAAM,GAAG,EAAE,GAAA,EAAI;AAC/C,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,OAAO,IAAI,QAAA,CAAS,WAAA,EAAa,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,MAClD;AACA,MAAA,MAAM,aAAA,GAAgB,MAAM,GAAA,CAAI,IAAA,EAAK;AACrC,MAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,QAAA,CAAS;AAAA,QACnC,UAAA;AAAA,QACA;AAAA,OACD,CAAA;AAED,MAAA,IAAI,kBAAkB,QAAA,EAAU;AAC9B,QAAA,OAAO,MAAA;AAAA,MACT;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,MAAM,CAAA,EAAG;AAAA,QAC1C,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB;AAAA;AAClB,OACD,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,GAAA,CAAI,QAAA,CAAS,UAAA,CAAW,gBAAA,CAAiB,iBAAiB,CAAA,EAAG;AAC/D,MAAA,OAAO,gBAAA,CAAiB,QAAA,CAAS,GAAA,EAAK,GAAG,CAAA;AAAA,IAC3C;AACA,IAAA,OACE,OAAA,CAAQ,KAAA,GAAQ,GAAA,EAAK,GAAA,EAAK,GAAG,CAAA,IAC7B,IAAI,QAAA,CAAS,WAAA,EAAa,EAAE,MAAA,EAAQ,GAAA,EAAK,CAAA;AAAA,EAE7C,CAAA;AACA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,OACL,GAAA,EACA,GAAA,EACA,GAAA,KACG;AACH,MAAA,MAAM,OAAA,GAAU,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,SAAS,CAAA;AACzC,MAAA,MAAM,cAAA,GAAiB,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,sBAAsB,CAAA;AAE7D,MAAA,IAAI;AACF,QAAA,MAAM,WAAW,YAAA,CAAa;AAAA,UAC5B,GAAA;AAAA,UACA,MAAA;AAAA,UACA,MAAA,EACE,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA,IAC/B,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA,CAAE,YAAA,CAAa,IAAI,KAAK,CAAA;AAAA,UACzC,cAAA,EAAgB,MAAM,WAAA,CAAY,GAAA,EAAK,GAAG,CAAA;AAAA,UAC1C,MAAA,EACE,OAAA,IAAW,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA,IAAK,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA,CAAE,MAAA;AAAA,UAC3D,KAAK,GAAA,CAAI;AAAA,SACV,CAAA;AACD,QAAA,OAAO,MAAM,KAAA,CAAM,GAAA;AAAA,UACjB,EAAE,GAAA,EAAK,GAAA,EAAK,QAAA,EAAU,GAAA,EAAI;AAAA,UAC1B,YAAY,MAAM,OAAA,CAAQ,GAAA,EAAK,UAAU,GAAG;AAAA,SAC9C;AAAA,MACF,SAAS,KAAA,EAAO;AACd,QAAA,IAAI,iBAAiB,iBAAA,EAAmB;AACtC,UAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,YAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA;AAC3B,YAAA,KAAA,CAAM,WAAW,YAAA,CAAa,GAAA;AAAA,cAC5B,OAAA;AAAA,cACA,YAAY,SAAA,CAAU;AAAA,gBACpB,MAAM,GAAA,CAAI,YAAA,CAAa,IAAI,MAAM,CAAA,IAAK,WAAW,GAAA,CAAI;AAAA,eACtD;AAAA,aACH;AACA,YAAA,OAAO,QAAA,CAAS,QAAA,CAAS,KAAA,CAAM,UAAA,EAAY,GAAG,CAAA;AAAA,UAChD;AACA,UAAA,OAAO,IAAI,QAAA,CAAS,IAAA,EAAM,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,QAC3C;AACA,QAAA,MAAM,KAAA;AAAA,MACR;AAAA,IACF;AAAA,GACF;AACF","file":"index.js","sourcesContent":["import { JWK, jwtVerify } from \"jose\";\nimport type { DefaultEnv } from \"./index.ts\";\n\nconst DECO_APP_AUTH_COOKIE_NAME = \"deco_page_auth\";\nconst MAX_COOKIE_SIZE = 4000; // Leave some buffer below the 4096 limit\n\nexport interface State {\n  next?: string;\n}\n\nexport const StateParser = {\n  parse: (state: string) => {\n    return JSON.parse(decodeURIComponent(atob(state))) as State;\n  },\n  stringify: (state: State) => {\n    return btoa(encodeURIComponent(JSON.stringify(state)));\n  },\n};\n\n// Helper function to chunk a value into multiple cookies\nconst chunkValue = (value: string): string[] => {\n  if (value.length <= MAX_COOKIE_SIZE) {\n    return [value];\n  }\n\n  const chunks: string[] = [];\n  for (let i = 0; i < value.length; i += MAX_COOKIE_SIZE) {\n    chunks.push(value.slice(i, i + MAX_COOKIE_SIZE));\n  }\n  return chunks;\n};\n\n// Helper function to reassemble chunked cookies\nconst reassembleChunkedCookies = (\n  cookies: Record<string, string>,\n  baseName: string,\n): string | undefined => {\n  // First try the base cookie (non-chunked)\n  if (cookies[baseName]) {\n    return cookies[baseName];\n  }\n\n  // Try to reassemble from chunks\n  const chunks: string[] = [];\n  let index = 0;\n\n  while (true) {\n    const chunkName = `${baseName}_${index}`;\n    if (!cookies[chunkName]) {\n      break;\n    }\n    chunks.push(cookies[chunkName]);\n    index++;\n  }\n\n  return chunks.length > 0 ? chunks.join(\"\") : undefined;\n};\n\n// Helper function to parse cookies from request\nconst parseCookies = (cookieHeader: string): Record<string, string> => {\n  const cookies: Record<string, string> = {};\n  if (!cookieHeader) return cookies;\n\n  cookieHeader.split(\";\").forEach((cookie) => {\n    const [name, ...rest] = cookie.trim().split(\"=\");\n    if (name && rest.length > 0) {\n      cookies[name] = decodeURIComponent(rest.join(\"=\"));\n    }\n  });\n\n  return cookies;\n};\n\nconst parseJWK = (jwk: string): JWK => JSON.parse(atob(jwk)) as JWK;\n\nexport const getReqToken = async (req: Request, env: DefaultEnv) => {\n  const token = () => {\n    // First try to get token from Authorization header\n    const authHeader = req.headers.get(\"Authorization\");\n    if (authHeader) {\n      return authHeader.split(\" \")[1];\n    }\n\n    // If not found, try to get from cookie\n    const cookieHeader = req.headers.get(\"Cookie\");\n    if (cookieHeader) {\n      const cookies = parseCookies(cookieHeader);\n      return reassembleChunkedCookies(cookies, DECO_APP_AUTH_COOKIE_NAME);\n    }\n\n    return undefined;\n  };\n\n  const authToken = token();\n  if (!authToken) {\n    return undefined;\n  }\n\n  env.DECO_API_JWT_PUBLIC_KEY &&\n    (await jwtVerify(authToken, parseJWK(env.DECO_API_JWT_PUBLIC_KEY), {\n      issuer: \"https://api.decocms.com\",\n      algorithms: [\"RS256\"],\n      typ: \"JWT\",\n    }).catch((err) => {\n      console.error(\n        `[auth-token]: error validating: ${err} ${env.DECO_API_JWT_PUBLIC_KEY}`,\n      );\n    }));\n\n  return authToken;\n};\n\nexport interface AuthCallbackOptions {\n  apiUrl?: string;\n  appName: string;\n}\n\nexport const handleAuthCallback = async (\n  req: Request,\n  options: AuthCallbackOptions,\n): Promise<Response> => {\n  const url = new URL(req.url);\n  const code = url.searchParams.get(\"code\");\n  const state = url.searchParams.get(\"state\");\n\n  if (!code) {\n    return new Response(\"Missing authorization code\", { status: 400 });\n  }\n\n  // Parse state to get the next URL\n  let next = \"/\";\n  if (state) {\n    try {\n      const parsedState = StateParser.parse(state);\n      next = parsedState.next || \"/\";\n    } catch {\n      // ignore parse errors\n    }\n  }\n\n  try {\n    // Exchange code for token\n    const apiUrl = options.apiUrl ?? \"https://api.decocms.com\";\n    const exchangeResponse = await fetch(`${apiUrl}/apps/code-exchange`, {\n      method: \"POST\",\n      headers: {\n        \"Content-Type\": \"application/json\",\n      },\n      body: JSON.stringify({\n        code,\n        client_id: options.appName,\n      }),\n    });\n\n    if (!exchangeResponse.ok) {\n      console.error(\n        \"authentication failed\",\n        code,\n        options.appName,\n        await exchangeResponse.text().catch((_) => \"\"),\n      );\n      return new Response(\"Authentication failed\", { status: 401 });\n    }\n\n    const { access_token } = (await exchangeResponse.json()) as {\n      access_token: string;\n    };\n\n    if (!access_token) {\n      return new Response(\"No access token received\", { status: 401 });\n    }\n\n    // Chunk the token if it's too large\n    const chunks = chunkValue(access_token);\n    const headers = new Headers();\n    headers.set(\"Location\", next);\n\n    // Set cookies for each chunk\n    if (chunks.length === 1) {\n      // Single cookie for small tokens\n      headers.set(\n        \"Set-Cookie\",\n        `${DECO_APP_AUTH_COOKIE_NAME}=${access_token}; HttpOnly; SameSite=None; Secure; Path=/`,\n      );\n    } else {\n      // Multiple cookies for large tokens\n      chunks.forEach((chunk, index) => {\n        headers.append(\n          \"Set-Cookie\",\n          `${DECO_APP_AUTH_COOKIE_NAME}_${index}=${chunk}; HttpOnly; SameSite=None; Secure; Path=/`,\n        );\n      });\n    }\n\n    return new Response(null, {\n      status: 302,\n      headers,\n    });\n  } catch (err) {\n    return new Response(`Authentication failed ${err}`, { status: 500 });\n  }\n};\n\nconst removeAuthCookie = (headers: Headers) => {\n  // Clear the base cookie\n  headers.append(\n    \"Set-Cookie\",\n    `${DECO_APP_AUTH_COOKIE_NAME}=; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=0`,\n  );\n\n  // Clear all potential chunked cookies\n  // We'll try to clear up to 10 chunks (which would support tokens up to 40KB)\n  // This is a reasonable upper limit\n  for (let i = 0; i < 10; i++) {\n    headers.append(\n      \"Set-Cookie\",\n      `${DECO_APP_AUTH_COOKIE_NAME}_${i}=; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=0`,\n    );\n  }\n};\n\nexport const handleLogout = (req: Request) => {\n  const url = new URL(req.url);\n  const next = url.searchParams.get(\"next\");\n  const redirectTo = new URL(\"/\", url);\n  const headers = new Headers();\n  removeAuthCookie(headers);\n  headers.set(\"Location\", next ?? redirectTo.href);\n  return new Response(null, {\n    status: 302,\n    headers,\n  });\n};\n","import type { MCPConnection } from \"./connection.ts\";\nimport type { DefaultEnv, RequestContext } from \"./index.ts\";\nimport { MCPClient } from \"./mcp.ts\";\nimport type {\n  BindingBase,\n  ContractBinding,\n  MCPBinding,\n  MCPIntegrationNameBinding,\n} from \"./wrangler.ts\";\n\ninterface IntegrationContext {\n  integrationId: string;\n  workspace: string;\n  branch?: string;\n  decoCmsApiUrl?: string;\n}\n\nconst normalizeWorkspace = (workspace: string) => {\n  if (workspace.startsWith(\"/users\")) {\n    return workspace;\n  }\n  if (workspace.startsWith(\"/shared\")) {\n    return workspace;\n  }\n  if (workspace.includes(\"/\")) {\n    return workspace;\n  }\n  return `/shared/${workspace}`;\n};\n\n/**\n * Url: /apps/mcp?appName=$appName\n */\nconst createAppsUrl = ({\n  appName,\n  decoChatApiUrl,\n}: {\n  appName: string;\n  decoChatApiUrl?: string;\n}) =>\n  new URL(\n    `/apps/mcp?appName=${appName}`,\n    decoChatApiUrl ?? \"https://api.decocms.com\",\n  ).href;\n/**\n * Url: /:workspace.root/:workspace.slug/:integrationId/mcp\n */\nconst createIntegrationsUrl = ({\n  integrationId,\n  workspace,\n  decoCmsApiUrl,\n  branch,\n}: IntegrationContext) => {\n  const base = `${normalizeWorkspace(workspace)}/${integrationId}/mcp`;\n  const url = new URL(base, decoCmsApiUrl ?? \"https://api.decocms.com\");\n  branch && url.searchParams.set(\"branch\", branch);\n  return url.href;\n};\n\ntype WorkspaceClientContext = Omit<\n  RequestContext,\n  \"ensureAuthenticated\" | \"state\" | \"fetchIntegrationMetadata\"\n>;\nexport const workspaceClient = (\n  ctx: WorkspaceClientContext,\n  decocmsApiUrl?: string,\n): ReturnType<(typeof MCPClient)[\"forWorkspace\"]> => {\n  return MCPClient.forWorkspace(ctx.workspace, ctx.token, decocmsApiUrl);\n};\n\nconst mcpClientForAppName = (appName: string, decoChatApiUrl?: string) => {\n  const mcpConnection: MCPConnection = {\n    type: \"HTTP\",\n    url: createAppsUrl({\n      appName,\n      decoChatApiUrl,\n    }),\n  };\n\n  return MCPClient.forConnection(mcpConnection, decoChatApiUrl);\n};\n\nexport const proxyConnectionForId = (\n  integrationId: string,\n  ctx: Omit<WorkspaceClientContext, \"token\"> & {\n    token?: string;\n    cookie?: string;\n  },\n  decocmsApiUrl?: string,\n  appName?: string,\n): MCPConnection => {\n  let headers: Record<string, string> | undefined = appName\n    ? { \"x-caller-app\": appName }\n    : undefined;\n  if (ctx.cookie) {\n    headers ??= {};\n    headers.cookie = ctx.cookie;\n  }\n  return {\n    type: \"HTTP\",\n    url: createIntegrationsUrl({\n      integrationId,\n      workspace: ctx.workspace,\n      decoCmsApiUrl: decocmsApiUrl,\n      branch: ctx.branch,\n    }),\n    token: ctx.token,\n    headers,\n  };\n};\nconst mcpClientForIntegrationId = (\n  integrationId: string,\n  ctx: WorkspaceClientContext,\n  decocmsApiUrl?: string,\n  appName?: string,\n) => {\n  const mcpConnection = proxyConnectionForId(\n    integrationId,\n    ctx,\n    decocmsApiUrl,\n    appName,\n  );\n\n  // TODO(@igorbrasileiro): Switch this proxy to be a proxy that call MCP Client.toolCall from @modelcontextprotocol\n  return MCPClient.forConnection(mcpConnection, decocmsApiUrl);\n};\n\nfunction mcpClientFromState(\n  binding: BindingBase | MCPIntegrationNameBinding,\n  env: DefaultEnv,\n) {\n  const ctx = env.DECO_REQUEST_CONTEXT;\n  const bindingFromState = ctx?.state?.[binding.name];\n  const integrationId =\n    bindingFromState &&\n    typeof bindingFromState === \"object\" &&\n    \"value\" in bindingFromState\n      ? bindingFromState.value\n      : undefined;\n  if (typeof integrationId !== \"string\" && \"integration_name\" in binding) {\n    // in case of a binding to an app name, we need to use the new apps/mcp endpoint which will proxy the request to the app but without any token\n    return mcpClientForAppName(binding.integration_name, env.DECO_API_URL);\n  }\n  return mcpClientForIntegrationId(\n    integrationId,\n    ctx,\n    env.DECO_API_URL,\n    env.DECO_APP_NAME,\n  );\n}\n\nexport const createContractBinding = (\n  binding: ContractBinding,\n  env: DefaultEnv,\n) => {\n  return mcpClientFromState(binding, env);\n};\n\nexport const createIntegrationBinding = (\n  binding: MCPBinding,\n  env: DefaultEnv,\n) => {\n  const integrationId =\n    \"integration_id\" in binding ? binding.integration_id : undefined;\n  if (!integrationId) {\n    return mcpClientFromState(binding, env);\n  }\n  // bindings pointed to an specific integration id are binded using the app deployment workspace\n  return mcpClientForIntegrationId(\n    integrationId,\n    {\n      workspace: env.DECO_WORKSPACE,\n      token: env.DECO_API_TOKEN,\n      branch: env.DECO_REQUEST_CONTEXT?.branch,\n    },\n    env.DECO_API_URL,\n    env.DECO_APP_NAME,\n  );\n};\n","/* oxlint-disable no-explicit-any */\nimport type { ExecutionContext } from \"@cloudflare/workers-types\";\nimport { decodeJwt } from \"jose\";\nimport type { z } from \"zod\";\nimport {\n  getReqToken,\n  handleAuthCallback,\n  handleLogout,\n  StateParser,\n} from \"./auth.ts\";\nimport {\n  createContractBinding,\n  createIntegrationBinding,\n  workspaceClient,\n} from \"./bindings.ts\";\nimport { DeconfigResource } from \"./bindings/deconfig/index.ts\";\nimport { DECO_MCP_CLIENT_HEADER } from \"./client.ts\";\nimport {\n  createMCPServer,\n  type CreateMCPServerOptions,\n  MCPServer,\n} from \"./mastra.ts\";\nimport { MCPClient, type QueryResult } from \"./mcp.ts\";\nimport { State } from \"./state.ts\";\nimport type { Binding, ContractBinding, MCPBinding } from \"./wrangler.ts\";\nexport { proxyConnectionForId } from \"./bindings.ts\";\nexport {\n  createMCPFetchStub,\n  type CreateStubAPIOptions,\n  type ToolBinder,\n} from \"./mcp.ts\";\nexport interface WorkspaceDB {\n  query: (params: {\n    sql: string;\n    params: string[];\n  }) => Promise<{ result: QueryResult[] }>;\n}\n\nexport interface DefaultEnv<TSchema extends z.ZodTypeAny = any> {\n  DECO_REQUEST_CONTEXT: RequestContext<TSchema>;\n  DECO_APP_NAME: string;\n  DECO_APP_SLUG: string;\n  DECO_APP_ENTRYPOINT: string;\n  DECO_API_URL?: string;\n  DECO_WORKSPACE: string;\n  DECO_API_JWT_PUBLIC_KEY: string;\n  DECO_APP_DEPLOYMENT_ID: string;\n  DECO_BINDINGS: string;\n  DECO_API_TOKEN: string;\n  DECO_WORKSPACE_DB: WorkspaceDB & {\n    forContext: (ctx: RequestContext) => WorkspaceDB;\n  };\n  IS_LOCAL: boolean;\n  [key: string]: unknown;\n}\n\nexport interface BindingsObject {\n  bindings?: Binding[];\n}\n\nexport const WorkersMCPBindings = {\n  parse: (bindings?: string): Binding[] => {\n    if (!bindings) return [];\n    try {\n      return JSON.parse(atob(bindings)) as Binding[];\n    } catch {\n      return [];\n    }\n  },\n  stringify: (bindings: Binding[]): string => {\n    return btoa(JSON.stringify(bindings));\n  },\n};\n\nexport interface UserDefaultExport<\n  TUserEnv = Record<string, unknown>,\n  TSchema extends z.ZodTypeAny = never,\n  TEnv = TUserEnv & DefaultEnv<TSchema>,\n> extends CreateMCPServerOptions<TEnv, TSchema> {\n  fetch?: (\n    req: Request,\n    env: TEnv,\n    ctx: ExecutionContext,\n  ) => Promise<Response> | Response;\n}\n\n// 1. Map binding type to its interface\ninterface BindingTypeMap {\n  mcp: MCPBinding;\n  contract: ContractBinding;\n}\n\nexport interface User {\n  id: string;\n  email: string;\n  workspace: string;\n  user_metadata: {\n    avatar_url: string;\n    full_name: string;\n    picture: string;\n    [key: string]: unknown;\n  };\n}\n\nexport interface RequestContext<TSchema extends z.ZodTypeAny = any> {\n  state: z.infer<TSchema>;\n  branch?: string;\n  token: string;\n  workspace: string;\n  ensureAuthenticated: (options?: {\n    workspaceHint?: string;\n  }) => User | undefined;\n  callerApp?: string;\n  integrationId?: string;\n}\n\n// 2. Map binding type to its creator function\ntype CreatorByType = {\n  [K in keyof BindingTypeMap]: (\n    value: BindingTypeMap[K],\n    env: DefaultEnv,\n  ) => unknown;\n};\n\n// 3. Strongly type creatorByType\nconst creatorByType: CreatorByType = {\n  mcp: createIntegrationBinding,\n  contract: createContractBinding,\n};\n\nconst withDefaultBindings = ({\n  env,\n  server,\n  ctx,\n  url,\n}: {\n  env: DefaultEnv;\n  server: MCPServer<any, any>;\n  ctx: RequestContext;\n  url?: string;\n}) => {\n  const client = workspaceClient(ctx, env.DECO_API_URL);\n  const createWorkspaceDB = (ctx: RequestContext): WorkspaceDB => {\n    const client = workspaceClient(ctx, env.DECO_API_URL);\n    return {\n      query: ({ sql, params }) => {\n        return client.DATABASES_RUN_SQL({\n          sql,\n          params,\n        });\n      },\n    };\n  };\n  env[\"SELF\"] = new Proxy(\n    {},\n    {\n      get: (_, prop) => {\n        if (prop === \"toJSON\") {\n          return null;\n        }\n\n        return async (args: unknown) => {\n          return await server.callTool({\n            toolCallId: prop as string,\n            toolCallInput: args,\n          });\n        };\n      },\n    },\n  );\n\n  const workspaceDbBinding = {\n    ...createWorkspaceDB(ctx),\n    forContext: createWorkspaceDB,\n  };\n\n  env[\"DECO_API\"] = MCPClient;\n  env[\"DECO_WORKSPACE_API\"] = client;\n  env[\"DECO_WORKSPACE_DB\"] = workspaceDbBinding;\n\n  env[\"IS_LOCAL\"] =\n    (url?.startsWith(\"http://localhost\") ||\n      url?.startsWith(\"http://127.0.0.1\")) ??\n    false;\n};\n\nexport class UnauthorizedError extends Error {\n  constructor(\n    message: string,\n    public redirectTo: URL,\n  ) {\n    super(message);\n    this.name = \"UnauthorizedError\";\n  }\n}\n\nconst AUTH_CALLBACK_ENDPOINT = \"/oauth/callback\";\nconst AUTH_START_ENDPOINT = \"/oauth/start\";\nconst AUTH_LOGOUT_ENDPOINT = \"/oauth/logout\";\nconst AUTHENTICATED = (user?: unknown, workspace?: string) => () => {\n  return {\n    ...((user as User) ?? {}),\n    workspace,\n  } as User;\n};\n\nexport const withBindings = <TEnv>({\n  env: _env,\n  server,\n  tokenOrContext,\n  origin,\n  url,\n  branch,\n}: {\n  env: TEnv;\n  server: MCPServer<TEnv, any>;\n  tokenOrContext?: string | RequestContext;\n  origin?: string | null;\n  url?: string;\n  branch?: string | null;\n}): TEnv => {\n  branch ??= undefined;\n  const env = _env as DefaultEnv<any>;\n\n  const apiUrl = env.DECO_API_URL ?? \"https://api.decocms.com\";\n  let context;\n  if (typeof tokenOrContext === \"string\") {\n    const decoded = decodeJwt(tokenOrContext);\n    const workspace = decoded.aud as string;\n\n    context = {\n      state: decoded.state as Record<string, unknown>,\n      token: tokenOrContext,\n      integrationId: decoded.integrationId as string,\n      workspace,\n      ensureAuthenticated: AUTHENTICATED(decoded.user, workspace),\n      branch,\n    } as RequestContext<any>;\n  } else if (typeof tokenOrContext === \"object\") {\n    context = tokenOrContext;\n    const decoded = decodeJwt(tokenOrContext.token);\n    const workspace = decoded.aud as string;\n    const appName = decoded.appName as string | undefined;\n    context.callerApp = appName;\n    context.integrationId ??= decoded.integrationId as string;\n    context.ensureAuthenticated = AUTHENTICATED(decoded.user, workspace);\n  } else {\n    context = {\n      state: undefined,\n      token: env.DECO_API_TOKEN,\n      workspace: env.DECO_WORKSPACE,\n      branch,\n      ensureAuthenticated: (options?: { workspaceHint?: string }) => {\n        const workspaceHint = options?.workspaceHint ?? env.DECO_WORKSPACE;\n        const authUri = new URL(\"/apps/oauth\", apiUrl);\n        authUri.searchParams.set(\"client_id\", env.DECO_APP_NAME);\n        authUri.searchParams.set(\n          \"redirect_uri\",\n          new URL(AUTH_CALLBACK_ENDPOINT, origin ?? env.DECO_APP_ENTRYPOINT)\n            .href,\n        );\n        workspaceHint &&\n          authUri.searchParams.set(\"workspace_hint\", workspaceHint);\n        throw new UnauthorizedError(\"Unauthorized\", authUri);\n      },\n    };\n  }\n\n  env.DECO_REQUEST_CONTEXT = context;\n  const bindings = WorkersMCPBindings.parse(env.DECO_BINDINGS);\n\n  for (const binding of bindings) {\n    env[binding.name] = creatorByType[binding.type](binding as any, env);\n  }\n\n  withDefaultBindings({\n    env,\n    server,\n    ctx: env.DECO_REQUEST_CONTEXT,\n    url,\n  });\n\n  return env as TEnv;\n};\n\nexport const withRuntime = <TEnv, TSchema extends z.ZodTypeAny = never>(\n  userFns: UserDefaultExport<TEnv, TSchema>,\n): ExportedHandler<TEnv & DefaultEnv<TSchema>> => {\n  const server = createMCPServer<TEnv, TSchema>(userFns);\n  const fetcher = async (\n    req: Request,\n    env: TEnv & DefaultEnv<TSchema>,\n    ctx: ExecutionContext,\n  ) => {\n    const url = new URL(req.url);\n    if (url.pathname === AUTH_CALLBACK_ENDPOINT) {\n      return handleAuthCallback(req, {\n        apiUrl: env.DECO_API_URL,\n        appName: env.DECO_APP_NAME,\n      });\n    }\n    if (url.pathname === AUTH_START_ENDPOINT) {\n      env.DECO_REQUEST_CONTEXT.ensureAuthenticated();\n      const redirectTo = new URL(\"/\", url);\n      const next = url.searchParams.get(\"next\");\n      return Response.redirect(next ?? redirectTo, 302);\n    }\n    if (url.pathname === AUTH_LOGOUT_ENDPOINT) {\n      return handleLogout(req);\n    }\n    if (url.pathname === \"/mcp\") {\n      return server.fetch(req, env, ctx);\n    }\n\n    if (url.pathname.startsWith(\"/mcp/call-tool\")) {\n      const toolCallId = url.pathname.split(\"/\").pop();\n      if (!toolCallId) {\n        return new Response(\"Not found\", { status: 404 });\n      }\n      const toolCallInput = await req.json();\n      const result = await server.callTool({\n        toolCallId,\n        toolCallInput,\n      });\n\n      if (result instanceof Response) {\n        return result;\n      }\n\n      return new Response(JSON.stringify(result), {\n        headers: {\n          \"Content-Type\": \"application/json\",\n        },\n      });\n    }\n\n    if (url.pathname.startsWith(DeconfigResource.WatchPathNameBase)) {\n      return DeconfigResource.watchAPI(req, env);\n    }\n    return (\n      userFns.fetch?.(req, env, ctx) ||\n      new Response(\"Not found\", { status: 404 })\n    );\n  };\n  return {\n    fetch: async (\n      req: Request,\n      env: TEnv & DefaultEnv<TSchema>,\n      ctx: ExecutionContext,\n    ) => {\n      const referer = req.headers.get(\"referer\");\n      const isFetchRequest = req.headers.has(DECO_MCP_CLIENT_HEADER);\n\n      try {\n        const bindings = withBindings({\n          env,\n          server,\n          branch:\n            req.headers.get(\"x-deco-branch\") ??\n            new URL(req.url).searchParams.get(\"__b\"),\n          tokenOrContext: await getReqToken(req, env),\n          origin:\n            referer ?? req.headers.get(\"origin\") ?? new URL(req.url).origin,\n          url: req.url,\n        });\n        return await State.run(\n          { req, env: bindings, ctx },\n          async () => await fetcher(req, bindings, ctx),\n        );\n      } catch (error) {\n        if (error instanceof UnauthorizedError) {\n          if (!isFetchRequest) {\n            const url = new URL(req.url);\n            error.redirectTo.searchParams.set(\n              \"state\",\n              StateParser.stringify({\n                next: url.searchParams.get(\"next\") ?? referer ?? req.url,\n              }),\n            );\n            return Response.redirect(error.redirectTo, 302);\n          }\n          return new Response(null, { status: 401 });\n        }\n        throw error;\n      }\n    },\n  };\n};\n\nexport {\n  type Contract,\n  type Migration,\n  type WranglerConfig,\n} from \"./wrangler.ts\";\n"]}

package/dist/mastra.d.ts

@@ -0,0 +1,8 @@
+import '@mastra/core';
+import '@mastra/core/di';
+import 'zod';
+export { A as AppContext, e as CreateMCPServerOptions, C as CreatedTool, E as ExecWithContext, F as Fetch, I as Integration, M as MCPServer, R as Resources, S as StreamableTool, V as ViewExport, f as createMCPServer, c as createPrivateTool, a as createRuntimeContext, b as createStreamableTool, d as createTool, i as isStreamableTool } from './index-AKVjfH4b.js';
+import './resources.js';
+import '@cloudflare/workers-types';
+import './mcp-Bv7IAgWX.js';
+import './connection-DDtQYrea.js';

package/dist/mastra.js

@@ -0,0 +1,5 @@
+export { createMCPServer, createPrivateTool, createRuntimeContext, createStreamableTool, createTool, isStreamableTool } from './chunk-OSSKGDAG.js';
+import './chunk-NKUMVYKI.js';
+import './chunk-AOFOWQXY.js';
+//# sourceMappingURL=mastra.js.map
+//# sourceMappingURL=mastra.js.map

package/dist/mastra.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"mastra.js"}