@edwardlee5423/magi 0.1.0-alpha.0

package/dist/mcp/oauth-flow.js

@@ -0,0 +1,145 @@
+/**
+ * High-level OAuth orchestrator: glues the OAuth client, callback server,
+ * and SessionStore token persistence together.
+ *
+ * Usage:
+ *
+ *   const result = await runOAuthFlow({
+ *     serverName: "linear",
+ *     authServerUrl: "https://auth.linear.app",
+ *     scope: "read",
+ *     store
+ *   });
+ *
+ *   // Browser opens, user authorizes, control returns here with the token saved.
+ */
+import { spawn } from "node:child_process";
+import { platform } from "node:os";
+import { buildAuthorizationRequest, discoverOAuthMetadata, exchangeCodeForToken, refreshAccessToken, registerOAuthClient } from "./oauth.js";
+import { startOAuthCallbackServer } from "./oauth-callback.js";
+export async function runOAuthFlow(input) {
+    const metadata = await discoverOAuthMetadata(input.authServerUrl);
+    // Start the local callback server first so we know the redirect URI
+    const callback = await startOAuthCallbackServer({});
+    try {
+        let clientId = input.clientId;
+        let clientSecret = input.clientSecret;
+        if (!clientId) {
+            if (!metadata.registration_endpoint) {
+                throw new Error(`OAuth server at ${input.authServerUrl} does not support Dynamic Client Registration. ` +
+                    `Configure a static client_id in mcp.servers.${input.serverName}.oauth.clientId`);
+            }
+            const registered = await registerOAuthClient({
+                registrationEndpoint: metadata.registration_endpoint,
+                redirectUri: callback.redirectUri,
+                clientName: `Magi Next (${input.serverName})`,
+                scope: input.scope
+            });
+            clientId = registered.clientId;
+            clientSecret = registered.clientSecret;
+        }
+        const auth = buildAuthorizationRequest({
+            metadata,
+            client: {
+                clientId: clientId,
+                clientSecret,
+                redirectUri: callback.redirectUri,
+                scope: input.scope
+            }
+        });
+        input.onAuthorizationUrl?.(auth.authorizationUrl);
+        if (!input.noBrowser) {
+            openBrowser(auth.authorizationUrl);
+        }
+        const callbackResult = await callback.result;
+        if (callbackResult.state !== auth.state) {
+            throw new Error("OAuth callback state mismatch (possible CSRF attempt)");
+        }
+        const token = await exchangeCodeForToken({
+            metadata,
+            client: {
+                clientId: clientId,
+                clientSecret,
+                redirectUri: callback.redirectUri,
+                scope: input.scope
+            },
+            code: callbackResult.code,
+            codeVerifier: auth.codeVerifier
+        });
+        const expiresAt = token.expires_in
+            ? new Date(Date.now() + token.expires_in * 1000).toISOString()
+            : undefined;
+        input.store.upsertMcpOAuthToken({
+            serverName: input.serverName,
+            accessToken: token.access_token,
+            refreshToken: token.refresh_token,
+            tokenType: token.token_type,
+            expiresAt,
+            scope: token.scope ?? input.scope,
+            authServerUrl: input.authServerUrl,
+            clientId,
+            metadata: { clientSecret: clientSecret ? "[REDACTED]" : undefined }
+        });
+        return {
+            serverName: input.serverName,
+            accessToken: token.access_token,
+            refreshToken: token.refresh_token,
+            expiresAt,
+            scope: token.scope ?? input.scope
+        };
+    }
+    finally {
+        callback.close();
+    }
+}
+/**
+ * Refresh a stored token if it has a refresh_token. Updates the stored record.
+ * Returns the new access token, or undefined if refresh is not possible.
+ */
+export async function refreshStoredToken(input) {
+    const stored = input.store.getMcpOAuthToken(input.serverName);
+    if (!stored || !stored.refreshToken || !stored.authServerUrl || !stored.clientId) {
+        return undefined;
+    }
+    const metadata = await discoverOAuthMetadata(stored.authServerUrl);
+    const token = await refreshAccessToken({
+        metadata,
+        client: {
+            clientId: stored.clientId,
+            redirectUri: "http://127.0.0.1/oauth/callback",
+            scope: stored.scope
+        },
+        refreshToken: stored.refreshToken
+    });
+    const expiresAt = token.expires_in
+        ? new Date(Date.now() + token.expires_in * 1000).toISOString()
+        : undefined;
+    input.store.upsertMcpOAuthToken({
+        serverName: input.serverName,
+        accessToken: token.access_token,
+        refreshToken: token.refresh_token ?? stored.refreshToken,
+        tokenType: token.token_type,
+        expiresAt,
+        scope: token.scope ?? stored.scope,
+        authServerUrl: stored.authServerUrl,
+        clientId: stored.clientId
+    });
+    return token.access_token;
+}
+function openBrowser(url) {
+    const cmd = platform() === "darwin" ? "open" :
+        platform() === "win32" ? "start" :
+            "xdg-open";
+    try {
+        const child = spawn(cmd, platform() === "win32" ? ["", url] : [url], {
+            detached: true,
+            stdio: "ignore",
+            shell: platform() === "win32"
+        });
+        child.unref();
+    }
+    catch {
+        // Browser launch is best-effort; user can copy URL manually
+    }
+}
+//# sourceMappingURL=oauth-flow.js.map

package/dist/mcp/oauth-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-flow.js","sourceRoot":"","sources":["../../src/mcp/oauth-flow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAGnC,OAAO,EACL,yBAAyB,EACzB,qBAAqB,EACrB,oBAAoB,EAEpB,kBAAkB,EAClB,mBAAmB,EACpB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AAwB/D,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,KAAwB;IACzD,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAElE,oEAAoE;IACpE,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,EAAE,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,IAAI,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;QAC9B,IAAI,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC;QAEtC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CACb,mBAAmB,KAAK,CAAC,aAAa,iDAAiD;oBACvF,+CAA+C,KAAK,CAAC,UAAU,iBAAiB,CACjF,CAAC;YACJ,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC;gBAC3C,oBAAoB,EAAE,QAAQ,CAAC,qBAAqB;gBACpD,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,UAAU,EAAE,cAAc,KAAK,CAAC,UAAU,GAAG;gBAC7C,KAAK,EAAE,KAAK,CAAC,KAAK;aACnB,CAAC,CAAC;YACH,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;YAC/B,YAAY,GAAG,UAAU,CAAC,YAAY,CAAC;QACzC,CAAC;QAED,MAAM,IAAI,GAAG,yBAAyB,CAAC;YACrC,QAAQ;YACR,MAAM,EAAE;gBACN,QAAQ,EAAE,QAAS;gBACnB,YAAY;gBACZ,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,KAAK,EAAE,KAAK,CAAC,KAAK;aACnB;SACF,CAAC,CAAC;QAEH,KAAK,CAAC,kBAAkB,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAElD,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;YACrB,WAAW,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACrC,CAAC;QAED,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;QAC7C,IAAI,cAAc,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC;YACvC,QAAQ;YACR,MAAM,EAAE;gBACN,QAAQ,EAAE,QAAS;gBACnB,YAAY;gBACZ,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,KAAK,EAAE,KAAK,CAAC,KAAK;aACnB;YACD,IAAI,EAAE,cAAc,CAAC,IAAI;YACzB,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU;YAChC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;YAC9D,CAAC,CAAC,SAAS,CAAC;QAEd,KAAK,CAAC,KAAK,CAAC,mBAAmB,CAAC;YAC9B,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,WAAW,EAAE,KAAK,CAAC,YAAY;YAC/B,YAAY,EAAE,KAAK,CAAC,aAAa;YACjC,SAAS,EAAE,KAAK,CAAC,UAAU;YAC3B,SAAS;YACT,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK;YACjC,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,QAAQ;YACR,QAAQ,EAAE,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,EAAE;SACpE,CAAC,CAAC;QAEH,OAAO;YACL,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,WAAW,EAAE,KAAK,CAAC,YAAY;YAC/B,YAAY,EAAE,KAAK,CAAC,aAAa;YACjC,SAAS;YACT,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK;SAClC,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,QAAQ,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,KAGxC;IACC,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,gBAAgB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACjF,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC;QACrC,QAAQ;QACR,MAAM,EAAE;YACN,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,iCAAiC;YAC9C,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB;QACD,YAAY,EAAE,MAAM,CAAC,YAAY;KAClC,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU;QAChC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;QAC9D,CAAC,CAAC,SAAS,CAAC;IACd,KAAK,CAAC,KAAK,CAAC,mBAAmB,CAAC;QAC9B,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,WAAW,EAAE,KAAK,CAAC,YAAY;QAC/B,YAAY,EAAE,KAAK,CAAC,aAAa,IAAI,MAAM,CAAC,YAAY;QACxD,SAAS,EAAE,KAAK,CAAC,UAAU;QAC3B,SAAS;QACT,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK;QAClC,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC,CAAC;IACH,OAAO,KAAK,CAAC,YAAY,CAAC;AAC5B,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,GAAG,GAAG,QAAQ,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAClC,QAAQ,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAClC,UAAU,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE;YACnE,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,QAAQ,EAAE,KAAK,OAAO;SAC9B,CAAC,CAAC;QACH,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,4DAA4D;IAC9D,CAAC;AACH,CAAC"}

package/dist/mcp/oauth.d.ts

@@ -0,0 +1,82 @@
+/**
+ * OAuth 2.0 Authorization Code flow with PKCE for MCP servers.
+ *
+ * MCP-spec OAuth: https://modelcontextprotocol.io/specification/draft/basic/authorization
+ * The MCP server returns 401 with `WWW-Authenticate: Bearer realm="<auth-server-url>"`
+ * pointing to an OAuth 2.0 Authorization Server. Discovery is via
+ * `/.well-known/oauth-authorization-server`.
+ */
+export interface OAuthMetadata {
+    /** Authorization Server endpoint */
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    /** Optional Dynamic Client Registration endpoint (RFC 7591) */
+    registration_endpoint?: string;
+    scopes_supported?: string[];
+    response_types_supported?: string[];
+    grant_types_supported?: string[];
+    code_challenge_methods_supported?: string[];
+}
+export interface OAuthClientConfig {
+    clientId: string;
+    clientSecret?: string;
+    redirectUri: string;
+    scope?: string;
+}
+export interface OAuthAuthorizationRequest {
+    authorizationUrl: string;
+    state: string;
+    codeVerifier: string;
+}
+export interface OAuthTokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in?: number;
+    refresh_token?: string;
+    scope?: string;
+}
+/** Discover OAuth metadata from the Authorization Server. */
+export declare function discoverOAuthMetadata(authServerUrl: string): Promise<OAuthMetadata>;
+/**
+ * Dynamic Client Registration (RFC 7591) — register this client with the
+ * Authorization Server when no static client_id is provided.
+ */
+export declare function registerOAuthClient(input: {
+    registrationEndpoint: string;
+    redirectUri: string;
+    clientName?: string;
+    scope?: string;
+}): Promise<{
+    clientId: string;
+    clientSecret?: string;
+}>;
+/**
+ * Build an authorization URL with PKCE.
+ * Caller must persist `state` and `codeVerifier` and pass them back when
+ * exchanging the code for a token.
+ */
+export declare function buildAuthorizationRequest(input: {
+    metadata: OAuthMetadata;
+    client: OAuthClientConfig;
+}): OAuthAuthorizationRequest;
+/** Exchange the authorization code for an access token using PKCE. */
+export declare function exchangeCodeForToken(input: {
+    metadata: OAuthMetadata;
+    client: OAuthClientConfig;
+    code: string;
+    codeVerifier: string;
+}): Promise<OAuthTokenResponse>;
+/** Refresh an access token using the refresh_token. */
+export declare function refreshAccessToken(input: {
+    metadata: OAuthMetadata;
+    client: OAuthClientConfig;
+    refreshToken: string;
+}): Promise<OAuthTokenResponse>;
+/**
+ * Parse the WWW-Authenticate header from an MCP server 401 response.
+ * Returns the auth server URL ("realm" or "authorization_uri" parameter).
+ */
+export declare function parseWwwAuthenticate(header: string | null): {
+    authServerUrl: string;
+} | undefined;

package/dist/mcp/oauth.js

@@ -0,0 +1,169 @@
+/**
+ * OAuth 2.0 Authorization Code flow with PKCE for MCP servers.
+ *
+ * MCP-spec OAuth: https://modelcontextprotocol.io/specification/draft/basic/authorization
+ * The MCP server returns 401 with `WWW-Authenticate: Bearer realm="<auth-server-url>"`
+ * pointing to an OAuth 2.0 Authorization Server. Discovery is via
+ * `/.well-known/oauth-authorization-server`.
+ */
+import { createHash, randomBytes } from "node:crypto";
+/** Discover OAuth metadata from the Authorization Server. */
+export async function discoverOAuthMetadata(authServerUrl) {
+    const base = authServerUrl.replace(/\/+$/, "");
+    const candidates = [
+        `${base}/.well-known/oauth-authorization-server`,
+        `${base}/.well-known/openid-configuration`
+    ];
+    for (const url of candidates) {
+        try {
+            const response = await fetch(url, { headers: { Accept: "application/json" } });
+            if (!response.ok)
+                continue;
+            const data = await response.json();
+            if (data.authorization_endpoint && data.token_endpoint) {
+                return {
+                    issuer: data.issuer ?? base,
+                    authorization_endpoint: data.authorization_endpoint,
+                    token_endpoint: data.token_endpoint,
+                    registration_endpoint: data.registration_endpoint,
+                    scopes_supported: data.scopes_supported,
+                    response_types_supported: data.response_types_supported,
+                    grant_types_supported: data.grant_types_supported,
+                    code_challenge_methods_supported: data.code_challenge_methods_supported
+                };
+            }
+        }
+        catch {
+            // Try next candidate
+        }
+    }
+    throw new Error(`Could not discover OAuth metadata at ${authServerUrl}`);
+}
+/**
+ * Dynamic Client Registration (RFC 7591) — register this client with the
+ * Authorization Server when no static client_id is provided.
+ */
+export async function registerOAuthClient(input) {
+    const body = {
+        client_name: input.clientName ?? "Magi Next",
+        redirect_uris: [input.redirectUri],
+        grant_types: ["authorization_code", "refresh_token"],
+        response_types: ["code"],
+        token_endpoint_auth_method: "none",
+        scope: input.scope ?? ""
+    };
+    const response = await fetch(input.registrationEndpoint, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", Accept: "application/json" },
+        body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`Dynamic Client Registration failed (${response.status}): ${text.slice(0, 200)}`);
+    }
+    const data = await response.json();
+    if (!data.client_id) {
+        throw new Error("Dynamic Client Registration response missing client_id");
+    }
+    return { clientId: data.client_id, clientSecret: data.client_secret };
+}
+/**
+ * Build an authorization URL with PKCE.
+ * Caller must persist `state` and `codeVerifier` and pass them back when
+ * exchanging the code for a token.
+ */
+export function buildAuthorizationRequest(input) {
+    const codeVerifier = base64UrlEncode(randomBytes(32));
+    const codeChallenge = base64UrlEncode(createHash("sha256").update(codeVerifier).digest());
+    const state = base64UrlEncode(randomBytes(16));
+    const params = new URLSearchParams({
+        response_type: "code",
+        client_id: input.client.clientId,
+        redirect_uri: input.client.redirectUri,
+        state,
+        code_challenge: codeChallenge,
+        code_challenge_method: "S256"
+    });
+    if (input.client.scope) {
+        params.set("scope", input.client.scope);
+    }
+    const authorizationUrl = `${input.metadata.authorization_endpoint}?${params.toString()}`;
+    return { authorizationUrl, state, codeVerifier };
+}
+/** Exchange the authorization code for an access token using PKCE. */
+export async function exchangeCodeForToken(input) {
+    const params = new URLSearchParams({
+        grant_type: "authorization_code",
+        code: input.code,
+        redirect_uri: input.client.redirectUri,
+        client_id: input.client.clientId,
+        code_verifier: input.codeVerifier
+    });
+    if (input.client.clientSecret) {
+        params.set("client_secret", input.client.clientSecret);
+    }
+    return performTokenRequest(input.metadata.token_endpoint, params);
+}
+/** Refresh an access token using the refresh_token. */
+export async function refreshAccessToken(input) {
+    const params = new URLSearchParams({
+        grant_type: "refresh_token",
+        refresh_token: input.refreshToken,
+        client_id: input.client.clientId
+    });
+    if (input.client.clientSecret) {
+        params.set("client_secret", input.client.clientSecret);
+    }
+    return performTokenRequest(input.metadata.token_endpoint, params);
+}
+/**
+ * Parse the WWW-Authenticate header from an MCP server 401 response.
+ * Returns the auth server URL ("realm" or "authorization_uri" parameter).
+ */
+export function parseWwwAuthenticate(header) {
+    if (!header)
+        return undefined;
+    // e.g. Bearer realm="https://auth.example.com", scope="mcp.read"
+    const bearer = /^\s*Bearer\b/i.test(header);
+    if (!bearer)
+        return undefined;
+    const match = /(?:realm|resource|authorization_uri|as_uri)="([^"]+)"/i.exec(header);
+    if (!match)
+        return undefined;
+    try {
+        new URL(match[1]);
+        return { authServerUrl: match[1] };
+    }
+    catch {
+        return undefined;
+    }
+}
+async function performTokenRequest(endpoint, params) {
+    const response = await fetch(endpoint, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+            Accept: "application/json"
+        },
+        body: params.toString()
+    });
+    const text = await response.text();
+    if (!response.ok) {
+        throw new Error(`Token endpoint returned ${response.status}: ${text.slice(0, 200)}`);
+    }
+    let data;
+    try {
+        data = JSON.parse(text);
+    }
+    catch {
+        throw new Error(`Token endpoint returned non-JSON: ${text.slice(0, 200)}`);
+    }
+    if (!data.access_token) {
+        throw new Error("Token endpoint response missing access_token");
+    }
+    return data;
+}
+function base64UrlEncode(buffer) {
+    return buffer.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+//# sourceMappingURL=oauth.js.map

package/dist/mcp/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/mcp/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAoCtD,6DAA6D;AAC7D,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,aAAqB;IAC/D,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG;QACjB,GAAG,IAAI,yCAAyC;QAChD,GAAG,IAAI,mCAAmC;KAC3C,CAAC;IACF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,EAAE,CAAC,CAAC;YAC/E,IAAI,CAAC,QAAQ,CAAC,EAAE;gBAAE,SAAS;YAC3B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA4B,CAAC;YAC7D,IAAI,IAAI,CAAC,sBAAsB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACvD,OAAO;oBACL,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,IAAI;oBAC3B,sBAAsB,EAAE,IAAI,CAAC,sBAAsB;oBACnD,cAAc,EAAE,IAAI,CAAC,cAAc;oBACnC,qBAAqB,EAAE,IAAI,CAAC,qBAAqB;oBACjD,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;oBACvC,wBAAwB,EAAE,IAAI,CAAC,wBAAwB;oBACvD,qBAAqB,EAAE,IAAI,CAAC,qBAAqB;oBACjD,gCAAgC,EAAE,IAAI,CAAC,gCAAgC;iBACxE,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,wCAAwC,aAAa,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,KAKzC;IACC,MAAM,IAAI,GAAG;QACX,WAAW,EAAE,KAAK,CAAC,UAAU,IAAI,WAAW;QAC5C,aAAa,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC;QAClC,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;QACpD,cAAc,EAAE,CAAC,MAAM,CAAC;QACxB,0BAA0B,EAAE,MAAM;QAClC,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,EAAE;KACzB,CAAC;IACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,oBAAoB,EAAE;QACvD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;QAC3E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;KAC3B,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,uCAAuC,QAAQ,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;IACpG,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAoD,CAAC;IACrF,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,EAAE,YAAY,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC;AACxE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CAAC,KAGzC;IACC,MAAM,YAAY,GAAG,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACtD,MAAM,aAAa,GAAG,eAAe,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1F,MAAM,KAAK,GAAG,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,aAAa,EAAE,MAAM;QACrB,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,QAAQ;QAChC,YAAY,EAAE,KAAK,CAAC,MAAM,CAAC,WAAW;QACtC,KAAK;QACL,cAAc,EAAE,aAAa;QAC7B,qBAAqB,EAAE,MAAM;KAC9B,CAAC,CAAC;IACH,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,gBAAgB,GAAG,GAAG,KAAK,CAAC,QAAQ,CAAC,sBAAsB,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IACzF,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;AACnD,CAAC;AAED,sEAAsE;AACtE,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,KAK1C;IACC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,UAAU,EAAE,oBAAoB;QAChC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,YAAY,EAAE,KAAK,CAAC,MAAM,CAAC,WAAW;QACtC,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,QAAQ;QAChC,aAAa,EAAE,KAAK,CAAC,YAAY;KAClC,CAAC,CAAC;IACH,IAAI,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;AACpE,CAAC;AAED,uDAAuD;AACvD,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,KAIxC;IACC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,UAAU,EAAE,eAAe;QAC3B,aAAa,EAAE,KAAK,CAAC,YAAY;QACjC,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,QAAQ;KACjC,CAAC,CAAC;IACH,IAAI,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;AACpE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAqB;IACxD,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAC9B,iEAAiE;IACjE,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAC9B,MAAM,KAAK,GAAG,wDAAwD,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACpF,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAClB,OAAO,EAAE,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,QAAgB,EAAE,MAAuB;IAC1E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;QACrC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;KACxB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,2BAA2B,QAAQ,CAAC,MAAM,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,IAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAuB,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,qCAAqC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,MAAc;IACrC,OAAO,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC9F,CAAC"}

package/dist/mcp/tool-registry.d.ts

@@ -0,0 +1,29 @@
+import { McpServerConfig } from "../config.js";
+import { MagiToolDefinition, MagiToolUsePart } from "../providers/ir.js";
+import { AgentToolResult } from "../agent/tools.js";
+export interface McpToolRegistryInput {
+    servers: Record<string, McpServerConfig>;
+    env?: NodeJS.ProcessEnv;
+    healthCheckIntervalMs?: number;
+    tokenLookup?: (serverName: string) => string | undefined;
+    tokenRefresh?: (serverName: string) => Promise<string | undefined>;
+}
+export declare class McpToolRegistry {
+    private readonly input;
+    private readonly manager;
+    private readonly toolsByName;
+    private discovered;
+    constructor(input: McpToolRegistryInput);
+    getToolDefinitions(): Promise<MagiToolDefinition[]>;
+    hasTool(name: string): boolean;
+    executeTool(input: {
+        toolUse: MagiToolUsePart;
+        approved?: boolean;
+    }): Promise<AgentToolResult>;
+    private listResources;
+    private readResource;
+    close(): void;
+    private discover;
+    private client;
+}
+export declare function toMcpToolName(serverName: string, toolName: string): string;

package/dist/mcp/tool-registry.js

@@ -0,0 +1,207 @@
+import { McpApprovalRequiredError, McpJsonRpcError } from "./client.js";
+import { McpConnectionManager } from "./connection-manager.js";
+export class McpToolRegistry {
+    input;
+    manager;
+    toolsByName = new Map();
+    discovered = false;
+    constructor(input) {
+        this.input = input;
+        this.manager = new McpConnectionManager({
+            servers: input.servers,
+            env: input.env,
+            healthCheckIntervalMs: input.healthCheckIntervalMs ?? 60_000,
+            tokenLookup: input.tokenLookup,
+            tokenRefresh: input.tokenRefresh
+        });
+    }
+    async getToolDefinitions() {
+        await this.discover();
+        return [
+            ...MCP_RESOURCE_TOOLS,
+            ...[...this.toolsByName.entries()].map(([name, record]) => ({
+                name,
+                description: record.tool.description,
+                inputSchema: record.tool.inputSchema ?? { type: "object" }
+            }))
+        ];
+    }
+    hasTool(name) {
+        return name === "ListMcpResources" || name === "ReadMcpResource" || this.toolsByName.has(name);
+    }
+    async executeTool(input) {
+        await this.discover();
+        if (input.toolUse.name === "ListMcpResources") {
+            return this.listResources(input.toolUse);
+        }
+        if (input.toolUse.name === "ReadMcpResource") {
+            return this.readResource(input.toolUse);
+        }
+        const record = this.toolsByName.get(input.toolUse.name);
+        if (!record) {
+            return {
+                toolCallId: input.toolUse.id,
+                toolName: input.toolUse.name,
+                content: `Unknown MCP tool: ${input.toolUse.name}`,
+                isError: true
+            };
+        }
+        const client = await this.client(record.serverName);
+        try {
+            const result = await client.callTool({
+                toolName: record.originalName,
+                params: input.toolUse.input,
+                approved: input.approved
+            });
+            return {
+                toolCallId: input.toolUse.id,
+                toolName: input.toolUse.name,
+                content: formatMcpToolContent(result.content)
+            };
+        }
+        catch (error) {
+            if (error instanceof McpApprovalRequiredError) {
+                return {
+                    toolCallId: input.toolUse.id,
+                    toolName: input.toolUse.name,
+                    content: error.message,
+                    isError: true,
+                    permission: { decision: "ask", reason: error.approval.reason }
+                };
+            }
+            if (error instanceof McpJsonRpcError && error.code === -32042) {
+                return {
+                    toolCallId: input.toolUse.id,
+                    toolName: input.toolUse.name,
+                    content: `MCP auth required for ${record.serverName}/${record.originalName}`,
+                    isError: true,
+                    retryable: true
+                };
+            }
+            return {
+                toolCallId: input.toolUse.id,
+                toolName: input.toolUse.name,
+                content: error instanceof Error ? error.message : String(error),
+                isError: true
+            };
+        }
+    }
+    async listResources(toolUse) {
+        const servers = readOptionalString(toolUse.input.server)
+            ? [readString(toolUse.input.server, "server")]
+            : Object.keys(this.input.servers);
+        const lines = [];
+        for (const serverName of servers) {
+            const client = await this.client(serverName);
+            const resources = await client.listResources();
+            for (const resource of resources) {
+                lines.push([
+                    `${serverName}: ${resource.uri}`,
+                    resource.name ? `name=${resource.name}` : undefined,
+                    resource.mimeType ? `mime=${resource.mimeType}` : undefined,
+                    resource.description ? `description=${resource.description}` : undefined
+                ].filter((part) => Boolean(part)).join(" | "));
+            }
+        }
+        return {
+            toolCallId: toolUse.id,
+            toolName: toolUse.name,
+            content: lines.length === 0 ? "No MCP resources" : lines.join("\n")
+        };
+    }
+    async readResource(toolUse) {
+        const serverName = readString(toolUse.input.server, "server");
+        const uri = readString(toolUse.input.uri, "uri");
+        const client = await this.client(serverName);
+        const result = await client.readResource(uri);
+        return {
+            toolCallId: toolUse.id,
+            toolName: toolUse.name,
+            content: result.contents.length === 0
+                ? `No content for ${uri}`
+                : result.contents.map((content) => [
+                    content.uri ? `uri: ${content.uri}` : undefined,
+                    content.mimeType ? `mime: ${content.mimeType}` : undefined,
+                    content.text ?? content.blob ?? ""
+                ].filter((part) => Boolean(part)).join("\n")).join("\n\n")
+        };
+    }
+    close() {
+        this.manager.disconnectAll();
+    }
+    async discover() {
+        if (this.discovered) {
+            return;
+        }
+        for (const [serverName] of Object.entries(this.input.servers)) {
+            const client = await this.client(serverName);
+            const tools = await client.listTools();
+            for (const tool of tools) {
+                this.toolsByName.set(toMcpToolName(serverName, tool.name), {
+                    serverName,
+                    originalName: tool.name,
+                    tool
+                });
+            }
+        }
+        this.discovered = true;
+    }
+    async client(serverName) {
+        return this.manager.connect(serverName);
+    }
+}
+export function toMcpToolName(serverName, toolName) {
+    return `mcp__${serverName}__${toolName}`;
+}
+const MCP_RESOURCE_TOOLS = [
+    {
+        name: "ListMcpResources",
+        description: "List resources exposed by configured MCP servers.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                server: { type: "string", description: "Optional MCP server name to filter resources." }
+            },
+            additionalProperties: false
+        }
+    },
+    {
+        name: "ReadMcpResource",
+        description: "Read a resource by URI from a configured MCP server.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                server: { type: "string" },
+                uri: { type: "string" }
+            },
+            required: ["server", "uri"],
+            additionalProperties: false
+        }
+    }
+];
+function formatMcpToolContent(value) {
+    if (typeof value === "string") {
+        return value;
+    }
+    if (isRecord(value) && Array.isArray(value.content)) {
+        const text = value.content
+            .filter(isRecord)
+            .map((part) => typeof part.text === "string" ? part.text : JSON.stringify(part))
+            .join("\n");
+        return text || JSON.stringify(value);
+    }
+    return JSON.stringify(value);
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function readString(value, field) {
+    if (typeof value !== "string" || !value.trim()) {
+        throw new Error(`MCP tool input ${field} must be a non-empty string`);
+    }
+    return value;
+}
+function readOptionalString(value) {
+    return typeof value === "string" && value.trim() ? value : undefined;
+}
+//# sourceMappingURL=tool-registry.js.map

package/dist/mcp/tool-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-registry.js","sourceRoot":"","sources":["../../src/mcp/tool-registry.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,wBAAwB,EAAa,eAAe,EAAE,MAAM,aAAa,CAAC;AACnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAW/D,MAAM,OAAO,eAAe;IASG;IARZ,OAAO,CAAuB;IAC9B,WAAW,GAAG,IAAI,GAAG,EAIlC,CAAC;IACG,UAAU,GAAG,KAAK,CAAC;IAE3B,YAA6B,KAA2B;QAA3B,UAAK,GAAL,KAAK,CAAsB;QACtD,IAAI,CAAC,OAAO,GAAG,IAAI,oBAAoB,CAAC;YACtC,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,qBAAqB,EAAE,KAAK,CAAC,qBAAqB,IAAI,MAAM;YAC5D,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;SACjC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACtB,OAAO;YACL,GAAG,kBAAkB;YACrB,GAAG,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC1D,IAAI;gBACJ,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW;gBACpC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE;aAC3D,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,IAAY;QAClB,OAAO,IAAI,KAAK,kBAAkB,IAAI,IAAI,KAAK,iBAAiB,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjG,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAGjB;QACC,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACtB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAC9C,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE;gBAC5B,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI;gBAC5B,OAAO,EAAE,qBAAqB,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE;gBAClD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACpD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC;gBACnC,QAAQ,EAAE,MAAM,CAAC,YAAY;gBAC7B,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK;gBAC3B,QAAQ,EAAE,KAAK,CAAC,QAAQ;aACzB,CAAC,CAAC;YACH,OAAO;gBACL,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE;gBAC5B,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI;gBAC5B,OAAO,EAAE,oBAAoB,CAAC,MAAM,CAAC,OAAO,CAAC;aAC9C,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,wBAAwB,EAAE,CAAC;gBAC9C,OAAO;oBACL,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE;oBAC5B,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI;oBAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,OAAO,EAAE,IAAI;oBACb,UAAU,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE;iBAC/D,CAAC;YACJ,CAAC;YACD,IAAI,KAAK,YAAY,eAAe,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;gBAC9D,OAAO;oBACL,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE;oBAC5B,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI;oBAC5B,OAAO,EAAE,yBAAyB,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,YAAY,EAAE;oBAC5E,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;iBAChB,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE;gBAC5B,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI;gBAC5B,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC/D,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,OAAwB;QAClD,MAAM,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC;YACtD,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC9C,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,MAAM,UAAU,IAAI,OAAO,EAAE,CAAC;YACjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC7C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,aAAa,EAAE,CAAC;YAC/C,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,KAAK,CAAC,IAAI,CAAC;oBACT,GAAG,UAAU,KAAK,QAAQ,CAAC,GAAG,EAAE;oBAChC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;oBACnD,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;oBAC3D,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,eAAe,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;iBACzE,CAAC,MAAM,CAAC,CAAC,IAAI,EAAkB,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;QACD,OAAO;YACL,UAAU,EAAE,OAAO,CAAC,EAAE;YACtB,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,OAAO,EAAE,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;SACpE,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,OAAwB;QACjD,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC9D,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAC9C,OAAO;YACL,UAAU,EAAE,OAAO,CAAC,EAAE;YACtB,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;gBACnC,CAAC,CAAC,kBAAkB,GAAG,EAAE;gBACzB,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAA2B,EAAE,EAAE,CAAC;oBACrD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,SAAS;oBAC/C,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;oBAC1D,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,IAAI,EAAE;iBACnC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAkB,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,KAAK;QACH,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;IAC/B,CAAC;IAEO,KAAK,CAAC,QAAQ;QACpB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO;QACT,CAAC;QACD,KAAK,MAAM,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC7C,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,CAAC;YACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;oBACzD,UAAU;oBACV,YAAY,EAAE,IAAI,CAAC,IAAI;oBACvB,IAAI;iBACL,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACzB,CAAC;IAEO,KAAK,CAAC,MAAM,CAAC,UAAkB;QACrC,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC;CACF;AAED,MAAM,UAAU,aAAa,CAAC,UAAkB,EAAE,QAAgB;IAChE,OAAO,QAAQ,UAAU,KAAK,QAAQ,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,kBAAkB,GAAyB;IAC/C;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,mDAAmD;QAChE,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,+CAA+C,EAAE;aACzF;YACD,oBAAoB,EAAE,KAAK;SAC5B;KACF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,sDAAsD;QACnE,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC1B,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aACxB;YACD,QAAQ,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC;YAC3B,oBAAoB,EAAE,KAAK;SAC5B;KACF;CACF,CAAC;AAEF,SAAS,oBAAoB,CAAC,KAAc;IAC1C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO;aACvB,MAAM,CAAC,QAAQ,CAAC;aAChB,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;aAC/E,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,IAAI,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,UAAU,CAAC,KAAc,EAAE,KAAa;IAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,kBAAkB,KAAK,6BAA6B,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc;IACxC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvE,CAAC"}