npm - @executor-js/plugin-openapi - Versions diffs - 1.4.31 → 1.4.32 - Mend

@executor-js/plugin-openapi 1.4.31 → 1.4.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/{AddOpenApiSource-KSOMPQ2R.js → AddOpenApiSource-NSCULGTM.js} RENAMED Viewed

@@ -5,9 +5,9 @@ import {
   inferOAuthIssuerUrl,
   openApiOAuthConnectionId,
   resolveOAuthUrl
-} from "./chunk-YJMXYKYX.js";
-import "./chunk-ZZBTLFTA.js";
-import "./chunk-EOXXE5DG.js";
+} from "./chunk-2ZKKZYZH.js";
+import "./chunk-X5JX3KTA.js";
+import "./chunk-AN4HJFNP.js";
 export {
   OPENAPI_OAUTH_CALLBACK_PATH,
   OPENAPI_OAUTH_POPUP_NAME,
@@ -16,4 +16,4 @@ export {
   openApiOAuthConnectionId,
   resolveOAuthUrl
 };
-//# sourceMappingURL=AddOpenApiSource-KSOMPQ2R.js.map
+//# sourceMappingURL=AddOpenApiSource-NSCULGTM.js.map

package/dist/{EditOpenApiSource-AOA7APR2.js → EditOpenApiSource-MV7NYTRP.js} RENAMED Viewed

@@ -4,15 +4,15 @@ import {
   OpenApiSourceDetailsFields,
   inferOAuthIssuerUrl,
   resolveOAuthUrl
-} from "./chunk-YJMXYKYX.js";
+} from "./chunk-2ZKKZYZH.js";
 import {
   openApiSourceAtom,
   openApiSourceBindingsAtom
-} from "./chunk-ZZBTLFTA.js";
+} from "./chunk-X5JX3KTA.js";
 import {
   OAuth2SourceConfig,
   oauth2ClientSecretSlot
-} from "./chunk-EOXXE5DG.js";
+} from "./chunk-AN4HJFNP.js";
 // src/react/EditOpenApiSource.tsx
 import { useEffect, useMemo, useRef, useState } from "react";
@@ -771,4 +771,4 @@ function EditOpenApiSource(props) {
 export {
   EditOpenApiSource as default
 };
-//# sourceMappingURL=EditOpenApiSource-AOA7APR2.js.map
+//# sourceMappingURL=EditOpenApiSource-MV7NYTRP.js.map

package/dist/{OpenApiSourceSummary-Y3S6ZBOZ.js → OpenApiSourceSummary-7JBS7PUV.js} RENAMED Viewed

@@ -1,10 +1,10 @@
 import {
   openApiSourceAtom,
   openApiSourceBindingsAtom
-} from "./chunk-ZZBTLFTA.js";
+} from "./chunk-X5JX3KTA.js";
 import {
   oauth2ClientSecretSlot
-} from "./chunk-EOXXE5DG.js";
+} from "./chunk-AN4HJFNP.js";
 // src/react/OpenApiSourceSummary.tsx
 import { useAtomValue } from "@effect/atom-react";
@@ -119,4 +119,4 @@ function OpenApiSourceSummary(props) {
 export {
   OpenApiSourceSummary as default
 };
-//# sourceMappingURL=OpenApiSourceSummary-Y3S6ZBOZ.js.map
+//# sourceMappingURL=OpenApiSourceSummary-7JBS7PUV.js.map

package/dist/{chunk-YJMXYKYX.js → chunk-2ZKKZYZH.js} RENAMED Viewed

@@ -1,7 +1,7 @@
 import {
   addOpenApiSpecOptimistic,
   previewOpenApiSpec
-} from "./chunk-ZZBTLFTA.js";
+} from "./chunk-X5JX3KTA.js";
 import {
   OAuth2SourceConfig,
   expandServerUrlOptions,
@@ -12,7 +12,7 @@ import {
   queryParamBindingSlot,
   specFetchHeaderBindingSlot,
   specFetchQueryParamBindingSlot
-} from "./chunk-EOXXE5DG.js";
+} from "./chunk-AN4HJFNP.js";
 // src/react/AddOpenApiSource.tsx
 import { useCallback, useEffect, useMemo, useRef, useState } from "react";
@@ -1178,4 +1178,4 @@ export {
   inferOAuthIssuerUrl,
   AddOpenApiSource
 };
-//# sourceMappingURL=chunk-YJMXYKYX.js.map
+//# sourceMappingURL=chunk-2ZKKZYZH.js.map

package/dist/{chunk-EOXXE5DG.js → chunk-AN4HJFNP.js} RENAMED Viewed

@@ -26,6 +26,8 @@ var OpenApiOAuthError = class extends Schema.TaggedErrorClass()(
   { httpApiStatus: 400 }
 ) {
 };
+var OpenApiAuthRequiredError = class extends Data.TaggedError("OpenApiAuthRequiredError") {
+};
 // src/sdk/parse.ts
 import { Duration, Effect, Schema as Schema2 } from "effect";
@@ -818,6 +820,7 @@ export {
   OpenApiExtractionError,
   OpenApiInvocationError,
   OpenApiOAuthError,
+  OpenApiAuthRequiredError,
   fetchSpecText,
   resolveSpecText,
   parse,
@@ -862,4 +865,4 @@ export {
   oauth2ClientSecretSlot,
   oauth2ConnectionSlot
 };
-//# sourceMappingURL=chunk-EOXXE5DG.js.map
+//# sourceMappingURL=chunk-AN4HJFNP.js.map

package/dist/chunk-AN4HJFNP.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/sdk/errors.ts","../src/sdk/parse.ts","../src/sdk/openapi-utils.ts","../src/sdk/types.ts","../src/sdk/extract.ts","../src/sdk/preview.ts","../src/sdk/source-contracts.ts"],"sourcesContent":["import { Data, Schema } from \"effect\";\nimport type { Option } from \"effect\";\nimport type { AuthToolFailureCode } from \"@executor-js/sdk/core\";\n\n// HTTP status lives on the class declaration so HttpApiBuilder's error\n// encoder (which reads `ast.annotations` off the schema it stored on\n// `group.addError(...)`) finds it. Applying the annotation post-hoc\n// via `.annotate(...)` in group.ts produced a transform-wrapper AST\n// whose status was not picked up — the error then slipped the typed\n// channel and was captured as a 500 by the observability middleware,\n// spamming Sentry on user misconfig.\nexport class OpenApiParseError extends Schema.TaggedErrorClass<OpenApiParseError>()(\n \"OpenApiParseError\",\n {\n message: Schema.String,\n },\n { httpApiStatus: 400 },\n) {}\n\nexport class OpenApiExtractionError extends Schema.TaggedErrorClass<OpenApiExtractionError>()(\n \"OpenApiExtractionError\",\n {\n message: Schema.String,\n },\n { httpApiStatus: 400 },\n) {}\n\nexport class OpenApiInvocationError extends Data.TaggedError(\"OpenApiInvocationError\")<{\n readonly message: string;\n readonly statusCode: Option.Option<number>;\n readonly cause?: unknown;\n}> {}\n\nexport class OpenApiOAuthError extends Schema.TaggedErrorClass<OpenApiOAuthError>()(\n \"OpenApiOAuthError\",\n {\n message: Schema.String,\n },\n { httpApiStatus: 400 },\n) {}\n\nexport class OpenApiAuthRequiredError extends Data.TaggedError(\"OpenApiAuthRequiredError\")<{\n readonly code: AuthToolFailureCode;\n readonly message: string;\n readonly sourceId: string;\n readonly sourceScope: string;\n readonly credentialKind: \"secret\" | \"connection\" | \"oauth\" | \"upstream\";\n readonly credentialLabel?: string;\n readonly slotKey?: string;\n readonly secretId?: string;\n readonly connectionId?: string;\n readonly status?: number;\n readonly details?: unknown;\n readonly cause?: unknown;\n}> {}\n","import type { OpenAPI, OpenAPIV3, OpenAPIV3_1 } from \"openapi-types\";\nimport { Duration, Effect, Schema } from \"effect\";\nimport { HttpClient, HttpClientRequest } from \"effect/unstable/http\";\nimport YAML from \"yaml\";\n\nimport { OpenApiExtractionError, OpenApiParseError } from \"./errors\";\n\nexport type ParsedDocument = OpenAPIV3.Document | OpenAPIV3_1.Document;\n\nexport interface SpecFetchCredentials {\n readonly headers?: Record<string, string>;\n readonly queryParams?: Record<string, string>;\n}\n\n// ExtractionError subclass raised from parse() for non-3.x specs\nclass OpenApiExtractionErrorFromParse extends OpenApiExtractionError {}\n\n/**\n * Fetch an OpenAPI spec URL and return its body text. Uses the Effect\n * HttpClient so the caller chooses the transport via layer — in Cloudflare\n * Workers, `FetchHttpClient.layer` binds to the Workers-native `fetch`.\n * Bounded by a 60s timeout.\n */\nexport const fetchSpecText = Effect.fn(\"OpenApi.fetchSpecText\")(function* (\n url: string,\n credentials?: SpecFetchCredentials,\n) {\n const client = yield* HttpClient.HttpClient;\n const requestUrl = new URL(url);\n for (const [name, value] of Object.entries(credentials?.queryParams ?? {})) {\n requestUrl.searchParams.set(name, value);\n }\n let request = HttpClientRequest.get(requestUrl.toString()).pipe(\n HttpClientRequest.setHeader(\"Accept\", \"application/json, application/yaml, text/yaml, */*\"),\n );\n for (const [name, value] of Object.entries(credentials?.headers ?? {})) {\n request = HttpClientRequest.setHeader(request, name, value);\n }\n const response = yield* client.execute(request).pipe(\n Effect.timeout(Duration.seconds(60)),\n Effect.mapError(\n (_cause) =>\n new OpenApiParseError({\n message: \"Failed to fetch OpenAPI document\",\n }),\n ),\n );\n if (response.status < 200 || response.status >= 300) {\n return yield* new OpenApiParseError({\n message: `Failed to fetch OpenAPI document: HTTP ${response.status}`,\n });\n }\n return yield* response.text.pipe(\n Effect.mapError(\n (_cause) =>\n new OpenApiParseError({\n message: \"Failed to read OpenAPI document body\",\n }),\n ),\n );\n});\n\n/**\n * Resolve an input string to spec text — if it's a URL, fetch it via\n * HttpClient; otherwise return it as-is.\n */\nexport const resolveSpecText = (input: string, credentials?: SpecFetchCredentials) =>\n input.startsWith(\"http://\") || input.startsWith(\"https://\")\n ? fetchSpecText(input, credentials)\n : Effect.succeed(input);\n\n/**\n * Parse an OpenAPI document from spec text and validate it's OpenAPI 3.x.\n *\n * NOTE: does NOT resolve `$ref`s. `DocResolver` + `normalizeOpenApiRefs`\n * downstream work on refs lazily, so inlining them here would just waste\n * memory — and for big specs (e.g. Cloudflare's API) that blows through\n * the 128MB Cloudflare Workers memory cap.\n */\nexport const parse = Effect.fn(\"OpenApi.parse\")(function* (text: string) {\n const api = yield* parseTextToObject(text);\n\n if (!isOpenApi3(api)) {\n return yield* new OpenApiExtractionErrorFromParse({\n message:\n \"Only OpenAPI 3.x documents are supported. Swagger 2.x documents should be converted first.\",\n });\n }\n\n return api as ParsedDocument;\n});\n\n// ---------------------------------------------------------------------------\n// Internals\n// ---------------------------------------------------------------------------\n\nconst isOpenApi3 = (doc: OpenAPI.Document): doc is OpenAPIV3.Document | OpenAPIV3_1.Document =>\n \"openapi\" in doc && typeof doc.openapi === \"string\" && doc.openapi.startsWith(\"3.\");\n\nconst parseTextToObject = (text: string): Effect.Effect<OpenAPI.Document, OpenApiParseError> =>\n Effect.gen(function* () {\n const trimmed = text.trim();\n if (trimmed.length === 0) {\n return yield* new OpenApiParseError({\n message: \"OpenAPI document is empty\",\n });\n }\n\n const parsed = yield* parseJsonLike(trimmed).pipe(\n Effect.mapError(\n () =>\n new OpenApiParseError({\n message: \"Failed to parse OpenAPI document\",\n }),\n ),\n );\n\n if (typeof parsed !== \"object\" || parsed === null || Array.isArray(parsed)) {\n return yield* new OpenApiParseError({\n message: \"OpenAPI document must parse to an object\",\n });\n }\n\n return parsed as OpenAPI.Document;\n });\n\nconst parseJsonText = Schema.decodeUnknownEffect(Schema.fromJsonString(Schema.Unknown));\n\nconst parseJsonLike = (text: string): Effect.Effect<unknown, unknown> => {\n const parseYaml = Effect.try({\n try: () => YAML.parse(text) as unknown,\n catch: () => \"YamlParseFailed\" as const,\n });\n if (!text.startsWith(\"{\") && !text.startsWith(\"[\")) return parseYaml;\n return parseJsonText(text).pipe(Effect.catch(() => parseYaml));\n};\n","// ---------------------------------------------------------------------------\n// OpenAPI type aliases and $ref resolution\n//\n// Wraps the openapi-types V3/V3_1 union mess and provides clean ref resolution.\n// ---------------------------------------------------------------------------\n\nimport { Option } from \"effect\";\nimport type { OpenAPIV3, OpenAPIV3_1 } from \"openapi-types\";\nimport type { ParsedDocument } from \"./parse\";\nimport type { ServerVariable } from \"./types\";\n\n// ---------------------------------------------------------------------------\n// Type aliases — collapse V3 / V3_1 unions into single names\n// ---------------------------------------------------------------------------\n\nexport type ParameterObject = OpenAPIV3.ParameterObject | OpenAPIV3_1.ParameterObject;\nexport type OperationObject = OpenAPIV3.OperationObject | OpenAPIV3_1.OperationObject;\nexport type PathItemObject = OpenAPIV3.PathItemObject | OpenAPIV3_1.PathItemObject;\nexport type RequestBodyObject = OpenAPIV3.RequestBodyObject | OpenAPIV3_1.RequestBodyObject;\nexport type ResponseObject = OpenAPIV3.ResponseObject | OpenAPIV3_1.ResponseObject;\nexport type MediaTypeObject = OpenAPIV3.MediaTypeObject | OpenAPIV3_1.MediaTypeObject;\n\n// ---------------------------------------------------------------------------\n// DocResolver — wraps a parsed document for clean $ref resolution\n// ---------------------------------------------------------------------------\n\nexport class DocResolver {\n constructor(readonly doc: ParsedDocument) {}\n\n /** Resolve a value that might be a $ref, returning the resolved object */\n resolve<T>(value: T | OpenAPIV3.ReferenceObject | OpenAPIV3_1.ReferenceObject): T | null {\n if (isRef(value)) {\n const resolved = this.resolvePointer(value.$ref);\n return resolved as T | null;\n }\n return value as T;\n }\n\n private resolvePointer(ref: string): unknown {\n if (!ref.startsWith(\"#/\")) return null;\n const segments = ref.slice(2).split(\"/\");\n let current: unknown = this.doc;\n for (const segment of segments) {\n if (typeof current !== \"object\" || current === null) return null;\n current = (current as Record<string, unknown>)[segment];\n }\n return current;\n }\n}\n\nconst isRef = (value: unknown): value is { $ref: string } =>\n typeof value === \"object\" && value !== null && \"$ref\" in value;\n\n// ---------------------------------------------------------------------------\n// Server URL resolution\n// ---------------------------------------------------------------------------\n\n/** Substitute `{var}` placeholders in a templated URL using a plain map. */\nexport const substituteUrlVariables = (url: string, values: Record<string, string>): string => {\n let out = url;\n for (const [name, value] of Object.entries(values)) {\n out = out.replaceAll(`{${name}}`, value);\n }\n return out;\n};\n\nexport const OPENAPI_MAX_SERVER_VARIABLE_OPTIONS = 64;\n\ntype ServerLike = {\n url: string;\n variables: import(\"effect/Option\").Option<Record<string, ServerVariable | string>>;\n};\n\nexport const expandServerUrlOptions = (\n server: ServerLike,\n limit = OPENAPI_MAX_SERVER_VARIABLE_OPTIONS,\n): readonly string[] => {\n if (!Option.isSome(server.variables)) return [server.url];\n let urls: readonly string[] = [server.url];\n for (const [name, variable] of Object.entries(server.variables.value)) {\n const enumValues =\n typeof variable === \"string\" ? [] : Option.getOrElse(variable.enum, () => []);\n const values =\n enumValues.length > 0\n ? enumValues\n : [typeof variable === \"string\" ? variable : variable.default];\n const next: string[] = [];\n for (const url of urls) {\n for (const value of values) {\n next.push(url.replaceAll(`{${name}}`, value));\n if (next.length >= limit) return next;\n }\n }\n urls = next;\n }\n return urls;\n};\n\nexport const resolveBaseUrl = (servers: readonly ServerLike[]): string => {\n const server = servers[0];\n if (!server) return \"\";\n\n if (!Option.isSome(server.variables)) return server.url;\n\n const values: Record<string, string> = {};\n for (const [name, v] of Object.entries(server.variables.value)) {\n values[name] = typeof v === \"string\" ? v : v.default;\n }\n return substituteUrlVariables(server.url, values);\n};\n\n// ---------------------------------------------------------------------------\n// Content negotiation\n// ---------------------------------------------------------------------------\n\n/**\n * Return all declared media entries in spec order. `Object.entries` on a\n * plain object preserves insertion order in modern engines, which matches\n * spec declaration order as the parser produced it.\n */\nexport const declaredContents = (\n content: Record<string, MediaTypeObject> | undefined,\n): ReadonlyArray<{ mediaType: string; media: MediaTypeObject }> => {\n if (!content) return [];\n return Object.entries(content).map(([mediaType, media]) => ({ mediaType, media }));\n};\n\n/**\n * Pick the default media type for a requestBody or response. Matches\n * swagger-client behaviour: **first declared wins** (not JSON-first). Spec\n * authors order content entries to signal intent (upload-heavy endpoints\n * declare multipart first, JSON second); respecting that order avoids\n * silently downgrading a multipart endpoint to JSON.\n *\n * For response bodies we still want a JSON preference because the server\n * picks the response content type, not the client — the old `application/\n * json` preference is preserved via `preferredResponseContent` below.\n */\nexport const preferredContent = (\n content: Record<string, MediaTypeObject> | undefined,\n): { mediaType: string; media: MediaTypeObject } | undefined => {\n const first = declaredContents(content)[0];\n return first ? first : undefined;\n};\n\n/** Response-side content picker — still JSON-first because the server\n * picks the response media type, so we want to advertise a preference. */\nexport const preferredResponseContent = (\n content: Record<string, MediaTypeObject> | undefined,\n): { mediaType: string; media: MediaTypeObject } | undefined => {\n if (!content) return undefined;\n const entries = Object.entries(content);\n const pick =\n entries.find(([mt]) => mt === \"application/json\") ??\n entries.find(([mt]) => mt.toLowerCase().includes(\"+json\")) ??\n entries.find(([mt]) => mt.toLowerCase().includes(\"json\")) ??\n entries[0];\n return pick ? { mediaType: pick[0], media: pick[1] } : undefined;\n};\n","import { Schema } from \"effect\";\nimport { ScopedSecretCredentialInput, SecretBackedValue } from \"@executor-js/sdk/shared\";\nimport {\n OAuth2Flow as HttpOAuth2Flow,\n OAuth2SourceConfig as SharedOAuth2SourceConfig,\n type OAuth2FlowType,\n type OAuth2SourceConfigType,\n} from \"@executor-js/sdk/http-source\";\n\nexport const OAuth2Flow = HttpOAuth2Flow;\nexport type OAuth2Flow = OAuth2FlowType;\nexport const OAuth2SourceConfig = SharedOAuth2SourceConfig;\nexport type OAuth2SourceConfig = OAuth2SourceConfigType;\n\n// ---------------------------------------------------------------------------\n// Branded IDs\n// ---------------------------------------------------------------------------\n\nexport const OperationId = Schema.String.pipe(Schema.brand(\"OperationId\"));\nexport type OperationId = typeof OperationId.Type;\n\n// ---------------------------------------------------------------------------\n// HTTP\n// ---------------------------------------------------------------------------\n\nexport const HttpMethod = Schema.Literals([\n \"get\",\n \"put\",\n \"post\",\n \"delete\",\n \"patch\",\n \"head\",\n \"options\",\n \"trace\",\n]);\nexport type HttpMethod = typeof HttpMethod.Type;\n\nexport const ParameterLocation = Schema.Literals([\"path\", \"query\", \"header\", \"cookie\"]);\nexport type ParameterLocation = typeof ParameterLocation.Type;\n\n// ---------------------------------------------------------------------------\n// Extracted operation\n// ---------------------------------------------------------------------------\n\nexport const OperationParameter = Schema.Struct({\n name: Schema.String,\n location: ParameterLocation,\n required: Schema.Boolean,\n schema: Schema.OptionFromOptional(Schema.Unknown),\n style: Schema.OptionFromOptional(Schema.String),\n explode: Schema.OptionFromOptional(Schema.Boolean),\n allowReserved: Schema.OptionFromOptional(Schema.Boolean),\n description: Schema.OptionFromOptional(Schema.String),\n});\nexport type OperationParameter = typeof OperationParameter.Type;\n\n/**\n * OpenAPI 3.x `Encoding Object` (§4.8.15). Declared per-property inside a\n * multipart/form-data or application/x-www-form-urlencoded request body.\n *\n * - `contentType` — for multipart, overrides the per-part `Content-Type`\n * header (e.g. `application/json` for a JSON-encoded metadata part).\n * - `style` / `explode` / `allowReserved` — for form-urlencoded, control\n * array / object serialization the same way parameter-level style does.\n */\nexport const EncodingObject = Schema.Struct({\n contentType: Schema.OptionFromOptional(Schema.String),\n style: Schema.OptionFromOptional(Schema.String),\n explode: Schema.OptionFromOptional(Schema.Boolean),\n allowReserved: Schema.OptionFromOptional(Schema.Boolean),\n});\nexport type EncodingObject = typeof EncodingObject.Type;\n\nexport const MediaBinding = Schema.Struct({\n contentType: Schema.String,\n schema: Schema.OptionFromOptional(Schema.Unknown),\n encoding: Schema.OptionFromOptional(Schema.Record(Schema.String, EncodingObject)),\n});\nexport type MediaBinding = typeof MediaBinding.Type;\n\nexport const OperationRequestBody = Schema.Struct({\n required: Schema.Boolean,\n /** Default media type — first declared in spec order (not JSON-first).\n * Used when the caller does not override via the tool's `contentType` arg. */\n contentType: Schema.String,\n /** Schema of the default media type. Kept for backward compat with stored\n * bindings from before `contents` was added. */\n schema: Schema.OptionFromOptional(Schema.Unknown),\n /** All declared media types in spec order. Populated by `extract.ts`\n * going forward; older persisted bindings may have this unset and will\n * fall back to `{contentType, schema}`. */\n contents: Schema.OptionFromOptional(Schema.Array(MediaBinding)),\n});\nexport type OperationRequestBody = typeof OperationRequestBody.Type;\n\nexport const ExtractedOperation = Schema.Struct({\n operationId: OperationId,\n method: HttpMethod,\n pathTemplate: Schema.String,\n summary: Schema.OptionFromOptional(Schema.String),\n description: Schema.OptionFromOptional(Schema.String),\n tags: Schema.Array(Schema.String),\n parameters: Schema.Array(OperationParameter),\n requestBody: Schema.OptionFromOptional(OperationRequestBody),\n inputSchema: Schema.OptionFromOptional(Schema.Unknown),\n outputSchema: Schema.OptionFromOptional(Schema.Unknown),\n deprecated: Schema.Boolean,\n});\nexport type ExtractedOperation = typeof ExtractedOperation.Type;\n\nexport const ServerVariable = Schema.Struct({\n default: Schema.String,\n enum: Schema.OptionFromOptional(Schema.Array(Schema.String)),\n description: Schema.OptionFromOptional(Schema.String),\n});\nexport type ServerVariable = typeof ServerVariable.Type;\n\nexport const ServerInfo = Schema.Struct({\n url: Schema.String,\n description: Schema.OptionFromOptional(Schema.String),\n variables: Schema.OptionFromOptional(Schema.Record(Schema.String, ServerVariable)),\n});\nexport type ServerInfo = typeof ServerInfo.Type;\n\nexport const ExtractionResult = Schema.Struct({\n title: Schema.OptionFromOptional(Schema.String),\n version: Schema.OptionFromOptional(Schema.String),\n servers: Schema.Array(ServerInfo),\n operations: Schema.Array(ExtractedOperation),\n});\nexport type ExtractionResult = typeof ExtractionResult.Type;\n\n// ---------------------------------------------------------------------------\n// Operation binding — minimal invocation data (no schemas/metadata)\n// ---------------------------------------------------------------------------\n\nexport const OperationBinding = Schema.Struct({\n method: HttpMethod,\n pathTemplate: Schema.String,\n parameters: Schema.Array(OperationParameter),\n requestBody: Schema.OptionFromOptional(OperationRequestBody),\n});\nexport type OperationBinding = typeof OperationBinding.Type;\n\n// ---------------------------------------------------------------------------\n// Invocation\n// ---------------------------------------------------------------------------\n\n/**\n * A header value — either a static string or a reference to a secret.\n * Stored as JSON-serializable data.\n */\nexport const HeaderValue = SecretBackedValue;\nexport type HeaderValue = typeof HeaderValue.Type;\n\nexport const ConfiguredHeaderBinding = Schema.Struct({\n kind: Schema.Literal(\"binding\"),\n slot: Schema.String,\n prefix: Schema.optional(Schema.String),\n}).annotate({ identifier: \"OpenApiConfiguredHeaderBinding\" });\nexport type ConfiguredHeaderBinding = typeof ConfiguredHeaderBinding.Type;\n\nexport const ConfiguredHeaderValue = Schema.Union([Schema.String, ConfiguredHeaderBinding]);\nexport type ConfiguredHeaderValue = typeof ConfiguredHeaderValue.Type;\n\nexport const OpenApiCredentialInput = Schema.Union([\n ScopedSecretCredentialInput,\n HeaderValue,\n ConfiguredHeaderValue,\n]);\nexport type OpenApiCredentialInput = typeof OpenApiCredentialInput.Type;\n\n// ---------------------------------------------------------------------------\n// OAuth2 source config — carries source-owned slots and API-level config to\n// kick off a fresh sign-in from the source detail UI without needing any\n// one user's live connection to still exist.\n//\n// Split of responsibilities:\n// - The Source owns: the OAuth config (tokenUrl, authorizationUrl,\n// client credential slots, connection slot, scopes, flow,\n// securitySchemeName).\n// Values are a property of the target API, identical for every user\n// signing into this source. Source-owned = reconnect works even if\n// the connection row has been removed.\n// - The Connection owns: live access/refresh tokens, token expiry,\n// provider state the refresh path reads from. The connection's\n// `providerState` caches the refresh-relevant bits of the config\n// so the refresh loop never reaches back into source storage.\n//\n// This is a deliberate small duplication (scopes + tokenUrl and the static\n// client credential ids referenced by slots appear in source bindings and\n// connection providerState). The values are static per source so the two\n// copies can't drift under normal reconnect flows.\n// ---------------------------------------------------------------------------\n\nexport const InvocationResult = Schema.Struct({\n status: Schema.Number,\n headers: Schema.Record(Schema.String, Schema.String),\n data: Schema.NullOr(Schema.Unknown),\n error: Schema.NullOr(Schema.Unknown),\n});\nexport type InvocationResult = typeof InvocationResult.Type;\n","import { Effect, Option } from \"effect\";\n\nimport { OpenApiExtractionError } from \"./errors\";\nimport type { ParsedDocument } from \"./parse\";\nimport {\n declaredContents,\n DocResolver,\n preferredResponseContent,\n type OperationObject,\n type ParameterObject,\n type PathItemObject,\n type RequestBodyObject,\n type ResponseObject,\n} from \"./openapi-utils\";\nimport {\n EncodingObject,\n ExtractedOperation,\n ExtractionResult,\n type HttpMethod,\n MediaBinding,\n OperationId,\n OperationParameter,\n OperationRequestBody,\n type ParameterLocation,\n ServerInfo,\n ServerVariable,\n} from \"./types\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst HTTP_METHODS: readonly HttpMethod[] = [\n \"get\",\n \"put\",\n \"post\",\n \"delete\",\n \"patch\",\n \"head\",\n \"options\",\n \"trace\",\n];\n\nconst VALID_PARAM_LOCATIONS = new Set<string>([\"path\", \"query\", \"header\", \"cookie\"]);\n\n// ---------------------------------------------------------------------------\n// Parameter extraction\n// ---------------------------------------------------------------------------\n\nconst extractParameters = (\n pathItem: PathItemObject,\n operation: OperationObject,\n r: DocResolver,\n): OperationParameter[] => {\n const merged = new Map<string, ParameterObject>();\n\n for (const raw of pathItem.parameters ?? []) {\n const p = r.resolve<ParameterObject>(raw);\n if (!p) continue;\n merged.set(`${p.in}:${p.name}`, p);\n }\n for (const raw of operation.parameters ?? []) {\n const p = r.resolve<ParameterObject>(raw);\n if (!p) continue;\n merged.set(`${p.in}:${p.name}`, p);\n }\n\n return [...merged.values()]\n .filter((p) => VALID_PARAM_LOCATIONS.has(p.in))\n .map((p) =>\n OperationParameter.make({\n name: p.name,\n location: p.in as ParameterLocation,\n required: p.in === \"path\" ? true : p.required === true,\n schema: Option.fromNullishOr(p.schema),\n style: Option.fromNullishOr(p.style),\n explode: Option.fromNullishOr(p.explode),\n allowReserved: Option.fromNullishOr(\"allowReserved\" in p ? p.allowReserved : undefined),\n description: Option.fromNullishOr(p.description),\n }),\n );\n};\n\n// ---------------------------------------------------------------------------\n// Request body extraction\n// ---------------------------------------------------------------------------\n\nconst buildEncodingRecord = (\n encoding: Record<string, unknown> | undefined,\n): Record<string, EncodingObject> | undefined => {\n if (!encoding) return undefined;\n const out: Record<string, EncodingObject> = {};\n for (const [prop, raw] of Object.entries(encoding)) {\n if (typeof raw !== \"object\" || raw === null) continue;\n const e = raw as {\n contentType?: string;\n style?: string;\n explode?: boolean;\n allowReserved?: boolean;\n };\n out[prop] = EncodingObject.make({\n contentType: Option.fromNullishOr(e.contentType),\n style: Option.fromNullishOr(e.style),\n explode: Option.fromNullishOr(e.explode),\n allowReserved: Option.fromNullishOr(e.allowReserved),\n });\n }\n return Object.keys(out).length > 0 ? out : undefined;\n};\n\nconst extractRequestBody = (\n operation: OperationObject,\n r: DocResolver,\n): OperationRequestBody | undefined => {\n if (!operation.requestBody) return undefined;\n\n const body = r.resolve<RequestBodyObject>(operation.requestBody);\n if (!body) return undefined;\n\n const contents = declaredContents(body.content).map(({ mediaType, media }) =>\n MediaBinding.make({\n contentType: mediaType,\n schema: Option.fromNullishOr(media.schema),\n encoding: Option.fromNullishOr(\n buildEncodingRecord((media as { encoding?: Record<string, unknown> }).encoding),\n ),\n }),\n );\n if (contents.length === 0) return undefined;\n\n // Default = first declared (spec author's preferred order). Callers can\n // override at invoke time with a `contentType` arg.\n const defaultContent = contents[0]!;\n\n return OperationRequestBody.make({\n required: body.required === true,\n contentType: defaultContent.contentType,\n schema: defaultContent.schema,\n contents: Option.some(contents),\n });\n};\n\n// ---------------------------------------------------------------------------\n// Response schema extraction\n// ---------------------------------------------------------------------------\n\nconst extractOutputSchema = (operation: OperationObject, r: DocResolver): unknown | undefined => {\n if (!operation.responses) return undefined;\n\n const entries = Object.entries(operation.responses);\n const preferred = [\n ...entries.filter(([s]) => /^2\\d\\d$/.test(s)).sort(([a], [b]) => a.localeCompare(b)),\n ...entries.filter(([s]) => s === \"default\"),\n ];\n\n for (const [, ref] of preferred) {\n const resp = r.resolve<ResponseObject>(ref);\n if (!resp) continue;\n const content = preferredResponseContent(resp.content);\n if (content?.media.schema) return content.media.schema;\n }\n\n return undefined;\n};\n\n// ---------------------------------------------------------------------------\n// Input schema builder\n// ---------------------------------------------------------------------------\n\nconst buildInputSchema = (\n parameters: readonly OperationParameter[],\n requestBody: OperationRequestBody | undefined,\n): Record<string, unknown> | undefined => {\n const properties: Record<string, unknown> = {};\n const required: string[] = [];\n\n for (const param of parameters) {\n properties[param.name] = Option.getOrElse(param.schema, () => ({ type: \"string\" }));\n if (param.required) required.push(param.name);\n }\n\n if (requestBody) {\n properties.body = Option.getOrElse(requestBody.schema, () => ({ type: \"object\" }));\n if (requestBody.required) required.push(\"body\");\n\n // When the spec declares multiple media types for this requestBody,\n // expose `contentType` so the model can pick. Default = first declared.\n // `body` schema tracks the default; the model is responsible for\n // supplying a body shape that matches whichever contentType it picks.\n const contents = Option.getOrUndefined(requestBody.contents);\n if (contents && contents.length > 1) {\n properties.contentType = {\n type: \"string\",\n enum: contents.map((c) => c.contentType),\n default: requestBody.contentType,\n description:\n \"Content-Type for the request body. Declared media types for this operation, in spec order.\",\n };\n }\n }\n\n if (Object.keys(properties).length === 0) return undefined;\n\n return {\n type: \"object\",\n properties,\n ...(required.length > 0 ? { required } : {}),\n additionalProperties: false,\n };\n};\n\n// ---------------------------------------------------------------------------\n// Operation ID derivation\n// ---------------------------------------------------------------------------\n\nconst deriveOperationId = (\n method: HttpMethod,\n pathTemplate: string,\n operation: OperationObject,\n): string =>\n operation.operationId ??\n (`${method}_${pathTemplate.replace(/[^a-zA-Z0-9]+/g, \"_\")}`.replace(/^_+|_+$/g, \"\") ||\n `${method}_operation`);\n\n// ---------------------------------------------------------------------------\n// Server extraction\n// ---------------------------------------------------------------------------\n\nconst extractServers = (doc: ParsedDocument): ServerInfo[] =>\n (doc.servers ?? []).flatMap((server) => {\n if (!server.url) return [];\n const vars = server.variables\n ? Object.fromEntries(\n Object.entries(server.variables).flatMap(([name, v]) => {\n if (v.default === undefined || v.default === null) return [];\n const enumValues = Array.isArray(v.enum)\n ? v.enum.filter((x): x is string => typeof x === \"string\")\n : undefined;\n return [\n [\n name,\n ServerVariable.make({\n default: String(v.default),\n enum:\n enumValues && enumValues.length > 0 ? Option.some(enumValues) : Option.none(),\n description: Option.fromNullishOr(v.description),\n }),\n ],\n ];\n }),\n )\n : undefined;\n return [\n ServerInfo.make({\n url: server.url,\n description: Option.fromNullishOr(server.description),\n variables: vars && Object.keys(vars).length > 0 ? Option.some(vars) : Option.none(),\n }),\n ];\n });\n\n// ---------------------------------------------------------------------------\n// Main extraction\n// ---------------------------------------------------------------------------\n\n/** Extract all operations from a bundled OpenAPI 3.x document */\nexport const extract = Effect.fn(\"OpenApi.extract\")(function* (doc: ParsedDocument) {\n const paths = doc.paths;\n if (!paths) {\n return yield* new OpenApiExtractionError({\n message: \"OpenAPI document has no paths defined\",\n });\n }\n\n const r = new DocResolver(doc);\n const operations: ExtractedOperation[] = [];\n\n for (const [pathTemplate, pathItem] of Object.entries(paths).sort(([a], [b]) =>\n a.localeCompare(b),\n )) {\n if (!pathItem) continue;\n\n for (const method of HTTP_METHODS) {\n const operation = pathItem[method];\n if (!operation) continue;\n\n const parameters = extractParameters(pathItem, operation, r);\n const requestBody = extractRequestBody(operation, r);\n const inputSchema = buildInputSchema(parameters, requestBody);\n const outputSchema = extractOutputSchema(operation, r);\n const tags = (operation.tags ?? []).filter((t) => t.trim().length > 0);\n\n operations.push(\n ExtractedOperation.make({\n operationId: OperationId.make(deriveOperationId(method, pathTemplate, operation)),\n method,\n pathTemplate,\n summary: Option.fromNullishOr(operation.summary),\n description: Option.fromNullishOr(operation.description),\n tags,\n parameters,\n requestBody: Option.fromNullishOr(requestBody),\n inputSchema: Option.fromNullishOr(inputSchema),\n outputSchema: Option.fromNullishOr(outputSchema),\n deprecated: operation.deprecated === true,\n }),\n );\n }\n }\n\n return ExtractionResult.make({\n title: Option.fromNullishOr(doc.info?.title),\n version: Option.fromNullishOr(doc.info?.version),\n servers: extractServers(doc),\n operations,\n });\n});\n","import { Effect, Option, Predicate } from \"effect\";\nimport { Schema } from \"effect\";\n\nimport { parse, resolveSpecText, type ParsedDocument } from \"./parse\";\nimport { extract } from \"./extract\";\nimport { DocResolver } from \"./openapi-utils\";\nimport { HttpMethod, ServerInfo, type ExtractionResult } from \"./types\";\n\n// ---------------------------------------------------------------------------\n// OAuth 2.0 flows — one entry per supported grant type\n// ---------------------------------------------------------------------------\n\n/** Scopes declared by a flow: `{ scopeName: description }` */\nconst OAuth2Scopes = Schema.Record(Schema.String, Schema.String);\nconst SecuritySchemeType = Schema.Literals([\"http\", \"apiKey\", \"oauth2\", \"openIdConnect\"]);\ntype SecuritySchemeType = typeof SecuritySchemeType.Type;\n\nconst decodeSecuritySchemeType = Schema.decodeUnknownOption(SecuritySchemeType);\n\nexport const OAuth2AuthorizationCodeFlow = Schema.Struct({\n authorizationUrl: Schema.String,\n tokenUrl: Schema.String,\n refreshUrl: Schema.OptionFromOptional(Schema.String),\n scopes: OAuth2Scopes,\n});\nexport type OAuth2AuthorizationCodeFlow = typeof OAuth2AuthorizationCodeFlow.Type;\n\nexport const OAuth2ClientCredentialsFlow = Schema.Struct({\n tokenUrl: Schema.String,\n refreshUrl: Schema.OptionFromOptional(Schema.String),\n scopes: OAuth2Scopes,\n});\nexport type OAuth2ClientCredentialsFlow = typeof OAuth2ClientCredentialsFlow.Type;\n\nexport const OAuth2Flows = Schema.Struct({\n authorizationCode: Schema.OptionFromOptional(OAuth2AuthorizationCodeFlow),\n clientCredentials: Schema.OptionFromOptional(OAuth2ClientCredentialsFlow),\n});\nexport type OAuth2Flows = typeof OAuth2Flows.Type;\n\n// ---------------------------------------------------------------------------\n// Security scheme — what the spec declares it needs\n// ---------------------------------------------------------------------------\n\nexport const SecurityScheme = Schema.Struct({\n /** Key name in components.securitySchemes (e.g. \"api_token\") */\n name: Schema.String,\n /** OpenAPI security scheme type */\n type: SecuritySchemeType,\n /** For type: \"http\" — e.g. \"bearer\", \"basic\" */\n scheme: Schema.OptionFromOptional(Schema.String),\n /** For type: \"http\" with scheme \"bearer\" — e.g. \"JWT\" */\n bearerFormat: Schema.OptionFromOptional(Schema.String),\n /** For type: \"apiKey\" — where the key goes */\n in: Schema.OptionFromOptional(Schema.Literals([\"header\", \"query\", \"cookie\"])),\n /** For type: \"apiKey\" — the header/query/cookie name */\n headerName: Schema.OptionFromOptional(Schema.String),\n description: Schema.OptionFromOptional(Schema.String),\n /** For type: \"oauth2\" — declared flows (authorizationCode / clientCredentials only; implicit and password are deprecated). */\n flows: Schema.OptionFromOptional(OAuth2Flows),\n /** For type: \"openIdConnect\" — the discovery URL. */\n openIdConnectUrl: Schema.OptionFromOptional(Schema.String),\n});\nexport type SecurityScheme = typeof SecurityScheme.Type;\n\n// ---------------------------------------------------------------------------\n// Auth strategy — a valid combination of security schemes\n// ---------------------------------------------------------------------------\n\nexport const AuthStrategy = Schema.Struct({\n /** The security schemes required together for this strategy */\n schemes: Schema.Array(Schema.String),\n});\nexport type AuthStrategy = typeof AuthStrategy.Type;\n\n// ---------------------------------------------------------------------------\n// Header preset — derived from an auth strategy\n// ---------------------------------------------------------------------------\n\nexport const HeaderPreset = Schema.Struct({\n /** Human-readable label for the UI (e.g. \"Bearer Token\", \"API Key + Email\") */\n label: Schema.String,\n /** Headers this strategy needs. Value is null when the user must provide it. */\n headers: Schema.Record(Schema.String, Schema.NullOr(Schema.String)),\n /** Which headers should be stored as secrets */\n secretHeaders: Schema.Array(Schema.String),\n});\nexport type HeaderPreset = typeof HeaderPreset.Type;\n\n// ---------------------------------------------------------------------------\n// OAuth2 preset — derived from an oauth2 security scheme + a flow choice\n// ---------------------------------------------------------------------------\n\nexport const OAuth2Preset = Schema.Struct({\n /** Human-readable label for the UI (e.g. \"OAuth2 (Authorization Code) — oauth_app\") */\n label: Schema.String,\n /** The source security scheme this preset came from (components.securitySchemes key). */\n securitySchemeName: Schema.String,\n /** Which OAuth2 flow this preset uses. */\n flow: Schema.Literals([\"authorizationCode\", \"clientCredentials\"]),\n /** For authorizationCode: user-agent redirect URL (from the spec). */\n authorizationUrl: Schema.OptionFromOptional(Schema.String),\n /** Token endpoint to exchange the code / refresh. */\n tokenUrl: Schema.String,\n /** Optional refresh endpoint if the spec declares one separately. */\n refreshUrl: Schema.OptionFromOptional(Schema.String),\n /** Declared scopes for this flow: `{ scope: description }`. */\n scopes: Schema.Record(Schema.String, Schema.String),\n});\nexport type OAuth2Preset = typeof OAuth2Preset.Type;\n\n// ---------------------------------------------------------------------------\n// Preview operation — lightweight shape for the add-source UI list\n// ---------------------------------------------------------------------------\n\nexport const PreviewOperation = Schema.Struct({\n operationId: Schema.String,\n method: HttpMethod,\n path: Schema.String,\n summary: Schema.OptionFromOptional(Schema.String),\n tags: Schema.Array(Schema.String),\n deprecated: Schema.Boolean,\n});\nexport type PreviewOperation = typeof PreviewOperation.Type;\n\n// ---------------------------------------------------------------------------\n// Spec preview — everything the frontend needs\n// ---------------------------------------------------------------------------\n\nexport const SpecPreview = Schema.Struct({\n title: Schema.OptionFromOptional(Schema.String),\n version: Schema.OptionFromOptional(Schema.String),\n /** Reuses ServerInfo from extraction */\n servers: Schema.Array(ServerInfo),\n operationCount: Schema.Number,\n /** Lightweight operation list for the add-source UI */\n operations: Schema.Array(PreviewOperation),\n tags: Schema.Array(Schema.String),\n securitySchemes: Schema.Array(SecurityScheme),\n /** Valid auth strategies (each is a set of schemes used together) */\n authStrategies: Schema.Array(AuthStrategy),\n /** Pre-built header presets derived from auth strategies */\n headerPresets: Schema.Array(HeaderPreset),\n /** OAuth2 presets — one per (oauth2 scheme × supported flow) combination */\n oauth2Presets: Schema.Array(OAuth2Preset),\n});\nexport type SpecPreview = typeof SpecPreview.Type;\n\n// ---------------------------------------------------------------------------\n// Security scheme extraction\n// ---------------------------------------------------------------------------\n\nconst stringRecord = (value: unknown): Record<string, string> => {\n if (!value || typeof value !== \"object\" || Array.isArray(value)) return {};\n const out: Record<string, string> = {};\n for (const [k, v] of Object.entries(value as Record<string, unknown>)) {\n if (typeof v === \"string\") out[k] = v;\n }\n return out;\n};\n\nconst extractFlows = (rawFlows: unknown): Option.Option<OAuth2Flows> => {\n if (!rawFlows || typeof rawFlows !== \"object\") return Option.none();\n const flows = rawFlows as Record<string, unknown>;\n\n const parseFlow = <K extends \"authorizationCode\" | \"clientCredentials\">(key: K): unknown =>\n flows[key];\n\n let authorizationCode: Option.Option<OAuth2AuthorizationCodeFlow> = Option.none();\n const authCodeRaw = parseFlow(\"authorizationCode\");\n if (authCodeRaw && typeof authCodeRaw === \"object\") {\n const f = authCodeRaw as Record<string, unknown>;\n const authUrl = typeof f.authorizationUrl === \"string\" ? f.authorizationUrl : null;\n const tokenUrl = typeof f.tokenUrl === \"string\" ? f.tokenUrl : null;\n if (authUrl && tokenUrl) {\n authorizationCode = Option.some(\n OAuth2AuthorizationCodeFlow.make({\n authorizationUrl: authUrl,\n tokenUrl,\n refreshUrl: Option.fromNullishOr(\n typeof f.refreshUrl === \"string\" ? f.refreshUrl : undefined,\n ),\n scopes: stringRecord(f.scopes),\n }),\n );\n }\n }\n\n let clientCredentials: Option.Option<OAuth2ClientCredentialsFlow> = Option.none();\n const ccRaw = parseFlow(\"clientCredentials\");\n if (ccRaw && typeof ccRaw === \"object\") {\n const f = ccRaw as Record<string, unknown>;\n const tokenUrl = typeof f.tokenUrl === \"string\" ? f.tokenUrl : null;\n if (tokenUrl) {\n clientCredentials = Option.some(\n OAuth2ClientCredentialsFlow.make({\n tokenUrl,\n refreshUrl: Option.fromNullishOr(\n typeof f.refreshUrl === \"string\" ? f.refreshUrl : undefined,\n ),\n scopes: stringRecord(f.scopes),\n }),\n );\n }\n }\n\n if (Option.isNone(authorizationCode) && Option.isNone(clientCredentials)) {\n return Option.none();\n }\n return Option.some(OAuth2Flows.make({ authorizationCode, clientCredentials }));\n};\n\nconst extractSecuritySchemes = (\n rawSchemes: Record<string, unknown>,\n resolver: DocResolver,\n): SecurityScheme[] =>\n Object.entries(rawSchemes).flatMap(([name, schemeOrRef]) => {\n if (!schemeOrRef || typeof schemeOrRef !== \"object\") return [];\n // Resolve $ref so schemes defined via `$ref` aren't silently dropped.\n const resolved = resolver.resolve<Record<string, unknown>>(\n schemeOrRef as Record<string, unknown>,\n );\n if (!resolved || typeof resolved !== \"object\") return [];\n const scheme = resolved;\n\n const type = decodeSecuritySchemeType(scheme.type);\n if (Option.isNone(type)) return [];\n const schemeType = type.value;\n\n return [\n SecurityScheme.make({\n name,\n type: schemeType,\n scheme: Option.fromNullishOr(scheme.scheme as string | undefined),\n bearerFormat: Option.fromNullishOr(scheme.bearerFormat as string | undefined),\n in: Option.fromNullishOr(scheme.in as \"header\" | \"query\" | \"cookie\" | undefined),\n headerName: Option.fromNullishOr(scheme.name as string | undefined),\n description: Option.fromNullishOr(scheme.description as string | undefined),\n flows: schemeType === \"oauth2\" ? extractFlows(scheme.flows) : Option.none(),\n openIdConnectUrl: Option.fromNullishOr(scheme.openIdConnectUrl as string | undefined),\n }),\n ];\n });\n\n// ---------------------------------------------------------------------------\n// Header preset builder\n// ---------------------------------------------------------------------------\n\nconst buildHeaderPresets = (\n schemes: readonly SecurityScheme[],\n strategies: readonly AuthStrategy[],\n): HeaderPreset[] => {\n const schemeMap = new Map(schemes.map((s) => [s.name, s]));\n\n return strategies.flatMap((strategy) => {\n const resolved = strategy.schemes\n .map((name) => schemeMap.get(name))\n .filter(Predicate.isNotUndefined);\n\n if (resolved.length === 0) return [];\n\n const headers: Record<string, string | null> = {};\n const secretHeaders: string[] = [];\n const labelParts: string[] = [];\n\n for (const scheme of resolved) {\n if (scheme.type === \"http\" && Option.getOrElse(scheme.scheme, () => \"\") === \"bearer\") {\n headers[\"Authorization\"] = null;\n secretHeaders.push(\"Authorization\");\n labelParts.push(\"Bearer Token\");\n } else if (scheme.type === \"http\" && Option.getOrElse(scheme.scheme, () => \"\") === \"basic\") {\n headers[\"Authorization\"] = null;\n secretHeaders.push(\"Authorization\");\n labelParts.push(\"Basic Auth\");\n } else if (scheme.type === \"apiKey\" && Option.getOrElse(scheme.in, () => \"\") === \"header\") {\n const headerName = Option.getOrElse(scheme.headerName, () => scheme.name);\n headers[headerName] = null;\n secretHeaders.push(headerName);\n labelParts.push(scheme.name);\n } else if (scheme.type === \"apiKey\") {\n labelParts.push(`${scheme.name} (${Option.getOrElse(scheme.in, () => \"unknown\")})`);\n } else if (scheme.type === \"oauth2\" || scheme.type === \"openIdConnect\") {\n return [];\n } else {\n labelParts.push(scheme.name);\n }\n }\n\n if (Object.keys(headers).length === 0 && resolved.length > 0) {\n return [\n HeaderPreset.make({\n label: labelParts.join(\" + \"),\n headers: {},\n secretHeaders: [],\n }),\n ];\n }\n\n return [\n HeaderPreset.make({\n label: labelParts.join(\" + \"),\n headers,\n secretHeaders,\n }),\n ];\n });\n};\n\n// ---------------------------------------------------------------------------\n// OAuth2 preset builder\n// ---------------------------------------------------------------------------\n\nconst buildOAuth2Presets = (schemes: readonly SecurityScheme[]): OAuth2Preset[] => {\n const presets: OAuth2Preset[] = [];\n for (const scheme of schemes) {\n if (scheme.type !== \"oauth2\") continue;\n if (Option.isNone(scheme.flows)) continue;\n const flows = scheme.flows.value;\n\n if (Option.isSome(flows.authorizationCode)) {\n const flow = flows.authorizationCode.value;\n presets.push(\n OAuth2Preset.make({\n label: `OAuth2 Authorization Code · ${scheme.name}`,\n securitySchemeName: scheme.name,\n flow: \"authorizationCode\",\n authorizationUrl: Option.some(flow.authorizationUrl),\n tokenUrl: flow.tokenUrl,\n refreshUrl: flow.refreshUrl,\n scopes: flow.scopes,\n }),\n );\n }\n\n if (Option.isSome(flows.clientCredentials)) {\n const flow = flows.clientCredentials.value;\n presets.push(\n OAuth2Preset.make({\n label: `OAuth2 Client Credentials · ${scheme.name}`,\n securitySchemeName: scheme.name,\n flow: \"clientCredentials\",\n authorizationUrl: Option.none(),\n tokenUrl: flow.tokenUrl,\n refreshUrl: flow.refreshUrl,\n scopes: flow.scopes,\n }),\n );\n }\n }\n return presets;\n};\n\n// ---------------------------------------------------------------------------\n// Collect unique tags from extraction result\n// ---------------------------------------------------------------------------\n\nconst collectTags = (result: ExtractionResult): string[] => {\n const tagSet = new Set<string>();\n for (const op of result.operations) {\n for (const tag of op.tags) tagSet.add(tag);\n }\n return [...tagSet].sort();\n};\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/** Preview an OpenAPI spec — extract metadata without registering anything.\n * Accepts either a URL or raw JSON/YAML text. */\nexport const previewSpec = Effect.fn(\"OpenApi.previewSpec\")(function* (input: string) {\n const specText = yield* resolveSpecText(input);\n const doc: ParsedDocument = yield* parse(specText);\n const result = yield* extract(doc);\n\n const resolver = new DocResolver(doc);\n const securitySchemes = extractSecuritySchemes(doc.components?.securitySchemes ?? {}, resolver);\n\n const rawSecurity = (doc.security ?? []) as Array<Record<string, unknown>>;\n const declaredStrategies = rawSecurity.map((entry) =>\n AuthStrategy.make({ schemes: Object.keys(entry) }),\n );\n // Fall back to one strategy per scheme when the spec only declares schemes\n // under components (e.g. Sentry) so the user still sees auth options.\n const authStrategies =\n declaredStrategies.length > 0\n ? declaredStrategies\n : securitySchemes.map((scheme) => AuthStrategy.make({ schemes: [scheme.name] }));\n\n return SpecPreview.make({\n title: result.title,\n version: result.version,\n servers: result.servers,\n operationCount: result.operations.length,\n operations: result.operations.map((op) =>\n PreviewOperation.make({\n operationId: op.operationId,\n method: op.method,\n path: op.pathTemplate,\n summary: op.summary,\n tags: op.tags,\n deprecated: op.deprecated,\n }),\n ),\n tags: collectTags(result),\n securitySchemes,\n authStrategies,\n headerPresets: buildHeaderPresets(securitySchemes, authStrategies),\n oauth2Presets: buildOAuth2Presets(securitySchemes),\n });\n});\n","import { Schema } from \"effect\";\n\nimport { ConfiguredHeaderValue, OAuth2SourceConfig } from \"./types\";\n\nexport const StoredSourceSchema = Schema.Struct({\n namespace: Schema.String,\n scope: Schema.String,\n name: Schema.String,\n config: Schema.Struct({\n spec: Schema.optional(Schema.String),\n sourceUrl: Schema.optional(Schema.String),\n baseUrl: Schema.optional(Schema.String),\n namespace: Schema.optional(Schema.String),\n headers: Schema.optional(Schema.Record(Schema.String, ConfiguredHeaderValue)),\n queryParams: Schema.optional(Schema.Record(Schema.String, ConfiguredHeaderValue)),\n specFetchCredentials: Schema.optional(\n Schema.Struct({\n headers: Schema.optional(Schema.Record(Schema.String, ConfiguredHeaderValue)),\n queryParams: Schema.optional(Schema.Record(Schema.String, ConfiguredHeaderValue)),\n }),\n ),\n // Canonical source-owned OAuth config. Concrete client credentials\n // and connection ids live in OpenAPI-owned scoped binding rows.\n oauth2: Schema.optional(OAuth2SourceConfig),\n }),\n}).annotate({ identifier: \"OpenApiStoredSource\" });\nexport type StoredSourceSchema = typeof StoredSourceSchema.Type;\n\nexport type StoredSourceSchemaType = typeof StoredSourceSchema.Type;\n\nconst slugifySlotPart = (value: string): string =>\n value\n .trim()\n .toLowerCase()\n .replace(/[^a-z0-9]+/g, \"-\")\n .replace(/^-+|-+$/g, \"\") || \"default\";\n\nexport const headerBindingSlot = (headerName: string): string =>\n `header:${slugifySlotPart(headerName)}`;\n\nexport const queryParamBindingSlot = (name: string): string =>\n `query_param:${slugifySlotPart(name)}`;\n\nexport const specFetchHeaderBindingSlot = (headerName: string): string =>\n `spec_fetch_header:${slugifySlotPart(headerName)}`;\n\nexport const specFetchQueryParamBindingSlot = (name: string): string =>\n `spec_fetch_query_param:${slugifySlotPart(name)}`;\n\nexport const oauth2ClientIdSlot = (securitySchemeName: string): string =>\n `oauth2:${slugifySlotPart(securitySchemeName)}:client-id`;\n\nexport const oauth2ClientSecretSlot = (securitySchemeName: string): string =>\n `oauth2:${slugifySlotPart(securitySchemeName)}:client-secret`;\n\nexport const oauth2ConnectionSlot = (securitySchemeName: string): string =>\n `oauth2:${slugifySlotPart(securitySchemeName)}:connection`;\n"],"mappings":";AAAA,SAAS,MAAM,cAAc;AAWtB,IAAM,oBAAN,cAAgC,OAAO,iBAAoC;AAAA,EAChF;AAAA,EACA;AAAA,IACE,SAAS,OAAO;AAAA,EAClB;AAAA,EACA,EAAE,eAAe,IAAI;AACvB,EAAE;AAAC;AAEI,IAAM,yBAAN,cAAqC,OAAO,iBAAyC;AAAA,EAC1F;AAAA,EACA;AAAA,IACE,SAAS,OAAO;AAAA,EAClB;AAAA,EACA,EAAE,eAAe,IAAI;AACvB,EAAE;AAAC;AAEI,IAAM,yBAAN,cAAqC,KAAK,YAAY,wBAAwB,EAIlF;AAAC;AAEG,IAAM,oBAAN,cAAgC,OAAO,iBAAoC;AAAA,EAChF;AAAA,EACA;AAAA,IACE,SAAS,OAAO;AAAA,EAClB;AAAA,EACA,EAAE,eAAe,IAAI;AACvB,EAAE;AAAC;AAEI,IAAM,2BAAN,cAAuC,KAAK,YAAY,0BAA0B,EAatF;AAAC;;;ACrDJ,SAAS,UAAU,QAAQ,UAAAA,eAAc;AACzC,SAAS,YAAY,yBAAyB;AAC9C,OAAO,UAAU;AAYjB,IAAM,kCAAN,cAA8C,uBAAuB;AAAC;AAQ/D,IAAM,gBAAgB,OAAO,GAAG,uBAAuB,EAAE,WAC9D,KACA,aACA;AACA,QAAM,SAAS,OAAO,WAAW;AACjC,QAAM,aAAa,IAAI,IAAI,GAAG;AAC9B,aAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,aAAa,eAAe,CAAC,CAAC,GAAG;AAC1E,eAAW,aAAa,IAAI,MAAM,KAAK;AAAA,EACzC;AACA,MAAI,UAAU,kBAAkB,IAAI,WAAW,SAAS,CAAC,EAAE;AAAA,IACzD,kBAAkB,UAAU,UAAU,oDAAoD;AAAA,EAC5F;AACA,aAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,aAAa,WAAW,CAAC,CAAC,GAAG;AACtE,cAAU,kBAAkB,UAAU,SAAS,MAAM,KAAK;AAAA,EAC5D;AACA,QAAM,WAAW,OAAO,OAAO,QAAQ,OAAO,EAAE;AAAA,IAC9C,OAAO,QAAQ,SAAS,QAAQ,EAAE,CAAC;AAAA,IACnC,OAAO;AAAA,MACL,CAAC,WACC,IAAI,kBAAkB;AAAA,QACpB,SAAS;AAAA,MACX,CAAC;AAAA,IACL;AAAA,EACF;AACA,MAAI,SAAS,SAAS,OAAO,SAAS,UAAU,KAAK;AACnD,WAAO,OAAO,IAAI,kBAAkB;AAAA,MAClC,SAAS,0CAA0C,SAAS,MAAM;AAAA,IACpE,CAAC;AAAA,EACH;AACA,SAAO,OAAO,SAAS,KAAK;AAAA,IAC1B,OAAO;AAAA,MACL,CAAC,WACC,IAAI,kBAAkB;AAAA,QACpB,SAAS;AAAA,MACX,CAAC;AAAA,IACL;AAAA,EACF;AACF,CAAC;AAMM,IAAM,kBAAkB,CAAC,OAAe,gBAC7C,MAAM,WAAW,SAAS,KAAK,MAAM,WAAW,UAAU,IACtD,cAAc,OAAO,WAAW,IAChC,OAAO,QAAQ,KAAK;AAUnB,IAAM,QAAQ,OAAO,GAAG,eAAe,EAAE,WAAW,MAAc;AACvE,QAAM,MAAM,OAAO,kBAAkB,IAAI;AAEzC,MAAI,CAAC,WAAW,GAAG,GAAG;AACpB,WAAO,OAAO,IAAI,gCAAgC;AAAA,MAChD,SACE;AAAA,IACJ,CAAC;AAAA,EACH;AAEA,SAAO;AACT,CAAC;AAMD,IAAM,aAAa,CAAC,QAClB,aAAa,OAAO,OAAO,IAAI,YAAY,YAAY,IAAI,QAAQ,WAAW,IAAI;AAEpF,IAAM,oBAAoB,CAAC,SACzB,OAAO,IAAI,aAAa;AACtB,QAAM,UAAU,KAAK,KAAK;AAC1B,MAAI,QAAQ,WAAW,GAAG;AACxB,WAAO,OAAO,IAAI,kBAAkB;AAAA,MAClC,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,OAAO,cAAc,OAAO,EAAE;AAAA,IAC3C,OAAO;AAAA,MACL,MACE,IAAI,kBAAkB;AAAA,QACpB,SAAS;AAAA,MACX,CAAC;AAAA,IACL;AAAA,EACF;AAEA,MAAI,OAAO,WAAW,YAAY,WAAW,QAAQ,MAAM,QAAQ,MAAM,GAAG;AAC1E,WAAO,OAAO,IAAI,kBAAkB;AAAA,MAClC,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,SAAO;AACT,CAAC;AAEH,IAAM,gBAAgBC,QAAO,oBAAoBA,QAAO,eAAeA,QAAO,OAAO,CAAC;AAEtF,IAAM,gBAAgB,CAAC,SAAkD;AACvE,QAAM,YAAY,OAAO,IAAI;AAAA,IAC3B,KAAK,MAAM,KAAK,MAAM,IAAI;AAAA,IAC1B,OAAO,MAAM;AAAA,EACf,CAAC;AACD,MAAI,CAAC,KAAK,WAAW,GAAG,KAAK,CAAC,KAAK,WAAW,GAAG,EAAG,QAAO;AAC3D,SAAO,cAAc,IAAI,EAAE,KAAK,OAAO,MAAM,MAAM,SAAS,CAAC;AAC/D;;;ACjIA,SAAS,cAAc;AAoBhB,IAAM,cAAN,MAAkB;AAAA,EACvB,YAAqB,KAAqB;AAArB;AAAA,EAAsB;AAAA,EAAtB;AAAA;AAAA,EAGrB,QAAW,OAA8E;AACvF,QAAI,MAAM,KAAK,GAAG;AAChB,YAAM,WAAW,KAAK,eAAe,MAAM,IAAI;AAC/C,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,eAAe,KAAsB;AAC3C,QAAI,CAAC,IAAI,WAAW,IAAI,EAAG,QAAO;AAClC,UAAM,WAAW,IAAI,MAAM,CAAC,EAAE,MAAM,GAAG;AACvC,QAAI,UAAmB,KAAK;AAC5B,eAAW,WAAW,UAAU;AAC9B,UAAI,OAAO,YAAY,YAAY,YAAY,KAAM,QAAO;AAC5D,gBAAW,QAAoC,OAAO;AAAA,IACxD;AACA,WAAO;AAAA,EACT;AACF;AAEA,IAAM,QAAQ,CAAC,UACb,OAAO,UAAU,YAAY,UAAU,QAAQ,UAAU;AAOpD,IAAM,yBAAyB,CAAC,KAAa,WAA2C;AAC7F,MAAI,MAAM;AACV,aAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AAClD,UAAM,IAAI,WAAW,IAAI,IAAI,KAAK,KAAK;AAAA,EACzC;AACA,SAAO;AACT;AAEO,IAAM,sCAAsC;AAO5C,IAAM,yBAAyB,CACpC,QACA,QAAQ,wCACc;AACtB,MAAI,CAAC,OAAO,OAAO,OAAO,SAAS,EAAG,QAAO,CAAC,OAAO,GAAG;AACxD,MAAI,OAA0B,CAAC,OAAO,GAAG;AACzC,aAAW,CAAC,MAAM,QAAQ,KAAK,OAAO,QAAQ,OAAO,UAAU,KAAK,GAAG;AACrE,UAAM,aACJ,OAAO,aAAa,WAAW,CAAC,IAAI,OAAO,UAAU,SAAS,MAAM,MAAM,CAAC,CAAC;AAC9E,UAAM,SACJ,WAAW,SAAS,IAChB,aACA,CAAC,OAAO,aAAa,WAAW,WAAW,SAAS,OAAO;AACjE,UAAM,OAAiB,CAAC;AACxB,eAAW,OAAO,MAAM;AACtB,iBAAW,SAAS,QAAQ;AAC1B,aAAK,KAAK,IAAI,WAAW,IAAI,IAAI,KAAK,KAAK,CAAC;AAC5C,YAAI,KAAK,UAAU,MAAO,QAAO;AAAA,MACnC;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,IAAM,iBAAiB,CAAC,YAA2C;AACxE,QAAM,SAAS,QAAQ,CAAC;AACxB,MAAI,CAAC,OAAQ,QAAO;AAEpB,MAAI,CAAC,OAAO,OAAO,OAAO,SAAS,EAAG,QAAO,OAAO;AAEpD,QAAM,SAAiC,CAAC;AACxC,aAAW,CAAC,MAAM,CAAC,KAAK,OAAO,QAAQ,OAAO,UAAU,KAAK,GAAG;AAC9D,WAAO,IAAI,IAAI,OAAO,MAAM,WAAW,IAAI,EAAE;AAAA,EAC/C;AACA,SAAO,uBAAuB,OAAO,KAAK,MAAM;AAClD;AAWO,IAAM,mBAAmB,CAC9B,YACiE;AACjE,MAAI,CAAC,QAAS,QAAO,CAAC;AACtB,SAAO,OAAO,QAAQ,OAAO,EAAE,IAAI,CAAC,CAAC,WAAW,KAAK,OAAO,EAAE,WAAW,MAAM,EAAE;AACnF;AAaO,IAAM,mBAAmB,CAC9B,YAC8D;AAC9D,QAAM,QAAQ,iBAAiB,OAAO,EAAE,CAAC;AACzC,SAAO,QAAQ,QAAQ;AACzB;AAIO,IAAM,2BAA2B,CACtC,YAC8D;AAC9D,MAAI,CAAC,QAAS,QAAO;AACrB,QAAM,UAAU,OAAO,QAAQ,OAAO;AACtC,QAAM,OACJ,QAAQ,KAAK,CAAC,CAAC,EAAE,MAAM,OAAO,kBAAkB,KAChD,QAAQ,KAAK,CAAC,CAAC,EAAE,MAAM,GAAG,YAAY,EAAE,SAAS,OAAO,CAAC,KACzD,QAAQ,KAAK,CAAC,CAAC,EAAE,MAAM,GAAG,YAAY,EAAE,SAAS,MAAM,CAAC,KACxD,QAAQ,CAAC;AACX,SAAO,OAAO,EAAE,WAAW,KAAK,CAAC,GAAG,OAAO,KAAK,CAAC,EAAE,IAAI;AACzD;;;AC9JA,SAAS,UAAAC,eAAc;AACvB,SAAS,6BAA6B,yBAAyB;AAC/D;AAAA,EACE,cAAc;AAAA,EACd,sBAAsB;AAAA,OAGjB;AAIA,IAAM,qBAAqB;AAO3B,IAAM,cAAcC,QAAO,OAAO,KAAKA,QAAO,MAAM,aAAa,CAAC;AAOlE,IAAM,aAAaA,QAAO,SAAS;AAAA,EACxC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAGM,IAAM,oBAAoBA,QAAO,SAAS,CAAC,QAAQ,SAAS,UAAU,QAAQ,CAAC;AAO/E,IAAM,qBAAqBA,QAAO,OAAO;AAAA,EAC9C,MAAMA,QAAO;AAAA,EACb,UAAU;AAAA,EACV,UAAUA,QAAO;AAAA,EACjB,QAAQA,QAAO,mBAAmBA,QAAO,OAAO;AAAA,EAChD,OAAOA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EAC9C,SAASA,QAAO,mBAAmBA,QAAO,OAAO;AAAA,EACjD,eAAeA,QAAO,mBAAmBA,QAAO,OAAO;AAAA,EACvD,aAAaA,QAAO,mBAAmBA,QAAO,MAAM;AACtD,CAAC;AAYM,IAAM,iBAAiBA,QAAO,OAAO;AAAA,EAC1C,aAAaA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EACpD,OAAOA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EAC9C,SAASA,QAAO,mBAAmBA,QAAO,OAAO;AAAA,EACjD,eAAeA,QAAO,mBAAmBA,QAAO,OAAO;AACzD,CAAC;AAGM,IAAM,eAAeA,QAAO,OAAO;AAAA,EACxC,aAAaA,QAAO;AAAA,EACpB,QAAQA,QAAO,mBAAmBA,QAAO,OAAO;AAAA,EAChD,UAAUA,QAAO,mBAAmBA,QAAO,OAAOA,QAAO,QAAQ,cAAc,CAAC;AAClF,CAAC;AAGM,IAAM,uBAAuBA,QAAO,OAAO;AAAA,EAChD,UAAUA,QAAO;AAAA;AAAA;AAAA,EAGjB,aAAaA,QAAO;AAAA;AAAA;AAAA,EAGpB,QAAQA,QAAO,mBAAmBA,QAAO,OAAO;AAAA;AAAA;AAAA;AAAA,EAIhD,UAAUA,QAAO,mBAAmBA,QAAO,MAAM,YAAY,CAAC;AAChE,CAAC;AAGM,IAAM,qBAAqBA,QAAO,OAAO;AAAA,EAC9C,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,cAAcA,QAAO;AAAA,EACrB,SAASA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EAChD,aAAaA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EACpD,MAAMA,QAAO,MAAMA,QAAO,MAAM;AAAA,EAChC,YAAYA,QAAO,MAAM,kBAAkB;AAAA,EAC3C,aAAaA,QAAO,mBAAmB,oBAAoB;AAAA,EAC3D,aAAaA,QAAO,mBAAmBA,QAAO,OAAO;AAAA,EACrD,cAAcA,QAAO,mBAAmBA,QAAO,OAAO;AAAA,EACtD,YAAYA,QAAO;AACrB,CAAC;AAGM,IAAM,iBAAiBA,QAAO,OAAO;AAAA,EAC1C,SAASA,QAAO;AAAA,EAChB,MAAMA,QAAO,mBAAmBA,QAAO,MAAMA,QAAO,MAAM,CAAC;AAAA,EAC3D,aAAaA,QAAO,mBAAmBA,QAAO,MAAM;AACtD,CAAC;AAGM,IAAM,aAAaA,QAAO,OAAO;AAAA,EACtC,KAAKA,QAAO;AAAA,EACZ,aAAaA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EACpD,WAAWA,QAAO,mBAAmBA,QAAO,OAAOA,QAAO,QAAQ,cAAc,CAAC;AACnF,CAAC;AAGM,IAAM,mBAAmBA,QAAO,OAAO;AAAA,EAC5C,OAAOA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EAC9C,SAASA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EAChD,SAASA,QAAO,MAAM,UAAU;AAAA,EAChC,YAAYA,QAAO,MAAM,kBAAkB;AAC7C,CAAC;AAOM,IAAM,mBAAmBA,QAAO,OAAO;AAAA,EAC5C,QAAQ;AAAA,EACR,cAAcA,QAAO;AAAA,EACrB,YAAYA,QAAO,MAAM,kBAAkB;AAAA,EAC3C,aAAaA,QAAO,mBAAmB,oBAAoB;AAC7D,CAAC;AAWM,IAAM,cAAc;AAGpB,IAAM,0BAA0BA,QAAO,OAAO;AAAA,EACnD,MAAMA,QAAO,QAAQ,SAAS;AAAA,EAC9B,MAAMA,QAAO;AAAA,EACb,QAAQA,QAAO,SAASA,QAAO,MAAM;AACvC,CAAC,EAAE,SAAS,EAAE,YAAY,iCAAiC,CAAC;AAGrD,IAAM,wBAAwBA,QAAO,MAAM,CAACA,QAAO,QAAQ,uBAAuB,CAAC;AAGnF,IAAM,yBAAyBA,QAAO,MAAM;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AACF,CAAC;AA0BM,IAAM,mBAAmBA,QAAO,OAAO;AAAA,EAC5C,QAAQA,QAAO;AAAA,EACf,SAASA,QAAO,OAAOA,QAAO,QAAQA,QAAO,MAAM;AAAA,EACnD,MAAMA,QAAO,OAAOA,QAAO,OAAO;AAAA,EAClC,OAAOA,QAAO,OAAOA,QAAO,OAAO;AACrC,CAAC;;;ACxMD,SAAS,UAAAC,SAAQ,UAAAC,eAAc;AAgC/B,IAAM,eAAsC;AAAA,EAC1C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,wBAAwB,oBAAI,IAAY,CAAC,QAAQ,SAAS,UAAU,QAAQ,CAAC;AAMnF,IAAM,oBAAoB,CACxB,UACA,WACA,MACyB;AACzB,QAAM,SAAS,oBAAI,IAA6B;AAEhD,aAAW,OAAO,SAAS,cAAc,CAAC,GAAG;AAC3C,UAAM,IAAI,EAAE,QAAyB,GAAG;AACxC,QAAI,CAAC,EAAG;AACR,WAAO,IAAI,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;AAAA,EACnC;AACA,aAAW,OAAO,UAAU,cAAc,CAAC,GAAG;AAC5C,UAAM,IAAI,EAAE,QAAyB,GAAG;AACxC,QAAI,CAAC,EAAG;AACR,WAAO,IAAI,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;AAAA,EACnC;AAEA,SAAO,CAAC,GAAG,OAAO,OAAO,CAAC,EACvB,OAAO,CAAC,MAAM,sBAAsB,IAAI,EAAE,EAAE,CAAC,EAC7C;AAAA,IAAI,CAAC,MACJ,mBAAmB,KAAK;AAAA,MACtB,MAAM,EAAE;AAAA,MACR,UAAU,EAAE;AAAA,MACZ,UAAU,EAAE,OAAO,SAAS,OAAO,EAAE,aAAa;AAAA,MAClD,QAAQC,QAAO,cAAc,EAAE,MAAM;AAAA,MACrC,OAAOA,QAAO,cAAc,EAAE,KAAK;AAAA,MACnC,SAASA,QAAO,cAAc,EAAE,OAAO;AAAA,MACvC,eAAeA,QAAO,cAAc,mBAAmB,IAAI,EAAE,gBAAgB,MAAS;AAAA,MACtF,aAAaA,QAAO,cAAc,EAAE,WAAW;AAAA,IACjD,CAAC;AAAA,EACH;AACJ;AAMA,IAAM,sBAAsB,CAC1B,aAC+C;AAC/C,MAAI,CAAC,SAAU,QAAO;AACtB,QAAM,MAAsC,CAAC;AAC7C,aAAW,CAAC,MAAM,GAAG,KAAK,OAAO,QAAQ,QAAQ,GAAG;AAClD,QAAI,OAAO,QAAQ,YAAY,QAAQ,KAAM;AAC7C,UAAM,IAAI;AAMV,QAAI,IAAI,IAAI,eAAe,KAAK;AAAA,MAC9B,aAAaA,QAAO,cAAc,EAAE,WAAW;AAAA,MAC/C,OAAOA,QAAO,cAAc,EAAE,KAAK;AAAA,MACnC,SAASA,QAAO,cAAc,EAAE,OAAO;AAAA,MACvC,eAAeA,QAAO,cAAc,EAAE,aAAa;AAAA,IACrD,CAAC;AAAA,EACH;AACA,SAAO,OAAO,KAAK,GAAG,EAAE,SAAS,IAAI,MAAM;AAC7C;AAEA,IAAM,qBAAqB,CACzB,WACA,MACqC;AACrC,MAAI,CAAC,UAAU,YAAa,QAAO;AAEnC,QAAM,OAAO,EAAE,QAA2B,UAAU,WAAW;AAC/D,MAAI,CAAC,KAAM,QAAO;AAElB,QAAM,WAAW,iBAAiB,KAAK,OAAO,EAAE;AAAA,IAAI,CAAC,EAAE,WAAW,MAAM,MACtE,aAAa,KAAK;AAAA,MAChB,aAAa;AAAA,MACb,QAAQA,QAAO,cAAc,MAAM,MAAM;AAAA,MACzC,UAAUA,QAAO;AAAA,QACf,oBAAqB,MAAiD,QAAQ;AAAA,MAChF;AAAA,IACF,CAAC;AAAA,EACH;AACA,MAAI,SAAS,WAAW,EAAG,QAAO;AAIlC,QAAM,iBAAiB,SAAS,CAAC;AAEjC,SAAO,qBAAqB,KAAK;AAAA,IAC/B,UAAU,KAAK,aAAa;AAAA,IAC5B,aAAa,eAAe;AAAA,IAC5B,QAAQ,eAAe;AAAA,IACvB,UAAUA,QAAO,KAAK,QAAQ;AAAA,EAChC,CAAC;AACH;AAMA,IAAM,sBAAsB,CAAC,WAA4B,MAAwC;AAC/F,MAAI,CAAC,UAAU,UAAW,QAAO;AAEjC,QAAM,UAAU,OAAO,QAAQ,UAAU,SAAS;AAClD,QAAM,YAAY;AAAA,IAChB,GAAG,QAAQ,OAAO,CAAC,CAAC,CAAC,MAAM,UAAU,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AAAA,IACnF,GAAG,QAAQ,OAAO,CAAC,CAAC,CAAC,MAAM,MAAM,SAAS;AAAA,EAC5C;AAEA,aAAW,CAAC,EAAE,GAAG,KAAK,WAAW;AAC/B,UAAM,OAAO,EAAE,QAAwB,GAAG;AAC1C,QAAI,CAAC,KAAM;AACX,UAAM,UAAU,yBAAyB,KAAK,OAAO;AACrD,QAAI,SAAS,MAAM,OAAQ,QAAO,QAAQ,MAAM;AAAA,EAClD;AAEA,SAAO;AACT;AAMA,IAAM,mBAAmB,CACvB,YACA,gBACwC;AACxC,QAAM,aAAsC,CAAC;AAC7C,QAAM,WAAqB,CAAC;AAE5B,aAAW,SAAS,YAAY;AAC9B,eAAW,MAAM,IAAI,IAAIA,QAAO,UAAU,MAAM,QAAQ,OAAO,EAAE,MAAM,SAAS,EAAE;AAClF,QAAI,MAAM,SAAU,UAAS,KAAK,MAAM,IAAI;AAAA,EAC9C;AAEA,MAAI,aAAa;AACf,eAAW,OAAOA,QAAO,UAAU,YAAY,QAAQ,OAAO,EAAE,MAAM,SAAS,EAAE;AACjF,QAAI,YAAY,SAAU,UAAS,KAAK,MAAM;AAM9C,UAAM,WAAWA,QAAO,eAAe,YAAY,QAAQ;AAC3D,QAAI,YAAY,SAAS,SAAS,GAAG;AACnC,iBAAW,cAAc;AAAA,QACvB,MAAM;AAAA,QACN,MAAM,SAAS,IAAI,CAAC,MAAM,EAAE,WAAW;AAAA,QACvC,SAAS,YAAY;AAAA,QACrB,aACE;AAAA,MACJ;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,KAAK,UAAU,EAAE,WAAW,EAAG,QAAO;AAEjD,SAAO;AAAA,IACL,MAAM;AAAA,IACN;AAAA,IACA,GAAI,SAAS,SAAS,IAAI,EAAE,SAAS,IAAI,CAAC;AAAA,IAC1C,sBAAsB;AAAA,EACxB;AACF;AAMA,IAAM,oBAAoB,CACxB,QACA,cACA,cAEA,UAAU,gBACT,GAAG,MAAM,IAAI,aAAa,QAAQ,kBAAkB,GAAG,CAAC,GAAG,QAAQ,YAAY,EAAE,KAChF,GAAG,MAAM;AAMb,IAAM,iBAAiB,CAAC,SACrB,IAAI,WAAW,CAAC,GAAG,QAAQ,CAAC,WAAW;AACtC,MAAI,CAAC,OAAO,IAAK,QAAO,CAAC;AACzB,QAAM,OAAO,OAAO,YAChB,OAAO;AAAA,IACL,OAAO,QAAQ,OAAO,SAAS,EAAE,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM;AACtD,UAAI,EAAE,YAAY,UAAa,EAAE,YAAY,KAAM,QAAO,CAAC;AAC3D,YAAM,aAAa,MAAM,QAAQ,EAAE,IAAI,IACnC,EAAE,KAAK,OAAO,CAAC,MAAmB,OAAO,MAAM,QAAQ,IACvD;AACJ,aAAO;AAAA,QACL;AAAA,UACE;AAAA,UACA,eAAe,KAAK;AAAA,YAClB,SAAS,OAAO,EAAE,OAAO;AAAA,YACzB,MACE,cAAc,WAAW,SAAS,IAAIA,QAAO,KAAK,UAAU,IAAIA,QAAO,KAAK;AAAA,YAC9E,aAAaA,QAAO,cAAc,EAAE,WAAW;AAAA,UACjD,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH,IACA;AACJ,SAAO;AAAA,IACL,WAAW,KAAK;AAAA,MACd,KAAK,OAAO;AAAA,MACZ,aAAaA,QAAO,cAAc,OAAO,WAAW;AAAA,MACpD,WAAW,QAAQ,OAAO,KAAK,IAAI,EAAE,SAAS,IAAIA,QAAO,KAAK,IAAI,IAAIA,QAAO,KAAK;AAAA,IACpF,CAAC;AAAA,EACH;AACF,CAAC;AAOI,IAAM,UAAUC,QAAO,GAAG,iBAAiB,EAAE,WAAW,KAAqB;AAClF,QAAM,QAAQ,IAAI;AAClB,MAAI,CAAC,OAAO;AACV,WAAO,OAAO,IAAI,uBAAuB;AAAA,MACvC,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,QAAM,IAAI,IAAI,YAAY,GAAG;AAC7B,QAAM,aAAmC,CAAC;AAE1C,aAAW,CAAC,cAAc,QAAQ,KAAK,OAAO,QAAQ,KAAK,EAAE;AAAA,IAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MACxE,EAAE,cAAc,CAAC;AAAA,EACnB,GAAG;AACD,QAAI,CAAC,SAAU;AAEf,eAAW,UAAU,cAAc;AACjC,YAAM,YAAY,SAAS,MAAM;AACjC,UAAI,CAAC,UAAW;AAEhB,YAAM,aAAa,kBAAkB,UAAU,WAAW,CAAC;AAC3D,YAAM,cAAc,mBAAmB,WAAW,CAAC;AACnD,YAAM,cAAc,iBAAiB,YAAY,WAAW;AAC5D,YAAM,eAAe,oBAAoB,WAAW,CAAC;AACrD,YAAM,QAAQ,UAAU,QAAQ,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;AAErE,iBAAW;AAAA,QACT,mBAAmB,KAAK;AAAA,UACtB,aAAa,YAAY,KAAK,kBAAkB,QAAQ,cAAc,SAAS,CAAC;AAAA,UAChF;AAAA,UACA;AAAA,UACA,SAASD,QAAO,cAAc,UAAU,OAAO;AAAA,UAC/C,aAAaA,QAAO,cAAc,UAAU,WAAW;AAAA,UACvD;AAAA,UACA;AAAA,UACA,aAAaA,QAAO,cAAc,WAAW;AAAA,UAC7C,aAAaA,QAAO,cAAc,WAAW;AAAA,UAC7C,cAAcA,QAAO,cAAc,YAAY;AAAA,UAC/C,YAAY,UAAU,eAAe;AAAA,QACvC,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,SAAO,iBAAiB,KAAK;AAAA,IAC3B,OAAOA,QAAO,cAAc,IAAI,MAAM,KAAK;AAAA,IAC3C,SAASA,QAAO,cAAc,IAAI,MAAM,OAAO;AAAA,IAC/C,SAAS,eAAe,GAAG;AAAA,IAC3B;AAAA,EACF,CAAC;AACH,CAAC;;;AC5TD,SAAS,UAAAE,SAAQ,UAAAC,SAAQ,iBAAiB;AAC1C,SAAS,UAAAC,eAAc;AAYvB,IAAM,eAAeC,QAAO,OAAOA,QAAO,QAAQA,QAAO,MAAM;AAC/D,IAAM,qBAAqBA,QAAO,SAAS,CAAC,QAAQ,UAAU,UAAU,eAAe,CAAC;AAGxF,IAAM,2BAA2BA,QAAO,oBAAoB,kBAAkB;AAEvE,IAAM,8BAA8BA,QAAO,OAAO;AAAA,EACvD,kBAAkBA,QAAO;AAAA,EACzB,UAAUA,QAAO;AAAA,EACjB,YAAYA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EACnD,QAAQ;AACV,CAAC;AAGM,IAAM,8BAA8BA,QAAO,OAAO;AAAA,EACvD,UAAUA,QAAO;AAAA,EACjB,YAAYA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EACnD,QAAQ;AACV,CAAC;AAGM,IAAM,cAAcA,QAAO,OAAO;AAAA,EACvC,mBAAmBA,QAAO,mBAAmB,2BAA2B;AAAA,EACxE,mBAAmBA,QAAO,mBAAmB,2BAA2B;AAC1E,CAAC;AAOM,IAAM,iBAAiBA,QAAO,OAAO;AAAA;AAAA,EAE1C,MAAMA,QAAO;AAAA;AAAA,EAEb,MAAM;AAAA;AAAA,EAEN,QAAQA,QAAO,mBAAmBA,QAAO,MAAM;AAAA;AAAA,EAE/C,cAAcA,QAAO,mBAAmBA,QAAO,MAAM;AAAA;AAAA,EAErD,IAAIA,QAAO,mBAAmBA,QAAO,SAAS,CAAC,UAAU,SAAS,QAAQ,CAAC,CAAC;AAAA;AAAA,EAE5E,YAAYA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EACnD,aAAaA,QAAO,mBAAmBA,QAAO,MAAM;AAAA;AAAA,EAEpD,OAAOA,QAAO,mBAAmB,WAAW;AAAA;AAAA,EAE5C,kBAAkBA,QAAO,mBAAmBA,QAAO,MAAM;AAC3D,CAAC;AAOM,IAAM,eAAeA,QAAO,OAAO;AAAA;AAAA,EAExC,SAASA,QAAO,MAAMA,QAAO,MAAM;AACrC,CAAC;AAOM,IAAM,eAAeA,QAAO,OAAO;AAAA;AAAA,EAExC,OAAOA,QAAO;AAAA;AAAA,EAEd,SAASA,QAAO,OAAOA,QAAO,QAAQA,QAAO,OAAOA,QAAO,MAAM,CAAC;AAAA;AAAA,EAElE,eAAeA,QAAO,MAAMA,QAAO,MAAM;AAC3C,CAAC;AAOM,IAAM,eAAeA,QAAO,OAAO;AAAA;AAAA,EAExC,OAAOA,QAAO;AAAA;AAAA,EAEd,oBAAoBA,QAAO;AAAA;AAAA,EAE3B,MAAMA,QAAO,SAAS,CAAC,qBAAqB,mBAAmB,CAAC;AAAA;AAAA,EAEhE,kBAAkBA,QAAO,mBAAmBA,QAAO,MAAM;AAAA;AAAA,EAEzD,UAAUA,QAAO;AAAA;AAAA,EAEjB,YAAYA,QAAO,mBAAmBA,QAAO,MAAM;AAAA;AAAA,EAEnD,QAAQA,QAAO,OAAOA,QAAO,QAAQA,QAAO,MAAM;AACpD,CAAC;AAOM,IAAM,mBAAmBA,QAAO,OAAO;AAAA,EAC5C,aAAaA,QAAO;AAAA,EACpB,QAAQ;AAAA,EACR,MAAMA,QAAO;AAAA,EACb,SAASA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EAChD,MAAMA,QAAO,MAAMA,QAAO,MAAM;AAAA,EAChC,YAAYA,QAAO;AACrB,CAAC;AAOM,IAAM,cAAcA,QAAO,OAAO;AAAA,EACvC,OAAOA,QAAO,mBAAmBA,QAAO,MAAM;AAAA,EAC9C,SAASA,QAAO,mBAAmBA,QAAO,MAAM;AAAA;AAAA,EAEhD,SAASA,QAAO,MAAM,UAAU;AAAA,EAChC,gBAAgBA,QAAO;AAAA;AAAA,EAEvB,YAAYA,QAAO,MAAM,gBAAgB;AAAA,EACzC,MAAMA,QAAO,MAAMA,QAAO,MAAM;AAAA,EAChC,iBAAiBA,QAAO,MAAM,cAAc;AAAA;AAAA,EAE5C,gBAAgBA,QAAO,MAAM,YAAY;AAAA;AAAA,EAEzC,eAAeA,QAAO,MAAM,YAAY;AAAA;AAAA,EAExC,eAAeA,QAAO,MAAM,YAAY;AAC1C,CAAC;AAOD,IAAM,eAAe,CAAC,UAA2C;AAC/D,MAAI,CAAC,SAAS,OAAO,UAAU,YAAY,MAAM,QAAQ,KAAK,EAAG,QAAO,CAAC;AACzE,QAAM,MAA8B,CAAC;AACrC,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAgC,GAAG;AACrE,QAAI,OAAO,MAAM,SAAU,KAAI,CAAC,IAAI;AAAA,EACtC;AACA,SAAO;AACT;AAEA,IAAM,eAAe,CAAC,aAAkD;AACtE,MAAI,CAAC,YAAY,OAAO,aAAa,SAAU,QAAOC,QAAO,KAAK;AAClE,QAAM,QAAQ;AAEd,QAAM,YAAY,CAAsD,QACtE,MAAM,GAAG;AAEX,MAAI,oBAAgEA,QAAO,KAAK;AAChF,QAAM,cAAc,UAAU,mBAAmB;AACjD,MAAI,eAAe,OAAO,gBAAgB,UAAU;AAClD,UAAM,IAAI;AACV,UAAM,UAAU,OAAO,EAAE,qBAAqB,WAAW,EAAE,mBAAmB;AAC9E,UAAM,WAAW,OAAO,EAAE,aAAa,WAAW,EAAE,WAAW;AAC/D,QAAI,WAAW,UAAU;AACvB,0BAAoBA,QAAO;AAAA,QACzB,4BAA4B,KAAK;AAAA,UAC/B,kBAAkB;AAAA,UAClB;AAAA,UACA,YAAYA,QAAO;AAAA,YACjB,OAAO,EAAE,eAAe,WAAW,EAAE,aAAa;AAAA,UACpD;AAAA,UACA,QAAQ,aAAa,EAAE,MAAM;AAAA,QAC/B,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,MAAI,oBAAgEA,QAAO,KAAK;AAChF,QAAM,QAAQ,UAAU,mBAAmB;AAC3C,MAAI,SAAS,OAAO,UAAU,UAAU;AACtC,UAAM,IAAI;AACV,UAAM,WAAW,OAAO,EAAE,aAAa,WAAW,EAAE,WAAW;AAC/D,QAAI,UAAU;AACZ,0BAAoBA,QAAO;AAAA,QACzB,4BAA4B,KAAK;AAAA,UAC/B;AAAA,UACA,YAAYA,QAAO;AAAA,YACjB,OAAO,EAAE,eAAe,WAAW,EAAE,aAAa;AAAA,UACpD;AAAA,UACA,QAAQ,aAAa,EAAE,MAAM;AAAA,QAC/B,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,MAAIA,QAAO,OAAO,iBAAiB,KAAKA,QAAO,OAAO,iBAAiB,GAAG;AACxE,WAAOA,QAAO,KAAK;AAAA,EACrB;AACA,SAAOA,QAAO,KAAK,YAAY,KAAK,EAAE,mBAAmB,kBAAkB,CAAC,CAAC;AAC/E;AAEA,IAAM,yBAAyB,CAC7B,YACA,aAEA,OAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,MAAM,WAAW,MAAM;AAC1D,MAAI,CAAC,eAAe,OAAO,gBAAgB,SAAU,QAAO,CAAC;AAE7D,QAAM,WAAW,SAAS;AAAA,IACxB;AAAA,EACF;AACA,MAAI,CAAC,YAAY,OAAO,aAAa,SAAU,QAAO,CAAC;AACvD,QAAM,SAAS;AAEf,QAAM,OAAO,yBAAyB,OAAO,IAAI;AACjD,MAAIA,QAAO,OAAO,IAAI,EAAG,QAAO,CAAC;AACjC,QAAM,aAAa,KAAK;AAExB,SAAO;AAAA,IACL,eAAe,KAAK;AAAA,MAClB;AAAA,MACA,MAAM;AAAA,MACN,QAAQA,QAAO,cAAc,OAAO,MAA4B;AAAA,MAChE,cAAcA,QAAO,cAAc,OAAO,YAAkC;AAAA,MAC5E,IAAIA,QAAO,cAAc,OAAO,EAA+C;AAAA,MAC/E,YAAYA,QAAO,cAAc,OAAO,IAA0B;AAAA,MAClE,aAAaA,QAAO,cAAc,OAAO,WAAiC;AAAA,MAC1E,OAAO,eAAe,WAAW,aAAa,OAAO,KAAK,IAAIA,QAAO,KAAK;AAAA,MAC1E,kBAAkBA,QAAO,cAAc,OAAO,gBAAsC;AAAA,IACtF,CAAC;AAAA,EACH;AACF,CAAC;AAMH,IAAM,qBAAqB,CACzB,SACA,eACmB;AACnB,QAAM,YAAY,IAAI,IAAI,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AAEzD,SAAO,WAAW,QAAQ,CAAC,aAAa;AACtC,UAAM,WAAW,SAAS,QACvB,IAAI,CAAC,SAAS,UAAU,IAAI,IAAI,CAAC,EACjC,OAAO,UAAU,cAAc;AAElC,QAAI,SAAS,WAAW,EAAG,QAAO,CAAC;AAEnC,UAAM,UAAyC,CAAC;AAChD,UAAM,gBAA0B,CAAC;AACjC,UAAM,aAAuB,CAAC;AAE9B,eAAW,UAAU,UAAU;AAC7B,UAAI,OAAO,SAAS,UAAUA,QAAO,UAAU,OAAO,QAAQ,MAAM,EAAE,MAAM,UAAU;AACpF,gBAAQ,eAAe,IAAI;AAC3B,sBAAc,KAAK,eAAe;AAClC,mBAAW,KAAK,cAAc;AAAA,MAChC,WAAW,OAAO,SAAS,UAAUA,QAAO,UAAU,OAAO,QAAQ,MAAM,EAAE,MAAM,SAAS;AAC1F,gBAAQ,eAAe,IAAI;AAC3B,sBAAc,KAAK,eAAe;AAClC,mBAAW,KAAK,YAAY;AAAA,MAC9B,WAAW,OAAO,SAAS,YAAYA,QAAO,UAAU,OAAO,IAAI,MAAM,EAAE,MAAM,UAAU;AACzF,cAAM,aAAaA,QAAO,UAAU,OAAO,YAAY,MAAM,OAAO,IAAI;AACxE,gBAAQ,UAAU,IAAI;AACtB,sBAAc,KAAK,UAAU;AAC7B,mBAAW,KAAK,OAAO,IAAI;AAAA,MAC7B,WAAW,OAAO,SAAS,UAAU;AACnC,mBAAW,KAAK,GAAG,OAAO,IAAI,KAAKA,QAAO,UAAU,OAAO,IAAI,MAAM,SAAS,CAAC,GAAG;AAAA,MACpF,WAAW,OAAO,SAAS,YAAY,OAAO,SAAS,iBAAiB;AACtE,eAAO,CAAC;AAAA,MACV,OAAO;AACL,mBAAW,KAAK,OAAO,IAAI;AAAA,MAC7B;AAAA,IACF;AAEA,QAAI,OAAO,KAAK,OAAO,EAAE,WAAW,KAAK,SAAS,SAAS,GAAG;AAC5D,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,UAChB,OAAO,WAAW,KAAK,KAAK;AAAA,UAC5B,SAAS,CAAC;AAAA,UACV,eAAe,CAAC;AAAA,QAClB,CAAC;AAAA,MACH;AAAA,IACF;AAEA,WAAO;AAAA,MACL,aAAa,KAAK;AAAA,QAChB,OAAO,WAAW,KAAK,KAAK;AAAA,QAC5B;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF,CAAC;AACH;AAMA,IAAM,qBAAqB,CAAC,YAAuD;AACjF,QAAM,UAA0B,CAAC;AACjC,aAAW,UAAU,SAAS;AAC5B,QAAI,OAAO,SAAS,SAAU;AAC9B,QAAIA,QAAO,OAAO,OAAO,KAAK,EAAG;AACjC,UAAM,QAAQ,OAAO,MAAM;AAE3B,QAAIA,QAAO,OAAO,MAAM,iBAAiB,GAAG;AAC1C,YAAM,OAAO,MAAM,kBAAkB;AACrC,cAAQ;AAAA,QACN,aAAa,KAAK;AAAA,UAChB,OAAO,kCAA+B,OAAO,IAAI;AAAA,UACjD,oBAAoB,OAAO;AAAA,UAC3B,MAAM;AAAA,UACN,kBAAkBA,QAAO,KAAK,KAAK,gBAAgB;AAAA,UACnD,UAAU,KAAK;AAAA,UACf,YAAY,KAAK;AAAA,UACjB,QAAQ,KAAK;AAAA,QACf,CAAC;AAAA,MACH;AAAA,IACF;AAEA,QAAIA,QAAO,OAAO,MAAM,iBAAiB,GAAG;AAC1C,YAAM,OAAO,MAAM,kBAAkB;AACrC,cAAQ;AAAA,QACN,aAAa,KAAK;AAAA,UAChB,OAAO,kCAA+B,OAAO,IAAI;AAAA,UACjD,oBAAoB,OAAO;AAAA,UAC3B,MAAM;AAAA,UACN,kBAAkBA,QAAO,KAAK;AAAA,UAC9B,UAAU,KAAK;AAAA,UACf,YAAY,KAAK;AAAA,UACjB,QAAQ,KAAK;AAAA,QACf,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAMA,IAAM,cAAc,CAAC,WAAuC;AAC1D,QAAM,SAAS,oBAAI,IAAY;AAC/B,aAAW,MAAM,OAAO,YAAY;AAClC,eAAW,OAAO,GAAG,KAAM,QAAO,IAAI,GAAG;AAAA,EAC3C;AACA,SAAO,CAAC,GAAG,MAAM,EAAE,KAAK;AAC1B;AAQO,IAAM,cAAcC,QAAO,GAAG,qBAAqB,EAAE,WAAW,OAAe;AACpF,QAAM,WAAW,OAAO,gBAAgB,KAAK;AAC7C,QAAM,MAAsB,OAAO,MAAM,QAAQ;AACjD,QAAM,SAAS,OAAO,QAAQ,GAAG;AAEjC,QAAM,WAAW,IAAI,YAAY,GAAG;AACpC,QAAM,kBAAkB,uBAAuB,IAAI,YAAY,mBAAmB,CAAC,GAAG,QAAQ;AAE9F,QAAM,cAAe,IAAI,YAAY,CAAC;AACtC,QAAM,qBAAqB,YAAY;AAAA,IAAI,CAAC,UAC1C,aAAa,KAAK,EAAE,SAAS,OAAO,KAAK,KAAK,EAAE,CAAC;AAAA,EACnD;AAGA,QAAM,iBACJ,mBAAmB,SAAS,IACxB,qBACA,gBAAgB,IAAI,CAAC,WAAW,aAAa,KAAK,EAAE,SAAS,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;AAEnF,SAAO,YAAY,KAAK;AAAA,IACtB,OAAO,OAAO;AAAA,IACd,SAAS,OAAO;AAAA,IAChB,SAAS,OAAO;AAAA,IAChB,gBAAgB,OAAO,WAAW;AAAA,IAClC,YAAY,OAAO,WAAW;AAAA,MAAI,CAAC,OACjC,iBAAiB,KAAK;AAAA,QACpB,aAAa,GAAG;AAAA,QAChB,QAAQ,GAAG;AAAA,QACX,MAAM,GAAG;AAAA,QACT,SAAS,GAAG;AAAA,QACZ,MAAM,GAAG;AAAA,QACT,YAAY,GAAG;AAAA,MACjB,CAAC;AAAA,IACH;AAAA,IACA,MAAM,YAAY,MAAM;AAAA,IACxB;AAAA,IACA;AAAA,IACA,eAAe,mBAAmB,iBAAiB,cAAc;AAAA,IACjE,eAAe,mBAAmB,eAAe;AAAA,EACnD,CAAC;AACH,CAAC;;;AC1ZD,SAAS,UAAAC,eAAc;AAIhB,IAAM,qBAAqBC,QAAO,OAAO;AAAA,EAC9C,WAAWA,QAAO;AAAA,EAClB,OAAOA,QAAO;AAAA,EACd,MAAMA,QAAO;AAAA,EACb,QAAQA,QAAO,OAAO;AAAA,IACpB,MAAMA,QAAO,SAASA,QAAO,MAAM;AAAA,IACnC,WAAWA,QAAO,SAASA,QAAO,MAAM;AAAA,IACxC,SAASA,QAAO,SAASA,QAAO,MAAM;AAAA,IACtC,WAAWA,QAAO,SAASA,QAAO,MAAM;AAAA,IACxC,SAASA,QAAO,SAASA,QAAO,OAAOA,QAAO,QAAQ,qBAAqB,CAAC;AAAA,IAC5E,aAAaA,QAAO,SAASA,QAAO,OAAOA,QAAO,QAAQ,qBAAqB,CAAC;AAAA,IAChF,sBAAsBA,QAAO;AAAA,MAC3BA,QAAO,OAAO;AAAA,QACZ,SAASA,QAAO,SAASA,QAAO,OAAOA,QAAO,QAAQ,qBAAqB,CAAC;AAAA,QAC5E,aAAaA,QAAO,SAASA,QAAO,OAAOA,QAAO,QAAQ,qBAAqB,CAAC;AAAA,MAClF,CAAC;AAAA,IACH;AAAA;AAAA;AAAA,IAGA,QAAQA,QAAO,SAAS,kBAAkB;AAAA,EAC5C,CAAC;AACH,CAAC,EAAE,SAAS,EAAE,YAAY,sBAAsB,CAAC;AAKjD,IAAM,kBAAkB,CAAC,UACvB,MACG,KAAK,EACL,YAAY,EACZ,QAAQ,eAAe,GAAG,EAC1B,QAAQ,YAAY,EAAE,KAAK;AAEzB,IAAM,oBAAoB,CAAC,eAChC,UAAU,gBAAgB,UAAU,CAAC;AAEhC,IAAM,wBAAwB,CAAC,SACpC,eAAe,gBAAgB,IAAI,CAAC;AAE/B,IAAM,6BAA6B,CAAC,eACzC,qBAAqB,gBAAgB,UAAU,CAAC;AAE3C,IAAM,iCAAiC,CAAC,SAC7C,0BAA0B,gBAAgB,IAAI,CAAC;AAE1C,IAAM,qBAAqB,CAAC,uBACjC,UAAU,gBAAgB,kBAAkB,CAAC;AAExC,IAAM,yBAAyB,CAAC,uBACrC,UAAU,gBAAgB,kBAAkB,CAAC;AAExC,IAAM,uBAAuB,CAAC,uBACnC,UAAU,gBAAgB,kBAAkB,CAAC;","names":["Schema","Schema","Schema","Schema","Effect","Option","Option","Effect","Effect","Option","Schema","Schema","Option","Effect","Schema","Schema"]}

package/dist/{chunk-NIKLYJ3X.js → chunk-PS5XP3DG.js} RENAMED Viewed

@@ -6,6 +6,7 @@ import {
   HeaderValue,
   InvocationResult,
   OAuth2SourceConfig,
+  OpenApiAuthRequiredError,
   OpenApiExtractionError,
   OpenApiInvocationError,
   OpenApiOAuthError,
@@ -14,7 +15,7 @@ import {
   parse,
   previewSpec,
   resolveSpecText
-} from "./chunk-EOXXE5DG.js";
+} from "./chunk-AN4HJFNP.js";
 // src/sdk/invoke.ts
 import { Effect, Layer, Option } from "effect";
@@ -643,6 +644,7 @@ import {
   SourceDetectionResult,
   StorageError,
   ToolResult,
+  authToolFailure,
   defaultSourceInstallScopeId,
   definePlugin,
   tool,
@@ -1027,6 +1029,26 @@ var openApiToolFailure = (code, message, details) => ToolResult.fail({
   message,
   ...details === void 0 ? {} : { details }
 });
+var openApiAuthToolFailure = (failure) => authToolFailure({
+  code: failure.code,
+  message: failure.message,
+  source: { id: failure.sourceId, scope: failure.sourceScope },
+  credential: {
+    kind: failure.credentialKind,
+    ...failure.credentialLabel ? { label: failure.credentialLabel } : {},
+    ...failure.slotKey ? { slotKey: failure.slotKey } : {},
+    ...failure.secretId ? { secretId: failure.secretId } : {},
+    ...failure.connectionId ? { connectionId: failure.connectionId } : {}
+  },
+  ...failure.status !== void 0 ? { status: failure.status } : {},
+  ...failure.details !== void 0 ? {
+    upstream: {
+      ...failure.status !== void 0 ? { status: failure.status } : {},
+      details: failure.details
+    }
+  } : {},
+  recovery: { configureSourceTool: "executor.openapi.configureSource" }
+});
 var staticPreviewOutput = (preview) => ({
   title: Option3.getOrNull(preview.title),
   version: Option3.getOrNull(preview.version),
@@ -1390,19 +1412,34 @@ var resolveConfiguredValueMap = (ctx, params) => Effect3.gen(function* () {
       value.slot
     );
     if (binding?.value.kind === "secret") {
-      const secret = yield* ctx.secrets.getAtScope(binding.value.secretId, binding.value.secretScopeId ?? binding.scopeId).pipe(
+      const secretBinding = binding.value;
+      const secret = yield* ctx.secrets.getAtScope(secretBinding.secretId, secretBinding.secretScopeId ?? binding.scopeId).pipe(
         Effect3.catchTag(
           "SecretOwnedByConnectionError",
           () => Effect3.fail(
-            new OpenApiOAuthError({
-              message: `Secret not found for header "${name}"`
+            new OpenApiAuthRequiredError({
+              code: "credential_secret_missing",
+              sourceId: params.sourceId,
+              sourceScope: params.sourceScope,
+              credentialKind: "secret",
+              credentialLabel: name,
+              slotKey: value.slot,
+              secretId: String(secretBinding.secretId),
+              message: `Secret not found for ${params.missingLabel} "${name}"`
             })
           )
         )
       );
       if (secret === null) {
-        return yield* new OpenApiOAuthError({
-          message: `Missing secret "${binding.value.secretId}" for ${params.missingLabel} "${name}"`
+        return yield* new OpenApiAuthRequiredError({
+          code: "credential_secret_missing",
+          sourceId: params.sourceId,
+          sourceScope: params.sourceScope,
+          credentialKind: "secret",
+          credentialLabel: name,
+          slotKey: value.slot,
+          secretId: String(secretBinding.secretId),
+          message: `Missing secret "${secretBinding.secretId}" for ${params.missingLabel} "${name}"`
         });
       }
       resolved[name] = value.prefix ? `${value.prefix}${secret}` : secret;
@@ -1412,7 +1449,13 @@ var resolveConfiguredValueMap = (ctx, params) => Effect3.gen(function* () {
       resolved[name] = value.prefix ? `${value.prefix}${binding.value.text}` : binding.value.text;
       continue;
     }
-    return yield* new OpenApiOAuthError({
+    return yield* new OpenApiAuthRequiredError({
+      code: "credential_binding_missing",
+      sourceId: params.sourceId,
+      sourceScope: params.sourceScope,
+      credentialKind: "secret",
+      credentialLabel: name,
+      slotKey: value.slot,
       message: `Missing binding for ${params.missingLabel} "${name}"`
     });
   }
@@ -1476,7 +1519,12 @@ var resolveStoredSpecFetchCredentials = (ctx, params) => Effect3.gen(function* (
       missingLabel: "spec fetch query parameter"
     })
   };
-});
+}).pipe(
+  Effect3.catchTag(
+    "OpenApiAuthRequiredError",
+    ({ message }) => Effect3.fail(new OpenApiOAuthError({ message }))
+  )
+);
 var toOpenApiSourceConfig = (namespace, config) => {
   const configHeaders = {};
   for (const [name, value] of Object.entries(config.headers ?? {})) {
@@ -1822,22 +1870,86 @@ var openApiPlugin = definePlugin((options) => {
         missingLabel: "query parameter"
       });
       if (config.oauth2) {
+        const oauth2 = config.oauth2;
         const connection = yield* resolveOAuthConnectionId(ctx, {
           sourceId: op.sourceId,
           sourceScope: effective.oauth2Source.scope,
-          oauth2: config.oauth2
+          oauth2
         });
         if (!connection) {
-          return yield* new OpenApiOAuthError({
+          return yield* new OpenApiAuthRequiredError({
+            code: "oauth_connection_missing",
+            sourceId: op.sourceId,
+            sourceScope: effective.oauth2Source.scope,
+            credentialKind: "connection",
+            credentialLabel: oauth2.flow === "clientCredentials" ? "OAuth client connection" : "OAuth sign-in",
+            slotKey: oauth2.connectionSlot,
             message: `OAuth configuration for "${op.sourceId}" is missing a connection binding`
           });
         }
         const accessToken = yield* ctx.connections.accessTokenAtScope(connection.connectionId, connection.scopeId).pipe(
-          Effect3.mapError(
-            () => new OpenApiOAuthError({
-              message: "OAuth connection resolution failed"
-            })
-          )
+          Effect3.catchTags({
+            ConnectionReauthRequiredError: ({ message, connectionId }) => Effect3.fail(
+              new OpenApiAuthRequiredError({
+                code: "oauth_reauth_required",
+                sourceId: op.sourceId,
+                sourceScope: effective.oauth2Source.scope,
+                credentialKind: "oauth",
+                credentialLabel: oauth2.flow === "clientCredentials" ? "OAuth client connection" : "OAuth sign-in",
+                slotKey: oauth2.connectionSlot,
+                connectionId: String(connectionId),
+                message: `OAuth connection "${connectionId}" needs re-authentication: ${message}`
+              })
+            ),
+            ConnectionNotFoundError: ({ connectionId }) => Effect3.fail(
+              new OpenApiAuthRequiredError({
+                code: "oauth_connection_missing",
+                sourceId: op.sourceId,
+                sourceScope: effective.oauth2Source.scope,
+                credentialKind: "connection",
+                credentialLabel: oauth2.flow === "clientCredentials" ? "OAuth client connection" : "OAuth sign-in",
+                slotKey: oauth2.connectionSlot,
+                connectionId: String(connectionId),
+                message: `OAuth connection "${connectionId}" was not found for "${op.sourceId}"`
+              })
+            ),
+            ConnectionProviderNotRegisteredError: ({ provider }) => Effect3.fail(
+              new OpenApiAuthRequiredError({
+                code: "oauth_connection_failed",
+                sourceId: op.sourceId,
+                sourceScope: effective.oauth2Source.scope,
+                credentialKind: "oauth",
+                credentialLabel: oauth2.flow === "clientCredentials" ? "OAuth client connection" : "OAuth sign-in",
+                slotKey: oauth2.connectionSlot,
+                connectionId: connection.connectionId,
+                message: `OAuth provider "${provider}" is not registered`
+              })
+            ),
+            ConnectionRefreshNotSupportedError: ({ provider, connectionId }) => Effect3.fail(
+              new OpenApiAuthRequiredError({
+                code: "oauth_connection_failed",
+                sourceId: op.sourceId,
+                sourceScope: effective.oauth2Source.scope,
+                credentialKind: "oauth",
+                credentialLabel: oauth2.flow === "clientCredentials" ? "OAuth client connection" : "OAuth sign-in",
+                slotKey: oauth2.connectionSlot,
+                connectionId: String(connectionId),
+                message: `OAuth provider "${provider}" cannot refresh connection "${connectionId}"`
+              })
+            ),
+            ConnectionRefreshError: ({ message, connectionId }) => Effect3.fail(
+              new OpenApiAuthRequiredError({
+                code: "oauth_connection_failed",
+                sourceId: op.sourceId,
+                sourceScope: effective.oauth2Source.scope,
+                credentialKind: "oauth",
+                credentialLabel: oauth2.flow === "clientCredentials" ? "OAuth client connection" : "OAuth sign-in",
+                slotKey: oauth2.connectionSlot,
+                connectionId: String(connectionId),
+                message: `OAuth connection "${connectionId}" refresh failed: ${message}`
+              })
+            )
+          })
         );
         resolvedHeaders.authorization = `Bearer ${accessToken}`;
       }
@@ -1851,6 +1963,17 @@ var openApiPlugin = definePlugin((options) => {
       );
       const ok = result.status >= 200 && result.status < 300;
       if (!ok) {
+        if (result.status === 401 || result.status === 403) {
+          return authToolFailure({
+            code: "credential_rejected",
+            status: result.status,
+            message: `Upstream rejected credentials for "${op.sourceId}" with HTTP ${result.status}. Re-authenticate or update the source credentials before retrying this tool.`,
+            source: { id: op.sourceId, scope: toolScope },
+            credential: { kind: "upstream", label: "Upstream authorization" },
+            upstream: { status: result.status, details: result.error },
+            recovery: { configureSourceTool: "executor.openapi.configureSource" }
+          });
+        }
         return ToolResult.fail({
           code: "upstream_http_error",
           status: result.status,
@@ -1863,7 +1986,12 @@ var openApiPlugin = definePlugin((options) => {
         headers: result.headers,
         data: result.data
       });
-    }),
+    }).pipe(
+      Effect3.catchTag(
+        "OpenApiAuthRequiredError",
+        (error) => Effect3.succeed(openApiAuthToolFailure(error))
+      )
+    ),
     resolveAnnotations: ({ ctx, sourceId, toolRows }) => Effect3.gen(function* () {
       const scopes = /* @__PURE__ */ new Set();
       for (const row of toolRows) {
@@ -1955,4 +2083,4 @@ export {
   makeDefaultOpenapiStore,
   openApiPlugin
 };
-//# sourceMappingURL=chunk-NIKLYJ3X.js.map
+//# sourceMappingURL=chunk-PS5XP3DG.js.map