@ganintegrity/mcp 1.0.0 → 1.1.1

package/dist/express/auth.js

@@ -0,0 +1,49 @@
+import { resolveAuth } from "../core/auth/index.js";
+/**
+ * Bearer-token auth middleware for the MCP HTTP endpoint.
+ *
+ * Reads `Authorization: Bearer <token>`. If absent the middleware responds
+ * `401` and does not call `next`.
+ *
+ * On success it sets:
+ * - `req.user` — the resolved `AuthUser` (re-export from `@ganintegrity/mcp`)
+ * - `req.headers.company` — `user.companySubdomainName` (for downstream
+ *   middleware that keys off the company header)
+ * - `req.auth` — SDK-shaped `AuthInfo`, surfaced to MCP tool handlers as
+ *   `RequestHandlerExtra.authInfo`
+ * - `req.mcpSessionId` — value of the `X-Session-Id` header if present, used
+ *   for log correlation
+ *
+ * Then calls `next()`.
+ *
+ * **Never throws.** All failures (missing token, `tokenToUser` rejection)
+ * are turned into `401` responses; the middleware does not call `next(err)`.
+ *
+ * Mounted automatically by {@link createMcpRouter}. Exported in case you
+ * want to compose it differently (e.g. mount under a different router, or
+ * stack additional middleware).
+ *
+ * @public
+ */
+export function mcpAuth(options) {
+    return async (req, res, next) => {
+        const result = await resolveAuth(req.headers, options);
+        if (!result.ok) {
+            res.status(result.status).json({ error: result.message });
+            return;
+        }
+        req.user = result.user;
+        req.headers.company = result.user.companySubdomainName;
+        req.auth = {
+            token: result.token,
+            clientId: result.user.id,
+            scopes: [],
+            extra: { user: result.user },
+        };
+        if (result.sessionId) {
+            req.mcpSessionId = result.sessionId;
+        }
+        next();
+    };
+}
+//# sourceMappingURL=auth.js.map

package/dist/express/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/express/auth.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAKpD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,UAAU,OAAO,CAAC,OAAuB;IAC7C,OAAO,KAAK,EACV,GAAY,EACZ,GAAa,EACb,IAAkB,EACH,EAAE;QACjB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1D,OAAO;QACT,CAAC;QACA,GAAmB,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxC,GAAG,CAAC,OAAO,CAAC,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC;QACvD,GAAG,CAAC,IAAI,GAAG;YACT,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;YACxB,MAAM,EAAE,EAAE;YACV,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE;SAC7B,CAAC;QACF,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,GAAG,CAAC,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC;QACtC,CAAC;QACD,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC"}

package/dist/express/express.types.d.ts

@@ -0,0 +1,37 @@
+import type { Request, RequestHandler } from "express";
+import type { Postgan } from "@ganintegrity/postgan";
+import type { Logger } from "pino";
+import type { AuthUser } from "../core/auth/auth.types.ts";
+/**
+ * Per-service options for {@link createMcpRouter}. The
+ * framework-neutral bits (name, version, tools, errorMapper) live on the
+ * `McpDefinition` argument; this options bag holds only what's specific
+ * to mounting against an Express stack.
+ *
+ * @public
+ */
+export interface CreateMcpRouterOptions {
+    /**
+     * Service logger. The library calls `logger.child({ component: "mcp" })`
+     * internally and further childs with `sessionId` / `userId` / `company`
+     * per request and with `tool` / `sessionId` per tool call.
+     */
+    logger: Logger;
+    /**
+     * Resolve a bearer token to a user. The library is neutral about how
+     * tokens are verified — plug in your service's existing JWT/cipher/identity
+     * pipeline. Reject by throwing — the router responds `401`.
+     */
+    tokenToUser: (token: string) => Promise<AuthUser>;
+    /**
+     * Express middleware that attaches a `Postgan` instance to `req.postgan`.
+     * Mounted between auth and the JSON-RPC dispatcher; tools open per-call
+     * transactions against `ctx.postgan`.
+     */
+    setupPostgan: RequestHandler;
+}
+export type ReqWithUserPostgan = Request & {
+    user?: AuthUser;
+    postgan?: Postgan;
+};
+//# sourceMappingURL=express.types.d.ts.map

package/dist/express/express.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.types.d.ts","sourceRoot":"","sources":["../../src/express/express.types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACvD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAEnC,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AAE3D;;;;;;;GAOG;AACH,MAAM,WAAW,sBAAsB;IACrC;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD;;;;OAIG;IACH,YAAY,EAAE,cAAc,CAAC;CAC9B;AAED,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG;IACzC,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC"}

package/dist/express/express.types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=express.types.js.map

package/dist/express/express.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.types.js","sourceRoot":"","sources":["../../src/express/express.types.ts"],"names":[],"mappings":""}

package/dist/express/index.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Express adapter for `@ganintegrity/mcp`. Mounts an `McpDefinition` (built
+ * with `defineMcpServer`) as an Express router and provides the bearer-token
+ * auth middleware that resolves users for incoming requests.
+ *
+ * @packageDocumentation
+ */
+import { type Router } from "express";
+import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
+import { mcpAuth } from "./auth.ts";
+import type { McpDefinition } from "../core/define.ts";
+import type { CreateMcpRouterOptions } from "./express.types.ts";
+declare global {
+    namespace Express {
+        interface Request {
+            mcpSessionId?: string;
+            auth?: AuthInfo;
+        }
+    }
+}
+export { mcpAuth };
+export type { CreateMcpRouterOptions } from "./express.types.ts";
+/**
+ * Build an Express router that serves an `McpDefinition` (from `@ganintegrity/mcp`). Mount the
+ * returned router on whatever path you like
+ * (`app.use("/mcp", createMcpRouter(mcp, opts))`).
+ *
+ * Each request runs through:
+ *
+ *   `express.json()` → `mcpAuth` → caller's `setupPostgan` → tool dispatch
+ *
+ * Tool handlers run inside an `AsyncLocalStorage` scope, so they pull
+ * `user` / `postgan` / `transaction` / `sessionId` / `logger` from
+ * `ToolContext` without Express objects leaking in.
+ *
+ * Synchronous and never throws.
+ *
+ * @public
+ */
+export declare function createMcpRouter(mcp: McpDefinition, options: CreateMcpRouterOptions): Router;
+//# sourceMappingURL=index.d.ts.map

package/dist/express/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAgB,EAA+B,KAAK,MAAM,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gDAAgD,CAAC;AAG/E,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,KAAK,EACV,sBAAsB,EAEvB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,CAAC,MAAM,CAAC;IAIb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,IAAI,CAAC,EAAE,QAAQ,CAAC;SACjB;KACF;CACF;AAED,OAAO,EAAE,OAAO,EAAE,CAAC;AACnB,YAAY,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AA+BjE;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,eAAe,CAC7B,GAAG,EAAE,aAAa,EAClB,OAAO,EAAE,sBAAsB,GAC9B,MAAM,CAQR"}

package/dist/express/index.js

@@ -0,0 +1,59 @@
+/**
+ * Express adapter for `@ganintegrity/mcp`. Mounts an `McpDefinition` (built
+ * with `defineMcpServer`) as an Express router and provides the bearer-token
+ * auth middleware that resolves users for incoming requests.
+ *
+ * @packageDocumentation
+ */
+import express, {} from "express";
+import { mcpAuth } from "./auth.js";
+import { dispatchMcpRequest } from "../core/dispatch.js";
+export { mcpAuth };
+/**
+ * Express adapter around {@link dispatchMcpRequest}: pulls `user` /
+ * `postgan` / `mcpSessionId` off the request (set upstream by the auth
+ * middleware and `setupPostgan`), then hands the SDK transport an Express
+ * `req`/`res` pair via the dispatcher's `invokeTransport` callback.
+ */
+function handleMcpRequest(mcp, logger) {
+    return async (req, res) => {
+        const { user, postgan } = req;
+        if (!user || !postgan) {
+            // Defensive: mcpAuth + setupPostgan should have populated both.
+            res.status(401).json({ error: "Unauthenticated" });
+            return;
+        }
+        await dispatchMcpRequest(mcp, logger, { user, postgan, sessionId: req.mcpSessionId }, (transport) => transport.handleRequest(req, res, req.body), () => {
+            if (!res.headersSent) {
+                res.status(500).json({ error: "Internal MCP transport error" });
+            }
+        });
+    };
+}
+/**
+ * Build an Express router that serves an `McpDefinition` (from `@ganintegrity/mcp`). Mount the
+ * returned router on whatever path you like
+ * (`app.use("/mcp", createMcpRouter(mcp, opts))`).
+ *
+ * Each request runs through:
+ *
+ *   `express.json()` → `mcpAuth` → caller's `setupPostgan` → tool dispatch
+ *
+ * Tool handlers run inside an `AsyncLocalStorage` scope, so they pull
+ * `user` / `postgan` / `transaction` / `sessionId` / `logger` from
+ * `ToolContext` without Express objects leaking in.
+ *
+ * Synchronous and never throws.
+ *
+ * @public
+ */
+export function createMcpRouter(mcp, options) {
+    const mcpLogger = options.logger.child({ component: "mcp" });
+    const router = express.Router();
+    router.use(express.json());
+    router.use(mcpAuth({ tokenToUser: options.tokenToUser, logger: mcpLogger }));
+    router.use(options.setupPostgan);
+    router.post("/", handleMcpRequest(mcp, mcpLogger));
+    return router;
+}
+//# sourceMappingURL=index.js.map

package/dist/express/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,OAAO,EAAE,EAA4C,MAAM,SAAS,CAAC;AAI5E,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAmBzD,OAAO,EAAE,OAAO,EAAE,CAAC;AAGnB;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,GAAkB,EAAE,MAAc;IAC1D,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QAC1D,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,GAAyB,CAAC;QACpD,IAAI,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACtB,gEAAgE;YAChE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,MAAM,kBAAkB,CACtB,GAAG,EACH,MAAM,EACN,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,YAAY,EAAE,EAC9C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,EAC1D,GAAG,EAAE;YACH,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;YAClE,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,eAAe,CAC7B,GAAkB,EAClB,OAA+B;IAE/B,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAChC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACjC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,gBAAgB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;IACnD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/index.d.ts

@@ -1,20 +1,23 @@
-import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
-declare global {
-    namespace Express {
-        interface Request {
-            mcpSessionId?: string;
-            auth?: AuthInfo;
-        }
-    }
-}
-export { createMcpServer } from "./server/index.ts";
-export type { CreateMcpServerOptions, CreateMcpServerResult, } from "./server/server.types.ts";
-export { tool } from "./tool/index.ts";
-export type { ToolSpec, ToolAnnotations, ToolContext, } from "./tool/tool.types.ts";
+/**
+ * Framework-neutral entry for `@ganintegrity/mcp`. Tool definitions, error
+ * envelope plumbing, and the types every adapter shares live here. Bootstrap
+ * files importing the adapter factory should reach for a per-framework
+ * subpath (`@ganintegrity/mcp/express`); tool files import from this root.
+ *
+ * @packageDocumentation
+ */
+export { defineMcpServer, materializeSdkServer } from "./core/define.ts";
+export type { DefineMcpServerOptions, McpDefinition } from "./core/define.ts";
+export type { ToolSpec, ToolAnnotations, ToolContext, ToolRegister, ToolRegistration, } from "./core/tool/tool.types.ts";
+/**
+ * MCP SDK server class — re-exported as a type for convenience so consumers
+ * can annotate adapter callbacks without importing the SDK directly.
+ *
+ * @public
+ */
 export type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-export { mcpAuth } from "./auth/index.ts";
-export type { McpAuthOptions, AuthUser } from "./auth/auth.types.ts";
-export { INTERNAL_ERROR, toCallToolError } from "./errors/index.ts";
-export type { McpErrorMapper, McpToolError, McpToolErrorSeverity, ToolErrorMeta, } from "./errors/errors.types.ts";
-export type { RequestStore } from "./als.ts";
+export type { AuthUser, McpAuthOptions } from "./core/auth/auth.types.ts";
+export { INTERNAL_ERROR, toCallToolError } from "./core/errors/index.ts";
+export type { McpErrorMapper, McpToolError, McpToolErrorSeverity, ToolErrorMeta, } from "./core/errors/errors.types.ts";
+export type { RequestStore } from "./core/als.ts";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gDAAgD,CAAC;AAE/E,OAAO,CAAC,MAAM,CAAC;IAIb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,IAAI,CAAC,EAAE,QAAQ,CAAC;SACjB;KACF;CACF;AAED,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,YAAY,EACV,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AACvC,YAAY,EACV,QAAQ,EACR,eAAe,EACf,WAAW,GACZ,MAAM,sBAAsB,CAAC;AAE9B,YAAY,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,YAAY,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAErE,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpE,YAAY,EACV,cAAc,EACd,YAAY,EACZ,oBAAoB,EACpB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAElC,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACzE,YAAY,EAAE,sBAAsB,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAE9E,YAAY,EACV,QAAQ,EACR,eAAe,EACf,WAAW,EACX,YAAY,EACZ,gBAAgB,GACjB,MAAM,2BAA2B,CAAC;AAEnC;;;;;GAKG;AACH,YAAY,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,YAAY,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE1E,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzE,YAAY,EACV,cAAc,EACd,YAAY,EACZ,oBAAoB,EACpB,aAAa,GACd,MAAM,+BAA+B,CAAC;AAEvC,YAAY,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC"}

package/dist/index.js

@@ -1,5 +1,11 @@
-export { createMcpServer } from "./server/index.js";
-export { tool } from "./tool/index.js";
-export { mcpAuth } from "./auth/index.js";
-export { INTERNAL_ERROR, toCallToolError } from "./errors/index.js";
+/**
+ * Framework-neutral entry for `@ganintegrity/mcp`. Tool definitions, error
+ * envelope plumbing, and the types every adapter shares live here. Bootstrap
+ * files importing the adapter factory should reach for a per-framework
+ * subpath (`@ganintegrity/mcp/express`); tool files import from this root.
+ *
+ * @packageDocumentation
+ */
+export { defineMcpServer, materializeSdkServer } from "./core/define.js";
+export { INTERNAL_ERROR, toCallToolError } from "./core/errors/index.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAMpD,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AASvC,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAG1C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAqBzE,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ganintegrity/mcp",
-  "version": "1.0.0",
+  "version": "1.1.1",
   "description": "Provides tooling to scaffold an MCP server",
   "type": "module",
   "main": "./dist/index.js",
@@ -9,6 +9,10 @@
     ".": {
       "types": "./dist/index.d.ts",
       "default": "./dist/index.js"
+    },
+    "./express": {
+      "types": "./dist/express/index.d.ts",
+      "default": "./dist/express/index.js"
     }
   },
   "files": [
@@ -22,6 +26,8 @@
     "test:coverage": "vitest run --coverage",
     "lint": "eslint 'src/**/*.ts'",
     "typecheck": "tsc --noEmit && tsc -p tsconfig.test.json",
+    "api:check": "api-extractor run --config etc/api-extractor.root.json && api-extractor run --config etc/api-extractor.express.json",
+    "api:update": "api-extractor run --local --config etc/api-extractor.root.json && api-extractor run --local --config etc/api-extractor.express.json",
     "format": "pnpx prettier . -w",
     "format:check": "pnpx prettier . -c",
     "typecheck:watch": "tsc --noEmit --watch"
@@ -47,6 +53,7 @@
     "@commitlint/cli": "^20.5.3",
     "@commitlint/config-conventional": "^20.5.3",
     "@eslint/js": "^10.0.1",
+    "@microsoft/api-extractor": "^7.58.7",
     "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/gitlab": "^13.3.2",
     "@types/express": "^5.0.6",

package/dist/als.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"als.d.ts","sourceRoot":"","sources":["../src/als.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAEnC,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE/D;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,QAAQ,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,WAAW,CAAC,EAAE,cAAc,CAAC;CAC9B;AAED,eAAO,MAAM,YAAY,iCAAwC,CAAC"}

package/dist/als.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"als.js","sourceRoot":"","sources":["../src/als.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAyBrD,MAAM,CAAC,MAAM,YAAY,GAAG,IAAI,iBAAiB,EAAgB,CAAC"}

package/dist/auth/auth.types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth.types.d.ts","sourceRoot":"","sources":["../../src/auth/auth.types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAEnC;;;;;;GAMG;AACH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;;;OAOG;IACH,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,oEAAoE;IACpE,MAAM,EAAE,MAAM,CAAC;CAChB"}

package/dist/auth/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAC;AAC/E,OAAO,KAAK,EAAY,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAmChE;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,cAAc,CAwB/D"}

package/dist/auth/index.js

@@ -1,74 +0,0 @@
-const BEARER_PREFIX = /^Bearer\s+/i;
-function extractBearer(req) {
-    const auth = req.headers["authorization"];
-    if (typeof auth === "string" && BEARER_PREFIX.test(auth)) {
-        return auth.replace(BEARER_PREFIX, "").trim();
-    }
-    // Parity fallback: REST accepts X-Access-Token. Same middleware shape.
-    const xat = req.headers["x-access-token"];
-    if (typeof xat === "string" && xat && xat !== "null" && xat !== "undefined") {
-        return xat;
-    }
-    return undefined;
-}
-function applyAuthToRequest(req, user, token) {
-    req.user = user;
-    req.headers.company = user.companySubdomainName;
-    req.auth = {
-        token,
-        clientId: user.id,
-        scopes: [],
-        extra: { user },
-    };
-    const sessionId = req.headers["x-session-id"];
-    if (typeof sessionId === "string" && sessionId.length > 0) {
-        req.mcpSessionId = sessionId;
-    }
-}
-/**
- * Bearer-token auth middleware for the MCP HTTP endpoint.
- *
- * Token sources, in order: `Authorization: Bearer <token>`, then
- * `X-Access-Token`. If neither is present the middleware responds `401` and
- * does not call `next`.
- *
- * On success it sets:
- * - `req.user` — the resolved {@link AuthUser}
- * - `req.headers.company` — `user.companySubdomainName` (for downstream
- *   middleware that keys off the company header)
- * - `req.auth` — SDK-shaped `AuthInfo`, surfaced to MCP tool handlers as
- *   `RequestHandlerExtra.authInfo`
- * - `req.mcpSessionId` — value of the `X-Session-Id` header if present, used
- *   for log correlation
- *
- * Then calls `next()`.
- *
- * **Never throws.** All failures (missing token, `tokenToUser` rejection)
- * are turned into `401` responses; the middleware does not call `next(err)`.
- *
- * Mounted automatically by `createMcpServer`'s `mount()`. Exported in case
- * you want to compose it differently (e.g. mount under a different router,
- * or stack additional middleware).
- */
-export function mcpAuth(options) {
-    return async (req, res, next) => {
-        const token = extractBearer(req);
-        if (!token) {
-            res
-                .status(401)
-                .json({ error: "Missing or invalid Authorization header" });
-            return;
-        }
-        try {
-            const user = await options.tokenToUser(token);
-            applyAuthToRequest(req, user, token);
-            next();
-        }
-        catch (err) {
-            const reason = err instanceof Error ? err.message : "invalid token";
-            options.logger.warn({ err }, "mcp auth: token rejected");
-            res.status(401).json({ error: `Authentication failed: ${reason}` });
-        }
-    };
-}
-//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAGA,MAAM,aAAa,GAAG,aAAa,CAAC;AAEpC,SAAS,aAAa,CAAC,GAAY;IACjC,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAC1C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACzD,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAChD,CAAC;IACD,uEAAuE;IACvE,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC1C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;QAC5E,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAID,SAAS,kBAAkB,CAAC,GAAY,EAAE,IAAc,EAAE,KAAa;IACpE,GAAmB,CAAC,IAAI,GAAG,IAAI,CAAC;IACjC,GAAG,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,oBAAoB,CAAC;IAChD,GAAG,CAAC,IAAI,GAAG;QACT,KAAK;QACL,QAAQ,EAAE,IAAI,CAAC,EAAE;QACjB,MAAM,EAAE,EAAE;QACV,KAAK,EAAE,EAAE,IAAI,EAAE;KAChB,CAAC;IAEF,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAC9C,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,GAAG,CAAC,YAAY,GAAG,SAAS,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,OAAO,CAAC,OAAuB;IAC7C,OAAO,KAAK,EACV,GAAY,EACZ,GAAa,EACb,IAAkB,EACH,EAAE;QACjB,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG;iBACA,MAAM,CAAC,GAAG,CAAC;iBACX,IAAI,CAAC,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAC9C,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YACrC,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACpE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,0BAA0B,CAAC,CAAC;YACzD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,MAAM,EAAE,EAAE,CAAC,CAAC;QACtE,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/errors/errors.types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"errors.types.d.ts","sourceRoot":"","sources":["../../src/errors/errors.types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAEnC,MAAM,MAAM,oBAAoB,GAAG,MAAM,GAAG,OAAO,CAAC;AAEpD;;;;;;;GAOG;AACH,MAAM,WAAW,YAAY;IAC3B,0DAA0D;IAC1D,IAAI,EAAE,MAAM,CAAC;IACb,oDAAoD;IACpD,OAAO,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,yDAAyD;IACzD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,gFAAgF;IAChF,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,OAAO,KAAK,YAAY,GAAG,IAAI,CAAC;AAEnE,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB"}

package/dist/errors/errors.types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"errors.types.js","sourceRoot":"","sources":["../../src/errors/errors.types.ts"],"names":[],"mappings":""}

package/dist/errors/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/errors/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAErE;;;GAGG;AACH,eAAO,MAAM,cAAc,mBAAmB,CAAC;AA+D/C;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,YAAY,GAAG,IAAI,EAC3B,WAAW,EAAE,OAAO,EACpB,IAAI,EAAE,aAAa,GAClB,cAAc,CAMhB"}

package/dist/errors/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/errors/index.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,gBAAgB,CAAC;AAE/C,SAAS,cAAc,CAAC,MAAoB,EAAE,IAAmB;IAC/D,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf;YACE,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,EACD,iBAAiB,CAClB,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,MAAM,CAAC,IAAI,CACd;YACE,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,EACD,mBAAmB,CACpB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,MAAoB;IAC1C,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;QACjD,iBAAiB,EAAE;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvD;KACF,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,GAAY,EACZ,IAAmB;IAEnB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjE,IAAI,CAAC,MAAM,CAAC,KAAK,CACf;QACE,GAAG,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAC3C,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,EACD,0BAA0B,CAC3B,CAAC;IACF,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iDAAiD,EAAE;SAC1E;QACD,iBAAiB,EAAE;YACjB,IAAI,EAAE,cAAc;YACpB,OAAO;SACR;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,eAAe,CAC7B,MAA2B,EAC3B,WAAoB,EACpB,IAAmB;IAEnB,IAAI,MAAM,EAAE,CAAC;QACX,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7B,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,oBAAoB,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;AACjD,CAAC"}

package/dist/server/index.d.ts

@@ -1,18 +0,0 @@
-import type { CreateMcpServerOptions, CreateMcpServerResult } from "./server.types.ts";
-/**
- * Build an MCP server bound to the Streamable HTTP transport.
- *
- * Returns a `{ server, mount }` pair. Register tools against `server` using
- * `tool()` at boot time, then call `mount(router)` to wire the JSON-RPC
- * endpoint onto an Express router. Each incoming HTTP request runs through:
- *
- *   `express.json()` → auth middleware → caller's `setupPostgan` → tool dispatch
- *
- * Tool handlers run inside an `AsyncLocalStorage` scope, so they pull
- * `user` / `postgan` / `transaction` / `sessionId` / `logger` from
- * `ToolContext` without Express objects leaking in.
- *
- * Synchronous and never throws.
- */
-export declare function createMcpServer(options: CreateMcpServerOptions): CreateMcpServerResult;
-//# sourceMappingURL=index.d.ts.map

package/dist/server/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EACV,sBAAsB,EACtB,qBAAqB,EAKtB,MAAM,mBAAmB,CAAC;AA2G3B;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,sBAAsB,GAC9B,qBAAqB,CAuBvB"}

package/dist/server/index.js

@@ -1,130 +0,0 @@
-import express, {} from "express";
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
-import { mcpAuth } from "../auth/index.js";
-import { requestStore } from "../als.js";
-/**
- * Build the recording shim handed to consumers as `server`.
- *
- * Why a shim and not a real `McpServer`: the SDK's
- * `StreamableHTTPServerTransport` (stateless mode) is single-use — once it
- * has handled one request it cannot be reused. The transport must be paired
- * with an `McpServer`, so we need a fresh server per HTTP request. But
- * consumers register tools once at boot, not per request — so registration
- * is split in two:
- *
- *   - boot:    `tool(server, spec)` lands here and pushes onto `registrations`.
- *   - request: {@link handleMcpRequest} constructs a real `McpServer` and
- *              replays every recorded registration onto it before connecting
- *              the transport.
- *
- * The recorder is typed as `McpServer` so `tool(server, spec)` type-checks,
- * but `registerTool` is the only method actually implemented. Nothing in
- * the library calls anything else on it, and the consumer is documented to
- * only pass it to `tool()` — calls to other methods are undefined behaviour.
- */
-function createToolRecorder() {
-    const registrations = [];
-    const recorder = {
-        registerTool: (name, config, handler) => {
-            registrations.push({ name, config, handler });
-            // Real `registerTool` returns a registration handle for later
-            // update/remove. We don't expose that surface — empty object satisfies
-            // the return type and is never read.
-            return {};
-        },
-    };
-    return { server: recorder, registrations };
-}
-/**
- * Per-request handler. Builds the ALS store from `req.user` / `req.postgan`
- * (set upstream by the auth + setupPostgan middleware), spins up a fresh
- * `McpServer` + transport pair, replays the recorded tool registrations,
- * dispatches the JSON-RPC call inside `requestStore.run(...)`, and tears
- * down server + transport in `finally`.
- */
-function handleMcpRequest(deps) {
-    return async (req, res) => {
-        const { user, postgan } = req;
-        if (!user || !postgan) {
-            // Defensive: mcpAuth + setupPostgan should have populated both.
-            res.status(401).json({ error: "Unauthenticated" });
-            return;
-        }
-        const sessionId = req.mcpSessionId;
-        const store = {
-            user,
-            postgan,
-            sessionId,
-            logger: deps.logger.child({
-                sessionId,
-                userId: user.id,
-                company: user.companySubdomainName,
-            }),
-            errorMapper: deps.errorMapper,
-        };
-        const requestServer = new McpServer({
-            name: deps.name,
-            version: deps.version,
-        });
-        for (const reg of deps.registrations) {
-            requestServer.registerTool(reg.name, reg.config, reg.handler);
-        }
-        const transport = new StreamableHTTPServerTransport({
-            sessionIdGenerator: undefined,
-        });
-        await requestServer.connect(transport);
-        await requestStore.run(store, async () => {
-            try {
-                await transport.handleRequest(req, res, req.body);
-            }
-            catch (err) {
-                deps.logger.error({ err, sessionId }, "mcp: transport.handleRequest threw");
-                if (!res.headersSent) {
-                    res.status(500).json({ error: "Internal MCP transport error" });
-                }
-            }
-            finally {
-                await transport.close().catch((closeErr) => {
-                    deps.logger.warn({ err: closeErr }, "mcp: transport close failed");
-                });
-                await requestServer.close().catch((closeErr) => {
-                    deps.logger.warn({ err: closeErr }, "mcp: server close failed");
-                });
-            }
-        });
-    };
-}
-/**
- * Build an MCP server bound to the Streamable HTTP transport.
- *
- * Returns a `{ server, mount }` pair. Register tools against `server` using
- * `tool()` at boot time, then call `mount(router)` to wire the JSON-RPC
- * endpoint onto an Express router. Each incoming HTTP request runs through:
- *
- *   `express.json()` → auth middleware → caller's `setupPostgan` → tool dispatch
- *
- * Tool handlers run inside an `AsyncLocalStorage` scope, so they pull
- * `user` / `postgan` / `transaction` / `sessionId` / `logger` from
- * `ToolContext` without Express objects leaking in.
- *
- * Synchronous and never throws.
- */
-export function createMcpServer(options) {
-    const mcpLogger = options.logger.child({ component: "mcp" });
-    const { server, registrations } = createToolRecorder();
-    const mount = async (target) => {
-        target.use(express.json());
-        target.use(mcpAuth({ tokenToUser: options.tokenToUser, logger: mcpLogger }));
-        target.use(options.setupPostgan);
-        target.post("/", handleMcpRequest({
-            name: options.name,
-            version: options.version,
-            registrations,
-            logger: mcpLogger,
-            errorMapper: options.errorMapper,
-        }));
-    };
-    return { server, mount };
-}
-//# sourceMappingURL=index.js.map

package/dist/server/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,EAAE,EAA4C,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AAEnG,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAqB,MAAM,WAAW,CAAC;AAU5D;;;;;;;;;;;;;;;;;;;GAmBG;AACH,SAAS,kBAAkB;IAIzB,MAAM,aAAa,GAAuB,EAAE,CAAC;IAC7C,MAAM,QAAQ,GAAG;QACf,YAAY,EAAE,CACZ,IAAyB,EACzB,MAA2B,EAC3B,OAA4B,EAC5B,EAAE;YACF,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;YAC9C,8DAA8D;YAC9D,uEAAuE;YACvE,qCAAqC;YACrC,OAAO,EAA2C,CAAC;QACrD,CAAC;KACsB,CAAC;IAC1B,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC;AAC7C,CAAC;AAED;;;;;;GAMG;AACH,SAAS,gBAAgB,CAAC,IAAuB;IAC/C,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QAC1D,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,GAAyB,CAAC;QACpD,IAAI,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACtB,gEAAgE;YAChE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC;QACnC,MAAM,KAAK,GAAiB;YAC1B,IAAI;YACJ,OAAO;YACP,SAAS;YACT,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;gBACxB,SAAS;gBACT,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,OAAO,EAAE,IAAI,CAAC,oBAAoB;aACnC,CAAC;YACF,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC;QAEF,MAAM,aAAa,GAAG,IAAI,SAAS,CAAC;YAClC,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;QACH,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACrC,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAChE,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;YAClD,kBAAkB,EAAE,SAAS;SAC9B,CAAC,CAAC;QACH,MAAM,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEvC,MAAM,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,IAAI,EAAE;YACvC,IAAI,CAAC;gBACH,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YACpD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,EAAE,GAAG,EAAE,SAAS,EAAE,EAClB,oCAAoC,CACrC,CAAC;gBACF,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;oBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;gBAClE,CAAC;YACH,CAAC;oBAAS,CAAC;gBACT,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC,QAAiB,EAAE,EAAE;oBAClD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,6BAA6B,CAAC,CAAC;gBACrE,CAAC,CAAC,CAAC;gBACH,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC,QAAiB,EAAE,EAAE;oBACtD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,0BAA0B,CAAC,CAAC;gBAClE,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,eAAe,CAC7B,OAA+B;IAE/B,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7D,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,kBAAkB,EAAE,CAAC;IAEvD,MAAM,KAAK,GAAG,KAAK,EAAE,MAAc,EAAiB,EAAE;QACpD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3B,MAAM,CAAC,GAAG,CACR,OAAO,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CACjE,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CACT,GAAG,EACH,gBAAgB,CAAC;YACf,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,aAAa;YACb,MAAM,EAAE,SAAS;YACjB,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CACH,CAAC;IACJ,CAAC,CAAC;IAEF,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC"}