@gdrl/kronos-lib 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/index.d.mts +59 -3
  2. package/dist/index.d.ts +59 -3
  3. package/dist/index.js +201 -15
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +191 -15
  6. package/dist/index.mjs.map +1 -1
  7. package/dist/react/index.d.mts +1 -1
  8. package/dist/react/index.d.ts +1 -1
  9. package/dist/{types-CftFKnhs.d.mts → types-CTMNKYHj.d.mts} +39 -1
  10. package/dist/{types-CftFKnhs.d.ts → types-CTMNKYHj.d.ts} +39 -1
  11. package/package.json +1 -1
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/utils.ts","../src/client.ts","../src/webhook-verification.ts"],"sourcesContent":["export { KronosClient } from './client';\nexport { generateIdempotencyKey } from './utils';\nexport { verifyWebhookSecret } from './webhook-verification';\nexport {\n KronosError,\n KronosBadRequestError,\n KronosUnauthorizedError,\n KronosForbiddenError,\n KronosNotFoundError,\n KronosServerError,\n} from './errors';\n\nexport type {\n KronosClientConfig,\n IngestStatus,\n IngestMemoryDisposition,\n IngestRequest,\n IngestResponse,\n IngestStatusResponse,\n CreateMCPServerRequest,\n CreateMCPServerResponse,\n MCPServerStatus,\n MCPServerToolCapabilities,\n MCPServerDetails,\n ListMCPServersResponse,\n GetMCPServerResponse,\n ConnectMCPServerRequest,\n ConnectMCPServerResponse,\n RotateMCPServerTokenRequest,\n RotateMCPServerTokenResponse,\n MemoryStatsResponse,\n CostSummaryResponse,\n CostBreakdownPoint,\n CostBreakdownResponse,\n ScratchsheetResponse,\n ScopeSummary,\n ScopeDetail,\n ListScopesResponse,\n GetScopeResponse,\n ScopeSpec,\n CreateScopeRequest,\n CreateScopeResponse,\n TriggerType,\n OnTriggered,\n TriggerRecord,\n CreateTriggerRequest,\n CreateTriggerResponse,\n ListTriggersResponse,\n UpdateTriggerRequest,\n UpdateTriggerResponse,\n DeleteTriggerResponse,\n CreateFrontendTokenRequest,\n CreateFrontendTokenResponse,\n SkillFileType,\n SkillReadMode,\n SkillFileContentMode,\n SkillFileInput,\n SkillFileRecord,\n SkillTreeNode,\n SkillMetadataRecord,\n SkillSummaryRecord,\n SkillManageParams,\n SkillManageResponse,\n ContextGraphProcedureSummary,\n ContextGraphSummaryResponse,\n ContextGraphReadResponse,\n} from './types';\n","/**\n * Base error for Kronos API failures\n */\nexport class KronosError extends Error {\n constructor(\n message: string,\n public readonly status?: number,\n public readonly code?: string,\n public readonly body?: unknown\n ) {\n super(message);\n this.name = 'KronosError';\n Object.setPrototypeOf(this, KronosError.prototype);\n }\n}\n\n/**\n * 400 Bad Request - invalid or missing parameters\n */\nexport class KronosBadRequestError extends KronosError {\n constructor(message: string, body?: unknown) {\n super(message, 400, 'bad_request', body);\n this.name = 'KronosBadRequestError';\n Object.setPrototypeOf(this, KronosBadRequestError.prototype);\n }\n}\n\n/**\n * 401 Unauthorized - invalid or missing API key\n */\nexport class KronosUnauthorizedError extends KronosError {\n constructor(message: string, body?: unknown) {\n super(message, 401, 'unauthorized', body);\n this.name = 'KronosUnauthorizedError';\n Object.setPrototypeOf(this, KronosUnauthorizedError.prototype);\n }\n}\n\n/**\n * 403 Forbidden - valid auth but insufficient permissions\n */\nexport class KronosForbiddenError extends KronosError {\n constructor(message: string, body?: unknown) {\n super(message, 403, 'forbidden', body);\n this.name = 'KronosForbiddenError';\n Object.setPrototypeOf(this, KronosForbiddenError.prototype);\n }\n}\n\n/**\n * 404 Not Found - resource does not exist\n */\nexport class KronosNotFoundError extends KronosError {\n constructor(message: string, body?: unknown) {\n super(message, 404, 'not_found', body);\n this.name = 'KronosNotFoundError';\n Object.setPrototypeOf(this, KronosNotFoundError.prototype);\n }\n}\n\n/**\n * 5xx or network/unknown errors\n */\nexport class KronosServerError extends KronosError {\n constructor(message: string, status?: number, body?: unknown) {\n super(message, status, 'server_error', body);\n this.name = 'KronosServerError';\n Object.setPrototypeOf(this, KronosServerError.prototype);\n }\n}\n","/**\n * Generate an idempotency key for ingest requests.\n * Uses crypto.randomUUID() when available; falls back to a timestamp-based value.\n * Callers can pass their own key via the ingest options to achieve true idempotency.\n */\nexport function generateIdempotencyKey(): string {\n if (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function') {\n return crypto.randomUUID();\n }\n return `idem_${Date.now()}_${Math.random().toString(36).slice(2, 11)}`;\n}\n","import type {\n KronosClientConfig,\n IngestRequest,\n IngestResponse,\n IngestStatusResponse,\n CreateMCPServerRequest,\n CreateMCPServerResponse,\n UpdateMCPServerRequest,\n ListMCPServersResponse,\n GetMCPServerResponse,\n ConnectMCPServerRequest,\n ConnectMCPServerResponse,\n RotateMCPServerTokenResponse,\n MemoryStatsResponse,\n CostSummaryResponse,\n CostBreakdownResponse,\n ScratchsheetResponse,\n ListScopesResponse,\n GetScopeResponse,\n CreateScopeRequest,\n CreateScopeResponse,\n UpdateScopeResponse,\n CreateTriggerRequest,\n CreateTriggerResponse,\n CreateFrontendTokenResponse,\n ListTriggersResponse,\n ScopeSpec,\n UpdateTriggerRequest,\n UpdateTriggerResponse,\n DeleteTriggerResponse,\n TriggerRecord,\n SkillManageParams,\n SkillManageResponse,\n ContextGraphSummaryResponse,\n ContextGraphReadResponse,\n ContextGraphProcedureSummary,\n} from './types';\nimport {\n KronosError,\n KronosBadRequestError,\n KronosUnauthorizedError,\n KronosForbiddenError,\n KronosNotFoundError,\n KronosServerError,\n} from './errors';\nimport { generateIdempotencyKey } from './utils';\n\nconst DEFAULT_WORKER_URL = 'https://api.kronos.ai';\nconst DEFAULT_MASTRA_URL = 'https://mastra.kronos.ai';\nconst INTERNAL_CONTEXT_GRAPH_SKILL_NAME = '__internal_context_graph__';\n\nexport class KronosClient {\n private readonly workerUrl: string;\n private readonly mastraUrl: string;\n private readonly apiKey: string;\n private readonly appId: string;\n\n constructor(config: KronosClientConfig) {\n if (!config.apiKey) {\n throw new Error('KronosClient: apiKey is required in constructor');\n }\n if (!config.appId) {\n throw new Error('KronosClient: appId is required in constructor');\n }\n this.workerUrl = (config.workerUrl ?? process.env.KRONOS_WORKER_URL ?? DEFAULT_WORKER_URL).replace(/\\/$/, '');\n this.mastraUrl = (config.mastraUrl ?? process.env.KRONOS_MASTRA_URL ?? DEFAULT_MASTRA_URL).replace(/\\/$/, '');\n this.apiKey = config.apiKey;\n this.appId = config.appId;\n\n const workerOverride = this.workerUrl !== DEFAULT_WORKER_URL;\n const mastraOverride = this.mastraUrl !== DEFAULT_MASTRA_URL;\n if (workerOverride || mastraOverride) {\n console.log('[KronosClient] URL overrides in use:', {\n workerUrl: this.workerUrl,\n mastraUrl: this.mastraUrl,\n });\n }\n\n console.log('[KronosClient] ✅ KronosClient initialized:', {\n appId: this.appId,\n workerUrl: this.workerUrl,\n mastraUrl: this.mastraUrl,\n hasApiKey: !!this.apiKey,\n });\n \n // Perform async health check (fire and forget)\n this.healthCheck().catch(() => {\n // Health check failed, but don't block initialization\n });\n }\n \n /**\n * Perform a health check to verify the client can connect to the Kronos worker\n * This is called automatically during initialization\n */\n private async healthCheck(): Promise<void> {\n try {\n const response = await fetch(`${this.workerUrl}/health`, {\n method: 'GET',\n headers: {\n 'Content-Type': 'application/json',\n },\n });\n \n if (response.ok) {\n const data = await response.json();\n if (data.status === 'ok') {\n console.log('[KronosClient] ✅ Health check passed - Client is connected and working');\n } else {\n console.warn('[KronosClient] ⚠️ Health check returned unexpected status:', data);\n }\n } else {\n console.warn(`[KronosClient] ⚠️ Health check failed with status ${response.status}. Client may not be working correctly.`);\n }\n } catch (error: any) {\n console.warn('[KronosClient] ⚠️ Health check failed - Unable to connect to Kronos worker:', error.message);\n console.warn('[KronosClient] Please verify that:');\n console.warn('[KronosClient] 1. The worker URL is correct:', this.workerUrl);\n console.warn('[KronosClient] 2. The worker is running and accessible');\n console.warn('[KronosClient] 3. Network connectivity is available');\n }\n }\n\n // ---------------------------------------------------------------------------\n // Worker request helper (uses Bearer auth)\n // ---------------------------------------------------------------------------\n private async workerFetch<T>(\n path: string,\n options: { method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'; json?: object; idempotencyKey?: string } = {}\n ): Promise<T> {\n const { json, idempotencyKey, method } = options;\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n Authorization: `Bearer ${this.apiKey}`,\n };\n if (idempotencyKey) headers['Idempotency-Key'] = idempotencyKey;\n const res = await fetch(`${this.workerUrl}${path}`, {\n method: method ?? (json ? 'POST' : 'GET'),\n headers,\n body: json ? JSON.stringify(json) : undefined,\n });\n return this.handleResponse<T>(res);\n }\n\n // ---------------------------------------------------------------------------\n // Mastra request helper (no Bearer auth per current API)\n // ---------------------------------------------------------------------------\n private async mastraFetch<T>(\n path: string,\n options: { method?: 'GET' | 'POST'; json?: object } = {}\n ): Promise<T> {\n const { json, method } = options;\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n };\n const res = await fetch(`${this.mastraUrl}${path}`, {\n method: method ?? (json ? 'POST' : 'GET'),\n headers,\n body: json ? JSON.stringify(json) : undefined,\n });\n return this.handleResponse<T>(res);\n }\n\n private async handleResponse<T>(res: Response): Promise<T> {\n const text = await res.text();\n let body: unknown = null;\n try {\n body = text ? JSON.parse(text) : null;\n } catch {\n body = text;\n }\n\n if (!res.ok) {\n const errBody = body as { error?: string } | null;\n const message = (errBody && typeof errBody.error === 'string')\n ? errBody.error\n : `Request failed with status ${res.status}`;\n\n switch (res.status) {\n case 400:\n throw new KronosBadRequestError(message, body);\n case 401:\n throw new KronosUnauthorizedError(message, body);\n case 403:\n throw new KronosForbiddenError(message, body);\n case 404:\n throw new KronosNotFoundError(message, body);\n default:\n if (res.status >= 500) {\n throw new KronosServerError(message, res.status, body);\n }\n throw new KronosError(message, res.status, undefined, body);\n }\n }\n\n return (body ?? null) as T;\n }\n\n // ---------------------------------------------------------------------------\n // Ingest API\n // ---------------------------------------------------------------------------\n\n /**\n * Submit a document for ingestion.\n * @param params - source_type, content, optional metadata, addToMemory, and idempotencyKey\n * @returns ingest_id\n */\n async ingest(params: {\n tenant_user_id: string;\n source_type: string;\n priority?: 'low' | 'medium' | 'high';\n addToMemory?: boolean;\n content: { type: 'text'; text: string };\n metadata?: Record<string, unknown>;\n idempotencyKey?: string;\n }): Promise<IngestResponse> {\n const idempotencyKey = params.idempotencyKey ?? generateIdempotencyKey();\n const body: IngestRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n source_type: params.source_type,\n priority: params.priority,\n addToMemory: params.addToMemory,\n content: params.content,\n metadata: params.metadata,\n };\n return this.workerFetch<IngestResponse>('/v1/ingest', {\n method: 'POST',\n json: body,\n idempotencyKey,\n });\n }\n\n /**\n * Get the status of an ingest.\n */\n async getIngestStatus(ingestId: string): Promise<IngestStatusResponse> {\n return this.workerFetch<IngestStatusResponse>(`/v1/ingest/${ingestId}`, {\n method: 'GET',\n });\n }\n\n // ---------------------------------------------------------------------------\n // MCP Server API\n // ---------------------------------------------------------------------------\n\n /**\n * Create an MCP server scoped to the given scopes.\n * Use connectMCPServer() to get a short-lived access token for MCP auth.\n */\n async createMCPServer(params: {\n tenant_user_id: string;\n name: string;\n /** Omit or pass [] for all-memory access. */\n scope_ids?: string[] | null;\n description?: string;\n options?: {\n /** Expose `search_skills` and `read_skill`. Defaults to true. */\n exposeSkillsTool?: boolean;\n /** Expose the read-only `context_graph` tool. Defaults to false. */\n exposeContextGraphTool?: boolean;\n };\n }): Promise<CreateMCPServerResponse> {\n const body: CreateMCPServerRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n scope_ids: params.scope_ids ?? [],\n name: params.name,\n description: params.description,\n options: {\n exposeSkillsTool: params.options?.exposeSkillsTool ?? true,\n exposeContextGraphTool: params.options?.exposeContextGraphTool ?? false,\n },\n };\n const res = await this.workerFetch<{\n mcp_server_id: string;\n url: string;\n status: 'active' | 'disabled';\n name: string;\n description: string | null;\n scope_ids: string[];\n tool_capabilities: { skills: boolean; context_graph: boolean };\n }>('/v1/mcp-servers', { method: 'POST', json: body });\n return {\n mcp_server_id: res.mcp_server_id,\n url: res.url.startsWith('http') ? res.url : `${this.workerUrl}${res.url}`,\n status: res.status,\n name: res.name,\n description: res.description,\n scope_ids: res.scope_ids,\n tool_capabilities: res.tool_capabilities ?? {\n skills: true,\n context_graph: false,\n },\n };\n }\n\n /**\n * List MCP servers for a user. Returns metadata only (no token).\n */\n async listMCPServers(params: {\n tenant_user_id: string;\n }): Promise<ListMCPServersResponse> {\n const path = `/v1/mcp-servers?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<ListMCPServersResponse>(path, { method: 'GET' });\n }\n\n /**\n * Get MCP server details for a user by server ID. Returns metadata only (no token).\n */\n async getMCPServer(params: {\n tenant_user_id: string;\n serverId: string;\n }): Promise<GetMCPServerResponse> {\n const path = `/v1/mcp-servers/${params.serverId}?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<GetMCPServerResponse>(path, { method: 'GET' });\n }\n\n async updateMCPServer(params: {\n tenant_user_id: string;\n serverId: string;\n tool_capabilities: {\n skills: boolean;\n context_graph: boolean;\n };\n }): Promise<GetMCPServerResponse> {\n const body: UpdateMCPServerRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n tool_capabilities: params.tool_capabilities,\n };\n\n return this.workerFetch<GetMCPServerResponse>(`/v1/mcp-servers/${params.serverId}`, {\n method: 'PUT',\n json: body,\n });\n }\n\n /**\n * Connect to an MCP server by ID and receive a short-lived access token.\n * Use the returned access_token as Bearer token when calling the MCP endpoint.\n */\n async connectMCPServer(params: {\n tenant_user_id: string;\n serverId: string;\n }): Promise<ConnectMCPServerResponse> {\n const body: ConnectMCPServerRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n };\n const res = await this.workerFetch<ConnectMCPServerResponse>(\n `/v1/mcp-servers/${params.serverId}/connect`,\n { method: 'POST', json: body }\n );\n return {\n ...res,\n url: res.url.startsWith('http') ? res.url : `${this.workerUrl}${res.url}`,\n };\n }\n\n /**\n * Rotate the token for an MCP server. The new token is returned only on rotate.\n */\n async rotateMCPServerToken(params: {\n tenant_user_id: string;\n serverId: string;\n }): Promise<RotateMCPServerTokenResponse> {\n return this.workerFetch<RotateMCPServerTokenResponse>(\n `/v1/mcp-servers/${params.serverId}/rotate-token`,\n {\n method: 'POST',\n json: { app_id: this.appId, tenant_user_id: params.tenant_user_id },\n }\n );\n }\n\n /**\n * Get memory stats for a user (total claim count across entire memory graph).\n * Worker caches the response for 5 minutes per user.\n */\n async getMemoryStats(params: {\n tenant_user_id: string;\n }): Promise<MemoryStatsResponse> {\n const path = `/v1/memory-stats?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<MemoryStatsResponse>(path, { method: 'GET' });\n }\n\n /**\n * Get aggregated AI stage cost totals for the app, or for a single user if specified.\n */\n async getCostSummary(params: {\n tenant_user_id?: string;\n } = {}): Promise<CostSummaryResponse> {\n const query = new URLSearchParams({\n app_id: this.appId,\n });\n if (params.tenant_user_id) {\n query.set('tenant_user_id', params.tenant_user_id);\n }\n\n return this.workerFetch<CostSummaryResponse>(\n `/v1/costs/summary?${query.toString()}`,\n { method: 'GET' },\n );\n }\n\n /**\n * Get daily AI stage cost totals for the app, or for a single user if specified.\n */\n async getCostBreakdown(params: {\n tenant_user_id?: string;\n days?: number;\n } = {}): Promise<CostBreakdownResponse> {\n const query = new URLSearchParams({\n app_id: this.appId,\n });\n if (params.tenant_user_id) {\n query.set('tenant_user_id', params.tenant_user_id);\n }\n if (typeof params.days === 'number' && Number.isFinite(params.days)) {\n query.set('days', String(Math.trunc(params.days)));\n }\n\n return this.workerFetch<CostBreakdownResponse>(\n `/v1/costs/breakdown?${query.toString()}`,\n { method: 'GET' },\n );\n }\n\n /**\n * Read the current scratchsheet document for a user.\n */\n async getScratchsheet(params: {\n tenant_user_id: string;\n }): Promise<ScratchsheetResponse> {\n const path = `/v1/scratchsheet?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<ScratchsheetResponse>(path, { method: 'GET' });\n }\n\n /**\n * List scopes for a user. Returns full scope details. Cached 5 min per user.\n */\n async listScopes(params: {\n tenant_user_id: string;\n }): Promise<ListScopesResponse> {\n const path = `/v1/scopes?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<ListScopesResponse>(path, { method: 'GET' });\n }\n\n /**\n * Get a single scope by ID. Returns full scope details.\n */\n async getScope(params: {\n tenant_user_id: string;\n scope_id: string;\n }): Promise<GetScopeResponse> {\n const path = `/v1/scopes/${encodeURIComponent(params.scope_id)}?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<GetScopeResponse>(path, { method: 'GET' });\n }\n\n // ---------------------------------------------------------------------------\n // Scope API (Mastra)\n // ---------------------------------------------------------------------------\n\n /**\n * Create a scope. A backfill job runs asynchronously to populate it.\n * If spec.allowed_source_types is omitted, it defaults to ['all'].\n * Uses the Worker so the scopes list cache is invalidated after create.\n */\n async createScope(params: {\n tenant_user_id: string;\n spec: ScopeSpec;\n created_by: string;\n description?: string;\n }): Promise<CreateScopeResponse> {\n const spec = {\n ...params.spec,\n allowed_source_types: params.spec.allowed_source_types ?? ['all'],\n };\n const body: CreateScopeRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n spec,\n created_by: params.created_by,\n description: params.description,\n };\n return this.workerFetch<CreateScopeResponse>('/v1/scopes', {\n method: 'POST',\n json: body,\n });\n }\n\n /**\n * Update a scope. Only provided fields are updated.\n * If include_query, exclude_query, match_mode, time_range, or allowed_source_types change,\n * a backfill job runs to recompute membership (response includes backfill_job_id).\n * Otherwise only DB and Neo4j metadata are updated.\n */\n async updateScope(params: {\n tenant_user_id: string;\n scope_id: string;\n name?: string;\n description?: string | null;\n include_query?: string;\n exclude_query?: string | null;\n match_mode?: 'strict' | 'broad';\n time_range?: { start?: string; end?: string };\n allowed_source_types?: string[] | 'all';\n }): Promise<UpdateScopeResponse> {\n const { scope_id, tenant_user_id, ...patch } = params;\n const body: Record<string, unknown> = {};\n if (patch.name !== undefined) body.name = patch.name;\n if (patch.description !== undefined) body.description = patch.description;\n if (patch.include_query !== undefined) body.include_query = patch.include_query;\n if (patch.exclude_query !== undefined) body.exclude_query = patch.exclude_query;\n if (patch.match_mode !== undefined) body.match_mode = patch.match_mode;\n if (patch.time_range !== undefined) body.time_range = patch.time_range;\n if (patch.allowed_source_types !== undefined) body.allowed_source_types = patch.allowed_source_types;\n\n const path = `/v1/scopes/${encodeURIComponent(scope_id)}?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id,\n }).toString()}`;\n return this.workerFetch<UpdateScopeResponse>(path, {\n method: 'PATCH',\n json: body,\n });\n }\n\n /**\n * Soft-delete a scope. Invalidates the scopes list cache for that user.\n */\n async deleteScope(params: {\n tenant_user_id: string;\n scope_id: string;\n }): Promise<{ deleted: boolean }> {\n const path = `/v1/scopes/${encodeURIComponent(params.scope_id)}?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<{ deleted: boolean }>(path, { method: 'DELETE' });\n }\n\n // ---------------------------------------------------------------------------\n // Webhook Verification API (Worker)\n // ---------------------------------------------------------------------------\n\n /**\n * Verify a webhook secret for a trigger.\n * This method calls the Kronos worker API to verify the webhook secret.\n * \n * @param params - app_id, tenant_user_id, trigger_id and received_secret to verify\n * @returns true if secret is valid, false otherwise\n */\n async verifyWebhookSecret(params: {\n tenant_user_id: string;\n trigger_id: string;\n received_secret: string;\n }): Promise<boolean> {\n const body = {\n trigger_id: params.trigger_id,\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n received_secret: params.received_secret,\n };\n \n try {\n const response = await this.workerFetch<{ valid: boolean }>('/v1/triggers/verify-webhook', {\n method: 'POST',\n json: body,\n });\n \n return response.valid;\n } catch (error: any) {\n // If verification fails (e.g., trigger not found), return false\n console.error('[KronosClient] Webhook verification error:', error);\n return false;\n }\n }\n\n // ---------------------------------------------------------------------------\n // Trigger Management API (Worker)\n // ---------------------------------------------------------------------------\n\n /**\n * List triggers for a tenant user.\n */\n async listTriggers(params: {\n tenant_user_id: string;\n }): Promise<ListTriggersResponse> {\n const query = new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n });\n \n return this.workerFetch<ListTriggersResponse>(`/v1/triggers?${query.toString()}`, {\n method: 'GET',\n });\n }\n\n /**\n * Create a trigger.\n * Supports NL creation (trigger_description) or manual creation (trigger_type/trigger_spec).\n *\n * @returns CreateTriggerResponse (accepted for NL, trigger_id for manual)\n */\n async createTrigger(params: {\n tenant_user_id: string;\n webhook_url: string;\n webhook_secret: string;\n title?: string | null;\n action_description?: string;\n skill_id?: string;\n skill_version_id?: string;\n trigger_description?: string;\n trigger_type?: CreateTriggerRequest['trigger_type'];\n trigger_spec?: CreateTriggerRequest['trigger_spec'];\n next_run_at?: string;\n on_triggered?: CreateTriggerRequest['on_triggered'];\n metadata?: Record<string, unknown>;\n idempotencyKey?: string;\n }): Promise<CreateTriggerResponse> {\n const body: CreateTriggerRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n webhook_url: params.webhook_url,\n webhook_secret: params.webhook_secret,\n title: params.title,\n action_description: params.action_description,\n skill_id: params.skill_id,\n skill_version_id: params.skill_version_id,\n trigger_description: params.trigger_description,\n trigger_type: params.trigger_type,\n trigger_spec: params.trigger_spec,\n next_run_at: params.next_run_at,\n on_triggered: params.on_triggered,\n metadata: params.metadata,\n };\n\n return this.workerFetch<CreateTriggerResponse>('/v1/triggers', {\n method: 'POST',\n json: body,\n idempotencyKey: params.idempotencyKey,\n });\n }\n\n /**\n * Get details for a specific trigger.\n * Uses listTriggers and filters by trigger_id.\n */\n async getTriggerDetails(params: {\n tenant_user_id: string;\n trigger_id: string;\n }): Promise<TriggerRecord> {\n const response = await this.listTriggers({ tenant_user_id: params.tenant_user_id });\n const trigger = response.triggers.find((t) => t.trigger_id === params.trigger_id);\n\n if (!trigger) {\n throw new KronosNotFoundError(`Trigger not found: ${params.trigger_id}`);\n }\n\n return trigger;\n }\n\n /**\n * Update a trigger.\n * Updates the webhook_url, action_description, status, or metadata of an existing trigger.\n * \n * @param params - app_id, tenant_user_id, trigger_id and fields to update\n * @returns UpdateTriggerResponse with success status\n */\n async updateTrigger(params: {\n tenant_user_id: string;\n trigger_id: string;\n webhook_url?: string;\n title?: string | null;\n trigger_type?: UpdateTriggerRequest['trigger_type'];\n trigger_spec?: UpdateTriggerRequest['trigger_spec'];\n next_run_at?: UpdateTriggerRequest['next_run_at'];\n action_description?: string;\n skill_id?: string | null;\n skill_version_id?: string | null;\n on_triggered?: UpdateTriggerRequest['on_triggered'];\n status?: string;\n metadata?: Record<string, unknown>;\n }): Promise<UpdateTriggerResponse> {\n const body: UpdateTriggerRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n webhook_url: params.webhook_url,\n title: params.title,\n trigger_type: params.trigger_type,\n trigger_spec: params.trigger_spec,\n next_run_at: params.next_run_at,\n action_description: params.action_description,\n skill_id: params.skill_id,\n skill_version_id: params.skill_version_id,\n on_triggered: params.on_triggered,\n status: params.status,\n metadata: params.metadata,\n };\n \n return this.workerFetch<UpdateTriggerResponse>(`/v1/triggers/${params.trigger_id}`, {\n method: 'PUT',\n json: body,\n });\n }\n\n /**\n * Delete a trigger.\n */\n async deleteTrigger(params: {\n tenant_user_id: string;\n trigger_id: string;\n }): Promise<DeleteTriggerResponse> {\n const query = new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n });\n\n return this.workerFetch<DeleteTriggerResponse>(\n `/v1/triggers/${encodeURIComponent(params.trigger_id)}?${query.toString()}`,\n { method: 'DELETE' }\n );\n }\n\n // ---------------------------------------------------------------------------\n // Frontend Tokens (Server-side only)\n // ---------------------------------------------------------------------------\n\n /**\n * Issue a short-lived, user-scoped frontend token.\n * The browser can use this token directly against the Kronos worker for\n * allowed operations (e.g. trigger CRUD) without needing the app API key.\n *\n * This method must be called from a trusted server environment.\n */\n async createFrontendToken(params: {\n tenantUserId: string;\n ttlSeconds?: number;\n ops?: string[];\n }): Promise<CreateFrontendTokenResponse> {\n const res = await this.workerFetch<{ token: string; expires_at: string }>(\n '/v1/frontend-tokens',\n {\n method: 'POST',\n json: {\n app_id: this.appId,\n tenant_user_id: params.tenantUserId,\n ttl_seconds: params.ttlSeconds,\n ops: params.ops,\n },\n },\n );\n return { token: res.token, expiresAt: res.expires_at };\n }\n\n // ---------------------------------------------------------------------------\n // Skills API (Worker)\n // ---------------------------------------------------------------------------\n\n /**\n * Canonical skills API with operation-based contract.\n */\n async manageSkill(params: SkillManageParams): Promise<SkillManageResponse> {\n const idempotencyKey =\n params.operation === 'create' || params.operation === 'update'\n ? params.idempotencyKey\n : undefined;\n\n return this.workerFetch<SkillManageResponse>('/v1/skills/manage', {\n method: 'POST',\n json: {\n ...params,\n app_id: this.appId,\n },\n idempotencyKey,\n });\n }\n\n private async resolveContextGraphSkillId(\n tenantUserId: string\n ): Promise<string | null> {\n const listed = await this.manageSkill({\n operation: 'list',\n tenant_user_id: tenantUserId,\n include_internal: true,\n });\n\n const match = (listed.skills ?? []).find(\n (skill) => skill.name === INTERNAL_CONTEXT_GRAPH_SKILL_NAME\n );\n\n return match?.skill_id ?? null;\n }\n\n private parseContextGraphProcedures(\n files: Array<{ path: string; content?: string }>\n ): ContextGraphProcedureSummary[] {\n return files\n .filter((file) => file.path.startsWith('procedures/') && file.path.endsWith('.md'))\n .map((file) => {\n const content = file.content ?? '';\n const normalized = content.replace(/\\r\\n/g, '\\n');\n\n if (normalized.startsWith('---\\n')) {\n const endIndex = normalized.indexOf('\\n---\\n', 4);\n if (endIndex !== -1) {\n const frontmatter = normalized.slice(4, endIndex);\n const metadata: Record<string, string> = {};\n for (const line of frontmatter.split('\\n')) {\n const separatorIndex = line.indexOf(':');\n if (separatorIndex === -1) continue;\n const key = line.slice(0, separatorIndex).trim();\n const value = line.slice(separatorIndex + 1).trim();\n if (key && value) {\n metadata[key] = value;\n }\n }\n\n return {\n title: metadata.title || (file.path.split('/').pop() ?? file.path),\n description: metadata.description || '',\n path: file.path,\n };\n }\n }\n\n const lines = content.split(/\\r?\\n/);\n const titleLine = lines.find((line) => line.startsWith('# '));\n const title = titleLine ? titleLine.replace(/^#\\s+/, '').trim() : file.path.split('/').pop() ?? file.path;\n const description =\n lines\n .slice(1)\n .map((line) => line.trim())\n .find((line) => line.length > 0 && !line.startsWith('#')) ?? '';\n\n return {\n title,\n description,\n path: file.path,\n };\n })\n .sort((a, b) => a.path.localeCompare(b.path));\n }\n\n async getContextGraph(params: {\n tenant_user_id: string;\n }): Promise<ContextGraphSummaryResponse> {\n const skillId = await this.resolveContextGraphSkillId(params.tenant_user_id);\n if (!skillId) {\n return {\n skill_id: null,\n procedures: [],\n };\n }\n\n const treeResult = await this.manageSkill({\n operation: 'read',\n tenant_user_id: params.tenant_user_id,\n skill_id: skillId,\n mode: 'tree',\n });\n\n const procedurePaths = (treeResult.tree ?? [])\n .filter((node) => node.kind === 'file' && node.path.startsWith('procedures/') && node.path.endsWith('.md'))\n .map((node) => node.path);\n\n if (procedurePaths.length === 0) {\n return {\n skill_id: skillId,\n procedures: [],\n };\n }\n\n const filesResult = await this.manageSkill({\n operation: 'read',\n tenant_user_id: params.tenant_user_id,\n skill_id: skillId,\n mode: 'files',\n files: procedurePaths,\n fileContent: 'full',\n });\n\n return {\n skill_id: skillId,\n procedures: this.parseContextGraphProcedures(filesResult.files ?? []),\n };\n }\n\n async readContextGraph(params: {\n tenant_user_id: string;\n path?: string;\n }): Promise<ContextGraphReadResponse> {\n const skillId = await this.resolveContextGraphSkillId(params.tenant_user_id);\n const requestedPath = params.path?.trim() || 'SKILL.md';\n\n if (!skillId) {\n return {\n skill_id: null,\n path: requestedPath,\n content: null,\n };\n }\n\n if (requestedPath === 'SKILL.md') {\n const result = await this.manageSkill({\n operation: 'read',\n tenant_user_id: params.tenant_user_id,\n skill_id: skillId,\n mode: 'instructions',\n });\n\n return {\n skill_id: skillId,\n path: 'SKILL.md',\n content: result.instructions ?? null,\n };\n }\n\n const result = await this.manageSkill({\n operation: 'read',\n tenant_user_id: params.tenant_user_id,\n skill_id: skillId,\n mode: 'files',\n files: [requestedPath],\n fileContent: 'full',\n });\n\n const file = (result.files ?? []).find((entry) => entry.path === requestedPath);\n\n return {\n skill_id: skillId,\n path: requestedPath,\n content: file?.content ?? null,\n };\n }\n}\n","/**\n * Webhook verification utilities for Kronos triggers\n * Provides secure constant-time comparison for webhook secrets\n */\n\n/**\n * Verify a webhook secret using constant-time comparison to prevent timing attacks.\n * \n * @param receivedSecret - The secret received in the webhook header\n * @param storedSecret - The secret stored in the database for the trigger\n * @returns true if secrets match, false otherwise\n * \n * @example\n * ```typescript\n * import { verifyWebhookSecret } from '@gdrl/kronos-lib/webhook-verification';\n * \n * const isValid = verifyWebhookSecret(\n * request.headers.get('X-Kronos-Webhook-Secret'),\n * trigger.webhook_secret\n * );\n * \n * if (!isValid) {\n * return new Response('Unauthorized', { status: 401 });\n * }\n * ```\n */\nexport function verifyWebhookSecret(\n receivedSecret: string | null | undefined,\n storedSecret: string | null | undefined\n): boolean {\n // If either is missing, they don't match\n if (!receivedSecret || !storedSecret) {\n return false;\n }\n\n // Constant-time comparison to prevent timing attacks\n if (receivedSecret.length !== storedSecret.length) {\n return false;\n }\n\n let result = 0;\n for (let i = 0; i < receivedSecret.length; i++) {\n result |= receivedSecret.charCodeAt(i) ^ storedSecret.charCodeAt(i);\n }\n\n return result === 0;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACGO,IAAM,cAAN,MAAM,qBAAoB,MAAM;AAAA,EACrC,YACE,SACgB,QACA,MACA,MAChB;AACA,UAAM,OAAO;AAJG;AACA;AACA;AAGhB,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,aAAY,SAAS;AAAA,EACnD;AACF;AAKO,IAAM,wBAAN,MAAM,+BAA8B,YAAY;AAAA,EACrD,YAAY,SAAiB,MAAgB;AAC3C,UAAM,SAAS,KAAK,eAAe,IAAI;AACvC,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,uBAAsB,SAAS;AAAA,EAC7D;AACF;AAKO,IAAM,0BAAN,MAAM,iCAAgC,YAAY;AAAA,EACvD,YAAY,SAAiB,MAAgB;AAC3C,UAAM,SAAS,KAAK,gBAAgB,IAAI;AACxC,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,yBAAwB,SAAS;AAAA,EAC/D;AACF;AAKO,IAAM,uBAAN,MAAM,8BAA6B,YAAY;AAAA,EACpD,YAAY,SAAiB,MAAgB;AAC3C,UAAM,SAAS,KAAK,aAAa,IAAI;AACrC,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,sBAAqB,SAAS;AAAA,EAC5D;AACF;AAKO,IAAM,sBAAN,MAAM,6BAA4B,YAAY;AAAA,EACnD,YAAY,SAAiB,MAAgB;AAC3C,UAAM,SAAS,KAAK,aAAa,IAAI;AACrC,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,qBAAoB,SAAS;AAAA,EAC3D;AACF;AAKO,IAAM,oBAAN,MAAM,2BAA0B,YAAY;AAAA,EACjD,YAAY,SAAiB,QAAiB,MAAgB;AAC5D,UAAM,SAAS,QAAQ,gBAAgB,IAAI;AAC3C,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,mBAAkB,SAAS;AAAA,EACzD;AACF;;;AChEO,SAAS,yBAAiC;AAC/C,MAAI,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,YAAY;AAC5E,WAAO,OAAO,WAAW;AAAA,EAC3B;AACA,SAAO,QAAQ,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,EAAE,CAAC;AACtE;;;ACqCA,IAAM,qBAAqB;AAC3B,IAAM,qBAAqB;AAC3B,IAAM,oCAAoC;AAEnC,IAAM,eAAN,MAAmB;AAAA,EAMxB,YAAY,QAA4B;AACtC,QAAI,CAAC,OAAO,QAAQ;AAClB,YAAM,IAAI,MAAM,iDAAiD;AAAA,IACnE;AACA,QAAI,CAAC,OAAO,OAAO;AACjB,YAAM,IAAI,MAAM,gDAAgD;AAAA,IAClE;AACA,SAAK,aAAa,OAAO,aAAa,QAAQ,IAAI,qBAAqB,oBAAoB,QAAQ,OAAO,EAAE;AAC5G,SAAK,aAAa,OAAO,aAAa,QAAQ,IAAI,qBAAqB,oBAAoB,QAAQ,OAAO,EAAE;AAC5G,SAAK,SAAS,OAAO;AACrB,SAAK,QAAQ,OAAO;AAEpB,UAAM,iBAAiB,KAAK,cAAc;AAC1C,UAAM,iBAAiB,KAAK,cAAc;AAC1C,QAAI,kBAAkB,gBAAgB;AACpC,cAAQ,IAAI,wCAAwC;AAAA,QAClD,WAAW,KAAK;AAAA,QAChB,WAAW,KAAK;AAAA,MAClB,CAAC;AAAA,IACH;AAEA,YAAQ,IAAI,mDAA8C;AAAA,MACxD,OAAO,KAAK;AAAA,MACZ,WAAW,KAAK;AAAA,MAChB,WAAW,KAAK;AAAA,MAChB,WAAW,CAAC,CAAC,KAAK;AAAA,IACpB,CAAC;AAGD,SAAK,YAAY,EAAE,MAAM,MAAM;AAAA,IAE/B,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,cAA6B;AACzC,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,SAAS,WAAW;AAAA,QACvD,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,MACF,CAAC;AAED,UAAI,SAAS,IAAI;AACf,cAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAI,KAAK,WAAW,MAAM;AACxB,kBAAQ,IAAI,6EAAwE;AAAA,QACtF,OAAO;AACL,kBAAQ,KAAK,yEAA+D,IAAI;AAAA,QAClF;AAAA,MACF,OAAO;AACL,gBAAQ,KAAK,gEAAsD,SAAS,MAAM,wCAAwC;AAAA,MAC5H;AAAA,IACF,SAAS,OAAY;AACnB,cAAQ,KAAK,0FAAgF,MAAM,OAAO;AAC1G,cAAQ,KAAK,oCAAoC;AACjD,cAAQ,KAAK,kDAAkD,KAAK,SAAS;AAC7E,cAAQ,KAAK,0DAA0D;AACvE,cAAQ,KAAK,uDAAuD;AAAA,IACtE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,YACZ,MACA,UAA4G,CAAC,GACjG;AACZ,UAAM,EAAE,MAAM,gBAAgB,OAAO,IAAI;AACzC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,UAAU,KAAK,MAAM;AAAA,IACtC;AACA,QAAI,eAAgB,SAAQ,iBAAiB,IAAI;AACjD,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,SAAS,GAAG,IAAI,IAAI;AAAA,MAClD,QAAQ,WAAW,OAAO,SAAS;AAAA,MACnC;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AACD,WAAO,KAAK,eAAkB,GAAG;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,YACZ,MACA,UAAsD,CAAC,GAC3C;AACZ,UAAM,EAAE,MAAM,OAAO,IAAI;AACzB,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,IAClB;AACA,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,SAAS,GAAG,IAAI,IAAI;AAAA,MAClD,QAAQ,WAAW,OAAO,SAAS;AAAA,MACnC;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AACD,WAAO,KAAK,eAAkB,GAAG;AAAA,EACnC;AAAA,EAEA,MAAc,eAAkB,KAA2B;AACzD,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,OAAgB;AACpB,QAAI;AACF,aAAO,OAAO,KAAK,MAAM,IAAI,IAAI;AAAA,IACnC,QAAQ;AACN,aAAO;AAAA,IACT;AAEA,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,UAAU;AAChB,YAAM,UAAW,WAAW,OAAO,QAAQ,UAAU,WACjD,QAAQ,QACR,8BAA8B,IAAI,MAAM;AAE5C,cAAQ,IAAI,QAAQ;AAAA,QAClB,KAAK;AACH,gBAAM,IAAI,sBAAsB,SAAS,IAAI;AAAA,QAC/C,KAAK;AACH,gBAAM,IAAI,wBAAwB,SAAS,IAAI;AAAA,QACjD,KAAK;AACH,gBAAM,IAAI,qBAAqB,SAAS,IAAI;AAAA,QAC9C,KAAK;AACH,gBAAM,IAAI,oBAAoB,SAAS,IAAI;AAAA,QAC7C;AACE,cAAI,IAAI,UAAU,KAAK;AACrB,kBAAM,IAAI,kBAAkB,SAAS,IAAI,QAAQ,IAAI;AAAA,UACvD;AACA,gBAAM,IAAI,YAAY,SAAS,IAAI,QAAQ,QAAW,IAAI;AAAA,MAC9D;AAAA,IACF;AAEA,WAAQ,QAAQ;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,OAAO,QAQe;AAC1B,UAAM,iBAAiB,OAAO,kBAAkB,uBAAuB;AACvE,UAAM,OAAsB;AAAA,MAC1B,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,aAAa,OAAO;AAAA,MACpB,UAAU,OAAO;AAAA,MACjB,aAAa,OAAO;AAAA,MACpB,SAAS,OAAO;AAAA,MAChB,UAAU,OAAO;AAAA,IACnB;AACA,WAAO,KAAK,YAA4B,cAAc;AAAA,MACpD,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,UAAiD;AACrE,WAAO,KAAK,YAAkC,cAAc,QAAQ,IAAI;AAAA,MACtE,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,gBAAgB,QAYe;AACnC,UAAM,OAA+B;AAAA,MACnC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,WAAW,OAAO,aAAa,CAAC;AAAA,MAChC,MAAM,OAAO;AAAA,MACb,aAAa,OAAO;AAAA,MACpB,SAAS;AAAA,QACP,kBAAkB,OAAO,SAAS,oBAAoB;AAAA,QACtD,wBAAwB,OAAO,SAAS,0BAA0B;AAAA,MACpE;AAAA,IACF;AACA,UAAM,MAAM,MAAM,KAAK,YAQpB,mBAAmB,EAAE,QAAQ,QAAQ,MAAM,KAAK,CAAC;AACpD,WAAO;AAAA,MACL,eAAe,IAAI;AAAA,MACnB,KAAK,IAAI,IAAI,WAAW,MAAM,IAAI,IAAI,MAAM,GAAG,KAAK,SAAS,GAAG,IAAI,GAAG;AAAA,MACvE,QAAQ,IAAI;AAAA,MACZ,MAAM,IAAI;AAAA,MACV,aAAa,IAAI;AAAA,MACjB,WAAW,IAAI;AAAA,MACf,mBAAmB,IAAI,qBAAqB;AAAA,QAC1C,QAAQ;AAAA,QACR,eAAe;AAAA,MACjB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,QAEe;AAClC,UAAM,OAAO,mBAAmB,IAAI,gBAAgB;AAAA,MAClD,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAoC,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACzE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,QAGe;AAChC,UAAM,OAAO,mBAAmB,OAAO,QAAQ,IAAI,IAAI,gBAAgB;AAAA,MACrE,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAkC,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,gBAAgB,QAOY;AAChC,UAAM,OAA+B;AAAA,MACnC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,mBAAmB,OAAO;AAAA,IAC5B;AAEA,WAAO,KAAK,YAAkC,mBAAmB,OAAO,QAAQ,IAAI;AAAA,MAClF,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,iBAAiB,QAGe;AACpC,UAAM,OAAgC;AAAA,MACpC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB;AACA,UAAM,MAAM,MAAM,KAAK;AAAA,MACrB,mBAAmB,OAAO,QAAQ;AAAA,MAClC,EAAE,QAAQ,QAAQ,MAAM,KAAK;AAAA,IAC/B;AACA,WAAO;AAAA,MACL,GAAG;AAAA,MACH,KAAK,IAAI,IAAI,WAAW,MAAM,IAAI,IAAI,MAAM,GAAG,KAAK,SAAS,GAAG,IAAI,GAAG;AAAA,IACzE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,qBAAqB,QAGe;AACxC,WAAO,KAAK;AAAA,MACV,mBAAmB,OAAO,QAAQ;AAAA,MAClC;AAAA,QACE,QAAQ;AAAA,QACR,MAAM,EAAE,QAAQ,KAAK,OAAO,gBAAgB,OAAO,eAAe;AAAA,MACpE;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAe,QAEY;AAC/B,UAAM,OAAO,oBAAoB,IAAI,gBAAgB;AAAA,MACnD,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAiC,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,SAEjB,CAAC,GAAiC;AACpC,UAAM,QAAQ,IAAI,gBAAgB;AAAA,MAChC,QAAQ,KAAK;AAAA,IACf,CAAC;AACD,QAAI,OAAO,gBAAgB;AACzB,YAAM,IAAI,kBAAkB,OAAO,cAAc;AAAA,IACnD;AAEA,WAAO,KAAK;AAAA,MACV,qBAAqB,MAAM,SAAS,CAAC;AAAA,MACrC,EAAE,QAAQ,MAAM;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,SAGnB,CAAC,GAAmC;AACtC,UAAM,QAAQ,IAAI,gBAAgB;AAAA,MAChC,QAAQ,KAAK;AAAA,IACf,CAAC;AACD,QAAI,OAAO,gBAAgB;AACzB,YAAM,IAAI,kBAAkB,OAAO,cAAc;AAAA,IACnD;AACA,QAAI,OAAO,OAAO,SAAS,YAAY,OAAO,SAAS,OAAO,IAAI,GAAG;AACnE,YAAM,IAAI,QAAQ,OAAO,KAAK,MAAM,OAAO,IAAI,CAAC,CAAC;AAAA,IACnD;AAEA,WAAO,KAAK;AAAA,MACV,uBAAuB,MAAM,SAAS,CAAC;AAAA,MACvC,EAAE,QAAQ,MAAM;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,QAEY;AAChC,UAAM,OAAO,oBAAoB,IAAI,gBAAgB;AAAA,MACnD,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAkC,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,QAEe;AAC9B,UAAM,OAAO,cAAc,IAAI,gBAAgB;AAAA,MAC7C,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAgC,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAS,QAGe;AAC5B,UAAM,OAAO,cAAc,mBAAmB,OAAO,QAAQ,CAAC,IAAI,IAAI,gBAAgB;AAAA,MACpF,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAA8B,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,YAAY,QAKe;AAC/B,UAAM,OAAO;AAAA,MACX,GAAG,OAAO;AAAA,MACV,sBAAsB,OAAO,KAAK,wBAAwB,CAAC,KAAK;AAAA,IAClE;AACA,UAAM,OAA2B;AAAA,MAC/B,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB;AAAA,MACA,YAAY,OAAO;AAAA,MACnB,aAAa,OAAO;AAAA,IACtB;AACA,WAAO,KAAK,YAAiC,cAAc;AAAA,MACzD,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,YAAY,QAUe;AAC/B,UAAM,EAAE,UAAU,gBAAgB,GAAG,MAAM,IAAI;AAC/C,UAAM,OAAgC,CAAC;AACvC,QAAI,MAAM,SAAS,OAAW,MAAK,OAAO,MAAM;AAChD,QAAI,MAAM,gBAAgB,OAAW,MAAK,cAAc,MAAM;AAC9D,QAAI,MAAM,kBAAkB,OAAW,MAAK,gBAAgB,MAAM;AAClE,QAAI,MAAM,kBAAkB,OAAW,MAAK,gBAAgB,MAAM;AAClE,QAAI,MAAM,eAAe,OAAW,MAAK,aAAa,MAAM;AAC5D,QAAI,MAAM,eAAe,OAAW,MAAK,aAAa,MAAM;AAC5D,QAAI,MAAM,yBAAyB,OAAW,MAAK,uBAAuB,MAAM;AAEhF,UAAM,OAAO,cAAc,mBAAmB,QAAQ,CAAC,IAAI,IAAI,gBAAgB;AAAA,MAC7E,QAAQ,KAAK;AAAA,MACb;AAAA,IACF,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAiC,MAAM;AAAA,MACjD,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY,QAGgB;AAChC,UAAM,OAAO,cAAc,mBAAmB,OAAO,QAAQ,CAAC,IAAI,IAAI,gBAAgB;AAAA,MACpF,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAkC,MAAM,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,oBAAoB,QAIL;AACnB,UAAM,OAAO;AAAA,MACX,YAAY,OAAO;AAAA,MACnB,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,iBAAiB,OAAO;AAAA,IAC1B;AAEA,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,YAAgC,+BAA+B;AAAA,QACzF,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAED,aAAO,SAAS;AAAA,IAClB,SAAS,OAAY;AAEnB,cAAQ,MAAM,8CAA8C,KAAK;AACjE,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,aAAa,QAEe;AAChC,UAAM,QAAQ,IAAI,gBAAgB;AAAA,MAChC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC;AAED,WAAO,KAAK,YAAkC,gBAAgB,MAAM,SAAS,CAAC,IAAI;AAAA,MAChF,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,QAee;AACjC,UAAM,OAA6B;AAAA,MACjC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,aAAa,OAAO;AAAA,MACpB,gBAAgB,OAAO;AAAA,MACvB,OAAO,OAAO;AAAA,MACd,oBAAoB,OAAO;AAAA,MAC3B,UAAU,OAAO;AAAA,MACjB,kBAAkB,OAAO;AAAA,MACzB,qBAAqB,OAAO;AAAA,MAC5B,cAAc,OAAO;AAAA,MACrB,cAAc,OAAO;AAAA,MACrB,aAAa,OAAO;AAAA,MACpB,cAAc,OAAO;AAAA,MACrB,UAAU,OAAO;AAAA,IACnB;AAEA,WAAO,KAAK,YAAmC,gBAAgB;AAAA,MAC7D,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,gBAAgB,OAAO;AAAA,IACzB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAAkB,QAGG;AACzB,UAAM,WAAW,MAAM,KAAK,aAAa,EAAE,gBAAgB,OAAO,eAAe,CAAC;AAClF,UAAM,UAAU,SAAS,SAAS,KAAK,CAAC,MAAM,EAAE,eAAe,OAAO,UAAU;AAEhF,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,oBAAoB,sBAAsB,OAAO,UAAU,EAAE;AAAA,IACzE;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,cAAc,QAce;AACjC,UAAM,OAA6B;AAAA,MACjC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,aAAa,OAAO;AAAA,MACpB,OAAO,OAAO;AAAA,MACd,cAAc,OAAO;AAAA,MACrB,cAAc,OAAO;AAAA,MACrB,aAAa,OAAO;AAAA,MACpB,oBAAoB,OAAO;AAAA,MAC3B,UAAU,OAAO;AAAA,MACjB,kBAAkB,OAAO;AAAA,MACzB,cAAc,OAAO;AAAA,MACrB,QAAQ,OAAO;AAAA,MACf,UAAU,OAAO;AAAA,IACnB;AAEA,WAAO,KAAK,YAAmC,gBAAgB,OAAO,UAAU,IAAI;AAAA,MAClF,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAc,QAGe;AACjC,UAAM,QAAQ,IAAI,gBAAgB;AAAA,MAChC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC;AAED,WAAO,KAAK;AAAA,MACV,gBAAgB,mBAAmB,OAAO,UAAU,CAAC,IAAI,MAAM,SAAS,CAAC;AAAA,MACzE,EAAE,QAAQ,SAAS;AAAA,IACrB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,oBAAoB,QAIe;AACvC,UAAM,MAAM,MAAM,KAAK;AAAA,MACrB;AAAA,MACA;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,QAAQ,KAAK;AAAA,UACb,gBAAgB,OAAO;AAAA,UACvB,aAAa,OAAO;AAAA,UACpB,KAAK,OAAO;AAAA,QACd;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,OAAO,IAAI,OAAO,WAAW,IAAI,WAAW;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,YAAY,QAAyD;AACzE,UAAM,iBACJ,OAAO,cAAc,YAAY,OAAO,cAAc,WAClD,OAAO,iBACP;AAEN,WAAO,KAAK,YAAiC,qBAAqB;AAAA,MAChE,QAAQ;AAAA,MACR,MAAM;AAAA,QACJ,GAAG;AAAA,QACH,QAAQ,KAAK;AAAA,MACf;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,2BACZ,cACwB;AACxB,UAAM,SAAS,MAAM,KAAK,YAAY;AAAA,MACpC,WAAW;AAAA,MACX,gBAAgB;AAAA,MAChB,kBAAkB;AAAA,IACpB,CAAC;AAED,UAAM,SAAS,OAAO,UAAU,CAAC,GAAG;AAAA,MAClC,CAAC,UAAU,MAAM,SAAS;AAAA,IAC5B;AAEA,WAAO,OAAO,YAAY;AAAA,EAC5B;AAAA,EAEQ,4BACN,OACgC;AAChC,WAAO,MACJ,OAAO,CAAC,SAAS,KAAK,KAAK,WAAW,aAAa,KAAK,KAAK,KAAK,SAAS,KAAK,CAAC,EACjF,IAAI,CAAC,SAAS;AACb,YAAM,UAAU,KAAK,WAAW;AAChC,YAAM,aAAa,QAAQ,QAAQ,SAAS,IAAI;AAEhD,UAAI,WAAW,WAAW,OAAO,GAAG;AAClC,cAAM,WAAW,WAAW,QAAQ,WAAW,CAAC;AAChD,YAAI,aAAa,IAAI;AACnB,gBAAM,cAAc,WAAW,MAAM,GAAG,QAAQ;AAChD,gBAAM,WAAmC,CAAC;AAC1C,qBAAW,QAAQ,YAAY,MAAM,IAAI,GAAG;AAC1C,kBAAM,iBAAiB,KAAK,QAAQ,GAAG;AACvC,gBAAI,mBAAmB,GAAI;AAC3B,kBAAM,MAAM,KAAK,MAAM,GAAG,cAAc,EAAE,KAAK;AAC/C,kBAAM,QAAQ,KAAK,MAAM,iBAAiB,CAAC,EAAE,KAAK;AAClD,gBAAI,OAAO,OAAO;AAChB,uBAAS,GAAG,IAAI;AAAA,YAClB;AAAA,UACF;AAEA,iBAAO;AAAA,YACL,OAAO,SAAS,UAAU,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,KAAK,KAAK;AAAA,YAC7D,aAAa,SAAS,eAAe;AAAA,YACrC,MAAM,KAAK;AAAA,UACb;AAAA,QACF;AAAA,MACF;AAEA,YAAM,QAAQ,QAAQ,MAAM,OAAO;AACnC,YAAM,YAAY,MAAM,KAAK,CAAC,SAAS,KAAK,WAAW,IAAI,CAAC;AAC5D,YAAM,QAAQ,YAAY,UAAU,QAAQ,SAAS,EAAE,EAAE,KAAK,IAAI,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,KAAK,KAAK;AACrG,YAAM,cACJ,MACG,MAAM,CAAC,EACP,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,KAAK,CAAC,SAAS,KAAK,SAAS,KAAK,CAAC,KAAK,WAAW,GAAG,CAAC,KAAK;AAEjE,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA,MAAM,KAAK;AAAA,MACb;AAAA,IACF,CAAC,EACA,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,EAChD;AAAA,EAEA,MAAM,gBAAgB,QAEmB;AACvC,UAAM,UAAU,MAAM,KAAK,2BAA2B,OAAO,cAAc;AAC3E,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,UAAU;AAAA,QACV,YAAY,CAAC;AAAA,MACf;AAAA,IACF;AAEA,UAAM,aAAa,MAAM,KAAK,YAAY;AAAA,MACxC,WAAW;AAAA,MACX,gBAAgB,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAED,UAAM,kBAAkB,WAAW,QAAQ,CAAC,GACzC,OAAO,CAAC,SAAS,KAAK,SAAS,UAAU,KAAK,KAAK,WAAW,aAAa,KAAK,KAAK,KAAK,SAAS,KAAK,CAAC,EACzG,IAAI,CAAC,SAAS,KAAK,IAAI;AAE1B,QAAI,eAAe,WAAW,GAAG;AAC/B,aAAO;AAAA,QACL,UAAU;AAAA,QACV,YAAY,CAAC;AAAA,MACf;AAAA,IACF;AAEA,UAAM,cAAc,MAAM,KAAK,YAAY;AAAA,MACzC,WAAW;AAAA,MACX,gBAAgB,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,MAAM;AAAA,MACN,OAAO;AAAA,MACP,aAAa;AAAA,IACf,CAAC;AAED,WAAO;AAAA,MACL,UAAU;AAAA,MACV,YAAY,KAAK,4BAA4B,YAAY,SAAS,CAAC,CAAC;AAAA,IACtE;AAAA,EACF;AAAA,EAEA,MAAM,iBAAiB,QAGe;AACpC,UAAM,UAAU,MAAM,KAAK,2BAA2B,OAAO,cAAc;AAC3E,UAAM,gBAAgB,OAAO,MAAM,KAAK,KAAK;AAE7C,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,UAAU;AAAA,QACV,MAAM;AAAA,QACN,SAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,kBAAkB,YAAY;AAChC,YAAMA,UAAS,MAAM,KAAK,YAAY;AAAA,QACpC,WAAW;AAAA,QACX,gBAAgB,OAAO;AAAA,QACvB,UAAU;AAAA,QACV,MAAM;AAAA,MACR,CAAC;AAED,aAAO;AAAA,QACL,UAAU;AAAA,QACV,MAAM;AAAA,QACN,SAASA,QAAO,gBAAgB;AAAA,MAClC;AAAA,IACF;AAEA,UAAM,SAAS,MAAM,KAAK,YAAY;AAAA,MACpC,WAAW;AAAA,MACX,gBAAgB,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,MAAM;AAAA,MACN,OAAO,CAAC,aAAa;AAAA,MACrB,aAAa;AAAA,IACf,CAAC;AAED,UAAM,QAAQ,OAAO,SAAS,CAAC,GAAG,KAAK,CAAC,UAAU,MAAM,SAAS,aAAa;AAE9E,WAAO;AAAA,MACL,UAAU;AAAA,MACV,MAAM;AAAA,MACN,SAAS,MAAM,WAAW;AAAA,IAC5B;AAAA,EACF;AACF;;;ACj6BO,SAAS,oBACd,gBACA,cACS;AAET,MAAI,CAAC,kBAAkB,CAAC,cAAc;AACpC,WAAO;AAAA,EACT;AAGA,MAAI,eAAe,WAAW,aAAa,QAAQ;AACjD,WAAO;AAAA,EACT;AAEA,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,eAAe,QAAQ,KAAK;AAC9C,cAAU,eAAe,WAAW,CAAC,IAAI,aAAa,WAAW,CAAC;AAAA,EACpE;AAEA,SAAO,WAAW;AACpB;","names":["result"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/utils.ts","../src/webhook-verification.ts","../src/client.ts"],"sourcesContent":["export { KronosClient } from './client';\nexport { generateIdempotencyKey } from './utils';\nexport {\n verifyWebhookSecret,\n BILLING_USAGE_UPDATED_EVENT,\n KRONOS_WEBHOOK_SIGNATURE_HEADER,\n KRONOS_WEBHOOK_TIMESTAMP_HEADER,\n KRONOS_WEBHOOK_EVENT_ID_HEADER,\n KRONOS_WEBHOOK_EVENT_TYPE_HEADER,\n buildKronosWebhookSignatureInput,\n signKronosWebhookPayload,\n verifyKronosWebhookSignature,\n isBillingUsageWebhookEvent,\n KronosWebhookError,\n} from './webhook-verification';\nexport {\n KronosError,\n KronosBadRequestError,\n KronosUnauthorizedError,\n KronosForbiddenError,\n KronosNotFoundError,\n KronosServerError,\n} from './errors';\n\nexport type {\n KronosClientConfig,\n IngestStatus,\n IngestMemoryDisposition,\n IngestRequest,\n IngestResponse,\n IngestStatusResponse,\n CreateMCPServerRequest,\n CreateMCPServerResponse,\n MCPServerStatus,\n MCPServerToolCapabilities,\n MCPServerDetails,\n ListMCPServersResponse,\n GetMCPServerResponse,\n ConnectMCPServerRequest,\n ConnectMCPServerResponse,\n RotateMCPServerTokenRequest,\n RotateMCPServerTokenResponse,\n MemoryStatsResponse,\n CostSummaryResponse,\n CostBreakdownPoint,\n CostBreakdownResponse,\n BillingUsageWebhookEventData,\n BillingUsageWebhookEvent,\n GetBillingUsageWebhookResponse,\n ConfigureBillingUsageWebhookRequest,\n ConfigureBillingUsageWebhookResponse,\n DeleteBillingUsageWebhookResponse,\n ScratchsheetResponse,\n ScopeSummary,\n ScopeDetail,\n ListScopesResponse,\n GetScopeResponse,\n ScopeSpec,\n CreateScopeRequest,\n CreateScopeResponse,\n TriggerType,\n OnTriggered,\n TriggerRecord,\n CreateTriggerRequest,\n CreateTriggerResponse,\n ListTriggersResponse,\n UpdateTriggerRequest,\n UpdateTriggerResponse,\n DeleteTriggerResponse,\n CreateFrontendTokenRequest,\n CreateFrontendTokenResponse,\n SkillFileType,\n SkillReadMode,\n SkillFileContentMode,\n SkillFileInput,\n SkillFileRecord,\n SkillTreeNode,\n SkillMetadataRecord,\n SkillSummaryRecord,\n SkillManageParams,\n SkillManageResponse,\n ContextGraphProcedureSummary,\n ContextGraphSummaryResponse,\n ContextGraphReadResponse,\n} from './types';\n","/**\n * Base error for Kronos API failures\n */\nexport class KronosError extends Error {\n constructor(\n message: string,\n public readonly status?: number,\n public readonly code?: string,\n public readonly body?: unknown\n ) {\n super(message);\n this.name = 'KronosError';\n Object.setPrototypeOf(this, KronosError.prototype);\n }\n}\n\n/**\n * 400 Bad Request - invalid or missing parameters\n */\nexport class KronosBadRequestError extends KronosError {\n constructor(message: string, body?: unknown) {\n super(message, 400, 'bad_request', body);\n this.name = 'KronosBadRequestError';\n Object.setPrototypeOf(this, KronosBadRequestError.prototype);\n }\n}\n\n/**\n * 401 Unauthorized - invalid or missing API key\n */\nexport class KronosUnauthorizedError extends KronosError {\n constructor(message: string, body?: unknown) {\n super(message, 401, 'unauthorized', body);\n this.name = 'KronosUnauthorizedError';\n Object.setPrototypeOf(this, KronosUnauthorizedError.prototype);\n }\n}\n\n/**\n * 403 Forbidden - valid auth but insufficient permissions\n */\nexport class KronosForbiddenError extends KronosError {\n constructor(message: string, body?: unknown) {\n super(message, 403, 'forbidden', body);\n this.name = 'KronosForbiddenError';\n Object.setPrototypeOf(this, KronosForbiddenError.prototype);\n }\n}\n\n/**\n * 404 Not Found - resource does not exist\n */\nexport class KronosNotFoundError extends KronosError {\n constructor(message: string, body?: unknown) {\n super(message, 404, 'not_found', body);\n this.name = 'KronosNotFoundError';\n Object.setPrototypeOf(this, KronosNotFoundError.prototype);\n }\n}\n\n/**\n * 5xx or network/unknown errors\n */\nexport class KronosServerError extends KronosError {\n constructor(message: string, status?: number, body?: unknown) {\n super(message, status, 'server_error', body);\n this.name = 'KronosServerError';\n Object.setPrototypeOf(this, KronosServerError.prototype);\n }\n}\n","/**\n * Generate an idempotency key for ingest requests.\n * Uses crypto.randomUUID() when available; falls back to a timestamp-based value.\n * Callers can pass their own key via the ingest options to achieve true idempotency.\n */\nexport function generateIdempotencyKey(): string {\n if (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function') {\n return crypto.randomUUID();\n }\n return `idem_${Date.now()}_${Math.random().toString(36).slice(2, 11)}`;\n}\n","import type { BillingUsageWebhookEvent } from \"./types\";\n\n/**\n * Webhook verification utilities for Kronos triggers\n * Provides secure constant-time comparison for webhook secrets\n */\n\nexport const KRONOS_WEBHOOK_SIGNATURE_HEADER = \"x-kronos-signature\";\nexport const KRONOS_WEBHOOK_TIMESTAMP_HEADER = \"x-kronos-timestamp\";\nexport const KRONOS_WEBHOOK_EVENT_ID_HEADER = \"x-kronos-event-id\";\nexport const KRONOS_WEBHOOK_EVENT_TYPE_HEADER = \"x-kronos-event-type\";\nexport const BILLING_USAGE_UPDATED_EVENT = \"billing.usage.updated\";\n\nexport class KronosWebhookError extends Error {\n status: number;\n\n constructor(message: string, status = 400) {\n super(message);\n this.name = \"KronosWebhookError\";\n this.status = status;\n }\n}\n\nfunction hexFromBytes(bytes: Uint8Array): string {\n return Array.from(bytes)\n .map((byte) => byte.toString(16).padStart(2, \"0\"))\n .join(\"\");\n}\n\nexport function buildKronosWebhookSignatureInput(\n timestamp: string,\n payload: string,\n): string {\n return `${timestamp}.${payload}`;\n}\n\nexport async function signKronosWebhookPayload(params: {\n payload: string;\n secret: string;\n timestamp: string;\n}): Promise<string> {\n const key = await crypto.subtle.importKey(\n \"raw\",\n new TextEncoder().encode(params.secret),\n { name: \"HMAC\", hash: \"SHA-256\" },\n false,\n [\"sign\"],\n );\n\n const signature = await crypto.subtle.sign(\n \"HMAC\",\n key,\n new TextEncoder().encode(\n buildKronosWebhookSignatureInput(params.timestamp, params.payload),\n ),\n );\n\n return hexFromBytes(new Uint8Array(signature));\n}\n\nexport async function verifyKronosWebhookSignature(params: {\n payload: string;\n secret: string;\n timestamp: string | null | undefined;\n signature: string | null | undefined;\n toleranceSeconds?: number;\n now?: number;\n}): Promise<boolean> {\n if (!params.timestamp || !params.signature || !params.secret) {\n return false;\n }\n\n const toleranceSeconds = params.toleranceSeconds ?? 300;\n const now = params.now ?? Math.floor(Date.now() / 1000);\n const timestampSeconds = Number(params.timestamp);\n\n if (!Number.isFinite(timestampSeconds)) {\n return false;\n }\n\n if (Math.abs(now - timestampSeconds) > toleranceSeconds) {\n return false;\n }\n\n const expected = await signKronosWebhookPayload({\n payload: params.payload,\n secret: params.secret,\n timestamp: params.timestamp,\n });\n\n return verifyWebhookSecret(params.signature, expected);\n}\n\n/**\n * Verify a webhook secret using constant-time comparison to prevent timing attacks.\n * \n * @param receivedSecret - The secret received in the webhook header\n * @param storedSecret - The secret stored in the database for the trigger\n * @returns true if secrets match, false otherwise\n * \n * @example\n * ```typescript\n * import { verifyWebhookSecret } from '@gdrl/kronos-lib/webhook-verification';\n * \n * const isValid = verifyWebhookSecret(\n * request.headers.get('X-Kronos-Webhook-Secret'),\n * trigger.webhook_secret\n * );\n * \n * if (!isValid) {\n * return new Response('Unauthorized', { status: 401 });\n * }\n * ```\n */\nexport function verifyWebhookSecret(\n receivedSecret: string | null | undefined,\n storedSecret: string | null | undefined\n): boolean {\n // If either is missing, they don't match\n if (!receivedSecret || !storedSecret) {\n return false;\n }\n\n // Constant-time comparison to prevent timing attacks\n if (receivedSecret.length !== storedSecret.length) {\n return false;\n }\n\n let result = 0;\n for (let i = 0; i < receivedSecret.length; i++) {\n result |= receivedSecret.charCodeAt(i) ^ storedSecret.charCodeAt(i);\n }\n\n return result === 0;\n}\n\nexport function isBillingUsageWebhookEvent(\n value: unknown,\n): value is BillingUsageWebhookEvent {\n if (!value || typeof value !== \"object\") {\n return false;\n }\n\n const event = value as Partial<BillingUsageWebhookEvent>;\n const data = event.data as BillingUsageWebhookEvent[\"data\"] | undefined;\n\n return (\n event.type === BILLING_USAGE_UPDATED_EVENT &&\n typeof event.id === \"string\" &&\n typeof event.created_at === \"string\" &&\n !!data &&\n typeof data.app_id === \"string\" &&\n typeof data.tenant_user_id === \"string\" &&\n typeof data.total_cost_usd === \"number\" &&\n typeof data.latest_run_cost_usd === \"number\" &&\n typeof data.updated_at === \"string\"\n );\n}\n","import type {\n KronosClientConfig,\n IngestRequest,\n IngestResponse,\n IngestStatusResponse,\n CreateMCPServerRequest,\n CreateMCPServerResponse,\n UpdateMCPServerRequest,\n ListMCPServersResponse,\n GetMCPServerResponse,\n ConnectMCPServerRequest,\n ConnectMCPServerResponse,\n RotateMCPServerTokenResponse,\n MemoryStatsResponse,\n CostSummaryResponse,\n CostBreakdownResponse,\n GetBillingUsageWebhookResponse,\n ConfigureBillingUsageWebhookResponse,\n DeleteBillingUsageWebhookResponse,\n ScratchsheetResponse,\n ListScopesResponse,\n GetScopeResponse,\n CreateScopeRequest,\n CreateScopeResponse,\n UpdateScopeResponse,\n CreateTriggerRequest,\n CreateTriggerResponse,\n CreateFrontendTokenResponse,\n ListTriggersResponse,\n ScopeSpec,\n UpdateTriggerRequest,\n UpdateTriggerResponse,\n DeleteTriggerResponse,\n TriggerRecord,\n SkillManageParams,\n SkillManageResponse,\n ContextGraphSummaryResponse,\n ContextGraphReadResponse,\n ContextGraphProcedureSummary,\n} from './types';\nimport {\n KronosError,\n KronosBadRequestError,\n KronosUnauthorizedError,\n KronosForbiddenError,\n KronosNotFoundError,\n KronosServerError,\n} from './errors';\nimport { generateIdempotencyKey } from './utils';\nimport {\n KronosWebhookError,\n KRONOS_WEBHOOK_EVENT_TYPE_HEADER,\n KRONOS_WEBHOOK_SIGNATURE_HEADER,\n KRONOS_WEBHOOK_TIMESTAMP_HEADER,\n} from './webhook-verification';\n\nconst DEFAULT_WORKER_URL = 'https://api.kronos.ai';\nconst DEFAULT_MASTRA_URL = 'https://mastra.kronos.ai';\nconst INTERNAL_CONTEXT_GRAPH_SKILL_NAME = '__internal_context_graph__';\n\nexport class KronosClient {\n private readonly workerUrl: string;\n private readonly mastraUrl: string;\n private readonly apiKey: string;\n private readonly appId: string;\n\n constructor(config: KronosClientConfig) {\n if (!config.apiKey) {\n throw new Error('KronosClient: apiKey is required in constructor');\n }\n if (!config.appId) {\n throw new Error('KronosClient: appId is required in constructor');\n }\n this.workerUrl = (config.workerUrl ?? process.env.KRONOS_WORKER_URL ?? DEFAULT_WORKER_URL).replace(/\\/$/, '');\n this.mastraUrl = (config.mastraUrl ?? process.env.KRONOS_MASTRA_URL ?? DEFAULT_MASTRA_URL).replace(/\\/$/, '');\n this.apiKey = config.apiKey;\n this.appId = config.appId;\n\n const workerOverride = this.workerUrl !== DEFAULT_WORKER_URL;\n const mastraOverride = this.mastraUrl !== DEFAULT_MASTRA_URL;\n if (workerOverride || mastraOverride) {\n console.log('[KronosClient] URL overrides in use:', {\n workerUrl: this.workerUrl,\n mastraUrl: this.mastraUrl,\n });\n }\n\n console.log('[KronosClient] ✅ KronosClient initialized:', {\n appId: this.appId,\n workerUrl: this.workerUrl,\n mastraUrl: this.mastraUrl,\n hasApiKey: !!this.apiKey,\n });\n \n // Perform async health check (fire and forget)\n this.healthCheck().catch(() => {\n // Health check failed, but don't block initialization\n });\n }\n \n /**\n * Perform a health check to verify the client can connect to the Kronos worker\n * This is called automatically during initialization\n */\n private async healthCheck(): Promise<void> {\n try {\n const response = await fetch(`${this.workerUrl}/health`, {\n method: 'GET',\n headers: {\n 'Content-Type': 'application/json',\n },\n });\n \n if (response.ok) {\n const data = await response.json();\n if (data.status === 'ok') {\n console.log('[KronosClient] ✅ Health check passed - Client is connected and working');\n } else {\n console.warn('[KronosClient] ⚠️ Health check returned unexpected status:', data);\n }\n } else {\n console.warn(`[KronosClient] ⚠️ Health check failed with status ${response.status}. Client may not be working correctly.`);\n }\n } catch (error: any) {\n console.warn('[KronosClient] ⚠️ Health check failed - Unable to connect to Kronos worker:', error.message);\n console.warn('[KronosClient] Please verify that:');\n console.warn('[KronosClient] 1. The worker URL is correct:', this.workerUrl);\n console.warn('[KronosClient] 2. The worker is running and accessible');\n console.warn('[KronosClient] 3. Network connectivity is available');\n }\n }\n\n // ---------------------------------------------------------------------------\n // Worker request helper (uses Bearer auth)\n // ---------------------------------------------------------------------------\n private async workerFetch<T>(\n path: string,\n options: { method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'; json?: object; idempotencyKey?: string } = {}\n ): Promise<T> {\n const { json, idempotencyKey, method } = options;\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n Authorization: `Bearer ${this.apiKey}`,\n };\n if (idempotencyKey) headers['Idempotency-Key'] = idempotencyKey;\n const res = await fetch(`${this.workerUrl}${path}`, {\n method: method ?? (json ? 'POST' : 'GET'),\n headers,\n body: json ? JSON.stringify(json) : undefined,\n });\n return this.handleResponse<T>(res);\n }\n\n // ---------------------------------------------------------------------------\n // Mastra request helper (no Bearer auth per current API)\n // ---------------------------------------------------------------------------\n private async mastraFetch<T>(\n path: string,\n options: { method?: 'GET' | 'POST'; json?: object } = {}\n ): Promise<T> {\n const { json, method } = options;\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n };\n const res = await fetch(`${this.mastraUrl}${path}`, {\n method: method ?? (json ? 'POST' : 'GET'),\n headers,\n body: json ? JSON.stringify(json) : undefined,\n });\n return this.handleResponse<T>(res);\n }\n\n private async handleResponse<T>(res: Response): Promise<T> {\n const text = await res.text();\n let body: unknown = null;\n try {\n body = text ? JSON.parse(text) : null;\n } catch {\n body = text;\n }\n\n if (!res.ok) {\n const errBody = body as { error?: string } | null;\n const message = (errBody && typeof errBody.error === 'string')\n ? errBody.error\n : `Request failed with status ${res.status}`;\n\n switch (res.status) {\n case 400:\n throw new KronosBadRequestError(message, body);\n case 401:\n throw new KronosUnauthorizedError(message, body);\n case 403:\n throw new KronosForbiddenError(message, body);\n case 404:\n throw new KronosNotFoundError(message, body);\n default:\n if (res.status >= 500) {\n throw new KronosServerError(message, res.status, body);\n }\n throw new KronosError(message, res.status, undefined, body);\n }\n }\n\n return (body ?? null) as T;\n }\n\n // ---------------------------------------------------------------------------\n // Ingest API\n // ---------------------------------------------------------------------------\n\n /**\n * Submit a document for ingestion.\n * @param params - source_type, content, optional metadata, addToMemory, and idempotencyKey\n * @returns ingest_id\n */\n async ingest(params: {\n tenant_user_id: string;\n source_type: string;\n priority?: 'low' | 'medium' | 'high';\n addToMemory?: boolean;\n content: { type: 'text'; text: string };\n metadata?: Record<string, unknown>;\n idempotencyKey?: string;\n }): Promise<IngestResponse> {\n const idempotencyKey = params.idempotencyKey ?? generateIdempotencyKey();\n const body: IngestRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n source_type: params.source_type,\n priority: params.priority,\n addToMemory: params.addToMemory,\n content: params.content,\n metadata: params.metadata,\n };\n return this.workerFetch<IngestResponse>('/v1/ingest', {\n method: 'POST',\n json: body,\n idempotencyKey,\n });\n }\n\n /**\n * Get the status of an ingest.\n */\n async getIngestStatus(ingestId: string): Promise<IngestStatusResponse> {\n return this.workerFetch<IngestStatusResponse>(`/v1/ingest/${ingestId}`, {\n method: 'GET',\n });\n }\n\n // ---------------------------------------------------------------------------\n // MCP Server API\n // ---------------------------------------------------------------------------\n\n /**\n * Create an MCP server scoped to the given scopes.\n * Use connectMCPServer() to get a short-lived access token for MCP auth.\n */\n async createMCPServer(params: {\n tenant_user_id: string;\n name: string;\n /** Omit or pass [] for all-memory access. */\n scope_ids?: string[] | null;\n description?: string;\n options?: {\n /** Expose `search_skills` and `read_skill`. Defaults to true. */\n exposeSkillsTool?: boolean;\n /** Expose the read-only `context_graph` tool. Defaults to false. */\n exposeContextGraphTool?: boolean;\n };\n }): Promise<CreateMCPServerResponse> {\n const body: CreateMCPServerRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n scope_ids: params.scope_ids ?? [],\n name: params.name,\n description: params.description,\n options: {\n exposeSkillsTool: params.options?.exposeSkillsTool ?? true,\n exposeContextGraphTool: params.options?.exposeContextGraphTool ?? false,\n },\n };\n const res = await this.workerFetch<{\n mcp_server_id: string;\n url: string;\n status: 'active' | 'disabled';\n name: string;\n description: string | null;\n scope_ids: string[];\n tool_capabilities: { skills: boolean; context_graph: boolean };\n }>('/v1/mcp-servers', { method: 'POST', json: body });\n return {\n mcp_server_id: res.mcp_server_id,\n url: res.url.startsWith('http') ? res.url : `${this.workerUrl}${res.url}`,\n status: res.status,\n name: res.name,\n description: res.description,\n scope_ids: res.scope_ids,\n tool_capabilities: res.tool_capabilities ?? {\n skills: true,\n context_graph: false,\n },\n };\n }\n\n /**\n * List MCP servers for a user. Returns metadata only (no token).\n */\n async listMCPServers(params: {\n tenant_user_id: string;\n }): Promise<ListMCPServersResponse> {\n const path = `/v1/mcp-servers?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<ListMCPServersResponse>(path, { method: 'GET' });\n }\n\n /**\n * Get MCP server details for a user by server ID. Returns metadata only (no token).\n */\n async getMCPServer(params: {\n tenant_user_id: string;\n serverId: string;\n }): Promise<GetMCPServerResponse> {\n const path = `/v1/mcp-servers/${params.serverId}?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<GetMCPServerResponse>(path, { method: 'GET' });\n }\n\n async updateMCPServer(params: {\n tenant_user_id: string;\n serverId: string;\n tool_capabilities: {\n skills: boolean;\n context_graph: boolean;\n };\n }): Promise<GetMCPServerResponse> {\n const body: UpdateMCPServerRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n tool_capabilities: params.tool_capabilities,\n };\n\n return this.workerFetch<GetMCPServerResponse>(`/v1/mcp-servers/${params.serverId}`, {\n method: 'PUT',\n json: body,\n });\n }\n\n /**\n * Connect to an MCP server by ID and receive a short-lived access token.\n * Use the returned access_token as Bearer token when calling the MCP endpoint.\n */\n async connectMCPServer(params: {\n tenant_user_id: string;\n serverId: string;\n }): Promise<ConnectMCPServerResponse> {\n const body: ConnectMCPServerRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n };\n const res = await this.workerFetch<ConnectMCPServerResponse>(\n `/v1/mcp-servers/${params.serverId}/connect`,\n { method: 'POST', json: body }\n );\n return {\n ...res,\n url: res.url.startsWith('http') ? res.url : `${this.workerUrl}${res.url}`,\n };\n }\n\n /**\n * Rotate the token for an MCP server. The new token is returned only on rotate.\n */\n async rotateMCPServerToken(params: {\n tenant_user_id: string;\n serverId: string;\n }): Promise<RotateMCPServerTokenResponse> {\n return this.workerFetch<RotateMCPServerTokenResponse>(\n `/v1/mcp-servers/${params.serverId}/rotate-token`,\n {\n method: 'POST',\n json: { app_id: this.appId, tenant_user_id: params.tenant_user_id },\n }\n );\n }\n\n /**\n * Get memory stats for a user (total claim count across entire memory graph).\n * Worker caches the response for 5 minutes per user.\n */\n async getMemoryStats(params: {\n tenant_user_id: string;\n }): Promise<MemoryStatsResponse> {\n const path = `/v1/memory-stats?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<MemoryStatsResponse>(path, { method: 'GET' });\n }\n\n /**\n * Get aggregated AI stage cost totals for the app, or for a single user if specified.\n */\n async getCostSummary(params: {\n tenant_user_id?: string;\n } = {}): Promise<CostSummaryResponse> {\n const query = new URLSearchParams({\n app_id: this.appId,\n });\n if (params.tenant_user_id) {\n query.set('tenant_user_id', params.tenant_user_id);\n }\n\n return this.workerFetch<CostSummaryResponse>(\n `/v1/costs/summary?${query.toString()}`,\n { method: 'GET' },\n );\n }\n\n /**\n * Get daily AI stage cost totals for the app, or for a single user if specified.\n */\n async getCostBreakdown(params: {\n tenant_user_id?: string;\n days?: number;\n } = {}): Promise<CostBreakdownResponse> {\n const query = new URLSearchParams({\n app_id: this.appId,\n });\n if (params.tenant_user_id) {\n query.set('tenant_user_id', params.tenant_user_id);\n }\n if (typeof params.days === 'number' && Number.isFinite(params.days)) {\n query.set('days', String(Math.trunc(params.days)));\n }\n\n return this.workerFetch<CostBreakdownResponse>(\n `/v1/costs/breakdown?${query.toString()}`,\n { method: 'GET' },\n );\n }\n\n /**\n * Get the app-level billing usage webhook configuration.\n */\n async getBillingUsageWebhook(): Promise<GetBillingUsageWebhookResponse> {\n const query = new URLSearchParams({\n app_id: this.appId,\n });\n\n return this.workerFetch<GetBillingUsageWebhookResponse>(\n `/v1/webhooks/billing-usage?${query.toString()}`,\n { method: 'GET' },\n );\n }\n\n /**\n * Configure the app-level billing usage webhook.\n */\n async configureBillingUsageWebhook(params: {\n webhook_url: string;\n webhook_secret: string;\n event_types?: Array<'billing.usage.updated'>;\n status?: 'active' | 'disabled';\n }): Promise<ConfigureBillingUsageWebhookResponse> {\n return this.workerFetch<ConfigureBillingUsageWebhookResponse>(\n '/v1/webhooks/billing-usage',\n {\n method: 'PUT',\n json: {\n app_id: this.appId,\n webhook_url: params.webhook_url,\n webhook_secret: params.webhook_secret,\n event_types: params.event_types,\n status: params.status,\n },\n },\n );\n }\n\n /**\n * Delete the app-level billing usage webhook configuration.\n */\n async deleteBillingUsageWebhook(): Promise<DeleteBillingUsageWebhookResponse> {\n const query = new URLSearchParams({\n app_id: this.appId,\n });\n\n return this.workerFetch<DeleteBillingUsageWebhookResponse>(\n `/v1/webhooks/billing-usage?${query.toString()}`,\n { method: 'DELETE' },\n );\n }\n\n /**\n * Verify an incoming billing usage webhook against the stored app webhook secret.\n */\n async verifyBillingUsageWebhook(params: {\n payload: string;\n signature: string;\n timestamp: string;\n }): Promise<boolean> {\n const response = await this.workerFetch<{ valid: boolean }>(\n '/v1/webhooks/billing-usage/verify',\n {\n method: 'POST',\n json: {\n app_id: this.appId,\n payload: params.payload,\n received_signature: params.signature,\n received_timestamp: params.timestamp,\n },\n },\n );\n\n return response.valid;\n }\n\n /**\n * Verify an incoming Kronos webhook request and optionally validate its payload shape.\n */\n async verifyWebhook<T = unknown>(\n request: Request,\n options: {\n expectedEventType?: string;\n validate?: (payload: unknown) => payload is T;\n } = {},\n ): Promise<T> {\n const payload = await request.text();\n const signature = request.headers.get(KRONOS_WEBHOOK_SIGNATURE_HEADER);\n const timestamp = request.headers.get(KRONOS_WEBHOOK_TIMESTAMP_HEADER);\n\n if (!signature || !timestamp) {\n throw new KronosWebhookError('Missing webhook signature headers', 401);\n }\n\n const response = await this.workerFetch<{ valid: boolean }>(\n '/v1/webhooks/verify',\n {\n method: 'POST',\n json: {\n app_id: this.appId,\n payload,\n received_signature: signature,\n received_timestamp: timestamp,\n },\n },\n );\n\n if (!response.valid) {\n throw new KronosWebhookError('Invalid webhook signature', 401);\n }\n\n const eventType = request.headers.get(KRONOS_WEBHOOK_EVENT_TYPE_HEADER);\n if (options.expectedEventType && eventType !== options.expectedEventType) {\n throw new KronosWebhookError(\n `Unsupported webhook event type: ${eventType ?? 'missing'}`,\n 400,\n );\n }\n\n let parsedPayload: unknown;\n try {\n parsedPayload = JSON.parse(payload);\n } catch {\n throw new KronosWebhookError('Invalid webhook payload', 400);\n }\n\n if (options.validate && !options.validate(parsedPayload)) {\n throw new KronosWebhookError('Invalid webhook payload', 400);\n }\n\n return parsedPayload as T;\n }\n\n /**\n * Read the current scratchsheet document for a user.\n */\n async getScratchsheet(params: {\n tenant_user_id: string;\n }): Promise<ScratchsheetResponse> {\n const path = `/v1/scratchsheet?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<ScratchsheetResponse>(path, { method: 'GET' });\n }\n\n /**\n * List scopes for a user. Returns full scope details. Cached 5 min per user.\n */\n async listScopes(params: {\n tenant_user_id: string;\n }): Promise<ListScopesResponse> {\n const path = `/v1/scopes?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<ListScopesResponse>(path, { method: 'GET' });\n }\n\n /**\n * Get a single scope by ID. Returns full scope details.\n */\n async getScope(params: {\n tenant_user_id: string;\n scope_id: string;\n }): Promise<GetScopeResponse> {\n const path = `/v1/scopes/${encodeURIComponent(params.scope_id)}?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<GetScopeResponse>(path, { method: 'GET' });\n }\n\n // ---------------------------------------------------------------------------\n // Scope API (Mastra)\n // ---------------------------------------------------------------------------\n\n /**\n * Create a scope. A backfill job runs asynchronously to populate it.\n * If spec.allowed_source_types is omitted, it defaults to ['all'].\n * Uses the Worker so the scopes list cache is invalidated after create.\n */\n async createScope(params: {\n tenant_user_id: string;\n spec: ScopeSpec;\n created_by: string;\n description?: string;\n }): Promise<CreateScopeResponse> {\n const spec = {\n ...params.spec,\n allowed_source_types: params.spec.allowed_source_types ?? ['all'],\n };\n const body: CreateScopeRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n spec,\n created_by: params.created_by,\n description: params.description,\n };\n return this.workerFetch<CreateScopeResponse>('/v1/scopes', {\n method: 'POST',\n json: body,\n });\n }\n\n /**\n * Update a scope. Only provided fields are updated.\n * If include_query, exclude_query, match_mode, time_range, or allowed_source_types change,\n * a backfill job runs to recompute membership (response includes backfill_job_id).\n * Otherwise only DB and Neo4j metadata are updated.\n */\n async updateScope(params: {\n tenant_user_id: string;\n scope_id: string;\n name?: string;\n description?: string | null;\n include_query?: string;\n exclude_query?: string | null;\n match_mode?: 'strict' | 'broad';\n time_range?: { start?: string; end?: string };\n allowed_source_types?: string[] | 'all';\n }): Promise<UpdateScopeResponse> {\n const { scope_id, tenant_user_id, ...patch } = params;\n const body: Record<string, unknown> = {};\n if (patch.name !== undefined) body.name = patch.name;\n if (patch.description !== undefined) body.description = patch.description;\n if (patch.include_query !== undefined) body.include_query = patch.include_query;\n if (patch.exclude_query !== undefined) body.exclude_query = patch.exclude_query;\n if (patch.match_mode !== undefined) body.match_mode = patch.match_mode;\n if (patch.time_range !== undefined) body.time_range = patch.time_range;\n if (patch.allowed_source_types !== undefined) body.allowed_source_types = patch.allowed_source_types;\n\n const path = `/v1/scopes/${encodeURIComponent(scope_id)}?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id,\n }).toString()}`;\n return this.workerFetch<UpdateScopeResponse>(path, {\n method: 'PATCH',\n json: body,\n });\n }\n\n /**\n * Soft-delete a scope. Invalidates the scopes list cache for that user.\n */\n async deleteScope(params: {\n tenant_user_id: string;\n scope_id: string;\n }): Promise<{ deleted: boolean }> {\n const path = `/v1/scopes/${encodeURIComponent(params.scope_id)}?${new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n }).toString()}`;\n return this.workerFetch<{ deleted: boolean }>(path, { method: 'DELETE' });\n }\n\n // ---------------------------------------------------------------------------\n // Webhook Verification API (Worker)\n // ---------------------------------------------------------------------------\n\n /**\n * Verify a webhook secret for a trigger.\n * This method calls the Kronos worker API to verify the webhook secret.\n * \n * @param params - app_id, tenant_user_id, trigger_id and received_secret to verify\n * @returns true if secret is valid, false otherwise\n */\n async verifyWebhookSecret(params: {\n tenant_user_id: string;\n trigger_id: string;\n received_secret: string;\n }): Promise<boolean> {\n const body = {\n trigger_id: params.trigger_id,\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n received_secret: params.received_secret,\n };\n \n try {\n const response = await this.workerFetch<{ valid: boolean }>('/v1/triggers/verify-webhook', {\n method: 'POST',\n json: body,\n });\n \n return response.valid;\n } catch (error: any) {\n // If verification fails (e.g., trigger not found), return false\n console.error('[KronosClient] Webhook verification error:', error);\n return false;\n }\n }\n\n // ---------------------------------------------------------------------------\n // Trigger Management API (Worker)\n // ---------------------------------------------------------------------------\n\n /**\n * List triggers for a tenant user.\n */\n async listTriggers(params: {\n tenant_user_id: string;\n }): Promise<ListTriggersResponse> {\n const query = new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n });\n \n return this.workerFetch<ListTriggersResponse>(`/v1/triggers?${query.toString()}`, {\n method: 'GET',\n });\n }\n\n /**\n * Create a trigger.\n * Supports NL creation (trigger_description) or manual creation (trigger_type/trigger_spec).\n *\n * @returns CreateTriggerResponse (accepted for NL, trigger_id for manual)\n */\n async createTrigger(params: {\n tenant_user_id: string;\n webhook_url: string;\n webhook_secret: string;\n title?: string | null;\n action_description?: string;\n skill_id?: string;\n skill_version_id?: string;\n trigger_description?: string;\n trigger_type?: CreateTriggerRequest['trigger_type'];\n trigger_spec?: CreateTriggerRequest['trigger_spec'];\n next_run_at?: string;\n on_triggered?: CreateTriggerRequest['on_triggered'];\n metadata?: Record<string, unknown>;\n idempotencyKey?: string;\n }): Promise<CreateTriggerResponse> {\n const body: CreateTriggerRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n webhook_url: params.webhook_url,\n webhook_secret: params.webhook_secret,\n title: params.title,\n action_description: params.action_description,\n skill_id: params.skill_id,\n skill_version_id: params.skill_version_id,\n trigger_description: params.trigger_description,\n trigger_type: params.trigger_type,\n trigger_spec: params.trigger_spec,\n next_run_at: params.next_run_at,\n on_triggered: params.on_triggered,\n metadata: params.metadata,\n };\n\n return this.workerFetch<CreateTriggerResponse>('/v1/triggers', {\n method: 'POST',\n json: body,\n idempotencyKey: params.idempotencyKey,\n });\n }\n\n /**\n * Get details for a specific trigger.\n * Uses listTriggers and filters by trigger_id.\n */\n async getTriggerDetails(params: {\n tenant_user_id: string;\n trigger_id: string;\n }): Promise<TriggerRecord> {\n const response = await this.listTriggers({ tenant_user_id: params.tenant_user_id });\n const trigger = response.triggers.find((t) => t.trigger_id === params.trigger_id);\n\n if (!trigger) {\n throw new KronosNotFoundError(`Trigger not found: ${params.trigger_id}`);\n }\n\n return trigger;\n }\n\n /**\n * Update a trigger.\n * Updates the webhook_url, action_description, status, or metadata of an existing trigger.\n * \n * @param params - app_id, tenant_user_id, trigger_id and fields to update\n * @returns UpdateTriggerResponse with success status\n */\n async updateTrigger(params: {\n tenant_user_id: string;\n trigger_id: string;\n webhook_url?: string;\n title?: string | null;\n trigger_type?: UpdateTriggerRequest['trigger_type'];\n trigger_spec?: UpdateTriggerRequest['trigger_spec'];\n next_run_at?: UpdateTriggerRequest['next_run_at'];\n action_description?: string;\n skill_id?: string | null;\n skill_version_id?: string | null;\n on_triggered?: UpdateTriggerRequest['on_triggered'];\n status?: string;\n metadata?: Record<string, unknown>;\n }): Promise<UpdateTriggerResponse> {\n const body: UpdateTriggerRequest = {\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n webhook_url: params.webhook_url,\n title: params.title,\n trigger_type: params.trigger_type,\n trigger_spec: params.trigger_spec,\n next_run_at: params.next_run_at,\n action_description: params.action_description,\n skill_id: params.skill_id,\n skill_version_id: params.skill_version_id,\n on_triggered: params.on_triggered,\n status: params.status,\n metadata: params.metadata,\n };\n \n return this.workerFetch<UpdateTriggerResponse>(`/v1/triggers/${params.trigger_id}`, {\n method: 'PUT',\n json: body,\n });\n }\n\n /**\n * Delete a trigger.\n */\n async deleteTrigger(params: {\n tenant_user_id: string;\n trigger_id: string;\n }): Promise<DeleteTriggerResponse> {\n const query = new URLSearchParams({\n app_id: this.appId,\n tenant_user_id: params.tenant_user_id,\n });\n\n return this.workerFetch<DeleteTriggerResponse>(\n `/v1/triggers/${encodeURIComponent(params.trigger_id)}?${query.toString()}`,\n { method: 'DELETE' }\n );\n }\n\n // ---------------------------------------------------------------------------\n // Frontend Tokens (Server-side only)\n // ---------------------------------------------------------------------------\n\n /**\n * Issue a short-lived, user-scoped frontend token.\n * The browser can use this token directly against the Kronos worker for\n * allowed operations (e.g. trigger CRUD) without needing the app API key.\n *\n * This method must be called from a trusted server environment.\n */\n async createFrontendToken(params: {\n tenantUserId: string;\n ttlSeconds?: number;\n ops?: string[];\n }): Promise<CreateFrontendTokenResponse> {\n const res = await this.workerFetch<{ token: string; expires_at: string }>(\n '/v1/frontend-tokens',\n {\n method: 'POST',\n json: {\n app_id: this.appId,\n tenant_user_id: params.tenantUserId,\n ttl_seconds: params.ttlSeconds,\n ops: params.ops,\n },\n },\n );\n return { token: res.token, expiresAt: res.expires_at };\n }\n\n // ---------------------------------------------------------------------------\n // Skills API (Worker)\n // ---------------------------------------------------------------------------\n\n /**\n * Canonical skills API with operation-based contract.\n */\n async manageSkill(params: SkillManageParams): Promise<SkillManageResponse> {\n const idempotencyKey =\n params.operation === 'create' || params.operation === 'update'\n ? params.idempotencyKey\n : undefined;\n\n return this.workerFetch<SkillManageResponse>('/v1/skills/manage', {\n method: 'POST',\n json: {\n ...params,\n app_id: this.appId,\n },\n idempotencyKey,\n });\n }\n\n private async resolveContextGraphSkillId(\n tenantUserId: string\n ): Promise<string | null> {\n const listed = await this.manageSkill({\n operation: 'list',\n tenant_user_id: tenantUserId,\n include_internal: true,\n });\n\n const match = (listed.skills ?? []).find(\n (skill) => skill.name === INTERNAL_CONTEXT_GRAPH_SKILL_NAME\n );\n\n return match?.skill_id ?? null;\n }\n\n private parseContextGraphProcedures(\n files: Array<{ path: string; content?: string }>\n ): ContextGraphProcedureSummary[] {\n return files\n .filter((file) => file.path.startsWith('procedures/') && file.path.endsWith('.md'))\n .map((file) => {\n const content = file.content ?? '';\n const normalized = content.replace(/\\r\\n/g, '\\n');\n\n if (normalized.startsWith('---\\n')) {\n const endIndex = normalized.indexOf('\\n---\\n', 4);\n if (endIndex !== -1) {\n const frontmatter = normalized.slice(4, endIndex);\n const metadata: Record<string, string> = {};\n for (const line of frontmatter.split('\\n')) {\n const separatorIndex = line.indexOf(':');\n if (separatorIndex === -1) continue;\n const key = line.slice(0, separatorIndex).trim();\n const value = line.slice(separatorIndex + 1).trim();\n if (key && value) {\n metadata[key] = value;\n }\n }\n\n return {\n title: metadata.title || (file.path.split('/').pop() ?? file.path),\n description: metadata.description || '',\n path: file.path,\n };\n }\n }\n\n const lines = content.split(/\\r?\\n/);\n const titleLine = lines.find((line) => line.startsWith('# '));\n const title = titleLine ? titleLine.replace(/^#\\s+/, '').trim() : file.path.split('/').pop() ?? file.path;\n const description =\n lines\n .slice(1)\n .map((line) => line.trim())\n .find((line) => line.length > 0 && !line.startsWith('#')) ?? '';\n\n return {\n title,\n description,\n path: file.path,\n };\n })\n .sort((a, b) => a.path.localeCompare(b.path));\n }\n\n async getContextGraph(params: {\n tenant_user_id: string;\n }): Promise<ContextGraphSummaryResponse> {\n const skillId = await this.resolveContextGraphSkillId(params.tenant_user_id);\n if (!skillId) {\n return {\n skill_id: null,\n procedures: [],\n };\n }\n\n const treeResult = await this.manageSkill({\n operation: 'read',\n tenant_user_id: params.tenant_user_id,\n skill_id: skillId,\n mode: 'tree',\n });\n\n const procedurePaths = (treeResult.tree ?? [])\n .filter((node) => node.kind === 'file' && node.path.startsWith('procedures/') && node.path.endsWith('.md'))\n .map((node) => node.path);\n\n if (procedurePaths.length === 0) {\n return {\n skill_id: skillId,\n procedures: [],\n };\n }\n\n const filesResult = await this.manageSkill({\n operation: 'read',\n tenant_user_id: params.tenant_user_id,\n skill_id: skillId,\n mode: 'files',\n files: procedurePaths,\n fileContent: 'full',\n });\n\n return {\n skill_id: skillId,\n procedures: this.parseContextGraphProcedures(filesResult.files ?? []),\n };\n }\n\n async readContextGraph(params: {\n tenant_user_id: string;\n path?: string;\n }): Promise<ContextGraphReadResponse> {\n const skillId = await this.resolveContextGraphSkillId(params.tenant_user_id);\n const requestedPath = params.path?.trim() || 'SKILL.md';\n\n if (!skillId) {\n return {\n skill_id: null,\n path: requestedPath,\n content: null,\n };\n }\n\n if (requestedPath === 'SKILL.md') {\n const result = await this.manageSkill({\n operation: 'read',\n tenant_user_id: params.tenant_user_id,\n skill_id: skillId,\n mode: 'instructions',\n });\n\n return {\n skill_id: skillId,\n path: 'SKILL.md',\n content: result.instructions ?? null,\n };\n }\n\n const result = await this.manageSkill({\n operation: 'read',\n tenant_user_id: params.tenant_user_id,\n skill_id: skillId,\n mode: 'files',\n files: [requestedPath],\n fileContent: 'full',\n });\n\n const file = (result.files ?? []).find((entry) => entry.path === requestedPath);\n\n return {\n skill_id: skillId,\n path: requestedPath,\n content: file?.content ?? null,\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACGO,IAAM,cAAN,MAAM,qBAAoB,MAAM;AAAA,EACrC,YACE,SACgB,QACA,MACA,MAChB;AACA,UAAM,OAAO;AAJG;AACA;AACA;AAGhB,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,aAAY,SAAS;AAAA,EACnD;AACF;AAKO,IAAM,wBAAN,MAAM,+BAA8B,YAAY;AAAA,EACrD,YAAY,SAAiB,MAAgB;AAC3C,UAAM,SAAS,KAAK,eAAe,IAAI;AACvC,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,uBAAsB,SAAS;AAAA,EAC7D;AACF;AAKO,IAAM,0BAAN,MAAM,iCAAgC,YAAY;AAAA,EACvD,YAAY,SAAiB,MAAgB;AAC3C,UAAM,SAAS,KAAK,gBAAgB,IAAI;AACxC,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,yBAAwB,SAAS;AAAA,EAC/D;AACF;AAKO,IAAM,uBAAN,MAAM,8BAA6B,YAAY;AAAA,EACpD,YAAY,SAAiB,MAAgB;AAC3C,UAAM,SAAS,KAAK,aAAa,IAAI;AACrC,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,sBAAqB,SAAS;AAAA,EAC5D;AACF;AAKO,IAAM,sBAAN,MAAM,6BAA4B,YAAY;AAAA,EACnD,YAAY,SAAiB,MAAgB;AAC3C,UAAM,SAAS,KAAK,aAAa,IAAI;AACrC,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,qBAAoB,SAAS;AAAA,EAC3D;AACF;AAKO,IAAM,oBAAN,MAAM,2BAA0B,YAAY;AAAA,EACjD,YAAY,SAAiB,QAAiB,MAAgB;AAC5D,UAAM,SAAS,QAAQ,gBAAgB,IAAI;AAC3C,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,mBAAkB,SAAS;AAAA,EACzD;AACF;;;AChEO,SAAS,yBAAiC;AAC/C,MAAI,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,YAAY;AAC5E,WAAO,OAAO,WAAW;AAAA,EAC3B;AACA,SAAO,QAAQ,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,EAAE,CAAC;AACtE;;;ACHO,IAAM,kCAAkC;AACxC,IAAM,kCAAkC;AACxC,IAAM,iCAAiC;AACvC,IAAM,mCAAmC;AACzC,IAAM,8BAA8B;AAEpC,IAAM,qBAAN,cAAiC,MAAM;AAAA,EAG5C,YAAY,SAAiB,SAAS,KAAK;AACzC,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AAAA,EAChB;AACF;AAEA,SAAS,aAAa,OAA2B;AAC/C,SAAO,MAAM,KAAK,KAAK,EACpB,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAChD,KAAK,EAAE;AACZ;AAEO,SAAS,iCACd,WACA,SACQ;AACR,SAAO,GAAG,SAAS,IAAI,OAAO;AAChC;AAEA,eAAsB,yBAAyB,QAI3B;AAClB,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC9B;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,OAAO,MAAM;AAAA,IACtC,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC;AAAA,IACA,CAAC,MAAM;AAAA,EACT;AAEA,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACpC;AAAA,IACA;AAAA,IACA,IAAI,YAAY,EAAE;AAAA,MAChB,iCAAiC,OAAO,WAAW,OAAO,OAAO;AAAA,IACnE;AAAA,EACF;AAEA,SAAO,aAAa,IAAI,WAAW,SAAS,CAAC;AAC/C;AAEA,eAAsB,6BAA6B,QAO9B;AACnB,MAAI,CAAC,OAAO,aAAa,CAAC,OAAO,aAAa,CAAC,OAAO,QAAQ;AAC5D,WAAO;AAAA,EACT;AAEA,QAAM,mBAAmB,OAAO,oBAAoB;AACpD,QAAM,MAAM,OAAO,OAAO,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACtD,QAAM,mBAAmB,OAAO,OAAO,SAAS;AAEhD,MAAI,CAAC,OAAO,SAAS,gBAAgB,GAAG;AACtC,WAAO;AAAA,EACT;AAEA,MAAI,KAAK,IAAI,MAAM,gBAAgB,IAAI,kBAAkB;AACvD,WAAO;AAAA,EACT;AAEA,QAAM,WAAW,MAAM,yBAAyB;AAAA,IAC9C,SAAS,OAAO;AAAA,IAChB,QAAQ,OAAO;AAAA,IACf,WAAW,OAAO;AAAA,EACpB,CAAC;AAED,SAAO,oBAAoB,OAAO,WAAW,QAAQ;AACvD;AAuBO,SAAS,oBACd,gBACA,cACS;AAET,MAAI,CAAC,kBAAkB,CAAC,cAAc;AACpC,WAAO;AAAA,EACT;AAGA,MAAI,eAAe,WAAW,aAAa,QAAQ;AACjD,WAAO;AAAA,EACT;AAEA,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,eAAe,QAAQ,KAAK;AAC9C,cAAU,eAAe,WAAW,CAAC,IAAI,aAAa,WAAW,CAAC;AAAA,EACpE;AAEA,SAAO,WAAW;AACpB;AAEO,SAAS,2BACd,OACmC;AACnC,MAAI,CAAC,SAAS,OAAO,UAAU,UAAU;AACvC,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ;AACd,QAAM,OAAO,MAAM;AAEnB,SACE,MAAM,SAAS,+BACf,OAAO,MAAM,OAAO,YACpB,OAAO,MAAM,eAAe,YAC5B,CAAC,CAAC,QACF,OAAO,KAAK,WAAW,YACvB,OAAO,KAAK,mBAAmB,YAC/B,OAAO,KAAK,mBAAmB,YAC/B,OAAO,KAAK,wBAAwB,YACpC,OAAO,KAAK,eAAe;AAE/B;;;ACrGA,IAAM,qBAAqB;AAC3B,IAAM,qBAAqB;AAC3B,IAAM,oCAAoC;AAEnC,IAAM,eAAN,MAAmB;AAAA,EAMxB,YAAY,QAA4B;AACtC,QAAI,CAAC,OAAO,QAAQ;AAClB,YAAM,IAAI,MAAM,iDAAiD;AAAA,IACnE;AACA,QAAI,CAAC,OAAO,OAAO;AACjB,YAAM,IAAI,MAAM,gDAAgD;AAAA,IAClE;AACA,SAAK,aAAa,OAAO,aAAa,QAAQ,IAAI,qBAAqB,oBAAoB,QAAQ,OAAO,EAAE;AAC5G,SAAK,aAAa,OAAO,aAAa,QAAQ,IAAI,qBAAqB,oBAAoB,QAAQ,OAAO,EAAE;AAC5G,SAAK,SAAS,OAAO;AACrB,SAAK,QAAQ,OAAO;AAEpB,UAAM,iBAAiB,KAAK,cAAc;AAC1C,UAAM,iBAAiB,KAAK,cAAc;AAC1C,QAAI,kBAAkB,gBAAgB;AACpC,cAAQ,IAAI,wCAAwC;AAAA,QAClD,WAAW,KAAK;AAAA,QAChB,WAAW,KAAK;AAAA,MAClB,CAAC;AAAA,IACH;AAEA,YAAQ,IAAI,mDAA8C;AAAA,MACxD,OAAO,KAAK;AAAA,MACZ,WAAW,KAAK;AAAA,MAChB,WAAW,KAAK;AAAA,MAChB,WAAW,CAAC,CAAC,KAAK;AAAA,IACpB,CAAC;AAGD,SAAK,YAAY,EAAE,MAAM,MAAM;AAAA,IAE/B,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,cAA6B;AACzC,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,SAAS,WAAW;AAAA,QACvD,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,MACF,CAAC;AAED,UAAI,SAAS,IAAI;AACf,cAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAI,KAAK,WAAW,MAAM;AACxB,kBAAQ,IAAI,6EAAwE;AAAA,QACtF,OAAO;AACL,kBAAQ,KAAK,yEAA+D,IAAI;AAAA,QAClF;AAAA,MACF,OAAO;AACL,gBAAQ,KAAK,gEAAsD,SAAS,MAAM,wCAAwC;AAAA,MAC5H;AAAA,IACF,SAAS,OAAY;AACnB,cAAQ,KAAK,0FAAgF,MAAM,OAAO;AAC1G,cAAQ,KAAK,oCAAoC;AACjD,cAAQ,KAAK,kDAAkD,KAAK,SAAS;AAC7E,cAAQ,KAAK,0DAA0D;AACvE,cAAQ,KAAK,uDAAuD;AAAA,IACtE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,YACZ,MACA,UAA4G,CAAC,GACjG;AACZ,UAAM,EAAE,MAAM,gBAAgB,OAAO,IAAI;AACzC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,MAChB,eAAe,UAAU,KAAK,MAAM;AAAA,IACtC;AACA,QAAI,eAAgB,SAAQ,iBAAiB,IAAI;AACjD,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,SAAS,GAAG,IAAI,IAAI;AAAA,MAClD,QAAQ,WAAW,OAAO,SAAS;AAAA,MACnC;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AACD,WAAO,KAAK,eAAkB,GAAG;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,YACZ,MACA,UAAsD,CAAC,GAC3C;AACZ,UAAM,EAAE,MAAM,OAAO,IAAI;AACzB,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,IAClB;AACA,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,SAAS,GAAG,IAAI,IAAI;AAAA,MAClD,QAAQ,WAAW,OAAO,SAAS;AAAA,MACnC;AAAA,MACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,IACtC,CAAC;AACD,WAAO,KAAK,eAAkB,GAAG;AAAA,EACnC;AAAA,EAEA,MAAc,eAAkB,KAA2B;AACzD,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI,OAAgB;AACpB,QAAI;AACF,aAAO,OAAO,KAAK,MAAM,IAAI,IAAI;AAAA,IACnC,QAAQ;AACN,aAAO;AAAA,IACT;AAEA,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,UAAU;AAChB,YAAM,UAAW,WAAW,OAAO,QAAQ,UAAU,WACjD,QAAQ,QACR,8BAA8B,IAAI,MAAM;AAE5C,cAAQ,IAAI,QAAQ;AAAA,QAClB,KAAK;AACH,gBAAM,IAAI,sBAAsB,SAAS,IAAI;AAAA,QAC/C,KAAK;AACH,gBAAM,IAAI,wBAAwB,SAAS,IAAI;AAAA,QACjD,KAAK;AACH,gBAAM,IAAI,qBAAqB,SAAS,IAAI;AAAA,QAC9C,KAAK;AACH,gBAAM,IAAI,oBAAoB,SAAS,IAAI;AAAA,QAC7C;AACE,cAAI,IAAI,UAAU,KAAK;AACrB,kBAAM,IAAI,kBAAkB,SAAS,IAAI,QAAQ,IAAI;AAAA,UACvD;AACA,gBAAM,IAAI,YAAY,SAAS,IAAI,QAAQ,QAAW,IAAI;AAAA,MAC9D;AAAA,IACF;AAEA,WAAQ,QAAQ;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,OAAO,QAQe;AAC1B,UAAM,iBAAiB,OAAO,kBAAkB,uBAAuB;AACvE,UAAM,OAAsB;AAAA,MAC1B,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,aAAa,OAAO;AAAA,MACpB,UAAU,OAAO;AAAA,MACjB,aAAa,OAAO;AAAA,MACpB,SAAS,OAAO;AAAA,MAChB,UAAU,OAAO;AAAA,IACnB;AACA,WAAO,KAAK,YAA4B,cAAc;AAAA,MACpD,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,UAAiD;AACrE,WAAO,KAAK,YAAkC,cAAc,QAAQ,IAAI;AAAA,MACtE,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,gBAAgB,QAYe;AACnC,UAAM,OAA+B;AAAA,MACnC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,WAAW,OAAO,aAAa,CAAC;AAAA,MAChC,MAAM,OAAO;AAAA,MACb,aAAa,OAAO;AAAA,MACpB,SAAS;AAAA,QACP,kBAAkB,OAAO,SAAS,oBAAoB;AAAA,QACtD,wBAAwB,OAAO,SAAS,0BAA0B;AAAA,MACpE;AAAA,IACF;AACA,UAAM,MAAM,MAAM,KAAK,YAQpB,mBAAmB,EAAE,QAAQ,QAAQ,MAAM,KAAK,CAAC;AACpD,WAAO;AAAA,MACL,eAAe,IAAI;AAAA,MACnB,KAAK,IAAI,IAAI,WAAW,MAAM,IAAI,IAAI,MAAM,GAAG,KAAK,SAAS,GAAG,IAAI,GAAG;AAAA,MACvE,QAAQ,IAAI;AAAA,MACZ,MAAM,IAAI;AAAA,MACV,aAAa,IAAI;AAAA,MACjB,WAAW,IAAI;AAAA,MACf,mBAAmB,IAAI,qBAAqB;AAAA,QAC1C,QAAQ;AAAA,QACR,eAAe;AAAA,MACjB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,QAEe;AAClC,UAAM,OAAO,mBAAmB,IAAI,gBAAgB;AAAA,MAClD,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAoC,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACzE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,QAGe;AAChC,UAAM,OAAO,mBAAmB,OAAO,QAAQ,IAAI,IAAI,gBAAgB;AAAA,MACrE,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAkC,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,gBAAgB,QAOY;AAChC,UAAM,OAA+B;AAAA,MACnC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,mBAAmB,OAAO;AAAA,IAC5B;AAEA,WAAO,KAAK,YAAkC,mBAAmB,OAAO,QAAQ,IAAI;AAAA,MAClF,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,iBAAiB,QAGe;AACpC,UAAM,OAAgC;AAAA,MACpC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB;AACA,UAAM,MAAM,MAAM,KAAK;AAAA,MACrB,mBAAmB,OAAO,QAAQ;AAAA,MAClC,EAAE,QAAQ,QAAQ,MAAM,KAAK;AAAA,IAC/B;AACA,WAAO;AAAA,MACL,GAAG;AAAA,MACH,KAAK,IAAI,IAAI,WAAW,MAAM,IAAI,IAAI,MAAM,GAAG,KAAK,SAAS,GAAG,IAAI,GAAG;AAAA,IACzE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,qBAAqB,QAGe;AACxC,WAAO,KAAK;AAAA,MACV,mBAAmB,OAAO,QAAQ;AAAA,MAClC;AAAA,QACE,QAAQ;AAAA,QACR,MAAM,EAAE,QAAQ,KAAK,OAAO,gBAAgB,OAAO,eAAe;AAAA,MACpE;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAe,QAEY;AAC/B,UAAM,OAAO,oBAAoB,IAAI,gBAAgB;AAAA,MACnD,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAiC,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,SAEjB,CAAC,GAAiC;AACpC,UAAM,QAAQ,IAAI,gBAAgB;AAAA,MAChC,QAAQ,KAAK;AAAA,IACf,CAAC;AACD,QAAI,OAAO,gBAAgB;AACzB,YAAM,IAAI,kBAAkB,OAAO,cAAc;AAAA,IACnD;AAEA,WAAO,KAAK;AAAA,MACV,qBAAqB,MAAM,SAAS,CAAC;AAAA,MACrC,EAAE,QAAQ,MAAM;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,SAGnB,CAAC,GAAmC;AACtC,UAAM,QAAQ,IAAI,gBAAgB;AAAA,MAChC,QAAQ,KAAK;AAAA,IACf,CAAC;AACD,QAAI,OAAO,gBAAgB;AACzB,YAAM,IAAI,kBAAkB,OAAO,cAAc;AAAA,IACnD;AACA,QAAI,OAAO,OAAO,SAAS,YAAY,OAAO,SAAS,OAAO,IAAI,GAAG;AACnE,YAAM,IAAI,QAAQ,OAAO,KAAK,MAAM,OAAO,IAAI,CAAC,CAAC;AAAA,IACnD;AAEA,WAAO,KAAK;AAAA,MACV,uBAAuB,MAAM,SAAS,CAAC;AAAA,MACvC,EAAE,QAAQ,MAAM;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,yBAAkE;AACtE,UAAM,QAAQ,IAAI,gBAAgB;AAAA,MAChC,QAAQ,KAAK;AAAA,IACf,CAAC;AAED,WAAO,KAAK;AAAA,MACV,8BAA8B,MAAM,SAAS,CAAC;AAAA,MAC9C,EAAE,QAAQ,MAAM;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,6BAA6B,QAKe;AAChD,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,QAAQ,KAAK;AAAA,UACb,aAAa,OAAO;AAAA,UACpB,gBAAgB,OAAO;AAAA,UACvB,aAAa,OAAO;AAAA,UACpB,QAAQ,OAAO;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,4BAAwE;AAC5E,UAAM,QAAQ,IAAI,gBAAgB;AAAA,MAChC,QAAQ,KAAK;AAAA,IACf,CAAC;AAED,WAAO,KAAK;AAAA,MACV,8BAA8B,MAAM,SAAS,CAAC;AAAA,MAC9C,EAAE,QAAQ,SAAS;AAAA,IACrB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,0BAA0B,QAIX;AACnB,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MACA;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,QAAQ,KAAK;AAAA,UACb,SAAS,OAAO;AAAA,UAChB,oBAAoB,OAAO;AAAA,UAC3B,oBAAoB,OAAO;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAEA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cACJ,SACA,UAGI,CAAC,GACO;AACZ,UAAM,UAAU,MAAM,QAAQ,KAAK;AACnC,UAAM,YAAY,QAAQ,QAAQ,IAAI,+BAA+B;AACrE,UAAM,YAAY,QAAQ,QAAQ,IAAI,+BAA+B;AAErE,QAAI,CAAC,aAAa,CAAC,WAAW;AAC5B,YAAM,IAAI,mBAAmB,qCAAqC,GAAG;AAAA,IACvE;AAEA,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MACA;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,QAAQ,KAAK;AAAA,UACb;AAAA,UACA,oBAAoB;AAAA,UACpB,oBAAoB;AAAA,QACtB;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,SAAS,OAAO;AACnB,YAAM,IAAI,mBAAmB,6BAA6B,GAAG;AAAA,IAC/D;AAEA,UAAM,YAAY,QAAQ,QAAQ,IAAI,gCAAgC;AACtE,QAAI,QAAQ,qBAAqB,cAAc,QAAQ,mBAAmB;AACxE,YAAM,IAAI;AAAA,QACR,mCAAmC,aAAa,SAAS;AAAA,QACzD;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACJ,QAAI;AACF,sBAAgB,KAAK,MAAM,OAAO;AAAA,IACpC,QAAQ;AACN,YAAM,IAAI,mBAAmB,2BAA2B,GAAG;AAAA,IAC7D;AAEA,QAAI,QAAQ,YAAY,CAAC,QAAQ,SAAS,aAAa,GAAG;AACxD,YAAM,IAAI,mBAAmB,2BAA2B,GAAG;AAAA,IAC7D;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,QAEY;AAChC,UAAM,OAAO,oBAAoB,IAAI,gBAAgB;AAAA,MACnD,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAkC,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,QAEe;AAC9B,UAAM,OAAO,cAAc,IAAI,gBAAgB;AAAA,MAC7C,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAgC,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAS,QAGe;AAC5B,UAAM,OAAO,cAAc,mBAAmB,OAAO,QAAQ,CAAC,IAAI,IAAI,gBAAgB;AAAA,MACpF,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAA8B,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,YAAY,QAKe;AAC/B,UAAM,OAAO;AAAA,MACX,GAAG,OAAO;AAAA,MACV,sBAAsB,OAAO,KAAK,wBAAwB,CAAC,KAAK;AAAA,IAClE;AACA,UAAM,OAA2B;AAAA,MAC/B,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB;AAAA,MACA,YAAY,OAAO;AAAA,MACnB,aAAa,OAAO;AAAA,IACtB;AACA,WAAO,KAAK,YAAiC,cAAc;AAAA,MACzD,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,YAAY,QAUe;AAC/B,UAAM,EAAE,UAAU,gBAAgB,GAAG,MAAM,IAAI;AAC/C,UAAM,OAAgC,CAAC;AACvC,QAAI,MAAM,SAAS,OAAW,MAAK,OAAO,MAAM;AAChD,QAAI,MAAM,gBAAgB,OAAW,MAAK,cAAc,MAAM;AAC9D,QAAI,MAAM,kBAAkB,OAAW,MAAK,gBAAgB,MAAM;AAClE,QAAI,MAAM,kBAAkB,OAAW,MAAK,gBAAgB,MAAM;AAClE,QAAI,MAAM,eAAe,OAAW,MAAK,aAAa,MAAM;AAC5D,QAAI,MAAM,eAAe,OAAW,MAAK,aAAa,MAAM;AAC5D,QAAI,MAAM,yBAAyB,OAAW,MAAK,uBAAuB,MAAM;AAEhF,UAAM,OAAO,cAAc,mBAAmB,QAAQ,CAAC,IAAI,IAAI,gBAAgB;AAAA,MAC7E,QAAQ,KAAK;AAAA,MACb;AAAA,IACF,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAiC,MAAM;AAAA,MACjD,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY,QAGgB;AAChC,UAAM,OAAO,cAAc,mBAAmB,OAAO,QAAQ,CAAC,IAAI,IAAI,gBAAgB;AAAA,MACpF,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC,EAAE,SAAS,CAAC;AACb,WAAO,KAAK,YAAkC,MAAM,EAAE,QAAQ,SAAS,CAAC;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,oBAAoB,QAIL;AACnB,UAAM,OAAO;AAAA,MACX,YAAY,OAAO;AAAA,MACnB,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,iBAAiB,OAAO;AAAA,IAC1B;AAEA,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,YAAgC,+BAA+B;AAAA,QACzF,QAAQ;AAAA,QACR,MAAM;AAAA,MACR,CAAC;AAED,aAAO,SAAS;AAAA,IAClB,SAAS,OAAY;AAEnB,cAAQ,MAAM,8CAA8C,KAAK;AACjE,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,aAAa,QAEe;AAChC,UAAM,QAAQ,IAAI,gBAAgB;AAAA,MAChC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC;AAED,WAAO,KAAK,YAAkC,gBAAgB,MAAM,SAAS,CAAC,IAAI;AAAA,MAChF,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,QAee;AACjC,UAAM,OAA6B;AAAA,MACjC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,aAAa,OAAO;AAAA,MACpB,gBAAgB,OAAO;AAAA,MACvB,OAAO,OAAO;AAAA,MACd,oBAAoB,OAAO;AAAA,MAC3B,UAAU,OAAO;AAAA,MACjB,kBAAkB,OAAO;AAAA,MACzB,qBAAqB,OAAO;AAAA,MAC5B,cAAc,OAAO;AAAA,MACrB,cAAc,OAAO;AAAA,MACrB,aAAa,OAAO;AAAA,MACpB,cAAc,OAAO;AAAA,MACrB,UAAU,OAAO;AAAA,IACnB;AAEA,WAAO,KAAK,YAAmC,gBAAgB;AAAA,MAC7D,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,gBAAgB,OAAO;AAAA,IACzB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAAkB,QAGG;AACzB,UAAM,WAAW,MAAM,KAAK,aAAa,EAAE,gBAAgB,OAAO,eAAe,CAAC;AAClF,UAAM,UAAU,SAAS,SAAS,KAAK,CAAC,MAAM,EAAE,eAAe,OAAO,UAAU;AAEhF,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,oBAAoB,sBAAsB,OAAO,UAAU,EAAE;AAAA,IACzE;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,cAAc,QAce;AACjC,UAAM,OAA6B;AAAA,MACjC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,MACvB,aAAa,OAAO;AAAA,MACpB,OAAO,OAAO;AAAA,MACd,cAAc,OAAO;AAAA,MACrB,cAAc,OAAO;AAAA,MACrB,aAAa,OAAO;AAAA,MACpB,oBAAoB,OAAO;AAAA,MAC3B,UAAU,OAAO;AAAA,MACjB,kBAAkB,OAAO;AAAA,MACzB,cAAc,OAAO;AAAA,MACrB,QAAQ,OAAO;AAAA,MACf,UAAU,OAAO;AAAA,IACnB;AAEA,WAAO,KAAK,YAAmC,gBAAgB,OAAO,UAAU,IAAI;AAAA,MAClF,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAc,QAGe;AACjC,UAAM,QAAQ,IAAI,gBAAgB;AAAA,MAChC,QAAQ,KAAK;AAAA,MACb,gBAAgB,OAAO;AAAA,IACzB,CAAC;AAED,WAAO,KAAK;AAAA,MACV,gBAAgB,mBAAmB,OAAO,UAAU,CAAC,IAAI,MAAM,SAAS,CAAC;AAAA,MACzE,EAAE,QAAQ,SAAS;AAAA,IACrB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,oBAAoB,QAIe;AACvC,UAAM,MAAM,MAAM,KAAK;AAAA,MACrB;AAAA,MACA;AAAA,QACE,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,QAAQ,KAAK;AAAA,UACb,gBAAgB,OAAO;AAAA,UACvB,aAAa,OAAO;AAAA,UACpB,KAAK,OAAO;AAAA,QACd;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,OAAO,IAAI,OAAO,WAAW,IAAI,WAAW;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,YAAY,QAAyD;AACzE,UAAM,iBACJ,OAAO,cAAc,YAAY,OAAO,cAAc,WAClD,OAAO,iBACP;AAEN,WAAO,KAAK,YAAiC,qBAAqB;AAAA,MAChE,QAAQ;AAAA,MACR,MAAM;AAAA,QACJ,GAAG;AAAA,QACH,QAAQ,KAAK;AAAA,MACf;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,2BACZ,cACwB;AACxB,UAAM,SAAS,MAAM,KAAK,YAAY;AAAA,MACpC,WAAW;AAAA,MACX,gBAAgB;AAAA,MAChB,kBAAkB;AAAA,IACpB,CAAC;AAED,UAAM,SAAS,OAAO,UAAU,CAAC,GAAG;AAAA,MAClC,CAAC,UAAU,MAAM,SAAS;AAAA,IAC5B;AAEA,WAAO,OAAO,YAAY;AAAA,EAC5B;AAAA,EAEQ,4BACN,OACgC;AAChC,WAAO,MACJ,OAAO,CAAC,SAAS,KAAK,KAAK,WAAW,aAAa,KAAK,KAAK,KAAK,SAAS,KAAK,CAAC,EACjF,IAAI,CAAC,SAAS;AACb,YAAM,UAAU,KAAK,WAAW;AAChC,YAAM,aAAa,QAAQ,QAAQ,SAAS,IAAI;AAEhD,UAAI,WAAW,WAAW,OAAO,GAAG;AAClC,cAAM,WAAW,WAAW,QAAQ,WAAW,CAAC;AAChD,YAAI,aAAa,IAAI;AACnB,gBAAM,cAAc,WAAW,MAAM,GAAG,QAAQ;AAChD,gBAAM,WAAmC,CAAC;AAC1C,qBAAW,QAAQ,YAAY,MAAM,IAAI,GAAG;AAC1C,kBAAM,iBAAiB,KAAK,QAAQ,GAAG;AACvC,gBAAI,mBAAmB,GAAI;AAC3B,kBAAM,MAAM,KAAK,MAAM,GAAG,cAAc,EAAE,KAAK;AAC/C,kBAAM,QAAQ,KAAK,MAAM,iBAAiB,CAAC,EAAE,KAAK;AAClD,gBAAI,OAAO,OAAO;AAChB,uBAAS,GAAG,IAAI;AAAA,YAClB;AAAA,UACF;AAEA,iBAAO;AAAA,YACL,OAAO,SAAS,UAAU,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,KAAK,KAAK;AAAA,YAC7D,aAAa,SAAS,eAAe;AAAA,YACrC,MAAM,KAAK;AAAA,UACb;AAAA,QACF;AAAA,MACF;AAEA,YAAM,QAAQ,QAAQ,MAAM,OAAO;AACnC,YAAM,YAAY,MAAM,KAAK,CAAC,SAAS,KAAK,WAAW,IAAI,CAAC;AAC5D,YAAM,QAAQ,YAAY,UAAU,QAAQ,SAAS,EAAE,EAAE,KAAK,IAAI,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,KAAK,KAAK;AACrG,YAAM,cACJ,MACG,MAAM,CAAC,EACP,IAAI,CAAC,SAAS,KAAK,KAAK,CAAC,EACzB,KAAK,CAAC,SAAS,KAAK,SAAS,KAAK,CAAC,KAAK,WAAW,GAAG,CAAC,KAAK;AAEjE,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA,MAAM,KAAK;AAAA,MACb;AAAA,IACF,CAAC,EACA,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,EAChD;AAAA,EAEA,MAAM,gBAAgB,QAEmB;AACvC,UAAM,UAAU,MAAM,KAAK,2BAA2B,OAAO,cAAc;AAC3E,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,UAAU;AAAA,QACV,YAAY,CAAC;AAAA,MACf;AAAA,IACF;AAEA,UAAM,aAAa,MAAM,KAAK,YAAY;AAAA,MACxC,WAAW;AAAA,MACX,gBAAgB,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAED,UAAM,kBAAkB,WAAW,QAAQ,CAAC,GACzC,OAAO,CAAC,SAAS,KAAK,SAAS,UAAU,KAAK,KAAK,WAAW,aAAa,KAAK,KAAK,KAAK,SAAS,KAAK,CAAC,EACzG,IAAI,CAAC,SAAS,KAAK,IAAI;AAE1B,QAAI,eAAe,WAAW,GAAG;AAC/B,aAAO;AAAA,QACL,UAAU;AAAA,QACV,YAAY,CAAC;AAAA,MACf;AAAA,IACF;AAEA,UAAM,cAAc,MAAM,KAAK,YAAY;AAAA,MACzC,WAAW;AAAA,MACX,gBAAgB,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,MAAM;AAAA,MACN,OAAO;AAAA,MACP,aAAa;AAAA,IACf,CAAC;AAED,WAAO;AAAA,MACL,UAAU;AAAA,MACV,YAAY,KAAK,4BAA4B,YAAY,SAAS,CAAC,CAAC;AAAA,IACtE;AAAA,EACF;AAAA,EAEA,MAAM,iBAAiB,QAGe;AACpC,UAAM,UAAU,MAAM,KAAK,2BAA2B,OAAO,cAAc;AAC3E,UAAM,gBAAgB,OAAO,MAAM,KAAK,KAAK;AAE7C,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,UAAU;AAAA,QACV,MAAM;AAAA,QACN,SAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,kBAAkB,YAAY;AAChC,YAAMA,UAAS,MAAM,KAAK,YAAY;AAAA,QACpC,WAAW;AAAA,QACX,gBAAgB,OAAO;AAAA,QACvB,UAAU;AAAA,QACV,MAAM;AAAA,MACR,CAAC;AAED,aAAO;AAAA,QACL,UAAU;AAAA,QACV,MAAM;AAAA,QACN,SAASA,QAAO,gBAAgB;AAAA,MAClC;AAAA,IACF;AAEA,UAAM,SAAS,MAAM,KAAK,YAAY;AAAA,MACpC,WAAW;AAAA,MACX,gBAAgB,OAAO;AAAA,MACvB,UAAU;AAAA,MACV,MAAM;AAAA,MACN,OAAO,CAAC,aAAa;AAAA,MACrB,aAAa;AAAA,IACf,CAAC;AAED,UAAM,QAAQ,OAAO,SAAS,CAAC,GAAG,KAAK,CAAC,UAAU,MAAM,SAAS,aAAa;AAE9E,WAAO;AAAA,MACL,UAAU;AAAA,MACV,MAAM;AAAA,MACN,SAAS,MAAM,WAAW;AAAA,IAC5B;AAAA,EACF;AACF;","names":["result"]}
package/dist/index.mjs CHANGED
@@ -53,6 +53,84 @@ function generateIdempotencyKey() {
53
53
  return `idem_${Date.now()}_${Math.random().toString(36).slice(2, 11)}`;
54
54
  }
55
55
 
56
+ // src/webhook-verification.ts
57
+ var KRONOS_WEBHOOK_SIGNATURE_HEADER = "x-kronos-signature";
58
+ var KRONOS_WEBHOOK_TIMESTAMP_HEADER = "x-kronos-timestamp";
59
+ var KRONOS_WEBHOOK_EVENT_ID_HEADER = "x-kronos-event-id";
60
+ var KRONOS_WEBHOOK_EVENT_TYPE_HEADER = "x-kronos-event-type";
61
+ var BILLING_USAGE_UPDATED_EVENT = "billing.usage.updated";
62
+ var KronosWebhookError = class extends Error {
63
+ constructor(message, status = 400) {
64
+ super(message);
65
+ this.name = "KronosWebhookError";
66
+ this.status = status;
67
+ }
68
+ };
69
+ function hexFromBytes(bytes) {
70
+ return Array.from(bytes).map((byte) => byte.toString(16).padStart(2, "0")).join("");
71
+ }
72
+ function buildKronosWebhookSignatureInput(timestamp, payload) {
73
+ return `${timestamp}.${payload}`;
74
+ }
75
+ async function signKronosWebhookPayload(params) {
76
+ const key = await crypto.subtle.importKey(
77
+ "raw",
78
+ new TextEncoder().encode(params.secret),
79
+ { name: "HMAC", hash: "SHA-256" },
80
+ false,
81
+ ["sign"]
82
+ );
83
+ const signature = await crypto.subtle.sign(
84
+ "HMAC",
85
+ key,
86
+ new TextEncoder().encode(
87
+ buildKronosWebhookSignatureInput(params.timestamp, params.payload)
88
+ )
89
+ );
90
+ return hexFromBytes(new Uint8Array(signature));
91
+ }
92
+ async function verifyKronosWebhookSignature(params) {
93
+ if (!params.timestamp || !params.signature || !params.secret) {
94
+ return false;
95
+ }
96
+ const toleranceSeconds = params.toleranceSeconds ?? 300;
97
+ const now = params.now ?? Math.floor(Date.now() / 1e3);
98
+ const timestampSeconds = Number(params.timestamp);
99
+ if (!Number.isFinite(timestampSeconds)) {
100
+ return false;
101
+ }
102
+ if (Math.abs(now - timestampSeconds) > toleranceSeconds) {
103
+ return false;
104
+ }
105
+ const expected = await signKronosWebhookPayload({
106
+ payload: params.payload,
107
+ secret: params.secret,
108
+ timestamp: params.timestamp
109
+ });
110
+ return verifyWebhookSecret(params.signature, expected);
111
+ }
112
+ function verifyWebhookSecret(receivedSecret, storedSecret) {
113
+ if (!receivedSecret || !storedSecret) {
114
+ return false;
115
+ }
116
+ if (receivedSecret.length !== storedSecret.length) {
117
+ return false;
118
+ }
119
+ let result = 0;
120
+ for (let i = 0; i < receivedSecret.length; i++) {
121
+ result |= receivedSecret.charCodeAt(i) ^ storedSecret.charCodeAt(i);
122
+ }
123
+ return result === 0;
124
+ }
125
+ function isBillingUsageWebhookEvent(value) {
126
+ if (!value || typeof value !== "object") {
127
+ return false;
128
+ }
129
+ const event = value;
130
+ const data = event.data;
131
+ return event.type === BILLING_USAGE_UPDATED_EVENT && typeof event.id === "string" && typeof event.created_at === "string" && !!data && typeof data.app_id === "string" && typeof data.tenant_user_id === "string" && typeof data.total_cost_usd === "number" && typeof data.latest_run_cost_usd === "number" && typeof data.updated_at === "string";
132
+ }
133
+
56
134
  // src/client.ts
57
135
  var DEFAULT_WORKER_URL = "https://api.kronos.ai";
58
136
  var DEFAULT_MASTRA_URL = "https://mastra.kronos.ai";
@@ -348,6 +426,109 @@ var KronosClient = class {
348
426
  { method: "GET" }
349
427
  );
350
428
  }
429
+ /**
430
+ * Get the app-level billing usage webhook configuration.
431
+ */
432
+ async getBillingUsageWebhook() {
433
+ const query = new URLSearchParams({
434
+ app_id: this.appId
435
+ });
436
+ return this.workerFetch(
437
+ `/v1/webhooks/billing-usage?${query.toString()}`,
438
+ { method: "GET" }
439
+ );
440
+ }
441
+ /**
442
+ * Configure the app-level billing usage webhook.
443
+ */
444
+ async configureBillingUsageWebhook(params) {
445
+ return this.workerFetch(
446
+ "/v1/webhooks/billing-usage",
447
+ {
448
+ method: "PUT",
449
+ json: {
450
+ app_id: this.appId,
451
+ webhook_url: params.webhook_url,
452
+ webhook_secret: params.webhook_secret,
453
+ event_types: params.event_types,
454
+ status: params.status
455
+ }
456
+ }
457
+ );
458
+ }
459
+ /**
460
+ * Delete the app-level billing usage webhook configuration.
461
+ */
462
+ async deleteBillingUsageWebhook() {
463
+ const query = new URLSearchParams({
464
+ app_id: this.appId
465
+ });
466
+ return this.workerFetch(
467
+ `/v1/webhooks/billing-usage?${query.toString()}`,
468
+ { method: "DELETE" }
469
+ );
470
+ }
471
+ /**
472
+ * Verify an incoming billing usage webhook against the stored app webhook secret.
473
+ */
474
+ async verifyBillingUsageWebhook(params) {
475
+ const response = await this.workerFetch(
476
+ "/v1/webhooks/billing-usage/verify",
477
+ {
478
+ method: "POST",
479
+ json: {
480
+ app_id: this.appId,
481
+ payload: params.payload,
482
+ received_signature: params.signature,
483
+ received_timestamp: params.timestamp
484
+ }
485
+ }
486
+ );
487
+ return response.valid;
488
+ }
489
+ /**
490
+ * Verify an incoming Kronos webhook request and optionally validate its payload shape.
491
+ */
492
+ async verifyWebhook(request, options = {}) {
493
+ const payload = await request.text();
494
+ const signature = request.headers.get(KRONOS_WEBHOOK_SIGNATURE_HEADER);
495
+ const timestamp = request.headers.get(KRONOS_WEBHOOK_TIMESTAMP_HEADER);
496
+ if (!signature || !timestamp) {
497
+ throw new KronosWebhookError("Missing webhook signature headers", 401);
498
+ }
499
+ const response = await this.workerFetch(
500
+ "/v1/webhooks/verify",
501
+ {
502
+ method: "POST",
503
+ json: {
504
+ app_id: this.appId,
505
+ payload,
506
+ received_signature: signature,
507
+ received_timestamp: timestamp
508
+ }
509
+ }
510
+ );
511
+ if (!response.valid) {
512
+ throw new KronosWebhookError("Invalid webhook signature", 401);
513
+ }
514
+ const eventType = request.headers.get(KRONOS_WEBHOOK_EVENT_TYPE_HEADER);
515
+ if (options.expectedEventType && eventType !== options.expectedEventType) {
516
+ throw new KronosWebhookError(
517
+ `Unsupported webhook event type: ${eventType ?? "missing"}`,
518
+ 400
519
+ );
520
+ }
521
+ let parsedPayload;
522
+ try {
523
+ parsedPayload = JSON.parse(payload);
524
+ } catch {
525
+ throw new KronosWebhookError("Invalid webhook payload", 400);
526
+ }
527
+ if (options.validate && !options.validate(parsedPayload)) {
528
+ throw new KronosWebhookError("Invalid webhook payload", 400);
529
+ }
530
+ return parsedPayload;
531
+ }
351
532
  /**
352
533
  * Read the current scratchsheet document for a user.
353
534
  */
@@ -725,22 +906,12 @@ var KronosClient = class {
725
906
  };
726
907
  }
727
908
  };
728
-
729
- // src/webhook-verification.ts
730
- function verifyWebhookSecret(receivedSecret, storedSecret) {
731
- if (!receivedSecret || !storedSecret) {
732
- return false;
733
- }
734
- if (receivedSecret.length !== storedSecret.length) {
735
- return false;
736
- }
737
- let result = 0;
738
- for (let i = 0; i < receivedSecret.length; i++) {
739
- result |= receivedSecret.charCodeAt(i) ^ storedSecret.charCodeAt(i);
740
- }
741
- return result === 0;
742
- }
743
909
  export {
910
+ BILLING_USAGE_UPDATED_EVENT,
911
+ KRONOS_WEBHOOK_EVENT_ID_HEADER,
912
+ KRONOS_WEBHOOK_EVENT_TYPE_HEADER,
913
+ KRONOS_WEBHOOK_SIGNATURE_HEADER,
914
+ KRONOS_WEBHOOK_TIMESTAMP_HEADER,
744
915
  KronosBadRequestError,
745
916
  KronosClient,
746
917
  KronosError,
@@ -748,7 +919,12 @@ export {
748
919
  KronosNotFoundError,
749
920
  KronosServerError,
750
921
  KronosUnauthorizedError,
922
+ KronosWebhookError,
923
+ buildKronosWebhookSignatureInput,
751
924
  generateIdempotencyKey,
925
+ isBillingUsageWebhookEvent,
926
+ signKronosWebhookPayload,
927
+ verifyKronosWebhookSignature,
752
928
  verifyWebhookSecret
753
929
  };
754
930
  //# sourceMappingURL=index.mjs.map