@geminixiang/mama 0.2.0-beta.1 → 0.2.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (271) hide show
  1. package/README.md +168 -371
  2. package/dist/adapter.d.ts +36 -12
  3. package/dist/adapter.d.ts.map +1 -1
  4. package/dist/adapter.js.map +1 -1
  5. package/dist/adapters/discord/bot.d.ts +12 -7
  6. package/dist/adapters/discord/bot.d.ts.map +1 -1
  7. package/dist/adapters/discord/bot.js +358 -135
  8. package/dist/adapters/discord/bot.js.map +1 -1
  9. package/dist/adapters/discord/context.d.ts +1 -1
  10. package/dist/adapters/discord/context.d.ts.map +1 -1
  11. package/dist/adapters/discord/context.js +100 -36
  12. package/dist/adapters/discord/context.js.map +1 -1
  13. package/dist/adapters/shared.d.ts +71 -0
  14. package/dist/adapters/shared.d.ts.map +1 -0
  15. package/dist/adapters/shared.js +168 -0
  16. package/dist/adapters/shared.js.map +1 -0
  17. package/dist/adapters/slack/bot.d.ts +30 -24
  18. package/dist/adapters/slack/bot.d.ts.map +1 -1
  19. package/dist/adapters/slack/bot.js +613 -224
  20. package/dist/adapters/slack/bot.js.map +1 -1
  21. package/dist/adapters/slack/branch-manager.d.ts +22 -0
  22. package/dist/adapters/slack/branch-manager.d.ts.map +1 -0
  23. package/dist/adapters/slack/branch-manager.js +97 -0
  24. package/dist/adapters/slack/branch-manager.js.map +1 -0
  25. package/dist/adapters/slack/context.d.ts +1 -1
  26. package/dist/adapters/slack/context.d.ts.map +1 -1
  27. package/dist/adapters/slack/context.js +127 -72
  28. package/dist/adapters/slack/context.js.map +1 -1
  29. package/dist/adapters/slack/session.d.ts +3 -0
  30. package/dist/adapters/slack/session.d.ts.map +1 -0
  31. package/dist/adapters/slack/session.js +16 -0
  32. package/dist/adapters/slack/session.js.map +1 -0
  33. package/dist/adapters/slack/tools/attach.d.ts +1 -1
  34. package/dist/adapters/slack/tools/attach.d.ts.map +1 -1
  35. package/dist/adapters/slack/tools/attach.js.map +1 -1
  36. package/dist/adapters/telegram/bot.d.ts +4 -2
  37. package/dist/adapters/telegram/bot.d.ts.map +1 -1
  38. package/dist/adapters/telegram/bot.js +193 -147
  39. package/dist/adapters/telegram/bot.js.map +1 -1
  40. package/dist/adapters/telegram/context.d.ts.map +1 -1
  41. package/dist/adapters/telegram/context.js +58 -111
  42. package/dist/adapters/telegram/context.js.map +1 -1
  43. package/dist/adapters/telegram/html.d.ts +3 -0
  44. package/dist/adapters/telegram/html.d.ts.map +1 -0
  45. package/dist/adapters/telegram/html.js +98 -0
  46. package/dist/adapters/telegram/html.js.map +1 -0
  47. package/dist/agent.d.ts +9 -13
  48. package/dist/agent.d.ts.map +1 -1
  49. package/dist/agent.js +601 -567
  50. package/dist/agent.js.map +1 -1
  51. package/dist/commands/auto-reply.d.ts +16 -0
  52. package/dist/commands/auto-reply.d.ts.map +1 -0
  53. package/dist/commands/auto-reply.js +69 -0
  54. package/dist/commands/auto-reply.js.map +1 -0
  55. package/dist/commands/index.d.ts +5 -0
  56. package/dist/commands/index.d.ts.map +1 -0
  57. package/dist/commands/index.js +19 -0
  58. package/dist/commands/index.js.map +1 -0
  59. package/dist/commands/login.d.ts +5 -0
  60. package/dist/commands/login.d.ts.map +1 -0
  61. package/dist/commands/login.js +76 -0
  62. package/dist/commands/login.js.map +1 -0
  63. package/dist/commands/model.d.ts +14 -0
  64. package/dist/commands/model.d.ts.map +1 -0
  65. package/dist/commands/model.js +112 -0
  66. package/dist/commands/model.js.map +1 -0
  67. package/dist/commands/new.d.ts +9 -0
  68. package/dist/commands/new.d.ts.map +1 -0
  69. package/dist/commands/new.js +28 -0
  70. package/dist/commands/new.js.map +1 -0
  71. package/dist/commands/registry.d.ts +7 -0
  72. package/dist/commands/registry.d.ts.map +1 -0
  73. package/dist/commands/registry.js +14 -0
  74. package/dist/commands/registry.js.map +1 -0
  75. package/dist/commands/sandbox.d.ts +10 -0
  76. package/dist/commands/sandbox.d.ts.map +1 -0
  77. package/dist/commands/sandbox.js +88 -0
  78. package/dist/commands/sandbox.js.map +1 -0
  79. package/dist/commands/session-view.d.ts +5 -0
  80. package/dist/commands/session-view.d.ts.map +1 -0
  81. package/dist/commands/session-view.js +62 -0
  82. package/dist/commands/session-view.js.map +1 -0
  83. package/dist/commands/types.d.ts +41 -0
  84. package/dist/commands/types.d.ts.map +1 -0
  85. package/dist/commands/types.js +2 -0
  86. package/dist/commands/types.js.map +1 -0
  87. package/dist/commands/utils.d.ts +8 -0
  88. package/dist/commands/utils.d.ts.map +1 -0
  89. package/dist/commands/utils.js +14 -0
  90. package/dist/commands/utils.js.map +1 -0
  91. package/dist/config.d.ts +49 -30
  92. package/dist/config.d.ts.map +1 -1
  93. package/dist/config.js +313 -75
  94. package/dist/config.js.map +1 -1
  95. package/dist/context.d.ts +10 -42
  96. package/dist/context.d.ts.map +1 -1
  97. package/dist/context.js +14 -127
  98. package/dist/context.js.map +1 -1
  99. package/dist/events.d.ts +13 -6
  100. package/dist/events.d.ts.map +1 -1
  101. package/dist/events.js +118 -64
  102. package/dist/events.js.map +1 -1
  103. package/dist/execution-resolver.d.ts +9 -5
  104. package/dist/execution-resolver.d.ts.map +1 -1
  105. package/dist/execution-resolver.js +82 -18
  106. package/dist/execution-resolver.js.map +1 -1
  107. package/dist/file-guards.d.ts +6 -0
  108. package/dist/file-guards.d.ts.map +1 -0
  109. package/dist/file-guards.js +48 -0
  110. package/dist/file-guards.js.map +1 -0
  111. package/dist/fs-atomic.d.ts +10 -0
  112. package/dist/fs-atomic.d.ts.map +1 -0
  113. package/dist/fs-atomic.js +45 -0
  114. package/dist/fs-atomic.js.map +1 -0
  115. package/dist/index.d.ts +7 -0
  116. package/dist/index.d.ts.map +1 -0
  117. package/dist/index.js +4 -0
  118. package/dist/index.js.map +1 -0
  119. package/dist/instrument.d.ts.map +1 -1
  120. package/dist/instrument.js +4 -11
  121. package/dist/instrument.js.map +1 -1
  122. package/dist/log.d.ts +1 -5
  123. package/dist/log.d.ts.map +1 -1
  124. package/dist/log.js +13 -38
  125. package/dist/log.js.map +1 -1
  126. package/dist/{login.d.ts → login/index.d.ts} +16 -4
  127. package/dist/login/index.d.ts.map +1 -0
  128. package/dist/{login.js → login/index.js} +55 -17
  129. package/dist/login/index.js.map +1 -0
  130. package/dist/{link-server.d.ts → login/portal.d.ts} +7 -4
  131. package/dist/login/portal.d.ts.map +1 -0
  132. package/dist/login/portal.js +1453 -0
  133. package/dist/login/portal.js.map +1 -0
  134. package/dist/{link-token.d.ts → login/session.d.ts} +4 -3
  135. package/dist/login/session.d.ts.map +1 -0
  136. package/dist/{link-token.js → login/session.js} +1 -1
  137. package/dist/login/session.js.map +1 -0
  138. package/dist/main.d.ts.map +1 -1
  139. package/dist/main.js +151 -373
  140. package/dist/main.js.map +1 -1
  141. package/dist/provisioner.d.ts +42 -52
  142. package/dist/provisioner.d.ts.map +1 -1
  143. package/dist/provisioner.js +256 -111
  144. package/dist/provisioner.js.map +1 -1
  145. package/dist/runtime/conversation-orchestrator.d.ts +42 -0
  146. package/dist/runtime/conversation-orchestrator.d.ts.map +1 -0
  147. package/dist/runtime/conversation-orchestrator.js +150 -0
  148. package/dist/runtime/conversation-orchestrator.js.map +1 -0
  149. package/dist/runtime/index.d.ts +2 -0
  150. package/dist/runtime/index.d.ts.map +1 -0
  151. package/dist/runtime/index.js +2 -0
  152. package/dist/runtime/index.js.map +1 -0
  153. package/dist/runtime/session-runtime.d.ts +27 -0
  154. package/dist/runtime/session-runtime.d.ts.map +1 -0
  155. package/dist/runtime/session-runtime.js +211 -0
  156. package/dist/runtime/session-runtime.js.map +1 -0
  157. package/dist/sandbox/cloudflare.d.ts +15 -0
  158. package/dist/sandbox/cloudflare.d.ts.map +1 -0
  159. package/dist/sandbox/cloudflare.js +137 -0
  160. package/dist/sandbox/cloudflare.js.map +1 -0
  161. package/dist/sandbox/container.d.ts +2 -1
  162. package/dist/sandbox/container.d.ts.map +1 -1
  163. package/dist/sandbox/container.js +5 -1
  164. package/dist/sandbox/container.js.map +1 -1
  165. package/dist/sandbox/firecracker.d.ts +2 -1
  166. package/dist/sandbox/firecracker.d.ts.map +1 -1
  167. package/dist/sandbox/firecracker.js +6 -0
  168. package/dist/sandbox/firecracker.js.map +1 -1
  169. package/dist/sandbox/host.d.ts +2 -3
  170. package/dist/sandbox/host.d.ts.map +1 -1
  171. package/dist/sandbox/host.js +5 -5
  172. package/dist/sandbox/host.js.map +1 -1
  173. package/dist/sandbox/index.d.ts +6 -4
  174. package/dist/sandbox/index.d.ts.map +1 -1
  175. package/dist/sandbox/index.js +9 -6
  176. package/dist/sandbox/index.js.map +1 -1
  177. package/dist/sandbox/path-context.d.ts +4 -0
  178. package/dist/sandbox/path-context.d.ts.map +1 -0
  179. package/dist/sandbox/path-context.js +20 -0
  180. package/dist/sandbox/path-context.js.map +1 -0
  181. package/dist/sandbox/types.d.ts +17 -1
  182. package/dist/sandbox/types.d.ts.map +1 -1
  183. package/dist/sandbox/types.js.map +1 -1
  184. package/dist/sentry.d.ts +1 -1
  185. package/dist/sentry.d.ts.map +1 -1
  186. package/dist/sentry.js +4 -2
  187. package/dist/sentry.js.map +1 -1
  188. package/dist/session-policy.d.ts +13 -0
  189. package/dist/session-policy.d.ts.map +1 -0
  190. package/dist/session-policy.js +23 -0
  191. package/dist/session-policy.js.map +1 -0
  192. package/dist/session-store.d.ts +34 -3
  193. package/dist/session-store.d.ts.map +1 -1
  194. package/dist/session-store.js +184 -22
  195. package/dist/session-store.js.map +1 -1
  196. package/dist/session-view/command.d.ts +5 -0
  197. package/dist/session-view/command.d.ts.map +1 -0
  198. package/dist/session-view/command.js +11 -0
  199. package/dist/session-view/command.js.map +1 -0
  200. package/dist/session-view/portal.d.ts +16 -0
  201. package/dist/session-view/portal.d.ts.map +1 -0
  202. package/dist/session-view/portal.js +1742 -0
  203. package/dist/session-view/portal.js.map +1 -0
  204. package/dist/session-view/service.d.ts +34 -0
  205. package/dist/session-view/service.d.ts.map +1 -0
  206. package/dist/session-view/service.js +427 -0
  207. package/dist/session-view/service.js.map +1 -0
  208. package/dist/session-view/store.d.ts +18 -0
  209. package/dist/session-view/store.d.ts.map +1 -0
  210. package/dist/session-view/store.js +39 -0
  211. package/dist/session-view/store.js.map +1 -0
  212. package/dist/store.d.ts +3 -6
  213. package/dist/store.d.ts.map +1 -1
  214. package/dist/store.js +22 -48
  215. package/dist/store.js.map +1 -1
  216. package/dist/tool-diagnostics.d.ts +2 -0
  217. package/dist/tool-diagnostics.d.ts.map +1 -0
  218. package/dist/tool-diagnostics.js +7 -0
  219. package/dist/tool-diagnostics.js.map +1 -0
  220. package/dist/tools/bash.d.ts +1 -1
  221. package/dist/tools/bash.d.ts.map +1 -1
  222. package/dist/tools/bash.js.map +1 -1
  223. package/dist/tools/edit.d.ts +1 -1
  224. package/dist/tools/edit.d.ts.map +1 -1
  225. package/dist/tools/edit.js.map +1 -1
  226. package/dist/tools/event.d.ts +43 -2
  227. package/dist/tools/event.d.ts.map +1 -1
  228. package/dist/tools/event.js +48 -13
  229. package/dist/tools/event.js.map +1 -1
  230. package/dist/tools/index.d.ts +2 -1
  231. package/dist/tools/index.d.ts.map +1 -1
  232. package/dist/tools/index.js +3 -3
  233. package/dist/tools/index.js.map +1 -1
  234. package/dist/tools/read.d.ts +1 -1
  235. package/dist/tools/read.d.ts.map +1 -1
  236. package/dist/tools/read.js.map +1 -1
  237. package/dist/tools/write.d.ts +1 -1
  238. package/dist/tools/write.d.ts.map +1 -1
  239. package/dist/tools/write.js.map +1 -1
  240. package/dist/trigger.d.ts +31 -0
  241. package/dist/trigger.d.ts.map +1 -0
  242. package/dist/trigger.js +98 -0
  243. package/dist/trigger.js.map +1 -0
  244. package/dist/ui-copy.d.ts +1 -0
  245. package/dist/ui-copy.d.ts.map +1 -1
  246. package/dist/ui-copy.js +3 -0
  247. package/dist/ui-copy.js.map +1 -1
  248. package/dist/vault-routing.d.ts +1 -7
  249. package/dist/vault-routing.d.ts.map +1 -1
  250. package/dist/vault-routing.js +6 -48
  251. package/dist/vault-routing.js.map +1 -1
  252. package/dist/vault.d.ts +21 -55
  253. package/dist/vault.d.ts.map +1 -1
  254. package/dist/vault.js +144 -263
  255. package/dist/vault.js.map +1 -1
  256. package/package.json +12 -10
  257. package/dist/bindings.d.ts +0 -63
  258. package/dist/bindings.d.ts.map +0 -1
  259. package/dist/bindings.js +0 -94
  260. package/dist/bindings.js.map +0 -1
  261. package/dist/link-server.d.ts.map +0 -1
  262. package/dist/link-server.js +0 -839
  263. package/dist/link-server.js.map +0 -1
  264. package/dist/link-token.d.ts.map +0 -1
  265. package/dist/link-token.js.map +0 -1
  266. package/dist/login.d.ts.map +0 -1
  267. package/dist/login.js.map +0 -1
  268. package/dist/vault.test.d.ts +0 -2
  269. package/dist/vault.test.d.ts.map +0 -1
  270. package/dist/vault.test.js +0 -67
  271. package/dist/vault.test.js.map +0 -1
package/dist/log.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"log.js","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,WAAW,GAA2B;IAC1C,EAAE,EAAE,OAAO;IACX,EAAE,EAAE,OAAO;IACX,EAAE,EAAE,MAAM;IACV,EAAE,EAAE,SAAS;IACb,EAAE,EAAE,OAAO;IACX,EAAE,EAAE,UAAU;CACf,CAAC;AAEF,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,IAAI,OAAO,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtC,OAAO,IAAI,QAAQ,CAAC;QAClB,KAAK,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ;YAC9B,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;gBACrC,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBACvF,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CACrB,EAAE,QAAQ,EAAE,WAAW,CAAC,KAAK,CAAC,IAAI,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,EACxE,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAC1B,CAAC;oBACF,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/E,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;YACD,QAAQ,EAAE,CAAC;QACb,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAcD,IAAI,MAAM,GAAuB,IAAI,CAAC;AAEtC,MAAM,UAAU,UAAU,CAAC,MAAkB;IAC3C,IAAI,MAAM;QAAE,OAAO;IAEnB,MAAM,MAAM,GAAG,MAAM,EAAE,SAAS,IAAI,SAAS,CAAC;IAC9C,MAAM,KAAK,GAAG,MAAM,EAAE,QAAQ,IAAI,MAAM,CAAC;IAEzC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,eAAe,EAAE,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,kCAAkC,KAAK,GAAG,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,sDAAsD,EAAE,GAAG,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;AACH,CAAC;AAED,6BAA6B;AAC7B,MAAM,UAAU,oBAAoB;IAClC,MAAM,GAAG,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,SAAS,CAAC,GAAe;IAChC,MAAM,GAAG,GAA2B,EAAE,OAAO,EAAE,GAAG,CAAC,cAAc,EAAE,CAAC;IACpE,IAAI,GAAG,CAAC,QAAQ;QAAE,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC1C,IAAI,GAAG,CAAC,gBAAgB;QAAE,GAAG,CAAC,WAAW,GAAG,GAAG,CAAC,gBAAgB,CAAC;IACjE,IAAI,GAAG,CAAC,SAAS;QAAE,GAAG,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;IACjD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS;IAChB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrD,OAAO,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC;AAC/B,CAAC;AAED,SAAS,aAAa,CAAC,GAAe;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACzD,IAAI,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO,OAAO,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,cAAc,GAAG,OAAO,GAAG,CAAC;IAChE,CAAC;IACD,MAAM,YAAY,GAAG,GAAG,CAAC,gBAAgB,IAAI,GAAG,CAAC,cAAc,CAAC;IAChE,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,IAAI,SAAS,CAAC;IACvC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,YAAY,EAAE,IAAI,IAAI,GAAG,OAAO,GAAG,CAAC;AACnG,CAAC;AAED,SAAS,QAAQ,CAAC,IAAY,EAAE,MAAc;IAC5C,IAAI,IAAI,CAAC,MAAM,IAAI,MAAM;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,mBAAmB,MAAM,SAAS,CAAC;AACxE,CAAC;AAED,SAAS,cAAc,CAAC,IAA6B;IACnD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,uDAAuD;QACvD,IAAI,GAAG,KAAK,OAAO;YAAE,SAAS;QAE9B,+CAA+C;QAC/C,IAAI,GAAG,KAAK,MAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,IAAI,CAAC,MAA4B,CAAC;YACjD,MAAM,KAAK,GAAG,IAAI,CAAC,KAA2B,CAAC;YAC/C,IAAI,MAAM,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBAChD,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,MAAM,IAAI,MAAM,GAAG,KAAK,EAAE,CAAC,CAAC;YACrD,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;YACD,SAAS;QACX,CAAC;QAED,kDAAkD;QAClD,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,OAAO;YAAE,SAAS;QAElD,gCAAgC;QAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,kCAAkC;YAClC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,gBAAgB;AAChB,MAAM,UAAU,cAAc,CAAC,GAAe,EAAE,IAAY;IAC1D,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED,iBAAiB;AACjB,MAAM,UAAU,YAAY,CAC1B,GAAe,EACf,QAAgB,EAChB,KAAa,EACb,IAA6B;IAE7B,IAAI,MAAM;QACR,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,EACvE,GAAG,QAAQ,KAAK,KAAK,EAAE,CACxB,CAAC;IACJ,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC;IAC1F,IAAI,aAAa,EAAE,CAAC;QAClB,kBAAkB;QAClB,MAAM,QAAQ,GAAG,aAAa;aAC3B,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;aACnC,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,GAAe,EACf,QAAgB,EAChB,UAAkB,EAClB,MAAc;IAEd,IAAI,MAAM;QACR,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,EAChF,GAAG,QAAQ,YAAY,CACxB,CAAC;IACJ,MAAM,QAAQ,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC;IAE/F,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACzC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,QAAQ,GAAG,SAAS;aACvB,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;aACnC,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,GAAe,EACf,QAAgB,EAChB,UAAkB,EAClB,KAAa;IAEb,IAAI,MAAM;QACR,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,EAC7E,GAAG,QAAQ,SAAS,CACrB,CAAC;IACJ,MAAM,QAAQ,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC;IAE/F,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,SAAS;SACvB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,qBAAqB;AACrB,MAAM,UAAU,gBAAgB,CAAC,GAAe;IAC9C,IAAI,MAAM;QAAE,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAC/F,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC,CAAC;AAC5F,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAe,EAAE,QAAgB;IAC3D,IAAI,MAAM;QAAE,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,UAAU,CAAC,CAAC;IAC/F,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,SAAS;SACvB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAe,EAAE,IAAY;IACvD,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;IACpF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,SAAS;SACvB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,cAAc;AACd,MAAM,UAAU,gBAAgB,CAAC,GAAe,EAAE,QAAgB,EAAE,SAAiB;IACnF,IAAI,MAAM;QACR,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EACnE,eAAe,QAAQ,EAAE,CAC1B,CAAC;IACJ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,QAAQ,MAAM,SAAS,EAAE,CAAC,CAAC,CAAC;AAClE,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAe,EAAE,MAAc;IAChE,IAAI,MAAM;QACR,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,kBAAkB,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,EACxD,eAAe,MAAM,MAAM,CAC5B,CAAC;IACJ,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,MAAM,CACV,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,cAAc,EAAE,MAAM,CACpF,CACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,GAAe,EAAE,QAAgB,EAAE,KAAa;IAC/E,IAAI,MAAM;QACR,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,EAC/D,oBAAoB,QAAQ,EAAE,CAC/B,CAAC;IACJ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACpF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,UAAU;AACV,MAAM,UAAU,cAAc,CAAC,GAAe;IAC5C,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,gBAAgB,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC,CAAC;AAChG,CAAC;AAED,SAAS;AACT,MAAM,UAAU,OAAO,CAAC,OAAe;IACrC,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,EAAE,aAAa,OAAO,EAAE,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAAe,EAAE,OAAgB;IAC1D,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,eAAe,OAAO,EAAE,CAAC,CAAC,CAAC;IAClE,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,QAAQ,GAAG,OAAO;aACrB,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;aACnC,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAA0B,EAAE,KAAa;IACrE,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC;QAC1E,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,KAAK,EAAE,EAAE,aAAa,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,OAAO,gBAAgB,CAAC,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,KAAK;SACnB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,gBAAgB;AAChB,MAAM,UAAU,eAAe,CAC7B,GAAe,EACf,KAMC,EACD,aAAsB,EACtB,aAAsB;IAEtB,MAAM,YAAY,GAAG,CAAC,KAAa,EAAU,EAAE;QAC7C,IAAI,KAAK,GAAG,IAAI;YAAE,OAAO,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC1C,IAAI,KAAK,GAAG,KAAK;YAAE,OAAO,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;QAC1D,IAAI,KAAK,GAAG,OAAO;YAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC;QAC3D,OAAO,GAAG,CAAC,KAAK,GAAG,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;IAC5C,CAAC,CAAC;IAEF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC9B,KAAK,CAAC,IAAI,CAAC,WAAW,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,QAAQ,KAAK,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAC/F,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CACR,UAAU,KAAK,CAAC,SAAS,CAAC,cAAc,EAAE,UAAU,KAAK,CAAC,UAAU,CAAC,cAAc,EAAE,QAAQ,CAC9F,CAAC;IACJ,CAAC;IACD,IAAI,aAAa,IAAI,aAAa,EAAE,CAAC;QACnC,MAAM,cAAc,GAAG,CAAC,CAAC,aAAa,GAAG,aAAa,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAC1E,KAAK,CAAC,IAAI,CACR,YAAY,YAAY,CAAC,aAAa,CAAC,MAAM,YAAY,CAAC,aAAa,CAAC,KAAK,cAAc,IAAI,CAChG,CAAC;IACJ,CAAC;IACD,KAAK,CAAC,IAAI,CACR,UAAU,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;QAC9E,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC;YAC1C,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc;YACtG,CAAC,CAAC,EAAE,CAAC,CACV,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,YAAY,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAEvD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEjC,iBAAiB;IACjB,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CACT;YACE,KAAK,EAAE,OAAO;YACd,GAAG,SAAS,CAAC,GAAG,CAAC;YACjB,QAAQ,EAAE,KAAK,CAAC,KAAK;YACrB,SAAS,EAAE,KAAK,CAAC,MAAM;YACvB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK;SACvB,EACD,WAAW,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACzC,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,GAAG,CACP,cAAc,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,SAAS,KAAK,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM;QACpF,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC;YAC1C,CAAC,CAAC,KAAK,KAAK,CAAC,SAAS,CAAC,cAAc,EAAE,gBAAgB,KAAK,CAAC,UAAU,CAAC,cAAc,EAAE,eAAe;YACvG,CAAC,CAAC,EAAE,CAAC;QACP,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACvC,CACF,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8BAA8B;AAC9B,MAAM,UAAU,UAAU,CAAC,UAAkB,EAAE,OAAe;IAC5D,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE,eAAe,CAAC,CAAC;IACpF,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAChC,OAAO,CAAC,GAAG,CAAC,wBAAwB,UAAU,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,8BAA8B,CAAC,CAAC;IAChF,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,mBAAmB,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AACpC,CAAC;AAED,WAAW;AACX,MAAM,UAAU,gBAAgB,CAAC,YAAoB;IACnD,IAAI,MAAM;QACR,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,YAAY,EAAE,EAAE,eAAe,YAAY,WAAW,CAAC,CAAC;IACjG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,EAAE,yBAAyB,YAAY,cAAc,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,WAAmB,EAAE,YAAoB;IAC1E,IAAI,MAAM;QACR,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,kBAAkB,EAAE,WAAW,EAAE,YAAY,EAAE,EACxD,IAAI,WAAW,KAAK,YAAY,WAAW,CAC5C,CAAC;IACJ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,EAAE,gBAAgB,WAAW,KAAK,YAAY,WAAW,CAAC,CAAC,CAAC;AACjG,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,aAAqB,EAAE,UAAkB;IAC3E,IAAI,MAAM;QACR,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,mBAAmB,EAAE,aAAa,EAAE,UAAU,EAAE,EACzD,sBAAsB,aAAa,WAAW,CAC/C,CAAC;IACJ,MAAM,QAAQ,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,IAAI,CACR,GAAG,SAAS,EAAE,gCAAgC,aAAa,gBAAgB,QAAQ,GAAG,CACvF,CACF,CAAC;AACJ,CAAC","sourcesContent":["import { Logging } from \"@google-cloud/logging\";\nimport { Writable } from \"node:stream\";\nimport chalk from \"chalk\";\nimport pino from \"pino\";\n\nconst PINO_TO_GCP: Record<number, string> = {\n 10: \"DEBUG\",\n 20: \"DEBUG\",\n 30: \"INFO\",\n 40: \"WARNING\",\n 50: \"ERROR\",\n 60: \"CRITICAL\",\n};\n\nfunction createGcpStream(): Writable {\n const log = new Logging().log(\"mama\");\n return new Writable({\n write(chunk, _encoding, callback) {\n try {\n const line = chunk.toString().trim();\n if (line) {\n const { level, time, pid: _pid, hostname: _hostname, msg, ...rest } = JSON.parse(line);\n const entry = log.entry(\n { severity: PINO_TO_GCP[level] ?? \"DEFAULT\", timestamp: new Date(time) },\n { message: msg, ...rest },\n );\n log.write(entry).catch((err) => console.error(\"GCP log write failed:\", err));\n }\n } catch {\n // ignore parse errors\n }\n callback();\n },\n });\n}\n\nexport interface LogContext {\n conversationId: string;\n userName?: string;\n conversationName?: string; // For display like #dev-team vs C16HET4EQ\n sessionId?: string;\n}\n\nexport interface LogConfig {\n logFormat?: \"console\" | \"json\";\n logLevel?: \"trace\" | \"debug\" | \"info\" | \"warn\" | \"error\";\n}\n\nlet logger: pino.Logger | null = null;\n\nexport function initLogger(config?: LogConfig): void {\n if (logger) return;\n\n const format = config?.logFormat ?? \"console\";\n const level = config?.logLevel ?? \"info\";\n\n if (format === \"json\") {\n try {\n logger = pino({ level }, createGcpStream());\n console.log(`📝 GCP logging enabled (level: ${level})`);\n } catch (err) {\n console.warn(\"⚠️ Failed to init GCP logger, JSON logging disabled:\", err);\n }\n }\n}\n\n/** Only for use in tests. */\nexport function __resetLoggerForTest(): void {\n logger = null;\n}\n\nfunction ctxFields(ctx: LogContext): Record<string, string> {\n const out: Record<string, string> = { channel: ctx.conversationId };\n if (ctx.userName) out.user = ctx.userName;\n if (ctx.conversationName) out.channelName = ctx.conversationName;\n if (ctx.sessionId) out.sessionId = ctx.sessionId;\n return out;\n}\n\nfunction timestamp(): string {\n const now = new Date();\n const hh = String(now.getHours()).padStart(2, \"0\");\n const mm = String(now.getMinutes()).padStart(2, \"0\");\n const ss = String(now.getSeconds()).padStart(2, \"0\");\n return `[${hh}:${mm}:${ss}]`;\n}\n\nfunction formatContext(ctx: LogContext): string {\n const session = ctx.sessionId ? `:${ctx.sessionId}` : \"\";\n if (ctx.conversationId.startsWith(\"D\")) {\n return `[DM:${ctx.userName || ctx.conversationId}${session}]`;\n }\n const conversation = ctx.conversationName || ctx.conversationId;\n const user = ctx.userName || \"unknown\";\n return `[${conversation.startsWith(\"#\") ? conversation : `#${conversation}`}:${user}${session}]`;\n}\n\nfunction truncate(text: string, maxLen: number): string {\n if (text.length <= maxLen) return text;\n return `${text.substring(0, maxLen)}\\n(truncated at ${maxLen} chars)`;\n}\n\nfunction formatToolArgs(args: Record<string, unknown>): string {\n const lines: string[] = [];\n\n for (const [key, value] of Object.entries(args)) {\n // Skip the label - it's already shown in the tool name\n if (key === \"label\") continue;\n\n // For read tool, format path with offset/limit\n if (key === \"path\" && typeof value === \"string\") {\n const offset = args.offset as number | undefined;\n const limit = args.limit as number | undefined;\n if (offset !== undefined && limit !== undefined) {\n lines.push(`${value}:${offset}-${offset + limit}`);\n } else {\n lines.push(value);\n }\n continue;\n }\n\n // Skip offset/limit since we already handled them\n if (key === \"offset\" || key === \"limit\") continue;\n\n // For other values, format them\n if (typeof value === \"string\") {\n // Multi-line strings get indented\n if (value.includes(\"\\n\")) {\n lines.push(value);\n } else {\n lines.push(value);\n }\n } else {\n lines.push(JSON.stringify(value));\n }\n }\n\n return lines.join(\"\\n\");\n}\n\n// User messages\nexport function logUserMessage(ctx: LogContext, text: string): void {\n if (logger) logger.info({ event: \"user_message\", ...ctxFields(ctx), text }, text);\n console.log(chalk.green(`${timestamp()} ${formatContext(ctx)} ${text}`));\n}\n\n// Tool execution\nexport function logToolStart(\n ctx: LogContext,\n toolName: string,\n label: string,\n args: Record<string, unknown>,\n): void {\n if (logger)\n logger.debug(\n { event: \"tool_start\", ...ctxFields(ctx), tool: toolName, label, args },\n `${toolName}: ${label}`,\n );\n const formattedArgs = formatToolArgs(args);\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ↳ ${toolName}: ${label}`));\n if (formattedArgs) {\n // Indent the args\n const indented = formattedArgs\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n }\n}\n\nexport function logToolSuccess(\n ctx: LogContext,\n toolName: string,\n durationMs: number,\n result: string,\n): void {\n if (logger)\n logger.debug(\n { event: \"tool_success\", ...ctxFields(ctx), tool: toolName, durationMs, result },\n `${toolName} completed`,\n );\n const duration = (durationMs / 1000).toFixed(1);\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ✓ ${toolName} (${duration}s)`));\n\n const truncated = truncate(result, 1000);\n if (truncated) {\n const indented = truncated\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n }\n}\n\nexport function logToolError(\n ctx: LogContext,\n toolName: string,\n durationMs: number,\n error: string,\n): void {\n if (logger)\n logger.warn(\n { event: \"tool_error\", ...ctxFields(ctx), tool: toolName, durationMs, error },\n `${toolName} failed`,\n );\n const duration = (durationMs / 1000).toFixed(1);\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ✗ ${toolName} (${duration}s)`));\n\n const truncated = truncate(error, 1000);\n const indented = truncated\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n}\n\n// Response streaming\nexport function logResponseStart(ctx: LogContext): void {\n if (logger) logger.debug({ event: \"response_start\", ...ctxFields(ctx) }, \"Streaming response\");\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} → Streaming response...`));\n}\n\nexport function logThinking(ctx: LogContext, thinking: string): void {\n if (logger) logger.debug({ event: \"thinking\", ...ctxFields(ctx), text: thinking }, \"Thinking\");\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💭 Thinking`));\n const truncated = truncate(thinking, 1000);\n const indented = truncated\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n}\n\nexport function logResponse(ctx: LogContext, text: string): void {\n if (logger) logger.info({ event: \"response\", ...ctxFields(ctx), text }, \"Response\");\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💬 Response`));\n const truncated = truncate(text, 1000);\n const indented = truncated\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n}\n\n// Attachments\nexport function logDownloadStart(ctx: LogContext, filename: string, localPath: string): void {\n if (logger)\n logger.debug(\n { event: \"download_start\", ...ctxFields(ctx), filename, localPath },\n `Downloading ${filename}`,\n );\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ↓ Downloading attachment`));\n console.log(chalk.dim(` ${filename} → ${localPath}`));\n}\n\nexport function logDownloadSuccess(ctx: LogContext, sizeKB: number): void {\n if (logger)\n logger.info(\n { event: \"download_success\", ...ctxFields(ctx), sizeKB },\n `Downloaded (${sizeKB} KB)`,\n );\n console.log(\n chalk.yellow(\n `${timestamp()} ${formatContext(ctx)} ✓ Downloaded (${sizeKB.toLocaleString()} KB)`,\n ),\n );\n}\n\nexport function logDownloadError(ctx: LogContext, filename: string, error: string): void {\n if (logger)\n logger.warn(\n { event: \"download_error\", ...ctxFields(ctx), filename, error },\n `Download failed: ${filename}`,\n );\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ✗ Download failed`));\n console.log(chalk.dim(` ${filename}: ${error}`));\n}\n\n// Control\nexport function logStopRequest(ctx: LogContext): void {\n if (logger) logger.info({ event: \"stop_request\", ...ctxFields(ctx) }, \"Stop requested\");\n console.log(chalk.green(`${timestamp()} ${formatContext(ctx)} stop`));\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ⊗ Stop requested - aborting`));\n}\n\n// System\nexport function logInfo(message: string): void {\n if (logger) logger.info({ event: \"info\" }, message);\n console.log(chalk.blue(`${timestamp()} [system] ${message}`));\n}\n\nexport function logWarning(message: string, details?: string): void {\n if (logger) logger.warn({ event: \"warning\", ...(details ? { details } : {}) }, message);\n console.log(chalk.yellow(`${timestamp()} [system] ⚠ ${message}`));\n if (details) {\n const indented = details\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n }\n}\n\nexport function logAgentError(ctx: LogContext | \"system\", error: string): void {\n if (logger) {\n const extra = ctx === \"system\" ? { error } : { ...ctxFields(ctx), error };\n logger.error({ event: \"agent_error\", ...extra }, \"Agent error\");\n }\n const context = ctx === \"system\" ? \"[system]\" : formatContext(ctx);\n console.log(chalk.yellow(`${timestamp()} ${context} ✗ Agent error`));\n const indented = error\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n}\n\n// Usage summary\nexport function logUsageSummary(\n ctx: LogContext,\n usage: {\n input: number;\n output: number;\n cacheRead: number;\n cacheWrite: number;\n cost: { input: number; output: number; cacheRead: number; cacheWrite: number; total: number };\n },\n contextTokens?: number,\n contextWindow?: number,\n): string {\n const formatTokens = (count: number): string => {\n if (count < 1000) return count.toString();\n if (count < 10000) return `${(count / 1000).toFixed(1)}k`;\n if (count < 1000000) return `${Math.round(count / 1000)}k`;\n return `${(count / 1000000).toFixed(1)}M`;\n };\n\n const lines: string[] = [];\n lines.push(\"_Usage Summary_\");\n lines.push(`Tokens: ${usage.input.toLocaleString()} in, ${usage.output.toLocaleString()} out`);\n if (usage.cacheRead > 0 || usage.cacheWrite > 0) {\n lines.push(\n `Cache: ${usage.cacheRead.toLocaleString()} read, ${usage.cacheWrite.toLocaleString()} write`,\n );\n }\n if (contextTokens && contextWindow) {\n const contextPercent = ((contextTokens / contextWindow) * 100).toFixed(1);\n lines.push(\n `Context: ${formatTokens(contextTokens)} / ${formatTokens(contextWindow)} (${contextPercent}%)`,\n );\n }\n lines.push(\n `Cost: $${usage.cost.input.toFixed(4)} in, $${usage.cost.output.toFixed(4)} out` +\n (usage.cacheRead > 0 || usage.cacheWrite > 0\n ? `, $${usage.cost.cacheRead.toFixed(4)} cache read, $${usage.cost.cacheWrite.toFixed(4)} cache write`\n : \"\"),\n );\n lines.push(`*Total: $${usage.cost.total.toFixed(4)}*`);\n\n const summary = lines.join(\"\\n\");\n\n // Log to console\n if (logger) {\n logger.info(\n {\n event: \"usage\",\n ...ctxFields(ctx),\n tokensIn: usage.input,\n tokensOut: usage.output,\n cacheRead: usage.cacheRead,\n cacheWrite: usage.cacheWrite,\n cost: usage.cost.total,\n },\n `Usage: $${usage.cost.total.toFixed(4)}`,\n );\n }\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💰 Usage`));\n console.log(\n chalk.dim(\n ` ${usage.input.toLocaleString()} in + ${usage.output.toLocaleString()} out` +\n (usage.cacheRead > 0 || usage.cacheWrite > 0\n ? ` (${usage.cacheRead.toLocaleString()} cache read, ${usage.cacheWrite.toLocaleString()} cache write)`\n : \"\") +\n ` = $${usage.cost.total.toFixed(4)}`,\n ),\n );\n\n return summary;\n}\n\n// Startup (no context needed)\nexport function logStartup(workingDir: string, sandbox: string): void {\n if (logger) logger.info({ event: \"startup\", workingDir, sandbox }, \"Starting mama\");\n console.log(\"Starting mama...\");\n console.log(` Working directory: ${workingDir}`);\n console.log(` Sandbox: ${sandbox}`);\n}\n\nexport function logConnected(): void {\n if (logger) logger.info({ event: \"connected\" }, \"Mama connected and listening\");\n console.log(\"⚡️ Mama connected and listening!\");\n console.log(\"\");\n}\n\nexport function logDisconnected(): void {\n if (logger) logger.info({ event: \"disconnected\" }, \"Mama disconnected\");\n console.log(\"Mama disconnected.\");\n}\n\n// Backfill\nexport function logBackfillStart(channelCount: number): void {\n if (logger)\n logger.info({ event: \"backfill_start\", channelCount }, `Backfilling ${channelCount} channels`);\n console.log(chalk.blue(`${timestamp()} [system] Backfilling ${channelCount} channels...`));\n}\n\nexport function logBackfillChannel(channelName: string, messageCount: number): void {\n if (logger)\n logger.debug(\n { event: \"backfill_channel\", channelName, messageCount },\n `#${channelName}: ${messageCount} messages`,\n );\n console.log(chalk.blue(`${timestamp()} [system] #${channelName}: ${messageCount} messages`));\n}\n\nexport function logBackfillComplete(totalMessages: number, durationMs: number): void {\n if (logger)\n logger.info(\n { event: \"backfill_complete\", totalMessages, durationMs },\n `Backfill complete: ${totalMessages} messages`,\n );\n const duration = (durationMs / 1000).toFixed(1);\n console.log(\n chalk.blue(\n `${timestamp()} [system] Backfill complete: ${totalMessages} messages in ${duration}s`,\n ),\n );\n}\n"]}
1
+ {"version":3,"file":"log.js","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,WAAW,GAA2B;IAC1C,EAAE,EAAE,OAAO;IACX,EAAE,EAAE,OAAO;IACX,EAAE,EAAE,MAAM;IACV,EAAE,EAAE,SAAS;IACb,EAAE,EAAE,OAAO;IACX,EAAE,EAAE,UAAU;CACf,CAAC;AAEF,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,IAAI,OAAO,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtC,OAAO,IAAI,QAAQ,CAAC;QAClB,KAAK,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ;YAC9B,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;gBACrC,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBACvF,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CACrB,EAAE,QAAQ,EAAE,WAAW,CAAC,KAAK,CAAC,IAAI,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,EACxE,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAC1B,CAAC;oBACF,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/E,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;YACD,QAAQ,EAAE,CAAC;QACb,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAcD,IAAI,MAAM,GAAuB,IAAI,CAAC;AAEtC,MAAM,UAAU,UAAU,CAAC,MAAkB;IAC3C,IAAI,MAAM;QAAE,OAAO;IAEnB,MAAM,MAAM,GAAG,MAAM,EAAE,SAAS,IAAI,SAAS,CAAC;IAC9C,MAAM,KAAK,GAAG,MAAM,EAAE,QAAQ,IAAI,MAAM,CAAC;IAEzC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,eAAe,EAAE,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,kCAAkC,KAAK,GAAG,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,sDAAsD,EAAE,GAAG,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;AACH,CAAC;AAED,6BAA6B;AAC7B,MAAM,UAAU,oBAAoB;IAClC,MAAM,GAAG,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,SAAS,CAAC,GAAe;IAChC,MAAM,GAAG,GAA2B,EAAE,OAAO,EAAE,GAAG,CAAC,cAAc,EAAE,CAAC;IACpE,IAAI,GAAG,CAAC,QAAQ;QAAE,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC1C,IAAI,GAAG,CAAC,gBAAgB;QAAE,GAAG,CAAC,WAAW,GAAG,GAAG,CAAC,gBAAgB,CAAC;IACjE,IAAI,GAAG,CAAC,SAAS;QAAE,GAAG,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;IACjD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS;IAChB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrD,OAAO,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC;AAC/B,CAAC;AAED,SAAS,aAAa,CAAC,GAAe;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACzD,IAAI,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO,OAAO,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,cAAc,GAAG,OAAO,GAAG,CAAC;IAChE,CAAC;IACD,MAAM,YAAY,GAAG,GAAG,CAAC,gBAAgB,IAAI,GAAG,CAAC,cAAc,CAAC;IAChE,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,IAAI,SAAS,CAAC;IACvC,OAAO,IAAI,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,YAAY,EAAE,IAAI,IAAI,GAAG,OAAO,GAAG,CAAC;AACnG,CAAC;AAED,SAAS,QAAQ,CAAC,IAAY,EAAE,MAAc;IAC5C,IAAI,IAAI,CAAC,MAAM,IAAI,MAAM;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,mBAAmB,MAAM,SAAS,CAAC;AACxE,CAAC;AAED,SAAS,cAAc,CAAC,IAA6B;IACnD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,uDAAuD;QACvD,IAAI,GAAG,KAAK,OAAO;YAAE,SAAS;QAE9B,+CAA+C;QAC/C,IAAI,GAAG,KAAK,MAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,IAAI,CAAC,MAA4B,CAAC;YACjD,MAAM,KAAK,GAAG,IAAI,CAAC,KAA2B,CAAC;YAC/C,IAAI,MAAM,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBAChD,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,MAAM,IAAI,MAAM,GAAG,KAAK,EAAE,CAAC,CAAC;YACrD,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;YACD,SAAS;QACX,CAAC;QAED,kDAAkD;QAClD,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,OAAO;YAAE,SAAS;QAElD,gCAAgC;QAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,kCAAkC;YAClC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,gBAAgB;AAChB,MAAM,UAAU,cAAc,CAAC,GAAe,EAAE,IAAY;IAC1D,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED,iBAAiB;AACjB,MAAM,UAAU,YAAY,CAC1B,GAAe,EACf,QAAgB,EAChB,KAAa,EACb,IAA6B;IAE7B,IAAI,MAAM;QACR,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,EACvE,GAAG,QAAQ,KAAK,KAAK,EAAE,CACxB,CAAC;IACJ,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC;IAC1F,IAAI,aAAa,EAAE,CAAC;QAClB,kBAAkB;QAClB,MAAM,QAAQ,GAAG,aAAa;aAC3B,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;aACnC,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,GAAe,EACf,QAAgB,EAChB,UAAkB,EAClB,MAAc;IAEd,IAAI,MAAM;QACR,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,EAChF,GAAG,QAAQ,YAAY,CACxB,CAAC;IACJ,MAAM,QAAQ,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC;IAE/F,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACzC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,QAAQ,GAAG,SAAS;aACvB,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;aACnC,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,GAAe,EACf,QAAgB,EAChB,UAAkB,EAClB,KAAa;IAEb,IAAI,MAAM;QACR,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,EAC7E,GAAG,QAAQ,SAAS,CACrB,CAAC;IACJ,MAAM,QAAQ,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC;IAE/F,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,SAAS;SACvB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,qBAAqB;AACrB,MAAM,UAAU,gBAAgB,CAAC,GAAe;IAC9C,IAAI,MAAM;QAAE,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAC/F,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC,CAAC;AAC5F,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAe,EAAE,QAAgB;IAC3D,IAAI,MAAM;QAAE,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,UAAU,CAAC,CAAC;IAC/F,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,SAAS;SACvB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAe,EAAE,IAAY;IACvD,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;IACpF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,SAAS;SACvB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,SAAS;AACT,MAAM,UAAU,OAAO,CAAC,OAAe;IACrC,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,EAAE,aAAa,OAAO,EAAE,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAAe,EAAE,OAAgB;IAC1D,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,eAAe,OAAO,EAAE,CAAC,CAAC,CAAC;IAClE,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,QAAQ,GAAG,OAAO;aACrB,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;aACnC,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAA0B,EAAE,KAAa;IACrE,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC;QAC1E,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,KAAK,EAAE,EAAE,aAAa,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,OAAO,gBAAgB,CAAC,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,KAAK;SACnB,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;SACnC,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,IAAI,KAAK,GAAG,IAAI;QAAE,OAAO,KAAK,CAAC,QAAQ,EAAE,CAAC;IAC1C,IAAI,KAAK,GAAG,KAAK;QAAE,OAAO,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;IAC1D,IAAI,KAAK,GAAG,OAAO;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC;IAC3D,OAAO,GAAG,CAAC,KAAK,GAAG,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;AAC5C,CAAC;AAED,gBAAgB;AAChB,MAAM,UAAU,eAAe,CAC7B,GAAe,EACf,KAMC,EACD,aAAsB,EACtB,aAAsB;IAEtB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC9B,KAAK,CAAC,IAAI,CAAC,WAAW,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,QAAQ,KAAK,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAC/F,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;QAChD,KAAK,CAAC,IAAI,CACR,UAAU,KAAK,CAAC,SAAS,CAAC,cAAc,EAAE,UAAU,KAAK,CAAC,UAAU,CAAC,cAAc,EAAE,QAAQ,CAC9F,CAAC;IACJ,CAAC;IACD,IAAI,aAAa,IAAI,aAAa,EAAE,CAAC;QACnC,MAAM,cAAc,GAAG,CAAC,CAAC,aAAa,GAAG,aAAa,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAC1E,KAAK,CAAC,IAAI,CACR,YAAY,gBAAgB,CAAC,aAAa,CAAC,MAAM,gBAAgB,CAAC,aAAa,CAAC,KAAK,cAAc,IAAI,CACxG,CAAC;IACJ,CAAC;IACD,KAAK,CAAC,IAAI,CACR,UAAU,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;QAC9E,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC;YAC1C,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc;YACtG,CAAC,CAAC,EAAE,CAAC,CACV,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,YAAY,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAEvD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEjC,iBAAiB;IACjB,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CACT;YACE,KAAK,EAAE,OAAO;YACd,GAAG,SAAS,CAAC,GAAG,CAAC;YACjB,QAAQ,EAAE,KAAK,CAAC,KAAK;YACrB,SAAS,EAAE,KAAK,CAAC,MAAM;YACvB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK;SACvB,EACD,WAAW,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACzC,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE,IAAI,aAAa,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,GAAG,CACP,cAAc,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,SAAS,KAAK,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM;QACpF,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC;YAC1C,CAAC,CAAC,KAAK,KAAK,CAAC,SAAS,CAAC,cAAc,EAAE,gBAAgB,KAAK,CAAC,UAAU,CAAC,cAAc,EAAE,eAAe;YACvG,CAAC,CAAC,EAAE,CAAC;QACP,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACvC,CACF,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8BAA8B;AAC9B,MAAM,UAAU,UAAU,CAAC,UAAkB,EAAE,OAAe;IAC5D,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE,eAAe,CAAC,CAAC;IACpF,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAChC,OAAO,CAAC,GAAG,CAAC,wBAAwB,UAAU,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,EAAE,8BAA8B,CAAC,CAAC;IAC1F,OAAO,CAAC,GAAG,CAAC,wBAAwB,QAAQ,iBAAiB,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,mBAAmB,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AACpC,CAAC;AAED,WAAW;AACX,MAAM,UAAU,gBAAgB,CAAC,YAAoB;IACnD,IAAI,MAAM;QACR,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,YAAY,EAAE,EAAE,eAAe,YAAY,WAAW,CAAC,CAAC;IACjG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,EAAE,yBAAyB,YAAY,cAAc,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,WAAmB,EAAE,YAAoB;IAC1E,IAAI,MAAM;QACR,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,kBAAkB,EAAE,WAAW,EAAE,YAAY,EAAE,EACxD,IAAI,WAAW,KAAK,YAAY,WAAW,CAC5C,CAAC;IACJ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,EAAE,gBAAgB,WAAW,KAAK,YAAY,WAAW,CAAC,CAAC,CAAC;AACjG,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,aAAqB,EAAE,UAAkB;IAC3E,IAAI,MAAM;QACR,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,mBAAmB,EAAE,aAAa,EAAE,UAAU,EAAE,EACzD,sBAAsB,aAAa,WAAW,CAC/C,CAAC;IACJ,MAAM,QAAQ,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,IAAI,CACR,GAAG,SAAS,EAAE,gCAAgC,aAAa,gBAAgB,QAAQ,GAAG,CACvF,CACF,CAAC;AACJ,CAAC","sourcesContent":["import { Logging } from \"@google-cloud/logging\";\nimport { Writable } from \"node:stream\";\nimport chalk from \"chalk\";\nimport pino from \"pino\";\n\nconst PINO_TO_GCP: Record<number, string> = {\n 10: \"DEBUG\",\n 20: \"DEBUG\",\n 30: \"INFO\",\n 40: \"WARNING\",\n 50: \"ERROR\",\n 60: \"CRITICAL\",\n};\n\nfunction createGcpStream(): Writable {\n const log = new Logging().log(\"mama\");\n return new Writable({\n write(chunk, _encoding, callback) {\n try {\n const line = chunk.toString().trim();\n if (line) {\n const { level, time, pid: _pid, hostname: _hostname, msg, ...rest } = JSON.parse(line);\n const entry = log.entry(\n { severity: PINO_TO_GCP[level] ?? \"DEFAULT\", timestamp: new Date(time) },\n { message: msg, ...rest },\n );\n log.write(entry).catch((err) => console.error(\"GCP log write failed:\", err));\n }\n } catch {\n // ignore parse errors\n }\n callback();\n },\n });\n}\n\nexport interface LogContext {\n conversationId: string;\n userName?: string;\n conversationName?: string; // For display like #dev-team vs C16HET4EQ\n sessionId?: string;\n}\n\nexport interface LogConfig {\n logFormat?: \"console\" | \"json\";\n logLevel?: \"trace\" | \"debug\" | \"info\" | \"warn\" | \"error\";\n}\n\nlet logger: pino.Logger | null = null;\n\nexport function initLogger(config?: LogConfig): void {\n if (logger) return;\n\n const format = config?.logFormat ?? \"console\";\n const level = config?.logLevel ?? \"info\";\n\n if (format === \"json\") {\n try {\n logger = pino({ level }, createGcpStream());\n console.log(`📝 GCP logging enabled (level: ${level})`);\n } catch (err) {\n console.warn(\"⚠️ Failed to init GCP logger, JSON logging disabled:\", err);\n }\n }\n}\n\n/** Only for use in tests. */\nexport function __resetLoggerForTest(): void {\n logger = null;\n}\n\nfunction ctxFields(ctx: LogContext): Record<string, string> {\n const out: Record<string, string> = { channel: ctx.conversationId };\n if (ctx.userName) out.user = ctx.userName;\n if (ctx.conversationName) out.channelName = ctx.conversationName;\n if (ctx.sessionId) out.sessionId = ctx.sessionId;\n return out;\n}\n\nfunction timestamp(): string {\n const now = new Date();\n const hh = String(now.getHours()).padStart(2, \"0\");\n const mm = String(now.getMinutes()).padStart(2, \"0\");\n const ss = String(now.getSeconds()).padStart(2, \"0\");\n return `[${hh}:${mm}:${ss}]`;\n}\n\nfunction formatContext(ctx: LogContext): string {\n const session = ctx.sessionId ? `:${ctx.sessionId}` : \"\";\n if (ctx.conversationId.startsWith(\"D\")) {\n return `[DM:${ctx.userName || ctx.conversationId}${session}]`;\n }\n const conversation = ctx.conversationName || ctx.conversationId;\n const user = ctx.userName || \"unknown\";\n return `[${conversation.startsWith(\"#\") ? conversation : `#${conversation}`}:${user}${session}]`;\n}\n\nfunction truncate(text: string, maxLen: number): string {\n if (text.length <= maxLen) return text;\n return `${text.substring(0, maxLen)}\\n(truncated at ${maxLen} chars)`;\n}\n\nfunction formatToolArgs(args: Record<string, unknown>): string {\n const lines: string[] = [];\n\n for (const [key, value] of Object.entries(args)) {\n // Skip the label - it's already shown in the tool name\n if (key === \"label\") continue;\n\n // For read tool, format path with offset/limit\n if (key === \"path\" && typeof value === \"string\") {\n const offset = args.offset as number | undefined;\n const limit = args.limit as number | undefined;\n if (offset !== undefined && limit !== undefined) {\n lines.push(`${value}:${offset}-${offset + limit}`);\n } else {\n lines.push(value);\n }\n continue;\n }\n\n // Skip offset/limit since we already handled them\n if (key === \"offset\" || key === \"limit\") continue;\n\n // For other values, format them\n if (typeof value === \"string\") {\n // Multi-line strings get indented\n if (value.includes(\"\\n\")) {\n lines.push(value);\n } else {\n lines.push(value);\n }\n } else {\n lines.push(JSON.stringify(value));\n }\n }\n\n return lines.join(\"\\n\");\n}\n\n// User messages\nexport function logUserMessage(ctx: LogContext, text: string): void {\n if (logger) logger.info({ event: \"user_message\", ...ctxFields(ctx), text }, text);\n console.log(chalk.green(`${timestamp()} ${formatContext(ctx)} ${text}`));\n}\n\n// Tool execution\nexport function logToolStart(\n ctx: LogContext,\n toolName: string,\n label: string,\n args: Record<string, unknown>,\n): void {\n if (logger)\n logger.debug(\n { event: \"tool_start\", ...ctxFields(ctx), tool: toolName, label, args },\n `${toolName}: ${label}`,\n );\n const formattedArgs = formatToolArgs(args);\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ↳ ${toolName}: ${label}`));\n if (formattedArgs) {\n // Indent the args\n const indented = formattedArgs\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n }\n}\n\nexport function logToolSuccess(\n ctx: LogContext,\n toolName: string,\n durationMs: number,\n result: string,\n): void {\n if (logger)\n logger.debug(\n { event: \"tool_success\", ...ctxFields(ctx), tool: toolName, durationMs, result },\n `${toolName} completed`,\n );\n const duration = (durationMs / 1000).toFixed(1);\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ✓ ${toolName} (${duration}s)`));\n\n const truncated = truncate(result, 1000);\n if (truncated) {\n const indented = truncated\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n }\n}\n\nexport function logToolError(\n ctx: LogContext,\n toolName: string,\n durationMs: number,\n error: string,\n): void {\n if (logger)\n logger.warn(\n { event: \"tool_error\", ...ctxFields(ctx), tool: toolName, durationMs, error },\n `${toolName} failed`,\n );\n const duration = (durationMs / 1000).toFixed(1);\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} ✗ ${toolName} (${duration}s)`));\n\n const truncated = truncate(error, 1000);\n const indented = truncated\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n}\n\n// Response streaming\nexport function logResponseStart(ctx: LogContext): void {\n if (logger) logger.debug({ event: \"response_start\", ...ctxFields(ctx) }, \"Streaming response\");\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} → Streaming response...`));\n}\n\nexport function logThinking(ctx: LogContext, thinking: string): void {\n if (logger) logger.debug({ event: \"thinking\", ...ctxFields(ctx), text: thinking }, \"Thinking\");\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💭 Thinking`));\n const truncated = truncate(thinking, 1000);\n const indented = truncated\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n}\n\nexport function logResponse(ctx: LogContext, text: string): void {\n if (logger) logger.info({ event: \"response\", ...ctxFields(ctx), text }, \"Response\");\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💬 Response`));\n const truncated = truncate(text, 1000);\n const indented = truncated\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n}\n\n// System\nexport function logInfo(message: string): void {\n if (logger) logger.info({ event: \"info\" }, message);\n console.log(chalk.blue(`${timestamp()} [system] ${message}`));\n}\n\nexport function logWarning(message: string, details?: string): void {\n if (logger) logger.warn({ event: \"warning\", ...(details ? { details } : {}) }, message);\n console.log(chalk.yellow(`${timestamp()} [system] ⚠ ${message}`));\n if (details) {\n const indented = details\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n }\n}\n\nexport function logAgentError(ctx: LogContext | \"system\", error: string): void {\n if (logger) {\n const extra = ctx === \"system\" ? { error } : { ...ctxFields(ctx), error };\n logger.error({ event: \"agent_error\", ...extra }, \"Agent error\");\n }\n const context = ctx === \"system\" ? \"[system]\" : formatContext(ctx);\n console.log(chalk.yellow(`${timestamp()} ${context} ✗ Agent error`));\n const indented = error\n .split(\"\\n\")\n .map((line) => ` ${line}`)\n .join(\"\\n\");\n console.log(chalk.dim(indented));\n}\n\nfunction formatTokenCount(count: number): string {\n if (count < 1000) return count.toString();\n if (count < 10000) return `${(count / 1000).toFixed(1)}k`;\n if (count < 1000000) return `${Math.round(count / 1000)}k`;\n return `${(count / 1000000).toFixed(1)}M`;\n}\n\n// Usage summary\nexport function logUsageSummary(\n ctx: LogContext,\n usage: {\n input: number;\n output: number;\n cacheRead: number;\n cacheWrite: number;\n cost: { input: number; output: number; cacheRead: number; cacheWrite: number; total: number };\n },\n contextTokens?: number,\n contextWindow?: number,\n): string {\n const lines: string[] = [];\n lines.push(\"_Usage Summary_\");\n lines.push(`Tokens: ${usage.input.toLocaleString()} in, ${usage.output.toLocaleString()} out`);\n if (usage.cacheRead > 0 || usage.cacheWrite > 0) {\n lines.push(\n `Cache: ${usage.cacheRead.toLocaleString()} read, ${usage.cacheWrite.toLocaleString()} write`,\n );\n }\n if (contextTokens && contextWindow) {\n const contextPercent = ((contextTokens / contextWindow) * 100).toFixed(1);\n lines.push(\n `Context: ${formatTokenCount(contextTokens)} / ${formatTokenCount(contextWindow)} (${contextPercent}%)`,\n );\n }\n lines.push(\n `Cost: $${usage.cost.input.toFixed(4)} in, $${usage.cost.output.toFixed(4)} out` +\n (usage.cacheRead > 0 || usage.cacheWrite > 0\n ? `, $${usage.cost.cacheRead.toFixed(4)} cache read, $${usage.cost.cacheWrite.toFixed(4)} cache write`\n : \"\"),\n );\n lines.push(`*Total: $${usage.cost.total.toFixed(4)}*`);\n\n const summary = lines.join(\"\\n\");\n\n // Log to console\n if (logger) {\n logger.info(\n {\n event: \"usage\",\n ...ctxFields(ctx),\n tokensIn: usage.input,\n tokensOut: usage.output,\n cacheRead: usage.cacheRead,\n cacheWrite: usage.cacheWrite,\n cost: usage.cost.total,\n },\n `Usage: $${usage.cost.total.toFixed(4)}`,\n );\n }\n console.log(chalk.yellow(`${timestamp()} ${formatContext(ctx)} 💰 Usage`));\n console.log(\n chalk.dim(\n ` ${usage.input.toLocaleString()} in + ${usage.output.toLocaleString()} out` +\n (usage.cacheRead > 0 || usage.cacheWrite > 0\n ? ` (${usage.cacheRead.toLocaleString()} cache read, ${usage.cacheWrite.toLocaleString()} cache write)`\n : \"\") +\n ` = $${usage.cost.total.toFixed(4)}`,\n ),\n );\n\n return summary;\n}\n\n// Startup (no context needed)\nexport function logStartup(workingDir: string, sandbox: string): void {\n if (logger) logger.info({ event: \"startup\", workingDir, sandbox }, \"Starting mama\");\n console.log(\"Starting mama...\");\n console.log(` Working directory: ${workingDir}`);\n console.log(` Sandbox: ${sandbox}`);\n}\n\nexport function logConnected(platform: string): void {\n if (logger) logger.info({ event: \"connected\", platform }, \"Mama connected and listening\");\n console.log(`⚡️ Mama connected to ${platform} and listening!`);\n console.log(\"\");\n}\n\nexport function logDisconnected(): void {\n if (logger) logger.info({ event: \"disconnected\" }, \"Mama disconnected\");\n console.log(\"Mama disconnected.\");\n}\n\n// Backfill\nexport function logBackfillStart(channelCount: number): void {\n if (logger)\n logger.info({ event: \"backfill_start\", channelCount }, `Backfilling ${channelCount} channels`);\n console.log(chalk.blue(`${timestamp()} [system] Backfilling ${channelCount} channels...`));\n}\n\nexport function logBackfillChannel(channelName: string, messageCount: number): void {\n if (logger)\n logger.debug(\n { event: \"backfill_channel\", channelName, messageCount },\n `#${channelName}: ${messageCount} messages`,\n );\n console.log(chalk.blue(`${timestamp()} [system] #${channelName}: ${messageCount} messages`));\n}\n\nexport function logBackfillComplete(totalMessages: number, durationMs: number): void {\n if (logger)\n logger.info(\n { event: \"backfill_complete\", totalMessages, durationMs },\n `Backfill complete: ${totalMessages} messages`,\n );\n const duration = (durationMs / 1000).toFixed(1);\n console.log(\n chalk.blue(\n `${timestamp()} [system] Backfill complete: ${totalMessages} messages in ${duration}s`,\n ),\n );\n}\n"]}
package/dist/{login.d.ts → login/index.d.ts} RENAMED
@@ -20,10 +20,22 @@ export interface OAuthService {
20
20
  authorizationParams?: Record<string, string>;
21
21
  fileOutput?: OAuthAuthorizedUserFileOutput;
22
22
  }
23
- export interface ParsedLoginCommand {
24
- command: "login" | "/login";
25
- }
23
+ export type ParsedLoginCommand = {
24
+ command: "login" | "/login" | "/pi-login";
25
+ action: "setup";
26
+ } | {
27
+ command: "login" | "/login" | "/pi-login";
28
+ action: "shared_create" | "shared_update" | "shared_delete";
29
+ name: string;
30
+ } | {
31
+ command: "login" | "/login" | "/pi-login";
32
+ action: "shared_list";
33
+ } | {
34
+ command: "login" | "/login" | "/pi-login";
35
+ action: "copy_shared";
36
+ name: string;
37
+ };
26
38
  export declare function getOAuthServices(): OAuthService[];
27
39
  export declare function resolveOAuthService(input: string): OAuthService | undefined;
28
40
  export declare function parseLoginCommand(text: string): ParsedLoginCommand | null;
29
- //# sourceMappingURL=login.d.ts.map
41
+ //# sourceMappingURL=index.d.ts.map
package/dist/login/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/login/index.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,mBAAmB,GAAG,SAAS,GAAG,OAAO,CAAC;AAEtD,MAAM,WAAW,6BAA6B;IAC5C,IAAI,EAAE,iBAAiB,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,4BAA4B,CAAC,EAAE,MAAM,EAAE,CAAC;IACxC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7C,UAAU,CAAC,EAAE,6BAA6B,CAAC;CAC5C;AAED,MAAM,MAAM,kBAAkB,GAC1B;IAAE,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,WAAW,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAE,GAC9D;IACE,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,WAAW,CAAC;IAC1C,MAAM,EAAE,eAAe,GAAG,eAAe,GAAG,eAAe,CAAC;IAC5D,IAAI,EAAE,MAAM,CAAC;CACd,GACD;IAAE,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,WAAW,CAAC;IAAC,MAAM,EAAE,aAAa,CAAA;CAAE,GACpE;IAAE,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,WAAW,CAAC;IAAC,MAAM,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC;AA+EvF,wBAAgB,gBAAgB,IAAI,YAAY,EAAE,CA+GjD;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAM3E;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,GAAG,IAAI,CAqCzE","sourcesContent":["import * as log from \"../log.js\";\nimport { isRecord, parseJsonValue } from \"../file-guards.js\";\n\nexport type LoginCredentialKind = \"api_key\" | \"oauth\";\n\nexport interface OAuthAuthorizedUserFileOutput {\n type: \"authorized_user\";\n relativePath: string;\n targetPath?: string;\n envKey?: string;\n}\n\nexport interface OAuthService {\n id: string;\n label: string;\n aliases: string[];\n authorizationUrl: string;\n tokenUrl: string;\n scopes: string[];\n clientIdEnvKey: string;\n clientSecretEnvKey: string;\n accessTokenEnvKey?: string;\n additionalAccessTokenEnvKeys?: string[];\n refreshTokenEnvKey?: string;\n authorizationParams?: Record<string, string>;\n fileOutput?: OAuthAuthorizedUserFileOutput;\n}\n\nexport type ParsedLoginCommand =\n | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"setup\" }\n | {\n command: \"login\" | \"/login\" | \"/pi-login\";\n action: \"shared_create\" | \"shared_update\" | \"shared_delete\";\n name: string;\n }\n | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"shared_list\" }\n | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"copy_shared\"; name: string };\n\nconst DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES = [\n \"https://www.googleapis.com/auth/drive\",\n \"https://mail.google.com/\",\n \"https://www.googleapis.com/auth/calendar\",\n \"https://www.googleapis.com/auth/spreadsheets\",\n \"https://www.googleapis.com/auth/documents\",\n \"https://www.googleapis.com/auth/chat.messages.create\",\n];\n\n// Conservative default: enough for `gh` CLI repo/user/org operations, but\n// without `workflow` (can dispatch CI), `write:packages` (can publish\n// packages), or `project`. Operators who need those can opt in via\n// MAMA_GITHUB_OAUTH_SCOPES to keep the blast radius of a compromised agent\n// host explicit and configurable.\nconst DEFAULT_GITHUB_OAUTH_SCOPES = [\"repo\", \"read:user\", \"user:email\", \"read:org\", \"gist\"];\n\nfunction resolveScopesFromEnv(envKey: string, fallback: string[]): string[] {\n const raw = process.env[envKey]?.trim();\n if (!raw) return fallback;\n\n const scopes = raw\n .split(/[\\s,]+/)\n .map((scope) => scope.trim())\n .filter(Boolean);\n\n return scopes.length > 0 ? scopes : fallback;\n}\n\nfunction resolveGoogleWorkspaceCliScopes(): string[] {\n return resolveScopesFromEnv(\n \"MAMA_GOOGLE_WORKSPACE_CLI_OAUTH_SCOPES\",\n DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES,\n );\n}\n\nfunction resolveGitHubOAuthScopes(): string[] {\n return resolveScopesFromEnv(\"MAMA_GITHUB_OAUTH_SCOPES\", DEFAULT_GITHUB_OAUTH_SCOPES);\n}\n\nfunction getBuiltinOAuthServices(): OAuthService[] {\n return [\n {\n id: \"github\",\n label: \"GitHub\",\n aliases: [\"github\", \"github_oauth\", \"gh_oauth\"],\n authorizationUrl: \"https://github.com/login/oauth/authorize\",\n tokenUrl: \"https://github.com/login/oauth/access_token\",\n scopes: resolveGitHubOAuthScopes(),\n clientIdEnvKey: \"GITHUB_OAUTH_CLIENT_ID\",\n clientSecretEnvKey: \"GITHUB_OAUTH_CLIENT_SECRET\",\n accessTokenEnvKey: \"GITHUB_OAUTH_ACCESS_TOKEN\",\n additionalAccessTokenEnvKeys: [\"GH_TOKEN\"],\n refreshTokenEnvKey: \"GITHUB_OAUTH_REFRESH_TOKEN\",\n },\n {\n id: \"google_workspace_cli\",\n label: \"Google Workspace CLI\",\n aliases: [\"google_workspace_cli\", \"gws\", \"googleworkspace\", \"google-workspace-cli\"],\n authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n tokenUrl: \"https://oauth2.googleapis.com/token\",\n scopes: resolveGoogleWorkspaceCliScopes(),\n clientIdEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_ID\",\n clientSecretEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_SECRET\",\n authorizationParams: {\n access_type: \"offline\",\n include_granted_scopes: \"true\",\n prompt: \"consent\",\n },\n fileOutput: {\n type: \"authorized_user\",\n relativePath: \"gws.json\",\n targetPath: \"/root/.config/gws/credentials.json\",\n },\n },\n ];\n}\n\nexport function getOAuthServices(): OAuthService[] {\n const raw = process.env.MAMA_OAUTH_SERVICES_JSON?.trim();\n const builtins = getBuiltinOAuthServices();\n if (!raw) return builtins;\n\n let parsed: unknown[];\n try {\n parsed = parseJsonValue(raw, Array.isArray, (detail) =>\n detail === \"unexpected JSON shape\"\n ? \"expected a JSON array of OAuth service definitions\"\n : detail,\n );\n } catch (err) {\n const detail = err instanceof Error ? err.message : String(err);\n log.logWarning(\n detail === \"expected a JSON array of OAuth service definitions\"\n ? \"Ignoring MAMA_OAUTH_SERVICES_JSON: expected a JSON array of OAuth service definitions\"\n : \"Ignoring MAMA_OAUTH_SERVICES_JSON: invalid JSON\",\n detail,\n );\n return builtins;\n }\n try {\n const custom = parsed\n .map((serviceValue): OAuthService | null => {\n if (!isRecord(serviceValue)) return null;\n const obj = serviceValue;\n const id = typeof obj.id === \"string\" ? obj.id.trim() : \"\";\n const label = typeof obj.label === \"string\" ? obj.label.trim() : \"\";\n const authorizationUrl =\n typeof obj.authorizationUrl === \"string\" ? obj.authorizationUrl.trim() : \"\";\n const tokenUrl = typeof obj.tokenUrl === \"string\" ? obj.tokenUrl.trim() : \"\";\n const clientIdEnvKey =\n typeof obj.clientIdEnvKey === \"string\" ? obj.clientIdEnvKey.trim() : \"\";\n const clientSecretEnvKey =\n typeof obj.clientSecretEnvKey === \"string\" ? obj.clientSecretEnvKey.trim() : \"\";\n const accessTokenEnvKey =\n typeof obj.accessTokenEnvKey === \"string\" ? obj.accessTokenEnvKey.trim() : undefined;\n if (\n !id ||\n !label ||\n !authorizationUrl ||\n !tokenUrl ||\n !clientIdEnvKey ||\n !clientSecretEnvKey\n ) {\n return null;\n }\n\n let fileOutput: OAuthService[\"fileOutput\"];\n if (isRecord(obj.fileOutput)) {\n const fileOutputObj = obj.fileOutput;\n const type = typeof fileOutputObj.type === \"string\" ? fileOutputObj.type.trim() : \"\";\n const relativePath =\n typeof fileOutputObj.relativePath === \"string\" ? fileOutputObj.relativePath.trim() : \"\";\n const targetPath =\n typeof fileOutputObj.targetPath === \"string\"\n ? fileOutputObj.targetPath.trim()\n : undefined;\n const envKey =\n typeof fileOutputObj.envKey === \"string\" ? fileOutputObj.envKey.trim() : undefined;\n if (type === \"authorized_user\" && relativePath) {\n fileOutput = { type: \"authorized_user\", relativePath, targetPath, envKey };\n }\n }\n\n return {\n id: id.toLowerCase(),\n label,\n aliases: Array.isArray(obj.aliases)\n ? obj.aliases\n .filter((v): v is string => typeof v === \"string\")\n .map((v) => v.toLowerCase())\n : [id.toLowerCase()],\n authorizationUrl,\n tokenUrl,\n scopes: Array.isArray(obj.scopes)\n ? obj.scopes.filter((v): v is string => typeof v === \"string\")\n : [],\n clientIdEnvKey,\n clientSecretEnvKey,\n accessTokenEnvKey,\n additionalAccessTokenEnvKeys: Array.isArray(obj.additionalAccessTokenEnvKeys)\n ? obj.additionalAccessTokenEnvKeys.filter((v): v is string => typeof v === \"string\")\n : undefined,\n refreshTokenEnvKey:\n typeof obj.refreshTokenEnvKey === \"string\" ? obj.refreshTokenEnvKey.trim() : undefined,\n authorizationParams: isRecord(obj.authorizationParams)\n ? Object.fromEntries(\n Object.entries(obj.authorizationParams).filter(\n (authorizationEntry): authorizationEntry is [string, string] =>\n typeof authorizationEntry[1] === \"string\",\n ),\n )\n : undefined,\n fileOutput,\n };\n })\n .filter((service): service is OAuthService => service !== null);\n\n const byId = new Map<string, OAuthService>();\n for (const service of builtins) byId.set(service.id, service);\n for (const service of custom) byId.set(service.id, service);\n return [...byId.values()];\n } catch (err) {\n log.logWarning(\n \"Failed to apply MAMA_OAUTH_SERVICES_JSON overrides; using builtin OAuth services\",\n err instanceof Error ? err.message : String(err),\n );\n return builtins;\n }\n}\n\nexport function resolveOAuthService(input: string): OAuthService | undefined {\n const normalized = input.trim().toLowerCase();\n if (!normalized) return undefined;\n return getOAuthServices().find(\n (service) => service.id === normalized || service.aliases.includes(normalized),\n );\n}\n\nexport function parseLoginCommand(text: string): ParsedLoginCommand | null {\n const tokens = text.trim().split(/\\s+/).filter(Boolean);\n if (tokens.length === 0) return null;\n\n const command = tokens[0].toLowerCase();\n if (command !== \"login\" && command !== \"/login\" && command !== \"/pi-login\") {\n return null;\n }\n const typedCommand = command as \"login\" | \"/login\" | \"/pi-login\";\n const [subcommand, operation, name, ...extra] = tokens.slice(1);\n\n if (!subcommand) return { command: typedCommand, action: \"setup\" };\n\n if (subcommand.toLowerCase() === \"shared\") {\n const op = operation?.toLowerCase();\n if (op === \"list\" && !name && extra.length === 0) {\n return { command: typedCommand, action: \"shared_list\" };\n }\n if ((op === \"create\" || op === \"update\" || op === \"delete\") && !!name && extra.length === 0) {\n return {\n command: typedCommand,\n action: `shared_${op}` as \"shared_create\" | \"shared_update\" | \"shared_delete\",\n name,\n };\n }\n return null;\n }\n\n if (subcommand.toLowerCase() === \"copy\" && operation && !name && extra.length === 0) {\n return { command: typedCommand, action: \"copy_shared\", name: operation };\n }\n\n // Backward-compatible: older `/pi-login gh` / `/pi-login gws` forms opened the\n // generic login page and let the portal handle provider choice.\n if (!operation && extra.length === 0) return { command: typedCommand, action: \"setup\" };\n\n return null;\n}\n"]}
package/dist/{login.js → login/index.js} RENAMED
@@ -1,3 +1,5 @@
1
+ import * as log from "../log.js";
2
+ import { isRecord, parseJsonValue } from "../file-guards.js";
1
3
  const DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES = [
2
4
  "https://www.googleapis.com/auth/drive",
3
5
  "https://mail.google.com/",
@@ -9,7 +11,7 @@ const DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES = [
9
11
  // Conservative default: enough for `gh` CLI repo/user/org operations, but
10
12
  // without `workflow` (can dispatch CI), `write:packages` (can publish
11
13
  // packages), or `project`. Operators who need those can opt in via
12
- // MOM_GITHUB_OAUTH_SCOPES to keep the blast radius of a compromised agent
14
+ // MAMA_GITHUB_OAUTH_SCOPES to keep the blast radius of a compromised agent
13
15
  // host explicit and configurable.
14
16
  const DEFAULT_GITHUB_OAUTH_SCOPES = ["repo", "read:user", "user:email", "read:org", "gist"];
15
17
  function resolveScopesFromEnv(envKey, fallback) {
@@ -23,10 +25,10 @@ function resolveScopesFromEnv(envKey, fallback) {
23
25
  return scopes.length > 0 ? scopes : fallback;
24
26
  }
25
27
  function resolveGoogleWorkspaceCliScopes() {
26
- return resolveScopesFromEnv("MOM_GOOGLE_WORKSPACE_CLI_OAUTH_SCOPES", DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES);
28
+ return resolveScopesFromEnv("MAMA_GOOGLE_WORKSPACE_CLI_OAUTH_SCOPES", DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES);
27
29
  }
28
30
  function resolveGitHubOAuthScopes() {
29
- return resolveScopesFromEnv("MOM_GITHUB_OAUTH_SCOPES", DEFAULT_GITHUB_OAUTH_SCOPES);
31
+ return resolveScopesFromEnv("MAMA_GITHUB_OAUTH_SCOPES", DEFAULT_GITHUB_OAUTH_SCOPES);
30
32
  }
31
33
  function getBuiltinOAuthServices() {
32
34
  return [
@@ -66,19 +68,29 @@ function getBuiltinOAuthServices() {
66
68
  ];
67
69
  }
68
70
  export function getOAuthServices() {
69
- const raw = process.env.MOM_OAUTH_SERVICES_JSON?.trim();
71
+ const raw = process.env.MAMA_OAUTH_SERVICES_JSON?.trim();
70
72
  const builtins = getBuiltinOAuthServices();
71
73
  if (!raw)
72
74
  return builtins;
75
+ let parsed;
76
+ try {
77
+ parsed = parseJsonValue(raw, Array.isArray, (detail) => detail === "unexpected JSON shape"
78
+ ? "expected a JSON array of OAuth service definitions"
79
+ : detail);
80
+ }
81
+ catch (err) {
82
+ const detail = err instanceof Error ? err.message : String(err);
83
+ log.logWarning(detail === "expected a JSON array of OAuth service definitions"
84
+ ? "Ignoring MAMA_OAUTH_SERVICES_JSON: expected a JSON array of OAuth service definitions"
85
+ : "Ignoring MAMA_OAUTH_SERVICES_JSON: invalid JSON", detail);
86
+ return builtins;
87
+ }
73
88
  try {
74
- const parsed = JSON.parse(raw);
75
- if (!Array.isArray(parsed))
76
- return builtins;
77
89
  const custom = parsed
78
- .map((entry) => {
79
- if (!entry || typeof entry !== "object")
90
+ .map((serviceValue) => {
91
+ if (!isRecord(serviceValue))
80
92
  return null;
81
- const obj = entry;
93
+ const obj = serviceValue;
82
94
  const id = typeof obj.id === "string" ? obj.id.trim() : "";
83
95
  const label = typeof obj.label === "string" ? obj.label.trim() : "";
84
96
  const authorizationUrl = typeof obj.authorizationUrl === "string" ? obj.authorizationUrl.trim() : "";
@@ -95,7 +107,7 @@ export function getOAuthServices() {
95
107
  return null;
96
108
  }
97
109
  let fileOutput;
98
- if (obj.fileOutput && typeof obj.fileOutput === "object") {
110
+ if (isRecord(obj.fileOutput)) {
99
111
  const fileOutputObj = obj.fileOutput;
100
112
  const type = typeof fileOutputObj.type === "string" ? fileOutputObj.type.trim() : "";
101
113
  const relativePath = typeof fileOutputObj.relativePath === "string" ? fileOutputObj.relativePath.trim() : "";
@@ -127,8 +139,8 @@ export function getOAuthServices() {
127
139
  ? obj.additionalAccessTokenEnvKeys.filter((v) => typeof v === "string")
128
140
  : undefined,
129
141
  refreshTokenEnvKey: typeof obj.refreshTokenEnvKey === "string" ? obj.refreshTokenEnvKey.trim() : undefined,
130
- authorizationParams: obj.authorizationParams && typeof obj.authorizationParams === "object"
131
- ? Object.fromEntries(Object.entries(obj.authorizationParams).filter((entry) => typeof entry[1] === "string"))
142
+ authorizationParams: isRecord(obj.authorizationParams)
143
+ ? Object.fromEntries(Object.entries(obj.authorizationParams).filter((authorizationEntry) => typeof authorizationEntry[1] === "string"))
132
144
  : undefined,
133
145
  fileOutput,
134
146
  };
@@ -141,7 +153,8 @@ export function getOAuthServices() {
141
153
  byId.set(service.id, service);
142
154
  return [...byId.values()];
143
155
  }
144
- catch {
156
+ catch (err) {
157
+ log.logWarning("Failed to apply MAMA_OAUTH_SERVICES_JSON overrides; using builtin OAuth services", err instanceof Error ? err.message : String(err));
145
158
  return builtins;
146
159
  }
147
160
  }
@@ -156,9 +169,34 @@ export function parseLoginCommand(text) {
156
169
  if (tokens.length === 0)
157
170
  return null;
158
171
  const command = tokens[0].toLowerCase();
159
- if (command !== "login" && command !== "/login") {
172
+ if (command !== "login" && command !== "/login" && command !== "/pi-login") {
160
173
  return null;
161
174
  }
162
- return { command: command };
175
+ const typedCommand = command;
176
+ const [subcommand, operation, name, ...extra] = tokens.slice(1);
177
+ if (!subcommand)
178
+ return { command: typedCommand, action: "setup" };
179
+ if (subcommand.toLowerCase() === "shared") {
180
+ const op = operation?.toLowerCase();
181
+ if (op === "list" && !name && extra.length === 0) {
182
+ return { command: typedCommand, action: "shared_list" };
183
+ }
184
+ if ((op === "create" || op === "update" || op === "delete") && !!name && extra.length === 0) {
185
+ return {
186
+ command: typedCommand,
187
+ action: `shared_${op}`,
188
+ name,
189
+ };
190
+ }
191
+ return null;
192
+ }
193
+ if (subcommand.toLowerCase() === "copy" && operation && !name && extra.length === 0) {
194
+ return { command: typedCommand, action: "copy_shared", name: operation };
195
+ }
196
+ // Backward-compatible: older `/pi-login gh` / `/pi-login gws` forms opened the
197
+ // generic login page and let the portal handle provider choice.
198
+ if (!operation && extra.length === 0)
199
+ return { command: typedCommand, action: "setup" };
200
+ return null;
163
201
  }
164
- //# sourceMappingURL=login.js.map
202
+ //# sourceMappingURL=index.js.map
package/dist/login/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/login/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAqC7D,MAAM,mCAAmC,GAAG;IAC1C,uCAAuC;IACvC,0BAA0B;IAC1B,0CAA0C;IAC1C,8CAA8C;IAC9C,2CAA2C;IAC3C,sDAAsD;CACvD,CAAC;AAEF,0EAA0E;AAC1E,sEAAsE;AACtE,mEAAmE;AACnE,2EAA2E;AAC3E,kCAAkC;AAClC,MAAM,2BAA2B,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AAE5F,SAAS,oBAAoB,CAAC,MAAc,EAAE,QAAkB;IAC9D,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC;IACxC,IAAI,CAAC,GAAG;QAAE,OAAO,QAAQ,CAAC;IAE1B,MAAM,MAAM,GAAG,GAAG;SACf,KAAK,CAAC,QAAQ,CAAC;SACf,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,OAAO,CAAC,CAAC;IAEnB,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC/C,CAAC;AAED,SAAS,+BAA+B;IACtC,OAAO,oBAAoB,CACzB,wCAAwC,EACxC,mCAAmC,CACpC,CAAC;AACJ,CAAC;AAED,SAAS,wBAAwB;IAC/B,OAAO,oBAAoB,CAAC,0BAA0B,EAAE,2BAA2B,CAAC,CAAC;AACvF,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO;QACL;YACE,EAAE,EAAE,QAAQ;YACZ,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,UAAU,CAAC;YAC/C,gBAAgB,EAAE,0CAA0C;YAC5D,QAAQ,EAAE,6CAA6C;YACvD,MAAM,EAAE,wBAAwB,EAAE;YAClC,cAAc,EAAE,wBAAwB;YACxC,kBAAkB,EAAE,4BAA4B;YAChD,iBAAiB,EAAE,2BAA2B;YAC9C,4BAA4B,EAAE,CAAC,UAAU,CAAC;YAC1C,kBAAkB,EAAE,4BAA4B;SACjD;QACD;YACE,EAAE,EAAE,sBAAsB;YAC1B,KAAK,EAAE,sBAAsB;YAC7B,OAAO,EAAE,CAAC,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,sBAAsB,CAAC;YACnF,gBAAgB,EAAE,8CAA8C;YAChE,QAAQ,EAAE,qCAAqC;YAC/C,MAAM,EAAE,+BAA+B,EAAE;YACzC,cAAc,EAAE,gCAAgC;YAChD,kBAAkB,EAAE,oCAAoC;YACxD,mBAAmB,EAAE;gBACnB,WAAW,EAAE,SAAS;gBACtB,sBAAsB,EAAE,MAAM;gBAC9B,MAAM,EAAE,SAAS;aAClB;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,iBAAiB;gBACvB,YAAY,EAAE,UAAU;gBACxB,UAAU,EAAE,oCAAoC;aACjD;SACF;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IACzD,MAAM,QAAQ,GAAG,uBAAuB,EAAE,CAAC;IAC3C,IAAI,CAAC,GAAG;QAAE,OAAO,QAAQ,CAAC;IAE1B,IAAI,MAAiB,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,GAAG,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE,CACrD,MAAM,KAAK,uBAAuB;YAChC,CAAC,CAAC,oDAAoD;YACtD,CAAC,CAAC,MAAM,CACX,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,GAAG,CAAC,UAAU,CACZ,MAAM,KAAK,oDAAoD;YAC7D,CAAC,CAAC,uFAAuF;YACzF,CAAC,CAAC,iDAAiD,EACrD,MAAM,CACP,CAAC;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM;aAClB,GAAG,CAAC,CAAC,YAAY,EAAuB,EAAE;YACzC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAAE,OAAO,IAAI,CAAC;YACzC,MAAM,GAAG,GAAG,YAAY,CAAC;YACzB,MAAM,EAAE,GAAG,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3D,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,MAAM,gBAAgB,GACpB,OAAO,GAAG,CAAC,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9E,MAAM,QAAQ,GAAG,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7E,MAAM,cAAc,GAClB,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,kBAAkB,GACtB,OAAO,GAAG,CAAC,kBAAkB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,MAAM,iBAAiB,GACrB,OAAO,GAAG,CAAC,iBAAiB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;YACvF,IACE,CAAC,EAAE;gBACH,CAAC,KAAK;gBACN,CAAC,gBAAgB;gBACjB,CAAC,QAAQ;gBACT,CAAC,cAAc;gBACf,CAAC,kBAAkB,EACnB,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,UAAsC,CAAC;YAC3C,IAAI,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7B,MAAM,aAAa,GAAG,GAAG,CAAC,UAAU,CAAC;gBACrC,MAAM,IAAI,GAAG,OAAO,aAAa,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,MAAM,YAAY,GAChB,OAAO,aAAa,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1F,MAAM,UAAU,GACd,OAAO,aAAa,CAAC,UAAU,KAAK,QAAQ;oBAC1C,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,EAAE;oBACjC,CAAC,CAAC,SAAS,CAAC;gBAChB,MAAM,MAAM,GACV,OAAO,aAAa,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;gBACrF,IAAI,IAAI,KAAK,iBAAiB,IAAI,YAAY,EAAE,CAAC;oBAC/C,UAAU,GAAG,EAAE,IAAI,EAAE,iBAAiB,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;gBAC7E,CAAC;YACH,CAAC;YAED,OAAO;gBACL,EAAE,EAAE,EAAE,CAAC,WAAW,EAAE;gBACpB,KAAK;gBACL,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;oBACjC,CAAC,CAAC,GAAG,CAAC,OAAO;yBACR,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;yBACjD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;oBAChC,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;gBACtB,gBAAgB;gBAChB,QAAQ;gBACR,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;oBAC/B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;oBAC9D,CAAC,CAAC,EAAE;gBACN,cAAc;gBACd,kBAAkB;gBAClB,iBAAiB;gBACjB,4BAA4B,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;oBAC3E,CAAC,CAAC,GAAG,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;oBACpF,CAAC,CAAC,SAAS;gBACb,kBAAkB,EAChB,OAAO,GAAG,CAAC,kBAAkB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;gBACxF,mBAAmB,EAAE,QAAQ,CAAC,GAAG,CAAC,mBAAmB,CAAC;oBACpD,CAAC,CAAC,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,MAAM,CAC5C,CAAC,kBAAkB,EAA0C,EAAE,CAC7D,OAAO,kBAAkB,CAAC,CAAC,CAAC,KAAK,QAAQ,CAC5C,CACF;oBACH,CAAC,CAAC,SAAS;gBACb,UAAU;aACX,CAAC;QACJ,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,OAAO,EAA2B,EAAE,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC;QAElE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAwB,CAAC;QAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ;YAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC9D,KAAK,MAAM,OAAO,IAAI,MAAM;YAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,UAAU,CACZ,kFAAkF,EAClF,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CACjD,CAAC;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IAClC,OAAO,gBAAgB,EAAE,CAAC,IAAI,CAC5B,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAC/E,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACxD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAErC,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACxC,IAAI,OAAO,KAAK,OAAO,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,WAAW,EAAE,CAAC;QAC3E,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,YAAY,GAAG,OAA2C,CAAC;IACjE,MAAM,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEhE,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAEnE,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,EAAE,GAAG,SAAS,EAAE,WAAW,EAAE,CAAC;QACpC,IAAI,EAAE,KAAK,MAAM,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QAC1D,CAAC;QACD,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5F,OAAO;gBACL,OAAO,EAAE,YAAY;gBACrB,MAAM,EAAE,UAAU,EAAE,EAAyD;gBAC7E,IAAI;aACL,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,MAAM,IAAI,SAAS,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpF,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;IAC3E,CAAC;IAED,+EAA+E;IAC/E,gEAAgE;IAChE,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAExF,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["import * as log from \"../log.js\";\nimport { isRecord, parseJsonValue } from \"../file-guards.js\";\n\nexport type LoginCredentialKind = \"api_key\" | \"oauth\";\n\nexport interface OAuthAuthorizedUserFileOutput {\n type: \"authorized_user\";\n relativePath: string;\n targetPath?: string;\n envKey?: string;\n}\n\nexport interface OAuthService {\n id: string;\n label: string;\n aliases: string[];\n authorizationUrl: string;\n tokenUrl: string;\n scopes: string[];\n clientIdEnvKey: string;\n clientSecretEnvKey: string;\n accessTokenEnvKey?: string;\n additionalAccessTokenEnvKeys?: string[];\n refreshTokenEnvKey?: string;\n authorizationParams?: Record<string, string>;\n fileOutput?: OAuthAuthorizedUserFileOutput;\n}\n\nexport type ParsedLoginCommand =\n | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"setup\" }\n | {\n command: \"login\" | \"/login\" | \"/pi-login\";\n action: \"shared_create\" | \"shared_update\" | \"shared_delete\";\n name: string;\n }\n | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"shared_list\" }\n | { command: \"login\" | \"/login\" | \"/pi-login\"; action: \"copy_shared\"; name: string };\n\nconst DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES = [\n \"https://www.googleapis.com/auth/drive\",\n \"https://mail.google.com/\",\n \"https://www.googleapis.com/auth/calendar\",\n \"https://www.googleapis.com/auth/spreadsheets\",\n \"https://www.googleapis.com/auth/documents\",\n \"https://www.googleapis.com/auth/chat.messages.create\",\n];\n\n// Conservative default: enough for `gh` CLI repo/user/org operations, but\n// without `workflow` (can dispatch CI), `write:packages` (can publish\n// packages), or `project`. Operators who need those can opt in via\n// MAMA_GITHUB_OAUTH_SCOPES to keep the blast radius of a compromised agent\n// host explicit and configurable.\nconst DEFAULT_GITHUB_OAUTH_SCOPES = [\"repo\", \"read:user\", \"user:email\", \"read:org\", \"gist\"];\n\nfunction resolveScopesFromEnv(envKey: string, fallback: string[]): string[] {\n const raw = process.env[envKey]?.trim();\n if (!raw) return fallback;\n\n const scopes = raw\n .split(/[\\s,]+/)\n .map((scope) => scope.trim())\n .filter(Boolean);\n\n return scopes.length > 0 ? scopes : fallback;\n}\n\nfunction resolveGoogleWorkspaceCliScopes(): string[] {\n return resolveScopesFromEnv(\n \"MAMA_GOOGLE_WORKSPACE_CLI_OAUTH_SCOPES\",\n DEFAULT_GOOGLE_WORKSPACE_CLI_SCOPES,\n );\n}\n\nfunction resolveGitHubOAuthScopes(): string[] {\n return resolveScopesFromEnv(\"MAMA_GITHUB_OAUTH_SCOPES\", DEFAULT_GITHUB_OAUTH_SCOPES);\n}\n\nfunction getBuiltinOAuthServices(): OAuthService[] {\n return [\n {\n id: \"github\",\n label: \"GitHub\",\n aliases: [\"github\", \"github_oauth\", \"gh_oauth\"],\n authorizationUrl: \"https://github.com/login/oauth/authorize\",\n tokenUrl: \"https://github.com/login/oauth/access_token\",\n scopes: resolveGitHubOAuthScopes(),\n clientIdEnvKey: \"GITHUB_OAUTH_CLIENT_ID\",\n clientSecretEnvKey: \"GITHUB_OAUTH_CLIENT_SECRET\",\n accessTokenEnvKey: \"GITHUB_OAUTH_ACCESS_TOKEN\",\n additionalAccessTokenEnvKeys: [\"GH_TOKEN\"],\n refreshTokenEnvKey: \"GITHUB_OAUTH_REFRESH_TOKEN\",\n },\n {\n id: \"google_workspace_cli\",\n label: \"Google Workspace CLI\",\n aliases: [\"google_workspace_cli\", \"gws\", \"googleworkspace\", \"google-workspace-cli\"],\n authorizationUrl: \"https://accounts.google.com/o/oauth2/v2/auth\",\n tokenUrl: \"https://oauth2.googleapis.com/token\",\n scopes: resolveGoogleWorkspaceCliScopes(),\n clientIdEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_ID\",\n clientSecretEnvKey: \"GOOGLE_WORKSPACE_CLI_CLIENT_SECRET\",\n authorizationParams: {\n access_type: \"offline\",\n include_granted_scopes: \"true\",\n prompt: \"consent\",\n },\n fileOutput: {\n type: \"authorized_user\",\n relativePath: \"gws.json\",\n targetPath: \"/root/.config/gws/credentials.json\",\n },\n },\n ];\n}\n\nexport function getOAuthServices(): OAuthService[] {\n const raw = process.env.MAMA_OAUTH_SERVICES_JSON?.trim();\n const builtins = getBuiltinOAuthServices();\n if (!raw) return builtins;\n\n let parsed: unknown[];\n try {\n parsed = parseJsonValue(raw, Array.isArray, (detail) =>\n detail === \"unexpected JSON shape\"\n ? \"expected a JSON array of OAuth service definitions\"\n : detail,\n );\n } catch (err) {\n const detail = err instanceof Error ? err.message : String(err);\n log.logWarning(\n detail === \"expected a JSON array of OAuth service definitions\"\n ? \"Ignoring MAMA_OAUTH_SERVICES_JSON: expected a JSON array of OAuth service definitions\"\n : \"Ignoring MAMA_OAUTH_SERVICES_JSON: invalid JSON\",\n detail,\n );\n return builtins;\n }\n try {\n const custom = parsed\n .map((serviceValue): OAuthService | null => {\n if (!isRecord(serviceValue)) return null;\n const obj = serviceValue;\n const id = typeof obj.id === \"string\" ? obj.id.trim() : \"\";\n const label = typeof obj.label === \"string\" ? obj.label.trim() : \"\";\n const authorizationUrl =\n typeof obj.authorizationUrl === \"string\" ? obj.authorizationUrl.trim() : \"\";\n const tokenUrl = typeof obj.tokenUrl === \"string\" ? obj.tokenUrl.trim() : \"\";\n const clientIdEnvKey =\n typeof obj.clientIdEnvKey === \"string\" ? obj.clientIdEnvKey.trim() : \"\";\n const clientSecretEnvKey =\n typeof obj.clientSecretEnvKey === \"string\" ? obj.clientSecretEnvKey.trim() : \"\";\n const accessTokenEnvKey =\n typeof obj.accessTokenEnvKey === \"string\" ? obj.accessTokenEnvKey.trim() : undefined;\n if (\n !id ||\n !label ||\n !authorizationUrl ||\n !tokenUrl ||\n !clientIdEnvKey ||\n !clientSecretEnvKey\n ) {\n return null;\n }\n\n let fileOutput: OAuthService[\"fileOutput\"];\n if (isRecord(obj.fileOutput)) {\n const fileOutputObj = obj.fileOutput;\n const type = typeof fileOutputObj.type === \"string\" ? fileOutputObj.type.trim() : \"\";\n const relativePath =\n typeof fileOutputObj.relativePath === \"string\" ? fileOutputObj.relativePath.trim() : \"\";\n const targetPath =\n typeof fileOutputObj.targetPath === \"string\"\n ? fileOutputObj.targetPath.trim()\n : undefined;\n const envKey =\n typeof fileOutputObj.envKey === \"string\" ? fileOutputObj.envKey.trim() : undefined;\n if (type === \"authorized_user\" && relativePath) {\n fileOutput = { type: \"authorized_user\", relativePath, targetPath, envKey };\n }\n }\n\n return {\n id: id.toLowerCase(),\n label,\n aliases: Array.isArray(obj.aliases)\n ? obj.aliases\n .filter((v): v is string => typeof v === \"string\")\n .map((v) => v.toLowerCase())\n : [id.toLowerCase()],\n authorizationUrl,\n tokenUrl,\n scopes: Array.isArray(obj.scopes)\n ? obj.scopes.filter((v): v is string => typeof v === \"string\")\n : [],\n clientIdEnvKey,\n clientSecretEnvKey,\n accessTokenEnvKey,\n additionalAccessTokenEnvKeys: Array.isArray(obj.additionalAccessTokenEnvKeys)\n ? obj.additionalAccessTokenEnvKeys.filter((v): v is string => typeof v === \"string\")\n : undefined,\n refreshTokenEnvKey:\n typeof obj.refreshTokenEnvKey === \"string\" ? obj.refreshTokenEnvKey.trim() : undefined,\n authorizationParams: isRecord(obj.authorizationParams)\n ? Object.fromEntries(\n Object.entries(obj.authorizationParams).filter(\n (authorizationEntry): authorizationEntry is [string, string] =>\n typeof authorizationEntry[1] === \"string\",\n ),\n )\n : undefined,\n fileOutput,\n };\n })\n .filter((service): service is OAuthService => service !== null);\n\n const byId = new Map<string, OAuthService>();\n for (const service of builtins) byId.set(service.id, service);\n for (const service of custom) byId.set(service.id, service);\n return [...byId.values()];\n } catch (err) {\n log.logWarning(\n \"Failed to apply MAMA_OAUTH_SERVICES_JSON overrides; using builtin OAuth services\",\n err instanceof Error ? err.message : String(err),\n );\n return builtins;\n }\n}\n\nexport function resolveOAuthService(input: string): OAuthService | undefined {\n const normalized = input.trim().toLowerCase();\n if (!normalized) return undefined;\n return getOAuthServices().find(\n (service) => service.id === normalized || service.aliases.includes(normalized),\n );\n}\n\nexport function parseLoginCommand(text: string): ParsedLoginCommand | null {\n const tokens = text.trim().split(/\\s+/).filter(Boolean);\n if (tokens.length === 0) return null;\n\n const command = tokens[0].toLowerCase();\n if (command !== \"login\" && command !== \"/login\" && command !== \"/pi-login\") {\n return null;\n }\n const typedCommand = command as \"login\" | \"/login\" | \"/pi-login\";\n const [subcommand, operation, name, ...extra] = tokens.slice(1);\n\n if (!subcommand) return { command: typedCommand, action: \"setup\" };\n\n if (subcommand.toLowerCase() === \"shared\") {\n const op = operation?.toLowerCase();\n if (op === \"list\" && !name && extra.length === 0) {\n return { command: typedCommand, action: \"shared_list\" };\n }\n if ((op === \"create\" || op === \"update\" || op === \"delete\") && !!name && extra.length === 0) {\n return {\n command: typedCommand,\n action: `shared_${op}` as \"shared_create\" | \"shared_update\" | \"shared_delete\",\n name,\n };\n }\n return null;\n }\n\n if (subcommand.toLowerCase() === \"copy\" && operation && !name && extra.length === 0) {\n return { command: typedCommand, action: \"copy_shared\", name: operation };\n }\n\n // Backward-compatible: older `/pi-login gh` / `/pi-login gws` forms opened the\n // generic login page and let the portal handle provider choice.\n if (!operation && extra.length === 0) return { command: typedCommand, action: \"setup\" };\n\n return null;\n}\n"]}
package/dist/{link-server.d.ts → login/portal.d.ts} RENAMED
@@ -1,5 +1,8 @@
1
- import type { InMemoryLinkTokenStore } from "./link-token.js";
2
- import { type VaultManager } from "./vault.js";
1
+ import { type Server } from "http";
2
+ import { type SessionViewInteractiveOptions } from "../session-view/portal.js";
3
+ import type { InMemorySessionViewTokenStore } from "../session-view/store.js";
4
+ import type { InMemoryLinkTokenStore } from "./session.js";
5
+ import { type VaultManager } from "../vault.js";
3
6
  /** Called after a binding is written, to notify the user in chat */
4
7
  export type NotifyFn = (platform: string, conversationId: string, message: string) => Promise<void>;
5
8
  /**
@@ -12,5 +15,5 @@ export type NotifyFn = (platform: string, conversationId: string, message: strin
12
15
  * POST /api/oauth/start — creates provider OAuth redirect URL
13
16
  * GET /oauth/callback — OAuth callback endpoint
14
17
  */
15
- export declare function startLinkServer(port: number, linkTokenStore: InMemoryLinkTokenStore, vaultManager: VaultManager, notify: NotifyFn): void;
16
- //# sourceMappingURL=link-server.d.ts.map
18
+ export declare function startLinkServer(port: number, linkTokenStore: InMemoryLinkTokenStore, vaultManager: VaultManager, notify: NotifyFn, sessionViewTokenStore?: InMemorySessionViewTokenStore, sessionViewInteractive?: SessionViewInteractiveOptions): Server;
19
+ //# sourceMappingURL=portal.d.ts.map
package/dist/login/portal.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/login/portal.ts"],"names":[],"mappings":"AACA,OAAO,EAAsC,KAAK,MAAM,EAAuB,MAAM,MAAM,CAAC;AAE5F,OAAO,EAEL,KAAK,6BAA6B,EACnC,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,0BAA0B,CAAC;AAC9E,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAS3D,OAAO,EAA0B,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAIxE,oEAAoE;AACpE,MAAM,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;AAuNpG;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,MAAM,EACZ,cAAc,EAAE,sBAAsB,EACtC,YAAY,EAAE,YAAY,EAC1B,MAAM,EAAE,QAAQ,EAChB,qBAAqB,CAAC,EAAE,6BAA6B,EACrD,sBAAsB,CAAC,EAAE,6BAA6B,GACrD,MAAM,CAmIR","sourcesContent":["import { createHash, randomBytes } from \"crypto\";\nimport { createServer, type IncomingMessage, type Server, type ServerResponse } from \"http\";\nimport { resolveLinkBaseUrl } from \"../config.js\";\nimport {\n handleSessionViewRequest,\n type SessionViewInteractiveOptions,\n} from \"../session-view/portal.js\";\nimport type { InMemorySessionViewTokenStore } from \"../session-view/store.js\";\nimport type { InMemoryLinkTokenStore } from \"./session.js\";\nimport {\n getOAuthServices,\n resolveOAuthService,\n type LoginCredentialKind,\n type OAuthService,\n} from \"./index.js\";\nimport * as log from \"../log.js\";\nimport { PRODUCT_NAME } from \"../ui-copy.js\";\nimport { defaultVaultTargetPath, type VaultManager } from \"../vault.js\";\n\n// ── Types ──────────────────────────────────────────────────────────────────────\n\n/** Called after a binding is written, to notify the user in chat */\nexport type NotifyFn = (platform: string, conversationId: string, message: string) => Promise<void>;\n\ninterface LinkCompleteBody {\n token: string;\n mode?: LoginCredentialKind;\n envKey?: string;\n credential?: string;\n env?: Record<string, string>;\n}\n\ninterface OAuthStartBody {\n token: string;\n serviceId: string;\n}\n\ninterface PendingOAuthState {\n linkToken: string;\n serviceId: string;\n codeVerifier: string;\n expiresAt: number;\n}\n\ninterface SecretPresetField {\n envKey: string;\n envKeys?: string[];\n label: string;\n type: \"text\" | \"password\";\n placeholder: string;\n helpText: string;\n optional?: boolean;\n pattern?: string;\n patternMessage?: string;\n}\n\ninterface SecretPreset {\n id: string;\n label: string;\n description: string;\n note?: string;\n fields: SecretPresetField[];\n}\n\nconst OAUTH_STATE_TTL_MS = 10 * 60 * 1000;\nconst DEFAULT_SECRET_CONFIG_ID = \"manual\";\nconst SECRET_PRESETS: SecretPreset[] = [\n {\n id: \"cloudflare_wrangler\",\n label: \"Cloudflare / Wrangler\",\n description:\n \"Store a Cloudflare API token and account ID for Wrangler, Workers, Pages, D1, and KV.\",\n note: \"Create a scoped API Token from Cloudflare Dashboard → My Profile → API Tokens. Do not use the Global API Key.\",\n fields: [\n {\n envKey: \"CLOUDFLARE_API_TOKEN\",\n label: \"Cloudflare API Token\",\n type: \"password\",\n placeholder: \"cfut_...\",\n helpText: \"Recommended for Wrangler, CI, and sandbox use.\",\n },\n {\n envKey: \"CLOUDFLARE_ACCOUNT_ID\",\n label: \"Cloudflare Account ID\",\n type: \"text\",\n placeholder: \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",\n helpText: \"Find this via wrangler whoami or in the Cloudflare dashboard account page.\",\n pattern: \"^[A-Fa-f0-9]{32}$\",\n patternMessage: \"Account ID must be a 32-character hexadecimal string.\",\n },\n ],\n },\n {\n id: \"openai\",\n label: \"OpenAI\",\n description: \"Store an OpenAI API key for tools and SDKs that use OPENAI_API_KEY.\",\n note: \"Create a standard API key from the OpenAI dashboard. Paste the key exactly as issued.\",\n fields: [\n {\n envKey: \"OPENAI_API_KEY\",\n label: \"OpenAI API Key\",\n type: \"password\",\n placeholder: \"sk-...\",\n helpText: \"Used by the OpenAI SDK, CLI wrappers, and many coding tools.\",\n },\n ],\n },\n {\n id: \"anthropic\",\n label: \"Anthropic\",\n description: \"Store an Anthropic API key for Claude and tools that use ANTHROPIC_API_KEY.\",\n note: \"Create this key from the Anthropic Console. Use a workspace-scoped key when possible.\",\n fields: [\n {\n envKey: \"ANTHROPIC_API_KEY\",\n label: \"Anthropic API Key\",\n type: \"password\",\n placeholder: \"sk-ant-...\",\n helpText: \"Used by Claude integrations and Anthropic-compatible tooling.\",\n },\n ],\n },\n {\n id: \"gemini\",\n label: \"Gemini\",\n description:\n \"Store one Google AI Studio key and expose it as both GEMINI_API_KEY and GOOGLE_API_KEY.\",\n note: \"Create a Gemini / Google AI Studio API key, then paste it once here for compatibility with both env names.\",\n fields: [\n {\n envKey: \"GEMINI_API_KEY\",\n envKeys: [\"GEMINI_API_KEY\", \"GOOGLE_API_KEY\"],\n label: \"Gemini API Key\",\n type: \"password\",\n placeholder: \"AIza...\",\n helpText: \"One value will be written to both GEMINI_API_KEY and GOOGLE_API_KEY.\",\n },\n ],\n },\n {\n id: \"openrouter\",\n label: \"OpenRouter\",\n description: \"Store an OpenRouter API key for tools that route models through OpenRouter.\",\n note: \"Create a key from the OpenRouter dashboard and paste it here.\",\n fields: [\n {\n envKey: \"OPENROUTER_API_KEY\",\n label: \"OpenRouter API Key\",\n type: \"password\",\n placeholder: \"sk-or-v1-...\",\n helpText: \"Used by OpenRouter SDKs and compatible model gateways.\",\n },\n ],\n },\n {\n id: \"github_pat\",\n label: \"GitHub PAT\",\n description:\n \"Store one GitHub personal access token and expose it as both GH_TOKEN and GITHUB_TOKEN.\",\n note: \"Create a fine-grained or classic personal access token from GitHub Settings → Developer settings.\",\n fields: [\n {\n envKey: \"GH_TOKEN\",\n envKeys: [\"GH_TOKEN\", \"GITHUB_TOKEN\"],\n label: \"GitHub Personal Access Token\",\n type: \"password\",\n placeholder: \"github_pat_...\",\n helpText: \"One value will be written to both GH_TOKEN and GITHUB_TOKEN.\",\n },\n ],\n },\n {\n id: \"vercel\",\n label: \"Vercel\",\n description: \"Store a Vercel token plus optional org and project IDs for deployment tooling.\",\n note: \"Create a token from the Vercel dashboard. Org ID and Project ID are optional but useful for scripted deploys.\",\n fields: [\n {\n envKey: \"VERCEL_TOKEN\",\n label: \"Vercel Token\",\n type: \"password\",\n placeholder: \"vercel_...\",\n helpText: \"Required for Vercel CLI and API access.\",\n },\n {\n envKey: \"VERCEL_ORG_ID\",\n label: \"Vercel Org ID\",\n type: \"text\",\n placeholder: \"team_...\",\n helpText: \"Optional. Set this when you want to target a specific team or account.\",\n optional: true,\n },\n {\n envKey: \"VERCEL_PROJECT_ID\",\n label: \"Vercel Project ID\",\n type: \"text\",\n placeholder: \"prj_...\",\n helpText: \"Optional. Set this when deploy scripts need a fixed project reference.\",\n optional: true,\n },\n ],\n },\n {\n id: \"sentry\",\n label: \"Sentry\",\n description: \"Store a Sentry auth token plus optional org and project identifiers.\",\n note: \"Create an auth token from Sentry Settings → Account → API → Auth Tokens. Org and project are optional helpers.\",\n fields: [\n {\n envKey: \"SENTRY_AUTH_TOKEN\",\n label: \"Sentry Auth Token\",\n type: \"password\",\n placeholder: \"sntrys_...\",\n helpText: \"Required for Sentry CLI, releases, and sourcemap uploads.\",\n },\n {\n envKey: \"SENTRY_ORG\",\n label: \"Sentry Org Slug\",\n type: \"text\",\n placeholder: \"my-org\",\n helpText: \"Optional. Helpful for Sentry CLI commands and CI automation.\",\n optional: true,\n },\n {\n envKey: \"SENTRY_PROJECT\",\n label: \"Sentry Project Slug\",\n type: \"text\",\n placeholder: \"my-project\",\n helpText: \"Optional. Helpful for release and sourcemap commands.\",\n optional: true,\n },\n ],\n },\n];\n\n// ── startLinkServer ────────────────────────────────────────────────────────────\n\n/**\n * Start a small HTTP server that receives credential onboarding callbacks from the web portal.\n *\n * Routes:\n * GET /health — health check\n * GET /link?token=xxx — credential onboarding page\n * POST /api/link/complete — API key completion endpoint\n * POST /api/oauth/start — creates provider OAuth redirect URL\n * GET /oauth/callback — OAuth callback endpoint\n */\nexport function startLinkServer(\n port: number,\n linkTokenStore: InMemoryLinkTokenStore,\n vaultManager: VaultManager,\n notify: NotifyFn,\n sessionViewTokenStore?: InMemorySessionViewTokenStore,\n sessionViewInteractive?: SessionViewInteractiveOptions,\n): Server {\n const oauthStates = new Map<string, PendingOAuthState>();\n\n const server = createServer(async (req: IncomingMessage, res: ServerResponse) => {\n try {\n const url = new URL(req.url ?? \"/\", requestBaseUrl(req));\n\n if (req.method === \"GET\" && url.pathname === \"/health\") {\n res.writeHead(200, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ ok: true }));\n return;\n }\n\n if (\n await handleSessionViewRequest(req, res, url, sessionViewTokenStore, sessionViewInteractive)\n ) {\n return;\n }\n\n if (req.method === \"GET\" && url.pathname === \"/link\") {\n const rawToken = url.searchParams.get(\"token\") ?? \"\";\n const linkToken = linkTokenStore.peek(rawToken);\n\n if (!linkToken) {\n res.writeHead(400, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(\n renderErrorPage(\n \"This link is invalid or has expired. Ask the bot for a new /login link.\",\n ),\n );\n return;\n }\n\n const oauthServiceHint = linkToken.providerId\n ? resolveOAuthService(linkToken.providerId)\n : undefined;\n const oauthServices = getOAuthServices();\n const defaultMode: LoginCredentialKind = oauthServiceHint ? \"oauth\" : \"api_key\";\n const existingSecrets = describeVaultSecrets(vaultManager, linkToken.vaultId);\n\n const title = oauthServiceHint ? `${oauthServiceHint.label} OAuth` : \"Store Secret\";\n const helpText = oauthServiceHint\n ? `Authorize ${oauthServiceHint.label} and store tokens in your vault.`\n : \"Set any environment variable key/value pair in your vault.\";\n const secretLabel = \"Secret value\";\n const placeholder = \"sk-...\";\n const initialEnvKey = \"\";\n\n res.writeHead(200, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(\n renderCredentialPage(\n rawToken,\n title,\n defaultMode,\n initialEnvKey,\n secretLabel,\n placeholder,\n helpText,\n oauthServices,\n oauthServiceHint?.id,\n existingSecrets,\n ),\n );\n return;\n }\n\n if (req.method === \"POST\" && url.pathname === \"/api/link/complete\") {\n if (!enforceCsrf(req, res)) return;\n void readJsonBody(req, res, async (body) => {\n await handleLinkComplete(body, linkTokenStore, vaultManager, notify, res);\n });\n return;\n }\n\n if (req.method === \"POST\" && url.pathname === \"/api/oauth/start\") {\n if (!enforceCsrf(req, res)) return;\n void readJsonBody(req, res, async (body) => {\n await handleOAuthStart(body, req, linkTokenStore, oauthStates, res);\n });\n return;\n }\n\n if (req.method === \"GET\" && url.pathname === \"/oauth/callback\") {\n void handleOAuthCallback(\n url,\n req,\n linkTokenStore,\n vaultManager,\n notify,\n oauthStates,\n res,\n ).catch((err: Error) => {\n log.logWarning(\"OAuth callback failed\", err.message);\n res.writeHead(500, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(renderErrorPage(\"OAuth callback failed. Please retry /login.\"));\n });\n return;\n }\n\n res.writeHead(404);\n res.end();\n } catch (err) {\n log.logWarning(\"Link server request error\", err instanceof Error ? err.message : String(err));\n if (!res.headersSent) {\n res.writeHead(500, { \"Content-Type\": \"application/json\" });\n }\n res.end(JSON.stringify({ error: \"Internal server error\" }));\n }\n });\n\n // Bind to loopback when MAMA_LINK_URL is unset so the credential UI and OAuth\n // callbacks are not exposed on public interfaces by default. Production\n // deployments set MAMA_LINK_URL and are expected to front this server with a\n // reverse proxy, which can still reach it via 0.0.0.0.\n const bindHost = resolveLinkBaseUrl() ? undefined : \"127.0.0.1\";\n server.listen(port, bindHost, () => {\n log.logInfo(`Link callback server listening on ${bindHost ?? \"0.0.0.0\"}:${port}`);\n if (!resolveLinkBaseUrl()) {\n log.logWarning(\n \"MAMA_LINK_URL is not set — bound to 127.0.0.1 and OAuth redirect_uri will be \" +\n \"derived from request headers (Host / X-Forwarded-*). Set \" +\n \"MAMA_LINK_URL=https://your-host.example.com for production.\",\n );\n }\n });\n\n server.on(\"error\", (err) => {\n log.logWarning(\"Link server error\", err.message);\n });\n\n return server;\n}\n\n/**\n * Resolve the externally-visible base URL of this server.\n *\n * Prefers MAMA_LINK_URL (see config.ts) so the OAuth `redirect_uri` is\n * deterministic and not influenced by attacker-controlled request headers.\n * Falls back to Host / X-Forwarded-* only when no base URL is configured\n * — intended for local development.\n */\nfunction requestBaseUrl(req: IncomingMessage): string {\n const configured = resolveLinkBaseUrl();\n if (configured) return configured;\n\n const protoRaw = (req.headers[\"x-forwarded-proto\"] as string | undefined)?.split(\",\")[0]?.trim();\n const proto = protoRaw || \"http\";\n const host =\n ((req.headers[\"x-forwarded-host\"] as string | undefined)?.split(\",\")[0]?.trim() ??\n req.headers.host ??\n `localhost`) ||\n `localhost`;\n return `${proto}://${host}`;\n}\n\n/**\n * Block cross-site POSTs to the credential endpoints. Two defenses:\n * 1. Require Content-Type: application/json, which forces a CORS preflight\n * for any cross-origin fetch and rules out `<form enctype=\"text/plain\">`\n * tricks that could otherwise smuggle a JSON body.\n * 2. When MAMA_LINK_URL is configured, require that the Origin (or Referer,\n * as a fallback for browsers that strip Origin) matches that base URL.\n * This stops an attacker-controlled page — even one that somehow stole a\n * victim's link token — from completing the flow.\n */\nfunction enforceCsrf(req: IncomingMessage, res: ServerResponse): boolean {\n const contentType = (req.headers[\"content-type\"] as string | undefined)\n ?.split(\";\")[0]\n ?.trim()\n .toLowerCase();\n if (contentType !== \"application/json\") {\n res.writeHead(415, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ error: \"Content-Type must be application/json\" }));\n return false;\n }\n\n const configured = resolveLinkBaseUrl();\n if (!configured) {\n // No trusted origin to compare against in local/dev mode; the loopback\n // bind already prevents cross-host access.\n return true;\n }\n\n let configuredOrigin: string;\n try {\n configuredOrigin = new URL(configured).origin;\n } catch {\n // Misconfigured MAMA_LINK_URL — fail closed.\n res.writeHead(500, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ error: \"Server misconfiguration\" }));\n return false;\n }\n\n if (requestOrigin(req) !== configuredOrigin) {\n res.writeHead(403, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ error: \"Cross-origin request rejected\" }));\n return false;\n }\n\n return true;\n}\n\n/** Best-effort origin of the request, derived from Origin or Referer. */\nfunction requestOrigin(req: IncomingMessage): string | undefined {\n const origin = (req.headers.origin as string | undefined)?.trim();\n if (origin && origin !== \"null\") return origin;\n\n const referer = (req.headers.referer as string | undefined)?.trim();\n if (!referer) return undefined;\n try {\n return new URL(referer).origin;\n } catch {\n return undefined;\n }\n}\n\nasync function readJsonBody(\n req: IncomingMessage,\n res: ServerResponse,\n onBody: (body: string) => Promise<void>,\n): Promise<void> {\n let body = \"\";\n let bodyTooLarge = false;\n\n req.on(\"data\", (chunk: Buffer) => {\n if (bodyTooLarge) return;\n body += chunk.toString();\n if (body.length > 16 * 1024) {\n bodyTooLarge = true;\n res.writeHead(413);\n res.end();\n req.destroy();\n }\n });\n\n req.on(\"end\", async () => {\n if (bodyTooLarge) return;\n await onBody(body);\n });\n}\n\n// ── HTML helpers ───────────────────────────────────────────────────────────────\n\nfunction esc(s: string): string {\n return s.replace(\n /[&<>\"']/g,\n (c) => ({ \"&\": \"&amp;\", \"<\": \"&lt;\", \">\": \"&gt;\", '\"': \"&quot;\", \"'\": \"&#39;\" })[c]!,\n );\n}\n\nconst sharedPageStyles = `\n :root {\n color-scheme: light;\n --bg: #f5f1e8;\n --panel: rgba(255, 255, 255, 0.9);\n --panel-border: rgba(28, 30, 33, 0.08);\n --text: #1c1e21;\n --muted: #5d5f64;\n --button: #1c1e21;\n --button-hover: #2c3035;\n --button-disabled: #8f949b;\n --field-border: #c9cfd6;\n --field-focus: #1c1e21;\n --ok-bg: #dff4e4;\n --ok-text: #1f5b34;\n --err-bg: #fde2e2;\n --err-text: #8a2f2f;\n }\n\n * { box-sizing: border-box; }\n\n body {\n margin: 0;\n min-height: 100vh;\n padding: 32px 20px;\n display: grid;\n grid-template-columns: minmax(0, 560px);\n justify-content: center;\n align-content: start;\n background:\n radial-gradient(circle at top, rgba(255, 255, 255, 0.7), transparent 45%),\n linear-gradient(180deg, #faf7f0 0%, var(--bg) 100%);\n color: var(--text);\n font-family:\n \"SF Pro Text\",\n \"Segoe UI\",\n system-ui,\n sans-serif;\n }\n\n .shell {\n width: 100%;\n min-width: 0;\n display: grid;\n gap: 16px;\n align-content: start;\n }\n\n .card {\n padding: 28px;\n border: 1px solid var(--panel-border);\n border-radius: 20px;\n background: var(--panel);\n box-shadow: 0 18px 48px rgba(28, 30, 33, 0.08);\n backdrop-filter: blur(8px);\n }\n\n .eyebrow {\n margin: 0 0 10px;\n color: var(--muted);\n font-size: 0.82rem;\n font-weight: 700;\n letter-spacing: 0.08em;\n text-transform: uppercase;\n }\n\n h1 {\n margin: 0 0 10px;\n font-size: clamp(1.5rem, 2vw, 1.8rem);\n line-height: 1.15;\n text-wrap: balance;\n }\n\n p {\n margin: 0;\n color: var(--muted);\n font-size: 0.98rem;\n line-height: 1.5;\n }\n\n .stack > * + * {\n margin-top: 14px;\n }\n\n label {\n display: block;\n margin-bottom: 6px;\n font-size: 0.92rem;\n font-weight: 650;\n }\n\n input,\n select,\n button {\n font: inherit;\n }\n\n input,\n select {\n width: 100%;\n padding: 12px 14px;\n border: 1px solid var(--field-border);\n border-radius: 12px;\n background: #fff;\n color: var(--text);\n }\n\n input:focus-visible,\n select:focus-visible,\n button:focus-visible {\n outline: 2px solid var(--field-focus);\n outline-offset: 2px;\n }\n\n code {\n font-family: \"SFMono-Regular\", ui-monospace, SFMono-Regular, Menlo, monospace;\n font-size: 0.92em;\n overflow-wrap: anywhere;\n }\n\n .primary-button {\n width: 100%;\n padding: 13px 18px;\n border: none;\n border-radius: 12px;\n background: var(--button);\n color: #fff;\n cursor: pointer;\n transition: background-color 160ms ease;\n }\n\n .primary-button:hover {\n background: var(--button-hover);\n }\n\n .primary-button:disabled {\n background: var(--button-disabled);\n cursor: default;\n }\n\n .service-logo {\n display: inline-flex;\n align-items: center;\n justify-content: center;\n width: 36px;\n height: 36px;\n border-radius: 10px;\n flex: 0 0 36px;\n background: #1c1e21;\n color: #fff;\n }\n\n .service-logo svg {\n display: block;\n width: 20px;\n height: 20px;\n }\n\n .service-logo-text {\n font-size: 11px;\n font-weight: 800;\n letter-spacing: 0.04em;\n text-transform: uppercase;\n }\n\n .service-logo.cloudflare {\n background: linear-gradient(180deg, #ffb66d 0%, #f48120 100%);\n }\n\n .service-logo.openai {\n background: linear-gradient(180deg, #3e4045 0%, #111315 100%);\n }\n\n .service-logo.anthropic {\n background: linear-gradient(180deg, #d6b48c 0%, #9a6d3a 100%);\n }\n\n .service-logo.gemini {\n background: linear-gradient(180deg, #8ab4ff 0%, #5b6cff 100%);\n }\n\n .service-logo.openrouter {\n background: linear-gradient(180deg, #8c8cff 0%, #4f46e5 100%);\n }\n\n .service-logo.github {\n background: linear-gradient(180deg, #4a4f57 0%, #1b1f23 100%);\n }\n\n .service-logo.vercel {\n background: linear-gradient(180deg, #4a4f57 0%, #000 100%);\n }\n\n .service-logo.sentry {\n background: linear-gradient(180deg, #7c5cff 0%, #3f2e8c 100%);\n }\n\n .service-logo.manual {\n background: linear-gradient(180deg, #43474d 0%, #1c1e21 100%);\n }\n\n .provider-card > * + * {\n margin-top: 14px;\n }\n\n .provider-header {\n display: flex;\n align-items: center;\n gap: 12px;\n }\n\n .provider-title {\n flex: 1;\n margin: 0;\n font-size: 1rem;\n font-weight: 650;\n line-height: 1.3;\n }\n\n .provider-field label {\n display: inline-flex;\n align-items: center;\n gap: 6px;\n }\n\n .help {\n position: relative;\n display: inline-flex;\n align-items: center;\n }\n\n .help-trigger {\n width: 18px;\n height: 18px;\n padding: 0;\n border: 1px solid var(--field-border);\n border-radius: 50%;\n background: rgba(255, 255, 255, 0.9);\n color: var(--muted);\n font-size: 11px;\n font-weight: 700;\n line-height: 1;\n cursor: pointer;\n }\n\n .help-trigger:hover {\n color: var(--text);\n border-color: var(--text);\n }\n\n .help-content {\n display: none;\n position: absolute;\n top: calc(100% + 6px);\n left: 0;\n z-index: 10;\n width: max-content;\n max-width: 280px;\n padding: 10px 12px;\n border: 1px solid var(--panel-border);\n border-radius: 10px;\n background: #fff;\n color: var(--text);\n font-size: 0.85rem;\n font-weight: 400;\n line-height: 1.45;\n box-shadow: 0 8px 24px rgba(28, 30, 33, 0.12);\n white-space: normal;\n }\n\n .help-trigger[aria-expanded=\"true\"] + .help-content {\n display: block;\n }\n\n .help-trigger[aria-expanded=\"true\"] {\n color: var(--text);\n border-color: var(--text);\n }\n\n .mode {\n display: flex;\n flex-wrap: wrap;\n gap: 10px;\n margin-top: 22px;\n }\n\n .mode label {\n display: inline-flex;\n align-items: center;\n gap: 8px;\n margin: 0;\n padding: 10px 12px;\n border: 1px solid var(--field-border);\n border-radius: 999px;\n background: rgba(255, 255, 255, 0.85);\n font-weight: 500;\n }\n\n .mode input {\n width: auto;\n margin: 0;\n }\n\n .panel {\n display: none;\n }\n\n .panel.active {\n display: block;\n }\n\n #api-panel.active {\n display: grid;\n gap: 16px;\n }\n\n .panel-note {\n margin-top: 10px;\n font-size: 0.92rem;\n }\n\n .result,\n .status {\n margin-top: 20px;\n padding: 14px 16px;\n border-radius: 14px;\n font-size: 0.95rem;\n }\n\n .result {\n display: none;\n }\n\n .result.ok,\n .status.ok {\n background: var(--ok-bg);\n color: var(--ok-text);\n }\n\n .result.err,\n .status.err {\n background: var(--err-bg);\n color: var(--err-text);\n }\n\n .secrets-summary {\n margin-top: 18px;\n padding: 14px 16px;\n border: 1px solid var(--panel-border);\n border-radius: 14px;\n background: rgba(255, 255, 255, 0.72);\n }\n\n .secrets-summary h2 {\n margin: 0 0 8px;\n font-size: 0.98rem;\n }\n\n .secrets-summary p {\n font-size: 0.92rem;\n }\n\n .secrets-summary ul {\n margin: 10px 0 0;\n padding-left: 18px;\n color: var(--text);\n }\n\n .secrets-summary li + li {\n margin-top: 6px;\n }\n\n .close-note {\n margin-top: 14px;\n font-size: 0.92rem;\n }\n\n @media (max-width: 640px) {\n body {\n padding: 16px 12px;\n }\n\n .shell {\n gap: 12px;\n }\n\n .card {\n padding: 20px;\n border-radius: 16px;\n }\n\n /* Mode toggle pills fill the row evenly */\n .mode label {\n flex: 1;\n justify-content: center;\n }\n\n /* Larger touch targets */\n input,\n select {\n padding: 14px;\n }\n\n .primary-button {\n padding: 15px 18px;\n }\n\n /* Prevent help popover from overflowing the viewport */\n .help-content {\n max-width: min(260px, calc(100vw - 40px));\n }\n\n /* Right-align popovers that sit near the right edge */\n .provider-header .help-content {\n left: auto;\n right: 0;\n }\n }\n`;\n\nfunction renderHtmlDocument(title: string, shellContent: string): string {\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <title>${esc(title)} — ${PRODUCT_NAME}</title>\n <style>${sharedPageStyles}</style>\n</head>\n<body>\n <main class=\"shell\">\n ${shellContent}\n </main>\n</body>\n</html>`;\n}\n\nfunction renderPageDocument(title: string, body: string): string {\n return renderHtmlDocument(title, `<section class=\"card\">${body}</section>`);\n}\n\nfunction renderStatusPage(\n title: string,\n message: string,\n tone: \"ok\" | \"err\",\n options?: { closeNote?: boolean },\n): string {\n const closeNote = options?.closeNote ? '<p class=\"close-note\">You can close this tab.</p>' : \"\";\n return renderPageDocument(\n title,\n `<div class=\"stack\">\n <p class=\"eyebrow\">${PRODUCT_NAME}</p>\n <h1>${esc(title)}</h1>\n <div class=\"status ${tone}\">${esc(message)}</div>\n ${closeNote}\n </div>`,\n );\n}\n\ninterface ExistingSecretsSummary {\n envKeys: string[];\n mountTargets: string[];\n}\n\nfunction describeVaultSecrets(vaultManager: VaultManager, vaultId: string): ExistingSecretsSummary {\n const vault = vaultManager.resolve(vaultId);\n if (!vault) {\n return { envKeys: [], mountTargets: [] };\n }\n\n return {\n envKeys: Object.keys(vault.env).toSorted((left, right) => left.localeCompare(right)),\n mountTargets: [...new Set(vault.mounts.map((mount) => mount.target))].toSorted((left, right) =>\n left.localeCompare(right),\n ),\n };\n}\n\nfunction renderSecretsSummary(summary: ExistingSecretsSummary): string {\n if (summary.envKeys.length === 0 && summary.mountTargets.length === 0) {\n return `\n <section class=\"secrets-summary\">\n <h2>Currently stored</h2>\n <p>No secrets are stored in this vault yet.</p>\n </section>`;\n }\n\n const envItems = summary.envKeys.map((envKey) => `<li><code>${esc(envKey)}</code></li>`).join(\"\");\n const mountItems = summary.mountTargets\n .map((target) => `<li><code>${esc(target)}</code></li>`)\n .join(\"\");\n\n return `\n <section class=\"secrets-summary\">\n <h2>Currently stored</h2>\n <p>Only secret names and mounted paths are shown here. Secret values are never displayed.</p>\n ${summary.envKeys.length > 0 ? `<p><strong>Environment keys</strong></p><ul>${envItems}</ul>` : \"\"}\n ${summary.mountTargets.length > 0 ? `<p><strong>Mounted secret files</strong></p><ul>${mountItems}</ul>` : \"\"}\n </section>`;\n}\n\nfunction renderServiceLogo(kind: string): string {\n if (kind === \"cloudflare_wrangler\") {\n return `<span class=\"service-logo cloudflare\" aria-hidden=\"true\">\n <svg viewBox=\"0 0 24 24\" fill=\"none\">\n <path d=\"M8.5 17.5h8.2a2.9 2.9 0 0 0 .4-5.78A4.45 4.45 0 0 0 8.9 10.4a3.7 3.7 0 0 0-.4 7.1Z\" fill=\"white\" fill-opacity=\"0.98\"/>\n <path d=\"M6.6 17.5h5.1a2.3 2.3 0 0 0 0-4.6 3.1 3.1 0 0 0-3-2.2 3.23 3.23 0 0 0-3.18 3.64A2.67 2.67 0 0 0 6.6 17.5Z\" fill=\"white\"/>\n </svg>\n </span>`;\n }\n\n const textLogos: Record<string, { className: string; text: string }> = {\n openai: { className: \"openai\", text: \"OA\" },\n anthropic: { className: \"anthropic\", text: \"AI\" },\n gemini: { className: \"gemini\", text: \"G\" },\n openrouter: { className: \"openrouter\", text: \"OR\" },\n github_pat: { className: \"github\", text: \"GH\" },\n vercel: { className: \"vercel\", text: \"V\" },\n sentry: { className: \"sentry\", text: \"S\" },\n manual: { className: \"manual\", text: \">_\" },\n };\n const logo = textLogos[kind] ?? textLogos.manual;\n return `<span class=\"service-logo ${logo.className}\" aria-hidden=\"true\"><span class=\"service-logo-text\">${logo.text}</span></span>`;\n}\n\nfunction resolveFieldEnvKeys(field: SecretPresetField): string[] {\n return field.envKeys && field.envKeys.length > 0 ? field.envKeys : [field.envKey];\n}\n\nfunction renderStoredEnvKeysInline(field: SecretPresetField): string {\n return resolveFieldEnvKeys(field)\n .map((envKey) => `<code>${esc(envKey)}</code>`)\n .join(\", \");\n}\n\nfunction renderHelpIcon(html: string): string {\n return `<span class=\"help\">\n <button type=\"button\" class=\"help-trigger\" aria-label=\"More info\" aria-expanded=\"false\">?</button>\n <span class=\"help-content\" role=\"tooltip\">${html}</span>\n </span>`;\n}\n\nfunction renderPresetProviderCard(preset: SecretPreset): string {\n const headerHelp = preset.note ? renderHelpIcon(esc(preset.note)) : \"\";\n const fields = preset.fields\n .map((field) => {\n const storedKeys = renderStoredEnvKeysInline(field);\n const helpText = `${esc(field.helpText)} Stored as ${storedKeys}.${field.optional ? \" Optional.\" : \"\"}`;\n return `<div class=\"provider-field\">\n <label for=\"preset-${esc(preset.id)}-${esc(field.envKey)}\">\n ${esc(field.label)}\n ${renderHelpIcon(helpText)}\n </label>\n <input\n id=\"preset-${esc(preset.id)}-${esc(field.envKey)}\"\n type=\"${field.type}\"\n autocomplete=\"off\"\n placeholder=\"${esc(field.placeholder)}\"\n data-env-key=\"${esc(field.envKey)}\"\n data-env-keys=\"${esc(resolveFieldEnvKeys(field).join(\",\"))}\"\n data-field-label=\"${esc(field.label)}\"\n ${field.optional ? 'data-optional=\"true\"' : \"\"}\n ${field.pattern ? `data-pattern=\"${esc(field.pattern)}\"` : \"\"}\n ${field.patternMessage ? `data-pattern-message=\"${esc(field.patternMessage)}\"` : \"\"}\n >\n </div>`;\n })\n .join(\"\\n\");\n\n return `<section class=\"card provider-card\" data-provider-kind=\"preset\" data-provider-id=\"${esc(preset.id)}\">\n <div class=\"provider-header\">\n ${renderServiceLogo(preset.id)}\n <h2 class=\"provider-title\">${esc(preset.label)}</h2>\n ${headerHelp}\n </div>\n ${fields}\n </section>`;\n}\n\nfunction renderManualProviderCard(\n initialEnvKey: string,\n secretLabel: string,\n placeholder: string,\n): string {\n const headerHelp = renderHelpIcon(\n esc(\n \"Set any environment variable key/value pair manually. Use this when no provider preset fits.\",\n ),\n );\n return `<section class=\"card provider-card\" data-provider-kind=\"manual\" data-provider-id=\"${esc(DEFAULT_SECRET_CONFIG_ID)}\">\n <div class=\"provider-header\">\n ${renderServiceLogo(\"manual\")}\n <h2 class=\"provider-title\">Manual entry</h2>\n ${headerHelp}\n </div>\n <div class=\"provider-field\">\n <label for=\"envKey\">Environment key</label>\n <input id=\"envKey\" type=\"text\" name=\"envKey\" placeholder=\"OPENAI_API_KEY\" value=\"${esc(initialEnvKey)}\" autocomplete=\"off\">\n </div>\n <div class=\"provider-field\">\n <label for=\"credential\">${esc(secretLabel)}</label>\n <input id=\"credential\" type=\"password\" name=\"credential\" placeholder=\"${esc(placeholder)}\" autocomplete=\"off\">\n </div>\n </section>`;\n}\n\nfunction renderCredentialPage(\n token: string,\n title: string,\n defaultMode: LoginCredentialKind,\n initialEnvKey: string,\n secretLabel: string,\n placeholder: string,\n helpText: string,\n oauthServices: OAuthService[],\n oauthServiceIdHint: string | undefined,\n existingSecrets: ExistingSecretsSummary,\n): string {\n const oauthOptions = oauthServices\n .map((service) => {\n const selected = service.id === oauthServiceIdHint ? ' selected=\"selected\"' : \"\";\n return `<option value=\"${esc(service.id)}\"${selected}>${esc(service.label)}</option>`;\n })\n .join(\"\\n\");\n const presetCards = SECRET_PRESETS.map(renderPresetProviderCard).join(\"\\n\");\n\n return renderHtmlDocument(\n \"Login\",\n `<section class=\"card stack\">\n <p class=\"eyebrow\">${PRODUCT_NAME}</p>\n <h1>${esc(title)}</h1>\n <p>Your personal sandbox is already provisioned automatically.</p>\n <p>${esc(helpText)}</p>\n ${renderSecretsSummary(existingSecrets)}\n <div class=\"mode\">\n <label><input type=\"radio\" name=\"mode\" value=\"api_key\" ${defaultMode === \"api_key\" ? \"checked\" : \"\"}> Secrets / API tokens</label>\n <label><input type=\"radio\" name=\"mode\" value=\"oauth\" ${defaultMode === \"oauth\" ? \"checked\" : \"\"}> OAuth login</label>\n </div>\n</section>\n\n<div id=\"api-panel\" class=\"panel\">\n ${presetCards}\n ${renderManualProviderCard(initialEnvKey, secretLabel, placeholder)}\n</div>\n\n<div id=\"oauth-panel\" class=\"panel card stack\">\n <label for=\"oauthService\">OAuth service</label>\n <select id=\"oauthService\" name=\"oauthService\">${oauthOptions}</select>\n <p class=\"panel-note\">You'll be redirected to the selected service's authorization page.</p>\n</div>\n\n<div>\n <button id=\"btn\" class=\"primary-button\" onclick=\"connect()\">Continue</button>\n <div id=\"result\" class=\"result\" aria-live=\"polite\"></div>\n</div>\n <script>\n const envKeyPattern = /^[A-Za-z_][A-Za-z0-9_]*$/;\n\n function selectedMode() {\n return document.querySelector('input[name=\"mode\"]:checked').value;\n }\n\n function showResult(message, ok) {\n const result = document.getElementById('result');\n result.style.display = 'block';\n result.className = ok ? 'result ok' : 'result err';\n result.textContent = message;\n }\n\n function resetContinueButton() {\n const btn = document.getElementById('btn');\n btn.disabled = false;\n btn.textContent = 'Continue';\n }\n\n function syncPanels() {\n const mode = selectedMode();\n document.getElementById('api-panel').classList.toggle('active', mode === 'api_key');\n document.getElementById('oauth-panel').classList.toggle('active', mode === 'oauth');\n }\n\n function collectManualCard(card) {\n const envKey = card.querySelector('#envKey').value.trim();\n const credential = card.querySelector('#credential').value.trim();\n if (!envKey && !credential) return { skip: true };\n if (!envKeyPattern.test(envKey)) return { error: 'Manual entry: please enter a valid environment key.' };\n if (!credential) return { error: 'Manual entry: please enter a secret value.' };\n return { env: { [envKey]: credential } };\n }\n\n function collectPresetCard(card) {\n const inputs = card.querySelectorAll('input[data-env-key]');\n const filled = Array.from(inputs).some((input) => input.value.trim() !== '');\n if (!filled) return { skip: true };\n\n const env = {};\n for (const input of inputs) {\n const value = input.value.trim();\n const label = input.dataset.fieldLabel || input.dataset.envKey || 'a value';\n const optional = input.dataset.optional === 'true';\n if (!value) {\n if (optional) continue;\n return { error: 'Please enter ' + label + '.' };\n }\n if (input.dataset.pattern && !(new RegExp(input.dataset.pattern).test(value))) {\n return { error: input.dataset.patternMessage || ('Invalid ' + label + '.') };\n }\n const envKeys = (input.dataset.envKeys || input.dataset.envKey || '')\n .split(',')\n .map((entry) => entry.trim())\n .filter(Boolean);\n for (const envKey of envKeys) {\n env[envKey] = value;\n }\n }\n return { env };\n }\n\n function collectApiEnv() {\n const env = {};\n let any = false;\n for (const card of document.querySelectorAll('.provider-card')) {\n const result = card.dataset.providerKind === 'manual'\n ? collectManualCard(card)\n : collectPresetCard(card);\n if (result.skip) continue;\n if (result.error) return { error: result.error };\n Object.assign(env, result.env);\n any = true;\n }\n if (!any) return { error: 'Fill in at least one provider before continuing.' };\n return { env };\n }\n\n async function startOAuthFlow() {\n const serviceId = document.getElementById('oauthService').value;\n const r = await fetch('/api/oauth/start', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ token: '${esc(token)}', serviceId }),\n });\n const data = await r.json();\n if (!r.ok) {\n showResult('Error: ' + (data.error ?? r.status), false);\n resetContinueButton();\n return;\n }\n window.location.href = data.redirectUrl;\n }\n\n async function saveApiSecrets() {\n const payload = collectApiEnv();\n if (payload.error) {\n showResult(payload.error, false);\n resetContinueButton();\n return;\n }\n\n const r = await fetch('/api/link/complete', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ token: '${esc(token)}', mode: 'api_key', env: payload.env }),\n });\n const data = await r.json();\n if (r.ok) {\n showResult(data.message ?? 'Credential stored. You can close this tab.', true);\n document.getElementById('btn').style.display = 'none';\n for (const input of document.querySelectorAll('input,select,button')) input.disabled = true;\n } else {\n showResult('Error: ' + (data.error ?? r.status), false);\n resetContinueButton();\n }\n }\n\n let openHelp = null;\n function closeOpenHelp() {\n if (openHelp) {\n openHelp.setAttribute('aria-expanded', 'false');\n openHelp = null;\n }\n }\n\n for (const trigger of document.querySelectorAll('.help-trigger')) {\n trigger.addEventListener('click', (event) => {\n event.stopPropagation();\n const wasOpen = trigger.getAttribute('aria-expanded') === 'true';\n closeOpenHelp();\n if (!wasOpen) {\n trigger.setAttribute('aria-expanded', 'true');\n openHelp = trigger;\n }\n });\n }\n\n document.addEventListener('click', closeOpenHelp);\n document.addEventListener('keydown', (event) => {\n if (event.key === 'Escape') closeOpenHelp();\n });\n\n for (const radio of document.querySelectorAll('input[name=\"mode\"]')) {\n radio.addEventListener('change', syncPanels);\n }\n\n syncPanels();\n\n async function connect() {\n const btn = document.getElementById('btn');\n const mode = selectedMode();\n btn.disabled = true;\n btn.textContent = mode === 'oauth' ? 'Redirecting…' : 'Saving…';\n\n try {\n if (mode === 'oauth') {\n await startOAuthFlow();\n return;\n }\n await saveApiSecrets();\n } catch (err) {\n showResult('Network error: ' + (err?.message ?? err), false);\n resetContinueButton();\n }\n }\n </script>`,\n );\n}\n\nfunction renderErrorPage(message: string): string {\n return renderStatusPage(\"Login Error\", message, \"err\");\n}\n\nfunction renderSuccessPage(message: string): string {\n return renderStatusPage(\"Connected\", message, \"ok\", { closeNote: true });\n}\n\nfunction isValidEnvKey(value: string): boolean {\n return /^[A-Za-z_][A-Za-z0-9_]*$/.test(value);\n}\n\nfunction extractEnvUpdates(data: Partial<LinkCompleteBody>): {\n updates?: Record<string, string>;\n error?: string;\n} {\n if (data.env && typeof data.env === \"object\" && !Array.isArray(data.env)) {\n const rawEntries = Object.entries(data.env);\n if (rawEntries.length === 0) return { error: \"Missing required field: env\" };\n\n const updates: Record<string, string> = {};\n for (const [rawKey, rawValue] of rawEntries) {\n const envKey = rawKey.trim();\n const credential = typeof rawValue === \"string\" ? rawValue.trim() : \"\";\n if (!isValidEnvKey(envKey)) return { error: `Invalid envKey format: ${rawKey}` };\n if (!credential) return { error: `Missing value for envKey: ${envKey}` };\n updates[envKey] = credential;\n }\n\n return { updates };\n }\n\n const envKey = data.envKey?.trim() ?? \"\";\n const credential = data.credential?.trim() ?? \"\";\n if (!isValidEnvKey(envKey)) return { error: \"Invalid envKey format\" };\n if (!credential) return { error: \"Missing required field: credential\" };\n return { updates: { [envKey]: credential } };\n}\n\nfunction renderStoredEnvMessage(envKeys: string[]): string {\n if (envKeys.length === 1) {\n return `${envKeys[0]} stored successfully in vault.`;\n }\n\n return `${envKeys.length} secrets stored successfully in vault: ${envKeys.join(\", \")}.`;\n}\n\n// ── API-key completion ────────────────────────────────────────────────────────\n\nasync function handleLinkComplete(\n body: string,\n linkTokenStore: InMemoryLinkTokenStore,\n vaultManager: VaultManager,\n notify: NotifyFn,\n res: ServerResponse,\n): Promise<void> {\n let data: Partial<LinkCompleteBody>;\n try {\n data = JSON.parse(body) as Partial<LinkCompleteBody>;\n } catch {\n res.writeHead(400, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ error: \"Invalid JSON\" }));\n return;\n }\n\n if (!data.token) {\n res.writeHead(400, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ error: \"Missing required field: token\" }));\n return;\n }\n\n const { updates, error } = extractEnvUpdates(data);\n if (!updates || error) {\n res.writeHead(400, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ error: error ?? \"Invalid env payload\" }));\n return;\n }\n\n const envKeys = Object.keys(updates).toSorted((left, right) => left.localeCompare(right));\n\n // Atomic consume prevents two concurrent requests from both passing the\n // validity check before either deletes the token.\n const linkToken = linkTokenStore.consume(data.token);\n if (!linkToken) {\n res.writeHead(400, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ error: \"Invalid or expired token\" }));\n return;\n }\n\n try {\n vaultManager.upsertEnv(linkToken.vaultId, updates);\n } catch (persistError) {\n log.logWarning(\n `Failed to persist [${envKeys.join(\", \")}] for ${linkToken.platform}/${linkToken.platformUserId}`,\n persistError instanceof Error ? persistError.message : String(persistError),\n );\n res.writeHead(500, { \"Content-Type\": \"application/json\" });\n res.end(\n JSON.stringify({\n error:\n \"Failed to store credential on server. Please fix the server issue and run /login again.\",\n }),\n );\n return;\n }\n\n log.logInfo(\n `Stored [${envKeys.join(\", \")}] for ${linkToken.platform}/${linkToken.platformUserId} in vault:${linkToken.vaultId}`,\n );\n\n const message = renderStoredEnvMessage(envKeys);\n res.writeHead(200, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ ok: true, message }));\n\n notify(\n linkToken.platform,\n linkToken.conversationId,\n `${message} Vault: \\`${linkToken.vaultId}\\`.`,\n ).catch((err: Error) => {\n log.logWarning(\"Failed to notify user after credential login\", err.message);\n });\n}\n\n// ── OAuth flow ────────────────────────────────────────────────────────────────\n\nasync function handleOAuthStart(\n body: string,\n req: IncomingMessage,\n linkTokenStore: InMemoryLinkTokenStore,\n oauthStates: Map<string, PendingOAuthState>,\n res: ServerResponse,\n): Promise<void> {\n let data: Partial<OAuthStartBody>;\n try {\n data = JSON.parse(body) as Partial<OAuthStartBody>;\n } catch {\n res.writeHead(400, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ error: \"Invalid JSON\" }));\n return;\n }\n\n if (!data.token || !data.serviceId) {\n res.writeHead(400, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ error: \"Missing required fields: token/serviceId\" }));\n return;\n }\n\n const linkToken = linkTokenStore.peek(data.token);\n if (!linkToken) {\n res.writeHead(400, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ error: \"Invalid or expired token\" }));\n return;\n }\n\n const service = resolveOAuthService(data.serviceId);\n if (!service) {\n res.writeHead(400, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ error: `Unsupported OAuth service: ${data.serviceId}` }));\n return;\n }\n\n const clientId = process.env[service.clientIdEnvKey];\n const clientSecret = process.env[service.clientSecretEnvKey];\n if (!clientId || !clientSecret) {\n res.writeHead(400, { \"Content-Type\": \"application/json\" });\n res.end(\n JSON.stringify({\n error:\n `OAuth service ${service.label} is not configured. ` +\n `Missing ${service.clientIdEnvKey}/${service.clientSecretEnvKey}.`,\n }),\n );\n return;\n }\n\n const state = randomBytes(16).toString(\"hex\");\n const codeVerifier = randomBytes(32).toString(\"base64url\");\n oauthStates.set(state, {\n linkToken: data.token,\n serviceId: service.id,\n codeVerifier,\n expiresAt: Date.now() + OAUTH_STATE_TTL_MS,\n });\n\n for (const [k, v] of oauthStates) {\n if (Date.now() > v.expiresAt) oauthStates.delete(k);\n }\n\n const redirectUri = `${requestBaseUrl(req)}/oauth/callback`;\n const authorizeUrl = new URL(service.authorizationUrl);\n authorizeUrl.searchParams.set(\"response_type\", \"code\");\n authorizeUrl.searchParams.set(\"client_id\", clientId);\n authorizeUrl.searchParams.set(\"redirect_uri\", redirectUri);\n authorizeUrl.searchParams.set(\"state\", state);\n if (service.scopes.length > 0) {\n authorizeUrl.searchParams.set(\"scope\", service.scopes.join(\" \"));\n }\n for (const [key, value] of Object.entries(service.authorizationParams ?? {})) {\n authorizeUrl.searchParams.set(key, value);\n }\n\n const codeChallenge = createHash(\"sha256\").update(codeVerifier).digest(\"base64url\");\n authorizeUrl.searchParams.set(\"code_challenge\", codeChallenge);\n authorizeUrl.searchParams.set(\"code_challenge_method\", \"S256\");\n\n res.writeHead(200, { \"Content-Type\": \"application/json\" });\n res.end(JSON.stringify({ ok: true, redirectUrl: authorizeUrl.toString() }));\n}\n\nasync function handleOAuthCallback(\n url: URL,\n req: IncomingMessage,\n linkTokenStore: InMemoryLinkTokenStore,\n vaultManager: VaultManager,\n notify: NotifyFn,\n oauthStates: Map<string, PendingOAuthState>,\n res: ServerResponse,\n): Promise<void> {\n const state = url.searchParams.get(\"state\") ?? \"\";\n const code = url.searchParams.get(\"code\") ?? \"\";\n const oauthError = url.searchParams.get(\"error\");\n\n // Atomic pop: whatever path we take from here, this state is spent.\n // Done before any `await` to close the TOCTOU window between the state\n // lookup and the final delete.\n const pending = oauthStates.get(state);\n if (pending) oauthStates.delete(state);\n\n if (oauthError) {\n res.writeHead(400, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(renderErrorPage(`OAuth authorization failed: ${oauthError}`));\n return;\n }\n\n if (!pending || Date.now() > pending.expiresAt) {\n res.writeHead(400, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(renderErrorPage(\"OAuth state is invalid or expired. Please run /login again.\"));\n return;\n }\n\n if (!code) {\n res.writeHead(400, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(renderErrorPage(\"Missing OAuth authorization code.\"));\n return;\n }\n\n const service = resolveOAuthService(pending.serviceId);\n if (!service) {\n res.writeHead(400, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(renderErrorPage(\"Unsupported OAuth service.\"));\n return;\n }\n\n const clientId = process.env[service.clientIdEnvKey];\n const clientSecret = process.env[service.clientSecretEnvKey];\n if (!clientId || !clientSecret) {\n res.writeHead(500, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(renderErrorPage(\"OAuth service is not configured on server.\"));\n return;\n }\n\n // Atomic consume: pairs with the callback being one-shot. Two concurrent\n // callbacks for the same state would previously both pass `peek` and both\n // run `exchangeOAuthCode` across the await; only one reaches `consume`.\n const linkToken = linkTokenStore.consume(pending.linkToken);\n if (!linkToken) {\n res.writeHead(400, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(renderErrorPage(\"Login link is invalid or expired. Please run /login again.\"));\n return;\n }\n\n const redirectUri = `${requestBaseUrl(req)}/oauth/callback`;\n const tokenResp = await exchangeOAuthCode(\n service,\n code,\n clientId,\n clientSecret,\n redirectUri,\n pending.codeVerifier,\n );\n\n const accessToken = tokenResp.access_token?.trim();\n const refreshToken = tokenResp.refresh_token?.trim();\n\n if (!accessToken) {\n res.writeHead(400, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(renderErrorPage(\"OAuth token exchange did not return an access_token.\"));\n return;\n }\n\n const updates: Record<string, string> = {};\n if (service.accessTokenEnvKey) {\n updates[service.accessTokenEnvKey] = accessToken;\n }\n for (const key of service.additionalAccessTokenEnvKeys ?? []) {\n updates[key] = accessToken;\n }\n if (refreshToken && service.refreshTokenEnvKey) {\n updates[service.refreshTokenEnvKey] = refreshToken;\n }\n\n const fileOutput = service.fileOutput;\n let mountedPath: string | undefined;\n if (fileOutput?.type === \"authorized_user\") {\n if (!refreshToken) {\n res.writeHead(400, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(\n renderErrorPage(\n \"OAuth token exchange did not return a refresh_token. \" +\n \"Retry after revoking prior consent or ensure prompt=consent is applied.\",\n ),\n );\n return;\n }\n\n mountedPath = fileOutput.targetPath ?? defaultVaultTargetPath(fileOutput.relativePath);\n if (fileOutput.envKey) {\n updates[fileOutput.envKey] = mountedPath;\n }\n }\n\n const storedTargets: string[] = [];\n try {\n if (Object.keys(updates).length > 0) {\n vaultManager.upsertEnv(linkToken.vaultId, updates);\n storedTargets.push(...Object.keys(updates).toSorted());\n }\n if (fileOutput?.type === \"authorized_user\" && refreshToken) {\n vaultManager.upsertFile(\n linkToken.vaultId,\n fileOutput.relativePath,\n renderAuthorizedUserCredential(clientId, clientSecret, refreshToken),\n fileOutput.targetPath,\n );\n if (mountedPath) storedTargets.push(mountedPath);\n }\n } catch (persistError) {\n log.logWarning(\n `Failed to persist OAuth credentials for ${linkToken.platform}/${linkToken.platformUserId}`,\n persistError instanceof Error ? persistError.message : String(persistError),\n );\n res.writeHead(500, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(\n renderErrorPage(\n \"OAuth tokens were received but could not be stored on the server. Fix the server issue and run /login again.\",\n ),\n );\n return;\n }\n\n log.logInfo(\n `Stored [${storedTargets.join(\", \")}] for ${linkToken.platform}/${linkToken.platformUserId} in vault:${linkToken.vaultId}`,\n );\n\n notify(\n linkToken.platform,\n linkToken.conversationId,\n `${service.label} OAuth stored (${storedTargets.join(\", \")}) in vault \\`${linkToken.vaultId}\\`.`,\n ).catch((err: Error) => {\n log.logWarning(\"Failed to notify user after OAuth login\", err.message);\n });\n\n res.writeHead(200, { \"Content-Type\": \"text/html; charset=utf-8\" });\n res.end(renderSuccessPage(`${service.label} OAuth connected successfully.`));\n}\n\nasync function exchangeOAuthCode(\n service: OAuthService,\n code: string,\n clientId: string,\n clientSecret: string,\n redirectUri: string,\n codeVerifier: string,\n): Promise<Record<string, string>> {\n const params = new URLSearchParams();\n params.set(\"grant_type\", \"authorization_code\");\n params.set(\"code\", code);\n params.set(\"client_id\", clientId);\n params.set(\"client_secret\", clientSecret);\n params.set(\"redirect_uri\", redirectUri);\n params.set(\"code_verifier\", codeVerifier);\n\n const response = await fetch(service.tokenUrl, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: params.toString(),\n });\n\n const text = await response.text();\n const contentType = response.headers.get(\"content-type\") ?? \"\";\n let parsed: Record<string, string> = {};\n\n if (contentType.includes(\"application/json\")) {\n parsed = JSON.parse(text) as Record<string, string>;\n } else {\n const form = new URLSearchParams(text);\n parsed = Object.fromEntries(form.entries());\n }\n\n if (!response.ok) {\n const message = parsed.error_description ?? parsed.error ?? `${response.status}`;\n throw new Error(`OAuth token exchange failed for ${service.id}: ${message}`);\n }\n\n return parsed;\n}\n\nfunction renderAuthorizedUserCredential(\n clientId: string,\n clientSecret: string,\n refreshToken: string,\n): string {\n return (\n JSON.stringify(\n {\n client_id: clientId,\n client_secret: clientSecret,\n refresh_token: refreshToken,\n type: \"authorized_user\",\n },\n null,\n 2,\n ) + \"\\n\"\n );\n}\n"]}