@ggakila/agentx-framework 0.1.0

package/dist/credential/CredentialManager.js

@@ -0,0 +1,343 @@
+"use strict";
+/**
+ * Credential Management System
+ * Provides secure credential storage, encryption, and OAuth2 support
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CredentialScopeResolver = exports.CredentialManager = exports.InMemoryCredentialStore = void 0;
+const crypto_1 = require("crypto");
+const error_1 = require("../types/error");
+class InMemoryCredentialStore {
+    store = new Map();
+    async save(key, data) {
+        this.store.set(key, data);
+    }
+    async load(key) {
+        return this.store.get(key) || null;
+    }
+    async delete(key) {
+        this.store.delete(key);
+    }
+    async list() {
+        return Array.from(this.store.keys());
+    }
+    clear() {
+        this.store.clear();
+    }
+}
+exports.InMemoryCredentialStore = InMemoryCredentialStore;
+class CredentialManager {
+    store;
+    logger;
+    encryptionKey;
+    algorithm = 'aes-256-gcm';
+    oauth2Manager;
+    constructor(config) {
+        this.store = config.store;
+        this.logger = config.logger;
+        this.oauth2Manager = config.oauth2Manager;
+        // Derive a 32-byte key from the provided encryption key
+        this.encryptionKey = (0, crypto_1.scryptSync)(config.encryptionKey, 'agentx-salt', 32);
+    }
+    /**
+     * Set the OAuth2 manager for token refresh support
+     */
+    setOAuth2Manager(manager) {
+        this.oauth2Manager = manager;
+    }
+    /**
+     * Get the OAuth2 manager
+     */
+    getOAuth2Manager() {
+        return this.oauth2Manager;
+    }
+    /**
+     * Store a credential with encryption
+     */
+    async setCredential(scope, credential) {
+        this.validateCredential(credential);
+        this.validateScope(scope);
+        const key = this.getScopeKey(scope);
+        const encrypted = this.encrypt(JSON.stringify(credential));
+        await this.store.save(key, encrypted);
+        this.logger.info(`Credential stored for scope: ${scope}`, { type: credential.type });
+    }
+    /**
+     * Retrieve and decrypt a credential
+     */
+    async getCredential(scope) {
+        this.validateScope(scope);
+        const key = this.getScopeKey(scope);
+        const encrypted = await this.store.load(key);
+        if (!encrypted) {
+            return null;
+        }
+        try {
+            const decrypted = this.decrypt(encrypted);
+            const credential = JSON.parse(decrypted);
+            // Check expiration
+            if (credential.expiresAt && new Date(credential.expiresAt) < new Date()) {
+                this.logger.warn(`Credential expired for scope: ${scope}`);
+                // For OAuth2, try to refresh
+                if (credential.type === 'oauth2') {
+                    return this.handleExpiredOAuth2(scope, credential);
+                }
+                return null;
+            }
+            return credential;
+        }
+        catch (error) {
+            this.logger.error(`Failed to decrypt credential for scope: ${scope}`, error);
+            throw new error_1.SecurityError('Failed to decrypt credential', error_1.ErrorCodes.INVALID_CREDENTIALS);
+        }
+    }
+    /**
+     * Delete a credential
+     */
+    async deleteCredential(scope) {
+        this.validateScope(scope);
+        const key = this.getScopeKey(scope);
+        await this.store.delete(key);
+        this.logger.info(`Credential deleted for scope: ${scope}`);
+    }
+    /**
+     * List all credential scopes
+     */
+    async listCredentials() {
+        const keys = await this.store.list();
+        return keys
+            .filter(k => k.startsWith('credential:'))
+            .map(k => k.replace('credential:', ''));
+    }
+    /**
+     * Inject credentials for a tool context
+     */
+    async injectCredentials(scope) {
+        const credential = await this.getCredential(scope);
+        if (!credential) {
+            return {};
+        }
+        // Return only the data needed for the tool, not the full credential
+        return this.extractCredentialData(credential);
+    }
+    /**
+     * Check if a credential exists and is valid
+     */
+    async hasValidCredential(scope) {
+        const credential = await this.getCredential(scope);
+        return credential !== null;
+    }
+    /**
+     * Refresh an OAuth2 token
+     */
+    async refreshOAuth2Token(scope, providerName) {
+        const credential = await this.getCredential(scope);
+        if (!credential || credential.type !== 'oauth2') {
+            return null;
+        }
+        const oauth2 = credential;
+        if (!oauth2.data.refreshToken) {
+            this.logger.warn(`No refresh token available for scope: ${scope}`);
+            return null;
+        }
+        // If we have an OAuth2Manager and provider name, use it for refresh
+        if (this.oauth2Manager && providerName) {
+            try {
+                const refreshed = await this.oauth2Manager.refreshToken(providerName, oauth2);
+                // Store the refreshed credential
+                await this.setCredential(scope, refreshed);
+                this.logger.info(`OAuth2 token refreshed for scope: ${scope}`);
+                return refreshed;
+            }
+            catch (error) {
+                this.logger.error(`OAuth2 token refresh failed for scope: ${scope}`, error);
+                throw error;
+            }
+        }
+        // Fallback: return existing credential if no OAuth2Manager
+        this.logger.debug(`OAuth2 token refresh requested for scope: ${scope} (no OAuth2Manager configured)`);
+        return oauth2;
+    }
+    /**
+     * Initiate OAuth2 authorization flow
+     */
+    initiateOAuth2Flow(providerName, scopes) {
+        if (!this.oauth2Manager) {
+            throw new error_1.ValidationError('OAuth2Manager not configured', error_1.ErrorCodes.MISSING_CONFIG);
+        }
+        return this.oauth2Manager.initiateFlow(providerName, scopes);
+    }
+    /**
+     * Complete OAuth2 authorization flow
+     */
+    async completeOAuth2Flow(code, state, scope) {
+        if (!this.oauth2Manager) {
+            throw new error_1.ValidationError('OAuth2Manager not configured', error_1.ErrorCodes.MISSING_CONFIG);
+        }
+        const credential = await this.oauth2Manager.completeFlow(code, state);
+        // Store the credential
+        await this.setCredential(scope, credential);
+        return credential;
+    }
+    /**
+     * Register an OAuth2 provider
+     */
+    registerOAuth2Provider(config) {
+        if (!this.oauth2Manager) {
+            throw new error_1.ValidationError('OAuth2Manager not configured', error_1.ErrorCodes.MISSING_CONFIG);
+        }
+        this.oauth2Manager.registerProvider(config);
+    }
+    // Private methods
+    encrypt(plaintext) {
+        const iv = (0, crypto_1.randomBytes)(16);
+        const cipher = (0, crypto_1.createCipheriv)(this.algorithm, this.encryptionKey, iv);
+        let encrypted = cipher.update(plaintext, 'utf8', 'hex');
+        encrypted += cipher.final('hex');
+        const authTag = cipher.getAuthTag();
+        // Combine IV + authTag + encrypted data
+        return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted;
+    }
+    decrypt(ciphertext) {
+        const parts = ciphertext.split(':');
+        if (parts.length !== 3) {
+            throw new error_1.SecurityError('Invalid encrypted data format', error_1.ErrorCodes.INVALID_CREDENTIALS);
+        }
+        const iv = Buffer.from(parts[0], 'hex');
+        const authTag = Buffer.from(parts[1], 'hex');
+        const encrypted = parts[2];
+        const decipher = (0, crypto_1.createDecipheriv)(this.algorithm, this.encryptionKey, iv);
+        decipher.setAuthTag(authTag);
+        let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+        decrypted += decipher.final('utf8');
+        return decrypted;
+    }
+    validateCredential(credential) {
+        if (!credential.type) {
+            throw new error_1.ValidationError('Credential type is required', error_1.ErrorCodes.MISSING_REQUIRED_FIELD);
+        }
+        const validTypes = ['api_key', 'oauth2', 'basic_auth', 'custom'];
+        if (!validTypes.includes(credential.type)) {
+            throw new error_1.ValidationError(`Invalid credential type: ${credential.type}`, error_1.ErrorCodes.INVALID_FORMAT);
+        }
+        if (!credential.data || typeof credential.data !== 'object') {
+            throw new error_1.ValidationError('Credential data is required', error_1.ErrorCodes.MISSING_REQUIRED_FIELD);
+        }
+        // Type-specific validation
+        switch (credential.type) {
+            case 'api_key':
+                if (!credential.data.key) {
+                    throw new error_1.ValidationError('API key credential requires key field', error_1.ErrorCodes.MISSING_REQUIRED_FIELD);
+                }
+                break;
+            case 'oauth2':
+                if (!credential.data.accessToken) {
+                    throw new error_1.ValidationError('OAuth2 credential requires accessToken', error_1.ErrorCodes.MISSING_REQUIRED_FIELD);
+                }
+                break;
+            case 'basic_auth':
+                if (!credential.data.username || !credential.data.password) {
+                    throw new error_1.ValidationError('Basic auth requires username and password', error_1.ErrorCodes.MISSING_REQUIRED_FIELD);
+                }
+                break;
+        }
+    }
+    validateScope(scope) {
+        if (!scope || typeof scope !== 'string') {
+            throw new error_1.ValidationError('Scope is required', error_1.ErrorCodes.MISSING_REQUIRED_FIELD);
+        }
+        // Scope format: provider:resource or provider:resource:action
+        if (!/^[a-zA-Z][a-zA-Z0-9_-]*(:[a-zA-Z][a-zA-Z0-9_-]*)*$/.test(scope)) {
+            throw new error_1.ValidationError('Invalid scope format. Use format: provider:resource[:action]', error_1.ErrorCodes.INVALID_FORMAT);
+        }
+    }
+    getScopeKey(scope) {
+        return `credential:${scope}`;
+    }
+    extractCredentialData(credential) {
+        switch (credential.type) {
+            case 'api_key':
+                return { apiKey: credential.data.key };
+            case 'oauth2':
+                return {
+                    accessToken: credential.data.accessToken,
+                    tokenType: credential.data.tokenType || 'Bearer',
+                };
+            case 'basic_auth':
+                return {
+                    username: credential.data.username,
+                    password: credential.data.password,
+                };
+            case 'custom':
+                return credential.data;
+            default:
+                return {};
+        }
+    }
+    async handleExpiredOAuth2(scope, credential) {
+        if (!credential.data.refreshToken) {
+            await this.deleteCredential(scope);
+            return null;
+        }
+        // Extract provider name from scope if possible (format: provider:resource)
+        const parts = scope.split(':');
+        const providerName = parts[0];
+        // Attempt refresh
+        try {
+            const refreshed = await this.refreshOAuth2Token(scope, providerName);
+            return refreshed;
+        }
+        catch (error) {
+            this.logger.error(`Failed to refresh expired OAuth2 token for scope: ${scope}`, error);
+            await this.deleteCredential(scope);
+            return null;
+        }
+    }
+}
+exports.CredentialManager = CredentialManager;
+/**
+ * Credential scoping utility
+ */
+class CredentialScopeResolver {
+    /**
+     * Check if a scope matches a pattern
+     */
+    static matches(scope, pattern) {
+        // Exact match
+        if (scope === pattern)
+            return true;
+        // Wildcard match
+        if (pattern.endsWith(':*')) {
+            const prefix = pattern.slice(0, -2);
+            return scope.startsWith(prefix + ':') || scope === prefix;
+        }
+        return false;
+    }
+    /**
+     * Get the most specific matching scope from a list
+     */
+    static findBestMatch(scope, availableScopes) {
+        // First try exact match
+        if (availableScopes.includes(scope)) {
+            return scope;
+        }
+        // Then try wildcard matches, preferring more specific ones
+        const matches = availableScopes
+            .filter(s => this.matches(scope, s))
+            .sort((a, b) => b.length - a.length);
+        return matches[0] || null;
+    }
+    /**
+     * Parse a scope into its components
+     */
+    static parse(scope) {
+        const parts = scope.split(':');
+        return {
+            provider: parts[0],
+            resource: parts[1],
+            action: parts[2],
+        };
+    }
+}
+exports.CredentialScopeResolver = CredentialScopeResolver;
+//# sourceMappingURL=CredentialManager.js.map

package/dist/credential/CredentialManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialManager.js","sourceRoot":"","sources":["../../src/credential/CredentialManager.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,mCAA2G;AAG3G,0CAA4E;AAiB5E,MAAa,uBAAuB;IAC1B,KAAK,GAAwB,IAAI,GAAG,EAAE,CAAC;IAE/C,KAAK,CAAC,IAAI,CAAC,GAAW,EAAE,IAAY;QAClC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,GAAW;QACpB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;CACF;AAtBD,0DAsBC;AAED,MAAa,iBAAiB;IACpB,KAAK,CAAkB;IACvB,MAAM,CAAS;IACf,aAAa,CAAS;IACtB,SAAS,GAAG,aAAa,CAAC;IAC1B,aAAa,CAAiB;IAEtC,YAAY,MAA+B;QACzC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC1C,wDAAwD;QACxD,IAAI,CAAC,aAAa,GAAG,IAAA,mBAAU,EAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,OAAsB;QACrC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,KAAa,EAAE,UAAsB;QACvD,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACpC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAE1B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC;QAE3D,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;IACvF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAE1B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE7C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAe,CAAC;YAEvD,mBAAmB;YACnB,IAAI,UAAU,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBACxE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,KAAK,EAAE,CAAC,CAAC;gBAC3D,6BAA6B;gBAC7B,IAAI,UAAU,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACjC,OAAO,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,UAA8B,CAAC,CAAC;gBACzE,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,KAAK,EAAE,EAAE,KAAc,CAAC,CAAC;YACtF,MAAM,IAAI,qBAAa,CAAC,8BAA8B,EAAE,kBAAU,CAAC,mBAAmB,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,KAAa;QAClC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,KAAK,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACrC,OAAO,IAAI;aACR,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;aACxC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,KAAa;QACnC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAEnD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,oEAAoE;QACpE,OAAO,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,KAAa;QACpC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QACnD,OAAO,UAAU,KAAK,IAAI,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,KAAa,EAAE,YAAqB;QAC3D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAEnD,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAG,UAA8B,CAAC;QAE9C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,KAAK,EAAE,CAAC,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,oEAAoE;QACpE,IAAI,IAAI,CAAC,aAAa,IAAI,YAAY,EAAE,CAAC;YACvC,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;gBAC9E,iCAAiC;gBACjC,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;gBAC3C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qCAAqC,KAAK,EAAE,CAAC,CAAC;gBAC/D,OAAO,SAAS,CAAC;YACnB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0CAA0C,KAAK,EAAE,EAAE,KAAc,CAAC,CAAC;gBACrF,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;QAED,2DAA2D;QAC3D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6CAA6C,KAAK,gCAAgC,CAAC,CAAC;QACtG,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,YAAoB,EAAE,MAAiB;QACxD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,uBAAe,CACvB,8BAA8B,EAC9B,kBAAU,CAAC,cAAc,CAC1B,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,IAAY,EAAE,KAAa,EAAE,KAAa;QACjE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,uBAAe,CACvB,8BAA8B,EAC9B,kBAAU,CAAC,cAAc,CAC1B,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAEtE,uBAAuB;QACvB,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QAE5C,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,MAA4B;QACjD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,uBAAe,CACvB,8BAA8B,EAC9B,kBAAU,CAAC,cAAc,CAC1B,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC;IAED,kBAAkB;IAEV,OAAO,CAAC,SAAiB;QAC/B,MAAM,EAAE,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAc,CAAC;QAEnF,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACxD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,wCAAwC;QACxC,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC;IAC9E,CAAC;IAEO,OAAO,CAAC,UAAkB;QAChC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,qBAAa,CAAC,+BAA+B,EAAE,kBAAU,CAAC,mBAAmB,CAAC,CAAC;QAC3F,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAC7C,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE3B,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAgB,CAAC;QACzF,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,kBAAkB,CAAC,UAAsB;QAC/C,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;YACrB,MAAM,IAAI,uBAAe,CAAC,6BAA6B,EAAE,kBAAU,CAAC,sBAAsB,CAAC,CAAC;QAC9F,CAAC;QAED,MAAM,UAAU,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QACjE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,uBAAe,CAAC,4BAA4B,UAAU,CAAC,IAAI,EAAE,EAAE,kBAAU,CAAC,cAAc,CAAC,CAAC;QACtG,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,OAAO,UAAU,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5D,MAAM,IAAI,uBAAe,CAAC,6BAA6B,EAAE,kBAAU,CAAC,sBAAsB,CAAC,CAAC;QAC9F,CAAC;QAED,2BAA2B;QAC3B,QAAQ,UAAU,CAAC,IAAI,EAAE,CAAC;YACxB,KAAK,SAAS;gBACZ,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;oBACzB,MAAM,IAAI,uBAAe,CAAC,uCAAuC,EAAE,kBAAU,CAAC,sBAAsB,CAAC,CAAC;gBACxG,CAAC;gBACD,MAAM;YACR,KAAK,QAAQ;gBACX,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjC,MAAM,IAAI,uBAAe,CAAC,wCAAwC,EAAE,kBAAU,CAAC,sBAAsB,CAAC,CAAC;gBACzG,CAAC;gBACD,MAAM;YACR,KAAK,YAAY;gBACf,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAC3D,MAAM,IAAI,uBAAe,CAAC,2CAA2C,EAAE,kBAAU,CAAC,sBAAsB,CAAC,CAAC;gBAC5G,CAAC;gBACD,MAAM;QACV,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,KAAa;QACjC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,IAAI,uBAAe,CAAC,mBAAmB,EAAE,kBAAU,CAAC,sBAAsB,CAAC,CAAC;QACpF,CAAC;QAED,8DAA8D;QAC9D,IAAI,CAAC,oDAAoD,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACtE,MAAM,IAAI,uBAAe,CACvB,8DAA8D,EAC9D,kBAAU,CAAC,cAAc,CAC1B,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,KAAa;QAC/B,OAAO,cAAc,KAAK,EAAE,CAAC;IAC/B,CAAC;IAEO,qBAAqB,CAAC,UAAsB;QAClD,QAAQ,UAAU,CAAC,IAAI,EAAE,CAAC;YACxB,KAAK,SAAS;gBACZ,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YACzC,KAAK,QAAQ;gBACX,OAAO;oBACL,WAAW,EAAE,UAAU,CAAC,IAAI,CAAC,WAAW;oBACxC,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,SAAS,IAAI,QAAQ;iBACjD,CAAC;YACJ,KAAK,YAAY;gBACf,OAAO;oBACL,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ;oBAClC,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ;iBACnC,CAAC;YACJ,KAAK,QAAQ;gBACX,OAAO,UAAU,CAAC,IAAI,CAAC;YACzB;gBACE,OAAO,EAAE,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAC/B,KAAa,EACb,UAA4B;QAE5B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACnC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2EAA2E;QAC3E,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE9B,kBAAkB;QAClB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;YACrE,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qDAAqD,KAAK,EAAE,EAAE,KAAc,CAAC,CAAC;YAChG,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACnC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF;AA1UD,8CA0UC;AAED;;GAEG;AACH,MAAa,uBAAuB;IAClC;;OAEG;IACH,MAAM,CAAC,OAAO,CAAC,KAAa,EAAE,OAAe;QAC3C,cAAc;QACd,IAAI,KAAK,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC;QAEnC,iBAAiB;QACjB,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACpC,OAAO,KAAK,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,KAAK,KAAK,MAAM,CAAC;QAC5D,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,KAAa,EAAE,eAAyB;QAC3D,wBAAwB;QACxB,IAAI,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2DAA2D;QAC3D,MAAM,OAAO,GAAG,eAAe;aAC5B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;aACnC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;QAEvC,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,KAAa;QACxB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,OAAO;YACL,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;YAClB,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;YAClB,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;SACjB,CAAC;IACJ,CAAC;CACF;AA7CD,0DA6CC"}

package/dist/credential/OAuth2Manager.d.ts

@@ -0,0 +1,206 @@
+/**
+ * OAuth2 Flow and Token Management
+ * Provides OAuth2 authorization flow handling and automatic token refresh
+ */
+import { OAuth2Credential } from '../types/credential';
+import { Logger } from '../types/tool';
+/**
+ * OAuth2 Provider Configuration
+ */
+export interface OAuth2ProviderConfig {
+    name: string;
+    authorizationUrl: string;
+    tokenUrl: string;
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+    scopes?: string[];
+    additionalParams?: Record<string, string>;
+    refreshThresholdSeconds?: number;
+    usesPKCE?: boolean;
+}
+/**
+ * OAuth2 Token Response from provider
+ */
+export interface OAuth2TokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in?: number;
+    refresh_token?: string;
+    scope?: string;
+}
+/**
+ * OAuth2 State for tracking authorization flows
+ */
+export interface OAuth2State {
+    provider: string;
+    scopes: string[];
+    redirectUri: string;
+    codeVerifier?: string;
+    createdAt: Date;
+    expiresAt: Date;
+}
+/**
+ * HTTP Client interface for OAuth2 requests
+ */
+export interface OAuth2HttpClient {
+    post(url: string, data: Record<string, string>, headers?: Record<string, string>): Promise<OAuth2TokenResponse>;
+}
+/**
+ * Default HTTP client using fetch
+ */
+export declare class DefaultOAuth2HttpClient implements OAuth2HttpClient {
+    post(url: string, data: Record<string, string>, headers?: Record<string, string>): Promise<OAuth2TokenResponse>;
+}
+/**
+ * OAuth2 Manager Configuration
+ */
+export interface OAuth2ManagerConfig {
+    logger: Logger;
+    httpClient?: OAuth2HttpClient;
+    stateExpirationMinutes?: number;
+}
+/**
+ * OAuth2 Manager
+ * Handles OAuth2 authorization flows and token management
+ */
+export declare class OAuth2Manager {
+    private providers;
+    private pendingStates;
+    private logger;
+    private httpClient;
+    private stateExpirationMinutes;
+    constructor(config: OAuth2ManagerConfig);
+    /**
+     * Register an OAuth2 provider
+     */
+    registerProvider(config: OAuth2ProviderConfig): void;
+    /**
+     * Unregister an OAuth2 provider
+     */
+    unregisterProvider(name: string): void;
+    /**
+     * Get a registered provider
+     */
+    getProvider(name: string): OAuth2ProviderConfig | undefined;
+    /**
+     * List all registered providers
+     */
+    listProviders(): string[];
+    /**
+     * Initiate OAuth2 authorization flow
+     * Returns the authorization URL to redirect the user to
+     */
+    initiateFlow(providerName: string, scopes?: string[]): string;
+    /**
+     * Complete OAuth2 authorization flow
+     * Exchange authorization code for tokens
+     */
+    completeFlow(code: string, state: string): Promise<OAuth2Credential>;
+    /**
+     * Refresh an OAuth2 token
+     */
+    refreshToken(providerName: string, credential: OAuth2Credential): Promise<OAuth2Credential>;
+    /**
+     * Check if a token needs refresh
+     */
+    needsRefresh(credential: OAuth2Credential, thresholdSeconds?: number): boolean;
+    /**
+     * Check if a token is expired
+     */
+    isExpired(credential: OAuth2Credential): boolean;
+    /**
+     * Get pending state data (for testing/debugging)
+     */
+    getPendingState(state: string): OAuth2State | undefined;
+    /**
+     * Clean up expired states
+     */
+    cleanupExpiredStates(): number;
+    private validateProviderConfig;
+    private generateState;
+    private generateCodeVerifier;
+    private generateCodeChallenge;
+    private buildCredential;
+}
+/**
+ * Common OAuth2 Provider Presets
+ * Pre-configured settings for popular OAuth2 providers
+ */
+export declare const OAuth2Providers: {
+    /**
+     * Google OAuth2 configuration
+     */
+    google: (config: {
+        clientId: string;
+        clientSecret: string;
+        redirectUri: string;
+        scopes?: string[];
+    }) => OAuth2ProviderConfig;
+    /**
+     * GitHub OAuth2 configuration
+     */
+    github: (config: {
+        clientId: string;
+        clientSecret: string;
+        redirectUri: string;
+        scopes?: string[];
+    }) => OAuth2ProviderConfig;
+    /**
+     * Microsoft/Azure AD OAuth2 configuration
+     */
+    microsoft: (config: {
+        clientId: string;
+        clientSecret: string;
+        redirectUri: string;
+        tenantId?: string;
+        scopes?: string[];
+    }) => OAuth2ProviderConfig;
+    /**
+     * Slack OAuth2 configuration
+     */
+    slack: (config: {
+        clientId: string;
+        clientSecret: string;
+        redirectUri: string;
+        scopes?: string[];
+    }) => OAuth2ProviderConfig;
+    /**
+     * Salesforce OAuth2 configuration
+     */
+    salesforce: (config: {
+        clientId: string;
+        clientSecret: string;
+        redirectUri: string;
+        instanceUrl?: string;
+        scopes?: string[];
+    }) => OAuth2ProviderConfig;
+    /**
+     * Custom OAuth2 provider configuration
+     */
+    custom: (config: OAuth2ProviderConfig) => OAuth2ProviderConfig;
+};
+/**
+ * Auto-refresh wrapper for OAuth2 credentials
+ * Automatically refreshes tokens before they expire
+ */
+export declare class OAuth2AutoRefresher {
+    private oauth2Manager;
+    private refreshCallbacks;
+    private refreshTimers;
+    private logger;
+    constructor(oauth2Manager: OAuth2Manager, logger: Logger);
+    /**
+     * Start auto-refresh for a credential
+     */
+    startAutoRefresh(key: string, providerName: string, credential: OAuth2Credential, onRefresh: (credential: OAuth2Credential) => Promise<void>, thresholdSeconds?: number): void;
+    /**
+     * Stop auto-refresh for a credential
+     */
+    stopAutoRefresh(key: string): void;
+    /**
+     * Stop all auto-refresh timers
+     */
+    stopAll(): void;
+}
+//# sourceMappingURL=OAuth2Manager.d.ts.map

package/dist/credential/OAuth2Manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"OAuth2Manager.d.ts","sourceRoot":"","sources":["../../src/credential/OAuth2Manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,gBAAgB,EAAc,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAIvC;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE1C,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACjH;AAED;;GAEG;AACH,qBAAa,uBAAwB,YAAW,gBAAgB;IACxD,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,mBAAmB,CAAC;CAsBtH;AAGD;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC;AAED;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,SAAS,CAAgD;IACjE,OAAO,CAAC,aAAa,CAAuC;IAC5D,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,sBAAsB,CAAS;gBAE3B,MAAM,EAAE,mBAAmB;IAMvC;;OAEG;IACH,gBAAgB,CAAC,MAAM,EAAE,oBAAoB,GAAG,IAAI;IAMpD;;OAEG;IACH,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKtC;;OAEG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,oBAAoB,GAAG,SAAS;IAI3D;;OAEG;IACH,aAAa,IAAI,MAAM,EAAE;IAIzB;;;OAGG;IACH,YAAY,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM;IAuD7D;;;OAGG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IA6D1E;;OAEG;IACG,YAAY,CAChB,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,gBAAgB,GAC3B,OAAO,CAAC,gBAAgB,CAAC;IAyC5B;;OAEG;IACH,YAAY,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,EAAE,MAAM,GAAG,OAAO;IAY9E;;OAEG;IACH,SAAS,CAAC,UAAU,EAAE,gBAAgB,GAAG,OAAO;IAQhD;;OAEG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAIvD;;OAEG;IACH,oBAAoB,IAAI,MAAM;IAoB9B,OAAO,CAAC,sBAAsB;IAsC9B,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,oBAAoB;IAI5B,OAAO,CAAC,qBAAqB;IAM7B,OAAO,CAAC,eAAe;CAqBxB;AAGD;;;GAGG;AACH,eAAO,MAAM,eAAe;IAC1B;;OAEG;qBACc;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB,KAAG,oBAAoB;IAcxB;;OAEG;qBACc;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB,KAAG,oBAAoB;IAUxB;;OAEG;wBACiB;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB,KAAG,oBAAoB;IAaxB;;OAEG;oBACa;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB,KAAG,oBAAoB;IAUxB;;OAEG;yBACkB;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB,KAAG,oBAAoB;IAaxB;;OAEG;qBACc,oBAAoB,KAAG,oBAAoB;CAC7D,CAAC;AAEF;;;GAGG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,gBAAgB,CAA2E;IACnG,OAAO,CAAC,aAAa,CAA0C;IAC/D,OAAO,CAAC,MAAM,CAAS;gBAEX,aAAa,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM;IAKxD;;OAEG;IACH,gBAAgB,CACd,GAAG,EAAE,MAAM,EACX,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,gBAAgB,EAC5B,SAAS,EAAE,CAAC,UAAU,EAAE,gBAAgB,KAAK,OAAO,CAAC,IAAI,CAAC,EAC1D,gBAAgB,GAAE,MAAY,GAC7B,IAAI;IAyCP;;OAEG;IACH,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IASlC;;OAEG;IACH,OAAO,IAAI,IAAI;CAOhB"}