@glasstrace/sdk 1.9.0 → 1.9.1

package/dist/middleware/index.d.cts

@@ -124,6 +124,14 @@ interface TracedRequestMiddlewareOptions {
  * Wrap a Next.js / generic-fetch request-middleware function in an
  * OTel span tagged with `glasstrace.causal.middleware_for_request`.
  *
+ * **Privacy:** the value of
+ * `glasstrace.causal.middleware_for_request` is the raw URL
+ * pathname. Pathnames can carry user-controlled data (IDs, emails,
+ * opaque keys). The SDK does NOT redact this attribute. Callers MUST
+ * NOT place secrets, tokens, or other sensitive data in URL paths;
+ * the same general HTTP best practice that keeps secrets out of
+ * server logs keeps them out of Glasstrace trace evidence.
+ *
  * Each call to the returned function:
  *
  *   1. Detects the SDK's registration state. When the OTel API is

package/dist/middleware/index.d.ts

@@ -124,6 +124,14 @@ interface TracedRequestMiddlewareOptions {
  * Wrap a Next.js / generic-fetch request-middleware function in an
  * OTel span tagged with `glasstrace.causal.middleware_for_request`.
  *
+ * **Privacy:** the value of
+ * `glasstrace.causal.middleware_for_request` is the raw URL
+ * pathname. Pathnames can carry user-controlled data (IDs, emails,
+ * opaque keys). The SDK does NOT redact this attribute. Callers MUST
+ * NOT place secrets, tokens, or other sensitive data in URL paths;
+ * the same general HTTP best practice that keeps secrets out of
+ * server logs keeps them out of Glasstrace trace evidence.
+ *
  * Each call to the returned function:
  *
  *   1. Detects the SDK's registration state. When the OTel API is

package/dist/middleware/index.js

@@ -1,7 +1,7 @@
 import {
   _resetForTesting,
   tracedRequestMiddleware
-} from "../chunk-QHV7NFON.js";
+} from "../chunk-QOHKZOKB.js";
 import "../chunk-CL3OVHPO.js";
 import "../chunk-DQ25VOKK.js";
 import "../chunk-JHUNLPSS.js";

package/dist/node-entry.cjs

@@ -23559,11 +23559,11 @@ function registerGlasstrace(options) {
     setCoreState(CoreState.REGISTERING);
     maybeWarnStaleAgentInstructions({
       projectRoot: process.cwd(),
-      sdkVersion: "1.9.0"
+      sdkVersion: "1.9.1"
     });
     startRuntimeStateWriter({
       projectRoot: process.cwd(),
-      sdkVersion: "1.9.0"
+      sdkVersion: "1.9.1"
     });
     const config2 = resolveConfig(options);
     if (config2.verbose) {
@@ -23730,8 +23730,8 @@ async function backgroundInit(config2, anonKeyForInit, generation) {
   if (config2.verbose) {
     console.info("[glasstrace] Background init firing.");
   }
-  const healthReport = collectHealthReport("1.9.0");
-  const initResult = await performInit(config2, anonKeyForInit, "1.9.0", healthReport);
+  const healthReport = collectHealthReport("1.9.1");
+  const initResult = await performInit(config2, anonKeyForInit, "1.9.1", healthReport);
   if (generation !== registrationGeneration) return;
   const currentState = getCoreState();
   if (currentState === CoreState.SHUTTING_DOWN || currentState === CoreState.SHUTDOWN) {
@@ -23754,7 +23754,7 @@ async function backgroundInit(config2, anonKeyForInit, generation) {
   }
   maybeInstallConsoleCapture();
   if (didLastInitSucceed()) {
-    startHeartbeat(config2, anonKeyForInit, "1.9.0", generation, (newApiKey, accountId) => {
+    startHeartbeat(config2, anonKeyForInit, "1.9.1", generation, (newApiKey, accountId) => {
       setAuthState(AuthState.CLAIMING);
       emitLifecycleEvent("auth:claim_started", { accountId });
       setResolvedApiKey(newApiKey);

package/dist/node-entry.js

@@ -12,7 +12,7 @@ import {
   registerGlasstrace,
   waitForReady,
   withGlasstraceConfig
-} from "./chunk-XEPC4NFL.js";
+} from "./chunk-2F2MGFLO.js";
 import {
   GlasstraceSpanProcessor,
   SdkError,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@glasstrace/sdk",
-  "version": "1.9.0",
+  "version": "1.9.1",
   "description": "Glasstrace server-side debugging SDK for AI coding agents",
   "type": "module",
   "sideEffects": false,

package/dist/chunk-QHV7NFON.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/middleware/index.ts"],"sourcesContent":["/**\n * Request-middleware-ownership instrumentation for Glasstrace.\n *\n * Subpath: `@glasstrace/sdk/middleware`\n *\n * This module exposes {@link tracedRequestMiddleware}, a wrapper that\n * turns a Next.js `middleware.ts` function (or any generic\n * `Request → Response`-shaped handler) into a span-emitting middleware\n * function. Each invocation opens a child span and tags it with the\n * `glasstrace.causal.middleware_for_request` causal-evidence attribute\n * carrying the originating request's normalized path so the\n * product-side trace-summary transform can link the middleware span\n * to the owning HTTP request trace (DISC-1537 / SDK-046).\n *\n * Edge-runtime safety\n * -------------------\n * The wrapper is included in the SDK's edge bundle\n * (`packages/sdk/src/edge-entry.ts`). Its closure imports only the\n * OTel API, the protocol constants, and the\n * `./optional-lifecycle.js` bridge — none of which reach into\n * `node:*` built-ins or the `process` global. The F003 closure scan\n * (`packages/sdk/scripts/check-edge-bundle.mjs`) enforces this on\n * every build.\n *\n * Causal-evidence form\n * --------------------\n * The wrapper attaches the originating request path as a span\n * attribute (`glasstrace.causal.middleware_for_request`). It does NOT\n * emit an OTel `Link`. Reasons:\n *\n *   1. The Next.js Edge runtime does not propagate AsyncLocalStorage\n *      into `middleware.ts`, so there is no in-process\n *      `SpanContext` to link to in that environment. Attribute-only\n *      causality works in both Node and Edge runtimes; a Link would\n *      degrade to a no-op (no parent context) on Edge.\n *   2. The product-side trace-summary transform reconstructs\n *      ownership from `glasstrace.causal.*` attributes per\n *      DISC-1539 §51-58; it does not require a Link.\n *\n * Invariants\n * ----------\n *\n *   - The wrapped function preserves the user's call-site type so\n *     Next.js's `middleware` export contract (`(req: NextRequest) =>\n *     NextResponse | Response`) flows through unchanged.\n *   - The middleware span MUST NOT overwrite `glasstrace.route`,\n *     `glasstrace.http.status_code`, or `glasstrace.http.duration_ms`\n *     on the parent HTTP span — root-request semantics are owned by\n *     the enriching exporter (`packages/sdk/src/enriching-exporter.ts`).\n *   - On a thrown handler error: span ends with `ERROR` status +\n *     `recordException`; rethrows. The exception is normalized to\n *     `Error | string` first so non-Error throwables (number, plain\n *     object) do not crash `recordException`.\n *   - Always ends the span (`finally`), even on `throw`.\n *\n * @module @glasstrace/sdk/middleware\n */\n\nimport {\n  trace,\n  SpanStatusCode,\n  type AttributeValue,\n} from \"@opentelemetry/api\";\nimport { GLASSTRACE_ATTRIBUTE_NAMES } from \"@glasstrace/protocol\";\nimport { tryEmitLifecycleEvent } from \"../optional-lifecycle.js\";\n\nconst ATTR = GLASSTRACE_ATTRIBUTE_NAMES;\n\n/**\n * Module-level OTel tracer name for the middleware subpath. Resolves\n * through the global `ProxyTracerProvider` so the wrapper picks up\n * whatever provider the SDK has detected or registered (the SDK's\n * own enriching exporter, Sentry's processor in coexistence mode,\n * etc.). Re-resolved on every call site rather than cached at module\n * top level so test harnesses can install a provider after this\n * module is imported. This mirrors the tRPC subpath at\n * `packages/sdk/src/trpc/index.ts:128`.\n */\nconst TRACER_NAME = \"@glasstrace/sdk/middleware\";\n\n/**\n * Module-level once-flag for the\n * `middleware:skipped_uninstalled` lifecycle event. The flag is\n * exported via {@link _resetForTesting} so unit tests can re-arm it\n * between scenarios.\n */\nlet _skippedUninstalledEmitted = false;\n\n/**\n * INTERNAL — clears the once-flag for the\n * `middleware:skipped_uninstalled` lifecycle event. Invoked by\n * Vitest fixtures only; not part of the public surface.\n */\nexport function _resetForTesting(): void {\n  _skippedUninstalledEmitted = false;\n}\n\n/**\n * Permissive structural bound for a request-middleware function. The\n * shape is the intersection of Next.js's `middleware.ts` export\n * (`(req: NextRequest, event?: NextFetchEvent) => NextResponse |\n * Response | Promise<NextResponse | Response> | undefined`) and the\n * generic Web Fetch API (`(req: Request, ...rest: any[]) => Response\n * | Promise<Response>`). The parameter list is typed with `any[]` for\n * the rest position so any caller-narrowed signature is assignable\n * without the wrapper having to import `next/server` types.\n *\n * Exported so consumers can reference it for type-inference assertions\n * (e.g., proving a strongly-typed handler fits the bound). The\n * runtime contract is fixed by the Web Fetch API: the first argument\n * is a `Request`-shaped object and the return is a `Response`-shaped\n * value (or a Promise of one).\n */\n// The `any[]` in the rest position is load-bearing: a tighter bound\n// (e.g. `unknown[]`) would reject `(req, event?) => ...` because\n// `unknown` cannot be passed in the contravariant parameter position\n// without an explicit cast at every call site. Capturing\n// `H extends RequestMiddlewareFunction` preserves caller types\n// through the wrapper's `: H` return.\n//\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport type RequestMiddlewareFunction = (req: any, ...rest: any[]) => unknown;\n\n/**\n * Options for {@link tracedRequestMiddleware}.\n *\n * @example\n * ```ts\n * import { tracedRequestMiddleware } from \"@glasstrace/sdk/middleware\";\n * import type { NextRequest } from \"next/server\";\n *\n * export const middleware = tracedRequestMiddleware(\n *   { name: \"auth-middleware\", attributes: { \"auth.required\": true } },\n *   async (req: NextRequest) => {\n *     // … your auth logic here …\n *     return NextResponse.next();\n *   },\n * );\n * ```\n */\nexport interface TracedRequestMiddlewareOptions {\n  /**\n   * Span name. Required, non-empty string. Used as the OTel span name\n   * and appears in trace timelines. Names should be stable across\n   * runs so the product-side transform can reason about middleware\n   * identity (e.g., \"auth-middleware\", \"rate-limiter\"); avoid\n   * embedding request data in the name.\n   */\n  name: string;\n  /**\n   * Optional attributes attached to the span before the wrapped\n   * handler runs. Forwarded to OTel as-is via `span.setAttributes()`.\n   * The SDK does not redact, sanitize, or scan values here — callers\n   * MUST avoid placing tokens, credentials, or other sensitive data\n   * in `attributes`.\n   *\n   * Sensitive request/response data is captured through gated SDK\n   * paths (e.g., `glasstrace.error.response_body`), not through this\n   * surface.\n   */\n  attributes?: Record<string, AttributeValue>;\n}\n\n/**\n * Extract the originating request path from a Fetch-API `Request` or\n * `NextRequest`-shaped object. Preference order:\n *\n *   1. `req.nextUrl.pathname` — present on `NextRequest`. This is\n *      Next.js's parsed URL and is the most reliable source on the\n *      Next.js Edge runtime, where `req.url` may be a relative form\n *      depending on framework-internal rewrites.\n *   2. `new URL(req.url).pathname` — present on the generic Fetch\n *      `Request`. The URL constructor accepts an absolute URL; if\n *      `req.url` is relative we synthesize a base of\n *      `http://localhost` to make parsing succeed (the host is\n *      discarded — only the path is used).\n *   3. `undefined` — when neither field exists or both fail to\n *      parse, the wrapper omits the causal attribute rather than\n *      emitting a guessed value, per the SDK-046 product brief's\n *      \"missing or unknown evidence is preferable to guessed\n *      evidence\" rule (DISC-1537 / DISC-1539 product handoff).\n *\n * This function never throws.\n */\nfunction extractRequestPath(req: unknown): string | undefined {\n  if (req === null || typeof req !== \"object\") return undefined;\n  try {\n    // NextRequest.nextUrl — already a URL-like object with .pathname.\n    const nextUrl = (req as { nextUrl?: unknown }).nextUrl;\n    if (nextUrl !== null && typeof nextUrl === \"object\") {\n      const pathname = (nextUrl as { pathname?: unknown }).pathname;\n      if (typeof pathname === \"string\" && pathname.length > 0) {\n        return pathname;\n      }\n    }\n    // Fall back to req.url. On Edge / Web Fetch this is always\n    // absolute; on some Node frameworks it can be relative\n    // (`/api/foo?x=1`), so synthesize a base if the URL constructor\n    // throws on the absolute parse.\n    const url = (req as { url?: unknown }).url;\n    if (typeof url === \"string\" && url.length > 0) {\n      try {\n        return new URL(url).pathname;\n      } catch {\n        try {\n          return new URL(url, \"http://localhost\").pathname;\n        } catch {\n          return undefined;\n        }\n      }\n    }\n  } catch {\n    // Defensive: any unexpected shape failure returns undefined.\n  }\n  return undefined;\n}\n\n/**\n * Sentinel trace ID returned by the OTel API's noop tracer\n * (`@opentelemetry/api`'s `NonRecordingSpan`). Per the OTel\n * specification's noop semantics, the noop SpanContext exposes\n * `traceId === \"00000000000000000000000000000000\"`. Used by\n * {@link isNoopSpan} below to discriminate \"no provider registered\"\n * from \"real provider whose sampler dropped this span\" — the latter\n * also returns `isRecording() === false` but produces a valid\n * 32-char hex trace ID because the SDK assigns one before sampler\n * invocation for propagation purposes.\n */\nconst INVALID_TRACE_ID = \"00000000000000000000000000000000\";\n\n/**\n * Type guard for OTel spans created by the noop tracer. The OTel\n * API's noop SpanContext returns the all-zeros sentinel for\n * `traceId`; real SDK-emitted spans always have a valid 32-char hex\n * trace ID (even when a sampler decided to DROP the span). Using\n * the SpanContext discriminator keeps the SDK-not-registered fast\n * path from misfiring under normal head sampling configurations\n * (Copilot review 2026-05-08).\n *\n * Returning `true` here means the caller should NOT proceed with\n * span enrichment; the noop tracer would discard everything anyway.\n */\nfunction isNoopSpan(\n  span: ReturnType<ReturnType<typeof trace.getTracer>[\"startSpan\"]>,\n): boolean {\n  try {\n    return span.spanContext().traceId === INVALID_TRACE_ID;\n  } catch {\n    // Defensive: treat \"could not determine\" as not-noop so we\n    // continue down the enrichment path. The noop tracer itself\n    // never throws from `spanContext()`.\n    return false;\n  }\n}\n\n/**\n * Wrap a Next.js / generic-fetch request-middleware function in an\n * OTel span tagged with `glasstrace.causal.middleware_for_request`.\n *\n * Each call to the returned function:\n *\n *   1. Detects the SDK's registration state. When the OTel API is\n *      still on the noop tracer (SDK not registered, or\n *      `OtelState.UNCONFIGURED`), runs the wrapped handler directly\n *      and emits a `middleware:skipped_uninstalled` lifecycle event\n *      (at most once per process). No span is opened.\n *   2. Otherwise opens a span named `options.name` under the active\n *      OTel context (typically the HTTP server span on Node;\n *      detached on Edge where AsyncLocalStorage is not available).\n *      Sets `options.attributes` first, then attaches the originating\n *      request's path (via {@link extractRequestPath}) as\n *      `glasstrace.causal.middleware_for_request`. The path is\n *      omitted when extraction returns `undefined` so absent evidence\n *      is preferred over guessed evidence.\n *   3. Awaits the wrapped handler.\n *   4. On a thrown error: normalizes the throwable to `Error | string`\n *      so `recordException` does not throw on non-Error values; sets\n *      `span.status` to `ERROR` with the error's message; rethrows the\n *      original (un-normalized) error verbatim.\n *   5. On a successful return: leaves the span status `UNSET` per OTel\n *      instrumentation-library guidance (explicit `OK` would shadow\n *      downstream consumers' error transitions).\n *   6. Always ends the span, even on `throw` or `return`.\n *\n * Type-inference: the returned function preserves the input function's\n * type `H`, so caller-narrowed signatures (e.g., `(req: NextRequest)\n * => NextResponse`) flow through unchanged.\n *\n * @param options - Span name and optional pre-start attributes.\n * @param handler - The user's middleware handler. Must accept a\n *   request-shaped object as its first argument and return (or\n *   resolve to) a response-shaped value.\n * @returns The wrapped handler with the same call signature and\n *   return type as `handler`.\n *\n * @example Next.js middleware.ts\n * ```ts\n * import { tracedRequestMiddleware } from \"@glasstrace/sdk/middleware\";\n * import { NextResponse, type NextRequest } from \"next/server\";\n *\n * export const middleware = tracedRequestMiddleware(\n *   { name: \"auth-middleware\" },\n *   async (req: NextRequest) => {\n *     if (!req.cookies.get(\"session\")) {\n *       return NextResponse.redirect(new URL(\"/login\", req.url));\n *     }\n *     return NextResponse.next();\n *   },\n * );\n *\n * export const config = { matcher: [\"/dashboard/:path*\"] };\n * ```\n */\nexport function tracedRequestMiddleware<H extends RequestMiddlewareFunction>(\n  options: TracedRequestMiddlewareOptions,\n  handler: H,\n): H {\n  // Eager validation: a mis-typed call site fails at wrapper-\n  // construction time (typically at module load) rather than at\n  // first request, when the failure is harder to diagnose.\n  if (typeof options.name !== \"string\" || options.name.length === 0) {\n    throw new TypeError(\n      \"tracedRequestMiddleware: options.name must be a non-empty string\",\n    );\n  }\n\n  // Capture options + handler lexically. Do not read from `this` —\n  // Next.js's middleware loader invokes this as a plain function, not\n  // a method, so `this` is undefined.\n  const wrapped = ((req: Parameters<H>[0], ...rest: unknown[]): unknown => {\n    const tracer = trace.getTracer(TRACER_NAME);\n    return tracer.startActiveSpan(options.name, (span) => {\n      // SDK-not-registered fast path. Detecting via the public\n      // `isRecording()` method on the started span is the canonical\n      // OTel-API-only probe — the noop tracer's `NonRecordingSpan`\n      // returns `false`, real SDK-emitted spans return `true`. This\n      // avoids the more expensive workaround of opening a probe span\n      // ahead of time, which would emit a useless span on every\n      // request when a real provider is registered.\n      if (isNoopSpan(span)) {\n        if (!_skippedUninstalledEmitted) {\n          _skippedUninstalledEmitted = true;\n          tryEmitLifecycleEvent(\"middleware:skipped_uninstalled\", {});\n        }\n        // The noop span needs no enrichment and no end() because the\n        // noop implementation is a no-op for both, but call end()\n        // anyway for symmetry with the real-span path.\n        endSpanSafely(span);\n        return (handler as (...args: unknown[]) => unknown)(req, ...rest);\n      }\n\n      // Set caller-supplied attributes first so they appear on the\n      // span before any internal attribute we add below.\n      try {\n        if (options.attributes) {\n          span.setAttributes(options.attributes);\n        }\n        const path = extractRequestPath(req);\n        if (path !== undefined) {\n          span.setAttribute(ATTR.CAUSAL_MIDDLEWARE_FOR_REQUEST, path);\n        }\n      } catch {\n        // Attribute-setting failures are advisory; never block the\n        // wrapped handler from running.\n      }\n\n      let result: unknown;\n      try {\n        result = (handler as (...args: unknown[]) => unknown)(req, ...rest);\n      } catch (error) {\n        recordSpanError(span, error);\n        endSpanSafely(span);\n        throw error;\n      }\n\n      // The handler may be sync or async. If async, attach the\n      // span-end + error-recording on the promise chain; otherwise\n      // end the span synchronously and return the value.\n      if (\n        result !== null &&\n        typeof result === \"object\" &&\n        typeof (result as Promise<unknown>).then === \"function\"\n      ) {\n        return (result as Promise<unknown>).then(\n          (value) => {\n            endSpanSafely(span);\n            return value;\n          },\n          (error: unknown) => {\n            recordSpanError(span, error);\n            endSpanSafely(span);\n            throw error;\n          },\n        );\n      }\n\n      endSpanSafely(span);\n      return result;\n    });\n  }) as H;\n\n  return wrapped;\n}\n\n/**\n * Records an exception on a span and sets the span status to `ERROR`.\n * Both calls are independently guarded so a failing `recordException`\n * cannot prevent the status transition, and vice versa. The user's\n * original error value is preserved verbatim — wrapping is purely a\n * span-side normalization.\n */\nfunction recordSpanError(\n  span: ReturnType<ReturnType<typeof trace.getTracer>[\"startSpan\"]>,\n  error: unknown,\n): void {\n  const normalized: Error | string =\n    error instanceof Error\n      ? error\n      : typeof error === \"string\"\n        ? error\n        : new Error(String(error));\n  const statusMessage =\n    normalized instanceof Error ? normalized.message : normalized;\n  try {\n    span.recordException(normalized);\n  } catch {\n    // Swallow: instrumentation must never replace the user's error.\n  }\n  try {\n    span.setStatus({ code: SpanStatusCode.ERROR, message: statusMessage });\n  } catch {\n    // Swallow: independent from recordException so a failing\n    // recordException does not prevent the ERROR status.\n  }\n}\n\n/**\n * Ends a span, swallowing any throw from the OTel implementation. A\n * misbehaving `span.end()` must not replace the wrapped handler's\n * return value or thrown error with an unrelated one.\n */\nfunction endSpanSafely(\n  span: ReturnType<ReturnType<typeof trace.getTracer>[\"startSpan\"]>,\n): void {\n  try {\n    span.end();\n  } catch {\n    // Span lifecycle errors are always non-fatal at this layer.\n  }\n}\n"],"mappings":";;;;;;;;;;;;AAkEA,IAAM,OAAO;AAYb,IAAM,cAAc;AAQpB,IAAI,6BAA6B;AAO1B,SAAS,mBAAyB;AACvC,+BAA6B;AAC/B;AAyFA,SAAS,mBAAmB,KAAkC;AAC5D,MAAI,QAAQ,QAAQ,OAAO,QAAQ,SAAU,QAAO;AACpD,MAAI;AAEF,UAAM,UAAW,IAA8B;AAC/C,QAAI,YAAY,QAAQ,OAAO,YAAY,UAAU;AACnD,YAAM,WAAY,QAAmC;AACrD,UAAI,OAAO,aAAa,YAAY,SAAS,SAAS,GAAG;AACvD,eAAO;AAAA,MACT;AAAA,IACF;AAKA,UAAM,MAAO,IAA0B;AACvC,QAAI,OAAO,QAAQ,YAAY,IAAI,SAAS,GAAG;AAC7C,UAAI;AACF,eAAO,IAAI,IAAI,GAAG,EAAE;AAAA,MACtB,QAAQ;AACN,YAAI;AACF,iBAAO,IAAI,IAAI,KAAK,kBAAkB,EAAE;AAAA,QAC1C,QAAQ;AACN,iBAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAaA,IAAM,mBAAmB;AAczB,SAAS,WACP,MACS;AACT,MAAI;AACF,WAAO,KAAK,YAAY,EAAE,YAAY;AAAA,EACxC,QAAQ;AAIN,WAAO;AAAA,EACT;AACF;AA4DO,SAAS,wBACd,SACA,SACG;AAIH,MAAI,OAAO,QAAQ,SAAS,YAAY,QAAQ,KAAK,WAAW,GAAG;AACjE,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAKA,QAAM,WAAW,CAAC,QAA0B,SAA6B;AACvE,UAAM,SAAS,MAAM,UAAU,WAAW;AAC1C,WAAO,OAAO,gBAAgB,QAAQ,MAAM,CAAC,SAAS;AAQpD,UAAI,WAAW,IAAI,GAAG;AACpB,YAAI,CAAC,4BAA4B;AAC/B,uCAA6B;AAC7B,gCAAsB,kCAAkC,CAAC,CAAC;AAAA,QAC5D;AAIA,sBAAc,IAAI;AAClB,eAAQ,QAA4C,KAAK,GAAG,IAAI;AAAA,MAClE;AAIA,UAAI;AACF,YAAI,QAAQ,YAAY;AACtB,eAAK,cAAc,QAAQ,UAAU;AAAA,QACvC;AACA,cAAM,OAAO,mBAAmB,GAAG;AACnC,YAAI,SAAS,QAAW;AACtB,eAAK,aAAa,KAAK,+BAA+B,IAAI;AAAA,QAC5D;AAAA,MACF,QAAQ;AAAA,MAGR;AAEA,UAAI;AACJ,UAAI;AACF,iBAAU,QAA4C,KAAK,GAAG,IAAI;AAAA,MACpE,SAAS,OAAO;AACd,wBAAgB,MAAM,KAAK;AAC3B,sBAAc,IAAI;AAClB,cAAM;AAAA,MACR;AAKA,UACE,WAAW,QACX,OAAO,WAAW,YAClB,OAAQ,OAA4B,SAAS,YAC7C;AACA,eAAQ,OAA4B;AAAA,UAClC,CAAC,UAAU;AACT,0BAAc,IAAI;AAClB,mBAAO;AAAA,UACT;AAAA,UACA,CAAC,UAAmB;AAClB,4BAAgB,MAAM,KAAK;AAC3B,0BAAc,IAAI;AAClB,kBAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAEA,oBAAc,IAAI;AAClB,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AASA,SAAS,gBACP,MACA,OACM;AACN,QAAM,aACJ,iBAAiB,QACb,QACA,OAAO,UAAU,WACf,QACA,IAAI,MAAM,OAAO,KAAK,CAAC;AAC/B,QAAM,gBACJ,sBAAsB,QAAQ,WAAW,UAAU;AACrD,MAAI;AACF,SAAK,gBAAgB,UAAU;AAAA,EACjC,QAAQ;AAAA,EAER;AACA,MAAI;AACF,SAAK,UAAU,EAAE,MAAM,eAAe,OAAO,SAAS,cAAc,CAAC;AAAA,EACvE,QAAQ;AAAA,EAGR;AACF;AAOA,SAAS,cACP,MACM;AACN,MAAI;AACF,SAAK,IAAI;AAAA,EACX,QAAQ;AAAA,EAER;AACF;","names":[]}