@glueco/shared 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +11 -0
  2. package/dist/index.d.ts +11 -0
  3. package/dist/index.js +4 -2
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +4 -2
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +1 -1
package/dist/index.d.mts CHANGED
@@ -1598,6 +1598,11 @@ interface PluginContract {
1598
1598
  * - System-check app (optional validation)
1599
1599
  */
1600
1600
  readonly client?: PluginClientContract;
1601
+ /**
1602
+ * Default models for this plugin (for LLM plugins).
1603
+ * Used by the proxy to list available models when no restrictions are set.
1604
+ */
1605
+ readonly defaultModels?: readonly string[];
1601
1606
  /**
1602
1607
  * Validate input and apply constraints.
1603
1608
  * Returns shaped input ready for execution.
@@ -1770,6 +1775,7 @@ declare const PluginMetadataSchema: z.ZodObject<{
1770
1775
  namespace: string;
1771
1776
  entrypoint?: string | undefined;
1772
1777
  }>>;
1778
+ defaultModels: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1773
1779
  }, "strip", z.ZodTypeAny, {
1774
1780
  name: string;
1775
1781
  id: string;
@@ -1808,6 +1814,7 @@ declare const PluginMetadataSchema: z.ZodObject<{
1808
1814
  namespace: string;
1809
1815
  entrypoint?: string | undefined;
1810
1816
  } | undefined;
1817
+ defaultModels?: string[] | undefined;
1811
1818
  }, {
1812
1819
  name: string;
1813
1820
  id: string;
@@ -1846,6 +1853,7 @@ declare const PluginMetadataSchema: z.ZodObject<{
1846
1853
  namespace: string;
1847
1854
  entrypoint?: string | undefined;
1848
1855
  } | undefined;
1856
+ defaultModels?: string[] | undefined;
1849
1857
  }>;
1850
1858
  type PluginMetadata = z.infer<typeof PluginMetadataSchema>;
1851
1859
  /**
@@ -1898,6 +1906,8 @@ interface CreatePluginOptions {
1898
1906
  credentialSchema?: PluginCredentialSchema;
1899
1907
  /** Client contract metadata for SDK-compatible plugins */
1900
1908
  client?: PluginClientContract;
1909
+ /** Default models for LLM plugins */
1910
+ defaultModels?: readonly string[];
1901
1911
  }
1902
1912
  /**
1903
1913
  * Default auth configuration.
@@ -1922,6 +1932,7 @@ declare function createPluginBase(options: CreatePluginOptions): {
1922
1932
  extractors?: Record<string, ExtractorDescriptor>;
1923
1933
  credentialSchema?: PluginCredentialSchema;
1924
1934
  client?: PluginClientContract;
1935
+ defaultModels?: readonly string[];
1925
1936
  };
1926
1937
 
1927
1938
  /**
package/dist/index.d.ts CHANGED
@@ -1598,6 +1598,11 @@ interface PluginContract {
1598
1598
  * - System-check app (optional validation)
1599
1599
  */
1600
1600
  readonly client?: PluginClientContract;
1601
+ /**
1602
+ * Default models for this plugin (for LLM plugins).
1603
+ * Used by the proxy to list available models when no restrictions are set.
1604
+ */
1605
+ readonly defaultModels?: readonly string[];
1601
1606
  /**
1602
1607
  * Validate input and apply constraints.
1603
1608
  * Returns shaped input ready for execution.
@@ -1770,6 +1775,7 @@ declare const PluginMetadataSchema: z.ZodObject<{
1770
1775
  namespace: string;
1771
1776
  entrypoint?: string | undefined;
1772
1777
  }>>;
1778
+ defaultModels: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1773
1779
  }, "strip", z.ZodTypeAny, {
1774
1780
  name: string;
1775
1781
  id: string;
@@ -1808,6 +1814,7 @@ declare const PluginMetadataSchema: z.ZodObject<{
1808
1814
  namespace: string;
1809
1815
  entrypoint?: string | undefined;
1810
1816
  } | undefined;
1817
+ defaultModels?: string[] | undefined;
1811
1818
  }, {
1812
1819
  name: string;
1813
1820
  id: string;
@@ -1846,6 +1853,7 @@ declare const PluginMetadataSchema: z.ZodObject<{
1846
1853
  namespace: string;
1847
1854
  entrypoint?: string | undefined;
1848
1855
  } | undefined;
1856
+ defaultModels?: string[] | undefined;
1849
1857
  }>;
1850
1858
  type PluginMetadata = z.infer<typeof PluginMetadataSchema>;
1851
1859
  /**
@@ -1898,6 +1906,8 @@ interface CreatePluginOptions {
1898
1906
  credentialSchema?: PluginCredentialSchema;
1899
1907
  /** Client contract metadata for SDK-compatible plugins */
1900
1908
  client?: PluginClientContract;
1909
+ /** Default models for LLM plugins */
1910
+ defaultModels?: readonly string[];
1901
1911
  }
1902
1912
  /**
1903
1913
  * Default auth configuration.
@@ -1922,6 +1932,7 @@ declare function createPluginBase(options: CreatePluginOptions): {
1922
1932
  extractors?: Record<string, ExtractorDescriptor>;
1923
1933
  credentialSchema?: PluginCredentialSchema;
1924
1934
  client?: PluginClientContract;
1935
+ defaultModels?: readonly string[];
1925
1936
  };
1926
1937
 
1927
1938
  /**
package/dist/index.js CHANGED
@@ -703,7 +703,8 @@ var PluginMetadataSchema = zod.z.object({
703
703
  supports: PluginSupportsSchema,
704
704
  extractors: zod.z.record(ExtractorDescriptorSchema).optional(),
705
705
  credentialSchema: PluginCredentialSchemaSchema.optional(),
706
- client: PluginClientContractSchema.optional()
706
+ client: PluginClientContractSchema.optional(),
707
+ defaultModels: zod.z.array(zod.z.string()).optional()
707
708
  });
708
709
  function validatePluginMetadata(plugin) {
709
710
  if (!plugin || typeof plugin !== "object") {
@@ -762,7 +763,8 @@ function createPluginBase(options) {
762
763
  supports: options.supports ?? DEFAULT_PLUGIN_SUPPORTS,
763
764
  extractors: options.extractors,
764
765
  credentialSchema: options.credentialSchema,
765
- client: options.client
766
+ client: options.client,
767
+ defaultModels: options.defaultModels
766
768
  };
767
769
  }
768
770
 
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/errors.ts","../src/duration-presets.ts","../src/schemas.ts","../src/access-policy.ts","../src/pop.ts","../src/enforcement.ts","../src/plugins.ts","../src/index.ts"],"names":["ErrorCode","z","PopErrorCode"],"mappings":";;;;;AAUO,IAAK,SAAA,qBAAAA,UAAAA,KAAL;AAEL,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,sBAAA,CAAA,GAAuB,sBAAA;AACvB,EAAAA,WAAA,6BAAA,CAAA,GAA8B,6BAAA;AAC9B,EAAAA,WAAA,wBAAA,CAAA,GAAyB,wBAAA;AAGzB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AACnB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,mBAAA,CAAA,GAAoB,mBAAA;AACpB,EAAAA,WAAA,mBAAA,CAAA,GAAoB,mBAAA;AACpB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AAGnB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,wBAAA,CAAA,GAAyB,wBAAA;AACzB,EAAAA,WAAA,0BAAA,CAAA,GAA2B,0BAAA;AAG3B,EAAAA,WAAA,yBAAA,CAAA,GAA0B,yBAAA;AAC1B,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AAGtB,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AACtB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AACnB,EAAAA,WAAA,gCAAA,CAAA,GAAiC,gCAAA;AAGjC,EAAAA,WAAA,cAAA,CAAA,GAAe,cAAA;AACf,EAAAA,WAAA,oBAAA,CAAA,GAAqB,oBAAA;AAGrB,EAAAA,WAAA,4BAAA,CAAA,GAA6B,4BAAA;AAC7B,EAAAA,WAAA,0BAAA,CAAA,GAA2B,0BAAA;AAC3B,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AAGtB,EAAAA,WAAA,6BAAA,CAAA,GAA8B,6BAAA;AAG9B,EAAAA,WAAA,sBAAA,CAAA,GAAuB,sBAAA;AACvB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,yBAAA,CAAA,GAA0B,yBAAA;AAC1B,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,2BAAA,CAAA,GAA4B,2BAAA;AA9ClB,EAAA,OAAAA,UAAAA;AAAA,CAAA,EAAA,SAAA,IAAA,EAAA;AAoDL,SAAS,eAAe,IAAA,EAAyB;AACtD,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,uBAAA;AAAA,IACL,KAAK,qBAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,0BAAA;AAAA,IACL,KAAK,4BAAA;AAAA,IACL,KAAK,0BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,gCAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,kBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,mBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,uBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,kBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,mBAAA;AAAA,IACL,KAAK,sBAAA;AAAA,IACL,KAAK,wBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,qBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,6BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,sBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,yBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,2BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,yBAAA;AAAA,IACL,KAAK,qBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,6BAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,oBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET;AACE,MAAA,OAAO,GAAA;AAAA;AAEb;AAKO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA,EAMtC,WAAA,CACE,IAAA,EACA,OAAA,EACA,OAAA,EAIA;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,eAAe,IAAI,CAAA;AACjC,IAAA,IAAA,CAAK,UAAU,OAAA,EAAS,OAAA;AACxB,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAAA,EAC5B;AAAA,EAEA,MAAA,GAAS;AACP,IAAA,OAAO;AAAA,MACL,KAAA,EAAO;AAAA,QACL,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,SAAS,IAAA,CAAK,OAAA;AAAA,QACd,GAAI,IAAA,CAAK,SAAA,IAAa,EAAE,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,QAClD,GAAI,IAAA,CAAK,OAAA,IAAW,EAAE,OAAA,EAAS,KAAK,OAAA;AAAQ;AAC9C,KACF;AAAA,EACF;AACF;AAKO,SAAS,sBAAsB,IAAA,EAA6B;AACjE,EAAA,MAAM,OAAA,GAAU,IAAA,GACZ,CAAA,wBAAA,EAA2B,IAAI,CAAA,CAAA,GAC/B,8GAAA;AAEJ,EAAA,OAAO,IAAI,YAAA,CAAa,uBAAA,8BAAiC,OAAA,EAAS;AAAA,IAChE,OAAA,EAAS;AAAA,MACP,QAAA,EAAU;AAAA,QACR,IAAA,EAAM,iCAAA;AAAA,QACN,MAAA,EAAQ,mCAAA;AAAA,QACR,MAAA,EAAQ;AAAA;AACV;AACF,GACD,CAAA;AACH;AAWO,IAAM,0BAAA,GAA6BC,MAAE,MAAA,CAAO;AAAA,EACjD,KAAA,EAAOA,MAAE,MAAA,CAAO;AAAA,IACd,IAAA,EAAMA,MAAE,MAAA,EAAO;AAAA,IACf,OAAA,EAASA,MAAE,MAAA,EAAO;AAAA,IAClB,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC/B,OAAA,EAASA,KAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AAAS,GAC/B;AACH,CAAC;AAOM,SAAS,mBAAA,CACd,IAAA,EACA,OAAA,EACA,OAAA,EAIsB;AACtB,EAAA,OAAO;AAAA,IACL,KAAA,EAAO;AAAA,MACL,IAAA;AAAA,MACA,OAAA;AAAA,MACA,GAAI,OAAA,EAAS,SAAA,IAAa,EAAE,SAAA,EAAW,QAAQ,SAAA,EAAU;AAAA,MACzD,GAAI,OAAA,EAAS,OAAA,KAAY,UAAa,EAAE,OAAA,EAAS,QAAQ,OAAA;AAAQ;AACnE,GACF;AACF;AC5KO,IAAM,gBAAA,GAAqC;AAAA,EAChD;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,uBAAA;AAAA,IACb,UAAA,EAAY,KAAK,EAAA,GAAK,GAAA;AAAA,IACtB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,kBAAA;AAAA,IACb,UAAA,EAAY,CAAA,GAAI,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAC1B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,UAAA;AAAA,IACJ,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,gBAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAC3B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,QAAA;AAAA,IACb,UAAA,EAAY,CAAA,GAAI,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA,GACjC;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,SAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAChC,aAAA,EAAe;AAAA,GACjB;AAAA,EACA;AAAA,IACE,EAAA,EAAI,UAAA;AAAA,IACJ,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,SAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAChC,aAAA,EAAe;AAAA,GACjB;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,UAAA;AAAA,IACb,UAAA,EAAY,GAAA,GAAM,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA,GACnC;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,eAAA;AAAA,IACb,UAAA,EAAY;AAAA,GACd;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,wBAAA;AAAA,IACb,UAAA,EAAY;AAAA;AAEhB;AAKO,SAAS,kBACd,EAAA,EAC4B;AAC5B,EAAA,OAAO,iBAAiB,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,EAAE,CAAA;AACjD;AAMO,SAAS,2BAAA,CACd,QAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACb;AACb,EAAA,MAAM,MAAA,GAAS,kBAAkB,QAAQ,CAAA;AACzC,EAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,UAAA,KAAe,IAAA,EAAM;AACzC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,OAAA,EAAQ,GAAI,OAAO,UAAU,CAAA;AACxD;AAKO,SAAS,qBAAA,CACd,UAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACpB;AACN,EAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,OAAA,KAAY,UAAU,CAAA;AACjD;AAKO,SAAS,kBAAkB,UAAA,EAA2C;AAC3E,EAAA,IAAI,eAAe,IAAA,EAAM;AACvB,IAAA,OAAO,iBAAiB,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,SAAS,CAAA;AAAA,EACxD;AAGA,EAAA,IAAI,OAAA,GAAU,iBAAiB,CAAC,CAAA;AAChC,EAAA,IAAI,WAAA,GAAc,QAAA;AAElB,EAAA,KAAA,MAAW,UAAU,gBAAA,EAAkB;AACrC,IAAA,IAAI,MAAA,CAAO,UAAA,KAAe,IAAA,IAAQ,MAAA,CAAO,OAAO,QAAA,EAAU;AAE1D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,GAAA,CAAI,MAAA,CAAO,aAAa,UAAU,CAAA;AACpD,IAAA,IAAI,OAAO,WAAA,EAAa;AACtB,MAAA,WAAA,GAAc,IAAA;AACd,MAAA,OAAA,GAAU,MAAA;AAAA,IACZ;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAKO,SAAS,eAAe,UAAA,EAAmC;AAChE,EAAA,IAAI,UAAA,KAAe,MAAM,OAAO,SAAA;AAEhC,EAAA,MAAM,KAAA,GAAQ,UAAA,IAAc,EAAA,GAAK,EAAA,GAAK,GAAA,CAAA;AACtC,EAAA,IAAI,KAAA,GAAQ,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAEzE,EAAA,MAAM,OAAO,KAAA,GAAQ,EAAA;AACrB,EAAA,IAAI,IAAA,GAAO,CAAA,EAAG,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,IAAI,CAAC,CAAA,IAAA,EAAO,IAAA,KAAS,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAEpE,EAAA,MAAM,QAAQ,IAAA,GAAO,CAAA;AACrB,EAAA,IAAI,KAAA,GAAQ,CAAA,EAAG,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAExE,EAAA,MAAM,SAAS,IAAA,GAAO,EAAA;AACtB,EAAA,IAAI,MAAA,GAAS,EAAA;AACX,IAAA,OAAO,CAAA,EAAG,KAAK,KAAA,CAAM,MAAM,CAAC,CAAA,MAAA,EAAS,MAAA,KAAW,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAE9D,EAAA,MAAM,QAAQ,IAAA,GAAO,GAAA;AACrB,EAAA,OAAO,CAAA,EAAG,KAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAC3D;AAKO,SAAS,qBAAqB,SAAA,EAAgC;AACnE,EAAA,IAAI,CAAC,WAAW,OAAO,OAAA;AAEvB,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,EAAA,MAAM,IAAA,GAAO,SAAA,CAAU,OAAA,EAAQ,GAAI,IAAI,OAAA,EAAQ;AAE/C,EAAA,IAAI,IAAA,IAAQ,GAAG,OAAO,SAAA;AACtB,EAAA,OAAO,CAAA,GAAA,EAAM,cAAA,CAAe,IAAI,CAAC,CAAA,CAAA;AACnC;AASO,IAAM,sBAAA,GAAyBA,MAAE,IAAA,CAAK;AAAA,EAC3C,QAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,uBAAA,GAA0BA,MAAE,KAAA,CAAM;AAAA;AAAA,EAE7CA,MAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,QAAQ,CAAA;AAAA,IACxB,MAAA,EAAQ;AAAA,GACT,CAAA;AAAA;AAAA,EAEDA,MAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,IAC1B,YAAYA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAAS,GACvC,CAAA;AAAA;AAAA,EAEDA,MAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,OAAO,CAAA;AAAA,IACvB,SAAA,EAAWA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,GAChC;AACH,CAAC;AAOM,SAAS,wBAAA,CACd,QAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACb;AACb,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,QAAQ,SAAS,IAAA;AAAM,IACrB,KAAK,QAAA;AACH,MAAA,OAAO,2BAAA,CAA4B,QAAA,CAAS,MAAA,EAAQ,QAAQ,CAAA;AAAA,IAC9D,KAAK,UAAA;AACH,MAAA,OAAO,qBAAA,CAAsB,QAAA,CAAS,UAAA,EAAY,QAAQ,CAAA;AAAA,IAC5D,KAAK,OAAA;AACH,MAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,SAAS,CAAA;AAAA;AAExC;AAKO,SAAS,qBACd,MAAA,EACmB;AACnB,EAAA,OAAO,EAAE,IAAA,EAAM,QAAA,EAAU,MAAA,EAAO;AAClC;AAKO,SAAS,iBAAiB,UAAA,EAAuC;AACtE,EAAA,OAAO,EAAE,IAAA,EAAM,UAAA,EAAY,UAAA,EAAW;AACxC;AAKO,SAAS,oBAAoB,SAAA,EAAoC;AACtE,EAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,SAAA,EAAW,SAAA,CAAU,aAAY,EAAE;AAC7D;;;AC9QO,IAAM,iBAAA,GAAoBA,MAAE,MAAA,CAAO;AAAA,EACxC,IAAA,EAAMA,MAAE,IAAA,CAAK,CAAC,UAAU,MAAA,EAAQ,WAAA,EAAa,MAAM,CAAC,CAAA;AAAA,EACpD,OAAA,EAASA,MACN,KAAA,CAAM;AAAA,IACLA,MAAE,MAAA,EAAO;AAAA,IACTA,KAAAA,CAAE,KAAA;AAAA,MACAA,MAAE,MAAA,CAAO;AAAA,QACP,IAAA,EAAMA,MAAE,MAAA,EAAO;AAAA,QACf,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,QAC1B,SAAA,EAAWA,MACR,MAAA,CAAO;AAAA,UACN,GAAA,EAAKA,MAAE,MAAA,EAAO;AAAA,UACd,MAAA,EAAQA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,SAC7B,EACA,QAAA;AAAS,OACb;AAAA;AACH,GACD,EACA,QAAA,EAAS;AAAA,EACZ,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1B,YAAYA,KAAAA,CACT,KAAA;AAAA,IACCA,MAAE,MAAA,CAAO;AAAA,MACP,EAAA,EAAIA,MAAE,MAAA,EAAO;AAAA,MACb,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,MAAE,MAAA,CAAO;AAAA,QACjB,IAAA,EAAMA,MAAE,MAAA,EAAO;AAAA,QACf,SAAA,EAAWA,MAAE,MAAA;AAAO,OACrB;AAAA,KACF;AAAA,IAEF,QAAA,EAAS;AAAA,EACZ,YAAA,EAAcA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC3B,CAAC;AAKM,IAAM,2BAAA,GAA8BA,MAAE,MAAA,CAAO;AAAA,EAClD,KAAA,EAAOA,MAAE,MAAA,EAAO;AAAA,EAChB,QAAA,EAAUA,KAAAA,CAAE,KAAA,CAAM,iBAAiB,CAAA;AAAA,EACnC,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC/C,KAAA,EAAOA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACzC,CAAA,EAAGA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,EAAI,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,QAAA,EAAS;AAAA,EAC5C,MAAA,EAAQA,KAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EAC7B,IAAA,EAAMA,KAAAA,CAAE,KAAA,CAAM,CAACA,MAAE,MAAA,EAAO,EAAGA,KAAAA,CAAE,KAAA,CAAMA,MAAE,MAAA,EAAQ,CAAC,CAAC,EAAE,QAAA,EAAS;AAAA,EAC1D,UAAA,EAAYA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACjD,qBAAA,EAAuBA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EAC5D,gBAAA,EAAkBA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACrD,iBAAA,EAAmBA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACtD,YAAYA,KAAAA,CAAE,MAAA,CAAOA,MAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EAC1C,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1B,OAAOA,KAAAA,CACJ,KAAA;AAAA,IACCA,MAAE,MAAA,CAAO;AAAA,MACP,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,MAAE,MAAA,CAAO;AAAA,QACjB,IAAA,EAAMA,MAAE,MAAA,EAAO;AAAA,QACf,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,QACjC,YAAYA,KAAAA,CAAE,MAAA,CAAOA,MAAE,OAAA,EAAS,EAAE,QAAA;AAAS,OAC5C;AAAA,KACF;AAAA,IAEF,QAAA,EAAS;AAAA,EACZ,WAAA,EAAaA,MACV,KAAA,CAAM;AAAA,IACLA,KAAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,KAAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,KAAAA,CAAE,QAAQ,UAAU,CAAA;AAAA,IACpBA,MAAE,MAAA,CAAO;AAAA,MACP,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,MAAE,MAAA,CAAO,EAAE,MAAMA,KAAAA,CAAE,MAAA,IAAU;AAAA,KACxC;AAAA,GACF,EACA,QAAA,EAAS;AAAA,EACZ,eAAA,EAAiBA,MACd,MAAA,CAAO;AAAA,IACN,MAAMA,KAAAA,CAAE,IAAA,CAAK,CAAC,MAAA,EAAQ,aAAa,CAAC;AAAA,GACrC,EACA,QAAA,EAAS;AAAA,EACZ,MAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AACzB,CAAC;AASM,IAAM,uBAAA,GAA0BA,MAAE,MAAA,CAAO;AAAA,EAC9C,UAAA,EAAYA,KAAAA,CAAE,MAAA,EAAO,CAAE,MAAM,qBAAA,EAAuB;AAAA,IAClD,OAAA,EAAS;AAAA,GACV,CAAA;AAAA,EACD,OAAA,EAASA,MAAE,KAAA,CAAMA,KAAAA,CAAE,QAAQ,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAClC,aAAaA,KAAAA,CAAE,MAAA,CAAOA,MAAE,OAAA,EAAS,EAAE,QAAA,EAAS;AAAA;AAAA,EAE5C,iBAAA,EAAmB,wBAAwB,QAAA;AAC7C,CAAC;AAKM,IAAM,iBAAA,GAAoBA,MAAE,MAAA,CAAO;AAAA,EACxC,IAAA,EAAMA,MAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA,EAC/B,aAAaA,KAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA,EAC1C,UAAUA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAC7B,CAAC;AAKM,IAAM,oBAAA,GAAuBA,MAAE,MAAA,CAAO;AAAA,EAC3C,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA;AAAA,EAC9B,GAAA,EAAK,iBAAA;AAAA,EACL,SAAA,EAAWA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA;AAAA,EAC5B,sBAAsBA,KAAAA,CAAE,KAAA,CAAM,uBAAuB,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAC5D,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA;AAC1B,CAAC;AAYM,IAAM,kBAAA,GAAqBA,MAAE,MAAA,CAAO;AAAA,EACzC,GAAA,EAAKA,MAAE,MAAA,CAAO;AAAA,IACZ,OAAA,EAASA,MAAE,MAAA;AAAO,GACnB;AACH,CAAC;AAKM,IAAM,4BAAA,GAA+BA,MAAE,MAAA,CAAO;AAAA,EACnD,UAAA,EAAYA,MAAE,MAAA,EAAO;AAAA,EACrB,OAAA,EAASA,KAAAA,CAAE,KAAA,CAAMA,KAAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,IAAA,EAAM,kBAAA;AAAA,EACN,WAAA,EAAaA,MACV,MAAA,CAAO;AAAA,IACN,QAAA,EAAUA,KAAAA,CAAE,KAAA,CAAMA,KAAAA,CAAE,QAAQ;AAAA,GAC7B,EACA,QAAA;AACL,CAAC;AAKM,IAAM,iBAAA,GAAoBA,MAAE,MAAA,CAAO;AAAA,EACxC,OAAA,EAASA,MAAE,MAAA,EAAO;AAAA,EAClB,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACnB,CAAC;AAKM,IAAM,gCAAA,GAAmCA,MAAE,MAAA,CAAO;AAAA,EACvD,OAAA,EAAS,iBAAA;AAAA,EACT,SAAA,EAAWA,KAAAA,CAAE,KAAA,CAAM,4BAA4B;AACjD,CAAC;;;ACiCM,SAAS,oBAAoB,MAAA,EAAmC;AACrE,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAErB,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,IAAA,CAAK,GAAA,CAAI,SAAQ,GAAI,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IAChD,KAAK,SAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,CAAA,GAAI,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IACpD,KAAK,OAAA;AAEH,MAAA,MAAM,QAAA,GAAW,IAAI,IAAA,CAAK,GAAG,CAAA;AAC7B,MAAA,QAAA,CAAS,QAAA,CAAS,EAAA,EAAI,EAAA,EAAI,EAAA,EAAI,GAAG,CAAA;AACjC,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IACrD,KAAK,WAAA;AAEH,MAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,GAAG,CAAA;AAC9B,MAAA,MAAM,eAAA,GAAkB,CAAA,GAAI,SAAA,CAAU,MAAA,EAAO;AAC7C,MAAA,SAAA,CAAU,OAAA,CAAQ,SAAA,CAAU,OAAA,EAAQ,GAAI,eAAe,CAAA;AACvD,MAAA,SAAA,CAAU,QAAA,CAAS,EAAA,EAAI,EAAA,EAAI,EAAA,EAAI,GAAG,CAAA;AAClC,MAAA,OAAO,SAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC1D,KAAK,UAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC1D,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,GAAA,GAAM,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC3D,KAAK,OAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,IAAA;AAAA;AAAA,IACT;AACE,MAAA,OAAO,IAAA;AAAA;AAEb;AAKO,IAAM,cAAA,GAAuC;AAAA,EAClD;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,mBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,QAAQ;AAAA,GAC7C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,SAAA;AAAA,IACP,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,SAAS;AAAA,GAC9C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,OAAA;AAAA,IACP,KAAA,EAAO,cAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,OAAO;AAAA,GAC5C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,UAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,UAAU;AAAA,GAC/C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,WAAA;AAAA,IACP,KAAA,EAAO,WAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,WAAW;AAAA,GAChD;AAAA,EACA;AAAA,IACE,KAAA,EAAO,SAAA;AAAA,IACP,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,SAAS;AAAA,GAC9C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,UAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,UAAU;AAAA,GAC/C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,mBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,QAAQ;AAAA,GAC7C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,OAAA;AAAA,IACP,KAAA,EAAO,OAAA;AAAA,IACP,WAAA,EAAa,eAAA;AAAA,IACb,SAAS,MAAM;AAAA,GACjB;AAAA,EACA;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,iBAAA;AAAA,IACb,SAAS,MAAM;AAAA;AAEnB;AAWO,IAAM,kBAAA,GAAwC;AAAA,EACnD;AAAA,IACE,KAAA,EAAO,gCAAA;AAAA,IACP,KAAA,EAAO,EAAE,WAAA,EAAa,CAAA,EAAG,eAAe,EAAA;AAAG,GAC7C;AAAA,EACA,EAAE,OAAO,eAAA,EAAiB,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,aAAA,EAAe,EAAA,EAAG,EAAE;AAAA,EACxE,EAAE,OAAO,eAAA,EAAiB,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,aAAA,EAAe,EAAA,EAAG,EAAE;AAAA,EACxE;AAAA,IACE,KAAA,EAAO,0BAAA;AAAA,IACP,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,eAAe,EAAA;AAAG,GAC9C;AAAA,EACA,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAK,aAAA,EAAe,IAAA,EAAK,EAAE;AAAA,EAC1E,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAK,aAAA,EAAe,IAAA,EAAK,EAAE;AAAA,EAC1E,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAM,aAAA,EAAe,KAAA,EAAM;AAC5E;AASO,SAAS,qBAAqB,MAAA,EAGnC;AACA,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAGrB,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,aAAA,GAAgB,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AAC/C,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,CAAA,oCAAA,EAAuC,aAAA,CAAc,WAAA,EAAa,CAAA;AAAA,OAC5E;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,aAAA,GAAgB,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AAC/C,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,CAAA,sBAAA,EAAyB,aAAA,CAAc,WAAA,EAAa,CAAA;AAAA,OAC9D;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,MAAM,EAAE,SAAA,EAAW,OAAA,EAAS,QAAA,EAAU,WAAA,KAAgB,MAAA,CAAO,UAAA;AAG7D,IAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS;AAAA,MACjD,IAAA,EAAM,SAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,QAAA,EAAU;AAAA,KACX,CAAA;AACD,IAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,MAAA,CAAO,GAAG,GAAG,EAAE,CAAA;AAGtD,IAAA,MAAM,YAAA,GAAe,IAAI,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS;AAAA,MACpD,OAAA,EAAS,OAAA;AAAA,MACT,QAAA,EAAU;AAAA,KACX,CAAA;AACD,IAAA,MAAM,QAAA,GAAW,CAAC,KAAA,EAAO,KAAA,EAAO,OAAO,KAAA,EAAO,KAAA,EAAO,OAAO,KAAK,CAAA;AACjE,IAAA,MAAM,cAAA,GAAiB,YAAA,CAAa,MAAA,CAAO,GAAG,CAAA;AAC9C,IAAA,MAAM,aAAa,QAAA,CAAS,OAAA,CAAQ,eAAe,KAAA,CAAM,CAAA,EAAG,CAAC,CAAC,CAAA;AAG9D,IAAA,IACE,WAAA,IACA,YAAY,MAAA,GAAS,CAAA,IACrB,CAAC,WAAA,CAAY,QAAA,CAAS,UAAU,CAAA,EAChC;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,mCAAmC,cAAc,CAAA,CAAA;AAAA,OAC3D;AAAA,IACF;AAGA,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI,aAAa,OAAA,EAAS;AAExB,MAAA,QAAA,GAAW,WAAA,IAAe,aAAa,WAAA,GAAc,OAAA;AAAA,IACvD,CAAA,MAAO;AAEL,MAAA,QAAA,GAAW,WAAA,IAAe,aAAa,WAAA,GAAc,OAAA;AAAA,IACvD;AAEA,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,QAAQ,CAAA,4BAAA,EAA+B,SAAS,CAAA,IAAA,EAAO,OAAO,OAAO,QAAQ,CAAA;AAAA,OAC/E;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACvB;AAKO,SAAS,0BAA0B,MAAA,EAAgC;AACxE,EAAA,MAAM,UAAoB,EAAC;AAE3B,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,IAAA,GAAO,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACtC,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN,YAAY,IAAA,CAAK,kBAAA,EAAoB,CAAA,CAAA,EAAI,IAAA,CAAK,oBAAoB,CAAA;AAAA,KACpE;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,IAAA,GAAO,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACtC,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN,WAAW,IAAA,CAAK,kBAAA,EAAoB,CAAA,CAAA,EAAI,IAAA,CAAK,oBAAoB,CAAA;AAAA,KACnE;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,MAAM,EAAE,SAAA,EAAW,OAAA,EAAS,QAAA,KAAa,MAAA,CAAO,UAAA;AAChD,IAAA,OAAA,CAAQ,KAAK,CAAA,OAAA,EAAU,SAAS,OAAO,OAAO,CAAA,IAAA,EAAO,QAAQ,CAAA,CAAE,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,EAAE,WAAA,EAAa,aAAA,EAAc,GAAI,MAAA,CAAO,SAAA;AAC9C,IAAA,IAAI,kBAAkB,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,IAAA,CAAM,CAAA;AAAA,SAAA,IACxD,kBAAkB,IAAA,EAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,KAAA,CAAO,CAAA;AAAA,SAAA,IAChE,kBAAkB,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,IAAA,CAAM,CAAA;AAAA,iBAC5D,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,CAAA,EAAI,aAAa,CAAA,CAAA,CAAG,CAAA;AAAA,EAC5D;AAEA,EAAA,IAAI,MAAA,CAAO,OAAO,KAAA,EAAO;AACvB,IAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,aAAA,EAAgB,MAAA,CAAO,KAAA,CAAM,KAAK,CAAA,CAAE,CAAA;AAAA,EACnD;AAEA,EAAA,IAAI,MAAA,CAAO,OAAO,OAAA,EAAS;AACzB,IAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,MAAA,CAAO,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,EACvD;AAEA,EAAA,IAAI,MAAA,CAAO,aAAa,KAAA,EAAO;AAC7B,IAAA,OAAA,CAAQ,KAAK,CAAA,cAAA,EAAiB,MAAA,CAAO,YAAY,KAAA,CAAM,cAAA,EAAgB,CAAA,CAAE,CAAA;AAAA,EAC3E;AAEA,EAAA,OAAO,OAAA;AACT;AC5cO,IAAM,kBAAA,GAAqBA,MAAE,MAAA,CAAO;AAAA,EACzC,SAAA,EAAWA,KAAAA,CAAE,OAAA,CAAQ,GAAG,CAAA;AAAA,EACxB,YAAYA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAClD,QAAQA,KAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,CAAM,SAAS,2BAA2B,CAAA;AAAA,EAC7D,WAAWA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,IAAI,sCAAsC,CAAA;AAAA,EACpE,SAASA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,uBAAuB;AACpD,CAAC;AAiDM,SAAS,wBACd,MAAA,EACQ;AACR,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,MAAA,CAAO,OAAO,WAAA,EAAY;AAAA,IAC1B,MAAA,CAAO,aAAA;AAAA,IACP,MAAA,CAAO,KAAA;AAAA,IACP,MAAA,CAAO,EAAA;AAAA,IACP,MAAA,CAAO,KAAA;AAAA,IACP,MAAA,CAAO,QAAA;AAAA,IACP;AAAA;AAAA,GACF,CAAE,KAAK,IAAI,CAAA;AACb;AAaO,SAAS,iBAAiB,GAAA,EAAkB;AACjD,EAAA,OAAO,GAAA,CAAI,WAAW,GAAA,CAAI,MAAA;AAC5B;AAKO,IAAM,WAAA,GAAc;AAKpB,IAAK,YAAA,qBAAAC,aAAAA,KAAL;AACL,EAAAA,cAAA,qBAAA,CAAA,GAAsB,6BAAA;AADZ,EAAA,OAAAA,aAAAA;AAAA,CAAA,EAAA,YAAA,IAAA,EAAA;ACvFL,IAAM,uBAAA,GAA0BD,MAAE,MAAA,CAAO;AAAA;AAAA,EAE9C,KAAA,EAAOA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,eAAA,EAAiBA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACtD,SAAA,EAAWA,KAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EAChC,MAAA,EAAQA,KAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAG7B,UAAA,EAAYA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,WAAWA,KAAAA,CAAE,KAAA,CAAMA,MAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EACxC,cAAA,EAAgBA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAGrD,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC1B,CAAC;AASM,IAAM,sBAAA,GAAyB;AAY/B,IAAM,qBAAA,GAAwBA,MAAE,MAAA,CAAO;AAAA;AAAA,EAE5C,SAAA,EAAWA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE/B,MAAA,EAAQA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE5B,aAAA,EAAeA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC5B,CAAC;AC5BM,IAAM,gBAAA,GAAmBA,MAAE,MAAA,CAAO;AAAA,EACvC,GAAA,EAAKA,MAAE,MAAA,CAAO;AAAA,IACZ,SAASA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAAS,GACpC;AACH,CAAC;AAQM,IAAM,oBAAA,GAAuBA,MAAE,MAAA,CAAO;AAAA,EAC3C,WAAA,EAAaA,KAAAA,CAAE,KAAA,CAAMA,KAAAA,CAAE,QAAQ;AACjC,CAAC;AAQM,IAAM,yBAAA,GAA4BA,MAAE,MAAA,CAAO;AAAA;AAAA,EAEhD,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE1B,QAAQA,KAAAA,CAAE,MAAA,CAAOA,MAAE,OAAA,EAAS,EAAE,QAAA;AAChC,CAAC;AAQM,IAAM,qBAAA,GAAwBA,MAAE,MAAA,CAAO;AAAA,EAC5C,IAAA,EAAMA,MAAE,MAAA,EAAO;AAAA,EACf,IAAA,EAAMA,MAAE,IAAA,CAAK,CAAC,UAAU,QAAA,EAAU,KAAA,EAAO,QAAA,EAAU,SAAS,CAAC,CAAA;AAAA,EAC7D,KAAA,EAAOA,MAAE,MAAA,EAAO;AAAA,EAChB,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACjC,QAAA,EAAUA,KAAAA,CAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,EAClC,OAAA,EAASA,KAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AACvB,CAAC;AAOM,IAAM,4BAAA,GAA+BA,MAAE,MAAA,CAAO;AAAA,EACnD,MAAA,EAAQA,KAAAA,CAAE,KAAA,CAAM,qBAAqB;AACvC,CAAC;AAmRM,IAAM,0BAAA,GAA6BA,MAAE,MAAA,CAAO;AAAA,EACjD,SAAA,EAAWA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,SAASA,KAAAA,CAAE,MAAA;AAAA,IACTA,MAAE,MAAA,CAAO;AAAA,MACP,aAAA,EAAeA,KAAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA,MAChC,cAAA,EAAgBA,KAAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA,MACjC,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,KAClC;AAAA,GACH;AAAA,EACA,UAAA,EAAYA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAEM,IAAM,oBAAA,GAAuBA,MAAE,MAAA,CAAO;AAAA,EAC3C,EAAA,EAAIA,KAAAA,CAAE,MAAA,EAAO,CAAE,MAAM,qBAAA,EAAuB;AAAA,IAC1C,OAAA,EAAS;AAAA,GACV,CAAA;AAAA,EACD,YAAA,EAAcA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC9B,QAAA,EAAUA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC1B,OAAA,EAASA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACzB,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,OAAA,EAASA,MAAE,KAAA,CAAMA,KAAAA,CAAE,QAAQ,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAClC,IAAA,EAAM,gBAAA;AAAA,EACN,QAAA,EAAU,oBAAA;AAAA,EACV,UAAA,EAAYA,KAAAA,CAAE,MAAA,CAAO,yBAAyB,EAAE,QAAA,EAAS;AAAA,EACzD,gBAAA,EAAkB,6BAA6B,QAAA,EAAS;AAAA,EACxD,MAAA,EAAQ,2BAA2B,QAAA;AACrC,CAAC;AAOM,SAAS,uBAAuB,MAAA,EAIrC;AACA,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACzC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,0BAAA,EAA2B;AAAA,EAC3D;AAEA,EAAA,MAAM,MAAA,GAAS,oBAAA,CAAqB,SAAA,CAAU,MAAM,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO,CAAA,yBAAA,EAA4B,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,KACzF;AAAA,EACF;AAGA,EAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AACpB,EAAA,MAAM,aAAa,CAAA,EAAG,IAAA,CAAK,YAAY,CAAA,CAAA,EAAI,KAAK,QAAQ,CAAA,CAAA;AACxD,EAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO,CAAA,WAAA,EAAc,IAAA,CAAK,EAAE,iBAAiB,UAAU,CAAA,CAAA;AAAA,KACzD;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,QAAA,EAAU,IAAA,EAAK;AACvC;AAgCO,SAAS,uBACd,MAAA,EACsB;AACtB,EAAA,MAAM,KAAA,GAA8B;AAAA,IAClC,YAAY,MAAA,CAAO,EAAA;AAAA,IACnB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,MAAM,MAAA,CAAO,IAAA;AAAA,IACb,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,WAAA,EAAa;AAAA,MACX,QAAA,EAAU,OAAO,QAAA,CAAS;AAAA;AAC5B,GACF;AAGA,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,KAAA,CAAM,MAAA,GAAS;AAAA,MACb,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,MACzB,UAAA,EAAY,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc;AAAA,KAC1C;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AA2BO,IAAM,mBAAA,GAAkC;AAAA,EAC7C,GAAA,EAAK,EAAE,OAAA,EAAS,CAAA;AAClB;AAKO,IAAM,uBAAA,GAA0C;AAAA,EACrD,aAAa;AACf;AAKO,SAAS,iBAAiB,OAAA,EAY/B;AACA,EAAA,OAAO;AAAA,IACL,IAAI,OAAA,CAAQ,EAAA;AAAA,IACZ,cAAc,OAAA,CAAQ,YAAA;AAAA,IACtB,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,IAAA,EAAM,QAAQ,IAAA,IAAQ,mBAAA;AAAA,IACtB,QAAA,EAAU,QAAQ,QAAA,IAAY,uBAAA;AAAA,IAC9B,YAAY,OAAA,CAAQ,UAAA;AAAA,IACpB,kBAAkB,OAAA,CAAQ,gBAAA;AAAA,IAC1B,QAAQ,OAAA,CAAQ;AAAA,GAClB;AACF;;;AC7gBO,SAAS,gBAAgB,UAAA,EAG9B;AACA,EAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,+BAA+B,UAAU,CAAA,qCAAA;AAAA,KAC3C;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL,YAAA,EAAc,MAAM,CAAC,CAAA;AAAA,IACrB,QAAA,EAAU,MAAM,CAAC;AAAA,GACnB;AACF;AAKO,SAAS,gBAAA,CACd,cACA,QAAA,EACY;AACZ,EAAA,OAAO,CAAA,EAAG,YAAY,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA;AACpC","file":"index.js","sourcesContent":["import { z } from \"zod\";\n\n// ============================================\n// ERROR CODES\n// Standardized error codes for the gateway\n// ============================================\n\n/**\n * Gateway error codes.\n */\nexport enum ErrorCode {\n // Resource errors\n ERR_RESOURCE_REQUIRED = \"ERR_RESOURCE_REQUIRED\",\n ERR_UNKNOWN_RESOURCE = \"ERR_UNKNOWN_RESOURCE\",\n ERR_RESOURCE_NOT_CONFIGURED = \"ERR_RESOURCE_NOT_CONFIGURED\",\n ERR_UNSUPPORTED_ACTION = \"ERR_UNSUPPORTED_ACTION\",\n\n // Auth errors\n ERR_MISSING_AUTH = \"ERR_MISSING_AUTH\",\n ERR_INVALID_SIGNATURE = \"ERR_INVALID_SIGNATURE\",\n ERR_EXPIRED_TIMESTAMP = \"ERR_EXPIRED_TIMESTAMP\",\n ERR_INVALID_NONCE = \"ERR_INVALID_NONCE\",\n ERR_APP_NOT_FOUND = \"ERR_APP_NOT_FOUND\",\n ERR_APP_DISABLED = \"ERR_APP_DISABLED\",\n\n // Permission errors\n ERR_PERMISSION_DENIED = \"ERR_PERMISSION_DENIED\",\n ERR_PERMISSION_EXPIRED = \"ERR_PERMISSION_EXPIRED\",\n ERR_CONSTRAINT_VIOLATION = \"ERR_CONSTRAINT_VIOLATION\",\n\n // Rate/budget errors\n ERR_RATE_LIMIT_EXCEEDED = \"ERR_RATE_LIMIT_EXCEEDED\",\n ERR_BUDGET_EXCEEDED = \"ERR_BUDGET_EXCEEDED\",\n\n // Request errors\n ERR_INVALID_REQUEST = \"ERR_INVALID_REQUEST\",\n ERR_INVALID_JSON = \"ERR_INVALID_JSON\",\n ERR_CONTRACT_VALIDATION_FAILED = \"ERR_CONTRACT_VALIDATION_FAILED\",\n\n // Internal errors\n ERR_INTERNAL = \"ERR_INTERNAL\",\n ERR_UPSTREAM_ERROR = \"ERR_UPSTREAM_ERROR\",\n\n // Pairing errors\n ERR_INVALID_PAIRING_STRING = \"ERR_INVALID_PAIRING_STRING\",\n ERR_INVALID_CONNECT_CODE = \"ERR_INVALID_CONNECT_CODE\",\n ERR_SESSION_EXPIRED = \"ERR_SESSION_EXPIRED\",\n\n // PoP errors\n ERR_UNSUPPORTED_POP_VERSION = \"ERR_UNSUPPORTED_POP_VERSION\",\n\n // Policy violation errors\n ERR_POLICY_VIOLATION = \"ERR_POLICY_VIOLATION\",\n ERR_MODEL_NOT_ALLOWED = \"ERR_MODEL_NOT_ALLOWED\",\n ERR_MAX_TOKENS_EXCEEDED = \"ERR_MAX_TOKENS_EXCEEDED\",\n ERR_TOOLS_NOT_ALLOWED = \"ERR_TOOLS_NOT_ALLOWED\",\n ERR_STREAMING_NOT_ALLOWED = \"ERR_STREAMING_NOT_ALLOWED\",\n}\n\n/**\n * Get HTTP status code for an error code.\n */\nexport function getErrorStatus(code: ErrorCode): number {\n switch (code) {\n case ErrorCode.ERR_RESOURCE_REQUIRED:\n case ErrorCode.ERR_INVALID_REQUEST:\n case ErrorCode.ERR_INVALID_JSON:\n case ErrorCode.ERR_CONSTRAINT_VIOLATION:\n case ErrorCode.ERR_INVALID_PAIRING_STRING:\n case ErrorCode.ERR_INVALID_CONNECT_CODE:\n return 400;\n\n case ErrorCode.ERR_CONTRACT_VALIDATION_FAILED:\n return 422;\n\n case ErrorCode.ERR_MISSING_AUTH:\n case ErrorCode.ERR_INVALID_SIGNATURE:\n case ErrorCode.ERR_EXPIRED_TIMESTAMP:\n case ErrorCode.ERR_INVALID_NONCE:\n return 401;\n\n case ErrorCode.ERR_PERMISSION_DENIED:\n case ErrorCode.ERR_PERMISSION_EXPIRED:\n case ErrorCode.ERR_APP_DISABLED:\n return 403;\n\n case ErrorCode.ERR_APP_NOT_FOUND:\n case ErrorCode.ERR_UNKNOWN_RESOURCE:\n case ErrorCode.ERR_UNSUPPORTED_ACTION:\n return 404;\n\n case ErrorCode.ERR_SESSION_EXPIRED:\n return 410;\n\n case ErrorCode.ERR_UNSUPPORTED_POP_VERSION:\n return 400;\n\n case ErrorCode.ERR_POLICY_VIOLATION:\n case ErrorCode.ERR_MODEL_NOT_ALLOWED:\n case ErrorCode.ERR_MAX_TOKENS_EXCEEDED:\n case ErrorCode.ERR_TOOLS_NOT_ALLOWED:\n case ErrorCode.ERR_STREAMING_NOT_ALLOWED:\n return 403;\n\n case ErrorCode.ERR_RATE_LIMIT_EXCEEDED:\n case ErrorCode.ERR_BUDGET_EXCEEDED:\n return 429;\n\n case ErrorCode.ERR_RESOURCE_NOT_CONFIGURED:\n case ErrorCode.ERR_INTERNAL:\n case ErrorCode.ERR_UPSTREAM_ERROR:\n return 500;\n\n default:\n return 500;\n }\n}\n\n/**\n * Gateway error class.\n */\nexport class GatewayError extends Error {\n public readonly code: ErrorCode;\n public readonly status: number;\n public readonly details?: Record<string, unknown>;\n public readonly requestId?: string;\n\n constructor(\n code: ErrorCode,\n message: string,\n options?: {\n details?: Record<string, unknown>;\n requestId?: string;\n },\n ) {\n super(message);\n this.name = \"GatewayError\";\n this.code = code;\n this.status = getErrorStatus(code);\n this.details = options?.details;\n this.requestId = options?.requestId;\n }\n\n toJSON() {\n return {\n error: {\n code: this.code,\n message: this.message,\n ...(this.requestId && { requestId: this.requestId }),\n ...(this.details && { details: this.details }),\n },\n };\n }\n}\n\n/**\n * Create a resource required error with helpful message.\n */\nexport function resourceRequiredError(hint?: string): GatewayError {\n const message = hint\n ? `Resource not specified. ${hint}`\n : \"Resource not specified. Set baseURL to /r/<resourceType>/<provider>/v1 or provide x-gateway-resource header.\";\n\n return new GatewayError(ErrorCode.ERR_RESOURCE_REQUIRED, message, {\n details: {\n examples: {\n groq: \"/r/llm/groq/v1/chat/completions\",\n gemini: \"/r/llm/gemini/v1/chat/completions\",\n header: \"x-gateway-resource: llm:groq\",\n },\n },\n });\n}\n\n// ============================================\n// ERROR RESPONSE SCHEMA\n// Standard error response format for all API errors\n// ============================================\n\n/**\n * Standard error response schema.\n * All API errors should conform to this shape.\n */\nexport const GatewayErrorResponseSchema = z.object({\n error: z.object({\n code: z.string(),\n message: z.string(),\n requestId: z.string().optional(),\n details: z.unknown().optional(),\n }),\n});\n\nexport type GatewayErrorResponse = z.infer<typeof GatewayErrorResponseSchema>;\n\n/**\n * Create a standard error response object.\n */\nexport function createErrorResponse(\n code: string,\n message: string,\n options?: {\n requestId?: string;\n details?: unknown;\n },\n): GatewayErrorResponse {\n return {\n error: {\n code,\n message,\n ...(options?.requestId && { requestId: options.requestId }),\n ...(options?.details !== undefined && { details: options.details }),\n },\n };\n}\n","// ============================================\n// DURATION PRESETS\n// Standardized permission duration options\n// Used by both SDK (requesting) and Proxy (granting)\n// ============================================\n\nimport { z } from \"zod\";\n\n/**\n * Preset duration identifiers.\n * Apps can request these, and the proxy recognizes them.\n */\nexport type DurationPresetId =\n | \"1_hour\"\n | \"4_hours\"\n | \"24_hours\"\n | \"1_week\"\n | \"1_month\"\n | \"3_months\"\n | \"1_year\"\n | \"forever\"\n | \"custom\";\n\n/**\n * Duration preset definition.\n */\nexport interface DurationPreset {\n id: DurationPresetId;\n label: string;\n description: string;\n /** Duration in milliseconds, null = never expires */\n durationMs: number | null;\n /** Suggested for short-term testing */\n isTemporary?: boolean;\n /** Suggested for production use */\n isRecommended?: boolean;\n}\n\n/**\n * All available duration presets in order of duration.\n */\nexport const DURATION_PRESETS: DurationPreset[] = [\n {\n id: \"1_hour\",\n label: \"1 hour\",\n description: \"Quick testing session\",\n durationMs: 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"4_hours\",\n label: \"4 hours\",\n description: \"Extended testing\",\n durationMs: 4 * 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"24_hours\",\n label: \"24 hours\",\n description: \"One day access\",\n durationMs: 24 * 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"1_week\",\n label: \"1 week\",\n description: \"7 days\",\n durationMs: 7 * 24 * 60 * 60 * 1000,\n },\n {\n id: \"1_month\",\n label: \"1 month\",\n description: \"30 days\",\n durationMs: 30 * 24 * 60 * 60 * 1000,\n isRecommended: true,\n },\n {\n id: \"3_months\",\n label: \"3 months\",\n description: \"90 days\",\n durationMs: 90 * 24 * 60 * 60 * 1000,\n isRecommended: true,\n },\n {\n id: \"1_year\",\n label: \"1 year\",\n description: \"365 days\",\n durationMs: 365 * 24 * 60 * 60 * 1000,\n },\n {\n id: \"forever\",\n label: \"Forever\",\n description: \"No expiration\",\n durationMs: null,\n },\n {\n id: \"custom\",\n label: \"Custom\",\n description: \"Set specific date/time\",\n durationMs: null,\n },\n];\n\n/**\n * Get a preset by ID.\n */\nexport function getDurationPreset(\n id: DurationPresetId,\n): DurationPreset | undefined {\n return DURATION_PRESETS.find((p) => p.id === id);\n}\n\n/**\n * Calculate expiry date from a duration preset ID.\n * @returns Date object or null for \"forever\"\n */\nexport function getExpiryFromDurationPreset(\n presetId: DurationPresetId,\n fromDate: Date = new Date(),\n): Date | null {\n const preset = getDurationPreset(presetId);\n if (!preset || preset.durationMs === null) {\n return null;\n }\n return new Date(fromDate.getTime() + preset.durationMs);\n}\n\n/**\n * Calculate expiry date from a duration in milliseconds.\n */\nexport function getExpiryFromDuration(\n durationMs: number,\n fromDate: Date = new Date(),\n): Date {\n return new Date(fromDate.getTime() + durationMs);\n}\n\n/**\n * Find the closest matching preset for a given duration.\n */\nexport function findClosestPreset(durationMs: number | null): DurationPreset {\n if (durationMs === null) {\n return DURATION_PRESETS.find((p) => p.id === \"forever\")!;\n }\n\n // Find closest match\n let closest = DURATION_PRESETS[0];\n let closestDiff = Infinity;\n\n for (const preset of DURATION_PRESETS) {\n if (preset.durationMs === null || preset.id === \"custom\") continue;\n\n const diff = Math.abs(preset.durationMs - durationMs);\n if (diff < closestDiff) {\n closestDiff = diff;\n closest = preset;\n }\n }\n\n return closest;\n}\n\n/**\n * Format a duration in milliseconds to human readable.\n */\nexport function formatDuration(durationMs: number | null): string {\n if (durationMs === null) return \"Forever\";\n\n const hours = durationMs / (60 * 60 * 1000);\n if (hours < 24) return `${Math.round(hours)} hour${hours !== 1 ? \"s\" : \"\"}`;\n\n const days = hours / 24;\n if (days < 7) return `${Math.round(days)} day${days !== 1 ? \"s\" : \"\"}`;\n\n const weeks = days / 7;\n if (weeks < 4) return `${Math.round(weeks)} week${weeks !== 1 ? \"s\" : \"\"}`;\n\n const months = days / 30;\n if (months < 12)\n return `${Math.round(months)} month${months !== 1 ? \"s\" : \"\"}`;\n\n const years = days / 365;\n return `${Math.round(years)} year${years !== 1 ? \"s\" : \"\"}`;\n}\n\n/**\n * Format an expiry date relative to now.\n */\nexport function formatExpiryRelative(expiresAt: Date | null): string {\n if (!expiresAt) return \"Never\";\n\n const now = new Date();\n const diff = expiresAt.getTime() - now.getTime();\n\n if (diff <= 0) return \"Expired\";\n return `In ${formatDuration(diff)}`;\n}\n\n// ============================================\n// ZOD SCHEMAS\n// ============================================\n\n/**\n * Duration preset ID schema for validation.\n */\nexport const DurationPresetIdSchema = z.enum([\n \"1_hour\",\n \"4_hours\",\n \"24_hours\",\n \"1_week\",\n \"1_month\",\n \"3_months\",\n \"1_year\",\n \"forever\",\n \"custom\",\n]);\n\n/**\n * Requested duration schema.\n * Apps can specify their preferred duration when requesting permissions.\n */\nexport const RequestedDurationSchema = z.union([\n // Preset ID\n z.object({\n type: z.literal(\"preset\"),\n preset: DurationPresetIdSchema,\n }),\n // Specific duration in milliseconds\n z.object({\n type: z.literal(\"duration\"),\n durationMs: z.number().int().positive(),\n }),\n // Specific expiry date\n z.object({\n type: z.literal(\"until\"),\n expiresAt: z.string().datetime(),\n }),\n]);\n\nexport type RequestedDuration = z.infer<typeof RequestedDurationSchema>;\n\n/**\n * Resolve a RequestedDuration to an expiry Date (or null for forever).\n */\nexport function resolveRequestedDuration(\n duration: RequestedDuration | undefined,\n fromDate: Date = new Date(),\n): Date | null {\n if (!duration) return null; // Default: no preference (admin decides)\n\n switch (duration.type) {\n case \"preset\":\n return getExpiryFromDurationPreset(duration.preset, fromDate);\n case \"duration\":\n return getExpiryFromDuration(duration.durationMs, fromDate);\n case \"until\":\n return new Date(duration.expiresAt);\n }\n}\n\n/**\n * Create a preset-based RequestedDuration.\n */\nexport function createPresetDuration(\n preset: DurationPresetId,\n): RequestedDuration {\n return { type: \"preset\", preset };\n}\n\n/**\n * Create a duration-based RequestedDuration.\n */\nexport function createDurationMs(durationMs: number): RequestedDuration {\n return { type: \"duration\", durationMs };\n}\n\n/**\n * Create an until-based RequestedDuration.\n */\nexport function createUntilDuration(expiresAt: Date): RequestedDuration {\n return { type: \"until\", expiresAt: expiresAt.toISOString() };\n}\n","import { z } from \"zod\";\nimport { RequestedDurationSchema } from \"./duration-presets\";\n\n// ============================================\n// SHARED SCHEMAS\n// Validation schemas used by proxy and SDK\n// ============================================\n\n/**\n * Chat message schema (OpenAI-compatible).\n */\nexport const ChatMessageSchema = z.object({\n role: z.enum([\"system\", \"user\", \"assistant\", \"tool\"]),\n content: z\n .union([\n z.string(),\n z.array(\n z.object({\n type: z.string(),\n text: z.string().optional(),\n image_url: z\n .object({\n url: z.string(),\n detail: z.string().optional(),\n })\n .optional(),\n }),\n ),\n ])\n .nullable(),\n name: z.string().optional(),\n tool_calls: z\n .array(\n z.object({\n id: z.string(),\n type: z.literal(\"function\"),\n function: z.object({\n name: z.string(),\n arguments: z.string(),\n }),\n }),\n )\n .optional(),\n tool_call_id: z.string().optional(),\n});\n\n/**\n * Chat completion request schema (OpenAI-compatible).\n */\nexport const ChatCompletionRequestSchema = z.object({\n model: z.string(),\n messages: z.array(ChatMessageSchema),\n temperature: z.number().min(0).max(2).optional(),\n top_p: z.number().min(0).max(1).optional(),\n n: z.number().int().min(1).max(10).optional(),\n stream: z.boolean().optional(),\n stop: z.union([z.string(), z.array(z.string())]).optional(),\n max_tokens: z.number().int().positive().optional(),\n max_completion_tokens: z.number().int().positive().optional(),\n presence_penalty: z.number().min(-2).max(2).optional(),\n frequency_penalty: z.number().min(-2).max(2).optional(),\n logit_bias: z.record(z.number()).optional(),\n user: z.string().optional(),\n tools: z\n .array(\n z.object({\n type: z.literal(\"function\"),\n function: z.object({\n name: z.string(),\n description: z.string().optional(),\n parameters: z.record(z.unknown()).optional(),\n }),\n }),\n )\n .optional(),\n tool_choice: z\n .union([\n z.literal(\"none\"),\n z.literal(\"auto\"),\n z.literal(\"required\"),\n z.object({\n type: z.literal(\"function\"),\n function: z.object({ name: z.string() }),\n }),\n ])\n .optional(),\n response_format: z\n .object({\n type: z.enum([\"text\", \"json_object\"]),\n })\n .optional(),\n seed: z.number().int().optional(),\n});\n\nexport type ChatCompletionRequest = z.infer<typeof ChatCompletionRequestSchema>;\nexport type ChatMessage = z.infer<typeof ChatMessageSchema>;\n\n/**\n * Permission request schema.\n * Includes optional requested duration for apps to suggest their needs.\n */\nexport const PermissionRequestSchema = z.object({\n resourceId: z.string().regex(/^[a-z]+:[a-z0-9-]+$/, {\n message: \"Invalid resource ID format. Expected: <resourceType>:<provider>\",\n }),\n actions: z.array(z.string()).min(1),\n constraints: z.record(z.unknown()).optional(),\n /** Optional: App's requested/preferred duration for this permission */\n requestedDuration: RequestedDurationSchema.optional(),\n});\n\n/**\n * App metadata schema.\n */\nexport const AppMetadataSchema = z.object({\n name: z.string().min(1).max(100),\n description: z.string().max(500).optional(),\n homepage: z.string().url().optional(),\n});\n\n/**\n * Install request schema (for prepare endpoint).\n */\nexport const InstallRequestSchema = z.object({\n connectCode: z.string().min(16),\n app: AppMetadataSchema,\n publicKey: z.string().min(40),\n requestedPermissions: z.array(PermissionRequestSchema).min(1),\n redirectUri: z.string().url(),\n});\n\nexport type InstallRequest = z.infer<typeof InstallRequestSchema>;\n\n// ============================================\n// DISCOVERY SCHEMAS\n// Resource discovery response types\n// ============================================\n\n/**\n * Resource auth configuration in discovery response.\n */\nexport const ResourceAuthSchema = z.object({\n pop: z.object({\n version: z.number(),\n }),\n});\n\n/**\n * Resource entry in discovery response.\n */\nexport const ResourceDiscoveryEntrySchema = z.object({\n resourceId: z.string(),\n actions: z.array(z.string()),\n auth: ResourceAuthSchema,\n constraints: z\n .object({\n supports: z.array(z.string()),\n })\n .optional(),\n});\n\n/**\n * Gateway info in discovery response.\n */\nexport const GatewayInfoSchema = z.object({\n version: z.string(),\n name: z.string().optional(),\n});\n\n/**\n * Full discovery response schema.\n */\nexport const ResourcesDiscoveryResponseSchema = z.object({\n gateway: GatewayInfoSchema,\n resources: z.array(ResourceDiscoveryEntrySchema),\n});\n\nexport type ResourcesDiscoveryResponse = z.infer<\n typeof ResourcesDiscoveryResponseSchema\n>;\nexport type ResourceDiscoveryEntry = z.infer<\n typeof ResourceDiscoveryEntrySchema\n>;\nexport type GatewayInfo = z.infer<typeof GatewayInfoSchema>;\n","// ============================================\n// ACCESS POLICY TYPES\n// Comprehensive access control configuration\n// ============================================\n\n/**\n * Time window restriction.\n * Allows access only during specific hours of the day.\n */\nexport interface TimeWindow {\n /** Start hour (0-23) in the specified timezone */\n startHour: number;\n /** End hour (0-23) in the specified timezone */\n endHour: number;\n /** Timezone for the time window (e.g., \"UTC\", \"America/New_York\") */\n timezone: string;\n /** Days of week allowed (0=Sunday, 6=Saturday). Empty = all days */\n allowedDays?: number[];\n}\n\n/**\n * Rate limit configuration.\n */\nexport interface RateLimitConfig {\n /** Maximum requests allowed in the window */\n maxRequests: number;\n /** Window duration in seconds */\n windowSeconds: number;\n}\n\n/**\n * Burst limit configuration.\n * Allows short-term spikes above the sustained rate limit.\n */\nexport interface BurstConfig {\n /** Maximum requests allowed in burst window */\n limit: number;\n /** Burst window duration in seconds (typically short, e.g., 10s) */\n windowSeconds: number;\n}\n\n/**\n * Quota configuration for daily/monthly limits.\n */\nexport interface QuotaConfig {\n /** Daily request quota (null = unlimited) */\n daily?: number;\n /** Monthly request quota (null = unlimited) */\n monthly?: number;\n}\n\n/**\n * Token budget for LLM resources.\n */\nexport interface TokenBudget {\n /** Daily token budget (null = unlimited) */\n daily?: number;\n /** Monthly token budget (null = unlimited) */\n monthly?: number;\n}\n\n/**\n * Per-model rate limit configuration.\n * Allows fine-grained control over different models.\n */\nexport interface ModelRateLimit {\n /** Model identifier */\n model: string;\n /** Maximum requests per window for this model */\n maxRequests: number;\n /** Window duration in seconds */\n windowSeconds: number;\n /** Maximum output tokens per request for this model (overrides global) */\n maxOutputTokens?: number;\n /** Daily token budget for this specific model */\n dailyTokenBudget?: number;\n /** Monthly token budget for this specific model */\n monthlyTokenBudget?: number;\n}\n\n/**\n * LLM-specific constraints.\n */\nexport interface LLMConstraints {\n /** Allowed model IDs (empty = all models allowed) */\n allowedModels?: string[];\n /** Maximum output tokens per request */\n maxOutputTokens?: number;\n /** Maximum input tokens per request */\n maxInputTokens?: number;\n /** Allow streaming responses */\n allowStreaming?: boolean;\n /** Maximum context window */\n maxContextWindow?: number;\n /** Per-model rate limits (overrides global rate limits) */\n modelRateLimits?: ModelRateLimit[];\n /** Allow tool/function calling */\n allowTools?: boolean;\n}\n\n/**\n * Email-specific constraints.\n */\nexport interface EmailConstraints {\n /** Allowed from domains */\n allowedFromDomains?: string[];\n /** Maximum recipients per email */\n maxRecipients?: number;\n /** Allow HTML content */\n allowHtml?: boolean;\n /** Maximum attachment size in bytes */\n maxAttachmentSize?: number;\n}\n\n/**\n * Generic HTTP constraints.\n */\nexport interface HTTPConstraints {\n /** Maximum request body size in bytes */\n maxRequestBodySize?: number;\n /** Allowed HTTP methods */\n allowedMethods?: string[];\n /** Custom constraints */\n custom?: Record<string, unknown>;\n}\n\n/**\n * Union type for all constraint types.\n */\nexport type ResourceConstraints =\n | LLMConstraints\n | EmailConstraints\n | HTTPConstraints\n | Record<string, unknown>;\n\n/**\n * Complete access policy for a permission.\n * This is what the proxy owner configures during approval.\n */\nexport interface AccessPolicy {\n // ============================================\n // Time Controls\n // ============================================\n\n /** When the permission becomes valid (ISO string, null = immediately) */\n validFrom?: string | null;\n\n /** When the permission expires (ISO string, null = never) */\n expiresAt?: string | null;\n\n /** Time-of-day restrictions */\n timeWindow?: TimeWindow | null;\n\n // ============================================\n // Rate Limiting\n // ============================================\n\n /** Sustained rate limit */\n rateLimit?: RateLimitConfig;\n\n /** Burst allowance */\n burst?: BurstConfig;\n\n // ============================================\n // Quotas\n // ============================================\n\n /** Request quotas */\n quota?: QuotaConfig;\n\n /** Token budget (LLM resources) */\n tokenBudget?: TokenBudget;\n\n // ============================================\n // Scope Constraints\n // ============================================\n\n /** Resource-specific constraints */\n constraints?: ResourceConstraints;\n}\n\n// ============================================\n// EXPIRY PRESETS\n// Quick options for common expiry scenarios\n// ============================================\n\nexport type ExpiryPreset =\n | \"1_hour\"\n | \"4_hours\"\n | \"today\"\n | \"24_hours\"\n | \"this_week\"\n | \"1_month\"\n | \"3_months\"\n | \"1_year\"\n | \"never\"\n | \"custom\";\n\nexport interface ExpiryPresetOption {\n value: ExpiryPreset;\n label: string;\n description: string;\n getDate: () => Date | null;\n}\n\n/**\n * Get expiry date from preset.\n */\nexport function getExpiryFromPreset(preset: ExpiryPreset): Date | null {\n const now = new Date();\n\n switch (preset) {\n case \"1_hour\":\n return new Date(now.getTime() + 60 * 60 * 1000);\n case \"4_hours\":\n return new Date(now.getTime() + 4 * 60 * 60 * 1000);\n case \"today\":\n // End of today in local timezone\n const endOfDay = new Date(now);\n endOfDay.setHours(23, 59, 59, 999);\n return endOfDay;\n case \"24_hours\":\n return new Date(now.getTime() + 24 * 60 * 60 * 1000);\n case \"this_week\":\n // End of this week (Sunday)\n const endOfWeek = new Date(now);\n const daysUntilSunday = 7 - endOfWeek.getDay();\n endOfWeek.setDate(endOfWeek.getDate() + daysUntilSunday);\n endOfWeek.setHours(23, 59, 59, 999);\n return endOfWeek;\n case \"1_month\":\n return new Date(now.getTime() + 30 * 24 * 60 * 60 * 1000);\n case \"3_months\":\n return new Date(now.getTime() + 90 * 24 * 60 * 60 * 1000);\n case \"1_year\":\n return new Date(now.getTime() + 365 * 24 * 60 * 60 * 1000);\n case \"never\":\n return null;\n case \"custom\":\n return null; // Custom requires manual date input\n default:\n return null;\n }\n}\n\n/**\n * All available expiry presets with labels.\n */\nexport const EXPIRY_PRESETS: ExpiryPresetOption[] = [\n {\n value: \"1_hour\",\n label: \"1 hour\",\n description: \"Expires in 1 hour\",\n getDate: () => getExpiryFromPreset(\"1_hour\"),\n },\n {\n value: \"4_hours\",\n label: \"4 hours\",\n description: \"Expires in 4 hours\",\n getDate: () => getExpiryFromPreset(\"4_hours\"),\n },\n {\n value: \"today\",\n label: \"End of today\",\n description: \"Expires at midnight\",\n getDate: () => getExpiryFromPreset(\"today\"),\n },\n {\n value: \"24_hours\",\n label: \"24 hours\",\n description: \"Expires in 24 hours\",\n getDate: () => getExpiryFromPreset(\"24_hours\"),\n },\n {\n value: \"this_week\",\n label: \"This week\",\n description: \"Expires end of week\",\n getDate: () => getExpiryFromPreset(\"this_week\"),\n },\n {\n value: \"1_month\",\n label: \"1 month\",\n description: \"Expires in 30 days\",\n getDate: () => getExpiryFromPreset(\"1_month\"),\n },\n {\n value: \"3_months\",\n label: \"3 months\",\n description: \"Expires in 90 days\",\n getDate: () => getExpiryFromPreset(\"3_months\"),\n },\n {\n value: \"1_year\",\n label: \"1 year\",\n description: \"Expires in 1 year\",\n getDate: () => getExpiryFromPreset(\"1_year\"),\n },\n {\n value: \"never\",\n label: \"Never\",\n description: \"No expiration\",\n getDate: () => null,\n },\n {\n value: \"custom\",\n label: \"Custom\",\n description: \"Set custom date\",\n getDate: () => null,\n },\n];\n\n// ============================================\n// RATE LIMIT PRESETS\n// ============================================\n\nexport interface RateLimitPreset {\n label: string;\n value: RateLimitConfig;\n}\n\nexport const RATE_LIMIT_PRESETS: RateLimitPreset[] = [\n {\n label: \"5 per minute (very restricted)\",\n value: { maxRequests: 5, windowSeconds: 60 },\n },\n { label: \"10 per minute\", value: { maxRequests: 10, windowSeconds: 60 } },\n { label: \"30 per minute\", value: { maxRequests: 30, windowSeconds: 60 } },\n {\n label: \"60 per minute (standard)\",\n value: { maxRequests: 60, windowSeconds: 60 },\n },\n { label: \"100 per hour\", value: { maxRequests: 100, windowSeconds: 3600 } },\n { label: \"500 per hour\", value: { maxRequests: 500, windowSeconds: 3600 } },\n { label: \"1000 per day\", value: { maxRequests: 1000, windowSeconds: 86400 } },\n];\n\n// ============================================\n// VALIDATION HELPERS\n// ============================================\n\n/**\n * Check if a permission is currently valid based on time controls.\n */\nexport function isPermissionValidNow(policy: AccessPolicy): {\n valid: boolean;\n reason?: string;\n} {\n const now = new Date();\n\n // Check validFrom\n if (policy.validFrom) {\n const validFromDate = new Date(policy.validFrom);\n if (now < validFromDate) {\n return {\n valid: false,\n reason: `Permission not yet valid. Starts at ${validFromDate.toISOString()}`,\n };\n }\n }\n\n // Check expiresAt\n if (policy.expiresAt) {\n const expiresAtDate = new Date(policy.expiresAt);\n if (now > expiresAtDate) {\n return {\n valid: false,\n reason: `Permission expired at ${expiresAtDate.toISOString()}`,\n };\n }\n }\n\n // Check time window\n if (policy.timeWindow) {\n const { startHour, endHour, timezone, allowedDays } = policy.timeWindow;\n\n // Get current time in the specified timezone\n const formatter = new Intl.DateTimeFormat(\"en-US\", {\n hour: \"numeric\",\n hour12: false,\n timeZone: timezone,\n });\n const currentHour = parseInt(formatter.format(now), 10);\n\n // Get current day (0 = Sunday)\n const dayFormatter = new Intl.DateTimeFormat(\"en-US\", {\n weekday: \"short\",\n timeZone: timezone,\n });\n const dayNames = [\"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", \"Sat\"];\n const currentDayName = dayFormatter.format(now);\n const currentDay = dayNames.indexOf(currentDayName.slice(0, 3));\n\n // Check allowed days\n if (\n allowedDays &&\n allowedDays.length > 0 &&\n !allowedDays.includes(currentDay)\n ) {\n return {\n valid: false,\n reason: `Access not allowed on this day (${currentDayName})`,\n };\n }\n\n // Check time window (handles overnight windows like 22:00-06:00)\n let inWindow: boolean;\n if (startHour <= endHour) {\n // Normal window (e.g., 9:00-17:00)\n inWindow = currentHour >= startHour && currentHour < endHour;\n } else {\n // Overnight window (e.g., 22:00-06:00)\n inWindow = currentHour >= startHour || currentHour < endHour;\n }\n\n if (!inWindow) {\n return {\n valid: false,\n reason: `Access only allowed between ${startHour}:00-${endHour}:00 ${timezone}`,\n };\n }\n }\n\n return { valid: true };\n}\n\n/**\n * Format an access policy for display.\n */\nexport function formatAccessPolicySummary(policy: AccessPolicy): string[] {\n const summary: string[] = [];\n\n if (policy.expiresAt) {\n const date = new Date(policy.expiresAt);\n summary.push(\n `Expires: ${date.toLocaleDateString()} ${date.toLocaleTimeString()}`,\n );\n }\n\n if (policy.validFrom) {\n const date = new Date(policy.validFrom);\n summary.push(\n `Starts: ${date.toLocaleDateString()} ${date.toLocaleTimeString()}`,\n );\n }\n\n if (policy.timeWindow) {\n const { startHour, endHour, timezone } = policy.timeWindow;\n summary.push(`Hours: ${startHour}:00-${endHour}:00 ${timezone}`);\n }\n\n if (policy.rateLimit) {\n const { maxRequests, windowSeconds } = policy.rateLimit;\n if (windowSeconds === 60) summary.push(`Rate: ${maxRequests}/min`);\n else if (windowSeconds === 3600) summary.push(`Rate: ${maxRequests}/hour`);\n else if (windowSeconds === 86400) summary.push(`Rate: ${maxRequests}/day`);\n else summary.push(`Rate: ${maxRequests}/${windowSeconds}s`);\n }\n\n if (policy.quota?.daily) {\n summary.push(`Daily quota: ${policy.quota.daily}`);\n }\n\n if (policy.quota?.monthly) {\n summary.push(`Monthly quota: ${policy.quota.monthly}`);\n }\n\n if (policy.tokenBudget?.daily) {\n summary.push(`Daily tokens: ${policy.tokenBudget.daily.toLocaleString()}`);\n }\n\n return summary;\n}\n","import { z } from \"zod\";\n\n// ============================================\n// PoP (Proof of Possession) PROTOCOL\n// Canonical signing rules and header schemas\n// ============================================\n\n/**\n * PoP header schema for v1 protocol.\n * Validates all required headers for PoP authentication.\n */\nexport const PopHeadersV1Schema = z.object({\n \"x-pop-v\": z.literal(\"1\"),\n \"x-app-id\": z.string().min(1, \"App ID is required\"),\n \"x-ts\": z.string().regex(/^\\d+$/, \"Timestamp must be numeric\"),\n \"x-nonce\": z.string().min(16, \"Nonce must be at least 16 characters\"),\n \"x-sig\": z.string().min(1, \"Signature is required\"),\n});\n\nexport type PopHeadersV1 = z.infer<typeof PopHeadersV1Schema>;\n\n/**\n * Parameters for building a canonical request string.\n */\nexport interface CanonicalRequestParams {\n /** HTTP method (will be uppercased) */\n method: string;\n /** URL path with query string (e.g., \"/v1/chat/completions?stream=true\") */\n pathWithQuery: string;\n /** App ID from x-app-id header */\n appId: string;\n /** Unix timestamp from x-ts header */\n ts: string;\n /** Nonce from x-nonce header */\n nonce: string;\n /** Base64url-encoded SHA-256 hash of request body */\n bodyHash: string;\n}\n\n/**\n * Build the canonical request string for PoP v1 signature.\n *\n * Format:\n * ```\n * v1\\n\n * <METHOD>\\n\n * <PATH_WITH_QUERY>\\n\n * <APP_ID>\\n\n * <TS>\\n\n * <NONCE>\\n\n * <BODY_HASH>\\n\n * ```\n *\n * @param params - The canonical request parameters\n * @returns The canonical request string to be signed\n *\n * @example\n * const canonical = buildCanonicalRequestV1({\n * method: \"POST\",\n * pathWithQuery: \"/v1/chat/completions?stream=true\",\n * appId: \"app_123\",\n * ts: \"1706000000\",\n * nonce: \"abc123xyz456def7\",\n * bodyHash: \"base64url-sha256-hash\",\n * });\n */\nexport function buildCanonicalRequestV1(\n params: CanonicalRequestParams,\n): string {\n return [\n \"v1\",\n params.method.toUpperCase(),\n params.pathWithQuery,\n params.appId,\n params.ts,\n params.nonce,\n params.bodyHash,\n \"\", // trailing newline\n ].join(\"\\n\");\n}\n\n/**\n * Extract path with query from a URL.\n * Combines pathname and search (including '?' when present).\n *\n * @example\n * getPathWithQuery(new URL(\"https://example.com/v1/chat?stream=true\"))\n * // Returns: \"/v1/chat?stream=true\"\n *\n * getPathWithQuery(new URL(\"https://example.com/v1/chat\"))\n * // Returns: \"/v1/chat\"\n */\nexport function getPathWithQuery(url: URL): string {\n return url.pathname + url.search;\n}\n\n/**\n * Current PoP protocol version.\n */\nexport const POP_VERSION = \"1\" as const;\n\n/**\n * Error codes specific to PoP authentication.\n */\nexport enum PopErrorCode {\n UNSUPPORTED_VERSION = \"ERR_UNSUPPORTED_POP_VERSION\",\n}\n","import { z } from \"zod\";\n\n// ============================================\n// POLICY ENFORCEMENT CONTRACTS\n// Schema-first enforcement types - no extractors\n// ============================================\n\n/**\n * Enforcement fields returned by validateAndShape.\n * These are normalized, enforceable knobs that plugins MUST provide\n * when constraints require them. This replaces the legacy extractor system.\n *\n * The schema-first approach ensures:\n * - Enforcement cannot be bypassed by malformed payloads\n * - Plugins are responsible for extracting enforcement fields during validation\n * - No \"fail-open\" extraction - if a field is needed, it must be provided\n */\nexport const EnforcementFieldsSchema = z.object({\n // LLM-specific fields\n model: z.string().optional(),\n maxOutputTokens: z.number().int().positive().optional(),\n usesTools: z.boolean().optional(),\n stream: z.boolean().optional(),\n\n // Email-specific fields\n fromDomain: z.string().optional(),\n toDomains: z.array(z.string()).optional(),\n recipientCount: z.number().int().positive().optional(),\n\n // Generic fields\n contentType: z.string().optional(),\n});\n\nexport type EnforcementFields = z.infer<typeof EnforcementFieldsSchema>;\n\n/**\n * @deprecated Use EnforcementFields instead. ExtractedRequest is kept for backward compatibility\n * but will be removed in a future version. The extractor system has been replaced with\n * schema-first validation where plugins return enforcement fields from validateAndShape.\n */\nexport const ExtractedRequestSchema = EnforcementFieldsSchema;\n\n/**\n * @deprecated Use EnforcementFields instead.\n */\nexport type ExtractedRequest = EnforcementFields;\n\n/**\n * Enforcement metadata that target apps may optionally provide.\n * This is NOT required for enforcement - the proxy can operate without it.\n * Treat as advisory only.\n */\nexport const EnforcementMetaSchema = z.object({\n /** App-provided request ID for correlation */\n requestId: z.string().optional(),\n /** Declared intent (advisory only, not enforced) */\n intent: z.string().optional(),\n /** App-declared expected model (advisory only) */\n expectedModel: z.string().optional(),\n});\n\nexport type EnforcementMeta = z.infer<typeof EnforcementMetaSchema>;\n\n/**\n * Policy definition for enforcement.\n * This mirrors ResourceConstraints but is focused on enforcement.\n */\nexport interface EnforcementPolicy {\n // LLM policies\n allowedModels?: string[];\n maxOutputTokens?: number;\n allowTools?: boolean;\n allowStreaming?: boolean;\n\n // Email policies\n allowedFromDomains?: string[];\n allowedToDomains?: string[];\n maxRecipients?: number;\n\n // Generic\n maxRequestBodySize?: number;\n}\n\n/**\n * Result of policy enforcement.\n */\nexport interface EnforcementResult {\n allowed: boolean;\n violation?: {\n code: string;\n message: string;\n field: string;\n actual?: unknown;\n limit?: unknown;\n };\n}\n","import { z, type ZodSchema } from \"zod\";\nimport type { EnforcementFields } from \"./enforcement\";\n\n// ============================================\n// PLUGIN CONTRACT\n// Core types and schemas for resource plugins\n// ============================================\n\n// ============================================\n// DUAL-ENTRYPOINT PLUGIN ARCHITECTURE\n// --------------------------------------------\n// Plugins can expose two entrypoints:\n//\n// 1. /proxy - Server-side code for the gateway proxy\n// - Implements execute(), validateAndShape(), etc.\n// - No browser-only code\n// - Import: @glueco/plugin-xxx/proxy\n//\n// 2. /client - Client-side typed wrappers for target apps\n// - Depends only on SDK transport interface\n// - Strongly typed methods per action\n// - No Node-only APIs\n// - Import: @glueco/plugin-xxx/client\n//\n// A plugin is considered \"SDK-compatible\" only if it exports\n// both /proxy and /client entrypoints with shared contracts.\n// ============================================\n\n/**\n * Plugin authentication configuration.\n */\nexport const PluginAuthSchema = z.object({\n pop: z.object({\n version: z.number().int().positive(),\n }),\n});\n\nexport type PluginAuth = z.infer<typeof PluginAuthSchema>;\n\n/**\n * Plugin support configuration.\n * Describes which enforcement knobs the plugin supports.\n */\nexport const PluginSupportsSchema = z.object({\n enforcement: z.array(z.string()),\n});\n\nexport type PluginSupports = z.infer<typeof PluginSupportsSchema>;\n\n/**\n * Extractor descriptor - describes how to extract enforceable fields.\n * Can reference a function name (for core extractors) or provide inline config.\n */\nexport const ExtractorDescriptorSchema = z.object({\n /** Reference to core extractor by name (e.g., \"openai-compatible\", \"gemini\") */\n type: z.string().optional(),\n /** Custom extraction config (for future use) */\n config: z.record(z.unknown()).optional(),\n});\n\nexport type ExtractorDescriptor = z.infer<typeof ExtractorDescriptorSchema>;\n\n/**\n * Credential schema field descriptor.\n * Used for UI generation to collect provider credentials.\n */\nexport const CredentialFieldSchema = z.object({\n name: z.string(),\n type: z.enum([\"string\", \"secret\", \"url\", \"number\", \"boolean\"]),\n label: z.string(),\n description: z.string().optional(),\n required: z.boolean().default(true),\n default: z.unknown().optional(),\n});\n\nexport type CredentialField = z.infer<typeof CredentialFieldSchema>;\n\n/**\n * Full credential schema for a plugin.\n */\nexport const PluginCredentialSchemaSchema = z.object({\n fields: z.array(CredentialFieldSchema),\n});\n\nexport type PluginCredentialSchema = z.infer<\n typeof PluginCredentialSchemaSchema\n>;\n\n// ============================================\n// PLUGIN EXECUTION TYPES\n// ============================================\n\n/**\n * Usage metrics extracted from response.\n */\nexport interface PluginUsageMetrics {\n inputTokens?: number;\n outputTokens?: number;\n totalTokens?: number;\n model?: string;\n custom?: Record<string, unknown>;\n}\n\n/**\n * Execute options passed to plugin.\n */\nexport interface PluginExecuteOptions {\n stream: boolean;\n signal?: AbortSignal;\n}\n\n/**\n * Execute result from plugin.\n */\nexport interface PluginExecuteResult {\n /** For non-streaming responses */\n response?: unknown;\n /** For streaming responses */\n stream?: ReadableStream<Uint8Array>;\n /** Response content type */\n contentType: string;\n /** Usage metrics (available for non-streaming) */\n usage?: PluginUsageMetrics;\n}\n\n/**\n * Validation result from plugin.\n * In the schema-first pipeline:\n * - shapedInput: The validated/transformed payload ready for upstream execution\n * - enforcement: Normalized fields extracted during validation for policy enforcement\n *\n * The enforcement fields are REQUIRED when constraints exist for those fields.\n * This ensures enforcement cannot be bypassed by malformed payloads.\n */\nexport interface PluginValidationResult {\n valid: boolean;\n error?: string;\n /** Transformed/validated input ready for execution (provider-native format) */\n shapedInput?: unknown;\n /** Normalized enforcement fields extracted during validation */\n enforcement?: EnforcementFields;\n}\n\n/**\n * Mapped error from plugin.\n */\nexport interface PluginMappedError {\n status: number;\n code: string;\n message: string;\n retryable: boolean;\n}\n\n/**\n * Context for plugin execution.\n * Contains resolved credentials and configuration.\n */\nexport interface PluginExecuteContext {\n /** The resolved API key/secret */\n secret: string;\n /** Additional config (e.g., custom baseUrl) */\n config: Record<string, unknown> | null;\n}\n\n/**\n * Resource constraints passed to validation.\n */\nexport interface PluginResourceConstraints {\n // LLM constraints\n allowedModels?: string[];\n maxOutputTokens?: number;\n maxInputTokens?: number;\n allowStreaming?: boolean;\n\n // Email constraints\n allowedFromDomains?: string[];\n allowedToDomains?: string[];\n maxRecipients?: number;\n allowHtml?: boolean;\n allowAttachments?: boolean;\n\n // Generic\n maxRequestBodySize?: number;\n\n // Extensible\n [key: string]: unknown;\n}\n\n// ============================================\n// CLIENT CONTRACT METADATA (Dual-Entrypoint Support)\n// ============================================\n\n/**\n * Action schema descriptor for client contracts.\n * Describes the request/response schema for a single action.\n */\nexport interface PluginActionSchemaDescriptor {\n /** Zod schema for validating requests (optional, can be inferred from contracts) */\n requestSchema?: ZodSchema;\n /** Zod schema for validating responses (optional, can be inferred from contracts) */\n responseSchema?: ZodSchema;\n /** Human-readable description of this action */\n description?: string;\n}\n\n/**\n * Client contract metadata for dual-entrypoint plugins.\n * Describes how the client-side interface is organized.\n *\n * Example:\n * ```ts\n * client: {\n * namespace: \"gemini\",\n * actions: {\n * \"chat.completions\": {\n * requestSchema: ChatCompletionRequestSchema,\n * responseSchema: ChatCompletionResponseSchema,\n * description: \"Generate chat completions using Gemini\"\n * }\n * }\n * }\n * ```\n */\nexport interface PluginClientContract {\n /**\n * Namespace for the client wrapper (used for import organization).\n * Example: \"gemini\" -> `import { gemini } from \"@glueco/plugin-llm-gemini/client\"`\n */\n namespace: string;\n\n /**\n * Action descriptors mapping action names to their schemas.\n * Keys should match the `actions` array in the plugin.\n */\n actions: Record<string, PluginActionSchemaDescriptor>;\n\n /**\n * Package entrypoint for the client module.\n * Default: \"./client\"\n */\n entrypoint?: string;\n}\n\n// ============================================\n// PLUGIN CONTRACT INTERFACE\n// ============================================\n\n/**\n * Core plugin contract.\n * Every plugin must implement this interface.\n */\nexport interface PluginContract {\n /**\n * Unique plugin identifier.\n * Format: <resourceType>:<provider>\n * Examples: \"llm:groq\", \"llm:gemini\", \"mail:resend\"\n */\n readonly id: string;\n\n /**\n * Resource type category.\n * Examples: \"llm\", \"mail\", \"storage\"\n */\n readonly resourceType: string;\n\n /**\n * Provider name.\n * Examples: \"groq\", \"gemini\", \"resend\", \"openai\"\n */\n readonly provider: string;\n\n /**\n * Plugin version string (semver).\n */\n readonly version: string;\n\n /**\n * Human-readable display name.\n */\n readonly name: string;\n\n /**\n * Supported actions.\n * Examples: [\"chat.completions\", \"models.list\"]\n */\n readonly actions: string[];\n\n /**\n * Authentication configuration for discovery.\n */\n readonly auth: PluginAuth;\n\n /**\n * Enforcement support configuration.\n */\n readonly supports: PluginSupports;\n\n /**\n * Optional extractor descriptors per action.\n * Key = action name, value = extractor descriptor.\n */\n readonly extractors?: Record<string, ExtractorDescriptor>;\n\n /**\n * Optional credential schema for UI generation.\n */\n readonly credentialSchema?: PluginCredentialSchema;\n\n /**\n * Optional client contract metadata for dual-entrypoint plugins.\n * Describes the client-side interface for typed wrappers.\n *\n * This metadata is used by:\n * - SDK typed wrappers to provide autocomplete\n * - Documentation generation\n * - System-check app (optional validation)\n */\n readonly client?: PluginClientContract;\n\n /**\n * Validate input and apply constraints.\n * Returns shaped input ready for execution.\n */\n validateAndShape(\n action: string,\n input: unknown,\n constraints: PluginResourceConstraints,\n ): PluginValidationResult;\n\n /**\n * Execute the resource action.\n */\n execute(\n action: string,\n shapedInput: unknown,\n ctx: PluginExecuteContext,\n options: PluginExecuteOptions,\n ): Promise<PluginExecuteResult>;\n\n /**\n * Extract usage metrics from response.\n */\n extractUsage(response: unknown): PluginUsageMetrics;\n\n /**\n * Map provider errors to standardized format.\n */\n mapError(error: unknown): PluginMappedError;\n}\n\n// ============================================\n// PLUGIN VALIDATION SCHEMA\n// ============================================\n\n/**\n * Schema to validate plugin metadata at registration.\n */\nexport const PluginClientContractSchema = z.object({\n namespace: z.string().min(1),\n actions: z.record(\n z.object({\n requestSchema: z.any().optional(),\n responseSchema: z.any().optional(),\n description: z.string().optional(),\n }),\n ),\n entrypoint: z.string().optional(),\n});\n\nexport const PluginMetadataSchema = z.object({\n id: z.string().regex(/^[a-z]+:[a-z0-9-]+$/, {\n message: \"Plugin ID must be in format: <resourceType>:<provider>\",\n }),\n resourceType: z.string().min(1),\n provider: z.string().min(1),\n version: z.string().min(1),\n name: z.string().min(1),\n actions: z.array(z.string()).min(1),\n auth: PluginAuthSchema,\n supports: PluginSupportsSchema,\n extractors: z.record(ExtractorDescriptorSchema).optional(),\n credentialSchema: PluginCredentialSchemaSchema.optional(),\n client: PluginClientContractSchema.optional(),\n});\n\nexport type PluginMetadata = z.infer<typeof PluginMetadataSchema>;\n\n/**\n * Validate plugin object has correct metadata.\n */\nexport function validatePluginMetadata(plugin: unknown): {\n valid: boolean;\n error?: string;\n metadata?: PluginMetadata;\n} {\n if (!plugin || typeof plugin !== \"object\") {\n return { valid: false, error: \"Plugin must be an object\" };\n }\n\n const result = PluginMetadataSchema.safeParse(plugin);\n if (!result.success) {\n return {\n valid: false,\n error: `Invalid plugin metadata: ${result.error.errors.map((e) => e.message).join(\", \")}`,\n };\n }\n\n // Verify ID matches resourceType:provider\n const meta = result.data;\n const expectedId = `${meta.resourceType}:${meta.provider}`;\n if (meta.id !== expectedId) {\n return {\n valid: false,\n error: `Plugin ID '${meta.id}' must match '${expectedId}'`,\n };\n }\n\n return { valid: true, metadata: meta };\n}\n\n// ============================================\n// DISCOVERY TYPES (based on plugin registry)\n// ============================================\n\n/**\n * Discovery entry format for plugins.\n */\nexport interface PluginDiscoveryEntry {\n resourceId: string;\n actions: string[];\n auth: PluginAuth;\n version: string;\n constraints: {\n supports: string[];\n };\n /** Client entrypoint info (if SDK-compatible) */\n client?: {\n namespace: string;\n entrypoint: string;\n };\n}\n\n/**\n * Convert plugin to discovery entry format.\n * Includes version for client compatibility checks.\n *\n * TODO: Add version compatibility negotiation in future iteration.\n * The version exposed here allows target apps to verify they are\n * using a compatible client version.\n */\nexport function pluginToDiscoveryEntry(\n plugin: PluginContract,\n): PluginDiscoveryEntry {\n const entry: PluginDiscoveryEntry = {\n resourceId: plugin.id,\n actions: plugin.actions,\n auth: plugin.auth,\n version: plugin.version,\n constraints: {\n supports: plugin.supports.enforcement,\n },\n };\n\n // Include client info if plugin is SDK-compatible\n if (plugin.client) {\n entry.client = {\n namespace: plugin.client.namespace,\n entrypoint: plugin.client.entrypoint ?? \"./client\",\n };\n }\n\n return entry;\n}\n\n// ============================================\n// HELPER TYPES FOR PLUGIN AUTHORS\n// ============================================\n\n/**\n * Base plugin options for creating plugins.\n */\nexport interface CreatePluginOptions {\n id: string;\n resourceType: string;\n provider: string;\n version: string;\n name: string;\n actions: string[];\n auth?: PluginAuth;\n supports?: PluginSupports;\n extractors?: Record<string, ExtractorDescriptor>;\n credentialSchema?: PluginCredentialSchema;\n /** Client contract metadata for SDK-compatible plugins */\n client?: PluginClientContract;\n}\n\n/**\n * Default auth configuration.\n */\nexport const DEFAULT_PLUGIN_AUTH: PluginAuth = {\n pop: { version: 1 },\n};\n\n/**\n * Default supports configuration.\n */\nexport const DEFAULT_PLUGIN_SUPPORTS: PluginSupports = {\n enforcement: [],\n};\n\n/**\n * Helper to create plugin with defaults.\n */\nexport function createPluginBase(options: CreatePluginOptions): {\n id: string;\n resourceType: string;\n provider: string;\n version: string;\n name: string;\n actions: string[];\n auth: PluginAuth;\n supports: PluginSupports;\n extractors?: Record<string, ExtractorDescriptor>;\n credentialSchema?: PluginCredentialSchema;\n client?: PluginClientContract;\n} {\n return {\n id: options.id,\n resourceType: options.resourceType,\n provider: options.provider,\n version: options.version,\n name: options.name,\n actions: options.actions,\n auth: options.auth ?? DEFAULT_PLUGIN_AUTH,\n supports: options.supports ?? DEFAULT_PLUGIN_SUPPORTS,\n extractors: options.extractors,\n credentialSchema: options.credentialSchema,\n client: options.client,\n };\n}\n","// ============================================\n// SHARED TYPES\n// Common types used by proxy and SDK\n// ============================================\n\n/**\n * Resource identifier format: <resourceType>:<provider>\n * Examples: llm:groq, llm:gemini, mail:resend\n */\nexport type ResourceId = `${string}:${string}`;\n\n/**\n * Parse a resource ID into its components.\n */\nexport function parseResourceId(resourceId: string): {\n resourceType: string;\n provider: string;\n} {\n const parts = resourceId.split(\":\");\n if (parts.length !== 2) {\n throw new Error(\n `Invalid resource ID format: ${resourceId}. Expected: <resourceType>:<provider>`,\n );\n }\n return {\n resourceType: parts[0],\n provider: parts[1],\n };\n}\n\n/**\n * Create a resource ID from components.\n */\nexport function createResourceId(\n resourceType: string,\n provider: string,\n): ResourceId {\n return `${resourceType}:${provider}` as ResourceId;\n}\n\n/**\n * Pairing string info parsed from pair::<url>::<code>\n */\nexport interface PairingInfo {\n proxyUrl: string;\n connectCode: string;\n}\n\n/**\n * Rate limit configuration.\n */\nexport interface RateLimitConfig {\n maxRequests: number;\n windowSeconds: number;\n}\n\n/**\n * Permission request for an app.\n */\nexport interface PermissionRequest {\n resourceId: string;\n actions: string[];\n constraints?: Record<string, unknown>;\n rateLimit?: RateLimitConfig; // Per-permission rate limit\n}\n\n/**\n * App metadata for registration.\n */\nexport interface AppMetadata {\n name: string;\n description?: string;\n homepage?: string;\n}\n\n/**\n * Gateway config stored after approval.\n */\nexport interface GatewayConfig {\n appId: string;\n proxyUrl: string;\n}\n\n/**\n * Resource constraint types (generic).\n */\nexport interface ResourceConstraints {\n // LLM constraints\n allowedModels?: string[];\n maxOutputTokens?: number;\n maxInputTokens?: number;\n allowStreaming?: boolean;\n\n // Email constraints\n allowedFromDomains?: string[];\n maxRecipients?: number;\n allowHtml?: boolean;\n\n // Generic\n maxRequestBodySize?: number;\n custom?: Record<string, unknown>;\n}\n\nexport * from \"./errors\";\nexport * from \"./schemas\";\nexport * from \"./access-policy\";\nexport * from \"./pop\";\nexport * from \"./enforcement\";\nexport * from \"./plugins\";\nexport * from \"./duration-presets\";\n"]}
1
+ {"version":3,"sources":["../src/errors.ts","../src/duration-presets.ts","../src/schemas.ts","../src/access-policy.ts","../src/pop.ts","../src/enforcement.ts","../src/plugins.ts","../src/index.ts"],"names":["ErrorCode","z","PopErrorCode"],"mappings":";;;;;AAUO,IAAK,SAAA,qBAAAA,UAAAA,KAAL;AAEL,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,sBAAA,CAAA,GAAuB,sBAAA;AACvB,EAAAA,WAAA,6BAAA,CAAA,GAA8B,6BAAA;AAC9B,EAAAA,WAAA,wBAAA,CAAA,GAAyB,wBAAA;AAGzB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AACnB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,mBAAA,CAAA,GAAoB,mBAAA;AACpB,EAAAA,WAAA,mBAAA,CAAA,GAAoB,mBAAA;AACpB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AAGnB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,wBAAA,CAAA,GAAyB,wBAAA;AACzB,EAAAA,WAAA,0BAAA,CAAA,GAA2B,0BAAA;AAG3B,EAAAA,WAAA,yBAAA,CAAA,GAA0B,yBAAA;AAC1B,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AAGtB,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AACtB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AACnB,EAAAA,WAAA,gCAAA,CAAA,GAAiC,gCAAA;AAGjC,EAAAA,WAAA,cAAA,CAAA,GAAe,cAAA;AACf,EAAAA,WAAA,oBAAA,CAAA,GAAqB,oBAAA;AAGrB,EAAAA,WAAA,4BAAA,CAAA,GAA6B,4BAAA;AAC7B,EAAAA,WAAA,0BAAA,CAAA,GAA2B,0BAAA;AAC3B,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AAGtB,EAAAA,WAAA,6BAAA,CAAA,GAA8B,6BAAA;AAG9B,EAAAA,WAAA,sBAAA,CAAA,GAAuB,sBAAA;AACvB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,yBAAA,CAAA,GAA0B,yBAAA;AAC1B,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,2BAAA,CAAA,GAA4B,2BAAA;AA9ClB,EAAA,OAAAA,UAAAA;AAAA,CAAA,EAAA,SAAA,IAAA,EAAA;AAoDL,SAAS,eAAe,IAAA,EAAyB;AACtD,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,uBAAA;AAAA,IACL,KAAK,qBAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,0BAAA;AAAA,IACL,KAAK,4BAAA;AAAA,IACL,KAAK,0BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,gCAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,kBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,mBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,uBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,kBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,mBAAA;AAAA,IACL,KAAK,sBAAA;AAAA,IACL,KAAK,wBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,qBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,6BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,sBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,yBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,2BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,yBAAA;AAAA,IACL,KAAK,qBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,6BAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,oBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET;AACE,MAAA,OAAO,GAAA;AAAA;AAEb;AAKO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA,EAMtC,WAAA,CACE,IAAA,EACA,OAAA,EACA,OAAA,EAIA;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,eAAe,IAAI,CAAA;AACjC,IAAA,IAAA,CAAK,UAAU,OAAA,EAAS,OAAA;AACxB,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAAA,EAC5B;AAAA,EAEA,MAAA,GAAS;AACP,IAAA,OAAO;AAAA,MACL,KAAA,EAAO;AAAA,QACL,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,SAAS,IAAA,CAAK,OAAA;AAAA,QACd,GAAI,IAAA,CAAK,SAAA,IAAa,EAAE,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,QAClD,GAAI,IAAA,CAAK,OAAA,IAAW,EAAE,OAAA,EAAS,KAAK,OAAA;AAAQ;AAC9C,KACF;AAAA,EACF;AACF;AAKO,SAAS,sBAAsB,IAAA,EAA6B;AACjE,EAAA,MAAM,OAAA,GAAU,IAAA,GACZ,CAAA,wBAAA,EAA2B,IAAI,CAAA,CAAA,GAC/B,8GAAA;AAEJ,EAAA,OAAO,IAAI,YAAA,CAAa,uBAAA,8BAAiC,OAAA,EAAS;AAAA,IAChE,OAAA,EAAS;AAAA,MACP,QAAA,EAAU;AAAA,QACR,IAAA,EAAM,iCAAA;AAAA,QACN,MAAA,EAAQ,mCAAA;AAAA,QACR,MAAA,EAAQ;AAAA;AACV;AACF,GACD,CAAA;AACH;AAWO,IAAM,0BAAA,GAA6BC,MAAE,MAAA,CAAO;AAAA,EACjD,KAAA,EAAOA,MAAE,MAAA,CAAO;AAAA,IACd,IAAA,EAAMA,MAAE,MAAA,EAAO;AAAA,IACf,OAAA,EAASA,MAAE,MAAA,EAAO;AAAA,IAClB,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC/B,OAAA,EAASA,KAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AAAS,GAC/B;AACH,CAAC;AAOM,SAAS,mBAAA,CACd,IAAA,EACA,OAAA,EACA,OAAA,EAIsB;AACtB,EAAA,OAAO;AAAA,IACL,KAAA,EAAO;AAAA,MACL,IAAA;AAAA,MACA,OAAA;AAAA,MACA,GAAI,OAAA,EAAS,SAAA,IAAa,EAAE,SAAA,EAAW,QAAQ,SAAA,EAAU;AAAA,MACzD,GAAI,OAAA,EAAS,OAAA,KAAY,UAAa,EAAE,OAAA,EAAS,QAAQ,OAAA;AAAQ;AACnE,GACF;AACF;AC5KO,IAAM,gBAAA,GAAqC;AAAA,EAChD;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,uBAAA;AAAA,IACb,UAAA,EAAY,KAAK,EAAA,GAAK,GAAA;AAAA,IACtB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,kBAAA;AAAA,IACb,UAAA,EAAY,CAAA,GAAI,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAC1B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,UAAA;AAAA,IACJ,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,gBAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAC3B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,QAAA;AAAA,IACb,UAAA,EAAY,CAAA,GAAI,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA,GACjC;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,SAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAChC,aAAA,EAAe;AAAA,GACjB;AAAA,EACA;AAAA,IACE,EAAA,EAAI,UAAA;AAAA,IACJ,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,SAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAChC,aAAA,EAAe;AAAA,GACjB;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,UAAA;AAAA,IACb,UAAA,EAAY,GAAA,GAAM,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA,GACnC;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,eAAA;AAAA,IACb,UAAA,EAAY;AAAA,GACd;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,wBAAA;AAAA,IACb,UAAA,EAAY;AAAA;AAEhB;AAKO,SAAS,kBACd,EAAA,EAC4B;AAC5B,EAAA,OAAO,iBAAiB,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,EAAE,CAAA;AACjD;AAMO,SAAS,2BAAA,CACd,QAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACb;AACb,EAAA,MAAM,MAAA,GAAS,kBAAkB,QAAQ,CAAA;AACzC,EAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,UAAA,KAAe,IAAA,EAAM;AACzC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,OAAA,EAAQ,GAAI,OAAO,UAAU,CAAA;AACxD;AAKO,SAAS,qBAAA,CACd,UAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACpB;AACN,EAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,OAAA,KAAY,UAAU,CAAA;AACjD;AAKO,SAAS,kBAAkB,UAAA,EAA2C;AAC3E,EAAA,IAAI,eAAe,IAAA,EAAM;AACvB,IAAA,OAAO,iBAAiB,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,SAAS,CAAA;AAAA,EACxD;AAGA,EAAA,IAAI,OAAA,GAAU,iBAAiB,CAAC,CAAA;AAChC,EAAA,IAAI,WAAA,GAAc,QAAA;AAElB,EAAA,KAAA,MAAW,UAAU,gBAAA,EAAkB;AACrC,IAAA,IAAI,MAAA,CAAO,UAAA,KAAe,IAAA,IAAQ,MAAA,CAAO,OAAO,QAAA,EAAU;AAE1D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,GAAA,CAAI,MAAA,CAAO,aAAa,UAAU,CAAA;AACpD,IAAA,IAAI,OAAO,WAAA,EAAa;AACtB,MAAA,WAAA,GAAc,IAAA;AACd,MAAA,OAAA,GAAU,MAAA;AAAA,IACZ;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAKO,SAAS,eAAe,UAAA,EAAmC;AAChE,EAAA,IAAI,UAAA,KAAe,MAAM,OAAO,SAAA;AAEhC,EAAA,MAAM,KAAA,GAAQ,UAAA,IAAc,EAAA,GAAK,EAAA,GAAK,GAAA,CAAA;AACtC,EAAA,IAAI,KAAA,GAAQ,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAEzE,EAAA,MAAM,OAAO,KAAA,GAAQ,EAAA;AACrB,EAAA,IAAI,IAAA,GAAO,CAAA,EAAG,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,IAAI,CAAC,CAAA,IAAA,EAAO,IAAA,KAAS,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAEpE,EAAA,MAAM,QAAQ,IAAA,GAAO,CAAA;AACrB,EAAA,IAAI,KAAA,GAAQ,CAAA,EAAG,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAExE,EAAA,MAAM,SAAS,IAAA,GAAO,EAAA;AACtB,EAAA,IAAI,MAAA,GAAS,EAAA;AACX,IAAA,OAAO,CAAA,EAAG,KAAK,KAAA,CAAM,MAAM,CAAC,CAAA,MAAA,EAAS,MAAA,KAAW,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAE9D,EAAA,MAAM,QAAQ,IAAA,GAAO,GAAA;AACrB,EAAA,OAAO,CAAA,EAAG,KAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAC3D;AAKO,SAAS,qBAAqB,SAAA,EAAgC;AACnE,EAAA,IAAI,CAAC,WAAW,OAAO,OAAA;AAEvB,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,EAAA,MAAM,IAAA,GAAO,SAAA,CAAU,OAAA,EAAQ,GAAI,IAAI,OAAA,EAAQ;AAE/C,EAAA,IAAI,IAAA,IAAQ,GAAG,OAAO,SAAA;AACtB,EAAA,OAAO,CAAA,GAAA,EAAM,cAAA,CAAe,IAAI,CAAC,CAAA,CAAA;AACnC;AASO,IAAM,sBAAA,GAAyBA,MAAE,IAAA,CAAK;AAAA,EAC3C,QAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,uBAAA,GAA0BA,MAAE,KAAA,CAAM;AAAA;AAAA,EAE7CA,MAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,QAAQ,CAAA;AAAA,IACxB,MAAA,EAAQ;AAAA,GACT,CAAA;AAAA;AAAA,EAEDA,MAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,IAC1B,YAAYA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAAS,GACvC,CAAA;AAAA;AAAA,EAEDA,MAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,OAAO,CAAA;AAAA,IACvB,SAAA,EAAWA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,GAChC;AACH,CAAC;AAOM,SAAS,wBAAA,CACd,QAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACb;AACb,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,QAAQ,SAAS,IAAA;AAAM,IACrB,KAAK,QAAA;AACH,MAAA,OAAO,2BAAA,CAA4B,QAAA,CAAS,MAAA,EAAQ,QAAQ,CAAA;AAAA,IAC9D,KAAK,UAAA;AACH,MAAA,OAAO,qBAAA,CAAsB,QAAA,CAAS,UAAA,EAAY,QAAQ,CAAA;AAAA,IAC5D,KAAK,OAAA;AACH,MAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,SAAS,CAAA;AAAA;AAExC;AAKO,SAAS,qBACd,MAAA,EACmB;AACnB,EAAA,OAAO,EAAE,IAAA,EAAM,QAAA,EAAU,MAAA,EAAO;AAClC;AAKO,SAAS,iBAAiB,UAAA,EAAuC;AACtE,EAAA,OAAO,EAAE,IAAA,EAAM,UAAA,EAAY,UAAA,EAAW;AACxC;AAKO,SAAS,oBAAoB,SAAA,EAAoC;AACtE,EAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,SAAA,EAAW,SAAA,CAAU,aAAY,EAAE;AAC7D;;;AC9QO,IAAM,iBAAA,GAAoBA,MAAE,MAAA,CAAO;AAAA,EACxC,IAAA,EAAMA,MAAE,IAAA,CAAK,CAAC,UAAU,MAAA,EAAQ,WAAA,EAAa,MAAM,CAAC,CAAA;AAAA,EACpD,OAAA,EAASA,MACN,KAAA,CAAM;AAAA,IACLA,MAAE,MAAA,EAAO;AAAA,IACTA,KAAAA,CAAE,KAAA;AAAA,MACAA,MAAE,MAAA,CAAO;AAAA,QACP,IAAA,EAAMA,MAAE,MAAA,EAAO;AAAA,QACf,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,QAC1B,SAAA,EAAWA,MACR,MAAA,CAAO;AAAA,UACN,GAAA,EAAKA,MAAE,MAAA,EAAO;AAAA,UACd,MAAA,EAAQA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,SAC7B,EACA,QAAA;AAAS,OACb;AAAA;AACH,GACD,EACA,QAAA,EAAS;AAAA,EACZ,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1B,YAAYA,KAAAA,CACT,KAAA;AAAA,IACCA,MAAE,MAAA,CAAO;AAAA,MACP,EAAA,EAAIA,MAAE,MAAA,EAAO;AAAA,MACb,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,MAAE,MAAA,CAAO;AAAA,QACjB,IAAA,EAAMA,MAAE,MAAA,EAAO;AAAA,QACf,SAAA,EAAWA,MAAE,MAAA;AAAO,OACrB;AAAA,KACF;AAAA,IAEF,QAAA,EAAS;AAAA,EACZ,YAAA,EAAcA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC3B,CAAC;AAKM,IAAM,2BAAA,GAA8BA,MAAE,MAAA,CAAO;AAAA,EAClD,KAAA,EAAOA,MAAE,MAAA,EAAO;AAAA,EAChB,QAAA,EAAUA,KAAAA,CAAE,KAAA,CAAM,iBAAiB,CAAA;AAAA,EACnC,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC/C,KAAA,EAAOA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACzC,CAAA,EAAGA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,EAAI,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,QAAA,EAAS;AAAA,EAC5C,MAAA,EAAQA,KAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EAC7B,IAAA,EAAMA,KAAAA,CAAE,KAAA,CAAM,CAACA,MAAE,MAAA,EAAO,EAAGA,KAAAA,CAAE,KAAA,CAAMA,MAAE,MAAA,EAAQ,CAAC,CAAC,EAAE,QAAA,EAAS;AAAA,EAC1D,UAAA,EAAYA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACjD,qBAAA,EAAuBA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EAC5D,gBAAA,EAAkBA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACrD,iBAAA,EAAmBA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACtD,YAAYA,KAAAA,CAAE,MAAA,CAAOA,MAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EAC1C,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1B,OAAOA,KAAAA,CACJ,KAAA;AAAA,IACCA,MAAE,MAAA,CAAO;AAAA,MACP,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,MAAE,MAAA,CAAO;AAAA,QACjB,IAAA,EAAMA,MAAE,MAAA,EAAO;AAAA,QACf,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,QACjC,YAAYA,KAAAA,CAAE,MAAA,CAAOA,MAAE,OAAA,EAAS,EAAE,QAAA;AAAS,OAC5C;AAAA,KACF;AAAA,IAEF,QAAA,EAAS;AAAA,EACZ,WAAA,EAAaA,MACV,KAAA,CAAM;AAAA,IACLA,KAAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,KAAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,KAAAA,CAAE,QAAQ,UAAU,CAAA;AAAA,IACpBA,MAAE,MAAA,CAAO;AAAA,MACP,IAAA,EAAMA,KAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,MAAE,MAAA,CAAO,EAAE,MAAMA,KAAAA,CAAE,MAAA,IAAU;AAAA,KACxC;AAAA,GACF,EACA,QAAA,EAAS;AAAA,EACZ,eAAA,EAAiBA,MACd,MAAA,CAAO;AAAA,IACN,MAAMA,KAAAA,CAAE,IAAA,CAAK,CAAC,MAAA,EAAQ,aAAa,CAAC;AAAA,GACrC,EACA,QAAA,EAAS;AAAA,EACZ,MAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AACzB,CAAC;AASM,IAAM,uBAAA,GAA0BA,MAAE,MAAA,CAAO;AAAA,EAC9C,UAAA,EAAYA,KAAAA,CAAE,MAAA,EAAO,CAAE,MAAM,qBAAA,EAAuB;AAAA,IAClD,OAAA,EAAS;AAAA,GACV,CAAA;AAAA,EACD,OAAA,EAASA,MAAE,KAAA,CAAMA,KAAAA,CAAE,QAAQ,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAClC,aAAaA,KAAAA,CAAE,MAAA,CAAOA,MAAE,OAAA,EAAS,EAAE,QAAA,EAAS;AAAA;AAAA,EAE5C,iBAAA,EAAmB,wBAAwB,QAAA;AAC7C,CAAC;AAKM,IAAM,iBAAA,GAAoBA,MAAE,MAAA,CAAO;AAAA,EACxC,IAAA,EAAMA,MAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA,EAC/B,aAAaA,KAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA,EAC1C,UAAUA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAC7B,CAAC;AAKM,IAAM,oBAAA,GAAuBA,MAAE,MAAA,CAAO;AAAA,EAC3C,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA;AAAA,EAC9B,GAAA,EAAK,iBAAA;AAAA,EACL,SAAA,EAAWA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA;AAAA,EAC5B,sBAAsBA,KAAAA,CAAE,KAAA,CAAM,uBAAuB,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAC5D,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA;AAC1B,CAAC;AAYM,IAAM,kBAAA,GAAqBA,MAAE,MAAA,CAAO;AAAA,EACzC,GAAA,EAAKA,MAAE,MAAA,CAAO;AAAA,IACZ,OAAA,EAASA,MAAE,MAAA;AAAO,GACnB;AACH,CAAC;AAKM,IAAM,4BAAA,GAA+BA,MAAE,MAAA,CAAO;AAAA,EACnD,UAAA,EAAYA,MAAE,MAAA,EAAO;AAAA,EACrB,OAAA,EAASA,KAAAA,CAAE,KAAA,CAAMA,KAAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,IAAA,EAAM,kBAAA;AAAA,EACN,WAAA,EAAaA,MACV,MAAA,CAAO;AAAA,IACN,QAAA,EAAUA,KAAAA,CAAE,KAAA,CAAMA,KAAAA,CAAE,QAAQ;AAAA,GAC7B,EACA,QAAA;AACL,CAAC;AAKM,IAAM,iBAAA,GAAoBA,MAAE,MAAA,CAAO;AAAA,EACxC,OAAA,EAASA,MAAE,MAAA,EAAO;AAAA,EAClB,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACnB,CAAC;AAKM,IAAM,gCAAA,GAAmCA,MAAE,MAAA,CAAO;AAAA,EACvD,OAAA,EAAS,iBAAA;AAAA,EACT,SAAA,EAAWA,KAAAA,CAAE,KAAA,CAAM,4BAA4B;AACjD,CAAC;;;ACiCM,SAAS,oBAAoB,MAAA,EAAmC;AACrE,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAErB,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,IAAA,CAAK,GAAA,CAAI,SAAQ,GAAI,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IAChD,KAAK,SAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,CAAA,GAAI,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IACpD,KAAK,OAAA;AAEH,MAAA,MAAM,QAAA,GAAW,IAAI,IAAA,CAAK,GAAG,CAAA;AAC7B,MAAA,QAAA,CAAS,QAAA,CAAS,EAAA,EAAI,EAAA,EAAI,EAAA,EAAI,GAAG,CAAA;AACjC,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IACrD,KAAK,WAAA;AAEH,MAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,GAAG,CAAA;AAC9B,MAAA,MAAM,eAAA,GAAkB,CAAA,GAAI,SAAA,CAAU,MAAA,EAAO;AAC7C,MAAA,SAAA,CAAU,OAAA,CAAQ,SAAA,CAAU,OAAA,EAAQ,GAAI,eAAe,CAAA;AACvD,MAAA,SAAA,CAAU,QAAA,CAAS,EAAA,EAAI,EAAA,EAAI,EAAA,EAAI,GAAG,CAAA;AAClC,MAAA,OAAO,SAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC1D,KAAK,UAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC1D,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,GAAA,GAAM,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC3D,KAAK,OAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,IAAA;AAAA;AAAA,IACT;AACE,MAAA,OAAO,IAAA;AAAA;AAEb;AAKO,IAAM,cAAA,GAAuC;AAAA,EAClD;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,mBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,QAAQ;AAAA,GAC7C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,SAAA;AAAA,IACP,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,SAAS;AAAA,GAC9C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,OAAA;AAAA,IACP,KAAA,EAAO,cAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,OAAO;AAAA,GAC5C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,UAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,UAAU;AAAA,GAC/C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,WAAA;AAAA,IACP,KAAA,EAAO,WAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,WAAW;AAAA,GAChD;AAAA,EACA;AAAA,IACE,KAAA,EAAO,SAAA;AAAA,IACP,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,SAAS;AAAA,GAC9C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,UAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,UAAU;AAAA,GAC/C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,mBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,QAAQ;AAAA,GAC7C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,OAAA;AAAA,IACP,KAAA,EAAO,OAAA;AAAA,IACP,WAAA,EAAa,eAAA;AAAA,IACb,SAAS,MAAM;AAAA,GACjB;AAAA,EACA;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,iBAAA;AAAA,IACb,SAAS,MAAM;AAAA;AAEnB;AAWO,IAAM,kBAAA,GAAwC;AAAA,EACnD;AAAA,IACE,KAAA,EAAO,gCAAA;AAAA,IACP,KAAA,EAAO,EAAE,WAAA,EAAa,CAAA,EAAG,eAAe,EAAA;AAAG,GAC7C;AAAA,EACA,EAAE,OAAO,eAAA,EAAiB,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,aAAA,EAAe,EAAA,EAAG,EAAE;AAAA,EACxE,EAAE,OAAO,eAAA,EAAiB,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,aAAA,EAAe,EAAA,EAAG,EAAE;AAAA,EACxE;AAAA,IACE,KAAA,EAAO,0BAAA;AAAA,IACP,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,eAAe,EAAA;AAAG,GAC9C;AAAA,EACA,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAK,aAAA,EAAe,IAAA,EAAK,EAAE;AAAA,EAC1E,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAK,aAAA,EAAe,IAAA,EAAK,EAAE;AAAA,EAC1E,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAM,aAAA,EAAe,KAAA,EAAM;AAC5E;AASO,SAAS,qBAAqB,MAAA,EAGnC;AACA,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAGrB,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,aAAA,GAAgB,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AAC/C,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,CAAA,oCAAA,EAAuC,aAAA,CAAc,WAAA,EAAa,CAAA;AAAA,OAC5E;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,aAAA,GAAgB,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AAC/C,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,CAAA,sBAAA,EAAyB,aAAA,CAAc,WAAA,EAAa,CAAA;AAAA,OAC9D;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,MAAM,EAAE,SAAA,EAAW,OAAA,EAAS,QAAA,EAAU,WAAA,KAAgB,MAAA,CAAO,UAAA;AAG7D,IAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS;AAAA,MACjD,IAAA,EAAM,SAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,QAAA,EAAU;AAAA,KACX,CAAA;AACD,IAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,MAAA,CAAO,GAAG,GAAG,EAAE,CAAA;AAGtD,IAAA,MAAM,YAAA,GAAe,IAAI,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS;AAAA,MACpD,OAAA,EAAS,OAAA;AAAA,MACT,QAAA,EAAU;AAAA,KACX,CAAA;AACD,IAAA,MAAM,QAAA,GAAW,CAAC,KAAA,EAAO,KAAA,EAAO,OAAO,KAAA,EAAO,KAAA,EAAO,OAAO,KAAK,CAAA;AACjE,IAAA,MAAM,cAAA,GAAiB,YAAA,CAAa,MAAA,CAAO,GAAG,CAAA;AAC9C,IAAA,MAAM,aAAa,QAAA,CAAS,OAAA,CAAQ,eAAe,KAAA,CAAM,CAAA,EAAG,CAAC,CAAC,CAAA;AAG9D,IAAA,IACE,WAAA,IACA,YAAY,MAAA,GAAS,CAAA,IACrB,CAAC,WAAA,CAAY,QAAA,CAAS,UAAU,CAAA,EAChC;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,mCAAmC,cAAc,CAAA,CAAA;AAAA,OAC3D;AAAA,IACF;AAGA,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI,aAAa,OAAA,EAAS;AAExB,MAAA,QAAA,GAAW,WAAA,IAAe,aAAa,WAAA,GAAc,OAAA;AAAA,IACvD,CAAA,MAAO;AAEL,MAAA,QAAA,GAAW,WAAA,IAAe,aAAa,WAAA,GAAc,OAAA;AAAA,IACvD;AAEA,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,QAAQ,CAAA,4BAAA,EAA+B,SAAS,CAAA,IAAA,EAAO,OAAO,OAAO,QAAQ,CAAA;AAAA,OAC/E;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACvB;AAKO,SAAS,0BAA0B,MAAA,EAAgC;AACxE,EAAA,MAAM,UAAoB,EAAC;AAE3B,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,IAAA,GAAO,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACtC,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN,YAAY,IAAA,CAAK,kBAAA,EAAoB,CAAA,CAAA,EAAI,IAAA,CAAK,oBAAoB,CAAA;AAAA,KACpE;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,IAAA,GAAO,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACtC,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN,WAAW,IAAA,CAAK,kBAAA,EAAoB,CAAA,CAAA,EAAI,IAAA,CAAK,oBAAoB,CAAA;AAAA,KACnE;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,MAAM,EAAE,SAAA,EAAW,OAAA,EAAS,QAAA,KAAa,MAAA,CAAO,UAAA;AAChD,IAAA,OAAA,CAAQ,KAAK,CAAA,OAAA,EAAU,SAAS,OAAO,OAAO,CAAA,IAAA,EAAO,QAAQ,CAAA,CAAE,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,EAAE,WAAA,EAAa,aAAA,EAAc,GAAI,MAAA,CAAO,SAAA;AAC9C,IAAA,IAAI,kBAAkB,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,IAAA,CAAM,CAAA;AAAA,SAAA,IACxD,kBAAkB,IAAA,EAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,KAAA,CAAO,CAAA;AAAA,SAAA,IAChE,kBAAkB,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,IAAA,CAAM,CAAA;AAAA,iBAC5D,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,CAAA,EAAI,aAAa,CAAA,CAAA,CAAG,CAAA;AAAA,EAC5D;AAEA,EAAA,IAAI,MAAA,CAAO,OAAO,KAAA,EAAO;AACvB,IAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,aAAA,EAAgB,MAAA,CAAO,KAAA,CAAM,KAAK,CAAA,CAAE,CAAA;AAAA,EACnD;AAEA,EAAA,IAAI,MAAA,CAAO,OAAO,OAAA,EAAS;AACzB,IAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,MAAA,CAAO,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,EACvD;AAEA,EAAA,IAAI,MAAA,CAAO,aAAa,KAAA,EAAO;AAC7B,IAAA,OAAA,CAAQ,KAAK,CAAA,cAAA,EAAiB,MAAA,CAAO,YAAY,KAAA,CAAM,cAAA,EAAgB,CAAA,CAAE,CAAA;AAAA,EAC3E;AAEA,EAAA,OAAO,OAAA;AACT;AC5cO,IAAM,kBAAA,GAAqBA,MAAE,MAAA,CAAO;AAAA,EACzC,SAAA,EAAWA,KAAAA,CAAE,OAAA,CAAQ,GAAG,CAAA;AAAA,EACxB,YAAYA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAClD,QAAQA,KAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,CAAM,SAAS,2BAA2B,CAAA;AAAA,EAC7D,WAAWA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,IAAI,sCAAsC,CAAA;AAAA,EACpE,SAASA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,uBAAuB;AACpD,CAAC;AAiDM,SAAS,wBACd,MAAA,EACQ;AACR,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,MAAA,CAAO,OAAO,WAAA,EAAY;AAAA,IAC1B,MAAA,CAAO,aAAA;AAAA,IACP,MAAA,CAAO,KAAA;AAAA,IACP,MAAA,CAAO,EAAA;AAAA,IACP,MAAA,CAAO,KAAA;AAAA,IACP,MAAA,CAAO,QAAA;AAAA,IACP;AAAA;AAAA,GACF,CAAE,KAAK,IAAI,CAAA;AACb;AAaO,SAAS,iBAAiB,GAAA,EAAkB;AACjD,EAAA,OAAO,GAAA,CAAI,WAAW,GAAA,CAAI,MAAA;AAC5B;AAKO,IAAM,WAAA,GAAc;AAKpB,IAAK,YAAA,qBAAAC,aAAAA,KAAL;AACL,EAAAA,cAAA,qBAAA,CAAA,GAAsB,6BAAA;AADZ,EAAA,OAAAA,aAAAA;AAAA,CAAA,EAAA,YAAA,IAAA,EAAA;ACvFL,IAAM,uBAAA,GAA0BD,MAAE,MAAA,CAAO;AAAA;AAAA,EAE9C,KAAA,EAAOA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,eAAA,EAAiBA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACtD,SAAA,EAAWA,KAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EAChC,MAAA,EAAQA,KAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAG7B,UAAA,EAAYA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,WAAWA,KAAAA,CAAE,KAAA,CAAMA,MAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EACxC,cAAA,EAAgBA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAGrD,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC1B,CAAC;AASM,IAAM,sBAAA,GAAyB;AAY/B,IAAM,qBAAA,GAAwBA,MAAE,MAAA,CAAO;AAAA;AAAA,EAE5C,SAAA,EAAWA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE/B,MAAA,EAAQA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE5B,aAAA,EAAeA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC5B,CAAC;AC5BM,IAAM,gBAAA,GAAmBA,MAAE,MAAA,CAAO;AAAA,EACvC,GAAA,EAAKA,MAAE,MAAA,CAAO;AAAA,IACZ,SAASA,KAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAAS,GACpC;AACH,CAAC;AAQM,IAAM,oBAAA,GAAuBA,MAAE,MAAA,CAAO;AAAA,EAC3C,WAAA,EAAaA,KAAAA,CAAE,KAAA,CAAMA,KAAAA,CAAE,QAAQ;AACjC,CAAC;AAQM,IAAM,yBAAA,GAA4BA,MAAE,MAAA,CAAO;AAAA;AAAA,EAEhD,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE1B,QAAQA,KAAAA,CAAE,MAAA,CAAOA,MAAE,OAAA,EAAS,EAAE,QAAA;AAChC,CAAC;AAQM,IAAM,qBAAA,GAAwBA,MAAE,MAAA,CAAO;AAAA,EAC5C,IAAA,EAAMA,MAAE,MAAA,EAAO;AAAA,EACf,IAAA,EAAMA,MAAE,IAAA,CAAK,CAAC,UAAU,QAAA,EAAU,KAAA,EAAO,QAAA,EAAU,SAAS,CAAC,CAAA;AAAA,EAC7D,KAAA,EAAOA,MAAE,MAAA,EAAO;AAAA,EAChB,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACjC,QAAA,EAAUA,KAAAA,CAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,EAClC,OAAA,EAASA,KAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AACvB,CAAC;AAOM,IAAM,4BAAA,GAA+BA,MAAE,MAAA,CAAO;AAAA,EACnD,MAAA,EAAQA,KAAAA,CAAE,KAAA,CAAM,qBAAqB;AACvC,CAAC;AAyRM,IAAM,0BAAA,GAA6BA,MAAE,MAAA,CAAO;AAAA,EACjD,SAAA,EAAWA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,SAASA,KAAAA,CAAE,MAAA;AAAA,IACTA,MAAE,MAAA,CAAO;AAAA,MACP,aAAA,EAAeA,KAAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA,MAChC,cAAA,EAAgBA,KAAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA,MACjC,WAAA,EAAaA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,KAClC;AAAA,GACH;AAAA,EACA,UAAA,EAAYA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAEM,IAAM,oBAAA,GAAuBA,MAAE,MAAA,CAAO;AAAA,EAC3C,EAAA,EAAIA,KAAAA,CAAE,MAAA,EAAO,CAAE,MAAM,qBAAA,EAAuB;AAAA,IAC1C,OAAA,EAAS;AAAA,GACV,CAAA;AAAA,EACD,YAAA,EAAcA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC9B,QAAA,EAAUA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC1B,OAAA,EAASA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACzB,IAAA,EAAMA,KAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,OAAA,EAASA,MAAE,KAAA,CAAMA,KAAAA,CAAE,QAAQ,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAClC,IAAA,EAAM,gBAAA;AAAA,EACN,QAAA,EAAU,oBAAA;AAAA,EACV,UAAA,EAAYA,KAAAA,CAAE,MAAA,CAAO,yBAAyB,EAAE,QAAA,EAAS;AAAA,EACzD,gBAAA,EAAkB,6BAA6B,QAAA,EAAS;AAAA,EACxD,MAAA,EAAQ,2BAA2B,QAAA,EAAS;AAAA,EAC5C,eAAeA,KAAAA,CAAE,KAAA,CAAMA,MAAE,MAAA,EAAQ,EAAE,QAAA;AACrC,CAAC;AAOM,SAAS,uBAAuB,MAAA,EAIrC;AACA,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACzC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,0BAAA,EAA2B;AAAA,EAC3D;AAEA,EAAA,MAAM,MAAA,GAAS,oBAAA,CAAqB,SAAA,CAAU,MAAM,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO,CAAA,yBAAA,EAA4B,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,KACzF;AAAA,EACF;AAGA,EAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AACpB,EAAA,MAAM,aAAa,CAAA,EAAG,IAAA,CAAK,YAAY,CAAA,CAAA,EAAI,KAAK,QAAQ,CAAA,CAAA;AACxD,EAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO,CAAA,WAAA,EAAc,IAAA,CAAK,EAAE,iBAAiB,UAAU,CAAA,CAAA;AAAA,KACzD;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,QAAA,EAAU,IAAA,EAAK;AACvC;AAgCO,SAAS,uBACd,MAAA,EACsB;AACtB,EAAA,MAAM,KAAA,GAA8B;AAAA,IAClC,YAAY,MAAA,CAAO,EAAA;AAAA,IACnB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,MAAM,MAAA,CAAO,IAAA;AAAA,IACb,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,WAAA,EAAa;AAAA,MACX,QAAA,EAAU,OAAO,QAAA,CAAS;AAAA;AAC5B,GACF;AAGA,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,KAAA,CAAM,MAAA,GAAS;AAAA,MACb,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,MACzB,UAAA,EAAY,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc;AAAA,KAC1C;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AA6BO,IAAM,mBAAA,GAAkC;AAAA,EAC7C,GAAA,EAAK,EAAE,OAAA,EAAS,CAAA;AAClB;AAKO,IAAM,uBAAA,GAA0C;AAAA,EACrD,aAAa;AACf;AAKO,SAAS,iBAAiB,OAAA,EAa/B;AACA,EAAA,OAAO;AAAA,IACL,IAAI,OAAA,CAAQ,EAAA;AAAA,IACZ,cAAc,OAAA,CAAQ,YAAA;AAAA,IACtB,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,IAAA,EAAM,QAAQ,IAAA,IAAQ,mBAAA;AAAA,IACtB,QAAA,EAAU,QAAQ,QAAA,IAAY,uBAAA;AAAA,IAC9B,YAAY,OAAA,CAAQ,UAAA;AAAA,IACpB,kBAAkB,OAAA,CAAQ,gBAAA;AAAA,IAC1B,QAAQ,OAAA,CAAQ,MAAA;AAAA,IAChB,eAAe,OAAA,CAAQ;AAAA,GACzB;AACF;;;ACxhBO,SAAS,gBAAgB,UAAA,EAG9B;AACA,EAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,+BAA+B,UAAU,CAAA,qCAAA;AAAA,KAC3C;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL,YAAA,EAAc,MAAM,CAAC,CAAA;AAAA,IACrB,QAAA,EAAU,MAAM,CAAC;AAAA,GACnB;AACF;AAKO,SAAS,gBAAA,CACd,cACA,QAAA,EACY;AACZ,EAAA,OAAO,CAAA,EAAG,YAAY,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA;AACpC","file":"index.js","sourcesContent":["import { z } from \"zod\";\n\n// ============================================\n// ERROR CODES\n// Standardized error codes for the gateway\n// ============================================\n\n/**\n * Gateway error codes.\n */\nexport enum ErrorCode {\n // Resource errors\n ERR_RESOURCE_REQUIRED = \"ERR_RESOURCE_REQUIRED\",\n ERR_UNKNOWN_RESOURCE = \"ERR_UNKNOWN_RESOURCE\",\n ERR_RESOURCE_NOT_CONFIGURED = \"ERR_RESOURCE_NOT_CONFIGURED\",\n ERR_UNSUPPORTED_ACTION = \"ERR_UNSUPPORTED_ACTION\",\n\n // Auth errors\n ERR_MISSING_AUTH = \"ERR_MISSING_AUTH\",\n ERR_INVALID_SIGNATURE = \"ERR_INVALID_SIGNATURE\",\n ERR_EXPIRED_TIMESTAMP = \"ERR_EXPIRED_TIMESTAMP\",\n ERR_INVALID_NONCE = \"ERR_INVALID_NONCE\",\n ERR_APP_NOT_FOUND = \"ERR_APP_NOT_FOUND\",\n ERR_APP_DISABLED = \"ERR_APP_DISABLED\",\n\n // Permission errors\n ERR_PERMISSION_DENIED = \"ERR_PERMISSION_DENIED\",\n ERR_PERMISSION_EXPIRED = \"ERR_PERMISSION_EXPIRED\",\n ERR_CONSTRAINT_VIOLATION = \"ERR_CONSTRAINT_VIOLATION\",\n\n // Rate/budget errors\n ERR_RATE_LIMIT_EXCEEDED = \"ERR_RATE_LIMIT_EXCEEDED\",\n ERR_BUDGET_EXCEEDED = \"ERR_BUDGET_EXCEEDED\",\n\n // Request errors\n ERR_INVALID_REQUEST = \"ERR_INVALID_REQUEST\",\n ERR_INVALID_JSON = \"ERR_INVALID_JSON\",\n ERR_CONTRACT_VALIDATION_FAILED = \"ERR_CONTRACT_VALIDATION_FAILED\",\n\n // Internal errors\n ERR_INTERNAL = \"ERR_INTERNAL\",\n ERR_UPSTREAM_ERROR = \"ERR_UPSTREAM_ERROR\",\n\n // Pairing errors\n ERR_INVALID_PAIRING_STRING = \"ERR_INVALID_PAIRING_STRING\",\n ERR_INVALID_CONNECT_CODE = \"ERR_INVALID_CONNECT_CODE\",\n ERR_SESSION_EXPIRED = \"ERR_SESSION_EXPIRED\",\n\n // PoP errors\n ERR_UNSUPPORTED_POP_VERSION = \"ERR_UNSUPPORTED_POP_VERSION\",\n\n // Policy violation errors\n ERR_POLICY_VIOLATION = \"ERR_POLICY_VIOLATION\",\n ERR_MODEL_NOT_ALLOWED = \"ERR_MODEL_NOT_ALLOWED\",\n ERR_MAX_TOKENS_EXCEEDED = \"ERR_MAX_TOKENS_EXCEEDED\",\n ERR_TOOLS_NOT_ALLOWED = \"ERR_TOOLS_NOT_ALLOWED\",\n ERR_STREAMING_NOT_ALLOWED = \"ERR_STREAMING_NOT_ALLOWED\",\n}\n\n/**\n * Get HTTP status code for an error code.\n */\nexport function getErrorStatus(code: ErrorCode): number {\n switch (code) {\n case ErrorCode.ERR_RESOURCE_REQUIRED:\n case ErrorCode.ERR_INVALID_REQUEST:\n case ErrorCode.ERR_INVALID_JSON:\n case ErrorCode.ERR_CONSTRAINT_VIOLATION:\n case ErrorCode.ERR_INVALID_PAIRING_STRING:\n case ErrorCode.ERR_INVALID_CONNECT_CODE:\n return 400;\n\n case ErrorCode.ERR_CONTRACT_VALIDATION_FAILED:\n return 422;\n\n case ErrorCode.ERR_MISSING_AUTH:\n case ErrorCode.ERR_INVALID_SIGNATURE:\n case ErrorCode.ERR_EXPIRED_TIMESTAMP:\n case ErrorCode.ERR_INVALID_NONCE:\n return 401;\n\n case ErrorCode.ERR_PERMISSION_DENIED:\n case ErrorCode.ERR_PERMISSION_EXPIRED:\n case ErrorCode.ERR_APP_DISABLED:\n return 403;\n\n case ErrorCode.ERR_APP_NOT_FOUND:\n case ErrorCode.ERR_UNKNOWN_RESOURCE:\n case ErrorCode.ERR_UNSUPPORTED_ACTION:\n return 404;\n\n case ErrorCode.ERR_SESSION_EXPIRED:\n return 410;\n\n case ErrorCode.ERR_UNSUPPORTED_POP_VERSION:\n return 400;\n\n case ErrorCode.ERR_POLICY_VIOLATION:\n case ErrorCode.ERR_MODEL_NOT_ALLOWED:\n case ErrorCode.ERR_MAX_TOKENS_EXCEEDED:\n case ErrorCode.ERR_TOOLS_NOT_ALLOWED:\n case ErrorCode.ERR_STREAMING_NOT_ALLOWED:\n return 403;\n\n case ErrorCode.ERR_RATE_LIMIT_EXCEEDED:\n case ErrorCode.ERR_BUDGET_EXCEEDED:\n return 429;\n\n case ErrorCode.ERR_RESOURCE_NOT_CONFIGURED:\n case ErrorCode.ERR_INTERNAL:\n case ErrorCode.ERR_UPSTREAM_ERROR:\n return 500;\n\n default:\n return 500;\n }\n}\n\n/**\n * Gateway error class.\n */\nexport class GatewayError extends Error {\n public readonly code: ErrorCode;\n public readonly status: number;\n public readonly details?: Record<string, unknown>;\n public readonly requestId?: string;\n\n constructor(\n code: ErrorCode,\n message: string,\n options?: {\n details?: Record<string, unknown>;\n requestId?: string;\n },\n ) {\n super(message);\n this.name = \"GatewayError\";\n this.code = code;\n this.status = getErrorStatus(code);\n this.details = options?.details;\n this.requestId = options?.requestId;\n }\n\n toJSON() {\n return {\n error: {\n code: this.code,\n message: this.message,\n ...(this.requestId && { requestId: this.requestId }),\n ...(this.details && { details: this.details }),\n },\n };\n }\n}\n\n/**\n * Create a resource required error with helpful message.\n */\nexport function resourceRequiredError(hint?: string): GatewayError {\n const message = hint\n ? `Resource not specified. ${hint}`\n : \"Resource not specified. Set baseURL to /r/<resourceType>/<provider>/v1 or provide x-gateway-resource header.\";\n\n return new GatewayError(ErrorCode.ERR_RESOURCE_REQUIRED, message, {\n details: {\n examples: {\n groq: \"/r/llm/groq/v1/chat/completions\",\n gemini: \"/r/llm/gemini/v1/chat/completions\",\n header: \"x-gateway-resource: llm:groq\",\n },\n },\n });\n}\n\n// ============================================\n// ERROR RESPONSE SCHEMA\n// Standard error response format for all API errors\n// ============================================\n\n/**\n * Standard error response schema.\n * All API errors should conform to this shape.\n */\nexport const GatewayErrorResponseSchema = z.object({\n error: z.object({\n code: z.string(),\n message: z.string(),\n requestId: z.string().optional(),\n details: z.unknown().optional(),\n }),\n});\n\nexport type GatewayErrorResponse = z.infer<typeof GatewayErrorResponseSchema>;\n\n/**\n * Create a standard error response object.\n */\nexport function createErrorResponse(\n code: string,\n message: string,\n options?: {\n requestId?: string;\n details?: unknown;\n },\n): GatewayErrorResponse {\n return {\n error: {\n code,\n message,\n ...(options?.requestId && { requestId: options.requestId }),\n ...(options?.details !== undefined && { details: options.details }),\n },\n };\n}\n","// ============================================\n// DURATION PRESETS\n// Standardized permission duration options\n// Used by both SDK (requesting) and Proxy (granting)\n// ============================================\n\nimport { z } from \"zod\";\n\n/**\n * Preset duration identifiers.\n * Apps can request these, and the proxy recognizes them.\n */\nexport type DurationPresetId =\n | \"1_hour\"\n | \"4_hours\"\n | \"24_hours\"\n | \"1_week\"\n | \"1_month\"\n | \"3_months\"\n | \"1_year\"\n | \"forever\"\n | \"custom\";\n\n/**\n * Duration preset definition.\n */\nexport interface DurationPreset {\n id: DurationPresetId;\n label: string;\n description: string;\n /** Duration in milliseconds, null = never expires */\n durationMs: number | null;\n /** Suggested for short-term testing */\n isTemporary?: boolean;\n /** Suggested for production use */\n isRecommended?: boolean;\n}\n\n/**\n * All available duration presets in order of duration.\n */\nexport const DURATION_PRESETS: DurationPreset[] = [\n {\n id: \"1_hour\",\n label: \"1 hour\",\n description: \"Quick testing session\",\n durationMs: 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"4_hours\",\n label: \"4 hours\",\n description: \"Extended testing\",\n durationMs: 4 * 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"24_hours\",\n label: \"24 hours\",\n description: \"One day access\",\n durationMs: 24 * 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"1_week\",\n label: \"1 week\",\n description: \"7 days\",\n durationMs: 7 * 24 * 60 * 60 * 1000,\n },\n {\n id: \"1_month\",\n label: \"1 month\",\n description: \"30 days\",\n durationMs: 30 * 24 * 60 * 60 * 1000,\n isRecommended: true,\n },\n {\n id: \"3_months\",\n label: \"3 months\",\n description: \"90 days\",\n durationMs: 90 * 24 * 60 * 60 * 1000,\n isRecommended: true,\n },\n {\n id: \"1_year\",\n label: \"1 year\",\n description: \"365 days\",\n durationMs: 365 * 24 * 60 * 60 * 1000,\n },\n {\n id: \"forever\",\n label: \"Forever\",\n description: \"No expiration\",\n durationMs: null,\n },\n {\n id: \"custom\",\n label: \"Custom\",\n description: \"Set specific date/time\",\n durationMs: null,\n },\n];\n\n/**\n * Get a preset by ID.\n */\nexport function getDurationPreset(\n id: DurationPresetId,\n): DurationPreset | undefined {\n return DURATION_PRESETS.find((p) => p.id === id);\n}\n\n/**\n * Calculate expiry date from a duration preset ID.\n * @returns Date object or null for \"forever\"\n */\nexport function getExpiryFromDurationPreset(\n presetId: DurationPresetId,\n fromDate: Date = new Date(),\n): Date | null {\n const preset = getDurationPreset(presetId);\n if (!preset || preset.durationMs === null) {\n return null;\n }\n return new Date(fromDate.getTime() + preset.durationMs);\n}\n\n/**\n * Calculate expiry date from a duration in milliseconds.\n */\nexport function getExpiryFromDuration(\n durationMs: number,\n fromDate: Date = new Date(),\n): Date {\n return new Date(fromDate.getTime() + durationMs);\n}\n\n/**\n * Find the closest matching preset for a given duration.\n */\nexport function findClosestPreset(durationMs: number | null): DurationPreset {\n if (durationMs === null) {\n return DURATION_PRESETS.find((p) => p.id === \"forever\")!;\n }\n\n // Find closest match\n let closest = DURATION_PRESETS[0];\n let closestDiff = Infinity;\n\n for (const preset of DURATION_PRESETS) {\n if (preset.durationMs === null || preset.id === \"custom\") continue;\n\n const diff = Math.abs(preset.durationMs - durationMs);\n if (diff < closestDiff) {\n closestDiff = diff;\n closest = preset;\n }\n }\n\n return closest;\n}\n\n/**\n * Format a duration in milliseconds to human readable.\n */\nexport function formatDuration(durationMs: number | null): string {\n if (durationMs === null) return \"Forever\";\n\n const hours = durationMs / (60 * 60 * 1000);\n if (hours < 24) return `${Math.round(hours)} hour${hours !== 1 ? \"s\" : \"\"}`;\n\n const days = hours / 24;\n if (days < 7) return `${Math.round(days)} day${days !== 1 ? \"s\" : \"\"}`;\n\n const weeks = days / 7;\n if (weeks < 4) return `${Math.round(weeks)} week${weeks !== 1 ? \"s\" : \"\"}`;\n\n const months = days / 30;\n if (months < 12)\n return `${Math.round(months)} month${months !== 1 ? \"s\" : \"\"}`;\n\n const years = days / 365;\n return `${Math.round(years)} year${years !== 1 ? \"s\" : \"\"}`;\n}\n\n/**\n * Format an expiry date relative to now.\n */\nexport function formatExpiryRelative(expiresAt: Date | null): string {\n if (!expiresAt) return \"Never\";\n\n const now = new Date();\n const diff = expiresAt.getTime() - now.getTime();\n\n if (diff <= 0) return \"Expired\";\n return `In ${formatDuration(diff)}`;\n}\n\n// ============================================\n// ZOD SCHEMAS\n// ============================================\n\n/**\n * Duration preset ID schema for validation.\n */\nexport const DurationPresetIdSchema = z.enum([\n \"1_hour\",\n \"4_hours\",\n \"24_hours\",\n \"1_week\",\n \"1_month\",\n \"3_months\",\n \"1_year\",\n \"forever\",\n \"custom\",\n]);\n\n/**\n * Requested duration schema.\n * Apps can specify their preferred duration when requesting permissions.\n */\nexport const RequestedDurationSchema = z.union([\n // Preset ID\n z.object({\n type: z.literal(\"preset\"),\n preset: DurationPresetIdSchema,\n }),\n // Specific duration in milliseconds\n z.object({\n type: z.literal(\"duration\"),\n durationMs: z.number().int().positive(),\n }),\n // Specific expiry date\n z.object({\n type: z.literal(\"until\"),\n expiresAt: z.string().datetime(),\n }),\n]);\n\nexport type RequestedDuration = z.infer<typeof RequestedDurationSchema>;\n\n/**\n * Resolve a RequestedDuration to an expiry Date (or null for forever).\n */\nexport function resolveRequestedDuration(\n duration: RequestedDuration | undefined,\n fromDate: Date = new Date(),\n): Date | null {\n if (!duration) return null; // Default: no preference (admin decides)\n\n switch (duration.type) {\n case \"preset\":\n return getExpiryFromDurationPreset(duration.preset, fromDate);\n case \"duration\":\n return getExpiryFromDuration(duration.durationMs, fromDate);\n case \"until\":\n return new Date(duration.expiresAt);\n }\n}\n\n/**\n * Create a preset-based RequestedDuration.\n */\nexport function createPresetDuration(\n preset: DurationPresetId,\n): RequestedDuration {\n return { type: \"preset\", preset };\n}\n\n/**\n * Create a duration-based RequestedDuration.\n */\nexport function createDurationMs(durationMs: number): RequestedDuration {\n return { type: \"duration\", durationMs };\n}\n\n/**\n * Create an until-based RequestedDuration.\n */\nexport function createUntilDuration(expiresAt: Date): RequestedDuration {\n return { type: \"until\", expiresAt: expiresAt.toISOString() };\n}\n","import { z } from \"zod\";\nimport { RequestedDurationSchema } from \"./duration-presets\";\n\n// ============================================\n// SHARED SCHEMAS\n// Validation schemas used by proxy and SDK\n// ============================================\n\n/**\n * Chat message schema (OpenAI-compatible).\n */\nexport const ChatMessageSchema = z.object({\n role: z.enum([\"system\", \"user\", \"assistant\", \"tool\"]),\n content: z\n .union([\n z.string(),\n z.array(\n z.object({\n type: z.string(),\n text: z.string().optional(),\n image_url: z\n .object({\n url: z.string(),\n detail: z.string().optional(),\n })\n .optional(),\n }),\n ),\n ])\n .nullable(),\n name: z.string().optional(),\n tool_calls: z\n .array(\n z.object({\n id: z.string(),\n type: z.literal(\"function\"),\n function: z.object({\n name: z.string(),\n arguments: z.string(),\n }),\n }),\n )\n .optional(),\n tool_call_id: z.string().optional(),\n});\n\n/**\n * Chat completion request schema (OpenAI-compatible).\n */\nexport const ChatCompletionRequestSchema = z.object({\n model: z.string(),\n messages: z.array(ChatMessageSchema),\n temperature: z.number().min(0).max(2).optional(),\n top_p: z.number().min(0).max(1).optional(),\n n: z.number().int().min(1).max(10).optional(),\n stream: z.boolean().optional(),\n stop: z.union([z.string(), z.array(z.string())]).optional(),\n max_tokens: z.number().int().positive().optional(),\n max_completion_tokens: z.number().int().positive().optional(),\n presence_penalty: z.number().min(-2).max(2).optional(),\n frequency_penalty: z.number().min(-2).max(2).optional(),\n logit_bias: z.record(z.number()).optional(),\n user: z.string().optional(),\n tools: z\n .array(\n z.object({\n type: z.literal(\"function\"),\n function: z.object({\n name: z.string(),\n description: z.string().optional(),\n parameters: z.record(z.unknown()).optional(),\n }),\n }),\n )\n .optional(),\n tool_choice: z\n .union([\n z.literal(\"none\"),\n z.literal(\"auto\"),\n z.literal(\"required\"),\n z.object({\n type: z.literal(\"function\"),\n function: z.object({ name: z.string() }),\n }),\n ])\n .optional(),\n response_format: z\n .object({\n type: z.enum([\"text\", \"json_object\"]),\n })\n .optional(),\n seed: z.number().int().optional(),\n});\n\nexport type ChatCompletionRequest = z.infer<typeof ChatCompletionRequestSchema>;\nexport type ChatMessage = z.infer<typeof ChatMessageSchema>;\n\n/**\n * Permission request schema.\n * Includes optional requested duration for apps to suggest their needs.\n */\nexport const PermissionRequestSchema = z.object({\n resourceId: z.string().regex(/^[a-z]+:[a-z0-9-]+$/, {\n message: \"Invalid resource ID format. Expected: <resourceType>:<provider>\",\n }),\n actions: z.array(z.string()).min(1),\n constraints: z.record(z.unknown()).optional(),\n /** Optional: App's requested/preferred duration for this permission */\n requestedDuration: RequestedDurationSchema.optional(),\n});\n\n/**\n * App metadata schema.\n */\nexport const AppMetadataSchema = z.object({\n name: z.string().min(1).max(100),\n description: z.string().max(500).optional(),\n homepage: z.string().url().optional(),\n});\n\n/**\n * Install request schema (for prepare endpoint).\n */\nexport const InstallRequestSchema = z.object({\n connectCode: z.string().min(16),\n app: AppMetadataSchema,\n publicKey: z.string().min(40),\n requestedPermissions: z.array(PermissionRequestSchema).min(1),\n redirectUri: z.string().url(),\n});\n\nexport type InstallRequest = z.infer<typeof InstallRequestSchema>;\n\n// ============================================\n// DISCOVERY SCHEMAS\n// Resource discovery response types\n// ============================================\n\n/**\n * Resource auth configuration in discovery response.\n */\nexport const ResourceAuthSchema = z.object({\n pop: z.object({\n version: z.number(),\n }),\n});\n\n/**\n * Resource entry in discovery response.\n */\nexport const ResourceDiscoveryEntrySchema = z.object({\n resourceId: z.string(),\n actions: z.array(z.string()),\n auth: ResourceAuthSchema,\n constraints: z\n .object({\n supports: z.array(z.string()),\n })\n .optional(),\n});\n\n/**\n * Gateway info in discovery response.\n */\nexport const GatewayInfoSchema = z.object({\n version: z.string(),\n name: z.string().optional(),\n});\n\n/**\n * Full discovery response schema.\n */\nexport const ResourcesDiscoveryResponseSchema = z.object({\n gateway: GatewayInfoSchema,\n resources: z.array(ResourceDiscoveryEntrySchema),\n});\n\nexport type ResourcesDiscoveryResponse = z.infer<\n typeof ResourcesDiscoveryResponseSchema\n>;\nexport type ResourceDiscoveryEntry = z.infer<\n typeof ResourceDiscoveryEntrySchema\n>;\nexport type GatewayInfo = z.infer<typeof GatewayInfoSchema>;\n","// ============================================\n// ACCESS POLICY TYPES\n// Comprehensive access control configuration\n// ============================================\n\n/**\n * Time window restriction.\n * Allows access only during specific hours of the day.\n */\nexport interface TimeWindow {\n /** Start hour (0-23) in the specified timezone */\n startHour: number;\n /** End hour (0-23) in the specified timezone */\n endHour: number;\n /** Timezone for the time window (e.g., \"UTC\", \"America/New_York\") */\n timezone: string;\n /** Days of week allowed (0=Sunday, 6=Saturday). Empty = all days */\n allowedDays?: number[];\n}\n\n/**\n * Rate limit configuration.\n */\nexport interface RateLimitConfig {\n /** Maximum requests allowed in the window */\n maxRequests: number;\n /** Window duration in seconds */\n windowSeconds: number;\n}\n\n/**\n * Burst limit configuration.\n * Allows short-term spikes above the sustained rate limit.\n */\nexport interface BurstConfig {\n /** Maximum requests allowed in burst window */\n limit: number;\n /** Burst window duration in seconds (typically short, e.g., 10s) */\n windowSeconds: number;\n}\n\n/**\n * Quota configuration for daily/monthly limits.\n */\nexport interface QuotaConfig {\n /** Daily request quota (null = unlimited) */\n daily?: number;\n /** Monthly request quota (null = unlimited) */\n monthly?: number;\n}\n\n/**\n * Token budget for LLM resources.\n */\nexport interface TokenBudget {\n /** Daily token budget (null = unlimited) */\n daily?: number;\n /** Monthly token budget (null = unlimited) */\n monthly?: number;\n}\n\n/**\n * Per-model rate limit configuration.\n * Allows fine-grained control over different models.\n */\nexport interface ModelRateLimit {\n /** Model identifier */\n model: string;\n /** Maximum requests per window for this model */\n maxRequests: number;\n /** Window duration in seconds */\n windowSeconds: number;\n /** Maximum output tokens per request for this model (overrides global) */\n maxOutputTokens?: number;\n /** Daily token budget for this specific model */\n dailyTokenBudget?: number;\n /** Monthly token budget for this specific model */\n monthlyTokenBudget?: number;\n}\n\n/**\n * LLM-specific constraints.\n */\nexport interface LLMConstraints {\n /** Allowed model IDs (empty = all models allowed) */\n allowedModels?: string[];\n /** Maximum output tokens per request */\n maxOutputTokens?: number;\n /** Maximum input tokens per request */\n maxInputTokens?: number;\n /** Allow streaming responses */\n allowStreaming?: boolean;\n /** Maximum context window */\n maxContextWindow?: number;\n /** Per-model rate limits (overrides global rate limits) */\n modelRateLimits?: ModelRateLimit[];\n /** Allow tool/function calling */\n allowTools?: boolean;\n}\n\n/**\n * Email-specific constraints.\n */\nexport interface EmailConstraints {\n /** Allowed from domains */\n allowedFromDomains?: string[];\n /** Maximum recipients per email */\n maxRecipients?: number;\n /** Allow HTML content */\n allowHtml?: boolean;\n /** Maximum attachment size in bytes */\n maxAttachmentSize?: number;\n}\n\n/**\n * Generic HTTP constraints.\n */\nexport interface HTTPConstraints {\n /** Maximum request body size in bytes */\n maxRequestBodySize?: number;\n /** Allowed HTTP methods */\n allowedMethods?: string[];\n /** Custom constraints */\n custom?: Record<string, unknown>;\n}\n\n/**\n * Union type for all constraint types.\n */\nexport type ResourceConstraints =\n | LLMConstraints\n | EmailConstraints\n | HTTPConstraints\n | Record<string, unknown>;\n\n/**\n * Complete access policy for a permission.\n * This is what the proxy owner configures during approval.\n */\nexport interface AccessPolicy {\n // ============================================\n // Time Controls\n // ============================================\n\n /** When the permission becomes valid (ISO string, null = immediately) */\n validFrom?: string | null;\n\n /** When the permission expires (ISO string, null = never) */\n expiresAt?: string | null;\n\n /** Time-of-day restrictions */\n timeWindow?: TimeWindow | null;\n\n // ============================================\n // Rate Limiting\n // ============================================\n\n /** Sustained rate limit */\n rateLimit?: RateLimitConfig;\n\n /** Burst allowance */\n burst?: BurstConfig;\n\n // ============================================\n // Quotas\n // ============================================\n\n /** Request quotas */\n quota?: QuotaConfig;\n\n /** Token budget (LLM resources) */\n tokenBudget?: TokenBudget;\n\n // ============================================\n // Scope Constraints\n // ============================================\n\n /** Resource-specific constraints */\n constraints?: ResourceConstraints;\n}\n\n// ============================================\n// EXPIRY PRESETS\n// Quick options for common expiry scenarios\n// ============================================\n\nexport type ExpiryPreset =\n | \"1_hour\"\n | \"4_hours\"\n | \"today\"\n | \"24_hours\"\n | \"this_week\"\n | \"1_month\"\n | \"3_months\"\n | \"1_year\"\n | \"never\"\n | \"custom\";\n\nexport interface ExpiryPresetOption {\n value: ExpiryPreset;\n label: string;\n description: string;\n getDate: () => Date | null;\n}\n\n/**\n * Get expiry date from preset.\n */\nexport function getExpiryFromPreset(preset: ExpiryPreset): Date | null {\n const now = new Date();\n\n switch (preset) {\n case \"1_hour\":\n return new Date(now.getTime() + 60 * 60 * 1000);\n case \"4_hours\":\n return new Date(now.getTime() + 4 * 60 * 60 * 1000);\n case \"today\":\n // End of today in local timezone\n const endOfDay = new Date(now);\n endOfDay.setHours(23, 59, 59, 999);\n return endOfDay;\n case \"24_hours\":\n return new Date(now.getTime() + 24 * 60 * 60 * 1000);\n case \"this_week\":\n // End of this week (Sunday)\n const endOfWeek = new Date(now);\n const daysUntilSunday = 7 - endOfWeek.getDay();\n endOfWeek.setDate(endOfWeek.getDate() + daysUntilSunday);\n endOfWeek.setHours(23, 59, 59, 999);\n return endOfWeek;\n case \"1_month\":\n return new Date(now.getTime() + 30 * 24 * 60 * 60 * 1000);\n case \"3_months\":\n return new Date(now.getTime() + 90 * 24 * 60 * 60 * 1000);\n case \"1_year\":\n return new Date(now.getTime() + 365 * 24 * 60 * 60 * 1000);\n case \"never\":\n return null;\n case \"custom\":\n return null; // Custom requires manual date input\n default:\n return null;\n }\n}\n\n/**\n * All available expiry presets with labels.\n */\nexport const EXPIRY_PRESETS: ExpiryPresetOption[] = [\n {\n value: \"1_hour\",\n label: \"1 hour\",\n description: \"Expires in 1 hour\",\n getDate: () => getExpiryFromPreset(\"1_hour\"),\n },\n {\n value: \"4_hours\",\n label: \"4 hours\",\n description: \"Expires in 4 hours\",\n getDate: () => getExpiryFromPreset(\"4_hours\"),\n },\n {\n value: \"today\",\n label: \"End of today\",\n description: \"Expires at midnight\",\n getDate: () => getExpiryFromPreset(\"today\"),\n },\n {\n value: \"24_hours\",\n label: \"24 hours\",\n description: \"Expires in 24 hours\",\n getDate: () => getExpiryFromPreset(\"24_hours\"),\n },\n {\n value: \"this_week\",\n label: \"This week\",\n description: \"Expires end of week\",\n getDate: () => getExpiryFromPreset(\"this_week\"),\n },\n {\n value: \"1_month\",\n label: \"1 month\",\n description: \"Expires in 30 days\",\n getDate: () => getExpiryFromPreset(\"1_month\"),\n },\n {\n value: \"3_months\",\n label: \"3 months\",\n description: \"Expires in 90 days\",\n getDate: () => getExpiryFromPreset(\"3_months\"),\n },\n {\n value: \"1_year\",\n label: \"1 year\",\n description: \"Expires in 1 year\",\n getDate: () => getExpiryFromPreset(\"1_year\"),\n },\n {\n value: \"never\",\n label: \"Never\",\n description: \"No expiration\",\n getDate: () => null,\n },\n {\n value: \"custom\",\n label: \"Custom\",\n description: \"Set custom date\",\n getDate: () => null,\n },\n];\n\n// ============================================\n// RATE LIMIT PRESETS\n// ============================================\n\nexport interface RateLimitPreset {\n label: string;\n value: RateLimitConfig;\n}\n\nexport const RATE_LIMIT_PRESETS: RateLimitPreset[] = [\n {\n label: \"5 per minute (very restricted)\",\n value: { maxRequests: 5, windowSeconds: 60 },\n },\n { label: \"10 per minute\", value: { maxRequests: 10, windowSeconds: 60 } },\n { label: \"30 per minute\", value: { maxRequests: 30, windowSeconds: 60 } },\n {\n label: \"60 per minute (standard)\",\n value: { maxRequests: 60, windowSeconds: 60 },\n },\n { label: \"100 per hour\", value: { maxRequests: 100, windowSeconds: 3600 } },\n { label: \"500 per hour\", value: { maxRequests: 500, windowSeconds: 3600 } },\n { label: \"1000 per day\", value: { maxRequests: 1000, windowSeconds: 86400 } },\n];\n\n// ============================================\n// VALIDATION HELPERS\n// ============================================\n\n/**\n * Check if a permission is currently valid based on time controls.\n */\nexport function isPermissionValidNow(policy: AccessPolicy): {\n valid: boolean;\n reason?: string;\n} {\n const now = new Date();\n\n // Check validFrom\n if (policy.validFrom) {\n const validFromDate = new Date(policy.validFrom);\n if (now < validFromDate) {\n return {\n valid: false,\n reason: `Permission not yet valid. Starts at ${validFromDate.toISOString()}`,\n };\n }\n }\n\n // Check expiresAt\n if (policy.expiresAt) {\n const expiresAtDate = new Date(policy.expiresAt);\n if (now > expiresAtDate) {\n return {\n valid: false,\n reason: `Permission expired at ${expiresAtDate.toISOString()}`,\n };\n }\n }\n\n // Check time window\n if (policy.timeWindow) {\n const { startHour, endHour, timezone, allowedDays } = policy.timeWindow;\n\n // Get current time in the specified timezone\n const formatter = new Intl.DateTimeFormat(\"en-US\", {\n hour: \"numeric\",\n hour12: false,\n timeZone: timezone,\n });\n const currentHour = parseInt(formatter.format(now), 10);\n\n // Get current day (0 = Sunday)\n const dayFormatter = new Intl.DateTimeFormat(\"en-US\", {\n weekday: \"short\",\n timeZone: timezone,\n });\n const dayNames = [\"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", \"Sat\"];\n const currentDayName = dayFormatter.format(now);\n const currentDay = dayNames.indexOf(currentDayName.slice(0, 3));\n\n // Check allowed days\n if (\n allowedDays &&\n allowedDays.length > 0 &&\n !allowedDays.includes(currentDay)\n ) {\n return {\n valid: false,\n reason: `Access not allowed on this day (${currentDayName})`,\n };\n }\n\n // Check time window (handles overnight windows like 22:00-06:00)\n let inWindow: boolean;\n if (startHour <= endHour) {\n // Normal window (e.g., 9:00-17:00)\n inWindow = currentHour >= startHour && currentHour < endHour;\n } else {\n // Overnight window (e.g., 22:00-06:00)\n inWindow = currentHour >= startHour || currentHour < endHour;\n }\n\n if (!inWindow) {\n return {\n valid: false,\n reason: `Access only allowed between ${startHour}:00-${endHour}:00 ${timezone}`,\n };\n }\n }\n\n return { valid: true };\n}\n\n/**\n * Format an access policy for display.\n */\nexport function formatAccessPolicySummary(policy: AccessPolicy): string[] {\n const summary: string[] = [];\n\n if (policy.expiresAt) {\n const date = new Date(policy.expiresAt);\n summary.push(\n `Expires: ${date.toLocaleDateString()} ${date.toLocaleTimeString()}`,\n );\n }\n\n if (policy.validFrom) {\n const date = new Date(policy.validFrom);\n summary.push(\n `Starts: ${date.toLocaleDateString()} ${date.toLocaleTimeString()}`,\n );\n }\n\n if (policy.timeWindow) {\n const { startHour, endHour, timezone } = policy.timeWindow;\n summary.push(`Hours: ${startHour}:00-${endHour}:00 ${timezone}`);\n }\n\n if (policy.rateLimit) {\n const { maxRequests, windowSeconds } = policy.rateLimit;\n if (windowSeconds === 60) summary.push(`Rate: ${maxRequests}/min`);\n else if (windowSeconds === 3600) summary.push(`Rate: ${maxRequests}/hour`);\n else if (windowSeconds === 86400) summary.push(`Rate: ${maxRequests}/day`);\n else summary.push(`Rate: ${maxRequests}/${windowSeconds}s`);\n }\n\n if (policy.quota?.daily) {\n summary.push(`Daily quota: ${policy.quota.daily}`);\n }\n\n if (policy.quota?.monthly) {\n summary.push(`Monthly quota: ${policy.quota.monthly}`);\n }\n\n if (policy.tokenBudget?.daily) {\n summary.push(`Daily tokens: ${policy.tokenBudget.daily.toLocaleString()}`);\n }\n\n return summary;\n}\n","import { z } from \"zod\";\n\n// ============================================\n// PoP (Proof of Possession) PROTOCOL\n// Canonical signing rules and header schemas\n// ============================================\n\n/**\n * PoP header schema for v1 protocol.\n * Validates all required headers for PoP authentication.\n */\nexport const PopHeadersV1Schema = z.object({\n \"x-pop-v\": z.literal(\"1\"),\n \"x-app-id\": z.string().min(1, \"App ID is required\"),\n \"x-ts\": z.string().regex(/^\\d+$/, \"Timestamp must be numeric\"),\n \"x-nonce\": z.string().min(16, \"Nonce must be at least 16 characters\"),\n \"x-sig\": z.string().min(1, \"Signature is required\"),\n});\n\nexport type PopHeadersV1 = z.infer<typeof PopHeadersV1Schema>;\n\n/**\n * Parameters for building a canonical request string.\n */\nexport interface CanonicalRequestParams {\n /** HTTP method (will be uppercased) */\n method: string;\n /** URL path with query string (e.g., \"/v1/chat/completions?stream=true\") */\n pathWithQuery: string;\n /** App ID from x-app-id header */\n appId: string;\n /** Unix timestamp from x-ts header */\n ts: string;\n /** Nonce from x-nonce header */\n nonce: string;\n /** Base64url-encoded SHA-256 hash of request body */\n bodyHash: string;\n}\n\n/**\n * Build the canonical request string for PoP v1 signature.\n *\n * Format:\n * ```\n * v1\\n\n * <METHOD>\\n\n * <PATH_WITH_QUERY>\\n\n * <APP_ID>\\n\n * <TS>\\n\n * <NONCE>\\n\n * <BODY_HASH>\\n\n * ```\n *\n * @param params - The canonical request parameters\n * @returns The canonical request string to be signed\n *\n * @example\n * const canonical = buildCanonicalRequestV1({\n * method: \"POST\",\n * pathWithQuery: \"/v1/chat/completions?stream=true\",\n * appId: \"app_123\",\n * ts: \"1706000000\",\n * nonce: \"abc123xyz456def7\",\n * bodyHash: \"base64url-sha256-hash\",\n * });\n */\nexport function buildCanonicalRequestV1(\n params: CanonicalRequestParams,\n): string {\n return [\n \"v1\",\n params.method.toUpperCase(),\n params.pathWithQuery,\n params.appId,\n params.ts,\n params.nonce,\n params.bodyHash,\n \"\", // trailing newline\n ].join(\"\\n\");\n}\n\n/**\n * Extract path with query from a URL.\n * Combines pathname and search (including '?' when present).\n *\n * @example\n * getPathWithQuery(new URL(\"https://example.com/v1/chat?stream=true\"))\n * // Returns: \"/v1/chat?stream=true\"\n *\n * getPathWithQuery(new URL(\"https://example.com/v1/chat\"))\n * // Returns: \"/v1/chat\"\n */\nexport function getPathWithQuery(url: URL): string {\n return url.pathname + url.search;\n}\n\n/**\n * Current PoP protocol version.\n */\nexport const POP_VERSION = \"1\" as const;\n\n/**\n * Error codes specific to PoP authentication.\n */\nexport enum PopErrorCode {\n UNSUPPORTED_VERSION = \"ERR_UNSUPPORTED_POP_VERSION\",\n}\n","import { z } from \"zod\";\n\n// ============================================\n// POLICY ENFORCEMENT CONTRACTS\n// Schema-first enforcement types - no extractors\n// ============================================\n\n/**\n * Enforcement fields returned by validateAndShape.\n * These are normalized, enforceable knobs that plugins MUST provide\n * when constraints require them. This replaces the legacy extractor system.\n *\n * The schema-first approach ensures:\n * - Enforcement cannot be bypassed by malformed payloads\n * - Plugins are responsible for extracting enforcement fields during validation\n * - No \"fail-open\" extraction - if a field is needed, it must be provided\n */\nexport const EnforcementFieldsSchema = z.object({\n // LLM-specific fields\n model: z.string().optional(),\n maxOutputTokens: z.number().int().positive().optional(),\n usesTools: z.boolean().optional(),\n stream: z.boolean().optional(),\n\n // Email-specific fields\n fromDomain: z.string().optional(),\n toDomains: z.array(z.string()).optional(),\n recipientCount: z.number().int().positive().optional(),\n\n // Generic fields\n contentType: z.string().optional(),\n});\n\nexport type EnforcementFields = z.infer<typeof EnforcementFieldsSchema>;\n\n/**\n * @deprecated Use EnforcementFields instead. ExtractedRequest is kept for backward compatibility\n * but will be removed in a future version. The extractor system has been replaced with\n * schema-first validation where plugins return enforcement fields from validateAndShape.\n */\nexport const ExtractedRequestSchema = EnforcementFieldsSchema;\n\n/**\n * @deprecated Use EnforcementFields instead.\n */\nexport type ExtractedRequest = EnforcementFields;\n\n/**\n * Enforcement metadata that target apps may optionally provide.\n * This is NOT required for enforcement - the proxy can operate without it.\n * Treat as advisory only.\n */\nexport const EnforcementMetaSchema = z.object({\n /** App-provided request ID for correlation */\n requestId: z.string().optional(),\n /** Declared intent (advisory only, not enforced) */\n intent: z.string().optional(),\n /** App-declared expected model (advisory only) */\n expectedModel: z.string().optional(),\n});\n\nexport type EnforcementMeta = z.infer<typeof EnforcementMetaSchema>;\n\n/**\n * Policy definition for enforcement.\n * This mirrors ResourceConstraints but is focused on enforcement.\n */\nexport interface EnforcementPolicy {\n // LLM policies\n allowedModels?: string[];\n maxOutputTokens?: number;\n allowTools?: boolean;\n allowStreaming?: boolean;\n\n // Email policies\n allowedFromDomains?: string[];\n allowedToDomains?: string[];\n maxRecipients?: number;\n\n // Generic\n maxRequestBodySize?: number;\n}\n\n/**\n * Result of policy enforcement.\n */\nexport interface EnforcementResult {\n allowed: boolean;\n violation?: {\n code: string;\n message: string;\n field: string;\n actual?: unknown;\n limit?: unknown;\n };\n}\n","import { z, type ZodSchema } from \"zod\";\nimport type { EnforcementFields } from \"./enforcement\";\n\n// ============================================\n// PLUGIN CONTRACT\n// Core types and schemas for resource plugins\n// ============================================\n\n// ============================================\n// DUAL-ENTRYPOINT PLUGIN ARCHITECTURE\n// --------------------------------------------\n// Plugins can expose two entrypoints:\n//\n// 1. /proxy - Server-side code for the gateway proxy\n// - Implements execute(), validateAndShape(), etc.\n// - No browser-only code\n// - Import: @glueco/plugin-xxx/proxy\n//\n// 2. /client - Client-side typed wrappers for target apps\n// - Depends only on SDK transport interface\n// - Strongly typed methods per action\n// - No Node-only APIs\n// - Import: @glueco/plugin-xxx/client\n//\n// A plugin is considered \"SDK-compatible\" only if it exports\n// both /proxy and /client entrypoints with shared contracts.\n// ============================================\n\n/**\n * Plugin authentication configuration.\n */\nexport const PluginAuthSchema = z.object({\n pop: z.object({\n version: z.number().int().positive(),\n }),\n});\n\nexport type PluginAuth = z.infer<typeof PluginAuthSchema>;\n\n/**\n * Plugin support configuration.\n * Describes which enforcement knobs the plugin supports.\n */\nexport const PluginSupportsSchema = z.object({\n enforcement: z.array(z.string()),\n});\n\nexport type PluginSupports = z.infer<typeof PluginSupportsSchema>;\n\n/**\n * Extractor descriptor - describes how to extract enforceable fields.\n * Can reference a function name (for core extractors) or provide inline config.\n */\nexport const ExtractorDescriptorSchema = z.object({\n /** Reference to core extractor by name (e.g., \"openai-compatible\", \"gemini\") */\n type: z.string().optional(),\n /** Custom extraction config (for future use) */\n config: z.record(z.unknown()).optional(),\n});\n\nexport type ExtractorDescriptor = z.infer<typeof ExtractorDescriptorSchema>;\n\n/**\n * Credential schema field descriptor.\n * Used for UI generation to collect provider credentials.\n */\nexport const CredentialFieldSchema = z.object({\n name: z.string(),\n type: z.enum([\"string\", \"secret\", \"url\", \"number\", \"boolean\"]),\n label: z.string(),\n description: z.string().optional(),\n required: z.boolean().default(true),\n default: z.unknown().optional(),\n});\n\nexport type CredentialField = z.infer<typeof CredentialFieldSchema>;\n\n/**\n * Full credential schema for a plugin.\n */\nexport const PluginCredentialSchemaSchema = z.object({\n fields: z.array(CredentialFieldSchema),\n});\n\nexport type PluginCredentialSchema = z.infer<\n typeof PluginCredentialSchemaSchema\n>;\n\n// ============================================\n// PLUGIN EXECUTION TYPES\n// ============================================\n\n/**\n * Usage metrics extracted from response.\n */\nexport interface PluginUsageMetrics {\n inputTokens?: number;\n outputTokens?: number;\n totalTokens?: number;\n model?: string;\n custom?: Record<string, unknown>;\n}\n\n/**\n * Execute options passed to plugin.\n */\nexport interface PluginExecuteOptions {\n stream: boolean;\n signal?: AbortSignal;\n}\n\n/**\n * Execute result from plugin.\n */\nexport interface PluginExecuteResult {\n /** For non-streaming responses */\n response?: unknown;\n /** For streaming responses */\n stream?: ReadableStream<Uint8Array>;\n /** Response content type */\n contentType: string;\n /** Usage metrics (available for non-streaming) */\n usage?: PluginUsageMetrics;\n}\n\n/**\n * Validation result from plugin.\n * In the schema-first pipeline:\n * - shapedInput: The validated/transformed payload ready for upstream execution\n * - enforcement: Normalized fields extracted during validation for policy enforcement\n *\n * The enforcement fields are REQUIRED when constraints exist for those fields.\n * This ensures enforcement cannot be bypassed by malformed payloads.\n */\nexport interface PluginValidationResult {\n valid: boolean;\n error?: string;\n /** Transformed/validated input ready for execution (provider-native format) */\n shapedInput?: unknown;\n /** Normalized enforcement fields extracted during validation */\n enforcement?: EnforcementFields;\n}\n\n/**\n * Mapped error from plugin.\n */\nexport interface PluginMappedError {\n status: number;\n code: string;\n message: string;\n retryable: boolean;\n}\n\n/**\n * Context for plugin execution.\n * Contains resolved credentials and configuration.\n */\nexport interface PluginExecuteContext {\n /** The resolved API key/secret */\n secret: string;\n /** Additional config (e.g., custom baseUrl) */\n config: Record<string, unknown> | null;\n}\n\n/**\n * Resource constraints passed to validation.\n */\nexport interface PluginResourceConstraints {\n // LLM constraints\n allowedModels?: string[];\n maxOutputTokens?: number;\n maxInputTokens?: number;\n allowStreaming?: boolean;\n\n // Email constraints\n allowedFromDomains?: string[];\n allowedToDomains?: string[];\n maxRecipients?: number;\n allowHtml?: boolean;\n allowAttachments?: boolean;\n\n // Generic\n maxRequestBodySize?: number;\n\n // Extensible\n [key: string]: unknown;\n}\n\n// ============================================\n// CLIENT CONTRACT METADATA (Dual-Entrypoint Support)\n// ============================================\n\n/**\n * Action schema descriptor for client contracts.\n * Describes the request/response schema for a single action.\n */\nexport interface PluginActionSchemaDescriptor {\n /** Zod schema for validating requests (optional, can be inferred from contracts) */\n requestSchema?: ZodSchema;\n /** Zod schema for validating responses (optional, can be inferred from contracts) */\n responseSchema?: ZodSchema;\n /** Human-readable description of this action */\n description?: string;\n}\n\n/**\n * Client contract metadata for dual-entrypoint plugins.\n * Describes how the client-side interface is organized.\n *\n * Example:\n * ```ts\n * client: {\n * namespace: \"gemini\",\n * actions: {\n * \"chat.completions\": {\n * requestSchema: ChatCompletionRequestSchema,\n * responseSchema: ChatCompletionResponseSchema,\n * description: \"Generate chat completions using Gemini\"\n * }\n * }\n * }\n * ```\n */\nexport interface PluginClientContract {\n /**\n * Namespace for the client wrapper (used for import organization).\n * Example: \"gemini\" -> `import { gemini } from \"@glueco/plugin-llm-gemini/client\"`\n */\n namespace: string;\n\n /**\n * Action descriptors mapping action names to their schemas.\n * Keys should match the `actions` array in the plugin.\n */\n actions: Record<string, PluginActionSchemaDescriptor>;\n\n /**\n * Package entrypoint for the client module.\n * Default: \"./client\"\n */\n entrypoint?: string;\n}\n\n// ============================================\n// PLUGIN CONTRACT INTERFACE\n// ============================================\n\n/**\n * Core plugin contract.\n * Every plugin must implement this interface.\n */\nexport interface PluginContract {\n /**\n * Unique plugin identifier.\n * Format: <resourceType>:<provider>\n * Examples: \"llm:groq\", \"llm:gemini\", \"mail:resend\"\n */\n readonly id: string;\n\n /**\n * Resource type category.\n * Examples: \"llm\", \"mail\", \"storage\"\n */\n readonly resourceType: string;\n\n /**\n * Provider name.\n * Examples: \"groq\", \"gemini\", \"resend\", \"openai\"\n */\n readonly provider: string;\n\n /**\n * Plugin version string (semver).\n */\n readonly version: string;\n\n /**\n * Human-readable display name.\n */\n readonly name: string;\n\n /**\n * Supported actions.\n * Examples: [\"chat.completions\", \"models.list\"]\n */\n readonly actions: string[];\n\n /**\n * Authentication configuration for discovery.\n */\n readonly auth: PluginAuth;\n\n /**\n * Enforcement support configuration.\n */\n readonly supports: PluginSupports;\n\n /**\n * Optional extractor descriptors per action.\n * Key = action name, value = extractor descriptor.\n */\n readonly extractors?: Record<string, ExtractorDescriptor>;\n\n /**\n * Optional credential schema for UI generation.\n */\n readonly credentialSchema?: PluginCredentialSchema;\n\n /**\n * Optional client contract metadata for dual-entrypoint plugins.\n * Describes the client-side interface for typed wrappers.\n *\n * This metadata is used by:\n * - SDK typed wrappers to provide autocomplete\n * - Documentation generation\n * - System-check app (optional validation)\n */\n readonly client?: PluginClientContract;\n\n /**\n * Default models for this plugin (for LLM plugins).\n * Used by the proxy to list available models when no restrictions are set.\n */\n readonly defaultModels?: readonly string[];\n\n /**\n * Validate input and apply constraints.\n * Returns shaped input ready for execution.\n */\n validateAndShape(\n action: string,\n input: unknown,\n constraints: PluginResourceConstraints,\n ): PluginValidationResult;\n\n /**\n * Execute the resource action.\n */\n execute(\n action: string,\n shapedInput: unknown,\n ctx: PluginExecuteContext,\n options: PluginExecuteOptions,\n ): Promise<PluginExecuteResult>;\n\n /**\n * Extract usage metrics from response.\n */\n extractUsage(response: unknown): PluginUsageMetrics;\n\n /**\n * Map provider errors to standardized format.\n */\n mapError(error: unknown): PluginMappedError;\n}\n\n// ============================================\n// PLUGIN VALIDATION SCHEMA\n// ============================================\n\n/**\n * Schema to validate plugin metadata at registration.\n */\nexport const PluginClientContractSchema = z.object({\n namespace: z.string().min(1),\n actions: z.record(\n z.object({\n requestSchema: z.any().optional(),\n responseSchema: z.any().optional(),\n description: z.string().optional(),\n }),\n ),\n entrypoint: z.string().optional(),\n});\n\nexport const PluginMetadataSchema = z.object({\n id: z.string().regex(/^[a-z]+:[a-z0-9-]+$/, {\n message: \"Plugin ID must be in format: <resourceType>:<provider>\",\n }),\n resourceType: z.string().min(1),\n provider: z.string().min(1),\n version: z.string().min(1),\n name: z.string().min(1),\n actions: z.array(z.string()).min(1),\n auth: PluginAuthSchema,\n supports: PluginSupportsSchema,\n extractors: z.record(ExtractorDescriptorSchema).optional(),\n credentialSchema: PluginCredentialSchemaSchema.optional(),\n client: PluginClientContractSchema.optional(),\n defaultModels: z.array(z.string()).optional(),\n});\n\nexport type PluginMetadata = z.infer<typeof PluginMetadataSchema>;\n\n/**\n * Validate plugin object has correct metadata.\n */\nexport function validatePluginMetadata(plugin: unknown): {\n valid: boolean;\n error?: string;\n metadata?: PluginMetadata;\n} {\n if (!plugin || typeof plugin !== \"object\") {\n return { valid: false, error: \"Plugin must be an object\" };\n }\n\n const result = PluginMetadataSchema.safeParse(plugin);\n if (!result.success) {\n return {\n valid: false,\n error: `Invalid plugin metadata: ${result.error.errors.map((e) => e.message).join(\", \")}`,\n };\n }\n\n // Verify ID matches resourceType:provider\n const meta = result.data;\n const expectedId = `${meta.resourceType}:${meta.provider}`;\n if (meta.id !== expectedId) {\n return {\n valid: false,\n error: `Plugin ID '${meta.id}' must match '${expectedId}'`,\n };\n }\n\n return { valid: true, metadata: meta };\n}\n\n// ============================================\n// DISCOVERY TYPES (based on plugin registry)\n// ============================================\n\n/**\n * Discovery entry format for plugins.\n */\nexport interface PluginDiscoveryEntry {\n resourceId: string;\n actions: string[];\n auth: PluginAuth;\n version: string;\n constraints: {\n supports: string[];\n };\n /** Client entrypoint info (if SDK-compatible) */\n client?: {\n namespace: string;\n entrypoint: string;\n };\n}\n\n/**\n * Convert plugin to discovery entry format.\n * Includes version for client compatibility checks.\n *\n * TODO: Add version compatibility negotiation in future iteration.\n * The version exposed here allows target apps to verify they are\n * using a compatible client version.\n */\nexport function pluginToDiscoveryEntry(\n plugin: PluginContract,\n): PluginDiscoveryEntry {\n const entry: PluginDiscoveryEntry = {\n resourceId: plugin.id,\n actions: plugin.actions,\n auth: plugin.auth,\n version: plugin.version,\n constraints: {\n supports: plugin.supports.enforcement,\n },\n };\n\n // Include client info if plugin is SDK-compatible\n if (plugin.client) {\n entry.client = {\n namespace: plugin.client.namespace,\n entrypoint: plugin.client.entrypoint ?? \"./client\",\n };\n }\n\n return entry;\n}\n\n// ============================================\n// HELPER TYPES FOR PLUGIN AUTHORS\n// ============================================\n\n/**\n * Base plugin options for creating plugins.\n */\nexport interface CreatePluginOptions {\n id: string;\n resourceType: string;\n provider: string;\n version: string;\n name: string;\n actions: string[];\n auth?: PluginAuth;\n supports?: PluginSupports;\n extractors?: Record<string, ExtractorDescriptor>;\n credentialSchema?: PluginCredentialSchema;\n /** Client contract metadata for SDK-compatible plugins */\n client?: PluginClientContract;\n /** Default models for LLM plugins */\n defaultModels?: readonly string[];\n}\n\n/**\n * Default auth configuration.\n */\nexport const DEFAULT_PLUGIN_AUTH: PluginAuth = {\n pop: { version: 1 },\n};\n\n/**\n * Default supports configuration.\n */\nexport const DEFAULT_PLUGIN_SUPPORTS: PluginSupports = {\n enforcement: [],\n};\n\n/**\n * Helper to create plugin with defaults.\n */\nexport function createPluginBase(options: CreatePluginOptions): {\n id: string;\n resourceType: string;\n provider: string;\n version: string;\n name: string;\n actions: string[];\n auth: PluginAuth;\n supports: PluginSupports;\n extractors?: Record<string, ExtractorDescriptor>;\n credentialSchema?: PluginCredentialSchema;\n client?: PluginClientContract;\n defaultModels?: readonly string[];\n} {\n return {\n id: options.id,\n resourceType: options.resourceType,\n provider: options.provider,\n version: options.version,\n name: options.name,\n actions: options.actions,\n auth: options.auth ?? DEFAULT_PLUGIN_AUTH,\n supports: options.supports ?? DEFAULT_PLUGIN_SUPPORTS,\n extractors: options.extractors,\n credentialSchema: options.credentialSchema,\n client: options.client,\n defaultModels: options.defaultModels,\n };\n}\n","// ============================================\n// SHARED TYPES\n// Common types used by proxy and SDK\n// ============================================\n\n/**\n * Resource identifier format: <resourceType>:<provider>\n * Examples: llm:groq, llm:gemini, mail:resend\n */\nexport type ResourceId = `${string}:${string}`;\n\n/**\n * Parse a resource ID into its components.\n */\nexport function parseResourceId(resourceId: string): {\n resourceType: string;\n provider: string;\n} {\n const parts = resourceId.split(\":\");\n if (parts.length !== 2) {\n throw new Error(\n `Invalid resource ID format: ${resourceId}. Expected: <resourceType>:<provider>`,\n );\n }\n return {\n resourceType: parts[0],\n provider: parts[1],\n };\n}\n\n/**\n * Create a resource ID from components.\n */\nexport function createResourceId(\n resourceType: string,\n provider: string,\n): ResourceId {\n return `${resourceType}:${provider}` as ResourceId;\n}\n\n/**\n * Pairing string info parsed from pair::<url>::<code>\n */\nexport interface PairingInfo {\n proxyUrl: string;\n connectCode: string;\n}\n\n/**\n * Rate limit configuration.\n */\nexport interface RateLimitConfig {\n maxRequests: number;\n windowSeconds: number;\n}\n\n/**\n * Permission request for an app.\n */\nexport interface PermissionRequest {\n resourceId: string;\n actions: string[];\n constraints?: Record<string, unknown>;\n rateLimit?: RateLimitConfig; // Per-permission rate limit\n}\n\n/**\n * App metadata for registration.\n */\nexport interface AppMetadata {\n name: string;\n description?: string;\n homepage?: string;\n}\n\n/**\n * Gateway config stored after approval.\n */\nexport interface GatewayConfig {\n appId: string;\n proxyUrl: string;\n}\n\n/**\n * Resource constraint types (generic).\n */\nexport interface ResourceConstraints {\n // LLM constraints\n allowedModels?: string[];\n maxOutputTokens?: number;\n maxInputTokens?: number;\n allowStreaming?: boolean;\n\n // Email constraints\n allowedFromDomains?: string[];\n maxRecipients?: number;\n allowHtml?: boolean;\n\n // Generic\n maxRequestBodySize?: number;\n custom?: Record<string, unknown>;\n}\n\nexport * from \"./errors\";\nexport * from \"./schemas\";\nexport * from \"./access-policy\";\nexport * from \"./pop\";\nexport * from \"./enforcement\";\nexport * from \"./plugins\";\nexport * from \"./duration-presets\";\n"]}
package/dist/index.mjs CHANGED
@@ -701,7 +701,8 @@ var PluginMetadataSchema = z.object({
701
701
  supports: PluginSupportsSchema,
702
702
  extractors: z.record(ExtractorDescriptorSchema).optional(),
703
703
  credentialSchema: PluginCredentialSchemaSchema.optional(),
704
- client: PluginClientContractSchema.optional()
704
+ client: PluginClientContractSchema.optional(),
705
+ defaultModels: z.array(z.string()).optional()
705
706
  });
706
707
  function validatePluginMetadata(plugin) {
707
708
  if (!plugin || typeof plugin !== "object") {
@@ -760,7 +761,8 @@ function createPluginBase(options) {
760
761
  supports: options.supports ?? DEFAULT_PLUGIN_SUPPORTS,
761
762
  extractors: options.extractors,
762
763
  credentialSchema: options.credentialSchema,
763
- client: options.client
764
+ client: options.client,
765
+ defaultModels: options.defaultModels
764
766
  };
765
767
  }
766
768
 
package/dist/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/errors.ts","../src/duration-presets.ts","../src/schemas.ts","../src/access-policy.ts","../src/pop.ts","../src/enforcement.ts","../src/plugins.ts","../src/index.ts"],"names":["ErrorCode","z","PopErrorCode"],"mappings":";;;AAUO,IAAK,SAAA,qBAAAA,UAAAA,KAAL;AAEL,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,sBAAA,CAAA,GAAuB,sBAAA;AACvB,EAAAA,WAAA,6BAAA,CAAA,GAA8B,6BAAA;AAC9B,EAAAA,WAAA,wBAAA,CAAA,GAAyB,wBAAA;AAGzB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AACnB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,mBAAA,CAAA,GAAoB,mBAAA;AACpB,EAAAA,WAAA,mBAAA,CAAA,GAAoB,mBAAA;AACpB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AAGnB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,wBAAA,CAAA,GAAyB,wBAAA;AACzB,EAAAA,WAAA,0BAAA,CAAA,GAA2B,0BAAA;AAG3B,EAAAA,WAAA,yBAAA,CAAA,GAA0B,yBAAA;AAC1B,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AAGtB,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AACtB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AACnB,EAAAA,WAAA,gCAAA,CAAA,GAAiC,gCAAA;AAGjC,EAAAA,WAAA,cAAA,CAAA,GAAe,cAAA;AACf,EAAAA,WAAA,oBAAA,CAAA,GAAqB,oBAAA;AAGrB,EAAAA,WAAA,4BAAA,CAAA,GAA6B,4BAAA;AAC7B,EAAAA,WAAA,0BAAA,CAAA,GAA2B,0BAAA;AAC3B,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AAGtB,EAAAA,WAAA,6BAAA,CAAA,GAA8B,6BAAA;AAG9B,EAAAA,WAAA,sBAAA,CAAA,GAAuB,sBAAA;AACvB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,yBAAA,CAAA,GAA0B,yBAAA;AAC1B,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,2BAAA,CAAA,GAA4B,2BAAA;AA9ClB,EAAA,OAAAA,UAAAA;AAAA,CAAA,EAAA,SAAA,IAAA,EAAA;AAoDL,SAAS,eAAe,IAAA,EAAyB;AACtD,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,uBAAA;AAAA,IACL,KAAK,qBAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,0BAAA;AAAA,IACL,KAAK,4BAAA;AAAA,IACL,KAAK,0BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,gCAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,kBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,mBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,uBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,kBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,mBAAA;AAAA,IACL,KAAK,sBAAA;AAAA,IACL,KAAK,wBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,qBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,6BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,sBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,yBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,2BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,yBAAA;AAAA,IACL,KAAK,qBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,6BAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,oBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET;AACE,MAAA,OAAO,GAAA;AAAA;AAEb;AAKO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA,EAMtC,WAAA,CACE,IAAA,EACA,OAAA,EACA,OAAA,EAIA;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,eAAe,IAAI,CAAA;AACjC,IAAA,IAAA,CAAK,UAAU,OAAA,EAAS,OAAA;AACxB,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAAA,EAC5B;AAAA,EAEA,MAAA,GAAS;AACP,IAAA,OAAO;AAAA,MACL,KAAA,EAAO;AAAA,QACL,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,SAAS,IAAA,CAAK,OAAA;AAAA,QACd,GAAI,IAAA,CAAK,SAAA,IAAa,EAAE,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,QAClD,GAAI,IAAA,CAAK,OAAA,IAAW,EAAE,OAAA,EAAS,KAAK,OAAA;AAAQ;AAC9C,KACF;AAAA,EACF;AACF;AAKO,SAAS,sBAAsB,IAAA,EAA6B;AACjE,EAAA,MAAM,OAAA,GAAU,IAAA,GACZ,CAAA,wBAAA,EAA2B,IAAI,CAAA,CAAA,GAC/B,8GAAA;AAEJ,EAAA,OAAO,IAAI,YAAA,CAAa,uBAAA,8BAAiC,OAAA,EAAS;AAAA,IAChE,OAAA,EAAS;AAAA,MACP,QAAA,EAAU;AAAA,QACR,IAAA,EAAM,iCAAA;AAAA,QACN,MAAA,EAAQ,mCAAA;AAAA,QACR,MAAA,EAAQ;AAAA;AACV;AACF,GACD,CAAA;AACH;AAWO,IAAM,0BAAA,GAA6B,EAAE,MAAA,CAAO;AAAA,EACjD,KAAA,EAAO,EAAE,MAAA,CAAO;AAAA,IACd,IAAA,EAAM,EAAE,MAAA,EAAO;AAAA,IACf,OAAA,EAAS,EAAE,MAAA,EAAO;AAAA,IAClB,SAAA,EAAW,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC/B,OAAA,EAAS,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AAAS,GAC/B;AACH,CAAC;AAOM,SAAS,mBAAA,CACd,IAAA,EACA,OAAA,EACA,OAAA,EAIsB;AACtB,EAAA,OAAO;AAAA,IACL,KAAA,EAAO;AAAA,MACL,IAAA;AAAA,MACA,OAAA;AAAA,MACA,GAAI,OAAA,EAAS,SAAA,IAAa,EAAE,SAAA,EAAW,QAAQ,SAAA,EAAU;AAAA,MACzD,GAAI,OAAA,EAAS,OAAA,KAAY,UAAa,EAAE,OAAA,EAAS,QAAQ,OAAA;AAAQ;AACnE,GACF;AACF;AC5KO,IAAM,gBAAA,GAAqC;AAAA,EAChD;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,uBAAA;AAAA,IACb,UAAA,EAAY,KAAK,EAAA,GAAK,GAAA;AAAA,IACtB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,kBAAA;AAAA,IACb,UAAA,EAAY,CAAA,GAAI,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAC1B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,UAAA;AAAA,IACJ,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,gBAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAC3B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,QAAA;AAAA,IACb,UAAA,EAAY,CAAA,GAAI,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA,GACjC;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,SAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAChC,aAAA,EAAe;AAAA,GACjB;AAAA,EACA;AAAA,IACE,EAAA,EAAI,UAAA;AAAA,IACJ,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,SAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAChC,aAAA,EAAe;AAAA,GACjB;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,UAAA;AAAA,IACb,UAAA,EAAY,GAAA,GAAM,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA,GACnC;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,eAAA;AAAA,IACb,UAAA,EAAY;AAAA,GACd;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,wBAAA;AAAA,IACb,UAAA,EAAY;AAAA;AAEhB;AAKO,SAAS,kBACd,EAAA,EAC4B;AAC5B,EAAA,OAAO,iBAAiB,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,EAAE,CAAA;AACjD;AAMO,SAAS,2BAAA,CACd,QAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACb;AACb,EAAA,MAAM,MAAA,GAAS,kBAAkB,QAAQ,CAAA;AACzC,EAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,UAAA,KAAe,IAAA,EAAM;AACzC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,OAAA,EAAQ,GAAI,OAAO,UAAU,CAAA;AACxD;AAKO,SAAS,qBAAA,CACd,UAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACpB;AACN,EAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,OAAA,KAAY,UAAU,CAAA;AACjD;AAKO,SAAS,kBAAkB,UAAA,EAA2C;AAC3E,EAAA,IAAI,eAAe,IAAA,EAAM;AACvB,IAAA,OAAO,iBAAiB,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,SAAS,CAAA;AAAA,EACxD;AAGA,EAAA,IAAI,OAAA,GAAU,iBAAiB,CAAC,CAAA;AAChC,EAAA,IAAI,WAAA,GAAc,QAAA;AAElB,EAAA,KAAA,MAAW,UAAU,gBAAA,EAAkB;AACrC,IAAA,IAAI,MAAA,CAAO,UAAA,KAAe,IAAA,IAAQ,MAAA,CAAO,OAAO,QAAA,EAAU;AAE1D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,GAAA,CAAI,MAAA,CAAO,aAAa,UAAU,CAAA;AACpD,IAAA,IAAI,OAAO,WAAA,EAAa;AACtB,MAAA,WAAA,GAAc,IAAA;AACd,MAAA,OAAA,GAAU,MAAA;AAAA,IACZ;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAKO,SAAS,eAAe,UAAA,EAAmC;AAChE,EAAA,IAAI,UAAA,KAAe,MAAM,OAAO,SAAA;AAEhC,EAAA,MAAM,KAAA,GAAQ,UAAA,IAAc,EAAA,GAAK,EAAA,GAAK,GAAA,CAAA;AACtC,EAAA,IAAI,KAAA,GAAQ,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAEzE,EAAA,MAAM,OAAO,KAAA,GAAQ,EAAA;AACrB,EAAA,IAAI,IAAA,GAAO,CAAA,EAAG,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,IAAI,CAAC,CAAA,IAAA,EAAO,IAAA,KAAS,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAEpE,EAAA,MAAM,QAAQ,IAAA,GAAO,CAAA;AACrB,EAAA,IAAI,KAAA,GAAQ,CAAA,EAAG,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAExE,EAAA,MAAM,SAAS,IAAA,GAAO,EAAA;AACtB,EAAA,IAAI,MAAA,GAAS,EAAA;AACX,IAAA,OAAO,CAAA,EAAG,KAAK,KAAA,CAAM,MAAM,CAAC,CAAA,MAAA,EAAS,MAAA,KAAW,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAE9D,EAAA,MAAM,QAAQ,IAAA,GAAO,GAAA;AACrB,EAAA,OAAO,CAAA,EAAG,KAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAC3D;AAKO,SAAS,qBAAqB,SAAA,EAAgC;AACnE,EAAA,IAAI,CAAC,WAAW,OAAO,OAAA;AAEvB,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,EAAA,MAAM,IAAA,GAAO,SAAA,CAAU,OAAA,EAAQ,GAAI,IAAI,OAAA,EAAQ;AAE/C,EAAA,IAAI,IAAA,IAAQ,GAAG,OAAO,SAAA;AACtB,EAAA,OAAO,CAAA,GAAA,EAAM,cAAA,CAAe,IAAI,CAAC,CAAA,CAAA;AACnC;AASO,IAAM,sBAAA,GAAyBC,EAAE,IAAA,CAAK;AAAA,EAC3C,QAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,uBAAA,GAA0BA,EAAE,KAAA,CAAM;AAAA;AAAA,EAE7CA,EAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,QAAQ,CAAA;AAAA,IACxB,MAAA,EAAQ;AAAA,GACT,CAAA;AAAA;AAAA,EAEDA,EAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,IAC1B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAAS,GACvC,CAAA;AAAA;AAAA,EAEDA,EAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,OAAO,CAAA;AAAA,IACvB,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,GAChC;AACH,CAAC;AAOM,SAAS,wBAAA,CACd,QAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACb;AACb,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,QAAQ,SAAS,IAAA;AAAM,IACrB,KAAK,QAAA;AACH,MAAA,OAAO,2BAAA,CAA4B,QAAA,CAAS,MAAA,EAAQ,QAAQ,CAAA;AAAA,IAC9D,KAAK,UAAA;AACH,MAAA,OAAO,qBAAA,CAAsB,QAAA,CAAS,UAAA,EAAY,QAAQ,CAAA;AAAA,IAC5D,KAAK,OAAA;AACH,MAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,SAAS,CAAA;AAAA;AAExC;AAKO,SAAS,qBACd,MAAA,EACmB;AACnB,EAAA,OAAO,EAAE,IAAA,EAAM,QAAA,EAAU,MAAA,EAAO;AAClC;AAKO,SAAS,iBAAiB,UAAA,EAAuC;AACtE,EAAA,OAAO,EAAE,IAAA,EAAM,UAAA,EAAY,UAAA,EAAW;AACxC;AAKO,SAAS,oBAAoB,SAAA,EAAoC;AACtE,EAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,SAAA,EAAW,SAAA,CAAU,aAAY,EAAE;AAC7D;;;AC9QO,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA,EACxC,IAAA,EAAMA,EAAE,IAAA,CAAK,CAAC,UAAU,MAAA,EAAQ,WAAA,EAAa,MAAM,CAAC,CAAA;AAAA,EACpD,OAAA,EAASA,EACN,KAAA,CAAM;AAAA,IACLA,EAAE,MAAA,EAAO;AAAA,IACTA,CAAAA,CAAE,KAAA;AAAA,MACAA,EAAE,MAAA,CAAO;AAAA,QACP,IAAA,EAAMA,EAAE,MAAA,EAAO;AAAA,QACf,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,QAC1B,SAAA,EAAWA,EACR,MAAA,CAAO;AAAA,UACN,GAAA,EAAKA,EAAE,MAAA,EAAO;AAAA,UACd,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,SAC7B,EACA,QAAA;AAAS,OACb;AAAA;AACH,GACD,EACA,QAAA,EAAS;AAAA,EACZ,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1B,YAAYA,CAAAA,CACT,KAAA;AAAA,IACCA,EAAE,MAAA,CAAO;AAAA,MACP,EAAA,EAAIA,EAAE,MAAA,EAAO;AAAA,MACb,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,EAAE,MAAA,CAAO;AAAA,QACjB,IAAA,EAAMA,EAAE,MAAA,EAAO;AAAA,QACf,SAAA,EAAWA,EAAE,MAAA;AAAO,OACrB;AAAA,KACF;AAAA,IAEF,QAAA,EAAS;AAAA,EACZ,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC3B,CAAC;AAKM,IAAM,2BAAA,GAA8BA,EAAE,MAAA,CAAO;AAAA,EAClD,KAAA,EAAOA,EAAE,MAAA,EAAO;AAAA,EAChB,QAAA,EAAUA,CAAAA,CAAE,KAAA,CAAM,iBAAiB,CAAA;AAAA,EACnC,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC/C,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACzC,CAAA,EAAGA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,EAAI,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,QAAA,EAAS;AAAA,EAC5C,MAAA,EAAQA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EAC7B,IAAA,EAAMA,CAAAA,CAAE,KAAA,CAAM,CAACA,EAAE,MAAA,EAAO,EAAGA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,CAAC,CAAC,EAAE,QAAA,EAAS;AAAA,EAC1D,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACjD,qBAAA,EAAuBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EAC5D,gBAAA,EAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACrD,iBAAA,EAAmBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACtD,YAAYA,CAAAA,CAAE,MAAA,CAAOA,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EAC1C,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1B,OAAOA,CAAAA,CACJ,KAAA;AAAA,IACCA,EAAE,MAAA,CAAO;AAAA,MACP,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,EAAE,MAAA,CAAO;AAAA,QACjB,IAAA,EAAMA,EAAE,MAAA,EAAO;AAAA,QACf,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,QACjC,YAAYA,CAAAA,CAAE,MAAA,CAAOA,EAAE,OAAA,EAAS,EAAE,QAAA;AAAS,OAC5C;AAAA,KACF;AAAA,IAEF,QAAA,EAAS;AAAA,EACZ,WAAA,EAAaA,EACV,KAAA,CAAM;AAAA,IACLA,CAAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,CAAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,CAAAA,CAAE,QAAQ,UAAU,CAAA;AAAA,IACpBA,EAAE,MAAA,CAAO;AAAA,MACP,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,EAAE,MAAA,CAAO,EAAE,MAAMA,CAAAA,CAAE,MAAA,IAAU;AAAA,KACxC;AAAA,GACF,EACA,QAAA,EAAS;AAAA,EACZ,eAAA,EAAiBA,EACd,MAAA,CAAO;AAAA,IACN,MAAMA,CAAAA,CAAE,IAAA,CAAK,CAAC,MAAA,EAAQ,aAAa,CAAC;AAAA,GACrC,EACA,QAAA,EAAS;AAAA,EACZ,MAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AACzB,CAAC;AASM,IAAM,uBAAA,GAA0BA,EAAE,MAAA,CAAO;AAAA,EAC9C,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,MAAM,qBAAA,EAAuB;AAAA,IAClD,OAAA,EAAS;AAAA,GACV,CAAA;AAAA,EACD,OAAA,EAASA,EAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAClC,aAAaA,CAAAA,CAAE,MAAA,CAAOA,EAAE,OAAA,EAAS,EAAE,QAAA,EAAS;AAAA;AAAA,EAE5C,iBAAA,EAAmB,wBAAwB,QAAA;AAC7C,CAAC;AAKM,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA,EACxC,IAAA,EAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA,EAC/B,aAAaA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA,EAC1C,UAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAC7B,CAAC;AAKM,IAAM,oBAAA,GAAuBA,EAAE,MAAA,CAAO;AAAA,EAC3C,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA;AAAA,EAC9B,GAAA,EAAK,iBAAA;AAAA,EACL,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA;AAAA,EAC5B,sBAAsBA,CAAAA,CAAE,KAAA,CAAM,uBAAuB,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAC5D,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA;AAC1B,CAAC;AAYM,IAAM,kBAAA,GAAqBA,EAAE,MAAA,CAAO;AAAA,EACzC,GAAA,EAAKA,EAAE,MAAA,CAAO;AAAA,IACZ,OAAA,EAASA,EAAE,MAAA;AAAO,GACnB;AACH,CAAC;AAKM,IAAM,4BAAA,GAA+BA,EAAE,MAAA,CAAO;AAAA,EACnD,UAAA,EAAYA,EAAE,MAAA,EAAO;AAAA,EACrB,OAAA,EAASA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,IAAA,EAAM,kBAAA;AAAA,EACN,WAAA,EAAaA,EACV,MAAA,CAAO;AAAA,IACN,QAAA,EAAUA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ;AAAA,GAC7B,EACA,QAAA;AACL,CAAC;AAKM,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA,EACxC,OAAA,EAASA,EAAE,MAAA,EAAO;AAAA,EAClB,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACnB,CAAC;AAKM,IAAM,gCAAA,GAAmCA,EAAE,MAAA,CAAO;AAAA,EACvD,OAAA,EAAS,iBAAA;AAAA,EACT,SAAA,EAAWA,CAAAA,CAAE,KAAA,CAAM,4BAA4B;AACjD,CAAC;;;ACiCM,SAAS,oBAAoB,MAAA,EAAmC;AACrE,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAErB,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,IAAA,CAAK,GAAA,CAAI,SAAQ,GAAI,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IAChD,KAAK,SAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,CAAA,GAAI,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IACpD,KAAK,OAAA;AAEH,MAAA,MAAM,QAAA,GAAW,IAAI,IAAA,CAAK,GAAG,CAAA;AAC7B,MAAA,QAAA,CAAS,QAAA,CAAS,EAAA,EAAI,EAAA,EAAI,EAAA,EAAI,GAAG,CAAA;AACjC,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IACrD,KAAK,WAAA;AAEH,MAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,GAAG,CAAA;AAC9B,MAAA,MAAM,eAAA,GAAkB,CAAA,GAAI,SAAA,CAAU,MAAA,EAAO;AAC7C,MAAA,SAAA,CAAU,OAAA,CAAQ,SAAA,CAAU,OAAA,EAAQ,GAAI,eAAe,CAAA;AACvD,MAAA,SAAA,CAAU,QAAA,CAAS,EAAA,EAAI,EAAA,EAAI,EAAA,EAAI,GAAG,CAAA;AAClC,MAAA,OAAO,SAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC1D,KAAK,UAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC1D,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,GAAA,GAAM,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC3D,KAAK,OAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,IAAA;AAAA;AAAA,IACT;AACE,MAAA,OAAO,IAAA;AAAA;AAEb;AAKO,IAAM,cAAA,GAAuC;AAAA,EAClD;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,mBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,QAAQ;AAAA,GAC7C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,SAAA;AAAA,IACP,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,SAAS;AAAA,GAC9C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,OAAA;AAAA,IACP,KAAA,EAAO,cAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,OAAO;AAAA,GAC5C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,UAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,UAAU;AAAA,GAC/C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,WAAA;AAAA,IACP,KAAA,EAAO,WAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,WAAW;AAAA,GAChD;AAAA,EACA;AAAA,IACE,KAAA,EAAO,SAAA;AAAA,IACP,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,SAAS;AAAA,GAC9C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,UAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,UAAU;AAAA,GAC/C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,mBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,QAAQ;AAAA,GAC7C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,OAAA;AAAA,IACP,KAAA,EAAO,OAAA;AAAA,IACP,WAAA,EAAa,eAAA;AAAA,IACb,SAAS,MAAM;AAAA,GACjB;AAAA,EACA;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,iBAAA;AAAA,IACb,SAAS,MAAM;AAAA;AAEnB;AAWO,IAAM,kBAAA,GAAwC;AAAA,EACnD;AAAA,IACE,KAAA,EAAO,gCAAA;AAAA,IACP,KAAA,EAAO,EAAE,WAAA,EAAa,CAAA,EAAG,eAAe,EAAA;AAAG,GAC7C;AAAA,EACA,EAAE,OAAO,eAAA,EAAiB,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,aAAA,EAAe,EAAA,EAAG,EAAE;AAAA,EACxE,EAAE,OAAO,eAAA,EAAiB,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,aAAA,EAAe,EAAA,EAAG,EAAE;AAAA,EACxE;AAAA,IACE,KAAA,EAAO,0BAAA;AAAA,IACP,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,eAAe,EAAA;AAAG,GAC9C;AAAA,EACA,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAK,aAAA,EAAe,IAAA,EAAK,EAAE;AAAA,EAC1E,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAK,aAAA,EAAe,IAAA,EAAK,EAAE;AAAA,EAC1E,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAM,aAAA,EAAe,KAAA,EAAM;AAC5E;AASO,SAAS,qBAAqB,MAAA,EAGnC;AACA,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAGrB,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,aAAA,GAAgB,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AAC/C,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,CAAA,oCAAA,EAAuC,aAAA,CAAc,WAAA,EAAa,CAAA;AAAA,OAC5E;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,aAAA,GAAgB,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AAC/C,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,CAAA,sBAAA,EAAyB,aAAA,CAAc,WAAA,EAAa,CAAA;AAAA,OAC9D;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,MAAM,EAAE,SAAA,EAAW,OAAA,EAAS,QAAA,EAAU,WAAA,KAAgB,MAAA,CAAO,UAAA;AAG7D,IAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS;AAAA,MACjD,IAAA,EAAM,SAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,QAAA,EAAU;AAAA,KACX,CAAA;AACD,IAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,MAAA,CAAO,GAAG,GAAG,EAAE,CAAA;AAGtD,IAAA,MAAM,YAAA,GAAe,IAAI,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS;AAAA,MACpD,OAAA,EAAS,OAAA;AAAA,MACT,QAAA,EAAU;AAAA,KACX,CAAA;AACD,IAAA,MAAM,QAAA,GAAW,CAAC,KAAA,EAAO,KAAA,EAAO,OAAO,KAAA,EAAO,KAAA,EAAO,OAAO,KAAK,CAAA;AACjE,IAAA,MAAM,cAAA,GAAiB,YAAA,CAAa,MAAA,CAAO,GAAG,CAAA;AAC9C,IAAA,MAAM,aAAa,QAAA,CAAS,OAAA,CAAQ,eAAe,KAAA,CAAM,CAAA,EAAG,CAAC,CAAC,CAAA;AAG9D,IAAA,IACE,WAAA,IACA,YAAY,MAAA,GAAS,CAAA,IACrB,CAAC,WAAA,CAAY,QAAA,CAAS,UAAU,CAAA,EAChC;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,mCAAmC,cAAc,CAAA,CAAA;AAAA,OAC3D;AAAA,IACF;AAGA,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI,aAAa,OAAA,EAAS;AAExB,MAAA,QAAA,GAAW,WAAA,IAAe,aAAa,WAAA,GAAc,OAAA;AAAA,IACvD,CAAA,MAAO;AAEL,MAAA,QAAA,GAAW,WAAA,IAAe,aAAa,WAAA,GAAc,OAAA;AAAA,IACvD;AAEA,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,QAAQ,CAAA,4BAAA,EAA+B,SAAS,CAAA,IAAA,EAAO,OAAO,OAAO,QAAQ,CAAA;AAAA,OAC/E;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACvB;AAKO,SAAS,0BAA0B,MAAA,EAAgC;AACxE,EAAA,MAAM,UAAoB,EAAC;AAE3B,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,IAAA,GAAO,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACtC,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN,YAAY,IAAA,CAAK,kBAAA,EAAoB,CAAA,CAAA,EAAI,IAAA,CAAK,oBAAoB,CAAA;AAAA,KACpE;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,IAAA,GAAO,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACtC,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN,WAAW,IAAA,CAAK,kBAAA,EAAoB,CAAA,CAAA,EAAI,IAAA,CAAK,oBAAoB,CAAA;AAAA,KACnE;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,MAAM,EAAE,SAAA,EAAW,OAAA,EAAS,QAAA,KAAa,MAAA,CAAO,UAAA;AAChD,IAAA,OAAA,CAAQ,KAAK,CAAA,OAAA,EAAU,SAAS,OAAO,OAAO,CAAA,IAAA,EAAO,QAAQ,CAAA,CAAE,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,EAAE,WAAA,EAAa,aAAA,EAAc,GAAI,MAAA,CAAO,SAAA;AAC9C,IAAA,IAAI,kBAAkB,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,IAAA,CAAM,CAAA;AAAA,SAAA,IACxD,kBAAkB,IAAA,EAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,KAAA,CAAO,CAAA;AAAA,SAAA,IAChE,kBAAkB,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,IAAA,CAAM,CAAA;AAAA,iBAC5D,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,CAAA,EAAI,aAAa,CAAA,CAAA,CAAG,CAAA;AAAA,EAC5D;AAEA,EAAA,IAAI,MAAA,CAAO,OAAO,KAAA,EAAO;AACvB,IAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,aAAA,EAAgB,MAAA,CAAO,KAAA,CAAM,KAAK,CAAA,CAAE,CAAA;AAAA,EACnD;AAEA,EAAA,IAAI,MAAA,CAAO,OAAO,OAAA,EAAS;AACzB,IAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,MAAA,CAAO,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,EACvD;AAEA,EAAA,IAAI,MAAA,CAAO,aAAa,KAAA,EAAO;AAC7B,IAAA,OAAA,CAAQ,KAAK,CAAA,cAAA,EAAiB,MAAA,CAAO,YAAY,KAAA,CAAM,cAAA,EAAgB,CAAA,CAAE,CAAA;AAAA,EAC3E;AAEA,EAAA,OAAO,OAAA;AACT;AC5cO,IAAM,kBAAA,GAAqBA,EAAE,MAAA,CAAO;AAAA,EACzC,SAAA,EAAWA,CAAAA,CAAE,OAAA,CAAQ,GAAG,CAAA;AAAA,EACxB,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAClD,QAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,CAAM,SAAS,2BAA2B,CAAA;AAAA,EAC7D,WAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,IAAI,sCAAsC,CAAA;AAAA,EACpE,SAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,uBAAuB;AACpD,CAAC;AAiDM,SAAS,wBACd,MAAA,EACQ;AACR,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,MAAA,CAAO,OAAO,WAAA,EAAY;AAAA,IAC1B,MAAA,CAAO,aAAA;AAAA,IACP,MAAA,CAAO,KAAA;AAAA,IACP,MAAA,CAAO,EAAA;AAAA,IACP,MAAA,CAAO,KAAA;AAAA,IACP,MAAA,CAAO,QAAA;AAAA,IACP;AAAA;AAAA,GACF,CAAE,KAAK,IAAI,CAAA;AACb;AAaO,SAAS,iBAAiB,GAAA,EAAkB;AACjD,EAAA,OAAO,GAAA,CAAI,WAAW,GAAA,CAAI,MAAA;AAC5B;AAKO,IAAM,WAAA,GAAc;AAKpB,IAAK,YAAA,qBAAAC,aAAAA,KAAL;AACL,EAAAA,cAAA,qBAAA,CAAA,GAAsB,6BAAA;AADZ,EAAA,OAAAA,aAAAA;AAAA,CAAA,EAAA,YAAA,IAAA,EAAA;ACvFL,IAAM,uBAAA,GAA0BD,EAAE,MAAA,CAAO;AAAA;AAAA,EAE9C,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,eAAA,EAAiBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACtD,SAAA,EAAWA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EAChC,MAAA,EAAQA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAG7B,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,WAAWA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EACxC,cAAA,EAAgBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAGrD,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC1B,CAAC;AASM,IAAM,sBAAA,GAAyB;AAY/B,IAAM,qBAAA,GAAwBA,EAAE,MAAA,CAAO;AAAA;AAAA,EAE5C,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE/B,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE5B,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC5B,CAAC;AC5BM,IAAM,gBAAA,GAAmBA,EAAE,MAAA,CAAO;AAAA,EACvC,GAAA,EAAKA,EAAE,MAAA,CAAO;AAAA,IACZ,SAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAAS,GACpC;AACH,CAAC;AAQM,IAAM,oBAAA,GAAuBA,EAAE,MAAA,CAAO;AAAA,EAC3C,WAAA,EAAaA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ;AACjC,CAAC;AAQM,IAAM,yBAAA,GAA4BA,EAAE,MAAA,CAAO;AAAA;AAAA,EAEhD,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE1B,QAAQA,CAAAA,CAAE,MAAA,CAAOA,EAAE,OAAA,EAAS,EAAE,QAAA;AAChC,CAAC;AAQM,IAAM,qBAAA,GAAwBA,EAAE,MAAA,CAAO;AAAA,EAC5C,IAAA,EAAMA,EAAE,MAAA,EAAO;AAAA,EACf,IAAA,EAAMA,EAAE,IAAA,CAAK,CAAC,UAAU,QAAA,EAAU,KAAA,EAAO,QAAA,EAAU,SAAS,CAAC,CAAA;AAAA,EAC7D,KAAA,EAAOA,EAAE,MAAA,EAAO;AAAA,EAChB,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACjC,QAAA,EAAUA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,EAClC,OAAA,EAASA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AACvB,CAAC;AAOM,IAAM,4BAAA,GAA+BA,EAAE,MAAA,CAAO;AAAA,EACnD,MAAA,EAAQA,CAAAA,CAAE,KAAA,CAAM,qBAAqB;AACvC,CAAC;AAmRM,IAAM,0BAAA,GAA6BA,EAAE,MAAA,CAAO;AAAA,EACjD,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,SAASA,CAAAA,CAAE,MAAA;AAAA,IACTA,EAAE,MAAA,CAAO;AAAA,MACP,aAAA,EAAeA,CAAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA,MAChC,cAAA,EAAgBA,CAAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA,MACjC,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,KAClC;AAAA,GACH;AAAA,EACA,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAEM,IAAM,oBAAA,GAAuBA,EAAE,MAAA,CAAO;AAAA,EAC3C,EAAA,EAAIA,CAAAA,CAAE,MAAA,EAAO,CAAE,MAAM,qBAAA,EAAuB;AAAA,IAC1C,OAAA,EAAS;AAAA,GACV,CAAA;AAAA,EACD,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC9B,QAAA,EAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC1B,OAAA,EAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACzB,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,OAAA,EAASA,EAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAClC,IAAA,EAAM,gBAAA;AAAA,EACN,QAAA,EAAU,oBAAA;AAAA,EACV,UAAA,EAAYA,CAAAA,CAAE,MAAA,CAAO,yBAAyB,EAAE,QAAA,EAAS;AAAA,EACzD,gBAAA,EAAkB,6BAA6B,QAAA,EAAS;AAAA,EACxD,MAAA,EAAQ,2BAA2B,QAAA;AACrC,CAAC;AAOM,SAAS,uBAAuB,MAAA,EAIrC;AACA,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACzC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,0BAAA,EAA2B;AAAA,EAC3D;AAEA,EAAA,MAAM,MAAA,GAAS,oBAAA,CAAqB,SAAA,CAAU,MAAM,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO,CAAA,yBAAA,EAA4B,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,KACzF;AAAA,EACF;AAGA,EAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AACpB,EAAA,MAAM,aAAa,CAAA,EAAG,IAAA,CAAK,YAAY,CAAA,CAAA,EAAI,KAAK,QAAQ,CAAA,CAAA;AACxD,EAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO,CAAA,WAAA,EAAc,IAAA,CAAK,EAAE,iBAAiB,UAAU,CAAA,CAAA;AAAA,KACzD;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,QAAA,EAAU,IAAA,EAAK;AACvC;AAgCO,SAAS,uBACd,MAAA,EACsB;AACtB,EAAA,MAAM,KAAA,GAA8B;AAAA,IAClC,YAAY,MAAA,CAAO,EAAA;AAAA,IACnB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,MAAM,MAAA,CAAO,IAAA;AAAA,IACb,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,WAAA,EAAa;AAAA,MACX,QAAA,EAAU,OAAO,QAAA,CAAS;AAAA;AAC5B,GACF;AAGA,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,KAAA,CAAM,MAAA,GAAS;AAAA,MACb,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,MACzB,UAAA,EAAY,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc;AAAA,KAC1C;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AA2BO,IAAM,mBAAA,GAAkC;AAAA,EAC7C,GAAA,EAAK,EAAE,OAAA,EAAS,CAAA;AAClB;AAKO,IAAM,uBAAA,GAA0C;AAAA,EACrD,aAAa;AACf;AAKO,SAAS,iBAAiB,OAAA,EAY/B;AACA,EAAA,OAAO;AAAA,IACL,IAAI,OAAA,CAAQ,EAAA;AAAA,IACZ,cAAc,OAAA,CAAQ,YAAA;AAAA,IACtB,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,IAAA,EAAM,QAAQ,IAAA,IAAQ,mBAAA;AAAA,IACtB,QAAA,EAAU,QAAQ,QAAA,IAAY,uBAAA;AAAA,IAC9B,YAAY,OAAA,CAAQ,UAAA;AAAA,IACpB,kBAAkB,OAAA,CAAQ,gBAAA;AAAA,IAC1B,QAAQ,OAAA,CAAQ;AAAA,GAClB;AACF;;;AC7gBO,SAAS,gBAAgB,UAAA,EAG9B;AACA,EAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,+BAA+B,UAAU,CAAA,qCAAA;AAAA,KAC3C;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL,YAAA,EAAc,MAAM,CAAC,CAAA;AAAA,IACrB,QAAA,EAAU,MAAM,CAAC;AAAA,GACnB;AACF;AAKO,SAAS,gBAAA,CACd,cACA,QAAA,EACY;AACZ,EAAA,OAAO,CAAA,EAAG,YAAY,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA;AACpC","file":"index.mjs","sourcesContent":["import { z } from \"zod\";\n\n// ============================================\n// ERROR CODES\n// Standardized error codes for the gateway\n// ============================================\n\n/**\n * Gateway error codes.\n */\nexport enum ErrorCode {\n // Resource errors\n ERR_RESOURCE_REQUIRED = \"ERR_RESOURCE_REQUIRED\",\n ERR_UNKNOWN_RESOURCE = \"ERR_UNKNOWN_RESOURCE\",\n ERR_RESOURCE_NOT_CONFIGURED = \"ERR_RESOURCE_NOT_CONFIGURED\",\n ERR_UNSUPPORTED_ACTION = \"ERR_UNSUPPORTED_ACTION\",\n\n // Auth errors\n ERR_MISSING_AUTH = \"ERR_MISSING_AUTH\",\n ERR_INVALID_SIGNATURE = \"ERR_INVALID_SIGNATURE\",\n ERR_EXPIRED_TIMESTAMP = \"ERR_EXPIRED_TIMESTAMP\",\n ERR_INVALID_NONCE = \"ERR_INVALID_NONCE\",\n ERR_APP_NOT_FOUND = \"ERR_APP_NOT_FOUND\",\n ERR_APP_DISABLED = \"ERR_APP_DISABLED\",\n\n // Permission errors\n ERR_PERMISSION_DENIED = \"ERR_PERMISSION_DENIED\",\n ERR_PERMISSION_EXPIRED = \"ERR_PERMISSION_EXPIRED\",\n ERR_CONSTRAINT_VIOLATION = \"ERR_CONSTRAINT_VIOLATION\",\n\n // Rate/budget errors\n ERR_RATE_LIMIT_EXCEEDED = \"ERR_RATE_LIMIT_EXCEEDED\",\n ERR_BUDGET_EXCEEDED = \"ERR_BUDGET_EXCEEDED\",\n\n // Request errors\n ERR_INVALID_REQUEST = \"ERR_INVALID_REQUEST\",\n ERR_INVALID_JSON = \"ERR_INVALID_JSON\",\n ERR_CONTRACT_VALIDATION_FAILED = \"ERR_CONTRACT_VALIDATION_FAILED\",\n\n // Internal errors\n ERR_INTERNAL = \"ERR_INTERNAL\",\n ERR_UPSTREAM_ERROR = \"ERR_UPSTREAM_ERROR\",\n\n // Pairing errors\n ERR_INVALID_PAIRING_STRING = \"ERR_INVALID_PAIRING_STRING\",\n ERR_INVALID_CONNECT_CODE = \"ERR_INVALID_CONNECT_CODE\",\n ERR_SESSION_EXPIRED = \"ERR_SESSION_EXPIRED\",\n\n // PoP errors\n ERR_UNSUPPORTED_POP_VERSION = \"ERR_UNSUPPORTED_POP_VERSION\",\n\n // Policy violation errors\n ERR_POLICY_VIOLATION = \"ERR_POLICY_VIOLATION\",\n ERR_MODEL_NOT_ALLOWED = \"ERR_MODEL_NOT_ALLOWED\",\n ERR_MAX_TOKENS_EXCEEDED = \"ERR_MAX_TOKENS_EXCEEDED\",\n ERR_TOOLS_NOT_ALLOWED = \"ERR_TOOLS_NOT_ALLOWED\",\n ERR_STREAMING_NOT_ALLOWED = \"ERR_STREAMING_NOT_ALLOWED\",\n}\n\n/**\n * Get HTTP status code for an error code.\n */\nexport function getErrorStatus(code: ErrorCode): number {\n switch (code) {\n case ErrorCode.ERR_RESOURCE_REQUIRED:\n case ErrorCode.ERR_INVALID_REQUEST:\n case ErrorCode.ERR_INVALID_JSON:\n case ErrorCode.ERR_CONSTRAINT_VIOLATION:\n case ErrorCode.ERR_INVALID_PAIRING_STRING:\n case ErrorCode.ERR_INVALID_CONNECT_CODE:\n return 400;\n\n case ErrorCode.ERR_CONTRACT_VALIDATION_FAILED:\n return 422;\n\n case ErrorCode.ERR_MISSING_AUTH:\n case ErrorCode.ERR_INVALID_SIGNATURE:\n case ErrorCode.ERR_EXPIRED_TIMESTAMP:\n case ErrorCode.ERR_INVALID_NONCE:\n return 401;\n\n case ErrorCode.ERR_PERMISSION_DENIED:\n case ErrorCode.ERR_PERMISSION_EXPIRED:\n case ErrorCode.ERR_APP_DISABLED:\n return 403;\n\n case ErrorCode.ERR_APP_NOT_FOUND:\n case ErrorCode.ERR_UNKNOWN_RESOURCE:\n case ErrorCode.ERR_UNSUPPORTED_ACTION:\n return 404;\n\n case ErrorCode.ERR_SESSION_EXPIRED:\n return 410;\n\n case ErrorCode.ERR_UNSUPPORTED_POP_VERSION:\n return 400;\n\n case ErrorCode.ERR_POLICY_VIOLATION:\n case ErrorCode.ERR_MODEL_NOT_ALLOWED:\n case ErrorCode.ERR_MAX_TOKENS_EXCEEDED:\n case ErrorCode.ERR_TOOLS_NOT_ALLOWED:\n case ErrorCode.ERR_STREAMING_NOT_ALLOWED:\n return 403;\n\n case ErrorCode.ERR_RATE_LIMIT_EXCEEDED:\n case ErrorCode.ERR_BUDGET_EXCEEDED:\n return 429;\n\n case ErrorCode.ERR_RESOURCE_NOT_CONFIGURED:\n case ErrorCode.ERR_INTERNAL:\n case ErrorCode.ERR_UPSTREAM_ERROR:\n return 500;\n\n default:\n return 500;\n }\n}\n\n/**\n * Gateway error class.\n */\nexport class GatewayError extends Error {\n public readonly code: ErrorCode;\n public readonly status: number;\n public readonly details?: Record<string, unknown>;\n public readonly requestId?: string;\n\n constructor(\n code: ErrorCode,\n message: string,\n options?: {\n details?: Record<string, unknown>;\n requestId?: string;\n },\n ) {\n super(message);\n this.name = \"GatewayError\";\n this.code = code;\n this.status = getErrorStatus(code);\n this.details = options?.details;\n this.requestId = options?.requestId;\n }\n\n toJSON() {\n return {\n error: {\n code: this.code,\n message: this.message,\n ...(this.requestId && { requestId: this.requestId }),\n ...(this.details && { details: this.details }),\n },\n };\n }\n}\n\n/**\n * Create a resource required error with helpful message.\n */\nexport function resourceRequiredError(hint?: string): GatewayError {\n const message = hint\n ? `Resource not specified. ${hint}`\n : \"Resource not specified. Set baseURL to /r/<resourceType>/<provider>/v1 or provide x-gateway-resource header.\";\n\n return new GatewayError(ErrorCode.ERR_RESOURCE_REQUIRED, message, {\n details: {\n examples: {\n groq: \"/r/llm/groq/v1/chat/completions\",\n gemini: \"/r/llm/gemini/v1/chat/completions\",\n header: \"x-gateway-resource: llm:groq\",\n },\n },\n });\n}\n\n// ============================================\n// ERROR RESPONSE SCHEMA\n// Standard error response format for all API errors\n// ============================================\n\n/**\n * Standard error response schema.\n * All API errors should conform to this shape.\n */\nexport const GatewayErrorResponseSchema = z.object({\n error: z.object({\n code: z.string(),\n message: z.string(),\n requestId: z.string().optional(),\n details: z.unknown().optional(),\n }),\n});\n\nexport type GatewayErrorResponse = z.infer<typeof GatewayErrorResponseSchema>;\n\n/**\n * Create a standard error response object.\n */\nexport function createErrorResponse(\n code: string,\n message: string,\n options?: {\n requestId?: string;\n details?: unknown;\n },\n): GatewayErrorResponse {\n return {\n error: {\n code,\n message,\n ...(options?.requestId && { requestId: options.requestId }),\n ...(options?.details !== undefined && { details: options.details }),\n },\n };\n}\n","// ============================================\n// DURATION PRESETS\n// Standardized permission duration options\n// Used by both SDK (requesting) and Proxy (granting)\n// ============================================\n\nimport { z } from \"zod\";\n\n/**\n * Preset duration identifiers.\n * Apps can request these, and the proxy recognizes them.\n */\nexport type DurationPresetId =\n | \"1_hour\"\n | \"4_hours\"\n | \"24_hours\"\n | \"1_week\"\n | \"1_month\"\n | \"3_months\"\n | \"1_year\"\n | \"forever\"\n | \"custom\";\n\n/**\n * Duration preset definition.\n */\nexport interface DurationPreset {\n id: DurationPresetId;\n label: string;\n description: string;\n /** Duration in milliseconds, null = never expires */\n durationMs: number | null;\n /** Suggested for short-term testing */\n isTemporary?: boolean;\n /** Suggested for production use */\n isRecommended?: boolean;\n}\n\n/**\n * All available duration presets in order of duration.\n */\nexport const DURATION_PRESETS: DurationPreset[] = [\n {\n id: \"1_hour\",\n label: \"1 hour\",\n description: \"Quick testing session\",\n durationMs: 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"4_hours\",\n label: \"4 hours\",\n description: \"Extended testing\",\n durationMs: 4 * 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"24_hours\",\n label: \"24 hours\",\n description: \"One day access\",\n durationMs: 24 * 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"1_week\",\n label: \"1 week\",\n description: \"7 days\",\n durationMs: 7 * 24 * 60 * 60 * 1000,\n },\n {\n id: \"1_month\",\n label: \"1 month\",\n description: \"30 days\",\n durationMs: 30 * 24 * 60 * 60 * 1000,\n isRecommended: true,\n },\n {\n id: \"3_months\",\n label: \"3 months\",\n description: \"90 days\",\n durationMs: 90 * 24 * 60 * 60 * 1000,\n isRecommended: true,\n },\n {\n id: \"1_year\",\n label: \"1 year\",\n description: \"365 days\",\n durationMs: 365 * 24 * 60 * 60 * 1000,\n },\n {\n id: \"forever\",\n label: \"Forever\",\n description: \"No expiration\",\n durationMs: null,\n },\n {\n id: \"custom\",\n label: \"Custom\",\n description: \"Set specific date/time\",\n durationMs: null,\n },\n];\n\n/**\n * Get a preset by ID.\n */\nexport function getDurationPreset(\n id: DurationPresetId,\n): DurationPreset | undefined {\n return DURATION_PRESETS.find((p) => p.id === id);\n}\n\n/**\n * Calculate expiry date from a duration preset ID.\n * @returns Date object or null for \"forever\"\n */\nexport function getExpiryFromDurationPreset(\n presetId: DurationPresetId,\n fromDate: Date = new Date(),\n): Date | null {\n const preset = getDurationPreset(presetId);\n if (!preset || preset.durationMs === null) {\n return null;\n }\n return new Date(fromDate.getTime() + preset.durationMs);\n}\n\n/**\n * Calculate expiry date from a duration in milliseconds.\n */\nexport function getExpiryFromDuration(\n durationMs: number,\n fromDate: Date = new Date(),\n): Date {\n return new Date(fromDate.getTime() + durationMs);\n}\n\n/**\n * Find the closest matching preset for a given duration.\n */\nexport function findClosestPreset(durationMs: number | null): DurationPreset {\n if (durationMs === null) {\n return DURATION_PRESETS.find((p) => p.id === \"forever\")!;\n }\n\n // Find closest match\n let closest = DURATION_PRESETS[0];\n let closestDiff = Infinity;\n\n for (const preset of DURATION_PRESETS) {\n if (preset.durationMs === null || preset.id === \"custom\") continue;\n\n const diff = Math.abs(preset.durationMs - durationMs);\n if (diff < closestDiff) {\n closestDiff = diff;\n closest = preset;\n }\n }\n\n return closest;\n}\n\n/**\n * Format a duration in milliseconds to human readable.\n */\nexport function formatDuration(durationMs: number | null): string {\n if (durationMs === null) return \"Forever\";\n\n const hours = durationMs / (60 * 60 * 1000);\n if (hours < 24) return `${Math.round(hours)} hour${hours !== 1 ? \"s\" : \"\"}`;\n\n const days = hours / 24;\n if (days < 7) return `${Math.round(days)} day${days !== 1 ? \"s\" : \"\"}`;\n\n const weeks = days / 7;\n if (weeks < 4) return `${Math.round(weeks)} week${weeks !== 1 ? \"s\" : \"\"}`;\n\n const months = days / 30;\n if (months < 12)\n return `${Math.round(months)} month${months !== 1 ? \"s\" : \"\"}`;\n\n const years = days / 365;\n return `${Math.round(years)} year${years !== 1 ? \"s\" : \"\"}`;\n}\n\n/**\n * Format an expiry date relative to now.\n */\nexport function formatExpiryRelative(expiresAt: Date | null): string {\n if (!expiresAt) return \"Never\";\n\n const now = new Date();\n const diff = expiresAt.getTime() - now.getTime();\n\n if (diff <= 0) return \"Expired\";\n return `In ${formatDuration(diff)}`;\n}\n\n// ============================================\n// ZOD SCHEMAS\n// ============================================\n\n/**\n * Duration preset ID schema for validation.\n */\nexport const DurationPresetIdSchema = z.enum([\n \"1_hour\",\n \"4_hours\",\n \"24_hours\",\n \"1_week\",\n \"1_month\",\n \"3_months\",\n \"1_year\",\n \"forever\",\n \"custom\",\n]);\n\n/**\n * Requested duration schema.\n * Apps can specify their preferred duration when requesting permissions.\n */\nexport const RequestedDurationSchema = z.union([\n // Preset ID\n z.object({\n type: z.literal(\"preset\"),\n preset: DurationPresetIdSchema,\n }),\n // Specific duration in milliseconds\n z.object({\n type: z.literal(\"duration\"),\n durationMs: z.number().int().positive(),\n }),\n // Specific expiry date\n z.object({\n type: z.literal(\"until\"),\n expiresAt: z.string().datetime(),\n }),\n]);\n\nexport type RequestedDuration = z.infer<typeof RequestedDurationSchema>;\n\n/**\n * Resolve a RequestedDuration to an expiry Date (or null for forever).\n */\nexport function resolveRequestedDuration(\n duration: RequestedDuration | undefined,\n fromDate: Date = new Date(),\n): Date | null {\n if (!duration) return null; // Default: no preference (admin decides)\n\n switch (duration.type) {\n case \"preset\":\n return getExpiryFromDurationPreset(duration.preset, fromDate);\n case \"duration\":\n return getExpiryFromDuration(duration.durationMs, fromDate);\n case \"until\":\n return new Date(duration.expiresAt);\n }\n}\n\n/**\n * Create a preset-based RequestedDuration.\n */\nexport function createPresetDuration(\n preset: DurationPresetId,\n): RequestedDuration {\n return { type: \"preset\", preset };\n}\n\n/**\n * Create a duration-based RequestedDuration.\n */\nexport function createDurationMs(durationMs: number): RequestedDuration {\n return { type: \"duration\", durationMs };\n}\n\n/**\n * Create an until-based RequestedDuration.\n */\nexport function createUntilDuration(expiresAt: Date): RequestedDuration {\n return { type: \"until\", expiresAt: expiresAt.toISOString() };\n}\n","import { z } from \"zod\";\nimport { RequestedDurationSchema } from \"./duration-presets\";\n\n// ============================================\n// SHARED SCHEMAS\n// Validation schemas used by proxy and SDK\n// ============================================\n\n/**\n * Chat message schema (OpenAI-compatible).\n */\nexport const ChatMessageSchema = z.object({\n role: z.enum([\"system\", \"user\", \"assistant\", \"tool\"]),\n content: z\n .union([\n z.string(),\n z.array(\n z.object({\n type: z.string(),\n text: z.string().optional(),\n image_url: z\n .object({\n url: z.string(),\n detail: z.string().optional(),\n })\n .optional(),\n }),\n ),\n ])\n .nullable(),\n name: z.string().optional(),\n tool_calls: z\n .array(\n z.object({\n id: z.string(),\n type: z.literal(\"function\"),\n function: z.object({\n name: z.string(),\n arguments: z.string(),\n }),\n }),\n )\n .optional(),\n tool_call_id: z.string().optional(),\n});\n\n/**\n * Chat completion request schema (OpenAI-compatible).\n */\nexport const ChatCompletionRequestSchema = z.object({\n model: z.string(),\n messages: z.array(ChatMessageSchema),\n temperature: z.number().min(0).max(2).optional(),\n top_p: z.number().min(0).max(1).optional(),\n n: z.number().int().min(1).max(10).optional(),\n stream: z.boolean().optional(),\n stop: z.union([z.string(), z.array(z.string())]).optional(),\n max_tokens: z.number().int().positive().optional(),\n max_completion_tokens: z.number().int().positive().optional(),\n presence_penalty: z.number().min(-2).max(2).optional(),\n frequency_penalty: z.number().min(-2).max(2).optional(),\n logit_bias: z.record(z.number()).optional(),\n user: z.string().optional(),\n tools: z\n .array(\n z.object({\n type: z.literal(\"function\"),\n function: z.object({\n name: z.string(),\n description: z.string().optional(),\n parameters: z.record(z.unknown()).optional(),\n }),\n }),\n )\n .optional(),\n tool_choice: z\n .union([\n z.literal(\"none\"),\n z.literal(\"auto\"),\n z.literal(\"required\"),\n z.object({\n type: z.literal(\"function\"),\n function: z.object({ name: z.string() }),\n }),\n ])\n .optional(),\n response_format: z\n .object({\n type: z.enum([\"text\", \"json_object\"]),\n })\n .optional(),\n seed: z.number().int().optional(),\n});\n\nexport type ChatCompletionRequest = z.infer<typeof ChatCompletionRequestSchema>;\nexport type ChatMessage = z.infer<typeof ChatMessageSchema>;\n\n/**\n * Permission request schema.\n * Includes optional requested duration for apps to suggest their needs.\n */\nexport const PermissionRequestSchema = z.object({\n resourceId: z.string().regex(/^[a-z]+:[a-z0-9-]+$/, {\n message: \"Invalid resource ID format. Expected: <resourceType>:<provider>\",\n }),\n actions: z.array(z.string()).min(1),\n constraints: z.record(z.unknown()).optional(),\n /** Optional: App's requested/preferred duration for this permission */\n requestedDuration: RequestedDurationSchema.optional(),\n});\n\n/**\n * App metadata schema.\n */\nexport const AppMetadataSchema = z.object({\n name: z.string().min(1).max(100),\n description: z.string().max(500).optional(),\n homepage: z.string().url().optional(),\n});\n\n/**\n * Install request schema (for prepare endpoint).\n */\nexport const InstallRequestSchema = z.object({\n connectCode: z.string().min(16),\n app: AppMetadataSchema,\n publicKey: z.string().min(40),\n requestedPermissions: z.array(PermissionRequestSchema).min(1),\n redirectUri: z.string().url(),\n});\n\nexport type InstallRequest = z.infer<typeof InstallRequestSchema>;\n\n// ============================================\n// DISCOVERY SCHEMAS\n// Resource discovery response types\n// ============================================\n\n/**\n * Resource auth configuration in discovery response.\n */\nexport const ResourceAuthSchema = z.object({\n pop: z.object({\n version: z.number(),\n }),\n});\n\n/**\n * Resource entry in discovery response.\n */\nexport const ResourceDiscoveryEntrySchema = z.object({\n resourceId: z.string(),\n actions: z.array(z.string()),\n auth: ResourceAuthSchema,\n constraints: z\n .object({\n supports: z.array(z.string()),\n })\n .optional(),\n});\n\n/**\n * Gateway info in discovery response.\n */\nexport const GatewayInfoSchema = z.object({\n version: z.string(),\n name: z.string().optional(),\n});\n\n/**\n * Full discovery response schema.\n */\nexport const ResourcesDiscoveryResponseSchema = z.object({\n gateway: GatewayInfoSchema,\n resources: z.array(ResourceDiscoveryEntrySchema),\n});\n\nexport type ResourcesDiscoveryResponse = z.infer<\n typeof ResourcesDiscoveryResponseSchema\n>;\nexport type ResourceDiscoveryEntry = z.infer<\n typeof ResourceDiscoveryEntrySchema\n>;\nexport type GatewayInfo = z.infer<typeof GatewayInfoSchema>;\n","// ============================================\n// ACCESS POLICY TYPES\n// Comprehensive access control configuration\n// ============================================\n\n/**\n * Time window restriction.\n * Allows access only during specific hours of the day.\n */\nexport interface TimeWindow {\n /** Start hour (0-23) in the specified timezone */\n startHour: number;\n /** End hour (0-23) in the specified timezone */\n endHour: number;\n /** Timezone for the time window (e.g., \"UTC\", \"America/New_York\") */\n timezone: string;\n /** Days of week allowed (0=Sunday, 6=Saturday). Empty = all days */\n allowedDays?: number[];\n}\n\n/**\n * Rate limit configuration.\n */\nexport interface RateLimitConfig {\n /** Maximum requests allowed in the window */\n maxRequests: number;\n /** Window duration in seconds */\n windowSeconds: number;\n}\n\n/**\n * Burst limit configuration.\n * Allows short-term spikes above the sustained rate limit.\n */\nexport interface BurstConfig {\n /** Maximum requests allowed in burst window */\n limit: number;\n /** Burst window duration in seconds (typically short, e.g., 10s) */\n windowSeconds: number;\n}\n\n/**\n * Quota configuration for daily/monthly limits.\n */\nexport interface QuotaConfig {\n /** Daily request quota (null = unlimited) */\n daily?: number;\n /** Monthly request quota (null = unlimited) */\n monthly?: number;\n}\n\n/**\n * Token budget for LLM resources.\n */\nexport interface TokenBudget {\n /** Daily token budget (null = unlimited) */\n daily?: number;\n /** Monthly token budget (null = unlimited) */\n monthly?: number;\n}\n\n/**\n * Per-model rate limit configuration.\n * Allows fine-grained control over different models.\n */\nexport interface ModelRateLimit {\n /** Model identifier */\n model: string;\n /** Maximum requests per window for this model */\n maxRequests: number;\n /** Window duration in seconds */\n windowSeconds: number;\n /** Maximum output tokens per request for this model (overrides global) */\n maxOutputTokens?: number;\n /** Daily token budget for this specific model */\n dailyTokenBudget?: number;\n /** Monthly token budget for this specific model */\n monthlyTokenBudget?: number;\n}\n\n/**\n * LLM-specific constraints.\n */\nexport interface LLMConstraints {\n /** Allowed model IDs (empty = all models allowed) */\n allowedModels?: string[];\n /** Maximum output tokens per request */\n maxOutputTokens?: number;\n /** Maximum input tokens per request */\n maxInputTokens?: number;\n /** Allow streaming responses */\n allowStreaming?: boolean;\n /** Maximum context window */\n maxContextWindow?: number;\n /** Per-model rate limits (overrides global rate limits) */\n modelRateLimits?: ModelRateLimit[];\n /** Allow tool/function calling */\n allowTools?: boolean;\n}\n\n/**\n * Email-specific constraints.\n */\nexport interface EmailConstraints {\n /** Allowed from domains */\n allowedFromDomains?: string[];\n /** Maximum recipients per email */\n maxRecipients?: number;\n /** Allow HTML content */\n allowHtml?: boolean;\n /** Maximum attachment size in bytes */\n maxAttachmentSize?: number;\n}\n\n/**\n * Generic HTTP constraints.\n */\nexport interface HTTPConstraints {\n /** Maximum request body size in bytes */\n maxRequestBodySize?: number;\n /** Allowed HTTP methods */\n allowedMethods?: string[];\n /** Custom constraints */\n custom?: Record<string, unknown>;\n}\n\n/**\n * Union type for all constraint types.\n */\nexport type ResourceConstraints =\n | LLMConstraints\n | EmailConstraints\n | HTTPConstraints\n | Record<string, unknown>;\n\n/**\n * Complete access policy for a permission.\n * This is what the proxy owner configures during approval.\n */\nexport interface AccessPolicy {\n // ============================================\n // Time Controls\n // ============================================\n\n /** When the permission becomes valid (ISO string, null = immediately) */\n validFrom?: string | null;\n\n /** When the permission expires (ISO string, null = never) */\n expiresAt?: string | null;\n\n /** Time-of-day restrictions */\n timeWindow?: TimeWindow | null;\n\n // ============================================\n // Rate Limiting\n // ============================================\n\n /** Sustained rate limit */\n rateLimit?: RateLimitConfig;\n\n /** Burst allowance */\n burst?: BurstConfig;\n\n // ============================================\n // Quotas\n // ============================================\n\n /** Request quotas */\n quota?: QuotaConfig;\n\n /** Token budget (LLM resources) */\n tokenBudget?: TokenBudget;\n\n // ============================================\n // Scope Constraints\n // ============================================\n\n /** Resource-specific constraints */\n constraints?: ResourceConstraints;\n}\n\n// ============================================\n// EXPIRY PRESETS\n// Quick options for common expiry scenarios\n// ============================================\n\nexport type ExpiryPreset =\n | \"1_hour\"\n | \"4_hours\"\n | \"today\"\n | \"24_hours\"\n | \"this_week\"\n | \"1_month\"\n | \"3_months\"\n | \"1_year\"\n | \"never\"\n | \"custom\";\n\nexport interface ExpiryPresetOption {\n value: ExpiryPreset;\n label: string;\n description: string;\n getDate: () => Date | null;\n}\n\n/**\n * Get expiry date from preset.\n */\nexport function getExpiryFromPreset(preset: ExpiryPreset): Date | null {\n const now = new Date();\n\n switch (preset) {\n case \"1_hour\":\n return new Date(now.getTime() + 60 * 60 * 1000);\n case \"4_hours\":\n return new Date(now.getTime() + 4 * 60 * 60 * 1000);\n case \"today\":\n // End of today in local timezone\n const endOfDay = new Date(now);\n endOfDay.setHours(23, 59, 59, 999);\n return endOfDay;\n case \"24_hours\":\n return new Date(now.getTime() + 24 * 60 * 60 * 1000);\n case \"this_week\":\n // End of this week (Sunday)\n const endOfWeek = new Date(now);\n const daysUntilSunday = 7 - endOfWeek.getDay();\n endOfWeek.setDate(endOfWeek.getDate() + daysUntilSunday);\n endOfWeek.setHours(23, 59, 59, 999);\n return endOfWeek;\n case \"1_month\":\n return new Date(now.getTime() + 30 * 24 * 60 * 60 * 1000);\n case \"3_months\":\n return new Date(now.getTime() + 90 * 24 * 60 * 60 * 1000);\n case \"1_year\":\n return new Date(now.getTime() + 365 * 24 * 60 * 60 * 1000);\n case \"never\":\n return null;\n case \"custom\":\n return null; // Custom requires manual date input\n default:\n return null;\n }\n}\n\n/**\n * All available expiry presets with labels.\n */\nexport const EXPIRY_PRESETS: ExpiryPresetOption[] = [\n {\n value: \"1_hour\",\n label: \"1 hour\",\n description: \"Expires in 1 hour\",\n getDate: () => getExpiryFromPreset(\"1_hour\"),\n },\n {\n value: \"4_hours\",\n label: \"4 hours\",\n description: \"Expires in 4 hours\",\n getDate: () => getExpiryFromPreset(\"4_hours\"),\n },\n {\n value: \"today\",\n label: \"End of today\",\n description: \"Expires at midnight\",\n getDate: () => getExpiryFromPreset(\"today\"),\n },\n {\n value: \"24_hours\",\n label: \"24 hours\",\n description: \"Expires in 24 hours\",\n getDate: () => getExpiryFromPreset(\"24_hours\"),\n },\n {\n value: \"this_week\",\n label: \"This week\",\n description: \"Expires end of week\",\n getDate: () => getExpiryFromPreset(\"this_week\"),\n },\n {\n value: \"1_month\",\n label: \"1 month\",\n description: \"Expires in 30 days\",\n getDate: () => getExpiryFromPreset(\"1_month\"),\n },\n {\n value: \"3_months\",\n label: \"3 months\",\n description: \"Expires in 90 days\",\n getDate: () => getExpiryFromPreset(\"3_months\"),\n },\n {\n value: \"1_year\",\n label: \"1 year\",\n description: \"Expires in 1 year\",\n getDate: () => getExpiryFromPreset(\"1_year\"),\n },\n {\n value: \"never\",\n label: \"Never\",\n description: \"No expiration\",\n getDate: () => null,\n },\n {\n value: \"custom\",\n label: \"Custom\",\n description: \"Set custom date\",\n getDate: () => null,\n },\n];\n\n// ============================================\n// RATE LIMIT PRESETS\n// ============================================\n\nexport interface RateLimitPreset {\n label: string;\n value: RateLimitConfig;\n}\n\nexport const RATE_LIMIT_PRESETS: RateLimitPreset[] = [\n {\n label: \"5 per minute (very restricted)\",\n value: { maxRequests: 5, windowSeconds: 60 },\n },\n { label: \"10 per minute\", value: { maxRequests: 10, windowSeconds: 60 } },\n { label: \"30 per minute\", value: { maxRequests: 30, windowSeconds: 60 } },\n {\n label: \"60 per minute (standard)\",\n value: { maxRequests: 60, windowSeconds: 60 },\n },\n { label: \"100 per hour\", value: { maxRequests: 100, windowSeconds: 3600 } },\n { label: \"500 per hour\", value: { maxRequests: 500, windowSeconds: 3600 } },\n { label: \"1000 per day\", value: { maxRequests: 1000, windowSeconds: 86400 } },\n];\n\n// ============================================\n// VALIDATION HELPERS\n// ============================================\n\n/**\n * Check if a permission is currently valid based on time controls.\n */\nexport function isPermissionValidNow(policy: AccessPolicy): {\n valid: boolean;\n reason?: string;\n} {\n const now = new Date();\n\n // Check validFrom\n if (policy.validFrom) {\n const validFromDate = new Date(policy.validFrom);\n if (now < validFromDate) {\n return {\n valid: false,\n reason: `Permission not yet valid. Starts at ${validFromDate.toISOString()}`,\n };\n }\n }\n\n // Check expiresAt\n if (policy.expiresAt) {\n const expiresAtDate = new Date(policy.expiresAt);\n if (now > expiresAtDate) {\n return {\n valid: false,\n reason: `Permission expired at ${expiresAtDate.toISOString()}`,\n };\n }\n }\n\n // Check time window\n if (policy.timeWindow) {\n const { startHour, endHour, timezone, allowedDays } = policy.timeWindow;\n\n // Get current time in the specified timezone\n const formatter = new Intl.DateTimeFormat(\"en-US\", {\n hour: \"numeric\",\n hour12: false,\n timeZone: timezone,\n });\n const currentHour = parseInt(formatter.format(now), 10);\n\n // Get current day (0 = Sunday)\n const dayFormatter = new Intl.DateTimeFormat(\"en-US\", {\n weekday: \"short\",\n timeZone: timezone,\n });\n const dayNames = [\"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", \"Sat\"];\n const currentDayName = dayFormatter.format(now);\n const currentDay = dayNames.indexOf(currentDayName.slice(0, 3));\n\n // Check allowed days\n if (\n allowedDays &&\n allowedDays.length > 0 &&\n !allowedDays.includes(currentDay)\n ) {\n return {\n valid: false,\n reason: `Access not allowed on this day (${currentDayName})`,\n };\n }\n\n // Check time window (handles overnight windows like 22:00-06:00)\n let inWindow: boolean;\n if (startHour <= endHour) {\n // Normal window (e.g., 9:00-17:00)\n inWindow = currentHour >= startHour && currentHour < endHour;\n } else {\n // Overnight window (e.g., 22:00-06:00)\n inWindow = currentHour >= startHour || currentHour < endHour;\n }\n\n if (!inWindow) {\n return {\n valid: false,\n reason: `Access only allowed between ${startHour}:00-${endHour}:00 ${timezone}`,\n };\n }\n }\n\n return { valid: true };\n}\n\n/**\n * Format an access policy for display.\n */\nexport function formatAccessPolicySummary(policy: AccessPolicy): string[] {\n const summary: string[] = [];\n\n if (policy.expiresAt) {\n const date = new Date(policy.expiresAt);\n summary.push(\n `Expires: ${date.toLocaleDateString()} ${date.toLocaleTimeString()}`,\n );\n }\n\n if (policy.validFrom) {\n const date = new Date(policy.validFrom);\n summary.push(\n `Starts: ${date.toLocaleDateString()} ${date.toLocaleTimeString()}`,\n );\n }\n\n if (policy.timeWindow) {\n const { startHour, endHour, timezone } = policy.timeWindow;\n summary.push(`Hours: ${startHour}:00-${endHour}:00 ${timezone}`);\n }\n\n if (policy.rateLimit) {\n const { maxRequests, windowSeconds } = policy.rateLimit;\n if (windowSeconds === 60) summary.push(`Rate: ${maxRequests}/min`);\n else if (windowSeconds === 3600) summary.push(`Rate: ${maxRequests}/hour`);\n else if (windowSeconds === 86400) summary.push(`Rate: ${maxRequests}/day`);\n else summary.push(`Rate: ${maxRequests}/${windowSeconds}s`);\n }\n\n if (policy.quota?.daily) {\n summary.push(`Daily quota: ${policy.quota.daily}`);\n }\n\n if (policy.quota?.monthly) {\n summary.push(`Monthly quota: ${policy.quota.monthly}`);\n }\n\n if (policy.tokenBudget?.daily) {\n summary.push(`Daily tokens: ${policy.tokenBudget.daily.toLocaleString()}`);\n }\n\n return summary;\n}\n","import { z } from \"zod\";\n\n// ============================================\n// PoP (Proof of Possession) PROTOCOL\n// Canonical signing rules and header schemas\n// ============================================\n\n/**\n * PoP header schema for v1 protocol.\n * Validates all required headers for PoP authentication.\n */\nexport const PopHeadersV1Schema = z.object({\n \"x-pop-v\": z.literal(\"1\"),\n \"x-app-id\": z.string().min(1, \"App ID is required\"),\n \"x-ts\": z.string().regex(/^\\d+$/, \"Timestamp must be numeric\"),\n \"x-nonce\": z.string().min(16, \"Nonce must be at least 16 characters\"),\n \"x-sig\": z.string().min(1, \"Signature is required\"),\n});\n\nexport type PopHeadersV1 = z.infer<typeof PopHeadersV1Schema>;\n\n/**\n * Parameters for building a canonical request string.\n */\nexport interface CanonicalRequestParams {\n /** HTTP method (will be uppercased) */\n method: string;\n /** URL path with query string (e.g., \"/v1/chat/completions?stream=true\") */\n pathWithQuery: string;\n /** App ID from x-app-id header */\n appId: string;\n /** Unix timestamp from x-ts header */\n ts: string;\n /** Nonce from x-nonce header */\n nonce: string;\n /** Base64url-encoded SHA-256 hash of request body */\n bodyHash: string;\n}\n\n/**\n * Build the canonical request string for PoP v1 signature.\n *\n * Format:\n * ```\n * v1\\n\n * <METHOD>\\n\n * <PATH_WITH_QUERY>\\n\n * <APP_ID>\\n\n * <TS>\\n\n * <NONCE>\\n\n * <BODY_HASH>\\n\n * ```\n *\n * @param params - The canonical request parameters\n * @returns The canonical request string to be signed\n *\n * @example\n * const canonical = buildCanonicalRequestV1({\n * method: \"POST\",\n * pathWithQuery: \"/v1/chat/completions?stream=true\",\n * appId: \"app_123\",\n * ts: \"1706000000\",\n * nonce: \"abc123xyz456def7\",\n * bodyHash: \"base64url-sha256-hash\",\n * });\n */\nexport function buildCanonicalRequestV1(\n params: CanonicalRequestParams,\n): string {\n return [\n \"v1\",\n params.method.toUpperCase(),\n params.pathWithQuery,\n params.appId,\n params.ts,\n params.nonce,\n params.bodyHash,\n \"\", // trailing newline\n ].join(\"\\n\");\n}\n\n/**\n * Extract path with query from a URL.\n * Combines pathname and search (including '?' when present).\n *\n * @example\n * getPathWithQuery(new URL(\"https://example.com/v1/chat?stream=true\"))\n * // Returns: \"/v1/chat?stream=true\"\n *\n * getPathWithQuery(new URL(\"https://example.com/v1/chat\"))\n * // Returns: \"/v1/chat\"\n */\nexport function getPathWithQuery(url: URL): string {\n return url.pathname + url.search;\n}\n\n/**\n * Current PoP protocol version.\n */\nexport const POP_VERSION = \"1\" as const;\n\n/**\n * Error codes specific to PoP authentication.\n */\nexport enum PopErrorCode {\n UNSUPPORTED_VERSION = \"ERR_UNSUPPORTED_POP_VERSION\",\n}\n","import { z } from \"zod\";\n\n// ============================================\n// POLICY ENFORCEMENT CONTRACTS\n// Schema-first enforcement types - no extractors\n// ============================================\n\n/**\n * Enforcement fields returned by validateAndShape.\n * These are normalized, enforceable knobs that plugins MUST provide\n * when constraints require them. This replaces the legacy extractor system.\n *\n * The schema-first approach ensures:\n * - Enforcement cannot be bypassed by malformed payloads\n * - Plugins are responsible for extracting enforcement fields during validation\n * - No \"fail-open\" extraction - if a field is needed, it must be provided\n */\nexport const EnforcementFieldsSchema = z.object({\n // LLM-specific fields\n model: z.string().optional(),\n maxOutputTokens: z.number().int().positive().optional(),\n usesTools: z.boolean().optional(),\n stream: z.boolean().optional(),\n\n // Email-specific fields\n fromDomain: z.string().optional(),\n toDomains: z.array(z.string()).optional(),\n recipientCount: z.number().int().positive().optional(),\n\n // Generic fields\n contentType: z.string().optional(),\n});\n\nexport type EnforcementFields = z.infer<typeof EnforcementFieldsSchema>;\n\n/**\n * @deprecated Use EnforcementFields instead. ExtractedRequest is kept for backward compatibility\n * but will be removed in a future version. The extractor system has been replaced with\n * schema-first validation where plugins return enforcement fields from validateAndShape.\n */\nexport const ExtractedRequestSchema = EnforcementFieldsSchema;\n\n/**\n * @deprecated Use EnforcementFields instead.\n */\nexport type ExtractedRequest = EnforcementFields;\n\n/**\n * Enforcement metadata that target apps may optionally provide.\n * This is NOT required for enforcement - the proxy can operate without it.\n * Treat as advisory only.\n */\nexport const EnforcementMetaSchema = z.object({\n /** App-provided request ID for correlation */\n requestId: z.string().optional(),\n /** Declared intent (advisory only, not enforced) */\n intent: z.string().optional(),\n /** App-declared expected model (advisory only) */\n expectedModel: z.string().optional(),\n});\n\nexport type EnforcementMeta = z.infer<typeof EnforcementMetaSchema>;\n\n/**\n * Policy definition for enforcement.\n * This mirrors ResourceConstraints but is focused on enforcement.\n */\nexport interface EnforcementPolicy {\n // LLM policies\n allowedModels?: string[];\n maxOutputTokens?: number;\n allowTools?: boolean;\n allowStreaming?: boolean;\n\n // Email policies\n allowedFromDomains?: string[];\n allowedToDomains?: string[];\n maxRecipients?: number;\n\n // Generic\n maxRequestBodySize?: number;\n}\n\n/**\n * Result of policy enforcement.\n */\nexport interface EnforcementResult {\n allowed: boolean;\n violation?: {\n code: string;\n message: string;\n field: string;\n actual?: unknown;\n limit?: unknown;\n };\n}\n","import { z, type ZodSchema } from \"zod\";\nimport type { EnforcementFields } from \"./enforcement\";\n\n// ============================================\n// PLUGIN CONTRACT\n// Core types and schemas for resource plugins\n// ============================================\n\n// ============================================\n// DUAL-ENTRYPOINT PLUGIN ARCHITECTURE\n// --------------------------------------------\n// Plugins can expose two entrypoints:\n//\n// 1. /proxy - Server-side code for the gateway proxy\n// - Implements execute(), validateAndShape(), etc.\n// - No browser-only code\n// - Import: @glueco/plugin-xxx/proxy\n//\n// 2. /client - Client-side typed wrappers for target apps\n// - Depends only on SDK transport interface\n// - Strongly typed methods per action\n// - No Node-only APIs\n// - Import: @glueco/plugin-xxx/client\n//\n// A plugin is considered \"SDK-compatible\" only if it exports\n// both /proxy and /client entrypoints with shared contracts.\n// ============================================\n\n/**\n * Plugin authentication configuration.\n */\nexport const PluginAuthSchema = z.object({\n pop: z.object({\n version: z.number().int().positive(),\n }),\n});\n\nexport type PluginAuth = z.infer<typeof PluginAuthSchema>;\n\n/**\n * Plugin support configuration.\n * Describes which enforcement knobs the plugin supports.\n */\nexport const PluginSupportsSchema = z.object({\n enforcement: z.array(z.string()),\n});\n\nexport type PluginSupports = z.infer<typeof PluginSupportsSchema>;\n\n/**\n * Extractor descriptor - describes how to extract enforceable fields.\n * Can reference a function name (for core extractors) or provide inline config.\n */\nexport const ExtractorDescriptorSchema = z.object({\n /** Reference to core extractor by name (e.g., \"openai-compatible\", \"gemini\") */\n type: z.string().optional(),\n /** Custom extraction config (for future use) */\n config: z.record(z.unknown()).optional(),\n});\n\nexport type ExtractorDescriptor = z.infer<typeof ExtractorDescriptorSchema>;\n\n/**\n * Credential schema field descriptor.\n * Used for UI generation to collect provider credentials.\n */\nexport const CredentialFieldSchema = z.object({\n name: z.string(),\n type: z.enum([\"string\", \"secret\", \"url\", \"number\", \"boolean\"]),\n label: z.string(),\n description: z.string().optional(),\n required: z.boolean().default(true),\n default: z.unknown().optional(),\n});\n\nexport type CredentialField = z.infer<typeof CredentialFieldSchema>;\n\n/**\n * Full credential schema for a plugin.\n */\nexport const PluginCredentialSchemaSchema = z.object({\n fields: z.array(CredentialFieldSchema),\n});\n\nexport type PluginCredentialSchema = z.infer<\n typeof PluginCredentialSchemaSchema\n>;\n\n// ============================================\n// PLUGIN EXECUTION TYPES\n// ============================================\n\n/**\n * Usage metrics extracted from response.\n */\nexport interface PluginUsageMetrics {\n inputTokens?: number;\n outputTokens?: number;\n totalTokens?: number;\n model?: string;\n custom?: Record<string, unknown>;\n}\n\n/**\n * Execute options passed to plugin.\n */\nexport interface PluginExecuteOptions {\n stream: boolean;\n signal?: AbortSignal;\n}\n\n/**\n * Execute result from plugin.\n */\nexport interface PluginExecuteResult {\n /** For non-streaming responses */\n response?: unknown;\n /** For streaming responses */\n stream?: ReadableStream<Uint8Array>;\n /** Response content type */\n contentType: string;\n /** Usage metrics (available for non-streaming) */\n usage?: PluginUsageMetrics;\n}\n\n/**\n * Validation result from plugin.\n * In the schema-first pipeline:\n * - shapedInput: The validated/transformed payload ready for upstream execution\n * - enforcement: Normalized fields extracted during validation for policy enforcement\n *\n * The enforcement fields are REQUIRED when constraints exist for those fields.\n * This ensures enforcement cannot be bypassed by malformed payloads.\n */\nexport interface PluginValidationResult {\n valid: boolean;\n error?: string;\n /** Transformed/validated input ready for execution (provider-native format) */\n shapedInput?: unknown;\n /** Normalized enforcement fields extracted during validation */\n enforcement?: EnforcementFields;\n}\n\n/**\n * Mapped error from plugin.\n */\nexport interface PluginMappedError {\n status: number;\n code: string;\n message: string;\n retryable: boolean;\n}\n\n/**\n * Context for plugin execution.\n * Contains resolved credentials and configuration.\n */\nexport interface PluginExecuteContext {\n /** The resolved API key/secret */\n secret: string;\n /** Additional config (e.g., custom baseUrl) */\n config: Record<string, unknown> | null;\n}\n\n/**\n * Resource constraints passed to validation.\n */\nexport interface PluginResourceConstraints {\n // LLM constraints\n allowedModels?: string[];\n maxOutputTokens?: number;\n maxInputTokens?: number;\n allowStreaming?: boolean;\n\n // Email constraints\n allowedFromDomains?: string[];\n allowedToDomains?: string[];\n maxRecipients?: number;\n allowHtml?: boolean;\n allowAttachments?: boolean;\n\n // Generic\n maxRequestBodySize?: number;\n\n // Extensible\n [key: string]: unknown;\n}\n\n// ============================================\n// CLIENT CONTRACT METADATA (Dual-Entrypoint Support)\n// ============================================\n\n/**\n * Action schema descriptor for client contracts.\n * Describes the request/response schema for a single action.\n */\nexport interface PluginActionSchemaDescriptor {\n /** Zod schema for validating requests (optional, can be inferred from contracts) */\n requestSchema?: ZodSchema;\n /** Zod schema for validating responses (optional, can be inferred from contracts) */\n responseSchema?: ZodSchema;\n /** Human-readable description of this action */\n description?: string;\n}\n\n/**\n * Client contract metadata for dual-entrypoint plugins.\n * Describes how the client-side interface is organized.\n *\n * Example:\n * ```ts\n * client: {\n * namespace: \"gemini\",\n * actions: {\n * \"chat.completions\": {\n * requestSchema: ChatCompletionRequestSchema,\n * responseSchema: ChatCompletionResponseSchema,\n * description: \"Generate chat completions using Gemini\"\n * }\n * }\n * }\n * ```\n */\nexport interface PluginClientContract {\n /**\n * Namespace for the client wrapper (used for import organization).\n * Example: \"gemini\" -> `import { gemini } from \"@glueco/plugin-llm-gemini/client\"`\n */\n namespace: string;\n\n /**\n * Action descriptors mapping action names to their schemas.\n * Keys should match the `actions` array in the plugin.\n */\n actions: Record<string, PluginActionSchemaDescriptor>;\n\n /**\n * Package entrypoint for the client module.\n * Default: \"./client\"\n */\n entrypoint?: string;\n}\n\n// ============================================\n// PLUGIN CONTRACT INTERFACE\n// ============================================\n\n/**\n * Core plugin contract.\n * Every plugin must implement this interface.\n */\nexport interface PluginContract {\n /**\n * Unique plugin identifier.\n * Format: <resourceType>:<provider>\n * Examples: \"llm:groq\", \"llm:gemini\", \"mail:resend\"\n */\n readonly id: string;\n\n /**\n * Resource type category.\n * Examples: \"llm\", \"mail\", \"storage\"\n */\n readonly resourceType: string;\n\n /**\n * Provider name.\n * Examples: \"groq\", \"gemini\", \"resend\", \"openai\"\n */\n readonly provider: string;\n\n /**\n * Plugin version string (semver).\n */\n readonly version: string;\n\n /**\n * Human-readable display name.\n */\n readonly name: string;\n\n /**\n * Supported actions.\n * Examples: [\"chat.completions\", \"models.list\"]\n */\n readonly actions: string[];\n\n /**\n * Authentication configuration for discovery.\n */\n readonly auth: PluginAuth;\n\n /**\n * Enforcement support configuration.\n */\n readonly supports: PluginSupports;\n\n /**\n * Optional extractor descriptors per action.\n * Key = action name, value = extractor descriptor.\n */\n readonly extractors?: Record<string, ExtractorDescriptor>;\n\n /**\n * Optional credential schema for UI generation.\n */\n readonly credentialSchema?: PluginCredentialSchema;\n\n /**\n * Optional client contract metadata for dual-entrypoint plugins.\n * Describes the client-side interface for typed wrappers.\n *\n * This metadata is used by:\n * - SDK typed wrappers to provide autocomplete\n * - Documentation generation\n * - System-check app (optional validation)\n */\n readonly client?: PluginClientContract;\n\n /**\n * Validate input and apply constraints.\n * Returns shaped input ready for execution.\n */\n validateAndShape(\n action: string,\n input: unknown,\n constraints: PluginResourceConstraints,\n ): PluginValidationResult;\n\n /**\n * Execute the resource action.\n */\n execute(\n action: string,\n shapedInput: unknown,\n ctx: PluginExecuteContext,\n options: PluginExecuteOptions,\n ): Promise<PluginExecuteResult>;\n\n /**\n * Extract usage metrics from response.\n */\n extractUsage(response: unknown): PluginUsageMetrics;\n\n /**\n * Map provider errors to standardized format.\n */\n mapError(error: unknown): PluginMappedError;\n}\n\n// ============================================\n// PLUGIN VALIDATION SCHEMA\n// ============================================\n\n/**\n * Schema to validate plugin metadata at registration.\n */\nexport const PluginClientContractSchema = z.object({\n namespace: z.string().min(1),\n actions: z.record(\n z.object({\n requestSchema: z.any().optional(),\n responseSchema: z.any().optional(),\n description: z.string().optional(),\n }),\n ),\n entrypoint: z.string().optional(),\n});\n\nexport const PluginMetadataSchema = z.object({\n id: z.string().regex(/^[a-z]+:[a-z0-9-]+$/, {\n message: \"Plugin ID must be in format: <resourceType>:<provider>\",\n }),\n resourceType: z.string().min(1),\n provider: z.string().min(1),\n version: z.string().min(1),\n name: z.string().min(1),\n actions: z.array(z.string()).min(1),\n auth: PluginAuthSchema,\n supports: PluginSupportsSchema,\n extractors: z.record(ExtractorDescriptorSchema).optional(),\n credentialSchema: PluginCredentialSchemaSchema.optional(),\n client: PluginClientContractSchema.optional(),\n});\n\nexport type PluginMetadata = z.infer<typeof PluginMetadataSchema>;\n\n/**\n * Validate plugin object has correct metadata.\n */\nexport function validatePluginMetadata(plugin: unknown): {\n valid: boolean;\n error?: string;\n metadata?: PluginMetadata;\n} {\n if (!plugin || typeof plugin !== \"object\") {\n return { valid: false, error: \"Plugin must be an object\" };\n }\n\n const result = PluginMetadataSchema.safeParse(plugin);\n if (!result.success) {\n return {\n valid: false,\n error: `Invalid plugin metadata: ${result.error.errors.map((e) => e.message).join(\", \")}`,\n };\n }\n\n // Verify ID matches resourceType:provider\n const meta = result.data;\n const expectedId = `${meta.resourceType}:${meta.provider}`;\n if (meta.id !== expectedId) {\n return {\n valid: false,\n error: `Plugin ID '${meta.id}' must match '${expectedId}'`,\n };\n }\n\n return { valid: true, metadata: meta };\n}\n\n// ============================================\n// DISCOVERY TYPES (based on plugin registry)\n// ============================================\n\n/**\n * Discovery entry format for plugins.\n */\nexport interface PluginDiscoveryEntry {\n resourceId: string;\n actions: string[];\n auth: PluginAuth;\n version: string;\n constraints: {\n supports: string[];\n };\n /** Client entrypoint info (if SDK-compatible) */\n client?: {\n namespace: string;\n entrypoint: string;\n };\n}\n\n/**\n * Convert plugin to discovery entry format.\n * Includes version for client compatibility checks.\n *\n * TODO: Add version compatibility negotiation in future iteration.\n * The version exposed here allows target apps to verify they are\n * using a compatible client version.\n */\nexport function pluginToDiscoveryEntry(\n plugin: PluginContract,\n): PluginDiscoveryEntry {\n const entry: PluginDiscoveryEntry = {\n resourceId: plugin.id,\n actions: plugin.actions,\n auth: plugin.auth,\n version: plugin.version,\n constraints: {\n supports: plugin.supports.enforcement,\n },\n };\n\n // Include client info if plugin is SDK-compatible\n if (plugin.client) {\n entry.client = {\n namespace: plugin.client.namespace,\n entrypoint: plugin.client.entrypoint ?? \"./client\",\n };\n }\n\n return entry;\n}\n\n// ============================================\n// HELPER TYPES FOR PLUGIN AUTHORS\n// ============================================\n\n/**\n * Base plugin options for creating plugins.\n */\nexport interface CreatePluginOptions {\n id: string;\n resourceType: string;\n provider: string;\n version: string;\n name: string;\n actions: string[];\n auth?: PluginAuth;\n supports?: PluginSupports;\n extractors?: Record<string, ExtractorDescriptor>;\n credentialSchema?: PluginCredentialSchema;\n /** Client contract metadata for SDK-compatible plugins */\n client?: PluginClientContract;\n}\n\n/**\n * Default auth configuration.\n */\nexport const DEFAULT_PLUGIN_AUTH: PluginAuth = {\n pop: { version: 1 },\n};\n\n/**\n * Default supports configuration.\n */\nexport const DEFAULT_PLUGIN_SUPPORTS: PluginSupports = {\n enforcement: [],\n};\n\n/**\n * Helper to create plugin with defaults.\n */\nexport function createPluginBase(options: CreatePluginOptions): {\n id: string;\n resourceType: string;\n provider: string;\n version: string;\n name: string;\n actions: string[];\n auth: PluginAuth;\n supports: PluginSupports;\n extractors?: Record<string, ExtractorDescriptor>;\n credentialSchema?: PluginCredentialSchema;\n client?: PluginClientContract;\n} {\n return {\n id: options.id,\n resourceType: options.resourceType,\n provider: options.provider,\n version: options.version,\n name: options.name,\n actions: options.actions,\n auth: options.auth ?? DEFAULT_PLUGIN_AUTH,\n supports: options.supports ?? DEFAULT_PLUGIN_SUPPORTS,\n extractors: options.extractors,\n credentialSchema: options.credentialSchema,\n client: options.client,\n };\n}\n","// ============================================\n// SHARED TYPES\n// Common types used by proxy and SDK\n// ============================================\n\n/**\n * Resource identifier format: <resourceType>:<provider>\n * Examples: llm:groq, llm:gemini, mail:resend\n */\nexport type ResourceId = `${string}:${string}`;\n\n/**\n * Parse a resource ID into its components.\n */\nexport function parseResourceId(resourceId: string): {\n resourceType: string;\n provider: string;\n} {\n const parts = resourceId.split(\":\");\n if (parts.length !== 2) {\n throw new Error(\n `Invalid resource ID format: ${resourceId}. Expected: <resourceType>:<provider>`,\n );\n }\n return {\n resourceType: parts[0],\n provider: parts[1],\n };\n}\n\n/**\n * Create a resource ID from components.\n */\nexport function createResourceId(\n resourceType: string,\n provider: string,\n): ResourceId {\n return `${resourceType}:${provider}` as ResourceId;\n}\n\n/**\n * Pairing string info parsed from pair::<url>::<code>\n */\nexport interface PairingInfo {\n proxyUrl: string;\n connectCode: string;\n}\n\n/**\n * Rate limit configuration.\n */\nexport interface RateLimitConfig {\n maxRequests: number;\n windowSeconds: number;\n}\n\n/**\n * Permission request for an app.\n */\nexport interface PermissionRequest {\n resourceId: string;\n actions: string[];\n constraints?: Record<string, unknown>;\n rateLimit?: RateLimitConfig; // Per-permission rate limit\n}\n\n/**\n * App metadata for registration.\n */\nexport interface AppMetadata {\n name: string;\n description?: string;\n homepage?: string;\n}\n\n/**\n * Gateway config stored after approval.\n */\nexport interface GatewayConfig {\n appId: string;\n proxyUrl: string;\n}\n\n/**\n * Resource constraint types (generic).\n */\nexport interface ResourceConstraints {\n // LLM constraints\n allowedModels?: string[];\n maxOutputTokens?: number;\n maxInputTokens?: number;\n allowStreaming?: boolean;\n\n // Email constraints\n allowedFromDomains?: string[];\n maxRecipients?: number;\n allowHtml?: boolean;\n\n // Generic\n maxRequestBodySize?: number;\n custom?: Record<string, unknown>;\n}\n\nexport * from \"./errors\";\nexport * from \"./schemas\";\nexport * from \"./access-policy\";\nexport * from \"./pop\";\nexport * from \"./enforcement\";\nexport * from \"./plugins\";\nexport * from \"./duration-presets\";\n"]}
1
+ {"version":3,"sources":["../src/errors.ts","../src/duration-presets.ts","../src/schemas.ts","../src/access-policy.ts","../src/pop.ts","../src/enforcement.ts","../src/plugins.ts","../src/index.ts"],"names":["ErrorCode","z","PopErrorCode"],"mappings":";;;AAUO,IAAK,SAAA,qBAAAA,UAAAA,KAAL;AAEL,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,sBAAA,CAAA,GAAuB,sBAAA;AACvB,EAAAA,WAAA,6BAAA,CAAA,GAA8B,6BAAA;AAC9B,EAAAA,WAAA,wBAAA,CAAA,GAAyB,wBAAA;AAGzB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AACnB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,mBAAA,CAAA,GAAoB,mBAAA;AACpB,EAAAA,WAAA,mBAAA,CAAA,GAAoB,mBAAA;AACpB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AAGnB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,wBAAA,CAAA,GAAyB,wBAAA;AACzB,EAAAA,WAAA,0BAAA,CAAA,GAA2B,0BAAA;AAG3B,EAAAA,WAAA,yBAAA,CAAA,GAA0B,yBAAA;AAC1B,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AAGtB,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AACtB,EAAAA,WAAA,kBAAA,CAAA,GAAmB,kBAAA;AACnB,EAAAA,WAAA,gCAAA,CAAA,GAAiC,gCAAA;AAGjC,EAAAA,WAAA,cAAA,CAAA,GAAe,cAAA;AACf,EAAAA,WAAA,oBAAA,CAAA,GAAqB,oBAAA;AAGrB,EAAAA,WAAA,4BAAA,CAAA,GAA6B,4BAAA;AAC7B,EAAAA,WAAA,0BAAA,CAAA,GAA2B,0BAAA;AAC3B,EAAAA,WAAA,qBAAA,CAAA,GAAsB,qBAAA;AAGtB,EAAAA,WAAA,6BAAA,CAAA,GAA8B,6BAAA;AAG9B,EAAAA,WAAA,sBAAA,CAAA,GAAuB,sBAAA;AACvB,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,yBAAA,CAAA,GAA0B,yBAAA;AAC1B,EAAAA,WAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,WAAA,2BAAA,CAAA,GAA4B,2BAAA;AA9ClB,EAAA,OAAAA,UAAAA;AAAA,CAAA,EAAA,SAAA,IAAA,EAAA;AAoDL,SAAS,eAAe,IAAA,EAAyB;AACtD,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,uBAAA;AAAA,IACL,KAAK,qBAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,0BAAA;AAAA,IACL,KAAK,4BAAA;AAAA,IACL,KAAK,0BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,gCAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,kBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,mBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,uBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,kBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,mBAAA;AAAA,IACL,KAAK,sBAAA;AAAA,IACL,KAAK,wBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,qBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,6BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,sBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,yBAAA;AAAA,IACL,KAAK,uBAAA;AAAA,IACL,KAAK,2BAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,yBAAA;AAAA,IACL,KAAK,qBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET,KAAK,6BAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,oBAAA;AACH,MAAA,OAAO,GAAA;AAAA,IAET;AACE,MAAA,OAAO,GAAA;AAAA;AAEb;AAKO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA,EAMtC,WAAA,CACE,IAAA,EACA,OAAA,EACA,OAAA,EAIA;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,eAAe,IAAI,CAAA;AACjC,IAAA,IAAA,CAAK,UAAU,OAAA,EAAS,OAAA;AACxB,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAAA,EAC5B;AAAA,EAEA,MAAA,GAAS;AACP,IAAA,OAAO;AAAA,MACL,KAAA,EAAO;AAAA,QACL,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,SAAS,IAAA,CAAK,OAAA;AAAA,QACd,GAAI,IAAA,CAAK,SAAA,IAAa,EAAE,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,QAClD,GAAI,IAAA,CAAK,OAAA,IAAW,EAAE,OAAA,EAAS,KAAK,OAAA;AAAQ;AAC9C,KACF;AAAA,EACF;AACF;AAKO,SAAS,sBAAsB,IAAA,EAA6B;AACjE,EAAA,MAAM,OAAA,GAAU,IAAA,GACZ,CAAA,wBAAA,EAA2B,IAAI,CAAA,CAAA,GAC/B,8GAAA;AAEJ,EAAA,OAAO,IAAI,YAAA,CAAa,uBAAA,8BAAiC,OAAA,EAAS;AAAA,IAChE,OAAA,EAAS;AAAA,MACP,QAAA,EAAU;AAAA,QACR,IAAA,EAAM,iCAAA;AAAA,QACN,MAAA,EAAQ,mCAAA;AAAA,QACR,MAAA,EAAQ;AAAA;AACV;AACF,GACD,CAAA;AACH;AAWO,IAAM,0BAAA,GAA6B,EAAE,MAAA,CAAO;AAAA,EACjD,KAAA,EAAO,EAAE,MAAA,CAAO;AAAA,IACd,IAAA,EAAM,EAAE,MAAA,EAAO;AAAA,IACf,OAAA,EAAS,EAAE,MAAA,EAAO;AAAA,IAClB,SAAA,EAAW,CAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC/B,OAAA,EAAS,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AAAS,GAC/B;AACH,CAAC;AAOM,SAAS,mBAAA,CACd,IAAA,EACA,OAAA,EACA,OAAA,EAIsB;AACtB,EAAA,OAAO;AAAA,IACL,KAAA,EAAO;AAAA,MACL,IAAA;AAAA,MACA,OAAA;AAAA,MACA,GAAI,OAAA,EAAS,SAAA,IAAa,EAAE,SAAA,EAAW,QAAQ,SAAA,EAAU;AAAA,MACzD,GAAI,OAAA,EAAS,OAAA,KAAY,UAAa,EAAE,OAAA,EAAS,QAAQ,OAAA;AAAQ;AACnE,GACF;AACF;AC5KO,IAAM,gBAAA,GAAqC;AAAA,EAChD;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,uBAAA;AAAA,IACb,UAAA,EAAY,KAAK,EAAA,GAAK,GAAA;AAAA,IACtB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,kBAAA;AAAA,IACb,UAAA,EAAY,CAAA,GAAI,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAC1B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,UAAA;AAAA,IACJ,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,gBAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAC3B,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,QAAA;AAAA,IACb,UAAA,EAAY,CAAA,GAAI,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA,GACjC;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,SAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAChC,aAAA,EAAe;AAAA,GACjB;AAAA,EACA;AAAA,IACE,EAAA,EAAI,UAAA;AAAA,IACJ,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,SAAA;AAAA,IACb,UAAA,EAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAA;AAAA,IAChC,aAAA,EAAe;AAAA,GACjB;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,UAAA;AAAA,IACb,UAAA,EAAY,GAAA,GAAM,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA,GACnC;AAAA,EACA;AAAA,IACE,EAAA,EAAI,SAAA;AAAA,IACJ,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,eAAA;AAAA,IACb,UAAA,EAAY;AAAA,GACd;AAAA,EACA;AAAA,IACE,EAAA,EAAI,QAAA;AAAA,IACJ,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,wBAAA;AAAA,IACb,UAAA,EAAY;AAAA;AAEhB;AAKO,SAAS,kBACd,EAAA,EAC4B;AAC5B,EAAA,OAAO,iBAAiB,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,EAAE,CAAA;AACjD;AAMO,SAAS,2BAAA,CACd,QAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACb;AACb,EAAA,MAAM,MAAA,GAAS,kBAAkB,QAAQ,CAAA;AACzC,EAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,UAAA,KAAe,IAAA,EAAM;AACzC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,OAAA,EAAQ,GAAI,OAAO,UAAU,CAAA;AACxD;AAKO,SAAS,qBAAA,CACd,UAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACpB;AACN,EAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,OAAA,KAAY,UAAU,CAAA;AACjD;AAKO,SAAS,kBAAkB,UAAA,EAA2C;AAC3E,EAAA,IAAI,eAAe,IAAA,EAAM;AACvB,IAAA,OAAO,iBAAiB,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,SAAS,CAAA;AAAA,EACxD;AAGA,EAAA,IAAI,OAAA,GAAU,iBAAiB,CAAC,CAAA;AAChC,EAAA,IAAI,WAAA,GAAc,QAAA;AAElB,EAAA,KAAA,MAAW,UAAU,gBAAA,EAAkB;AACrC,IAAA,IAAI,MAAA,CAAO,UAAA,KAAe,IAAA,IAAQ,MAAA,CAAO,OAAO,QAAA,EAAU;AAE1D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,GAAA,CAAI,MAAA,CAAO,aAAa,UAAU,CAAA;AACpD,IAAA,IAAI,OAAO,WAAA,EAAa;AACtB,MAAA,WAAA,GAAc,IAAA;AACd,MAAA,OAAA,GAAU,MAAA;AAAA,IACZ;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAKO,SAAS,eAAe,UAAA,EAAmC;AAChE,EAAA,IAAI,UAAA,KAAe,MAAM,OAAO,SAAA;AAEhC,EAAA,MAAM,KAAA,GAAQ,UAAA,IAAc,EAAA,GAAK,EAAA,GAAK,GAAA,CAAA;AACtC,EAAA,IAAI,KAAA,GAAQ,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAEzE,EAAA,MAAM,OAAO,KAAA,GAAQ,EAAA;AACrB,EAAA,IAAI,IAAA,GAAO,CAAA,EAAG,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,IAAI,CAAC,CAAA,IAAA,EAAO,IAAA,KAAS,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAEpE,EAAA,MAAM,QAAQ,IAAA,GAAO,CAAA;AACrB,EAAA,IAAI,KAAA,GAAQ,CAAA,EAAG,OAAO,CAAA,EAAG,IAAA,CAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAExE,EAAA,MAAM,SAAS,IAAA,GAAO,EAAA;AACtB,EAAA,IAAI,MAAA,GAAS,EAAA;AACX,IAAA,OAAO,CAAA,EAAG,KAAK,KAAA,CAAM,MAAM,CAAC,CAAA,MAAA,EAAS,MAAA,KAAW,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAE9D,EAAA,MAAM,QAAQ,IAAA,GAAO,GAAA;AACrB,EAAA,OAAO,CAAA,EAAG,KAAK,KAAA,CAAM,KAAK,CAAC,CAAA,KAAA,EAAQ,KAAA,KAAU,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,CAAA;AAC3D;AAKO,SAAS,qBAAqB,SAAA,EAAgC;AACnE,EAAA,IAAI,CAAC,WAAW,OAAO,OAAA;AAEvB,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,EAAA,MAAM,IAAA,GAAO,SAAA,CAAU,OAAA,EAAQ,GAAI,IAAI,OAAA,EAAQ;AAE/C,EAAA,IAAI,IAAA,IAAQ,GAAG,OAAO,SAAA;AACtB,EAAA,OAAO,CAAA,GAAA,EAAM,cAAA,CAAe,IAAI,CAAC,CAAA,CAAA;AACnC;AASO,IAAM,sBAAA,GAAyBC,EAAE,IAAA,CAAK;AAAA,EAC3C,QAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,uBAAA,GAA0BA,EAAE,KAAA,CAAM;AAAA;AAAA,EAE7CA,EAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,QAAQ,CAAA;AAAA,IACxB,MAAA,EAAQ;AAAA,GACT,CAAA;AAAA;AAAA,EAEDA,EAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,IAC1B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAAS,GACvC,CAAA;AAAA;AAAA,EAEDA,EAAE,MAAA,CAAO;AAAA,IACP,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,OAAO,CAAA;AAAA,IACvB,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,GAChC;AACH,CAAC;AAOM,SAAS,wBAAA,CACd,QAAA,EACA,QAAA,mBAAiB,IAAI,MAAK,EACb;AACb,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,QAAQ,SAAS,IAAA;AAAM,IACrB,KAAK,QAAA;AACH,MAAA,OAAO,2BAAA,CAA4B,QAAA,CAAS,MAAA,EAAQ,QAAQ,CAAA;AAAA,IAC9D,KAAK,UAAA;AACH,MAAA,OAAO,qBAAA,CAAsB,QAAA,CAAS,UAAA,EAAY,QAAQ,CAAA;AAAA,IAC5D,KAAK,OAAA;AACH,MAAA,OAAO,IAAI,IAAA,CAAK,QAAA,CAAS,SAAS,CAAA;AAAA;AAExC;AAKO,SAAS,qBACd,MAAA,EACmB;AACnB,EAAA,OAAO,EAAE,IAAA,EAAM,QAAA,EAAU,MAAA,EAAO;AAClC;AAKO,SAAS,iBAAiB,UAAA,EAAuC;AACtE,EAAA,OAAO,EAAE,IAAA,EAAM,UAAA,EAAY,UAAA,EAAW;AACxC;AAKO,SAAS,oBAAoB,SAAA,EAAoC;AACtE,EAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,SAAA,EAAW,SAAA,CAAU,aAAY,EAAE;AAC7D;;;AC9QO,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA,EACxC,IAAA,EAAMA,EAAE,IAAA,CAAK,CAAC,UAAU,MAAA,EAAQ,WAAA,EAAa,MAAM,CAAC,CAAA;AAAA,EACpD,OAAA,EAASA,EACN,KAAA,CAAM;AAAA,IACLA,EAAE,MAAA,EAAO;AAAA,IACTA,CAAAA,CAAE,KAAA;AAAA,MACAA,EAAE,MAAA,CAAO;AAAA,QACP,IAAA,EAAMA,EAAE,MAAA,EAAO;AAAA,QACf,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,QAC1B,SAAA,EAAWA,EACR,MAAA,CAAO;AAAA,UACN,GAAA,EAAKA,EAAE,MAAA,EAAO;AAAA,UACd,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,SAC7B,EACA,QAAA;AAAS,OACb;AAAA;AACH,GACD,EACA,QAAA,EAAS;AAAA,EACZ,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1B,YAAYA,CAAAA,CACT,KAAA;AAAA,IACCA,EAAE,MAAA,CAAO;AAAA,MACP,EAAA,EAAIA,EAAE,MAAA,EAAO;AAAA,MACb,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,EAAE,MAAA,CAAO;AAAA,QACjB,IAAA,EAAMA,EAAE,MAAA,EAAO;AAAA,QACf,SAAA,EAAWA,EAAE,MAAA;AAAO,OACrB;AAAA,KACF;AAAA,IAEF,QAAA,EAAS;AAAA,EACZ,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC3B,CAAC;AAKM,IAAM,2BAAA,GAA8BA,EAAE,MAAA,CAAO;AAAA,EAClD,KAAA,EAAOA,EAAE,MAAA,EAAO;AAAA,EAChB,QAAA,EAAUA,CAAAA,CAAE,KAAA,CAAM,iBAAiB,CAAA;AAAA,EACnC,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC/C,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACzC,CAAA,EAAGA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,EAAI,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,QAAA,EAAS;AAAA,EAC5C,MAAA,EAAQA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EAC7B,IAAA,EAAMA,CAAAA,CAAE,KAAA,CAAM,CAACA,EAAE,MAAA,EAAO,EAAGA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,CAAC,CAAC,EAAE,QAAA,EAAS;AAAA,EAC1D,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACjD,qBAAA,EAAuBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EAC5D,gBAAA,EAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACrD,iBAAA,EAAmBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACtD,YAAYA,CAAAA,CAAE,MAAA,CAAOA,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EAC1C,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1B,OAAOA,CAAAA,CACJ,KAAA;AAAA,IACCA,EAAE,MAAA,CAAO;AAAA,MACP,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,EAAE,MAAA,CAAO;AAAA,QACjB,IAAA,EAAMA,EAAE,MAAA,EAAO;AAAA,QACf,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,QACjC,YAAYA,CAAAA,CAAE,MAAA,CAAOA,EAAE,OAAA,EAAS,EAAE,QAAA;AAAS,OAC5C;AAAA,KACF;AAAA,IAEF,QAAA,EAAS;AAAA,EACZ,WAAA,EAAaA,EACV,KAAA,CAAM;AAAA,IACLA,CAAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,CAAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,CAAAA,CAAE,QAAQ,UAAU,CAAA;AAAA,IACpBA,EAAE,MAAA,CAAO;AAAA,MACP,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,MAC1B,QAAA,EAAUA,EAAE,MAAA,CAAO,EAAE,MAAMA,CAAAA,CAAE,MAAA,IAAU;AAAA,KACxC;AAAA,GACF,EACA,QAAA,EAAS;AAAA,EACZ,eAAA,EAAiBA,EACd,MAAA,CAAO;AAAA,IACN,MAAMA,CAAAA,CAAE,IAAA,CAAK,CAAC,MAAA,EAAQ,aAAa,CAAC;AAAA,GACrC,EACA,QAAA,EAAS;AAAA,EACZ,MAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AACzB,CAAC;AASM,IAAM,uBAAA,GAA0BA,EAAE,MAAA,CAAO;AAAA,EAC9C,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,MAAM,qBAAA,EAAuB;AAAA,IAClD,OAAA,EAAS;AAAA,GACV,CAAA;AAAA,EACD,OAAA,EAASA,EAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAClC,aAAaA,CAAAA,CAAE,MAAA,CAAOA,EAAE,OAAA,EAAS,EAAE,QAAA,EAAS;AAAA;AAAA,EAE5C,iBAAA,EAAmB,wBAAwB,QAAA;AAC7C,CAAC;AAKM,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA,EACxC,IAAA,EAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA,EAC/B,aAAaA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA,EAC1C,UAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAC7B,CAAC;AAKM,IAAM,oBAAA,GAAuBA,EAAE,MAAA,CAAO;AAAA,EAC3C,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA;AAAA,EAC9B,GAAA,EAAK,iBAAA;AAAA,EACL,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA;AAAA,EAC5B,sBAAsBA,CAAAA,CAAE,KAAA,CAAM,uBAAuB,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAC5D,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA;AAC1B,CAAC;AAYM,IAAM,kBAAA,GAAqBA,EAAE,MAAA,CAAO;AAAA,EACzC,GAAA,EAAKA,EAAE,MAAA,CAAO;AAAA,IACZ,OAAA,EAASA,EAAE,MAAA;AAAO,GACnB;AACH,CAAC;AAKM,IAAM,4BAAA,GAA+BA,EAAE,MAAA,CAAO;AAAA,EACnD,UAAA,EAAYA,EAAE,MAAA,EAAO;AAAA,EACrB,OAAA,EAASA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,IAAA,EAAM,kBAAA;AAAA,EACN,WAAA,EAAaA,EACV,MAAA,CAAO;AAAA,IACN,QAAA,EAAUA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ;AAAA,GAC7B,EACA,QAAA;AACL,CAAC;AAKM,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA,EACxC,OAAA,EAASA,EAAE,MAAA,EAAO;AAAA,EAClB,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACnB,CAAC;AAKM,IAAM,gCAAA,GAAmCA,EAAE,MAAA,CAAO;AAAA,EACvD,OAAA,EAAS,iBAAA;AAAA,EACT,SAAA,EAAWA,CAAAA,CAAE,KAAA,CAAM,4BAA4B;AACjD,CAAC;;;ACiCM,SAAS,oBAAoB,MAAA,EAAmC;AACrE,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAErB,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,IAAA,CAAK,GAAA,CAAI,SAAQ,GAAI,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IAChD,KAAK,SAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,CAAA,GAAI,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IACpD,KAAK,OAAA;AAEH,MAAA,MAAM,QAAA,GAAW,IAAI,IAAA,CAAK,GAAG,CAAA;AAC7B,MAAA,QAAA,CAAS,QAAA,CAAS,EAAA,EAAI,EAAA,EAAI,EAAA,EAAI,GAAG,CAAA;AACjC,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,UAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,KAAK,GAAI,CAAA;AAAA,IACrD,KAAK,WAAA;AAEH,MAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,GAAG,CAAA;AAC9B,MAAA,MAAM,eAAA,GAAkB,CAAA,GAAI,SAAA,CAAU,MAAA,EAAO;AAC7C,MAAA,SAAA,CAAU,OAAA,CAAQ,SAAA,CAAU,OAAA,EAAQ,GAAI,eAAe,CAAA;AACvD,MAAA,SAAA,CAAU,QAAA,CAAS,EAAA,EAAI,EAAA,EAAI,EAAA,EAAI,GAAG,CAAA;AAClC,MAAA,OAAO,SAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC1D,KAAK,UAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC1D,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,KAAK,GAAA,CAAI,OAAA,KAAY,GAAA,GAAM,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,IAC3D,KAAK,OAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,IAAA;AAAA;AAAA,IACT;AACE,MAAA,OAAO,IAAA;AAAA;AAEb;AAKO,IAAM,cAAA,GAAuC;AAAA,EAClD;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,mBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,QAAQ;AAAA,GAC7C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,SAAA;AAAA,IACP,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,SAAS;AAAA,GAC9C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,OAAA;AAAA,IACP,KAAA,EAAO,cAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,OAAO;AAAA,GAC5C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,UAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,UAAU;AAAA,GAC/C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,WAAA;AAAA,IACP,KAAA,EAAO,WAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,WAAW;AAAA,GAChD;AAAA,EACA;AAAA,IACE,KAAA,EAAO,SAAA;AAAA,IACP,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,SAAS;AAAA,GAC9C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,UAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,WAAA,EAAa,oBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,UAAU;AAAA,GAC/C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,mBAAA;AAAA,IACb,OAAA,EAAS,MAAM,mBAAA,CAAoB,QAAQ;AAAA,GAC7C;AAAA,EACA;AAAA,IACE,KAAA,EAAO,OAAA;AAAA,IACP,KAAA,EAAO,OAAA;AAAA,IACP,WAAA,EAAa,eAAA;AAAA,IACb,SAAS,MAAM;AAAA,GACjB;AAAA,EACA;AAAA,IACE,KAAA,EAAO,QAAA;AAAA,IACP,KAAA,EAAO,QAAA;AAAA,IACP,WAAA,EAAa,iBAAA;AAAA,IACb,SAAS,MAAM;AAAA;AAEnB;AAWO,IAAM,kBAAA,GAAwC;AAAA,EACnD;AAAA,IACE,KAAA,EAAO,gCAAA;AAAA,IACP,KAAA,EAAO,EAAE,WAAA,EAAa,CAAA,EAAG,eAAe,EAAA;AAAG,GAC7C;AAAA,EACA,EAAE,OAAO,eAAA,EAAiB,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,aAAA,EAAe,EAAA,EAAG,EAAE;AAAA,EACxE,EAAE,OAAO,eAAA,EAAiB,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,aAAA,EAAe,EAAA,EAAG,EAAE;AAAA,EACxE;AAAA,IACE,KAAA,EAAO,0BAAA;AAAA,IACP,KAAA,EAAO,EAAE,WAAA,EAAa,EAAA,EAAI,eAAe,EAAA;AAAG,GAC9C;AAAA,EACA,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAK,aAAA,EAAe,IAAA,EAAK,EAAE;AAAA,EAC1E,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAK,aAAA,EAAe,IAAA,EAAK,EAAE;AAAA,EAC1E,EAAE,OAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,GAAA,EAAM,aAAA,EAAe,KAAA,EAAM;AAC5E;AASO,SAAS,qBAAqB,MAAA,EAGnC;AACA,EAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAGrB,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,aAAA,GAAgB,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AAC/C,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,CAAA,oCAAA,EAAuC,aAAA,CAAc,WAAA,EAAa,CAAA;AAAA,OAC5E;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,aAAA,GAAgB,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AAC/C,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,CAAA,sBAAA,EAAyB,aAAA,CAAc,WAAA,EAAa,CAAA;AAAA,OAC9D;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,MAAM,EAAE,SAAA,EAAW,OAAA,EAAS,QAAA,EAAU,WAAA,KAAgB,MAAA,CAAO,UAAA;AAG7D,IAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS;AAAA,MACjD,IAAA,EAAM,SAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,QAAA,EAAU;AAAA,KACX,CAAA;AACD,IAAA,MAAM,cAAc,QAAA,CAAS,SAAA,CAAU,MAAA,CAAO,GAAG,GAAG,EAAE,CAAA;AAGtD,IAAA,MAAM,YAAA,GAAe,IAAI,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS;AAAA,MACpD,OAAA,EAAS,OAAA;AAAA,MACT,QAAA,EAAU;AAAA,KACX,CAAA;AACD,IAAA,MAAM,QAAA,GAAW,CAAC,KAAA,EAAO,KAAA,EAAO,OAAO,KAAA,EAAO,KAAA,EAAO,OAAO,KAAK,CAAA;AACjE,IAAA,MAAM,cAAA,GAAiB,YAAA,CAAa,MAAA,CAAO,GAAG,CAAA;AAC9C,IAAA,MAAM,aAAa,QAAA,CAAS,OAAA,CAAQ,eAAe,KAAA,CAAM,CAAA,EAAG,CAAC,CAAC,CAAA;AAG9D,IAAA,IACE,WAAA,IACA,YAAY,MAAA,GAAS,CAAA,IACrB,CAAC,WAAA,CAAY,QAAA,CAAS,UAAU,CAAA,EAChC;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,mCAAmC,cAAc,CAAA,CAAA;AAAA,OAC3D;AAAA,IACF;AAGA,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI,aAAa,OAAA,EAAS;AAExB,MAAA,QAAA,GAAW,WAAA,IAAe,aAAa,WAAA,GAAc,OAAA;AAAA,IACvD,CAAA,MAAO;AAEL,MAAA,QAAA,GAAW,WAAA,IAAe,aAAa,WAAA,GAAc,OAAA;AAAA,IACvD;AAEA,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,QAAQ,CAAA,4BAAA,EAA+B,SAAS,CAAA,IAAA,EAAO,OAAO,OAAO,QAAQ,CAAA;AAAA,OAC/E;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACvB;AAKO,SAAS,0BAA0B,MAAA,EAAgC;AACxE,EAAA,MAAM,UAAoB,EAAC;AAE3B,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,IAAA,GAAO,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACtC,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN,YAAY,IAAA,CAAK,kBAAA,EAAoB,CAAA,CAAA,EAAI,IAAA,CAAK,oBAAoB,CAAA;AAAA,KACpE;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,IAAA,GAAO,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACtC,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN,WAAW,IAAA,CAAK,kBAAA,EAAoB,CAAA,CAAA,EAAI,IAAA,CAAK,oBAAoB,CAAA;AAAA,KACnE;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,MAAM,EAAE,SAAA,EAAW,OAAA,EAAS,QAAA,KAAa,MAAA,CAAO,UAAA;AAChD,IAAA,OAAA,CAAQ,KAAK,CAAA,OAAA,EAAU,SAAS,OAAO,OAAO,CAAA,IAAA,EAAO,QAAQ,CAAA,CAAE,CAAA;AAAA,EACjE;AAEA,EAAA,IAAI,OAAO,SAAA,EAAW;AACpB,IAAA,MAAM,EAAE,WAAA,EAAa,aAAA,EAAc,GAAI,MAAA,CAAO,SAAA;AAC9C,IAAA,IAAI,kBAAkB,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,IAAA,CAAM,CAAA;AAAA,SAAA,IACxD,kBAAkB,IAAA,EAAM,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,KAAA,CAAO,CAAA;AAAA,SAAA,IAChE,kBAAkB,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,IAAA,CAAM,CAAA;AAAA,iBAC5D,IAAA,CAAK,CAAA,MAAA,EAAS,WAAW,CAAA,CAAA,EAAI,aAAa,CAAA,CAAA,CAAG,CAAA;AAAA,EAC5D;AAEA,EAAA,IAAI,MAAA,CAAO,OAAO,KAAA,EAAO;AACvB,IAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,aAAA,EAAgB,MAAA,CAAO,KAAA,CAAM,KAAK,CAAA,CAAE,CAAA;AAAA,EACnD;AAEA,EAAA,IAAI,MAAA,CAAO,OAAO,OAAA,EAAS;AACzB,IAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,MAAA,CAAO,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,EACvD;AAEA,EAAA,IAAI,MAAA,CAAO,aAAa,KAAA,EAAO;AAC7B,IAAA,OAAA,CAAQ,KAAK,CAAA,cAAA,EAAiB,MAAA,CAAO,YAAY,KAAA,CAAM,cAAA,EAAgB,CAAA,CAAE,CAAA;AAAA,EAC3E;AAEA,EAAA,OAAO,OAAA;AACT;AC5cO,IAAM,kBAAA,GAAqBA,EAAE,MAAA,CAAO;AAAA,EACzC,SAAA,EAAWA,CAAAA,CAAE,OAAA,CAAQ,GAAG,CAAA;AAAA,EACxB,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAClD,QAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,CAAM,SAAS,2BAA2B,CAAA;AAAA,EAC7D,WAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,IAAI,sCAAsC,CAAA;AAAA,EACpE,SAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,uBAAuB;AACpD,CAAC;AAiDM,SAAS,wBACd,MAAA,EACQ;AACR,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,MAAA,CAAO,OAAO,WAAA,EAAY;AAAA,IAC1B,MAAA,CAAO,aAAA;AAAA,IACP,MAAA,CAAO,KAAA;AAAA,IACP,MAAA,CAAO,EAAA;AAAA,IACP,MAAA,CAAO,KAAA;AAAA,IACP,MAAA,CAAO,QAAA;AAAA,IACP;AAAA;AAAA,GACF,CAAE,KAAK,IAAI,CAAA;AACb;AAaO,SAAS,iBAAiB,GAAA,EAAkB;AACjD,EAAA,OAAO,GAAA,CAAI,WAAW,GAAA,CAAI,MAAA;AAC5B;AAKO,IAAM,WAAA,GAAc;AAKpB,IAAK,YAAA,qBAAAC,aAAAA,KAAL;AACL,EAAAA,cAAA,qBAAA,CAAA,GAAsB,6BAAA;AADZ,EAAA,OAAAA,aAAAA;AAAA,CAAA,EAAA,YAAA,IAAA,EAAA;ACvFL,IAAM,uBAAA,GAA0BD,EAAE,MAAA,CAAO;AAAA;AAAA,EAE9C,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,eAAA,EAAiBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACtD,SAAA,EAAWA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EAChC,MAAA,EAAQA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAG7B,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,WAAWA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EACxC,cAAA,EAAgBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAGrD,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC1B,CAAC;AASM,IAAM,sBAAA,GAAyB;AAY/B,IAAM,qBAAA,GAAwBA,EAAE,MAAA,CAAO;AAAA;AAAA,EAE5C,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE/B,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE5B,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC5B,CAAC;AC5BM,IAAM,gBAAA,GAAmBA,EAAE,MAAA,CAAO;AAAA,EACvC,GAAA,EAAKA,EAAE,MAAA,CAAO;AAAA,IACZ,SAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA;AAAS,GACpC;AACH,CAAC;AAQM,IAAM,oBAAA,GAAuBA,EAAE,MAAA,CAAO;AAAA,EAC3C,WAAA,EAAaA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ;AACjC,CAAC;AAQM,IAAM,yBAAA,GAA4BA,EAAE,MAAA,CAAO;AAAA;AAAA,EAEhD,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE1B,QAAQA,CAAAA,CAAE,MAAA,CAAOA,EAAE,OAAA,EAAS,EAAE,QAAA;AAChC,CAAC;AAQM,IAAM,qBAAA,GAAwBA,EAAE,MAAA,CAAO;AAAA,EAC5C,IAAA,EAAMA,EAAE,MAAA,EAAO;AAAA,EACf,IAAA,EAAMA,EAAE,IAAA,CAAK,CAAC,UAAU,QAAA,EAAU,KAAA,EAAO,QAAA,EAAU,SAAS,CAAC,CAAA;AAAA,EAC7D,KAAA,EAAOA,EAAE,MAAA,EAAO;AAAA,EAChB,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACjC,QAAA,EAAUA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,EAClC,OAAA,EAASA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AACvB,CAAC;AAOM,IAAM,4BAAA,GAA+BA,EAAE,MAAA,CAAO;AAAA,EACnD,MAAA,EAAQA,CAAAA,CAAE,KAAA,CAAM,qBAAqB;AACvC,CAAC;AAyRM,IAAM,0BAAA,GAA6BA,EAAE,MAAA,CAAO;AAAA,EACjD,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,SAASA,CAAAA,CAAE,MAAA;AAAA,IACTA,EAAE,MAAA,CAAO;AAAA,MACP,aAAA,EAAeA,CAAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA,MAChC,cAAA,EAAgBA,CAAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA,MACjC,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,KAClC;AAAA,GACH;AAAA,EACA,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAEM,IAAM,oBAAA,GAAuBA,EAAE,MAAA,CAAO;AAAA,EAC3C,EAAA,EAAIA,CAAAA,CAAE,MAAA,EAAO,CAAE,MAAM,qBAAA,EAAuB;AAAA,IAC1C,OAAA,EAAS;AAAA,GACV,CAAA;AAAA,EACD,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC9B,QAAA,EAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC1B,OAAA,EAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACzB,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,OAAA,EAASA,EAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAClC,IAAA,EAAM,gBAAA;AAAA,EACN,QAAA,EAAU,oBAAA;AAAA,EACV,UAAA,EAAYA,CAAAA,CAAE,MAAA,CAAO,yBAAyB,EAAE,QAAA,EAAS;AAAA,EACzD,gBAAA,EAAkB,6BAA6B,QAAA,EAAS;AAAA,EACxD,MAAA,EAAQ,2BAA2B,QAAA,EAAS;AAAA,EAC5C,eAAeA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,EAAE,QAAA;AACrC,CAAC;AAOM,SAAS,uBAAuB,MAAA,EAIrC;AACA,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACzC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,0BAAA,EAA2B;AAAA,EAC3D;AAEA,EAAA,MAAM,MAAA,GAAS,oBAAA,CAAqB,SAAA,CAAU,MAAM,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO,CAAA,yBAAA,EAA4B,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,KACzF;AAAA,EACF;AAGA,EAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AACpB,EAAA,MAAM,aAAa,CAAA,EAAG,IAAA,CAAK,YAAY,CAAA,CAAA,EAAI,KAAK,QAAQ,CAAA,CAAA;AACxD,EAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO,CAAA,WAAA,EAAc,IAAA,CAAK,EAAE,iBAAiB,UAAU,CAAA,CAAA;AAAA,KACzD;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,QAAA,EAAU,IAAA,EAAK;AACvC;AAgCO,SAAS,uBACd,MAAA,EACsB;AACtB,EAAA,MAAM,KAAA,GAA8B;AAAA,IAClC,YAAY,MAAA,CAAO,EAAA;AAAA,IACnB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,MAAM,MAAA,CAAO,IAAA;AAAA,IACb,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,WAAA,EAAa;AAAA,MACX,QAAA,EAAU,OAAO,QAAA,CAAS;AAAA;AAC5B,GACF;AAGA,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,KAAA,CAAM,MAAA,GAAS;AAAA,MACb,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,MACzB,UAAA,EAAY,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc;AAAA,KAC1C;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AA6BO,IAAM,mBAAA,GAAkC;AAAA,EAC7C,GAAA,EAAK,EAAE,OAAA,EAAS,CAAA;AAClB;AAKO,IAAM,uBAAA,GAA0C;AAAA,EACrD,aAAa;AACf;AAKO,SAAS,iBAAiB,OAAA,EAa/B;AACA,EAAA,OAAO;AAAA,IACL,IAAI,OAAA,CAAQ,EAAA;AAAA,IACZ,cAAc,OAAA,CAAQ,YAAA;AAAA,IACtB,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,IAAA,EAAM,QAAQ,IAAA,IAAQ,mBAAA;AAAA,IACtB,QAAA,EAAU,QAAQ,QAAA,IAAY,uBAAA;AAAA,IAC9B,YAAY,OAAA,CAAQ,UAAA;AAAA,IACpB,kBAAkB,OAAA,CAAQ,gBAAA;AAAA,IAC1B,QAAQ,OAAA,CAAQ,MAAA;AAAA,IAChB,eAAe,OAAA,CAAQ;AAAA,GACzB;AACF;;;ACxhBO,SAAS,gBAAgB,UAAA,EAG9B;AACA,EAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,+BAA+B,UAAU,CAAA,qCAAA;AAAA,KAC3C;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL,YAAA,EAAc,MAAM,CAAC,CAAA;AAAA,IACrB,QAAA,EAAU,MAAM,CAAC;AAAA,GACnB;AACF;AAKO,SAAS,gBAAA,CACd,cACA,QAAA,EACY;AACZ,EAAA,OAAO,CAAA,EAAG,YAAY,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA;AACpC","file":"index.mjs","sourcesContent":["import { z } from \"zod\";\n\n// ============================================\n// ERROR CODES\n// Standardized error codes for the gateway\n// ============================================\n\n/**\n * Gateway error codes.\n */\nexport enum ErrorCode {\n // Resource errors\n ERR_RESOURCE_REQUIRED = \"ERR_RESOURCE_REQUIRED\",\n ERR_UNKNOWN_RESOURCE = \"ERR_UNKNOWN_RESOURCE\",\n ERR_RESOURCE_NOT_CONFIGURED = \"ERR_RESOURCE_NOT_CONFIGURED\",\n ERR_UNSUPPORTED_ACTION = \"ERR_UNSUPPORTED_ACTION\",\n\n // Auth errors\n ERR_MISSING_AUTH = \"ERR_MISSING_AUTH\",\n ERR_INVALID_SIGNATURE = \"ERR_INVALID_SIGNATURE\",\n ERR_EXPIRED_TIMESTAMP = \"ERR_EXPIRED_TIMESTAMP\",\n ERR_INVALID_NONCE = \"ERR_INVALID_NONCE\",\n ERR_APP_NOT_FOUND = \"ERR_APP_NOT_FOUND\",\n ERR_APP_DISABLED = \"ERR_APP_DISABLED\",\n\n // Permission errors\n ERR_PERMISSION_DENIED = \"ERR_PERMISSION_DENIED\",\n ERR_PERMISSION_EXPIRED = \"ERR_PERMISSION_EXPIRED\",\n ERR_CONSTRAINT_VIOLATION = \"ERR_CONSTRAINT_VIOLATION\",\n\n // Rate/budget errors\n ERR_RATE_LIMIT_EXCEEDED = \"ERR_RATE_LIMIT_EXCEEDED\",\n ERR_BUDGET_EXCEEDED = \"ERR_BUDGET_EXCEEDED\",\n\n // Request errors\n ERR_INVALID_REQUEST = \"ERR_INVALID_REQUEST\",\n ERR_INVALID_JSON = \"ERR_INVALID_JSON\",\n ERR_CONTRACT_VALIDATION_FAILED = \"ERR_CONTRACT_VALIDATION_FAILED\",\n\n // Internal errors\n ERR_INTERNAL = \"ERR_INTERNAL\",\n ERR_UPSTREAM_ERROR = \"ERR_UPSTREAM_ERROR\",\n\n // Pairing errors\n ERR_INVALID_PAIRING_STRING = \"ERR_INVALID_PAIRING_STRING\",\n ERR_INVALID_CONNECT_CODE = \"ERR_INVALID_CONNECT_CODE\",\n ERR_SESSION_EXPIRED = \"ERR_SESSION_EXPIRED\",\n\n // PoP errors\n ERR_UNSUPPORTED_POP_VERSION = \"ERR_UNSUPPORTED_POP_VERSION\",\n\n // Policy violation errors\n ERR_POLICY_VIOLATION = \"ERR_POLICY_VIOLATION\",\n ERR_MODEL_NOT_ALLOWED = \"ERR_MODEL_NOT_ALLOWED\",\n ERR_MAX_TOKENS_EXCEEDED = \"ERR_MAX_TOKENS_EXCEEDED\",\n ERR_TOOLS_NOT_ALLOWED = \"ERR_TOOLS_NOT_ALLOWED\",\n ERR_STREAMING_NOT_ALLOWED = \"ERR_STREAMING_NOT_ALLOWED\",\n}\n\n/**\n * Get HTTP status code for an error code.\n */\nexport function getErrorStatus(code: ErrorCode): number {\n switch (code) {\n case ErrorCode.ERR_RESOURCE_REQUIRED:\n case ErrorCode.ERR_INVALID_REQUEST:\n case ErrorCode.ERR_INVALID_JSON:\n case ErrorCode.ERR_CONSTRAINT_VIOLATION:\n case ErrorCode.ERR_INVALID_PAIRING_STRING:\n case ErrorCode.ERR_INVALID_CONNECT_CODE:\n return 400;\n\n case ErrorCode.ERR_CONTRACT_VALIDATION_FAILED:\n return 422;\n\n case ErrorCode.ERR_MISSING_AUTH:\n case ErrorCode.ERR_INVALID_SIGNATURE:\n case ErrorCode.ERR_EXPIRED_TIMESTAMP:\n case ErrorCode.ERR_INVALID_NONCE:\n return 401;\n\n case ErrorCode.ERR_PERMISSION_DENIED:\n case ErrorCode.ERR_PERMISSION_EXPIRED:\n case ErrorCode.ERR_APP_DISABLED:\n return 403;\n\n case ErrorCode.ERR_APP_NOT_FOUND:\n case ErrorCode.ERR_UNKNOWN_RESOURCE:\n case ErrorCode.ERR_UNSUPPORTED_ACTION:\n return 404;\n\n case ErrorCode.ERR_SESSION_EXPIRED:\n return 410;\n\n case ErrorCode.ERR_UNSUPPORTED_POP_VERSION:\n return 400;\n\n case ErrorCode.ERR_POLICY_VIOLATION:\n case ErrorCode.ERR_MODEL_NOT_ALLOWED:\n case ErrorCode.ERR_MAX_TOKENS_EXCEEDED:\n case ErrorCode.ERR_TOOLS_NOT_ALLOWED:\n case ErrorCode.ERR_STREAMING_NOT_ALLOWED:\n return 403;\n\n case ErrorCode.ERR_RATE_LIMIT_EXCEEDED:\n case ErrorCode.ERR_BUDGET_EXCEEDED:\n return 429;\n\n case ErrorCode.ERR_RESOURCE_NOT_CONFIGURED:\n case ErrorCode.ERR_INTERNAL:\n case ErrorCode.ERR_UPSTREAM_ERROR:\n return 500;\n\n default:\n return 500;\n }\n}\n\n/**\n * Gateway error class.\n */\nexport class GatewayError extends Error {\n public readonly code: ErrorCode;\n public readonly status: number;\n public readonly details?: Record<string, unknown>;\n public readonly requestId?: string;\n\n constructor(\n code: ErrorCode,\n message: string,\n options?: {\n details?: Record<string, unknown>;\n requestId?: string;\n },\n ) {\n super(message);\n this.name = \"GatewayError\";\n this.code = code;\n this.status = getErrorStatus(code);\n this.details = options?.details;\n this.requestId = options?.requestId;\n }\n\n toJSON() {\n return {\n error: {\n code: this.code,\n message: this.message,\n ...(this.requestId && { requestId: this.requestId }),\n ...(this.details && { details: this.details }),\n },\n };\n }\n}\n\n/**\n * Create a resource required error with helpful message.\n */\nexport function resourceRequiredError(hint?: string): GatewayError {\n const message = hint\n ? `Resource not specified. ${hint}`\n : \"Resource not specified. Set baseURL to /r/<resourceType>/<provider>/v1 or provide x-gateway-resource header.\";\n\n return new GatewayError(ErrorCode.ERR_RESOURCE_REQUIRED, message, {\n details: {\n examples: {\n groq: \"/r/llm/groq/v1/chat/completions\",\n gemini: \"/r/llm/gemini/v1/chat/completions\",\n header: \"x-gateway-resource: llm:groq\",\n },\n },\n });\n}\n\n// ============================================\n// ERROR RESPONSE SCHEMA\n// Standard error response format for all API errors\n// ============================================\n\n/**\n * Standard error response schema.\n * All API errors should conform to this shape.\n */\nexport const GatewayErrorResponseSchema = z.object({\n error: z.object({\n code: z.string(),\n message: z.string(),\n requestId: z.string().optional(),\n details: z.unknown().optional(),\n }),\n});\n\nexport type GatewayErrorResponse = z.infer<typeof GatewayErrorResponseSchema>;\n\n/**\n * Create a standard error response object.\n */\nexport function createErrorResponse(\n code: string,\n message: string,\n options?: {\n requestId?: string;\n details?: unknown;\n },\n): GatewayErrorResponse {\n return {\n error: {\n code,\n message,\n ...(options?.requestId && { requestId: options.requestId }),\n ...(options?.details !== undefined && { details: options.details }),\n },\n };\n}\n","// ============================================\n// DURATION PRESETS\n// Standardized permission duration options\n// Used by both SDK (requesting) and Proxy (granting)\n// ============================================\n\nimport { z } from \"zod\";\n\n/**\n * Preset duration identifiers.\n * Apps can request these, and the proxy recognizes them.\n */\nexport type DurationPresetId =\n | \"1_hour\"\n | \"4_hours\"\n | \"24_hours\"\n | \"1_week\"\n | \"1_month\"\n | \"3_months\"\n | \"1_year\"\n | \"forever\"\n | \"custom\";\n\n/**\n * Duration preset definition.\n */\nexport interface DurationPreset {\n id: DurationPresetId;\n label: string;\n description: string;\n /** Duration in milliseconds, null = never expires */\n durationMs: number | null;\n /** Suggested for short-term testing */\n isTemporary?: boolean;\n /** Suggested for production use */\n isRecommended?: boolean;\n}\n\n/**\n * All available duration presets in order of duration.\n */\nexport const DURATION_PRESETS: DurationPreset[] = [\n {\n id: \"1_hour\",\n label: \"1 hour\",\n description: \"Quick testing session\",\n durationMs: 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"4_hours\",\n label: \"4 hours\",\n description: \"Extended testing\",\n durationMs: 4 * 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"24_hours\",\n label: \"24 hours\",\n description: \"One day access\",\n durationMs: 24 * 60 * 60 * 1000,\n isTemporary: true,\n },\n {\n id: \"1_week\",\n label: \"1 week\",\n description: \"7 days\",\n durationMs: 7 * 24 * 60 * 60 * 1000,\n },\n {\n id: \"1_month\",\n label: \"1 month\",\n description: \"30 days\",\n durationMs: 30 * 24 * 60 * 60 * 1000,\n isRecommended: true,\n },\n {\n id: \"3_months\",\n label: \"3 months\",\n description: \"90 days\",\n durationMs: 90 * 24 * 60 * 60 * 1000,\n isRecommended: true,\n },\n {\n id: \"1_year\",\n label: \"1 year\",\n description: \"365 days\",\n durationMs: 365 * 24 * 60 * 60 * 1000,\n },\n {\n id: \"forever\",\n label: \"Forever\",\n description: \"No expiration\",\n durationMs: null,\n },\n {\n id: \"custom\",\n label: \"Custom\",\n description: \"Set specific date/time\",\n durationMs: null,\n },\n];\n\n/**\n * Get a preset by ID.\n */\nexport function getDurationPreset(\n id: DurationPresetId,\n): DurationPreset | undefined {\n return DURATION_PRESETS.find((p) => p.id === id);\n}\n\n/**\n * Calculate expiry date from a duration preset ID.\n * @returns Date object or null for \"forever\"\n */\nexport function getExpiryFromDurationPreset(\n presetId: DurationPresetId,\n fromDate: Date = new Date(),\n): Date | null {\n const preset = getDurationPreset(presetId);\n if (!preset || preset.durationMs === null) {\n return null;\n }\n return new Date(fromDate.getTime() + preset.durationMs);\n}\n\n/**\n * Calculate expiry date from a duration in milliseconds.\n */\nexport function getExpiryFromDuration(\n durationMs: number,\n fromDate: Date = new Date(),\n): Date {\n return new Date(fromDate.getTime() + durationMs);\n}\n\n/**\n * Find the closest matching preset for a given duration.\n */\nexport function findClosestPreset(durationMs: number | null): DurationPreset {\n if (durationMs === null) {\n return DURATION_PRESETS.find((p) => p.id === \"forever\")!;\n }\n\n // Find closest match\n let closest = DURATION_PRESETS[0];\n let closestDiff = Infinity;\n\n for (const preset of DURATION_PRESETS) {\n if (preset.durationMs === null || preset.id === \"custom\") continue;\n\n const diff = Math.abs(preset.durationMs - durationMs);\n if (diff < closestDiff) {\n closestDiff = diff;\n closest = preset;\n }\n }\n\n return closest;\n}\n\n/**\n * Format a duration in milliseconds to human readable.\n */\nexport function formatDuration(durationMs: number | null): string {\n if (durationMs === null) return \"Forever\";\n\n const hours = durationMs / (60 * 60 * 1000);\n if (hours < 24) return `${Math.round(hours)} hour${hours !== 1 ? \"s\" : \"\"}`;\n\n const days = hours / 24;\n if (days < 7) return `${Math.round(days)} day${days !== 1 ? \"s\" : \"\"}`;\n\n const weeks = days / 7;\n if (weeks < 4) return `${Math.round(weeks)} week${weeks !== 1 ? \"s\" : \"\"}`;\n\n const months = days / 30;\n if (months < 12)\n return `${Math.round(months)} month${months !== 1 ? \"s\" : \"\"}`;\n\n const years = days / 365;\n return `${Math.round(years)} year${years !== 1 ? \"s\" : \"\"}`;\n}\n\n/**\n * Format an expiry date relative to now.\n */\nexport function formatExpiryRelative(expiresAt: Date | null): string {\n if (!expiresAt) return \"Never\";\n\n const now = new Date();\n const diff = expiresAt.getTime() - now.getTime();\n\n if (diff <= 0) return \"Expired\";\n return `In ${formatDuration(diff)}`;\n}\n\n// ============================================\n// ZOD SCHEMAS\n// ============================================\n\n/**\n * Duration preset ID schema for validation.\n */\nexport const DurationPresetIdSchema = z.enum([\n \"1_hour\",\n \"4_hours\",\n \"24_hours\",\n \"1_week\",\n \"1_month\",\n \"3_months\",\n \"1_year\",\n \"forever\",\n \"custom\",\n]);\n\n/**\n * Requested duration schema.\n * Apps can specify their preferred duration when requesting permissions.\n */\nexport const RequestedDurationSchema = z.union([\n // Preset ID\n z.object({\n type: z.literal(\"preset\"),\n preset: DurationPresetIdSchema,\n }),\n // Specific duration in milliseconds\n z.object({\n type: z.literal(\"duration\"),\n durationMs: z.number().int().positive(),\n }),\n // Specific expiry date\n z.object({\n type: z.literal(\"until\"),\n expiresAt: z.string().datetime(),\n }),\n]);\n\nexport type RequestedDuration = z.infer<typeof RequestedDurationSchema>;\n\n/**\n * Resolve a RequestedDuration to an expiry Date (or null for forever).\n */\nexport function resolveRequestedDuration(\n duration: RequestedDuration | undefined,\n fromDate: Date = new Date(),\n): Date | null {\n if (!duration) return null; // Default: no preference (admin decides)\n\n switch (duration.type) {\n case \"preset\":\n return getExpiryFromDurationPreset(duration.preset, fromDate);\n case \"duration\":\n return getExpiryFromDuration(duration.durationMs, fromDate);\n case \"until\":\n return new Date(duration.expiresAt);\n }\n}\n\n/**\n * Create a preset-based RequestedDuration.\n */\nexport function createPresetDuration(\n preset: DurationPresetId,\n): RequestedDuration {\n return { type: \"preset\", preset };\n}\n\n/**\n * Create a duration-based RequestedDuration.\n */\nexport function createDurationMs(durationMs: number): RequestedDuration {\n return { type: \"duration\", durationMs };\n}\n\n/**\n * Create an until-based RequestedDuration.\n */\nexport function createUntilDuration(expiresAt: Date): RequestedDuration {\n return { type: \"until\", expiresAt: expiresAt.toISOString() };\n}\n","import { z } from \"zod\";\nimport { RequestedDurationSchema } from \"./duration-presets\";\n\n// ============================================\n// SHARED SCHEMAS\n// Validation schemas used by proxy and SDK\n// ============================================\n\n/**\n * Chat message schema (OpenAI-compatible).\n */\nexport const ChatMessageSchema = z.object({\n role: z.enum([\"system\", \"user\", \"assistant\", \"tool\"]),\n content: z\n .union([\n z.string(),\n z.array(\n z.object({\n type: z.string(),\n text: z.string().optional(),\n image_url: z\n .object({\n url: z.string(),\n detail: z.string().optional(),\n })\n .optional(),\n }),\n ),\n ])\n .nullable(),\n name: z.string().optional(),\n tool_calls: z\n .array(\n z.object({\n id: z.string(),\n type: z.literal(\"function\"),\n function: z.object({\n name: z.string(),\n arguments: z.string(),\n }),\n }),\n )\n .optional(),\n tool_call_id: z.string().optional(),\n});\n\n/**\n * Chat completion request schema (OpenAI-compatible).\n */\nexport const ChatCompletionRequestSchema = z.object({\n model: z.string(),\n messages: z.array(ChatMessageSchema),\n temperature: z.number().min(0).max(2).optional(),\n top_p: z.number().min(0).max(1).optional(),\n n: z.number().int().min(1).max(10).optional(),\n stream: z.boolean().optional(),\n stop: z.union([z.string(), z.array(z.string())]).optional(),\n max_tokens: z.number().int().positive().optional(),\n max_completion_tokens: z.number().int().positive().optional(),\n presence_penalty: z.number().min(-2).max(2).optional(),\n frequency_penalty: z.number().min(-2).max(2).optional(),\n logit_bias: z.record(z.number()).optional(),\n user: z.string().optional(),\n tools: z\n .array(\n z.object({\n type: z.literal(\"function\"),\n function: z.object({\n name: z.string(),\n description: z.string().optional(),\n parameters: z.record(z.unknown()).optional(),\n }),\n }),\n )\n .optional(),\n tool_choice: z\n .union([\n z.literal(\"none\"),\n z.literal(\"auto\"),\n z.literal(\"required\"),\n z.object({\n type: z.literal(\"function\"),\n function: z.object({ name: z.string() }),\n }),\n ])\n .optional(),\n response_format: z\n .object({\n type: z.enum([\"text\", \"json_object\"]),\n })\n .optional(),\n seed: z.number().int().optional(),\n});\n\nexport type ChatCompletionRequest = z.infer<typeof ChatCompletionRequestSchema>;\nexport type ChatMessage = z.infer<typeof ChatMessageSchema>;\n\n/**\n * Permission request schema.\n * Includes optional requested duration for apps to suggest their needs.\n */\nexport const PermissionRequestSchema = z.object({\n resourceId: z.string().regex(/^[a-z]+:[a-z0-9-]+$/, {\n message: \"Invalid resource ID format. Expected: <resourceType>:<provider>\",\n }),\n actions: z.array(z.string()).min(1),\n constraints: z.record(z.unknown()).optional(),\n /** Optional: App's requested/preferred duration for this permission */\n requestedDuration: RequestedDurationSchema.optional(),\n});\n\n/**\n * App metadata schema.\n */\nexport const AppMetadataSchema = z.object({\n name: z.string().min(1).max(100),\n description: z.string().max(500).optional(),\n homepage: z.string().url().optional(),\n});\n\n/**\n * Install request schema (for prepare endpoint).\n */\nexport const InstallRequestSchema = z.object({\n connectCode: z.string().min(16),\n app: AppMetadataSchema,\n publicKey: z.string().min(40),\n requestedPermissions: z.array(PermissionRequestSchema).min(1),\n redirectUri: z.string().url(),\n});\n\nexport type InstallRequest = z.infer<typeof InstallRequestSchema>;\n\n// ============================================\n// DISCOVERY SCHEMAS\n// Resource discovery response types\n// ============================================\n\n/**\n * Resource auth configuration in discovery response.\n */\nexport const ResourceAuthSchema = z.object({\n pop: z.object({\n version: z.number(),\n }),\n});\n\n/**\n * Resource entry in discovery response.\n */\nexport const ResourceDiscoveryEntrySchema = z.object({\n resourceId: z.string(),\n actions: z.array(z.string()),\n auth: ResourceAuthSchema,\n constraints: z\n .object({\n supports: z.array(z.string()),\n })\n .optional(),\n});\n\n/**\n * Gateway info in discovery response.\n */\nexport const GatewayInfoSchema = z.object({\n version: z.string(),\n name: z.string().optional(),\n});\n\n/**\n * Full discovery response schema.\n */\nexport const ResourcesDiscoveryResponseSchema = z.object({\n gateway: GatewayInfoSchema,\n resources: z.array(ResourceDiscoveryEntrySchema),\n});\n\nexport type ResourcesDiscoveryResponse = z.infer<\n typeof ResourcesDiscoveryResponseSchema\n>;\nexport type ResourceDiscoveryEntry = z.infer<\n typeof ResourceDiscoveryEntrySchema\n>;\nexport type GatewayInfo = z.infer<typeof GatewayInfoSchema>;\n","// ============================================\n// ACCESS POLICY TYPES\n// Comprehensive access control configuration\n// ============================================\n\n/**\n * Time window restriction.\n * Allows access only during specific hours of the day.\n */\nexport interface TimeWindow {\n /** Start hour (0-23) in the specified timezone */\n startHour: number;\n /** End hour (0-23) in the specified timezone */\n endHour: number;\n /** Timezone for the time window (e.g., \"UTC\", \"America/New_York\") */\n timezone: string;\n /** Days of week allowed (0=Sunday, 6=Saturday). Empty = all days */\n allowedDays?: number[];\n}\n\n/**\n * Rate limit configuration.\n */\nexport interface RateLimitConfig {\n /** Maximum requests allowed in the window */\n maxRequests: number;\n /** Window duration in seconds */\n windowSeconds: number;\n}\n\n/**\n * Burst limit configuration.\n * Allows short-term spikes above the sustained rate limit.\n */\nexport interface BurstConfig {\n /** Maximum requests allowed in burst window */\n limit: number;\n /** Burst window duration in seconds (typically short, e.g., 10s) */\n windowSeconds: number;\n}\n\n/**\n * Quota configuration for daily/monthly limits.\n */\nexport interface QuotaConfig {\n /** Daily request quota (null = unlimited) */\n daily?: number;\n /** Monthly request quota (null = unlimited) */\n monthly?: number;\n}\n\n/**\n * Token budget for LLM resources.\n */\nexport interface TokenBudget {\n /** Daily token budget (null = unlimited) */\n daily?: number;\n /** Monthly token budget (null = unlimited) */\n monthly?: number;\n}\n\n/**\n * Per-model rate limit configuration.\n * Allows fine-grained control over different models.\n */\nexport interface ModelRateLimit {\n /** Model identifier */\n model: string;\n /** Maximum requests per window for this model */\n maxRequests: number;\n /** Window duration in seconds */\n windowSeconds: number;\n /** Maximum output tokens per request for this model (overrides global) */\n maxOutputTokens?: number;\n /** Daily token budget for this specific model */\n dailyTokenBudget?: number;\n /** Monthly token budget for this specific model */\n monthlyTokenBudget?: number;\n}\n\n/**\n * LLM-specific constraints.\n */\nexport interface LLMConstraints {\n /** Allowed model IDs (empty = all models allowed) */\n allowedModels?: string[];\n /** Maximum output tokens per request */\n maxOutputTokens?: number;\n /** Maximum input tokens per request */\n maxInputTokens?: number;\n /** Allow streaming responses */\n allowStreaming?: boolean;\n /** Maximum context window */\n maxContextWindow?: number;\n /** Per-model rate limits (overrides global rate limits) */\n modelRateLimits?: ModelRateLimit[];\n /** Allow tool/function calling */\n allowTools?: boolean;\n}\n\n/**\n * Email-specific constraints.\n */\nexport interface EmailConstraints {\n /** Allowed from domains */\n allowedFromDomains?: string[];\n /** Maximum recipients per email */\n maxRecipients?: number;\n /** Allow HTML content */\n allowHtml?: boolean;\n /** Maximum attachment size in bytes */\n maxAttachmentSize?: number;\n}\n\n/**\n * Generic HTTP constraints.\n */\nexport interface HTTPConstraints {\n /** Maximum request body size in bytes */\n maxRequestBodySize?: number;\n /** Allowed HTTP methods */\n allowedMethods?: string[];\n /** Custom constraints */\n custom?: Record<string, unknown>;\n}\n\n/**\n * Union type for all constraint types.\n */\nexport type ResourceConstraints =\n | LLMConstraints\n | EmailConstraints\n | HTTPConstraints\n | Record<string, unknown>;\n\n/**\n * Complete access policy for a permission.\n * This is what the proxy owner configures during approval.\n */\nexport interface AccessPolicy {\n // ============================================\n // Time Controls\n // ============================================\n\n /** When the permission becomes valid (ISO string, null = immediately) */\n validFrom?: string | null;\n\n /** When the permission expires (ISO string, null = never) */\n expiresAt?: string | null;\n\n /** Time-of-day restrictions */\n timeWindow?: TimeWindow | null;\n\n // ============================================\n // Rate Limiting\n // ============================================\n\n /** Sustained rate limit */\n rateLimit?: RateLimitConfig;\n\n /** Burst allowance */\n burst?: BurstConfig;\n\n // ============================================\n // Quotas\n // ============================================\n\n /** Request quotas */\n quota?: QuotaConfig;\n\n /** Token budget (LLM resources) */\n tokenBudget?: TokenBudget;\n\n // ============================================\n // Scope Constraints\n // ============================================\n\n /** Resource-specific constraints */\n constraints?: ResourceConstraints;\n}\n\n// ============================================\n// EXPIRY PRESETS\n// Quick options for common expiry scenarios\n// ============================================\n\nexport type ExpiryPreset =\n | \"1_hour\"\n | \"4_hours\"\n | \"today\"\n | \"24_hours\"\n | \"this_week\"\n | \"1_month\"\n | \"3_months\"\n | \"1_year\"\n | \"never\"\n | \"custom\";\n\nexport interface ExpiryPresetOption {\n value: ExpiryPreset;\n label: string;\n description: string;\n getDate: () => Date | null;\n}\n\n/**\n * Get expiry date from preset.\n */\nexport function getExpiryFromPreset(preset: ExpiryPreset): Date | null {\n const now = new Date();\n\n switch (preset) {\n case \"1_hour\":\n return new Date(now.getTime() + 60 * 60 * 1000);\n case \"4_hours\":\n return new Date(now.getTime() + 4 * 60 * 60 * 1000);\n case \"today\":\n // End of today in local timezone\n const endOfDay = new Date(now);\n endOfDay.setHours(23, 59, 59, 999);\n return endOfDay;\n case \"24_hours\":\n return new Date(now.getTime() + 24 * 60 * 60 * 1000);\n case \"this_week\":\n // End of this week (Sunday)\n const endOfWeek = new Date(now);\n const daysUntilSunday = 7 - endOfWeek.getDay();\n endOfWeek.setDate(endOfWeek.getDate() + daysUntilSunday);\n endOfWeek.setHours(23, 59, 59, 999);\n return endOfWeek;\n case \"1_month\":\n return new Date(now.getTime() + 30 * 24 * 60 * 60 * 1000);\n case \"3_months\":\n return new Date(now.getTime() + 90 * 24 * 60 * 60 * 1000);\n case \"1_year\":\n return new Date(now.getTime() + 365 * 24 * 60 * 60 * 1000);\n case \"never\":\n return null;\n case \"custom\":\n return null; // Custom requires manual date input\n default:\n return null;\n }\n}\n\n/**\n * All available expiry presets with labels.\n */\nexport const EXPIRY_PRESETS: ExpiryPresetOption[] = [\n {\n value: \"1_hour\",\n label: \"1 hour\",\n description: \"Expires in 1 hour\",\n getDate: () => getExpiryFromPreset(\"1_hour\"),\n },\n {\n value: \"4_hours\",\n label: \"4 hours\",\n description: \"Expires in 4 hours\",\n getDate: () => getExpiryFromPreset(\"4_hours\"),\n },\n {\n value: \"today\",\n label: \"End of today\",\n description: \"Expires at midnight\",\n getDate: () => getExpiryFromPreset(\"today\"),\n },\n {\n value: \"24_hours\",\n label: \"24 hours\",\n description: \"Expires in 24 hours\",\n getDate: () => getExpiryFromPreset(\"24_hours\"),\n },\n {\n value: \"this_week\",\n label: \"This week\",\n description: \"Expires end of week\",\n getDate: () => getExpiryFromPreset(\"this_week\"),\n },\n {\n value: \"1_month\",\n label: \"1 month\",\n description: \"Expires in 30 days\",\n getDate: () => getExpiryFromPreset(\"1_month\"),\n },\n {\n value: \"3_months\",\n label: \"3 months\",\n description: \"Expires in 90 days\",\n getDate: () => getExpiryFromPreset(\"3_months\"),\n },\n {\n value: \"1_year\",\n label: \"1 year\",\n description: \"Expires in 1 year\",\n getDate: () => getExpiryFromPreset(\"1_year\"),\n },\n {\n value: \"never\",\n label: \"Never\",\n description: \"No expiration\",\n getDate: () => null,\n },\n {\n value: \"custom\",\n label: \"Custom\",\n description: \"Set custom date\",\n getDate: () => null,\n },\n];\n\n// ============================================\n// RATE LIMIT PRESETS\n// ============================================\n\nexport interface RateLimitPreset {\n label: string;\n value: RateLimitConfig;\n}\n\nexport const RATE_LIMIT_PRESETS: RateLimitPreset[] = [\n {\n label: \"5 per minute (very restricted)\",\n value: { maxRequests: 5, windowSeconds: 60 },\n },\n { label: \"10 per minute\", value: { maxRequests: 10, windowSeconds: 60 } },\n { label: \"30 per minute\", value: { maxRequests: 30, windowSeconds: 60 } },\n {\n label: \"60 per minute (standard)\",\n value: { maxRequests: 60, windowSeconds: 60 },\n },\n { label: \"100 per hour\", value: { maxRequests: 100, windowSeconds: 3600 } },\n { label: \"500 per hour\", value: { maxRequests: 500, windowSeconds: 3600 } },\n { label: \"1000 per day\", value: { maxRequests: 1000, windowSeconds: 86400 } },\n];\n\n// ============================================\n// VALIDATION HELPERS\n// ============================================\n\n/**\n * Check if a permission is currently valid based on time controls.\n */\nexport function isPermissionValidNow(policy: AccessPolicy): {\n valid: boolean;\n reason?: string;\n} {\n const now = new Date();\n\n // Check validFrom\n if (policy.validFrom) {\n const validFromDate = new Date(policy.validFrom);\n if (now < validFromDate) {\n return {\n valid: false,\n reason: `Permission not yet valid. Starts at ${validFromDate.toISOString()}`,\n };\n }\n }\n\n // Check expiresAt\n if (policy.expiresAt) {\n const expiresAtDate = new Date(policy.expiresAt);\n if (now > expiresAtDate) {\n return {\n valid: false,\n reason: `Permission expired at ${expiresAtDate.toISOString()}`,\n };\n }\n }\n\n // Check time window\n if (policy.timeWindow) {\n const { startHour, endHour, timezone, allowedDays } = policy.timeWindow;\n\n // Get current time in the specified timezone\n const formatter = new Intl.DateTimeFormat(\"en-US\", {\n hour: \"numeric\",\n hour12: false,\n timeZone: timezone,\n });\n const currentHour = parseInt(formatter.format(now), 10);\n\n // Get current day (0 = Sunday)\n const dayFormatter = new Intl.DateTimeFormat(\"en-US\", {\n weekday: \"short\",\n timeZone: timezone,\n });\n const dayNames = [\"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", \"Sat\"];\n const currentDayName = dayFormatter.format(now);\n const currentDay = dayNames.indexOf(currentDayName.slice(0, 3));\n\n // Check allowed days\n if (\n allowedDays &&\n allowedDays.length > 0 &&\n !allowedDays.includes(currentDay)\n ) {\n return {\n valid: false,\n reason: `Access not allowed on this day (${currentDayName})`,\n };\n }\n\n // Check time window (handles overnight windows like 22:00-06:00)\n let inWindow: boolean;\n if (startHour <= endHour) {\n // Normal window (e.g., 9:00-17:00)\n inWindow = currentHour >= startHour && currentHour < endHour;\n } else {\n // Overnight window (e.g., 22:00-06:00)\n inWindow = currentHour >= startHour || currentHour < endHour;\n }\n\n if (!inWindow) {\n return {\n valid: false,\n reason: `Access only allowed between ${startHour}:00-${endHour}:00 ${timezone}`,\n };\n }\n }\n\n return { valid: true };\n}\n\n/**\n * Format an access policy for display.\n */\nexport function formatAccessPolicySummary(policy: AccessPolicy): string[] {\n const summary: string[] = [];\n\n if (policy.expiresAt) {\n const date = new Date(policy.expiresAt);\n summary.push(\n `Expires: ${date.toLocaleDateString()} ${date.toLocaleTimeString()}`,\n );\n }\n\n if (policy.validFrom) {\n const date = new Date(policy.validFrom);\n summary.push(\n `Starts: ${date.toLocaleDateString()} ${date.toLocaleTimeString()}`,\n );\n }\n\n if (policy.timeWindow) {\n const { startHour, endHour, timezone } = policy.timeWindow;\n summary.push(`Hours: ${startHour}:00-${endHour}:00 ${timezone}`);\n }\n\n if (policy.rateLimit) {\n const { maxRequests, windowSeconds } = policy.rateLimit;\n if (windowSeconds === 60) summary.push(`Rate: ${maxRequests}/min`);\n else if (windowSeconds === 3600) summary.push(`Rate: ${maxRequests}/hour`);\n else if (windowSeconds === 86400) summary.push(`Rate: ${maxRequests}/day`);\n else summary.push(`Rate: ${maxRequests}/${windowSeconds}s`);\n }\n\n if (policy.quota?.daily) {\n summary.push(`Daily quota: ${policy.quota.daily}`);\n }\n\n if (policy.quota?.monthly) {\n summary.push(`Monthly quota: ${policy.quota.monthly}`);\n }\n\n if (policy.tokenBudget?.daily) {\n summary.push(`Daily tokens: ${policy.tokenBudget.daily.toLocaleString()}`);\n }\n\n return summary;\n}\n","import { z } from \"zod\";\n\n// ============================================\n// PoP (Proof of Possession) PROTOCOL\n// Canonical signing rules and header schemas\n// ============================================\n\n/**\n * PoP header schema for v1 protocol.\n * Validates all required headers for PoP authentication.\n */\nexport const PopHeadersV1Schema = z.object({\n \"x-pop-v\": z.literal(\"1\"),\n \"x-app-id\": z.string().min(1, \"App ID is required\"),\n \"x-ts\": z.string().regex(/^\\d+$/, \"Timestamp must be numeric\"),\n \"x-nonce\": z.string().min(16, \"Nonce must be at least 16 characters\"),\n \"x-sig\": z.string().min(1, \"Signature is required\"),\n});\n\nexport type PopHeadersV1 = z.infer<typeof PopHeadersV1Schema>;\n\n/**\n * Parameters for building a canonical request string.\n */\nexport interface CanonicalRequestParams {\n /** HTTP method (will be uppercased) */\n method: string;\n /** URL path with query string (e.g., \"/v1/chat/completions?stream=true\") */\n pathWithQuery: string;\n /** App ID from x-app-id header */\n appId: string;\n /** Unix timestamp from x-ts header */\n ts: string;\n /** Nonce from x-nonce header */\n nonce: string;\n /** Base64url-encoded SHA-256 hash of request body */\n bodyHash: string;\n}\n\n/**\n * Build the canonical request string for PoP v1 signature.\n *\n * Format:\n * ```\n * v1\\n\n * <METHOD>\\n\n * <PATH_WITH_QUERY>\\n\n * <APP_ID>\\n\n * <TS>\\n\n * <NONCE>\\n\n * <BODY_HASH>\\n\n * ```\n *\n * @param params - The canonical request parameters\n * @returns The canonical request string to be signed\n *\n * @example\n * const canonical = buildCanonicalRequestV1({\n * method: \"POST\",\n * pathWithQuery: \"/v1/chat/completions?stream=true\",\n * appId: \"app_123\",\n * ts: \"1706000000\",\n * nonce: \"abc123xyz456def7\",\n * bodyHash: \"base64url-sha256-hash\",\n * });\n */\nexport function buildCanonicalRequestV1(\n params: CanonicalRequestParams,\n): string {\n return [\n \"v1\",\n params.method.toUpperCase(),\n params.pathWithQuery,\n params.appId,\n params.ts,\n params.nonce,\n params.bodyHash,\n \"\", // trailing newline\n ].join(\"\\n\");\n}\n\n/**\n * Extract path with query from a URL.\n * Combines pathname and search (including '?' when present).\n *\n * @example\n * getPathWithQuery(new URL(\"https://example.com/v1/chat?stream=true\"))\n * // Returns: \"/v1/chat?stream=true\"\n *\n * getPathWithQuery(new URL(\"https://example.com/v1/chat\"))\n * // Returns: \"/v1/chat\"\n */\nexport function getPathWithQuery(url: URL): string {\n return url.pathname + url.search;\n}\n\n/**\n * Current PoP protocol version.\n */\nexport const POP_VERSION = \"1\" as const;\n\n/**\n * Error codes specific to PoP authentication.\n */\nexport enum PopErrorCode {\n UNSUPPORTED_VERSION = \"ERR_UNSUPPORTED_POP_VERSION\",\n}\n","import { z } from \"zod\";\n\n// ============================================\n// POLICY ENFORCEMENT CONTRACTS\n// Schema-first enforcement types - no extractors\n// ============================================\n\n/**\n * Enforcement fields returned by validateAndShape.\n * These are normalized, enforceable knobs that plugins MUST provide\n * when constraints require them. This replaces the legacy extractor system.\n *\n * The schema-first approach ensures:\n * - Enforcement cannot be bypassed by malformed payloads\n * - Plugins are responsible for extracting enforcement fields during validation\n * - No \"fail-open\" extraction - if a field is needed, it must be provided\n */\nexport const EnforcementFieldsSchema = z.object({\n // LLM-specific fields\n model: z.string().optional(),\n maxOutputTokens: z.number().int().positive().optional(),\n usesTools: z.boolean().optional(),\n stream: z.boolean().optional(),\n\n // Email-specific fields\n fromDomain: z.string().optional(),\n toDomains: z.array(z.string()).optional(),\n recipientCount: z.number().int().positive().optional(),\n\n // Generic fields\n contentType: z.string().optional(),\n});\n\nexport type EnforcementFields = z.infer<typeof EnforcementFieldsSchema>;\n\n/**\n * @deprecated Use EnforcementFields instead. ExtractedRequest is kept for backward compatibility\n * but will be removed in a future version. The extractor system has been replaced with\n * schema-first validation where plugins return enforcement fields from validateAndShape.\n */\nexport const ExtractedRequestSchema = EnforcementFieldsSchema;\n\n/**\n * @deprecated Use EnforcementFields instead.\n */\nexport type ExtractedRequest = EnforcementFields;\n\n/**\n * Enforcement metadata that target apps may optionally provide.\n * This is NOT required for enforcement - the proxy can operate without it.\n * Treat as advisory only.\n */\nexport const EnforcementMetaSchema = z.object({\n /** App-provided request ID for correlation */\n requestId: z.string().optional(),\n /** Declared intent (advisory only, not enforced) */\n intent: z.string().optional(),\n /** App-declared expected model (advisory only) */\n expectedModel: z.string().optional(),\n});\n\nexport type EnforcementMeta = z.infer<typeof EnforcementMetaSchema>;\n\n/**\n * Policy definition for enforcement.\n * This mirrors ResourceConstraints but is focused on enforcement.\n */\nexport interface EnforcementPolicy {\n // LLM policies\n allowedModels?: string[];\n maxOutputTokens?: number;\n allowTools?: boolean;\n allowStreaming?: boolean;\n\n // Email policies\n allowedFromDomains?: string[];\n allowedToDomains?: string[];\n maxRecipients?: number;\n\n // Generic\n maxRequestBodySize?: number;\n}\n\n/**\n * Result of policy enforcement.\n */\nexport interface EnforcementResult {\n allowed: boolean;\n violation?: {\n code: string;\n message: string;\n field: string;\n actual?: unknown;\n limit?: unknown;\n };\n}\n","import { z, type ZodSchema } from \"zod\";\nimport type { EnforcementFields } from \"./enforcement\";\n\n// ============================================\n// PLUGIN CONTRACT\n// Core types and schemas for resource plugins\n// ============================================\n\n// ============================================\n// DUAL-ENTRYPOINT PLUGIN ARCHITECTURE\n// --------------------------------------------\n// Plugins can expose two entrypoints:\n//\n// 1. /proxy - Server-side code for the gateway proxy\n// - Implements execute(), validateAndShape(), etc.\n// - No browser-only code\n// - Import: @glueco/plugin-xxx/proxy\n//\n// 2. /client - Client-side typed wrappers for target apps\n// - Depends only on SDK transport interface\n// - Strongly typed methods per action\n// - No Node-only APIs\n// - Import: @glueco/plugin-xxx/client\n//\n// A plugin is considered \"SDK-compatible\" only if it exports\n// both /proxy and /client entrypoints with shared contracts.\n// ============================================\n\n/**\n * Plugin authentication configuration.\n */\nexport const PluginAuthSchema = z.object({\n pop: z.object({\n version: z.number().int().positive(),\n }),\n});\n\nexport type PluginAuth = z.infer<typeof PluginAuthSchema>;\n\n/**\n * Plugin support configuration.\n * Describes which enforcement knobs the plugin supports.\n */\nexport const PluginSupportsSchema = z.object({\n enforcement: z.array(z.string()),\n});\n\nexport type PluginSupports = z.infer<typeof PluginSupportsSchema>;\n\n/**\n * Extractor descriptor - describes how to extract enforceable fields.\n * Can reference a function name (for core extractors) or provide inline config.\n */\nexport const ExtractorDescriptorSchema = z.object({\n /** Reference to core extractor by name (e.g., \"openai-compatible\", \"gemini\") */\n type: z.string().optional(),\n /** Custom extraction config (for future use) */\n config: z.record(z.unknown()).optional(),\n});\n\nexport type ExtractorDescriptor = z.infer<typeof ExtractorDescriptorSchema>;\n\n/**\n * Credential schema field descriptor.\n * Used for UI generation to collect provider credentials.\n */\nexport const CredentialFieldSchema = z.object({\n name: z.string(),\n type: z.enum([\"string\", \"secret\", \"url\", \"number\", \"boolean\"]),\n label: z.string(),\n description: z.string().optional(),\n required: z.boolean().default(true),\n default: z.unknown().optional(),\n});\n\nexport type CredentialField = z.infer<typeof CredentialFieldSchema>;\n\n/**\n * Full credential schema for a plugin.\n */\nexport const PluginCredentialSchemaSchema = z.object({\n fields: z.array(CredentialFieldSchema),\n});\n\nexport type PluginCredentialSchema = z.infer<\n typeof PluginCredentialSchemaSchema\n>;\n\n// ============================================\n// PLUGIN EXECUTION TYPES\n// ============================================\n\n/**\n * Usage metrics extracted from response.\n */\nexport interface PluginUsageMetrics {\n inputTokens?: number;\n outputTokens?: number;\n totalTokens?: number;\n model?: string;\n custom?: Record<string, unknown>;\n}\n\n/**\n * Execute options passed to plugin.\n */\nexport interface PluginExecuteOptions {\n stream: boolean;\n signal?: AbortSignal;\n}\n\n/**\n * Execute result from plugin.\n */\nexport interface PluginExecuteResult {\n /** For non-streaming responses */\n response?: unknown;\n /** For streaming responses */\n stream?: ReadableStream<Uint8Array>;\n /** Response content type */\n contentType: string;\n /** Usage metrics (available for non-streaming) */\n usage?: PluginUsageMetrics;\n}\n\n/**\n * Validation result from plugin.\n * In the schema-first pipeline:\n * - shapedInput: The validated/transformed payload ready for upstream execution\n * - enforcement: Normalized fields extracted during validation for policy enforcement\n *\n * The enforcement fields are REQUIRED when constraints exist for those fields.\n * This ensures enforcement cannot be bypassed by malformed payloads.\n */\nexport interface PluginValidationResult {\n valid: boolean;\n error?: string;\n /** Transformed/validated input ready for execution (provider-native format) */\n shapedInput?: unknown;\n /** Normalized enforcement fields extracted during validation */\n enforcement?: EnforcementFields;\n}\n\n/**\n * Mapped error from plugin.\n */\nexport interface PluginMappedError {\n status: number;\n code: string;\n message: string;\n retryable: boolean;\n}\n\n/**\n * Context for plugin execution.\n * Contains resolved credentials and configuration.\n */\nexport interface PluginExecuteContext {\n /** The resolved API key/secret */\n secret: string;\n /** Additional config (e.g., custom baseUrl) */\n config: Record<string, unknown> | null;\n}\n\n/**\n * Resource constraints passed to validation.\n */\nexport interface PluginResourceConstraints {\n // LLM constraints\n allowedModels?: string[];\n maxOutputTokens?: number;\n maxInputTokens?: number;\n allowStreaming?: boolean;\n\n // Email constraints\n allowedFromDomains?: string[];\n allowedToDomains?: string[];\n maxRecipients?: number;\n allowHtml?: boolean;\n allowAttachments?: boolean;\n\n // Generic\n maxRequestBodySize?: number;\n\n // Extensible\n [key: string]: unknown;\n}\n\n// ============================================\n// CLIENT CONTRACT METADATA (Dual-Entrypoint Support)\n// ============================================\n\n/**\n * Action schema descriptor for client contracts.\n * Describes the request/response schema for a single action.\n */\nexport interface PluginActionSchemaDescriptor {\n /** Zod schema for validating requests (optional, can be inferred from contracts) */\n requestSchema?: ZodSchema;\n /** Zod schema for validating responses (optional, can be inferred from contracts) */\n responseSchema?: ZodSchema;\n /** Human-readable description of this action */\n description?: string;\n}\n\n/**\n * Client contract metadata for dual-entrypoint plugins.\n * Describes how the client-side interface is organized.\n *\n * Example:\n * ```ts\n * client: {\n * namespace: \"gemini\",\n * actions: {\n * \"chat.completions\": {\n * requestSchema: ChatCompletionRequestSchema,\n * responseSchema: ChatCompletionResponseSchema,\n * description: \"Generate chat completions using Gemini\"\n * }\n * }\n * }\n * ```\n */\nexport interface PluginClientContract {\n /**\n * Namespace for the client wrapper (used for import organization).\n * Example: \"gemini\" -> `import { gemini } from \"@glueco/plugin-llm-gemini/client\"`\n */\n namespace: string;\n\n /**\n * Action descriptors mapping action names to their schemas.\n * Keys should match the `actions` array in the plugin.\n */\n actions: Record<string, PluginActionSchemaDescriptor>;\n\n /**\n * Package entrypoint for the client module.\n * Default: \"./client\"\n */\n entrypoint?: string;\n}\n\n// ============================================\n// PLUGIN CONTRACT INTERFACE\n// ============================================\n\n/**\n * Core plugin contract.\n * Every plugin must implement this interface.\n */\nexport interface PluginContract {\n /**\n * Unique plugin identifier.\n * Format: <resourceType>:<provider>\n * Examples: \"llm:groq\", \"llm:gemini\", \"mail:resend\"\n */\n readonly id: string;\n\n /**\n * Resource type category.\n * Examples: \"llm\", \"mail\", \"storage\"\n */\n readonly resourceType: string;\n\n /**\n * Provider name.\n * Examples: \"groq\", \"gemini\", \"resend\", \"openai\"\n */\n readonly provider: string;\n\n /**\n * Plugin version string (semver).\n */\n readonly version: string;\n\n /**\n * Human-readable display name.\n */\n readonly name: string;\n\n /**\n * Supported actions.\n * Examples: [\"chat.completions\", \"models.list\"]\n */\n readonly actions: string[];\n\n /**\n * Authentication configuration for discovery.\n */\n readonly auth: PluginAuth;\n\n /**\n * Enforcement support configuration.\n */\n readonly supports: PluginSupports;\n\n /**\n * Optional extractor descriptors per action.\n * Key = action name, value = extractor descriptor.\n */\n readonly extractors?: Record<string, ExtractorDescriptor>;\n\n /**\n * Optional credential schema for UI generation.\n */\n readonly credentialSchema?: PluginCredentialSchema;\n\n /**\n * Optional client contract metadata for dual-entrypoint plugins.\n * Describes the client-side interface for typed wrappers.\n *\n * This metadata is used by:\n * - SDK typed wrappers to provide autocomplete\n * - Documentation generation\n * - System-check app (optional validation)\n */\n readonly client?: PluginClientContract;\n\n /**\n * Default models for this plugin (for LLM plugins).\n * Used by the proxy to list available models when no restrictions are set.\n */\n readonly defaultModels?: readonly string[];\n\n /**\n * Validate input and apply constraints.\n * Returns shaped input ready for execution.\n */\n validateAndShape(\n action: string,\n input: unknown,\n constraints: PluginResourceConstraints,\n ): PluginValidationResult;\n\n /**\n * Execute the resource action.\n */\n execute(\n action: string,\n shapedInput: unknown,\n ctx: PluginExecuteContext,\n options: PluginExecuteOptions,\n ): Promise<PluginExecuteResult>;\n\n /**\n * Extract usage metrics from response.\n */\n extractUsage(response: unknown): PluginUsageMetrics;\n\n /**\n * Map provider errors to standardized format.\n */\n mapError(error: unknown): PluginMappedError;\n}\n\n// ============================================\n// PLUGIN VALIDATION SCHEMA\n// ============================================\n\n/**\n * Schema to validate plugin metadata at registration.\n */\nexport const PluginClientContractSchema = z.object({\n namespace: z.string().min(1),\n actions: z.record(\n z.object({\n requestSchema: z.any().optional(),\n responseSchema: z.any().optional(),\n description: z.string().optional(),\n }),\n ),\n entrypoint: z.string().optional(),\n});\n\nexport const PluginMetadataSchema = z.object({\n id: z.string().regex(/^[a-z]+:[a-z0-9-]+$/, {\n message: \"Plugin ID must be in format: <resourceType>:<provider>\",\n }),\n resourceType: z.string().min(1),\n provider: z.string().min(1),\n version: z.string().min(1),\n name: z.string().min(1),\n actions: z.array(z.string()).min(1),\n auth: PluginAuthSchema,\n supports: PluginSupportsSchema,\n extractors: z.record(ExtractorDescriptorSchema).optional(),\n credentialSchema: PluginCredentialSchemaSchema.optional(),\n client: PluginClientContractSchema.optional(),\n defaultModels: z.array(z.string()).optional(),\n});\n\nexport type PluginMetadata = z.infer<typeof PluginMetadataSchema>;\n\n/**\n * Validate plugin object has correct metadata.\n */\nexport function validatePluginMetadata(plugin: unknown): {\n valid: boolean;\n error?: string;\n metadata?: PluginMetadata;\n} {\n if (!plugin || typeof plugin !== \"object\") {\n return { valid: false, error: \"Plugin must be an object\" };\n }\n\n const result = PluginMetadataSchema.safeParse(plugin);\n if (!result.success) {\n return {\n valid: false,\n error: `Invalid plugin metadata: ${result.error.errors.map((e) => e.message).join(\", \")}`,\n };\n }\n\n // Verify ID matches resourceType:provider\n const meta = result.data;\n const expectedId = `${meta.resourceType}:${meta.provider}`;\n if (meta.id !== expectedId) {\n return {\n valid: false,\n error: `Plugin ID '${meta.id}' must match '${expectedId}'`,\n };\n }\n\n return { valid: true, metadata: meta };\n}\n\n// ============================================\n// DISCOVERY TYPES (based on plugin registry)\n// ============================================\n\n/**\n * Discovery entry format for plugins.\n */\nexport interface PluginDiscoveryEntry {\n resourceId: string;\n actions: string[];\n auth: PluginAuth;\n version: string;\n constraints: {\n supports: string[];\n };\n /** Client entrypoint info (if SDK-compatible) */\n client?: {\n namespace: string;\n entrypoint: string;\n };\n}\n\n/**\n * Convert plugin to discovery entry format.\n * Includes version for client compatibility checks.\n *\n * TODO: Add version compatibility negotiation in future iteration.\n * The version exposed here allows target apps to verify they are\n * using a compatible client version.\n */\nexport function pluginToDiscoveryEntry(\n plugin: PluginContract,\n): PluginDiscoveryEntry {\n const entry: PluginDiscoveryEntry = {\n resourceId: plugin.id,\n actions: plugin.actions,\n auth: plugin.auth,\n version: plugin.version,\n constraints: {\n supports: plugin.supports.enforcement,\n },\n };\n\n // Include client info if plugin is SDK-compatible\n if (plugin.client) {\n entry.client = {\n namespace: plugin.client.namespace,\n entrypoint: plugin.client.entrypoint ?? \"./client\",\n };\n }\n\n return entry;\n}\n\n// ============================================\n// HELPER TYPES FOR PLUGIN AUTHORS\n// ============================================\n\n/**\n * Base plugin options for creating plugins.\n */\nexport interface CreatePluginOptions {\n id: string;\n resourceType: string;\n provider: string;\n version: string;\n name: string;\n actions: string[];\n auth?: PluginAuth;\n supports?: PluginSupports;\n extractors?: Record<string, ExtractorDescriptor>;\n credentialSchema?: PluginCredentialSchema;\n /** Client contract metadata for SDK-compatible plugins */\n client?: PluginClientContract;\n /** Default models for LLM plugins */\n defaultModels?: readonly string[];\n}\n\n/**\n * Default auth configuration.\n */\nexport const DEFAULT_PLUGIN_AUTH: PluginAuth = {\n pop: { version: 1 },\n};\n\n/**\n * Default supports configuration.\n */\nexport const DEFAULT_PLUGIN_SUPPORTS: PluginSupports = {\n enforcement: [],\n};\n\n/**\n * Helper to create plugin with defaults.\n */\nexport function createPluginBase(options: CreatePluginOptions): {\n id: string;\n resourceType: string;\n provider: string;\n version: string;\n name: string;\n actions: string[];\n auth: PluginAuth;\n supports: PluginSupports;\n extractors?: Record<string, ExtractorDescriptor>;\n credentialSchema?: PluginCredentialSchema;\n client?: PluginClientContract;\n defaultModels?: readonly string[];\n} {\n return {\n id: options.id,\n resourceType: options.resourceType,\n provider: options.provider,\n version: options.version,\n name: options.name,\n actions: options.actions,\n auth: options.auth ?? DEFAULT_PLUGIN_AUTH,\n supports: options.supports ?? DEFAULT_PLUGIN_SUPPORTS,\n extractors: options.extractors,\n credentialSchema: options.credentialSchema,\n client: options.client,\n defaultModels: options.defaultModels,\n };\n}\n","// ============================================\n// SHARED TYPES\n// Common types used by proxy and SDK\n// ============================================\n\n/**\n * Resource identifier format: <resourceType>:<provider>\n * Examples: llm:groq, llm:gemini, mail:resend\n */\nexport type ResourceId = `${string}:${string}`;\n\n/**\n * Parse a resource ID into its components.\n */\nexport function parseResourceId(resourceId: string): {\n resourceType: string;\n provider: string;\n} {\n const parts = resourceId.split(\":\");\n if (parts.length !== 2) {\n throw new Error(\n `Invalid resource ID format: ${resourceId}. Expected: <resourceType>:<provider>`,\n );\n }\n return {\n resourceType: parts[0],\n provider: parts[1],\n };\n}\n\n/**\n * Create a resource ID from components.\n */\nexport function createResourceId(\n resourceType: string,\n provider: string,\n): ResourceId {\n return `${resourceType}:${provider}` as ResourceId;\n}\n\n/**\n * Pairing string info parsed from pair::<url>::<code>\n */\nexport interface PairingInfo {\n proxyUrl: string;\n connectCode: string;\n}\n\n/**\n * Rate limit configuration.\n */\nexport interface RateLimitConfig {\n maxRequests: number;\n windowSeconds: number;\n}\n\n/**\n * Permission request for an app.\n */\nexport interface PermissionRequest {\n resourceId: string;\n actions: string[];\n constraints?: Record<string, unknown>;\n rateLimit?: RateLimitConfig; // Per-permission rate limit\n}\n\n/**\n * App metadata for registration.\n */\nexport interface AppMetadata {\n name: string;\n description?: string;\n homepage?: string;\n}\n\n/**\n * Gateway config stored after approval.\n */\nexport interface GatewayConfig {\n appId: string;\n proxyUrl: string;\n}\n\n/**\n * Resource constraint types (generic).\n */\nexport interface ResourceConstraints {\n // LLM constraints\n allowedModels?: string[];\n maxOutputTokens?: number;\n maxInputTokens?: number;\n allowStreaming?: boolean;\n\n // Email constraints\n allowedFromDomains?: string[];\n maxRecipients?: number;\n allowHtml?: boolean;\n\n // Generic\n maxRequestBodySize?: number;\n custom?: Record<string, unknown>;\n}\n\nexport * from \"./errors\";\nexport * from \"./schemas\";\nexport * from \"./access-policy\";\nexport * from \"./pop\";\nexport * from \"./enforcement\";\nexport * from \"./plugins\";\nexport * from \"./duration-presets\";\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@glueco/shared",
3
- "version": "0.3.0",
3
+ "version": "0.3.1",
4
4
  "description": "Personal Resource Gateway - Shared types and schemas",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",