@goodsamsoftware/freshbooks-mcp 1.0.1 → 1.0.3

package/dist/auth/confirmation-store.d.ts

@@ -0,0 +1,94 @@
+/**
+ * Confirmation Store
+ *
+ * Manages confirmation tokens for destructive operations.
+ * Implements a two-phase confirmation flow to prevent bypass attacks:
+ *
+ * 1. First call (no confirmation): Generate unique token, return to client
+ * 2. Second call (with token): Validate token, execute if valid
+ *
+ * Security features:
+ * - Cryptographically secure random tokens
+ * - One-time use (tokens are consumed on validation)
+ * - TTL expiration (default 5 minutes)
+ * - Request binding (token tied to specific tool + args hash)
+ */
+/**
+ * Confirmation data structure
+ */
+export interface ConfirmationData {
+    /** Unique confirmation token */
+    token: string;
+    /** Tool name that requires confirmation */
+    toolName: string;
+    /** Hash of the original request arguments (for binding) */
+    argsHash: string;
+    /** Timestamp when confirmation was created */
+    createdAt: number;
+    /** Timestamp when confirmation expires */
+    expiresAt: number;
+}
+/**
+ * Confirmation store interface
+ */
+export interface ConfirmationStore {
+    /**
+     * Create a new confirmation token for a destructive operation
+     * @param toolName - Tool requiring confirmation
+     * @param args - Original request arguments (will be hashed)
+     * @param ttlSeconds - Time-to-live in seconds (default 300 = 5 min)
+     * @returns Confirmation data with token
+     */
+    create(toolName: string, args: unknown, ttlSeconds?: number): Promise<ConfirmationData>;
+    /**
+     * Validate and consume a confirmation token (one-time use)
+     * @param token - Confirmation token to validate
+     * @param toolName - Tool name (must match original)
+     * @param args - Request arguments (hash must match original)
+     * @returns true if valid and consumed, false otherwise
+     */
+    consume(token: string, toolName: string, args: unknown): Promise<boolean>;
+    /**
+     * Clear all expired confirmations (called periodically)
+     */
+    clearExpired(): Promise<void>;
+    /**
+     * Clear all confirmations (for testing)
+     */
+    clear(): Promise<void>;
+}
+/**
+ * In-memory confirmation store implementation
+ */
+export declare class InMemoryConfirmationStore implements ConfirmationStore {
+    private confirmations;
+    private cleanupInterval;
+    /** Default TTL: 5 minutes */
+    private static readonly DEFAULT_TTL_SECONDS;
+    /** Token size: 32 bytes = 256 bits of entropy */
+    private static readonly TOKEN_BYTES;
+    /** Cleanup interval: every 60 seconds */
+    private static readonly CLEANUP_INTERVAL_MS;
+    constructor();
+    /**
+     * Generate a secure random confirmation token
+     */
+    private generateToken;
+    /**
+     * Hash the request arguments for binding
+     */
+    private hashArgs;
+    /**
+     * Remove confirmation fields from args before hashing
+     */
+    private removeConfirmationFields;
+    create(toolName: string, args: unknown, ttlSeconds?: number): Promise<ConfirmationData>;
+    consume(token: string, toolName: string, args: unknown): Promise<boolean>;
+    clearExpired(): Promise<void>;
+    clear(): Promise<void>;
+    /**
+     * Stop the cleanup interval (for graceful shutdown)
+     */
+    destroy(): void;
+}
+//# sourceMappingURL=confirmation-store.d.ts.map

package/dist/auth/confirmation-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"confirmation-store.d.ts","sourceRoot":"","sources":["../../src/auth/confirmation-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,gCAAgC;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,QAAQ,EAAE,MAAM,CAAC;IACjB,2DAA2D;IAC3D,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C;IAC9C,SAAS,EAAE,MAAM,CAAC;IAClB,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAExF;;;;;;OAMG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE1E;;OAEG;IACH,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9B;;OAEG;IACH,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAED;;GAEG;AACH,qBAAa,yBAA0B,YAAW,iBAAiB;IACjE,OAAO,CAAC,aAAa,CAAuC;IAC5D,OAAO,CAAC,eAAe,CAA+C;IAEtE,6BAA6B;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAO;IAElD,iDAAiD;IACjD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAM;IAEzC,yCAAyC;IACzC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAU;;IAgBrD;;OAEG;IACH,OAAO,CAAC,aAAa;IAIrB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAOhB;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAU1B,MAAM,CACV,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,OAAO,EACb,UAAU,GAAE,MAAsD,GACjE,OAAO,CAAC,gBAAgB,CAAC;IAkBtB,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IA6BzE,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAS7B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B;;OAEG;IACH,OAAO,IAAI,IAAI;CAMhB"}

package/dist/auth/confirmation-store.js

@@ -0,0 +1,126 @@
+/**
+ * Confirmation Store
+ *
+ * Manages confirmation tokens for destructive operations.
+ * Implements a two-phase confirmation flow to prevent bypass attacks:
+ *
+ * 1. First call (no confirmation): Generate unique token, return to client
+ * 2. Second call (with token): Validate token, execute if valid
+ *
+ * Security features:
+ * - Cryptographically secure random tokens
+ * - One-time use (tokens are consumed on validation)
+ * - TTL expiration (default 5 minutes)
+ * - Request binding (token tied to specific tool + args hash)
+ */
+import { randomBytes, createHash } from 'crypto';
+/**
+ * In-memory confirmation store implementation
+ */
+export class InMemoryConfirmationStore {
+    confirmations = new Map();
+    cleanupInterval = null;
+    /** Default TTL: 5 minutes */
+    static DEFAULT_TTL_SECONDS = 300;
+    /** Token size: 32 bytes = 256 bits of entropy */
+    static TOKEN_BYTES = 32;
+    /** Cleanup interval: every 60 seconds */
+    static CLEANUP_INTERVAL_MS = 60_000;
+    constructor() {
+        // Start periodic cleanup
+        this.cleanupInterval = setInterval(() => {
+            this.clearExpired().catch(() => {
+                // Ignore cleanup errors
+            });
+        }, InMemoryConfirmationStore.CLEANUP_INTERVAL_MS);
+        // Don't keep process alive for cleanup
+        if (this.cleanupInterval.unref) {
+            this.cleanupInterval.unref();
+        }
+    }
+    /**
+     * Generate a secure random confirmation token
+     */
+    generateToken() {
+        return randomBytes(InMemoryConfirmationStore.TOKEN_BYTES).toString('hex');
+    }
+    /**
+     * Hash the request arguments for binding
+     */
+    hashArgs(args) {
+        // Remove the confirmation-related fields before hashing
+        const cleanArgs = this.removeConfirmationFields(args);
+        const json = JSON.stringify(cleanArgs, Object.keys(cleanArgs || {}).sort());
+        return createHash('sha256').update(json).digest('hex');
+    }
+    /**
+     * Remove confirmation fields from args before hashing
+     */
+    removeConfirmationFields(args) {
+        if (!args || typeof args !== 'object') {
+            return args;
+        }
+        const cleaned = { ...args };
+        delete cleaned['confirmed'];
+        delete cleaned['confirmationId'];
+        return cleaned;
+    }
+    async create(toolName, args, ttlSeconds = InMemoryConfirmationStore.DEFAULT_TTL_SECONDS) {
+        const token = this.generateToken();
+        const now = Date.now();
+        const argsHash = this.hashArgs(args);
+        const confirmation = {
+            token,
+            toolName,
+            argsHash,
+            createdAt: now,
+            expiresAt: now + ttlSeconds * 1000,
+        };
+        this.confirmations.set(token, confirmation);
+        return confirmation;
+    }
+    async consume(token, toolName, args) {
+        const confirmation = this.confirmations.get(token);
+        if (!confirmation) {
+            return false;
+        }
+        // Check expiration
+        if (Date.now() > confirmation.expiresAt) {
+            this.confirmations.delete(token);
+            return false;
+        }
+        // Verify tool name matches
+        if (confirmation.toolName !== toolName) {
+            return false;
+        }
+        // Verify args hash matches (prevents parameter tampering)
+        const argsHash = this.hashArgs(args);
+        if (confirmation.argsHash !== argsHash) {
+            return false;
+        }
+        // Consume (one-time use)
+        this.confirmations.delete(token);
+        return true;
+    }
+    async clearExpired() {
+        const now = Date.now();
+        for (const [token, confirmation] of this.confirmations) {
+            if (now > confirmation.expiresAt) {
+                this.confirmations.delete(token);
+            }
+        }
+    }
+    async clear() {
+        this.confirmations.clear();
+    }
+    /**
+     * Stop the cleanup interval (for graceful shutdown)
+     */
+    destroy() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+            this.cleanupInterval = null;
+        }
+    }
+}
+//# sourceMappingURL=confirmation-store.js.map

package/dist/auth/confirmation-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"confirmation-store.js","sourceRoot":"","sources":["../../src/auth/confirmation-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAmDjD;;GAEG;AACH,MAAM,OAAO,yBAAyB;IAC5B,aAAa,GAAG,IAAI,GAAG,EAA4B,CAAC;IACpD,eAAe,GAA0C,IAAI,CAAC;IAEtE,6BAA6B;IACrB,MAAM,CAAU,mBAAmB,GAAG,GAAG,CAAC;IAElD,iDAAiD;IACzC,MAAM,CAAU,WAAW,GAAG,EAAE,CAAC;IAEzC,yCAAyC;IACjC,MAAM,CAAU,mBAAmB,GAAG,MAAM,CAAC;IAErD;QACE,yBAAyB;QACzB,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;YACtC,IAAI,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;gBAC7B,wBAAwB;YAC1B,CAAC,CAAC,CAAC;QACL,CAAC,EAAE,yBAAyB,CAAC,mBAAmB,CAAC,CAAC;QAElD,uCAAuC;QACvC,IAAI,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;YAC/B,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAED;;OAEG;IACK,aAAa;QACnB,OAAO,WAAW,CAAC,yBAAyB,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5E,CAAC;IAED;;OAEG;IACK,QAAQ,CAAC,IAAa;QAC5B,wDAAwD;QACxD,MAAM,SAAS,GAAG,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;QACtD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC5E,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACK,wBAAwB,CAAC,IAAa;QAC5C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,OAAO,GAAG,EAAE,GAAG,IAAI,EAA6B,CAAC;QACvD,OAAO,OAAO,CAAC,WAAW,CAAC,CAAC;QAC5B,OAAO,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACjC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB,EAChB,IAAa,EACb,aAAqB,yBAAyB,CAAC,mBAAmB;QAElE,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAErC,MAAM,YAAY,GAAqB;YACrC,KAAK;YACL,QAAQ;YACR,QAAQ;YACR,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG,GAAG,UAAU,GAAG,IAAI;SACnC,CAAC;QAEF,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;QAE5C,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,KAAa,EAAE,QAAgB,EAAE,IAAa;QAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEnD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,SAAS,EAAE,CAAC;YACxC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACjC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2BAA2B;QAC3B,IAAI,YAAY,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,0DAA0D;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,YAAY,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvD,IAAI,GAAG,GAAG,YAAY,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACpC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC9B,CAAC;IACH,CAAC"}

package/dist/auth/state-store.d.ts

@@ -0,0 +1,96 @@
+/**
+ * OAuth State Store
+ *
+ * Manages OAuth2 state parameters for CSRF protection.
+ * States are one-time use and expire after a configurable TTL.
+ */
+/**
+ * OAuth state data
+ */
+export interface OAuthStateData {
+    /** Cryptographically random state value */
+    state: string;
+    /** Unix timestamp when state was created */
+    createdAt: number;
+    /** Unix timestamp when state expires */
+    expiresAt: number;
+}
+/**
+ * State store interface for OAuth CSRF protection
+ */
+export interface StateStore {
+    /**
+     * Create a new state with optional TTL
+     * @param ttlSeconds Time-to-live in seconds (default: 600 = 10 minutes)
+     */
+    create(ttlSeconds?: number): Promise<OAuthStateData>;
+    /**
+     * Validate that a state exists and is not expired
+     * Does NOT consume the state (use for pre-validation)
+     */
+    validate(state: string): Promise<boolean>;
+    /**
+     * Consume a state (one-time use)
+     * Returns true if valid and consumed, false otherwise
+     */
+    consume(state: string): Promise<boolean>;
+    /**
+     * Clear all stored states
+     */
+    clear(): Promise<void>;
+}
+/**
+ * In-memory state store implementation
+ *
+ * Suitable for single-instance deployments.
+ * States are automatically cleaned up when expired.
+ */
+export declare class InMemoryStateStore implements StateStore {
+    private states;
+    private cleanupInterval;
+    /** Default TTL: 10 minutes */
+    private static readonly DEFAULT_TTL_SECONDS;
+    /** Cleanup interval: 1 minute */
+    private static readonly CLEANUP_INTERVAL_MS;
+    /** State entropy: 32 bytes = 256 bits */
+    private static readonly STATE_BYTES;
+    constructor();
+    /**
+     * Create a new cryptographically random state
+     */
+    create(ttlSeconds?: number): Promise<OAuthStateData>;
+    /**
+     * Validate a state without consuming it
+     */
+    validate(state: string): Promise<boolean>;
+    /**
+     * Consume a state (one-time use)
+     * This is the primary validation method - states can only be used once
+     */
+    consume(state: string): Promise<boolean>;
+    /**
+     * Clear all stored states
+     */
+    clear(): Promise<void>;
+    /**
+     * Stop the cleanup interval (for testing/cleanup)
+     */
+    destroy(): void;
+    /**
+     * Get the number of stored states (for testing)
+     */
+    size(): number;
+    /**
+     * Start periodic cleanup of expired states
+     */
+    private startCleanup;
+    /**
+     * Remove expired states
+     */
+    private cleanup;
+}
+/**
+ * Create a default state store instance
+ */
+export declare function createStateStore(): StateStore;
+//# sourceMappingURL=state-store.d.ts.map

package/dist/auth/state-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"state-store.d.ts","sourceRoot":"","sources":["../../src/auth/state-store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,2CAA2C;IAC3C,KAAK,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAC;IAClB,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;;OAGG;IACH,MAAM,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAErD;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE1C;;;OAGG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEzC;;OAEG;IACH,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAED;;;;;GAKG;AACH,qBAAa,kBAAmB,YAAW,UAAU;IACnD,OAAO,CAAC,MAAM,CAA0C;IACxD,OAAO,CAAC,eAAe,CAA+C;IAEtE,8BAA8B;IAC9B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAO;IAElD,iCAAiC;IACjC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAS;IAEpD,yCAAyC;IACzC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAM;;IAOzC;;OAEG;IACG,MAAM,CAAC,UAAU,SAAyC,GAAG,OAAO,CAAC,cAAc,CAAC;IAgB1F;;OAEG;IACG,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAiB/C;;;OAGG;IACG,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAY9C;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B;;OAEG;IACH,OAAO,IAAI,IAAI;IAOf;;OAEG;IACH,IAAI,IAAI,MAAM;IAId;;OAEG;IACH,OAAO,CAAC,YAAY;IAWpB;;OAEG;IACH,OAAO,CAAC,OAAO;CAShB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,UAAU,CAE7C"}

package/dist/auth/state-store.js

@@ -0,0 +1,122 @@
+/**
+ * OAuth State Store
+ *
+ * Manages OAuth2 state parameters for CSRF protection.
+ * States are one-time use and expire after a configurable TTL.
+ */
+import { randomBytes } from 'crypto';
+/**
+ * In-memory state store implementation
+ *
+ * Suitable for single-instance deployments.
+ * States are automatically cleaned up when expired.
+ */
+export class InMemoryStateStore {
+    states = new Map();
+    cleanupInterval = null;
+    /** Default TTL: 10 minutes */
+    static DEFAULT_TTL_SECONDS = 600;
+    /** Cleanup interval: 1 minute */
+    static CLEANUP_INTERVAL_MS = 60000;
+    /** State entropy: 32 bytes = 256 bits */
+    static STATE_BYTES = 32;
+    constructor() {
+        // Start periodic cleanup
+        this.startCleanup();
+    }
+    /**
+     * Create a new cryptographically random state
+     */
+    async create(ttlSeconds = InMemoryStateStore.DEFAULT_TTL_SECONDS) {
+        // Generate cryptographically secure random state
+        const state = randomBytes(InMemoryStateStore.STATE_BYTES).toString('hex');
+        const now = Math.floor(Date.now() / 1000);
+        const stateData = {
+            state,
+            createdAt: now,
+            expiresAt: now + ttlSeconds,
+        };
+        this.states.set(state, stateData);
+        return stateData;
+    }
+    /**
+     * Validate a state without consuming it
+     */
+    async validate(state) {
+        const stateData = this.states.get(state);
+        if (!stateData) {
+            return false;
+        }
+        const now = Math.floor(Date.now() / 1000);
+        if (now > stateData.expiresAt) {
+            // Expired - remove and return false
+            this.states.delete(state);
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Consume a state (one-time use)
+     * This is the primary validation method - states can only be used once
+     */
+    async consume(state) {
+        const isValid = await this.validate(state);
+        if (isValid) {
+            // Remove state after successful validation (one-time use)
+            this.states.delete(state);
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Clear all stored states
+     */
+    async clear() {
+        this.states.clear();
+    }
+    /**
+     * Stop the cleanup interval (for testing/cleanup)
+     */
+    destroy() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+            this.cleanupInterval = null;
+        }
+    }
+    /**
+     * Get the number of stored states (for testing)
+     */
+    size() {
+        return this.states.size;
+    }
+    /**
+     * Start periodic cleanup of expired states
+     */
+    startCleanup() {
+        this.cleanupInterval = setInterval(() => {
+            this.cleanup();
+        }, InMemoryStateStore.CLEANUP_INTERVAL_MS);
+        // Don't prevent process exit
+        if (this.cleanupInterval.unref) {
+            this.cleanupInterval.unref();
+        }
+    }
+    /**
+     * Remove expired states
+     */
+    cleanup() {
+        const now = Math.floor(Date.now() / 1000);
+        for (const [state, data] of this.states.entries()) {
+            if (now > data.expiresAt) {
+                this.states.delete(state);
+            }
+        }
+    }
+}
+/**
+ * Create a default state store instance
+ */
+export function createStateStore() {
+    return new InMemoryStateStore();
+}
+//# sourceMappingURL=state-store.js.map

package/dist/auth/state-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"state-store.js","sourceRoot":"","sources":["../../src/auth/state-store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AA0CrC;;;;;GAKG;AACH,MAAM,OAAO,kBAAkB;IACrB,MAAM,GAAgC,IAAI,GAAG,EAAE,CAAC;IAChD,eAAe,GAA0C,IAAI,CAAC;IAEtE,8BAA8B;IACtB,MAAM,CAAU,mBAAmB,GAAG,GAAG,CAAC;IAElD,iCAAiC;IACzB,MAAM,CAAU,mBAAmB,GAAG,KAAK,CAAC;IAEpD,yCAAyC;IACjC,MAAM,CAAU,WAAW,GAAG,EAAE,CAAC;IAEzC;QACE,yBAAyB;QACzB,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,kBAAkB,CAAC,mBAAmB;QAC9D,iDAAiD;QACjD,MAAM,KAAK,GAAG,WAAW,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE1E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAmB;YAChC,KAAK;YACL,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG,GAAG,UAAU;SAC5B,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAElC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,KAAa;QAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEzC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,IAAI,GAAG,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;YAC9B,oCAAoC;YACpC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CAAC,KAAa;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE3C,IAAI,OAAO,EAAE,CAAC;YACZ,0DAA0D;YAC1D,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACpC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI;QACF,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACK,YAAY;QAClB,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;YACtC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC,EAAE,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;QAE3C,6BAA6B;QAC7B,IAAI,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;YAC/B,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAED;;OAEG;IACK,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YAClD,IAAI,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;gBACzB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC;;AAGH;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,IAAI,kBAAkB,EAAE,CAAC;AAClC,CAAC"}

package/dist/auth/types.d.ts

@@ -53,7 +53,7 @@ export interface AuthStatus {
 /**
  * OAuth error codes
  */
-export type OAuthErrorCode = 'not_authenticated' | 'token_exchange_failed' | 'refresh_failed' | 'invalid_grant' | 'invalid_client' | 'invalid_request' | 'unauthorized_client' | 'unsupported_grant_type' | 'no_refresh_token' | 'session_expired';
+export type OAuthErrorCode = 'not_authenticated' | 'token_exchange_failed' | 'refresh_failed' | 'invalid_grant' | 'invalid_client' | 'invalid_request' | 'unauthorized_client' | 'unsupported_grant_type' | 'no_refresh_token' | 'session_expired' | 'invalid_state' | 'state_required';
 /**
  * OAuth-specific error class
  */

package/dist/auth/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,QAAQ,EAAE,MAAM,CAAC;IAEjB,4DAA4D;IAC5D,YAAY,EAAE,MAAM,CAAC;IAErB,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;IAEpB,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IAEpB,oDAAoD;IACpD,YAAY,EAAE,MAAM,CAAC;IAErB,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAElB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAElB,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,kDAAkD;IAClD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,uDAAuD;IACvD,aAAa,EAAE,OAAO,CAAC;IAEvB,qDAAqD;IACrD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,2CAA2C;IAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,4CAA4C;IAC5C,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,gEAAgE;IAChE,MAAM,CAAC,EAAE,UAAU,GAAG,eAAe,GAAG,eAAe,CAAC;IAExD,8DAA8D;IAC9D,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,mBAAmB,GACnB,uBAAuB,GACvB,gBAAgB,GAChB,eAAe,GACf,gBAAgB,GAChB,iBAAiB,GACjB,qBAAqB,GACrB,wBAAwB,GACxB,kBAAkB,GAClB,iBAAiB,CAAC;AAEtB;;GAEG;AACH,qBAAa,UAAW,SAAQ,KAAK;aAEjB,IAAI,EAAE,cAAc;aAEpB,OAAO,CAAC,EAAE,GAAG;gBAFb,IAAI,EAAE,cAAc,EACpC,OAAO,EAAE,MAAM,EACC,OAAO,CAAC,EAAE,GAAG,YAAA;CAMhC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,iCAAiC;IACjC,GAAG,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAEjC,sBAAsB;IACtB,IAAI,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtC,8BAA8B;IAC9B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,QAAQ,EAAE,MAAM,CAAC;IAEjB,4DAA4D;IAC5D,YAAY,EAAE,MAAM,CAAC;IAErB,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;IAEpB,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IAEpB,oDAAoD;IACpD,YAAY,EAAE,MAAM,CAAC;IAErB,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAElB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAElB,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,kDAAkD;IAClD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,uDAAuD;IACvD,aAAa,EAAE,OAAO,CAAC;IAEvB,qDAAqD;IACrD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,2CAA2C;IAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,4CAA4C;IAC5C,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,gEAAgE;IAChE,MAAM,CAAC,EAAE,UAAU,GAAG,eAAe,GAAG,eAAe,CAAC;IAExD,8DAA8D;IAC9D,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,mBAAmB,GACnB,uBAAuB,GACvB,gBAAgB,GAChB,eAAe,GACf,gBAAgB,GAChB,iBAAiB,GACjB,qBAAqB,GACrB,wBAAwB,GACxB,kBAAkB,GAClB,iBAAiB,GACjB,eAAe,GACf,gBAAgB,CAAC;AAErB;;GAEG;AACH,qBAAa,UAAW,SAAQ,KAAK;aAEjB,IAAI,EAAE,cAAc;aAEpB,OAAO,CAAC,EAAE,GAAG;gBAFb,IAAI,EAAE,cAAc,EACpC,OAAO,EAAE,MAAM,EACC,OAAO,CAAC,EAAE,GAAG,YAAA;CAMhC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,iCAAiC;IACjC,GAAG,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAEjC,sBAAsB;IACtB,IAAI,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtC,8BAA8B;IAC9B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB"}

package/dist/auth/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAgFH;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,KAAK;IAEjB;IAEA;IAHlB,YACkB,IAAoB,EACpC,OAAe,EACC,OAAa;QAE7B,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,SAAI,GAAJ,IAAI,CAAgB;QAEpB,YAAO,GAAP,OAAO,CAAM;QAG7B,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC;QACzB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAkFH;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,KAAK;IAEjB;IAEA;IAHlB,YACkB,IAAoB,EACpC,OAAe,EACC,OAAa;QAE7B,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,SAAI,GAAJ,IAAI,CAAgB;QAEpB,YAAO,GAAP,OAAO,CAAM;QAG7B,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC;QACzB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF"}

package/dist/config/environment.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Environment detection utilities for FreshBooks MCP Server
+ *
+ * Provides consistent environment detection across the codebase
+ * for security-sensitive decisions like stack trace exposure.
+ */
+export type Environment = 'development' | 'test' | 'production';
+/**
+ * Get the current environment from NODE_ENV
+ * Defaults to 'development' if not set
+ */
+export declare function getEnvironment(): Environment;
+/**
+ * Check if running in production environment
+ */
+export declare function isProduction(): boolean;
+/**
+ * Check if running in development environment
+ */
+export declare function isDevelopment(): boolean;
+/**
+ * Check if running in test environment
+ */
+export declare function isTest(): boolean;
+//# sourceMappingURL=environment.d.ts.map

package/dist/config/environment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"environment.d.ts","sourceRoot":"","sources":["../../src/config/environment.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,MAAM,WAAW,GAAG,aAAa,GAAG,MAAM,GAAG,YAAY,CAAC;AAEhE;;;GAGG;AACH,wBAAgB,cAAc,IAAI,WAAW,CAY5C;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,OAAO,CAEtC;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED;;GAEG;AACH,wBAAgB,MAAM,IAAI,OAAO,CAEhC"}

package/dist/config/environment.js

@@ -0,0 +1,39 @@
+/**
+ * Environment detection utilities for FreshBooks MCP Server
+ *
+ * Provides consistent environment detection across the codebase
+ * for security-sensitive decisions like stack trace exposure.
+ */
+/**
+ * Get the current environment from NODE_ENV
+ * Defaults to 'development' if not set
+ */
+export function getEnvironment() {
+    const env = process.env.NODE_ENV?.toLowerCase();
+    if (env === 'production' || env === 'prod') {
+        return 'production';
+    }
+    if (env === 'test' || env === 'testing') {
+        return 'test';
+    }
+    return 'development';
+}
+/**
+ * Check if running in production environment
+ */
+export function isProduction() {
+    return getEnvironment() === 'production';
+}
+/**
+ * Check if running in development environment
+ */
+export function isDevelopment() {
+    return getEnvironment() === 'development';
+}
+/**
+ * Check if running in test environment
+ */
+export function isTest() {
+    return getEnvironment() === 'test';
+}
+//# sourceMappingURL=environment.js.map

package/dist/config/environment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"environment.js","sourceRoot":"","sources":["../../src/config/environment.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;GAGG;AACH,MAAM,UAAU,cAAc;IAC5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,CAAC;IAEhD,IAAI,GAAG,KAAK,YAAY,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QAC3C,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACxC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,aAAa,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,OAAO,cAAc,EAAE,KAAK,YAAY,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,cAAc,EAAE,KAAK,aAAa,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,MAAM;IACpB,OAAO,cAAc,EAAE,KAAK,MAAM,CAAC;AACrC,CAAC"}

package/dist/errors/error-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"error-handler.d.ts","sourceRoot":"","sources":["../../src/errors/error-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,QAAQ,EAIR,YAAY,EACZ,WAAW,EACZ,MAAM,YAAY,CAAC;AAGpB;;;;GAIG;AACH,qBAAa,YAAY;IACvB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,OAAO,EAChC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,OAAO,CAAC,GACjE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,OAAO,CAAC;IA2B5D;;;;;;;;;;;;;;OAcG;IACH,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,QAAQ;IAwEvE;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;IAazB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAahC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,cAAc;IAoB7B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAW1B;;;;;;;;OAQG;IACH,MAAM,CAAC,qBAAqB,CAC1B,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,YAAY,GACrB,QAAQ;IAiBX;;;;;;;;OAQG;IACH,MAAM,CAAC,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,QAAQ;IAiBzE;;;;;;;;;OASG;IACH,MAAM,CAAC,mBAAmB,CACxB,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,GAAG,MAAM,EAC3B,OAAO,CAAC,EAAE,YAAY,GACrB,QAAQ;CAkBZ;AAED;;;;;;GAMG;AACH,iBAAS,iBAAiB,IAAI,MAAM,CAInC;AAED;;GAEG;AACH,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAE7B;;;GAGG;AACH,eAAO,MAAM,WAAW,oCAAiD,CAAC;AAE1E;;;GAGG;AACH,eAAO,MAAM,eAAe,qCAAkD,CAAC"}
+{"version":3,"file":"error-handler.d.ts","sourceRoot":"","sources":["../../src/errors/error-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,QAAQ,EAIR,YAAY,EACZ,WAAW,EACZ,MAAM,YAAY,CAAC;AAKpB;;;;GAIG;AACH,qBAAa,YAAY;IACvB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,OAAO,EAChC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,OAAO,CAAC,GACjE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,OAAO,CAAC;IA6B5D;;;;;;;;;;;;;;OAcG;IACH,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,QAAQ;IAiFvE;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;IAazB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAahC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,cAAc;IAoB7B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAW1B;;;;;;;;OAQG;IACH,MAAM,CAAC,qBAAqB,CAC1B,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,YAAY,GACrB,QAAQ;IAiBX;;;;;;;;OAQG;IACH,MAAM,CAAC,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,QAAQ;IAiBzE;;;;;;;;;OASG;IACH,MAAM,CAAC,mBAAmB,CACxB,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,GAAG,MAAM,EAC3B,OAAO,CAAC,EAAE,YAAY,GACrB,QAAQ;CAkBZ;AAED;;;;;;GAMG;AACH,iBAAS,iBAAiB,IAAI,MAAM,CAInC;AAED;;GAEG;AACH,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAE7B;;;GAGG;AACH,eAAO,MAAM,WAAW,oCAAiD,CAAC;AAE1E;;;GAGG;AACH,eAAO,MAAM,eAAe,qCAAkD,CAAC"}

package/dist/errors/error-handler.js

@@ -9,6 +9,8 @@
 import { z } from "zod";
 import { MCPErrorCode, OAuthError, } from "./types.js";
 import { ErrorMapper } from "./error-mapper.js";
+import { isProduction } from "../config/environment.js";
+import { sanitizeForMcpResponse } from "../utils/sanitizer.js";
 /**
  * Error Handler Class
  *
@@ -46,7 +48,8 @@ export class ErrorHandler {
                 // Note: In production, this would use a proper logger
                 // For now, we avoid logging to keep stdio clean for MCP
                 const result = await handler(input, context);
-                return result;
+                // Sanitize output to prevent prompt injection from API responses
+                return sanitizeForMcpResponse(result);
             }
             catch (error) {
                 const errorContext = {
@@ -108,7 +111,6 @@ export class ErrorHandler {
         }
         // Unknown error - create generic internal error
         const message = error instanceof Error ? error.message : String(error);
-        const stack = error instanceof Error ? error.stack : undefined;
         const errorData = {
             recoverable: true,
             suggestion: "An unexpected error occurred. Please try again.",
@@ -116,11 +118,22 @@ export class ErrorHandler {
         if (context) {
             errorData.context = context;
         }
-        if (stack) {
+        // Only include stack traces and detailed messages in non-production environments
+        if (!isProduction()) {
+            const stack = error instanceof Error ? error.stack : undefined;
+            if (stack) {
+                errorData.freshbooksError = {
+                    code: "UNKNOWN_ERROR",
+                    message,
+                    details: { stack },
+                };
+            }
+        }
+        else {
+            // In production, include error code but sanitize the message
             errorData.freshbooksError = {
                 code: "UNKNOWN_ERROR",
-                message,
-                details: { stack },
+                message: "An internal error occurred",
             };
         }
         const mcpError = Object.assign(new Error(`Unexpected error: ${message}`), {

package/dist/errors/error-handler.js.map

@@ -1 +1 @@
-{"version":3,"file":"error-handler.js","sourceRoot":"","sources":["../../src/errors/error-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAEL,YAAY,EAEZ,UAAU,GAGX,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;GAIG;AACH,MAAM,OAAO,YAAY;IACvB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,CAAC,WAAW,CAChB,QAAgB,EAChB,OAAkE;QAElE,OAAO,KAAK,EAAE,KAAa,EAAE,OAAoB,EAAoB,EAAE;YACrE,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;YAEtC,IAAI,CAAC;gBACH,sDAAsD;gBACtD,wDAAwD;gBACxD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAC7C,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,YAAY,GAAiB;oBACjC,IAAI,EAAE,QAAQ;oBACd,SAAS;iBACV,CAAC;gBAEF,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;oBACpC,YAAY,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;gBAC7C,CAAC;gBAED,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;gBAE1D,gCAAgC;gBAChC,MAAM,QAAQ,CAAC;YACjB,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,MAAM,CAAC,cAAc,CAAC,KAAc,EAAE,OAAsB;QAC1D,qBAAqB;QACrB,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,kDAAkD;YAClD,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACnC,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;YAC/B,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,uBAAuB;QACvB,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QAED,uBAAuB;QACvB,IAAI,KAAK,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QAED,cAAc;QACd,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;YAChC,OAAO,WAAW,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACnD,CAAC;QAED,gBAAgB;QAChB,IAAI,KAAK,YAAY,KAAK,IAAI,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YACzD,OAAO,WAAW,CAAC,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACrD,CAAC;QAED,mCAAmC;QACnC,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,WAAW,CAAC,YAAY,CAC7B,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,UAAU,IAAI,SAAS,EAC7B,OAAO,CACR,CAAC;QACJ,CAAC;QAED,gDAAgD;QAChD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAE/D,MAAM,SAAS,GAAqB;YAClC,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,iDAAiD;SAC9D,CAAC;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,SAAS,CAAC,OAAO,GAAG,OAAO,CAAC;QAC9B,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,SAAS,CAAC,eAAe,GAAG;gBAC1B,IAAI,EAAE,eAAe;gBACrB,OAAO;gBACP,OAAO,EAAE,EAAE,KAAK,EAAE;aACnB,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAa,MAAM,CAAC,MAAM,CACtC,IAAI,KAAK,CAAC,qBAAqB,OAAO,EAAE,CAAC,EACzC;YACE,IAAI,EAAE,YAAY,CAAC,cAAc;YACjC,OAAO,EAAE,qBAAqB,OAAO,EAAE;YACvC,IAAI,EAAE,SAAS;SAChB,CACF,CAAC;QAEF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,UAAU,CAAC,KAAc;QACtC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,MAAM,IAAI,KAAK;YACf,SAAS,IAAI,KAAK;YAClB,MAAM,IAAI,KAAK;YACf,OAAQ,KAAkB,CAAC,IAAI,KAAK,QAAQ;YAC3C,KAAkB,CAAC,IAAI,GAAG,CAAC,KAAK;YACjC,aAAa,IAAK,KAAkB,CAAC,IAAI,CAC1C,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,iBAAiB,CAC9B,KAAc;QAEd,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,IAAI,IAAI,KAAK;YACZ,KAA4B,CAAC,EAAE,KAAK,KAAK;YAC1C,OAAO,IAAI,KAAK;YAChB,OAAQ,KAA4B,CAAC,KAAK,KAAK,QAAQ,CACxD,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,cAAc,CAAC,KAAY;QACxC,MAAM,iBAAiB,GAAG;YACxB,WAAW;YACX,cAAc;YACd,WAAW;YACX,YAAY;YACZ,WAAW;YACX,WAAW;YACX,gBAAgB;YAChB,SAAS;YACT,cAAc;YACd,aAAa;SACd,CAAC;QAEF,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAC5C,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAC1C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAC1C,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,WAAW,CACxB,KAAc;QAEd,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,YAAY,IAAI,KAAK;YACrB,OAAQ,KAAgC,CAAC,UAAU,KAAK,QAAQ,CACjE,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,qBAAqB,CAC1B,OAAe,EACf,OAAsB;QAEtB,MAAM,SAAS,GAAqB;YAClC,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,0CAA0C;SACvD,CAAC;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,SAAS,CAAC,OAAO,GAAG,OAAO,CAAC;QAC9B,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE;YACvC,IAAI,EAAE,YAAY,CAAC,cAAc;YACjC,OAAO;YACP,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,eAAe,CAAC,OAAe,EAAE,OAAsB;QAC5D,MAAM,SAAS,GAAqB;YAClC,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,2CAA2C;SACxD,CAAC;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,SAAS,CAAC,OAAO,GAAG,OAAO,CAAC;QAC9B,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE;YACvC,IAAI,EAAE,YAAY,CAAC,iBAAiB;YACpC,OAAO;YACP,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAC,mBAAmB,CACxB,YAAoB,EACpB,UAA2B,EAC3B,OAAsB;QAEtB,MAAM,OAAO,GAAG,GAAG,YAAY,YAAY,UAAU,gBAAgB,CAAC;QAEtE,MAAM,SAAS,GAAqB;YAClC,WAAW,EAAE,KAAK;YAClB,UAAU,EAAE,cAAc,YAAY,qDAAqD;SAC5F,CAAC;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,SAAS,CAAC,OAAO,GAAG,OAAO,CAAC;QAC9B,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE;YACvC,IAAI,EAAE,YAAY,CAAC,kBAAkB;YACrC,OAAO;YACP,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;IACL,CAAC;CACF;AAED;;;;;;GAMG;AACH,SAAS,iBAAiB;IACxB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1D,OAAO,OAAO,SAAS,IAAI,MAAM,EAAE,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAE7B;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,YAAY,CAAC,cAAc,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AAE1E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,YAAY,CAAC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC"}
+{"version":3,"file":"error-handler.js","sourceRoot":"","sources":["../../src/errors/error-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAEL,YAAY,EAEZ,UAAU,GAGX,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAE/D;;;;GAIG;AACH,MAAM,OAAO,YAAY;IACvB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,MAAM,CAAC,WAAW,CAChB,QAAgB,EAChB,OAAkE;QAElE,OAAO,KAAK,EAAE,KAAa,EAAE,OAAoB,EAAoB,EAAE;YACrE,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;YAEtC,IAAI,CAAC;gBACH,sDAAsD;gBACtD,wDAAwD;gBACxD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAE7C,iEAAiE;gBACjE,OAAO,sBAAsB,CAAC,MAAM,CAAY,CAAC;YACnD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,YAAY,GAAiB;oBACjC,IAAI,EAAE,QAAQ;oBACd,SAAS;iBACV,CAAC;gBAEF,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;oBACpC,YAAY,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;gBAC7C,CAAC;gBAED,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;gBAE1D,gCAAgC;gBAChC,MAAM,QAAQ,CAAC;YACjB,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,MAAM,CAAC,cAAc,CAAC,KAAc,EAAE,OAAsB;QAC1D,qBAAqB;QACrB,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,kDAAkD;YAClD,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACnC,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;YAC/B,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,uBAAuB;QACvB,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QAED,uBAAuB;QACvB,IAAI,KAAK,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QAED,cAAc;QACd,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;YAChC,OAAO,WAAW,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACnD,CAAC;QAED,gBAAgB;QAChB,IAAI,KAAK,YAAY,KAAK,IAAI,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YACzD,OAAO,WAAW,CAAC,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACrD,CAAC;QAED,mCAAmC;QACnC,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,WAAW,CAAC,YAAY,CAC7B,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,UAAU,IAAI,SAAS,EAC7B,OAAO,CACR,CAAC;QACJ,CAAC;QAED,gDAAgD;QAChD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEvE,MAAM,SAAS,GAAqB;YAClC,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,iDAAiD;SAC9D,CAAC;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,SAAS,CAAC,OAAO,GAAG,OAAO,CAAC;QAC9B,CAAC;QAED,iFAAiF;QACjF,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YACpB,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC/D,IAAI,KAAK,EAAE,CAAC;gBACV,SAAS,CAAC,eAAe,GAAG;oBAC1B,IAAI,EAAE,eAAe;oBACrB,OAAO;oBACP,OAAO,EAAE,EAAE,KAAK,EAAE;iBACnB,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,6DAA6D;YAC7D,SAAS,CAAC,eAAe,GAAG;gBAC1B,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,4BAA4B;aACtC,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAa,MAAM,CAAC,MAAM,CACtC,IAAI,KAAK,CAAC,qBAAqB,OAAO,EAAE,CAAC,EACzC;YACE,IAAI,EAAE,YAAY,CAAC,cAAc;YACjC,OAAO,EAAE,qBAAqB,OAAO,EAAE;YACvC,IAAI,EAAE,SAAS;SAChB,CACF,CAAC;QAEF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,UAAU,CAAC,KAAc;QACtC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,MAAM,IAAI,KAAK;YACf,SAAS,IAAI,KAAK;YAClB,MAAM,IAAI,KAAK;YACf,OAAQ,KAAkB,CAAC,IAAI,KAAK,QAAQ;YAC3C,KAAkB,CAAC,IAAI,GAAG,CAAC,KAAK;YACjC,aAAa,IAAK,KAAkB,CAAC,IAAI,CAC1C,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,iBAAiB,CAC9B,KAAc;QAEd,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,IAAI,IAAI,KAAK;YACZ,KAA4B,CAAC,EAAE,KAAK,KAAK;YAC1C,OAAO,IAAI,KAAK;YAChB,OAAQ,KAA4B,CAAC,KAAK,KAAK,QAAQ,CACxD,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,cAAc,CAAC,KAAY;QACxC,MAAM,iBAAiB,GAAG;YACxB,WAAW;YACX,cAAc;YACd,WAAW;YACX,YAAY;YACZ,WAAW;YACX,WAAW;YACX,gBAAgB;YAChB,SAAS;YACT,cAAc;YACd,aAAa;SACd,CAAC;QAEF,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAC5C,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAC1C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAC1C,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,WAAW,CACxB,KAAc;QAEd,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,YAAY,IAAI,KAAK;YACrB,OAAQ,KAAgC,CAAC,UAAU,KAAK,QAAQ,CACjE,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,qBAAqB,CAC1B,OAAe,EACf,OAAsB;QAEtB,MAAM,SAAS,GAAqB;YAClC,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,0CAA0C;SACvD,CAAC;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,SAAS,CAAC,OAAO,GAAG,OAAO,CAAC;QAC9B,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE;YACvC,IAAI,EAAE,YAAY,CAAC,cAAc;YACjC,OAAO;YACP,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,eAAe,CAAC,OAAe,EAAE,OAAsB;QAC5D,MAAM,SAAS,GAAqB;YAClC,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,2CAA2C;SACxD,CAAC;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,SAAS,CAAC,OAAO,GAAG,OAAO,CAAC;QAC9B,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE;YACvC,IAAI,EAAE,YAAY,CAAC,iBAAiB;YACpC,OAAO;YACP,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAC,mBAAmB,CACxB,YAAoB,EACpB,UAA2B,EAC3B,OAAsB;QAEtB,MAAM,OAAO,GAAG,GAAG,YAAY,YAAY,UAAU,gBAAgB,CAAC;QAEtE,MAAM,SAAS,GAAqB;YAClC,WAAW,EAAE,KAAK;YAClB,UAAU,EAAE,cAAc,YAAY,qDAAqD;SAC5F,CAAC;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,SAAS,CAAC,OAAO,GAAG,OAAO,CAAC;QAC9B,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE;YACvC,IAAI,EAAE,YAAY,CAAC,kBAAkB;YACrC,OAAO;YACP,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;IACL,CAAC;CACF;AAED;;;;;;GAMG;AACH,SAAS,iBAAiB;IACxB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1D,OAAO,OAAO,SAAS,IAAI,MAAM,EAAE,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAE7B;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,YAAY,CAAC,cAAc,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AAE1E;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,YAAY,CAAC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC"}