@hs-x/cli 0.1.0

package/dist/cli-error.d.ts

@@ -0,0 +1,36 @@
+import type { ErrorContext } from './reporter/types.js';
+declare const CliError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
+    readonly _tag: "CliError";
+} & Readonly<A>;
+/**
+ * The single failure type that command handlers fail with. It carries a
+ * registry `code` (see `errors-registry.ts`) from which the process exit code
+ * and the user-facing help block are derived at the dispatch edge. Handlers
+ * never call `process.exit` or write errors themselves — they `Effect.fail` a
+ * `CliError` and the edge maps it once.
+ */
+export declare class CliError extends CliError_base<{
+    readonly code: string;
+    readonly message: string;
+    readonly context?: ErrorContext;
+}> {
+}
+/**
+ * Construct a `CliError`. When `message` is omitted the registry summary for
+ * `code` is used, so callers can fail with just a code for well-known errors.
+ */
+export declare function cliError(code: string, message?: string, context?: ErrorContext): CliError;
+export interface ErrorDescription {
+    readonly code: string;
+    readonly message: string;
+    readonly exitCode: number;
+    readonly context: ErrorContext | undefined;
+}
+/**
+ * Normalize any caught defect/failure into the fields the reporter needs and
+ * the process exit code. Unknown errors (defects, raw `Error`s that escaped a
+ * service) collapse to a generic exit code 1.
+ */
+export declare function describeError(error: unknown): ErrorDescription;
+export {};
+//# sourceMappingURL=cli-error.d.ts.map

package/dist/cli-error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-error.d.ts","sourceRoot":"","sources":["../src/cli-error.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;;;;AAExD;;;;;;GAMG;AACH,qBAAa,QAAS,SAAQ,cAA6B;IACzD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,CAAC,EAAE,YAAY,CAAC;CACjC,CAAC;CAAG;AAEL;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,QAAQ,CAMzF;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,YAAY,GAAG,SAAS,CAAC;CAC5C;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,gBAAgB,CAW9D"}

package/dist/cli-error.js

@@ -0,0 +1,40 @@
+import { Data } from 'effect';
+import { getError } from './errors-registry.js';
+/**
+ * The single failure type that command handlers fail with. It carries a
+ * registry `code` (see `errors-registry.ts`) from which the process exit code
+ * and the user-facing help block are derived at the dispatch edge. Handlers
+ * never call `process.exit` or write errors themselves — they `Effect.fail` a
+ * `CliError` and the edge maps it once.
+ */
+export class CliError extends Data.TaggedError('CliError') {
+}
+/**
+ * Construct a `CliError`. When `message` is omitted the registry summary for
+ * `code` is used, so callers can fail with just a code for well-known errors.
+ */
+export function cliError(code, message, context) {
+    return new CliError({
+        code,
+        message: message ?? getError(code)?.summary ?? code,
+        ...(context ? { context } : {}),
+    });
+}
+/**
+ * Normalize any caught defect/failure into the fields the reporter needs and
+ * the process exit code. Unknown errors (defects, raw `Error`s that escaped a
+ * service) collapse to a generic exit code 1.
+ */
+export function describeError(error) {
+    if (error instanceof CliError) {
+        return {
+            code: error.code,
+            message: error.message,
+            exitCode: getError(error.code)?.exitCode ?? 1,
+            context: error.context,
+        };
+    }
+    const message = error instanceof Error ? error.message : String(error);
+    return { code: 'HSX_E_INTERNAL', message, exitCode: 1, context: undefined };
+}
+//# sourceMappingURL=cli-error.js.map

package/dist/cli-error.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-error.js","sourceRoot":"","sources":["../src/cli-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAGhD;;;;;;GAMG;AACH,MAAM,OAAO,QAAS,SAAQ,IAAI,CAAC,WAAW,CAAC,UAAU,CAIvD;CAAG;AAEL;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAY,EAAE,OAAgB,EAAE,OAAsB;IAC7E,OAAO,IAAI,QAAQ,CAAC;QAClB,IAAI;QACJ,OAAO,EAAE,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,IAAI,IAAI;QACnD,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAChC,CAAC,CAAC;AACL,CAAC;AASD;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,IAAI,KAAK,YAAY,QAAQ,EAAE,CAAC;QAC9B,OAAO;YACL,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,QAAQ,IAAI,CAAC;YAC7C,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AAC9E,CAAC"}

package/dist/cloudflare-auth.d.ts

@@ -0,0 +1,25 @@
+export declare const CLOUDFLARE_TOKEN_TEMPLATE_URL = "https://dash.cloudflare.com/profile/api-tokens?token-name=HS-X";
+export declare const CLOUDFLARE_REQUIRED_PERMISSIONS: readonly {
+    readonly scope: string;
+    readonly permission: string;
+    readonly permissionGroupName: string;
+    readonly reason: string;
+    readonly phase: 'phase-1' | 'phase-2';
+}[];
+export interface CloudflareTokenInfo {
+    readonly token: string;
+    readonly id: string;
+    readonly status: string;
+    readonly accountId?: string;
+    readonly grantedPermissionGroups: readonly string[];
+    readonly missingPermissionGroups: readonly string[];
+    readonly permissionInspection: 'available' | 'unavailable';
+    readonly permissionInspectionDetail?: string;
+}
+export declare function verifyCloudflareToken(token: string, baseUrl?: string): Promise<CloudflareTokenInfo>;
+export declare class CloudflareAuthError extends Error {
+    readonly code: string;
+    readonly detail: string;
+    constructor(code: string, message: string, detail: string);
+}
+//# sourceMappingURL=cloudflare-auth.d.ts.map

package/dist/cloudflare-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-auth.d.ts","sourceRoot":"","sources":["../src/cloudflare-auth.ts"],"names":[],"mappings":"AAcA,eAAO,MAAM,6BAA6B,mEACwB,CAAC;AAKnE,eAAO,MAAM,+BAA+B,EAAE,SAAS;IACrD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,SAAS,GAAG,SAAS,CAAC;CACvC,EAyDA,CAAC;AAEF,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,uBAAuB,EAAE,SAAS,MAAM,EAAE,CAAC;IACpD,QAAQ,CAAC,uBAAuB,EAAE,SAAS,MAAM,EAAE,CAAC;IACpD,QAAQ,CAAC,oBAAoB,EAAE,WAAW,GAAG,aAAa,CAAC;IAC3D,QAAQ,CAAC,0BAA0B,CAAC,EAAE,MAAM,CAAC;CAC9C;AAmQD,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,MAAqC,GAC7C,OAAO,CAAC,mBAAmB,CAAC,CAkB9B;AAgCD,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;gBACZ,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;CAM1D"}

package/dist/cloudflare-auth.js

@@ -0,0 +1,251 @@
+import { HsxHttpClientRaw, HttpClient, HttpClientError, HttpClientRequest, HttpClientResponse, } from '@hs-x/types';
+import { Cause, Effect, Exit, Option, Schema } from 'effect';
+import { CloudflareAccountListFailed, CloudflareTokenInvalid, CloudflareTokenMissingPermissions, } from './errors.js';
+export const CLOUDFLARE_TOKEN_TEMPLATE_URL = 'https://dash.cloudflare.com/profile/api-tokens?token-name=HS-X';
+// Permissions HS-X exercises across the current deploy surface plus the Phase 2
+// observability/logging surface. Used in prompt copy and best-effort token
+// introspection after the user pastes a token.
+export const CLOUDFLARE_REQUIRED_PERMISSIONS = [
+    {
+        scope: 'Account · Workers Scripts',
+        permission: 'Edit',
+        permissionGroupName: 'Workers Scripts Write',
+        reason: 'deploy Worker scripts, bindings, triggers, and routes',
+        phase: 'phase-1',
+    },
+    {
+        scope: 'Account · Workers KV Storage',
+        permission: 'Edit',
+        permissionGroupName: 'Workers KV Storage Write',
+        reason: 'create and update runtime KV namespaces',
+        phase: 'phase-1',
+    },
+    {
+        scope: 'Account · D1',
+        permission: 'Edit',
+        permissionGroupName: 'D1 Write',
+        reason: 'create and migrate per-project D1 databases',
+        phase: 'phase-1',
+    },
+    {
+        scope: 'Account · Queues',
+        permission: 'Edit',
+        permissionGroupName: 'Queues Write',
+        reason: 'provision queues for async sync and batched work',
+        phase: 'phase-1',
+    },
+    {
+        scope: 'Account · Workers Tail',
+        permission: 'Read',
+        permissionGroupName: 'Workers Tail Read',
+        reason: 'stream live Worker logs during dev and debugging',
+        phase: 'phase-1',
+    },
+    {
+        scope: 'Account · Account Settings',
+        permission: 'Read',
+        permissionGroupName: 'Account Settings Read',
+        reason: 'discover and validate the selected Cloudflare account',
+        phase: 'phase-1',
+    },
+    {
+        scope: 'Account · R2 Storage',
+        permission: 'Edit',
+        permissionGroupName: 'Workers R2 Storage Write',
+        reason: 'store deploy bundles, archived logs, and large artifacts',
+        phase: 'phase-2',
+    },
+    {
+        scope: 'Account · Account Analytics',
+        permission: 'Read',
+        permissionGroupName: 'Account Analytics Read',
+        reason: 'query Analytics Engine for usage, logs, and billing views',
+        phase: 'phase-2',
+    },
+];
+const apiGet = (input) => Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    return yield* client
+        .execute(HttpClientRequest.get(input.url).pipe(HttpClientRequest.bearerToken(input.token), HttpClientRequest.acceptJson))
+        .pipe(Effect.scoped);
+});
+const CloudflareTokenPolicySchema = Schema.Struct({
+    effect: Schema.optional(Schema.String),
+    permission_groups: Schema.optional(Schema.Array(Schema.Struct({
+        name: Schema.optional(Schema.String),
+    }))),
+});
+const VerifyBodySchema = Schema.Struct({
+    success: Schema.optional(Schema.Boolean),
+    result: Schema.optional(Schema.Struct({
+        id: Schema.optional(Schema.String),
+        status: Schema.optional(Schema.String),
+        policies: Schema.optional(Schema.Array(CloudflareTokenPolicySchema)),
+    })),
+    errors: Schema.optional(Schema.Array(Schema.Struct({
+        code: Schema.optional(Schema.Number),
+        message: Schema.optional(Schema.String),
+    }))),
+});
+const DetailsBodySchema = Schema.Struct({
+    success: Schema.optional(Schema.Boolean),
+    result: Schema.optional(Schema.Struct({
+        policies: Schema.optional(Schema.Array(CloudflareTokenPolicySchema)),
+    })),
+    errors: Schema.optional(Schema.Array(Schema.Struct({
+        message: Schema.optional(Schema.String),
+    }))),
+});
+const AccountListBodySchema = Schema.Struct({
+    result: Schema.optional(Schema.Array(Schema.Struct({
+        id: Schema.optional(Schema.String),
+    }))),
+});
+const readVerifyBody = (response) => HttpClientResponse.schemaBodyJson(VerifyBodySchema)(response).pipe(Effect.catchAll(() => Effect.succeed({})));
+const readDetailsBody = (response) => HttpClientResponse.schemaBodyJson(DetailsBodySchema)(response).pipe(Effect.catchAll(() => Effect.succeed({})));
+const readAccountListBody = (response) => HttpClientResponse.schemaBodyJson(AccountListBodySchema)(response).pipe(Effect.catchAll(() => Effect.succeed({})));
+const isStatusOk = (status) => status >= 200 && status < 300;
+const verifyToken = (token, baseUrl) => Effect.gen(function* () {
+    const response = yield* apiGet({
+        endpoint: '/client/v4/user/tokens/verify',
+        url: new URL('/client/v4/user/tokens/verify', baseUrl),
+        token,
+    });
+    const body = yield* readVerifyBody(response);
+    if (!isStatusOk(response.status) || body.success === false || !body.result?.id) {
+        return yield* Effect.fail(new CloudflareTokenInvalid({
+            detail: body.errors?.[0]?.message ?? `verify returned ${response.status}`,
+        }));
+    }
+    return body.result;
+});
+const inspectPermissions = (input) => Effect.gen(function* () {
+    const fromVerify = permissionGroupsFromPolicies(input.verifyPolicies);
+    if (fromVerify.length > 0) {
+        return { grantedPermissionGroups: fromVerify, permissionInspection: 'available' };
+    }
+    const endpoint = `/client/v4/user/tokens/${encodeURIComponent(input.tokenId)}`;
+    const response = yield* apiGet({
+        endpoint,
+        url: new URL(endpoint, input.baseUrl),
+        token: input.token,
+    });
+    if (!isStatusOk(response.status)) {
+        return {
+            grantedPermissionGroups: [],
+            permissionInspection: 'unavailable',
+            permissionInspectionDetail: `Cloudflare token details returned HTTP ${response.status}`,
+        };
+    }
+    const body = yield* readDetailsBody(response);
+    if (body.success === false) {
+        return {
+            grantedPermissionGroups: [],
+            permissionInspection: 'unavailable',
+            permissionInspectionDetail: body.errors?.[0]?.message ?? 'Cloudflare token details were unavailable.',
+        };
+    }
+    return {
+        grantedPermissionGroups: permissionGroupsFromPolicies(body.result?.policies),
+        permissionInspection: 'available',
+    };
+});
+const listFirstAccountId = (token, baseUrl) => {
+    const endpoint = '/client/v4/accounts';
+    return Effect.gen(function* () {
+        const response = yield* apiGet({ endpoint, url: new URL(endpoint, baseUrl), token });
+        if (!isStatusOk(response.status)) {
+            return yield* Effect.fail(new CloudflareAccountListFailed({
+                detail: `accounts returned HTTP ${response.status}`,
+            }));
+        }
+        const body = yield* readAccountListBody(response);
+        return body.result?.[0]?.id;
+    }).pipe(
+    // The account list is best-effort: surface undefined on any failure
+    // (HTTP, timeout, account-list failed) rather than failing the whole flow.
+    Effect.catchAll(() => Effect.succeed(undefined)));
+};
+const verifyProgram = (token, baseUrl) => Effect.gen(function* () {
+    const verified = yield* verifyToken(token, baseUrl);
+    const inspected = yield* inspectPermissions({
+        token,
+        tokenId: verified.id,
+        baseUrl,
+        ...(verified.policies ? { verifyPolicies: verified.policies } : {}),
+    });
+    const accountId = yield* listFirstAccountId(token, baseUrl);
+    return {
+        token,
+        id: verified.id,
+        status: verified.status ?? 'active',
+        grantedPermissionGroups: inspected.grantedPermissionGroups,
+        missingPermissionGroups: missingPermissionGroups(inspected.grantedPermissionGroups),
+        permissionInspection: inspected.permissionInspection,
+        ...(accountId ? { accountId } : {}),
+        ...(inspected.permissionInspectionDetail
+            ? { permissionInspectionDetail: inspected.permissionInspectionDetail }
+            : {}),
+    };
+});
+const toCloudflareAuthError = (err) => {
+    switch (err._tag) {
+        case 'CloudflareTokenInvalid':
+            return new CloudflareAuthError('HSX_E_CLOUDFLARE_TOKEN_INVALID', 'Cloudflare token verification failed.', err.detail);
+        case 'CloudflareTokenMissingPermissions':
+            return new CloudflareAuthError('HSX_E_CLOUDFLARE_TOKEN_PERMISSIONS', 'Cloudflare token is missing required permissions.', err.detail);
+        case 'RequestError':
+            return new CloudflareAuthError('HSX_E_CLOUDFLARE_TOKEN_VERIFY', 'Cloudflare token verification failed.', err.description ?? err.message);
+        case 'ResponseError':
+            return new CloudflareAuthError('HSX_E_CLOUDFLARE_TOKEN_VERIFY', 'Cloudflare token verification failed.', err.description ?? err.message);
+    }
+};
+export async function verifyCloudflareToken(token, baseUrl = 'https://api.cloudflare.com') {
+    const exit = await Effect.runPromise(Effect.exit(verifyProgram(token, baseUrl).pipe(Effect.provide(HsxHttpClientRaw))));
+    return Exit.match(exit, {
+        onSuccess: (info) => info,
+        onFailure: (cause) => {
+            const failure = Cause.failureOption(cause);
+            if (Option.isSome(failure)) {
+                throw toCloudflareAuthError(failure.value);
+            }
+            throw new CloudflareAuthError('HSX_E_CLOUDFLARE_TOKEN_VERIFY', 'Cloudflare token verification failed.', Cause.pretty(cause));
+        },
+    });
+}
+function permissionGroupsFromPolicies(policies) {
+    const names = new Set();
+    for (const policy of policies ?? []) {
+        if (policy.effect && policy.effect !== 'allow')
+            continue;
+        for (const group of policy.permission_groups ?? []) {
+            if (group.name)
+                names.add(group.name);
+        }
+    }
+    return [...names].sort((a, b) => a.localeCompare(b));
+}
+function missingPermissionGroups(grantedPermissionGroups) {
+    if (grantedPermissionGroups.length === 0) {
+        return CLOUDFLARE_REQUIRED_PERMISSIONS.map((permission) => permission.permissionGroupName);
+    }
+    const granted = new Set(grantedPermissionGroups.map(normalizePermissionGroupName));
+    return CLOUDFLARE_REQUIRED_PERMISSIONS.filter((permission) => !granted.has(normalizePermissionGroupName(permission.permissionGroupName))).map((permission) => permission.permissionGroupName);
+}
+function normalizePermissionGroupName(value) {
+    return value
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, ' ')
+        .trim();
+}
+export class CloudflareAuthError extends Error {
+    code;
+    detail;
+    constructor(code, message, detail) {
+        super(message);
+        this.name = 'CloudflareAuthError';
+        this.code = code;
+        this.detail = detail;
+    }
+}
+//# sourceMappingURL=cloudflare-auth.js.map

package/dist/cloudflare-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-auth.js","sourceRoot":"","sources":["../src/cloudflare-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC7D,OAAO,EACL,2BAA2B,EAC3B,sBAAsB,EACtB,iCAAiC,GAClC,MAAM,aAAa,CAAC;AAErB,MAAM,CAAC,MAAM,6BAA6B,GACxC,gEAAgE,CAAC;AAEnE,gFAAgF;AAChF,2EAA2E;AAC3E,+CAA+C;AAC/C,MAAM,CAAC,MAAM,+BAA+B,GAMtC;IACJ;QACE,KAAK,EAAE,2BAA2B;QAClC,UAAU,EAAE,MAAM;QAClB,mBAAmB,EAAE,uBAAuB;QAC5C,MAAM,EAAE,uDAAuD;QAC/D,KAAK,EAAE,SAAS;KACjB;IACD;QACE,KAAK,EAAE,8BAA8B;QACrC,UAAU,EAAE,MAAM;QAClB,mBAAmB,EAAE,0BAA0B;QAC/C,MAAM,EAAE,yCAAyC;QACjD,KAAK,EAAE,SAAS;KACjB;IACD;QACE,KAAK,EAAE,cAAc;QACrB,UAAU,EAAE,MAAM;QAClB,mBAAmB,EAAE,UAAU;QAC/B,MAAM,EAAE,6CAA6C;QACrD,KAAK,EAAE,SAAS;KACjB;IACD;QACE,KAAK,EAAE,kBAAkB;QACzB,UAAU,EAAE,MAAM;QAClB,mBAAmB,EAAE,cAAc;QACnC,MAAM,EAAE,kDAAkD;QAC1D,KAAK,EAAE,SAAS;KACjB;IACD;QACE,KAAK,EAAE,wBAAwB;QAC/B,UAAU,EAAE,MAAM;QAClB,mBAAmB,EAAE,mBAAmB;QACxC,MAAM,EAAE,kDAAkD;QAC1D,KAAK,EAAE,SAAS;KACjB;IACD;QACE,KAAK,EAAE,4BAA4B;QACnC,UAAU,EAAE,MAAM;QAClB,mBAAmB,EAAE,uBAAuB;QAC5C,MAAM,EAAE,uDAAuD;QAC/D,KAAK,EAAE,SAAS;KACjB;IACD;QACE,KAAK,EAAE,sBAAsB;QAC7B,UAAU,EAAE,MAAM;QAClB,mBAAmB,EAAE,0BAA0B;QAC/C,MAAM,EAAE,0DAA0D;QAClE,KAAK,EAAE,SAAS;KACjB;IACD;QACE,KAAK,EAAE,6BAA6B;QACpC,UAAU,EAAE,MAAM;QAClB,mBAAmB,EAAE,wBAAwB;QAC7C,MAAM,EAAE,2DAA2D;QACnE,KAAK,EAAE,SAAS;KACjB;CACF,CAAC;AAoBF,MAAM,MAAM,GAAG,CAAC,KAIf,EAAyF,EAAE,CAC1F,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC;IAC5C,OAAO,KAAK,CAAC,CAAC,MAAM;SACjB,OAAO,CACN,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CACnC,iBAAiB,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,EAC1C,iBAAiB,CAAC,UAAU,CAC7B,CACF;SACA,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AACzB,CAAC,CAAC,CAAC;AAEL,MAAM,2BAA2B,GAAyC,MAAM,CAAC,MAAM,CAAC;IACtF,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;IACtC,iBAAiB,EAAE,MAAM,CAAC,QAAQ,CAChC,MAAM,CAAC,KAAK,CACV,MAAM,CAAC,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;KACrC,CAAC,CACH,CACF;CACF,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC;IACrC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC;IACxC,MAAM,EAAE,MAAM,CAAC,QAAQ,CACrB,MAAM,CAAC,MAAM,CAAC;QACZ,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QAClC,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACtC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;KACrE,CAAC,CACH;IACD,MAAM,EAAE,MAAM,CAAC,QAAQ,CACrB,MAAM,CAAC,KAAK,CACV,MAAM,CAAC,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACpC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;KACxC,CAAC,CACH,CACF;CACF,CAAC,CAAC;AAGH,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC;IACxC,MAAM,EAAE,MAAM,CAAC,QAAQ,CACrB,MAAM,CAAC,MAAM,CAAC;QACZ,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;KACrE,CAAC,CACH;IACD,MAAM,EAAE,MAAM,CAAC,QAAQ,CACrB,MAAM,CAAC,KAAK,CACV,MAAM,CAAC,MAAM,CAAC;QACZ,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;KACxC,CAAC,CACH,CACF;CACF,CAAC,CAAC;AAGH,MAAM,qBAAqB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC1C,MAAM,EAAE,MAAM,CAAC,QAAQ,CACrB,MAAM,CAAC,KAAK,CACV,MAAM,CAAC,MAAM,CAAC;QACZ,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;KACnC,CAAC,CACH,CACF;CACF,CAAC,CAAC;AAGH,MAAM,cAAc,GAAG,CACrB,QAA+C,EACpB,EAAE,CAC7B,kBAAkB,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAChE,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,EAAgB,CAAC,CAAC,CACxD,CAAC;AAEJ,MAAM,eAAe,GAAG,CACtB,QAA+C,EACnB,EAAE,CAC9B,kBAAkB,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CACjE,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,EAAiB,CAAC,CAAC,CACzD,CAAC;AAEJ,MAAM,mBAAmB,GAAG,CAC1B,QAA+C,EACf,EAAE,CAClC,kBAAkB,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CACrE,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,EAAqB,CAAC,CAAC,CAC7D,CAAC;AAEJ,MAAM,UAAU,GAAG,CAAC,MAAc,EAAW,EAAE,CAAC,MAAM,IAAI,GAAG,IAAI,MAAM,GAAG,GAAG,CAAC;AAE9E,MAAM,WAAW,GAAG,CAClB,KAAa,EACb,OAAe,EAKf,EAAE,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC;QAC7B,QAAQ,EAAE,+BAA+B;QACzC,GAAG,EAAE,IAAI,GAAG,CAAC,+BAA+B,EAAE,OAAO,CAAC;QACtD,KAAK;KACN,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC7C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC;QAC/E,OAAO,KAAK,CAAC,CAAC,MAAM,CAAC,IAAI,CACvB,IAAI,sBAAsB,CAAC;YACzB,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,IAAI,mBAAmB,QAAQ,CAAC,MAAM,EAAE;SAC1E,CAAC,CACH,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC,MAA2C,CAAC;AAC1D,CAAC,CAAC,CAAC;AAQL,MAAM,kBAAkB,GAAG,CAAC,KAK3B,EAAoE,EAAE,CACrE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,UAAU,GAAG,4BAA4B,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACtE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,uBAAuB,EAAE,UAAU,EAAE,oBAAoB,EAAE,WAAoB,EAAE,CAAC;IAC7F,CAAC;IACD,MAAM,QAAQ,GAAG,0BAA0B,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;IAC/E,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC;QAC7B,QAAQ;QACR,GAAG,EAAE,IAAI,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC;QACrC,KAAK,EAAE,KAAK,CAAC,KAAK;KACnB,CAAC,CAAC;IACH,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,OAAO;YACL,uBAAuB,EAAE,EAAE;YAC3B,oBAAoB,EAAE,aAAsB;YAC5C,0BAA0B,EAAE,0CAA0C,QAAQ,CAAC,MAAM,EAAE;SACxF,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;QAC3B,OAAO;YACL,uBAAuB,EAAE,EAAE;YAC3B,oBAAoB,EAAE,aAAsB;YAC5C,0BAA0B,EACxB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,IAAI,4CAA4C;SAC5E,CAAC;IACJ,CAAC;IACD,OAAO;QACL,uBAAuB,EAAE,4BAA4B,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC;QAC5E,oBAAoB,EAAE,WAAoB;KAC3C,CAAC;AACJ,CAAC,CAAC,CAAC;AAEL,MAAM,kBAAkB,GAAG,CACzB,KAAa,EACb,OAAe,EACkD,EAAE;IACnE,MAAM,QAAQ,GAAG,qBAAqB,CAAC;IACvC,OAAO,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;QACzB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACrF,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,OAAO,KAAK,CAAC,CAAC,MAAM,CAAC,IAAI,CACvB,IAAI,2BAA2B,CAAC;gBAC9B,MAAM,EAAE,0BAA0B,QAAQ,CAAC,MAAM,EAAE;aACpD,CAAC,CACH,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAC9B,CAAC,CAAC,CAAC,IAAI;IACL,oEAAoE;IACpE,2EAA2E;IAC3E,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,SAA+B,CAAC,CAAC,CACvE,CAAC;AACJ,CAAC,CAAC;AAIF,MAAM,aAAa,GAAG,CACpB,KAAa,EACb,OAAe,EAC0D,EAAE,CAC3E,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC;QAC1C,KAAK;QACL,OAAO,EAAE,QAAQ,CAAC,EAAG;QACrB,OAAO;QACP,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACpE,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC5D,OAAO;QACL,KAAK;QACL,EAAE,EAAE,QAAQ,CAAC,EAAG;QAChB,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,QAAQ;QACnC,uBAAuB,EAAE,SAAS,CAAC,uBAAuB;QAC1D,uBAAuB,EAAE,uBAAuB,CAAC,SAAS,CAAC,uBAAuB,CAAC;QACnF,oBAAoB,EAAE,SAAS,CAAC,oBAAoB;QACpD,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnC,GAAG,CAAC,SAAS,CAAC,0BAA0B;YACtC,CAAC,CAAC,EAAE,0BAA0B,EAAE,SAAS,CAAC,0BAA0B,EAAE;YACtE,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC,CAAC,CAAC;AAEL,MAAM,qBAAqB,GAAG,CAAC,GAAiB,EAAuB,EAAE;IACvE,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,wBAAwB;YAC3B,OAAO,IAAI,mBAAmB,CAC5B,gCAAgC,EAChC,uCAAuC,EACvC,GAAG,CAAC,MAAM,CACX,CAAC;QACJ,KAAK,mCAAmC;YACtC,OAAO,IAAI,mBAAmB,CAC5B,oCAAoC,EACpC,mDAAmD,EACnD,GAAG,CAAC,MAAM,CACX,CAAC;QACJ,KAAK,cAAc;YACjB,OAAO,IAAI,mBAAmB,CAC5B,+BAA+B,EAC/B,uCAAuC,EACvC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,OAAO,CAC/B,CAAC;QACJ,KAAK,eAAe;YAClB,OAAO,IAAI,mBAAmB,CAC5B,+BAA+B,EAC/B,uCAAuC,EACvC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,OAAO,CAC/B,CAAC;IACN,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,KAAa,EACb,UAAkB,4BAA4B;IAE9C,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,UAAU,CAClC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAClF,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QACtB,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI;QACzB,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE;YACnB,MAAM,OAAO,GAAG,KAAK,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC3C,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,MAAM,qBAAqB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC7C,CAAC;YACD,MAAM,IAAI,mBAAmB,CAC3B,+BAA+B,EAC/B,uCAAuC,EACvC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CACpB,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,4BAA4B,CACnC,QAAsD;IAEtD,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,KAAK,MAAM,MAAM,IAAI,QAAQ,IAAI,EAAE,EAAE,CAAC;QACpC,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO;YAAE,SAAS;QACzD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,iBAAiB,IAAI,EAAE,EAAE,CAAC;YACnD,IAAI,KAAK,CAAC,IAAI;gBAAE,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,uBAAuB,CAAC,uBAA0C;IACzE,IAAI,uBAAuB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,OAAO,+BAA+B,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;IAC7F,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,CAAC;IACnF,OAAO,+BAA+B,CAAC,MAAM,CAC3C,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,CAC3F,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa;IACjD,OAAO,KAAK;SACT,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,IAAI,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IACnC,IAAI,CAAS;IACb,MAAM,CAAS;IACxB,YAAY,IAAY,EAAE,OAAe,EAAE,MAAc;QACvD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;QAClC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF"}

package/dist/cloudflare-kv.d.ts

@@ -0,0 +1,23 @@
+export interface CloudflareKvNamespace {
+    readonly id: string;
+    readonly title: string;
+}
+export interface CloudflareKvClient {
+    ensureNamespace(name: string): Promise<CloudflareKvNamespace>;
+    get(key: string): Promise<string | undefined>;
+    put(key: string, value: string): Promise<void>;
+    list(prefix: string): Promise<readonly string[]>;
+    delete(key: string): Promise<void>;
+}
+export declare function createCloudflareKvClient(input: {
+    readonly accountId: string;
+    readonly apiToken: string;
+    readonly namespaceId?: string;
+    readonly baseUrl?: string;
+    readonly fetchImpl?: typeof fetch;
+}): CloudflareKvClient;
+export declare function resolveCloudflareCredentials(argv: readonly string[]): {
+    readonly apiToken: string | undefined;
+    readonly accountId: string | undefined;
+};
+//# sourceMappingURL=cloudflare-kv.d.ts.map

package/dist/cloudflare-kv.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-kv.d.ts","sourceRoot":"","sources":["../src/cloudflare-kv.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAC9D,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IAC9C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,MAAM,EAAE,CAAC,CAAC;IACjD,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED,wBAAgB,wBAAwB,CAAC,KAAK,EAAE;IAC9C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CACnC,GAAG,kBAAkB,CAuHrB;AAED,wBAAgB,4BAA4B,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,GAAG;IACrE,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;IACtC,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;CACxC,CAYA"}

package/dist/cloudflare-kv.js

@@ -0,0 +1,101 @@
+export function createCloudflareKvClient(input) {
+    const fetchImpl = input.fetchImpl ?? fetch;
+    const baseUrl = input.baseUrl ?? 'https://api.cloudflare.com';
+    let namespaceId = input.namespaceId;
+    const api = async (path, init = {}) => {
+        const response = await fetchImpl(new URL(path, baseUrl), {
+            ...init,
+            headers: {
+                authorization: `Bearer ${input.apiToken}`,
+                ...(init.body ? { 'content-type': 'application/json' } : {}),
+                ...(init.headers ?? {}),
+            },
+        });
+        if (!response.ok) {
+            const detail = await response.text().catch(() => '');
+            throw new Error(`Cloudflare KV request failed (${response.status})${detail ? `: ${detail}` : ''}`);
+        }
+        return response;
+    };
+    const requireNamespaceId = () => {
+        if (!namespaceId)
+            throw new Error('Cloudflare KV namespace has not been initialized.');
+        return namespaceId;
+    };
+    return {
+        async ensureNamespace(name) {
+            const listResponse = await api(`/client/v4/accounts/${encodeURIComponent(input.accountId)}/storage/kv/namespaces`);
+            const listBody = (await listResponse.json());
+            const existing = listBody.result?.find((item) => item.title === name);
+            if (existing?.id && existing.title) {
+                namespaceId = existing.id;
+                return { id: existing.id, title: existing.title };
+            }
+            const createResponse = await api(`/client/v4/accounts/${encodeURIComponent(input.accountId)}/storage/kv/namespaces`, {
+                method: 'POST',
+                body: JSON.stringify({ title: name }),
+            });
+            const createBody = (await createResponse.json());
+            if (!createBody.result?.id) {
+                throw new Error('Cloudflare KV namespace create response did not include an id.');
+            }
+            namespaceId = createBody.result.id;
+            return { id: createBody.result.id, title: createBody.result.title ?? name };
+        },
+        async get(key) {
+            const response = await fetchImpl(new URL(`/client/v4/accounts/${encodeURIComponent(input.accountId)}/storage/kv/namespaces/${encodeURIComponent(requireNamespaceId())}/values/${encodeURIComponent(key)}`, baseUrl), {
+                headers: { authorization: `Bearer ${input.apiToken}` },
+            });
+            if (response.status === 404)
+                return undefined;
+            if (!response.ok) {
+                throw new Error(`Cloudflare KV get failed (${response.status}).`);
+            }
+            return await response.text();
+        },
+        async put(key, value) {
+            await api(`/client/v4/accounts/${encodeURIComponent(input.accountId)}/storage/kv/namespaces/${encodeURIComponent(requireNamespaceId())}/values/${encodeURIComponent(key)}`, {
+                method: 'PUT',
+                body: value,
+                headers: { 'content-type': 'text/plain' },
+            });
+        },
+        async list(prefix) {
+            const keys = [];
+            let cursor;
+            do {
+                const url = new URL(`/client/v4/accounts/${encodeURIComponent(input.accountId)}/storage/kv/namespaces/${encodeURIComponent(requireNamespaceId())}/keys`, baseUrl);
+                url.searchParams.set('prefix', prefix);
+                if (cursor)
+                    url.searchParams.set('cursor', cursor);
+                const response = await api(`${url.pathname}${url.search}`);
+                const body = (await response.json());
+                keys.push(...(body.result ?? []).flatMap((item) => (item.name ? [item.name] : [])));
+                cursor = body.result_info?.cursor || undefined;
+            } while (cursor);
+            return keys;
+        },
+        async delete(key) {
+            await api(`/client/v4/accounts/${encodeURIComponent(input.accountId)}/storage/kv/namespaces/${encodeURIComponent(requireNamespaceId())}/values/${encodeURIComponent(key)}`, { method: 'DELETE' });
+        },
+    };
+}
+export function resolveCloudflareCredentials(argv) {
+    return {
+        apiToken: resolveFlag(argv, '--cloudflare-api-token') ??
+            resolveFlag(argv, '--api-token') ??
+            process.env.HSX_CLOUDFLARE_API_TOKEN ??
+            process.env.CLOUDFLARE_API_TOKEN,
+        accountId: resolveFlag(argv, '--cloudflare-account-id') ??
+            process.env.HSX_CLOUDFLARE_ACCOUNT_ID ??
+            process.env.CLOUDFLARE_ACCOUNT_ID,
+    };
+}
+function resolveFlag(argv, name) {
+    const eq = argv.find((arg) => arg.startsWith(`${name}=`));
+    if (eq)
+        return eq.slice(name.length + 1);
+    const idx = argv.indexOf(name);
+    return idx >= 0 ? argv[idx + 1] : undefined;
+}
+//# sourceMappingURL=cloudflare-kv.js.map

package/dist/cloudflare-kv.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-kv.js","sourceRoot":"","sources":["../src/cloudflare-kv.ts"],"names":[],"mappings":"AAaA,MAAM,UAAU,wBAAwB,CAAC,KAMxC;IACC,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC;IAC3C,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,4BAA4B,CAAC;IAC9D,IAAI,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC;IAEpC,MAAM,GAAG,GAAG,KAAK,EAAE,IAAY,EAAE,OAAoB,EAAE,EAAqB,EAAE;QAC5E,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE;YACvD,GAAG,IAAI;YACP,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,CAAC,QAAQ,EAAE;gBACzC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5D,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;aACxB;SACF,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACrD,MAAM,IAAI,KAAK,CACb,iCAAiC,QAAQ,CAAC,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAClF,CAAC;QACJ,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;IAEF,MAAM,kBAAkB,GAAG,GAAW,EAAE;QACtC,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvF,OAAO,WAAW,CAAC;IACrB,CAAC,CAAC;IAEF,OAAO;QACL,KAAK,CAAC,eAAe,CAAC,IAAI;YACxB,MAAM,YAAY,GAAG,MAAM,GAAG,CAC5B,uBAAuB,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,wBAAwB,CACnF,CAAC;YACF,MAAM,QAAQ,GAAG,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,CAE1C,CAAC;YACF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;YACtE,IAAI,QAAQ,EAAE,EAAE,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;gBACnC,WAAW,GAAG,QAAQ,CAAC,EAAE,CAAC;gBAC1B,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC;YACpD,CAAC;YAED,MAAM,cAAc,GAAG,MAAM,GAAG,CAC9B,uBAAuB,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,wBAAwB,EAClF;gBACE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;aACtC,CACF,CAAC;YACF,MAAM,UAAU,GAAG,CAAC,MAAM,cAAc,CAAC,IAAI,EAAE,CAE9C,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;YACpF,CAAC;YACD,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,EAAE,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QAC9E,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,GAAG;YACX,MAAM,QAAQ,GAAG,MAAM,SAAS,CAC9B,IAAI,GAAG,CACL,uBAAuB,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,0BAA0B,kBAAkB,CACpG,kBAAkB,EAAE,CACrB,WAAW,kBAAkB,CAAC,GAAG,CAAC,EAAE,EACrC,OAAO,CACR,EACD;gBACE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,CAAC,QAAQ,EAAE,EAAE;aACvD,CACF,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;gBAAE,OAAO,SAAS,CAAC;YAC9C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAC;YACpE,CAAC;YACD,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/B,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK;YAClB,MAAM,GAAG,CACP,uBAAuB,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,0BAA0B,kBAAkB,CACpG,kBAAkB,EAAE,CACrB,WAAW,kBAAkB,CAAC,GAAG,CAAC,EAAE,EACrC;gBACE,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,KAAK;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE;aAC1C,CACF,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,MAAM;YACf,MAAM,IAAI,GAAa,EAAE,CAAC;YAC1B,IAAI,MAA0B,CAAC;YAC/B,GAAG,CAAC;gBACF,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,uBAAuB,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,0BAA0B,kBAAkB,CACpG,kBAAkB,EAAE,CACrB,OAAO,EACR,OAAO,CACR,CAAC;gBACF,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;gBACvC,IAAI,MAAM;oBAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;gBACnD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,GAAG,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC3D,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAGlC,CAAC;gBACF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBACpF,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,SAAS,CAAC;YACjD,CAAC,QAAQ,MAAM,EAAE;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,GAAG;YACd,MAAM,GAAG,CACP,uBAAuB,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,0BAA0B,kBAAkB,CACpG,kBAAkB,EAAE,CACrB,WAAW,kBAAkB,CAAC,GAAG,CAAC,EAAE,EACrC,EAAE,MAAM,EAAE,QAAQ,EAAE,CACrB,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,IAAuB;IAIlE,OAAO;QACL,QAAQ,EACN,WAAW,CAAC,IAAI,EAAE,wBAAwB,CAAC;YAC3C,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,wBAAwB;YACpC,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAClC,SAAS,EACP,WAAW,CAAC,IAAI,EAAE,yBAAyB,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,yBAAyB;YACrC,OAAO,CAAC,GAAG,CAAC,qBAAqB;KACpC,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,IAAuB,EAAE,IAAY;IACxD,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC;IAC1D,IAAI,EAAE;QAAE,OAAO,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9C,CAAC"}

package/dist/cloudflare-oauth-store.d.ts

@@ -0,0 +1,16 @@
+export interface CloudflareOAuthCredential {
+    readonly refreshToken: string;
+    readonly scope?: string;
+    readonly updatedAt: string;
+}
+export interface CloudflareOAuthStore {
+    readonly schemaVersion: 1;
+    readonly credentials: Record<string, CloudflareOAuthCredential>;
+}
+export declare function defaultCloudflareOAuthStorePath(): string;
+export declare function saveCloudflareOAuthCredential(cloudflareAccountId: string, credential: Omit<CloudflareOAuthCredential, 'updatedAt'>, options?: {
+    path?: string;
+    now?: () => Date;
+}): Promise<CloudflareOAuthStore>;
+export declare function getCloudflareOAuthCredential(cloudflareAccountId: string, path?: string): Promise<CloudflareOAuthCredential | undefined>;
+//# sourceMappingURL=cloudflare-oauth-store.d.ts.map

package/dist/cloudflare-oauth-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-oauth-store.d.ts","sourceRoot":"","sources":["../src/cloudflare-oauth-store.ts"],"names":[],"mappings":"AAqBA,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,yBAAyB,CAAC,CAAC;CACjE;AAID,wBAAgB,+BAA+B,IAAI,MAAM,CAIxD;AAyBD,wBAAsB,6BAA6B,CACjD,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,IAAI,CAAC,yBAAyB,EAAE,WAAW,CAAC,EACxD,OAAO,GAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,IAAI,CAAA;CAAO,GAChD,OAAO,CAAC,oBAAoB,CAAC,CAoB/B;AAED,wBAAsB,4BAA4B,CAChD,mBAAmB,EAAE,MAAM,EAC3B,IAAI,GAAE,MAA0C,GAC/C,OAAO,CAAC,yBAAyB,GAAG,SAAS,CAAC,CAGhD"}

package/dist/cloudflare-oauth-store.js

@@ -0,0 +1,80 @@
+// Persistence for Cloudflare OAuth refresh tokens, keyed by Cloudflare
+// account id so a single user with multiple CF accounts has separate
+// credentials per account.
+//
+// File layout (default `$XDG_CONFIG_HOME/hs-x/cloudflare-oauth.json`):
+//
+//   {
+//     "schemaVersion": 1,
+//     "credentials": {
+//       "<cloudflareAccountId>": {
+//         "refreshToken": "...",
+//         "scope": "...",
+//         "updatedAt": "ISO"
+//       }
+//     }
+//   }
+import { chmod, mkdir, readFile, writeFile } from 'node:fs/promises';
+import { dirname } from 'node:path';
+import { configPath } from './paths.js';
+const EMPTY_STORE = { schemaVersion: 1, credentials: {} };
+export function defaultCloudflareOAuthStorePath() {
+    const override = process.env.HSX_CLOUDFLARE_OAUTH_STORE_PATH;
+    if (override && override.length > 0)
+        return override;
+    return configPath('cloudflare-oauth.json');
+}
+async function loadCloudflareOAuthStore(path = defaultCloudflareOAuthStorePath()) {
+    try {
+        const raw = await readFile(path, 'utf8');
+        const parsed = JSON.parse(raw);
+        const credentials = {};
+        if (parsed.credentials && typeof parsed.credentials === 'object') {
+            for (const [id, value] of Object.entries(parsed.credentials)) {
+                if (!isCredential(value))
+                    continue;
+                credentials[id] = value;
+            }
+        }
+        return { schemaVersion: 1, credentials };
+    }
+    catch {
+        return EMPTY_STORE;
+    }
+}
+export async function saveCloudflareOAuthCredential(cloudflareAccountId, credential, options = {}) {
+    const path = options.path ?? defaultCloudflareOAuthStorePath();
+    const store = await loadCloudflareOAuthStore(path);
+    const updatedAt = (options.now ? options.now() : new Date()).toISOString();
+    const next = {
+        schemaVersion: 1,
+        credentials: {
+            ...store.credentials,
+            [cloudflareAccountId]: { ...credential, updatedAt },
+        },
+    };
+    await mkdir(dirname(path), { recursive: true });
+    await writeFile(path, `${JSON.stringify(next, null, 2)}\n`, 'utf8');
+    // refresh tokens are bearer-equivalent — restrict file perms
+    try {
+        await chmod(path, 0o600);
+    }
+    catch {
+        // best-effort on platforms without POSIX perms
+    }
+    return next;
+}
+export async function getCloudflareOAuthCredential(cloudflareAccountId, path = defaultCloudflareOAuthStorePath()) {
+    const store = await loadCloudflareOAuthStore(path);
+    return store.credentials[cloudflareAccountId];
+}
+function isCredential(value) {
+    if (!value || typeof value !== 'object')
+        return false;
+    const v = value;
+    return (typeof v.refreshToken === 'string' &&
+        v.refreshToken.length > 0 &&
+        typeof v.updatedAt === 'string' &&
+        (v.scope === undefined || typeof v.scope === 'string'));
+}
+//# sourceMappingURL=cloudflare-oauth-store.js.map

package/dist/cloudflare-oauth-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-oauth-store.js","sourceRoot":"","sources":["../src/cloudflare-oauth-store.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,qEAAqE;AACrE,2BAA2B;AAC3B,EAAE;AACF,uEAAuE;AACvE,EAAE;AACF,MAAM;AACN,0BAA0B;AAC1B,uBAAuB;AACvB,mCAAmC;AACnC,iCAAiC;AACjC,0BAA0B;AAC1B,6BAA6B;AAC7B,UAAU;AACV,QAAQ;AACR,MAAM;AAEN,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAaxC,MAAM,WAAW,GAAyB,EAAE,aAAa,EAAE,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;AAEhF,MAAM,UAAU,+BAA+B;IAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC;IAC7D,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACrD,OAAO,UAAU,CAAC,uBAAuB,CAAC,CAAC;AAC7C,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,OAAe,+BAA+B,EAAE;IAEhD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAE5B,CAAC;QACF,MAAM,WAAW,GAA8C,EAAE,CAAC;QAClE,IAAI,MAAM,CAAC,WAAW,IAAI,OAAO,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACjE,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CACtC,MAAM,CAAC,WAAsC,CAC9C,EAAE,CAAC;gBACF,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC;oBAAE,SAAS;gBACnC,WAAW,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC;YAC1B,CAAC;QACH,CAAC;QACD,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,WAAW,CAAC;IACrB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,mBAA2B,EAC3B,UAAwD,EACxD,UAA+C,EAAE;IAEjD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,+BAA+B,EAAE,CAAC;IAC/D,MAAM,KAAK,GAAG,MAAM,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAC3E,MAAM,IAAI,GAAyB;QACjC,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE;YACX,GAAG,KAAK,CAAC,WAAW;YACpB,CAAC,mBAAmB,CAAC,EAAE,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE;SACpD;KACF,CAAC;IACF,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,SAAS,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACpE,6DAA6D;IAC7D,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,+CAA+C;IACjD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,mBAA2B,EAC3B,OAAe,+BAA+B,EAAE;IAEhD,MAAM,KAAK,GAAG,MAAM,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACnD,OAAO,KAAK,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACtD,MAAM,CAAC,GAAG,KAAgC,CAAC;IAC3C,OAAO,CACL,OAAO,CAAC,CAAC,YAAY,KAAK,QAAQ;QAClC,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;QACzB,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAC/B,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,CAAC,CACvD,CAAC;AACJ,CAAC"}