npm - @kavachos/fastify - Versions diffs - 0.0.2 → 0.0.4 - Mend

@kavachos/fastify 0.0.2 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+import { FastifyInstance } from 'fastify';
+import { Kavach } from 'kavachos';
+import { McpAuthModule } from 'kavachos/mcp';
+interface KavachFastifyOptions {
+    /**
+     * The MCP OAuth 2.1 module. When provided, MCP endpoints are enabled.
+     */
+    mcp?: McpAuthModule;
+}
+/**
+ * Create a Fastify plugin that registers all KavachOS REST API routes.
+ *
+ * @example
+ * ```typescript
+ * import Fastify from 'fastify';
+ * import { createKavach } from 'kavachos';
+ * import { kavachFastify } from '@kavachos/fastify';
+ *
+ * const app = Fastify();
+ * const kavach = createKavach({ database: { provider: 'sqlite', url: 'kavach.db' } });
+ *
+ * await app.register(kavachFastify(kavach), { prefix: '/api/kavach' });
+ * await app.listen({ port: 3000 });
+ * ```
+ *
+ * With MCP OAuth 2.1:
+ * ```typescript
+ * import { createMcpModule } from 'kavachos/mcp';
+ * const mcp = createMcpModule({ ... });
+ * await app.register(kavachFastify(kavach, { mcp }), { prefix: '/api/kavach' });
+ * ```
+ */
+declare function kavachFastify(kavach: Kavach, options?: KavachFastifyOptions): (fastify: FastifyInstance) => Promise<void>;
+export { type KavachFastifyOptions, kavachFastify };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,523 @@
+import { z } from 'zod';
+// src/adapter.ts
+var PermissionConstraintsSchema = z.object({
+  maxCallsPerHour: z.number().int().positive().optional(),
+  allowedArgPatterns: z.array(z.string()).optional(),
+  requireApproval: z.boolean().optional(),
+  timeWindow: z.object({
+    start: z.string(),
+    end: z.string()
+  }).optional(),
+  ipAllowlist: z.array(z.string()).optional()
+});
+var PermissionSchema = z.object({
+  resource: z.string().min(1),
+  actions: z.array(z.string().min(1)).min(1),
+  constraints: PermissionConstraintsSchema.optional()
+});
+var CreateAgentSchema = z.object({
+  ownerId: z.string().min(1),
+  name: z.string().min(1),
+  type: z.enum(["autonomous", "delegated", "service"]),
+  permissions: z.array(PermissionSchema).min(1),
+  expiresAt: z.coerce.date().optional(),
+  metadata: z.record(z.unknown()).optional()
+});
+var UpdateAgentSchema = z.object({
+  name: z.string().min(1).optional(),
+  permissions: z.array(PermissionSchema).optional(),
+  expiresAt: z.coerce.date().optional(),
+  metadata: z.record(z.unknown()).optional()
+});
+var AuthorizeSchema = z.object({
+  agentId: z.string().min(1),
+  action: z.string().min(1),
+  resource: z.string().min(1),
+  arguments: z.record(z.unknown()).optional()
+});
+var AuthorizeByTokenSchema = z.object({
+  action: z.string().min(1),
+  resource: z.string().min(1),
+  arguments: z.record(z.unknown()).optional()
+});
+var DelegateSchema = z.object({
+  fromAgent: z.string().min(1),
+  toAgent: z.string().min(1),
+  permissions: z.array(PermissionSchema).min(1),
+  expiresAt: z.coerce.date(),
+  maxDepth: z.number().int().positive().optional()
+});
+function sendOk(reply, data, status = 200) {
+  return reply.status(status).header("Content-Type", "application/json").send({ data });
+}
+function sendCreated(reply, data) {
+  return sendOk(reply, data, 201);
+}
+function sendError(reply, code, message, status) {
+  return reply.status(status).header("Content-Type", "application/json").send({ error: { code, message } });
+}
+function sendBadRequest(reply, message) {
+  return sendError(reply, "BAD_REQUEST", message, 400);
+}
+function sendUnauthorized(reply, message = "Unauthorized") {
+  return sendError(reply, "UNAUTHORIZED", message, 401);
+}
+function sendNotFound(reply, message = "Not found") {
+  return sendError(reply, "NOT_FOUND", message, 404);
+}
+function sendInternalError(reply, message = "Internal server error") {
+  return sendError(reply, "INTERNAL_ERROR", message, 500);
+}
+function sendValidationError(reply, issues) {
+  const message = issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ");
+  return sendBadRequest(reply, `Validation failed: ${message}`);
+}
+var MCP_CORS_HEADERS = {
+  "Access-Control-Allow-Origin": "*",
+  "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
+  "Access-Control-Allow-Headers": "Content-Type, Authorization",
+  "Access-Control-Max-Age": "86400"
+};
+function applyMcpCors(reply) {
+  for (const [key, value] of Object.entries(MCP_CORS_HEADERS)) {
+    reply.header(key, value);
+  }
+  return reply;
+}
+function sendMcpOk(reply, data, status = 200) {
+  return applyMcpCors(reply).status(status).header("Content-Type", "application/json").send(data);
+}
+function sendMcpError(reply, code, message, status) {
+  return applyMcpCors(reply).status(status).header("Content-Type", "application/json").send({ error: code, error_description: message });
+}
+function sendMcpNoStore(reply, data, status = 200) {
+  return applyMcpCors(reply).status(status).header("Content-Type", "application/json").header("Cache-Control", "no-store").header("Pragma", "no-cache").send(data);
+}
+function buildAuditFilter(query) {
+  const q = query;
+  const filter = {};
+  if (q.agentId) filter.agentId = q.agentId;
+  if (q.userId) filter.userId = q.userId;
+  if (q.since) {
+    const d = new Date(q.since);
+    if (!Number.isNaN(d.getTime())) filter.since = d;
+  }
+  if (q.until) {
+    const d = new Date(q.until);
+    if (!Number.isNaN(d.getTime())) filter.until = d;
+  }
+  if (q.actions) {
+    filter.actions = q.actions.split(",").map((a) => a.trim());
+  }
+  const resultRaw = q.result;
+  if (resultRaw === "allowed" || resultRaw === "denied" || resultRaw === "rate_limited") {
+    filter.result = resultRaw;
+  }
+  if (q.limit) {
+    const n = Number.parseInt(q.limit, 10);
+    if (!Number.isNaN(n) && n > 0) filter.limit = n;
+  }
+  if (q.offset) {
+    const n = Number.parseInt(q.offset, 10);
+    if (!Number.isNaN(n) && n >= 0) filter.offset = n;
+  }
+  return filter;
+}
+function kavachFastify(kavach, options) {
+  const mcp = options?.mcp;
+  return async function plugin(fastify) {
+    fastify.options("/mcp/*", (_request, reply) => {
+      return reply.status(204).headers(MCP_CORS_HEADERS).send();
+    });
+    fastify.options("/.well-known/*", (_request, reply) => {
+      return reply.status(204).headers(MCP_CORS_HEADERS).send();
+    });
+    fastify.post("/agents", async (request, reply) => {
+      const parsed = CreateAgentSchema.safeParse(request.body);
+      if (!parsed.success) return sendValidationError(reply, parsed.error.issues);
+      try {
+        const input = {
+          ...parsed.data,
+          permissions: parsed.data.permissions
+        };
+        const agent = await kavach.agent.create(input);
+        return sendCreated(reply, agent);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to create agent";
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.get("/agents", async (request, reply) => {
+      const q = request.query;
+      const filter = {};
+      if (q.userId) filter.userId = q.userId;
+      const statusRaw = q.status;
+      if (statusRaw === "active" || statusRaw === "revoked" || statusRaw === "expired") {
+        filter.status = statusRaw;
+      }
+      const typeRaw = q.type;
+      if (typeRaw === "autonomous" || typeRaw === "delegated" || typeRaw === "service") {
+        filter.type = typeRaw;
+      }
+      try {
+        const agents = await kavach.agent.list(filter);
+        return sendOk(reply, agents);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to list agents";
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.get("/agents/:id", async (request, reply) => {
+      const { id } = request.params;
+      try {
+        const agent = await kavach.agent.get(id);
+        if (!agent) return sendNotFound(reply, `Agent "${id}" not found`);
+        return sendOk(reply, agent);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to get agent";
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.patch("/agents/:id", async (request, reply) => {
+      const { id } = request.params;
+      const parsed = UpdateAgentSchema.safeParse(request.body);
+      if (!parsed.success) return sendValidationError(reply, parsed.error.issues);
+      try {
+        const input = {
+          ...parsed.data,
+          permissions: parsed.data.permissions
+        };
+        const agent = await kavach.agent.update(id, input);
+        return sendOk(reply, agent);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to update agent";
+        if (message.includes("not found")) return sendNotFound(reply, message);
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.delete("/agents/:id", async (request, reply) => {
+      const { id } = request.params;
+      try {
+        await kavach.agent.revoke(id);
+        return reply.status(204).send();
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to revoke agent";
+        if (message.includes("not found")) return sendNotFound(reply, message);
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.post("/agents/:id/rotate", async (request, reply) => {
+      const { id } = request.params;
+      try {
+        const agent = await kavach.agent.rotate(id);
+        return sendOk(reply, agent);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to rotate agent token";
+        if (message.includes("not found")) return sendNotFound(reply, message);
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.post("/authorize", async (request, reply) => {
+      const parsed = AuthorizeSchema.safeParse(request.body);
+      if (!parsed.success) return sendValidationError(reply, parsed.error.issues);
+      try {
+        const xForwardedFor = request.headers["x-forwarded-for"];
+        const ip = (Array.isArray(xForwardedFor) ? xForwardedFor[0] : xForwardedFor?.split(",")[0]?.trim()) ?? request.ip ?? void 0;
+        const userAgent = (Array.isArray(request.headers["user-agent"]) ? request.headers["user-agent"][0] : request.headers["user-agent"]) ?? void 0;
+        const result = await kavach.authorize(
+          parsed.data.agentId,
+          {
+            action: parsed.data.action,
+            resource: parsed.data.resource,
+            arguments: parsed.data.arguments
+          },
+          { ip, userAgent }
+        );
+        const status = result.allowed ? 200 : 403;
+        return reply.status(status).header("Content-Type", "application/json").send({ data: result });
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Authorization check failed";
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.post("/authorize/token", async (request, reply) => {
+      const authHeader = request.headers.authorization;
+      if (!authHeader?.startsWith("Bearer ")) {
+        return sendUnauthorized(reply, "Missing or invalid Authorization header");
+      }
+      const token = authHeader.slice(7);
+      const parsed = AuthorizeByTokenSchema.safeParse(request.body);
+      if (!parsed.success) return sendValidationError(reply, parsed.error.issues);
+      try {
+        const xForwardedFor = request.headers["x-forwarded-for"];
+        const ip = (Array.isArray(xForwardedFor) ? xForwardedFor[0] : xForwardedFor?.split(",")[0]?.trim()) ?? request.ip ?? void 0;
+        const userAgent = (Array.isArray(request.headers["user-agent"]) ? request.headers["user-agent"][0] : request.headers["user-agent"]) ?? void 0;
+        const result = await kavach.authorizeByToken(
+          token,
+          {
+            action: parsed.data.action,
+            resource: parsed.data.resource,
+            arguments: parsed.data.arguments
+          },
+          { ip, userAgent }
+        );
+        const status = result.allowed ? 200 : 403;
+        return reply.status(status).header("Content-Type", "application/json").send({ data: result });
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Authorization check failed";
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.post("/delegations", async (request, reply) => {
+      const parsed = DelegateSchema.safeParse(request.body);
+      if (!parsed.success) return sendValidationError(reply, parsed.error.issues);
+      try {
+        const input = {
+          ...parsed.data,
+          permissions: parsed.data.permissions
+        };
+        const chain = await kavach.delegate(input);
+        return sendCreated(reply, chain);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to create delegation";
+        if (message.includes("not found")) return sendNotFound(reply, message);
+        if (message.includes("exceeds") || message.includes("depth"))
+          return sendBadRequest(reply, message);
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.delete("/delegations/:id", async (request, reply) => {
+      const { id } = request.params;
+      try {
+        await kavach.delegation.revoke(id);
+        return reply.status(204).send();
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to revoke delegation";
+        if (message.includes("not found")) return sendNotFound(reply, message);
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.get(
+      "/delegations/:agentId",
+      async (request, reply) => {
+        const { agentId } = request.params;
+        try {
+          const chains = await kavach.delegation.listChains(agentId);
+          return sendOk(reply, chains);
+        } catch (err) {
+          const message = err instanceof Error ? err.message : "Failed to list delegation chains";
+          return sendInternalError(reply, message);
+        }
+      }
+    );
+    fastify.get("/audit/export", async (request, reply) => {
+      const q = request.query;
+      const format = q.format ?? "json";
+      if (format !== "json" && format !== "csv") {
+        return sendBadRequest(reply, 'format must be "json" or "csv"');
+      }
+      const options2 = { format };
+      if (q.since) {
+        const d = new Date(q.since);
+        if (!Number.isNaN(d.getTime())) options2.since = d;
+      }
+      if (q.until) {
+        const d = new Date(q.until);
+        if (!Number.isNaN(d.getTime())) options2.until = d;
+      }
+      try {
+        const exported = await kavach.audit.export(options2);
+        const contentType = format === "csv" ? "text/csv" : "application/json";
+        return reply.status(200).header("Content-Type", contentType).header("Content-Disposition", `attachment; filename="audit-export.${format}"`).send(exported);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to export audit logs";
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.get("/audit", async (request, reply) => {
+      const filter = buildAuditFilter(request.query);
+      try {
+        const entries = await kavach.audit.query(filter);
+        return sendOk(reply, entries);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to query audit logs";
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.get("/dashboard/stats", async (_request, reply) => {
+      try {
+        const [agents, recentAudit] = await Promise.all([
+          kavach.agent.list(),
+          kavach.audit.query({
+            since: new Date(Date.now() - 24 * 60 * 60 * 1e3),
+            limit: 1e3
+          })
+        ]);
+        const ownerIds = new Set(agents.map((a) => a.ownerId));
+        const activeAgents = agents.filter((a) => a.status === "active");
+        const revokedAgents = agents.filter((a) => a.status === "revoked");
+        const expiredAgents = agents.filter((a) => a.status === "expired");
+        const stats = {
+          agents: {
+            total: agents.length,
+            active: activeAgents.length,
+            revoked: revokedAgents.length,
+            expired: expiredAgents.length
+          },
+          users: {
+            total: ownerIds.size
+          },
+          audit: {
+            last24h: recentAudit.length,
+            allowed: recentAudit.filter((e) => e.result === "allowed").length,
+            denied: recentAudit.filter((e) => e.result === "denied").length,
+            rateLimited: recentAudit.filter((e) => e.result === "rate_limited").length
+          }
+        };
+        return sendOk(reply, stats);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to fetch dashboard stats";
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.get("/dashboard/agents", async (request, reply) => {
+      const q = request.query;
+      const filter = {};
+      if (q.userId) filter.userId = q.userId;
+      const statusRaw = q.status;
+      if (statusRaw === "active" || statusRaw === "revoked" || statusRaw === "expired") {
+        filter.status = statusRaw;
+      }
+      const typeRaw = q.type;
+      if (typeRaw === "autonomous" || typeRaw === "delegated" || typeRaw === "service") {
+        filter.type = typeRaw;
+      }
+      try {
+        const agents = await kavach.agent.list(filter);
+        return sendOk(reply, agents);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to list agents";
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.get("/dashboard/audit", async (request, reply) => {
+      const filter = buildAuditFilter(request.query);
+      try {
+        const entries = await kavach.audit.query(filter);
+        return sendOk(reply, entries);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Failed to query audit logs";
+        return sendInternalError(reply, message);
+      }
+    });
+    fastify.get("/.well-known/oauth-authorization-server", (_request, reply) => {
+      if (!mcp) return sendNotFound(reply, "MCP module not configured");
+      const metadata = mcp.getMetadata();
+      return sendMcpOk(reply, metadata);
+    });
+    fastify.get("/.well-known/oauth-protected-resource", (_request, reply) => {
+      if (!mcp) return sendNotFound(reply, "MCP module not configured");
+      const metadata = mcp.getProtectedResourceMetadata();
+      return sendMcpOk(reply, metadata);
+    });
+    fastify.post("/mcp/register", async (request, reply) => {
+      if (!mcp) return sendNotFound(reply, "MCP module not configured");
+      try {
+        const result = await mcp.registerClient(
+          request.body
+        );
+        if (!result.success) {
+          return sendMcpError(reply, "invalid_client_metadata", result.error.message, 400);
+        }
+        return sendMcpNoStore(reply, result.data, 201);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Registration failed";
+        return sendMcpError(reply, "server_error", message, 500);
+      }
+    });
+    fastify.get("/mcp/authorize", async (request, reply) => {
+      if (!mcp) return sendNotFound(reply, "MCP module not configured");
+      try {
+        const url = `${request.protocol}://${request.hostname}${request.url}`;
+        const webRequest = new Request(url, {
+          method: "GET",
+          headers: request.headers
+        });
+        const result = await mcp.authorize(webRequest);
+        if (!result.success) {
+          if (result.error.code === "LOGIN_REQUIRED") {
+            const details = result.error.details;
+            if (details?.loginPage) {
+              const loginUrl = new URL(details.loginPage);
+              if (details.returnTo) {
+                loginUrl.searchParams.set("returnTo", details.returnTo);
+              }
+              return reply.redirect(loginUrl.toString(), 302);
+            }
+          }
+          return sendMcpError(reply, result.error.code.toLowerCase(), result.error.message, 400);
+        }
+        return reply.redirect(result.data.redirectUri, 302);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Authorization failed";
+        return sendMcpError(reply, "server_error", message, 500);
+      }
+    });
+    for (const endpoint of kavach.plugins.getEndpoints()) {
+      const method = endpoint.method.toLowerCase();
+      fastify[method](endpoint.path, async (request, reply) => {
+        const url = `${request.protocol}://${request.hostname}${request.url}`;
+        const headers = new Headers(request.headers);
+        const hasBody = request.method !== "GET" && request.method !== "HEAD";
+        const body = hasBody && request.body !== void 0 ? JSON.stringify(request.body) : void 0;
+        const webReq = new Request(url, { method: request.method, headers, body });
+        const response = await kavach.plugins.handleRequest(webReq);
+        if (!response) {
+          return sendNotFound(reply, "Plugin endpoint not found");
+        }
+        reply.status(response.status);
+        response.headers.forEach((value, key) => {
+          reply.header(key, value);
+        });
+        const text = await response.text();
+        return reply.send(text);
+      });
+    }
+    fastify.post("/mcp/token", async (request, reply) => {
+      if (!mcp) return sendNotFound(reply, "MCP module not configured");
+      try {
+        const url = `${request.protocol}://${request.hostname}${request.url}`;
+        const body = JSON.stringify(request.body);
+        const webRequest = new Request(url, {
+          method: "POST",
+          headers: {
+            ...request.headers,
+            "Content-Type": "application/json"
+          },
+          body
+        });
+        const result = await mcp.token(webRequest);
+        if (!result.success) {
+          const status = result.error.code === "INVALID_CLIENT" ? 401 : 400;
+          return sendMcpNoStore(
+            reply,
+            {
+              error: result.error.code.toLowerCase(),
+              error_description: result.error.message
+            },
+            status
+          );
+        }
+        return sendMcpNoStore(reply, result.data);
+      } catch (err) {
+        const message = err instanceof Error ? err.message : "Token exchange failed";
+        return sendMcpNoStore(reply, { error: "server_error", error_description: message }, 500);
+      }
+    });
+  };
+}
+export { kavachFastify };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/adapter.ts"],"names":["options"],"mappings":";;;AAeA,IAAM,2BAAA,GAA8B,EAAE,MAAA,CAAO;AAAA,EAC5C,eAAA,EAAiB,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACtD,oBAAoB,CAAA,CAAE,KAAA,CAAM,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EACjD,eAAA,EAAiB,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EACtC,UAAA,EAAY,EACV,MAAA,CAAO;AAAA,IACP,KAAA,EAAO,EAAE,MAAA,EAAO;AAAA,IAChB,GAAA,EAAK,EAAE,MAAA;AAAO,GACd,EACA,QAAA,EAAS;AAAA,EACX,aAAa,CAAA,CAAE,KAAA,CAAM,EAAE,MAAA,EAAQ,EAAE,QAAA;AAClC,CAAC,CAAA;AAED,IAAM,gBAAA,GAAmB,EAAE,MAAA,CAAO;AAAA,EACjC,QAAA,EAAU,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC1B,OAAA,EAAS,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA;AAAA,EACzC,WAAA,EAAa,4BAA4B,QAAA;AAC1C,CAAC,CAAA;AAED,IAAM,iBAAA,GAAoB,EAAE,MAAA,CAAO;AAAA,EAClC,OAAA,EAAS,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACzB,IAAA,EAAM,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,MAAM,CAAA,CAAE,IAAA,CAAK,CAAC,YAAA,EAAc,WAAA,EAAa,SAAS,CAAC,CAAA;AAAA,EACnD,aAAa,CAAA,CAAE,KAAA,CAAM,gBAAgB,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAC5C,SAAA,EAAW,CAAA,CAAE,MAAA,CAAO,IAAA,GAAO,QAAA,EAAS;AAAA,EACpC,UAAU,CAAA,CAAE,MAAA,CAAO,EAAE,OAAA,EAAS,EAAE,QAAA;AACjC,CAAC,CAAA;AAED,IAAM,iBAAA,GAAoB,EAAE,MAAA,CAAO;AAAA,EAClC,MAAM,CAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACjC,WAAA,EAAa,CAAA,CAAE,KAAA,CAAM,gBAAgB,EAAE,QAAA,EAAS;AAAA,EAChD,SAAA,EAAW,CAAA,CAAE,MAAA,CAAO,IAAA,GAAO,QAAA,EAAS;AAAA,EACpC,UAAU,CAAA,CAAE,MAAA,CAAO,EAAE,OAAA,EAAS,EAAE,QAAA;AACjC,CAAC,CAAA;AAED,IAAM,eAAA,GAAkB,EAAE,MAAA,CAAO;AAAA,EAChC,OAAA,EAAS,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACzB,MAAA,EAAQ,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACxB,QAAA,EAAU,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC1B,WAAW,CAAA,CAAE,MAAA,CAAO,EAAE,OAAA,EAAS,EAAE,QAAA;AAClC,CAAC,CAAA;AAED,IAAM,sBAAA,GAAyB,EAAE,MAAA,CAAO;AAAA,EACvC,MAAA,EAAQ,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACxB,QAAA,EAAU,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC1B,WAAW,CAAA,CAAE,MAAA,CAAO,EAAE,OAAA,EAAS,EAAE,QAAA;AAClC,CAAC,CAAA;AAED,IAAM,cAAA,GAAiB,EAAE,MAAA,CAAO;AAAA,EAC/B,SAAA,EAAW,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,OAAA,EAAS,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACzB,aAAa,CAAA,CAAE,KAAA,CAAM,gBAAgB,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAC5C,SAAA,EAAW,CAAA,CAAE,MAAA,CAAO,IAAA,EAAK;AAAA,EACzB,QAAA,EAAU,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA;AACvC,CAAC,CAAA;AAID,SAAS,MAAA,CAAU,KAAA,EAAqB,IAAA,EAAS,MAAA,GAAS,GAAA,EAAmB;AAC5E,EAAA,OAAO,KAAA,CAAM,MAAA,CAAO,MAAM,CAAA,CAAE,MAAA,CAAO,cAAA,EAAgB,kBAAkB,CAAA,CAAE,IAAA,CAAK,EAAE,IAAA,EAAM,CAAA;AACrF;AAEA,SAAS,WAAA,CAAe,OAAqB,IAAA,EAAuB;AACnE,EAAA,OAAO,MAAA,CAAO,KAAA,EAAO,IAAA,EAAM,GAAG,CAAA;AAC/B;AAEA,SAAS,SAAA,CACR,KAAA,EACA,IAAA,EACA,OAAA,EACA,MAAA,EACe;AACf,EAAA,OAAO,KAAA,CACL,MAAA,CAAO,MAAM,CAAA,CACb,OAAO,cAAA,EAAgB,kBAAkB,CAAA,CACzC,IAAA,CAAK,EAAE,KAAA,EAAO,EAAE,IAAA,EAAM,OAAA,IAAW,CAAA;AACpC;AAEA,SAAS,cAAA,CAAe,OAAqB,OAAA,EAA+B;AAC3E,EAAA,OAAO,SAAA,CAAU,KAAA,EAAO,aAAA,EAAe,OAAA,EAAS,GAAG,CAAA;AACpD;AAEA,SAAS,gBAAA,CAAiB,KAAA,EAAqB,OAAA,GAAU,cAAA,EAA8B;AACtF,EAAA,OAAO,SAAA,CAAU,KAAA,EAAO,cAAA,EAAgB,OAAA,EAAS,GAAG,CAAA;AACrD;AAEA,SAAS,YAAA,CAAa,KAAA,EAAqB,OAAA,GAAU,WAAA,EAA2B;AAC/E,EAAA,OAAO,SAAA,CAAU,KAAA,EAAO,WAAA,EAAa,OAAA,EAAS,GAAG,CAAA;AAClD;AAEA,SAAS,iBAAA,CAAkB,KAAA,EAAqB,OAAA,GAAU,uBAAA,EAAuC;AAChG,EAAA,OAAO,SAAA,CAAU,KAAA,EAAO,gBAAA,EAAkB,OAAA,EAAS,GAAG,CAAA;AACvD;AAEA,SAAS,mBAAA,CAAoB,OAAqB,MAAA,EAAoC;AACrF,EAAA,MAAM,UAAU,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,GAAG,CAAA,CAAE,IAAA,CAAK,IAAA,CAAK,GAAG,CAAC,CAAA,EAAA,EAAK,CAAA,CAAE,OAAO,CAAA,CAAE,CAAA,CAAE,KAAK,IAAI,CAAA;AAChF,EAAA,OAAO,cAAA,CAAe,KAAA,EAAO,CAAA,mBAAA,EAAsB,OAAO,CAAA,CAAE,CAAA;AAC7D;AAIA,IAAM,gBAAA,GAA2C;AAAA,EAChD,6BAAA,EAA+B,GAAA;AAAA,EAC/B,8BAAA,EAAgC,oBAAA;AAAA,EAChC,8BAAA,EAAgC,6BAAA;AAAA,EAChC,wBAAA,EAA0B;AAC3B,CAAA;AAEA,SAAS,aAAa,KAAA,EAAmC;AACxD,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,gBAAgB,CAAA,EAAG;AAC5D,IAAA,KAAA,CAAM,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,EACxB;AACA,EAAA,OAAO,KAAA;AACR;AAEA,SAAS,SAAA,CAAa,KAAA,EAAqB,IAAA,EAAS,MAAA,GAAS,GAAA,EAAmB;AAC/E,EAAA,OAAO,YAAA,CAAa,KAAK,CAAA,CAAE,MAAA,CAAO,MAAM,CAAA,CAAE,MAAA,CAAO,cAAA,EAAgB,kBAAkB,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AAC/F;AAEA,SAAS,YAAA,CACR,KAAA,EACA,IAAA,EACA,OAAA,EACA,MAAA,EACe;AACf,EAAA,OAAO,aAAa,KAAK,CAAA,CACvB,MAAA,CAAO,MAAM,EACb,MAAA,CAAO,cAAA,EAAgB,kBAAkB,CAAA,CACzC,KAAK,EAAE,KAAA,EAAO,IAAA,EAAM,iBAAA,EAAmB,SAAS,CAAA;AACnD;AAEA,SAAS,cAAA,CAAkB,KAAA,EAAqB,IAAA,EAAS,MAAA,GAAS,GAAA,EAAmB;AACpF,EAAA,OAAO,aAAa,KAAK,CAAA,CACvB,OAAO,MAAM,CAAA,CACb,OAAO,cAAA,EAAgB,kBAAkB,EACzC,MAAA,CAAO,eAAA,EAAiB,UAAU,CAAA,CAClC,MAAA,CAAO,UAAU,UAAU,CAAA,CAC3B,KAAK,IAAI,CAAA;AACZ;AAIA,SAAS,iBAAiB,KAAA,EAA6C;AACtE,EAAA,MAAM,CAAA,GAAI,KAAA;AACV,EAAA,MAAM,SAAsB,EAAC;AAE7B,EAAA,IAAI,CAAA,CAAE,OAAA,EAAS,MAAA,CAAO,OAAA,GAAU,CAAA,CAAE,OAAA;AAClC,EAAA,IAAI,CAAA,CAAE,MAAA,EAAQ,MAAA,CAAO,MAAA,GAAS,CAAA,CAAE,MAAA;AAEhC,EAAA,IAAI,EAAE,KAAA,EAAO;AACZ,IAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,CAAA,CAAE,KAAK,CAAA;AAC1B,IAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAA,CAAE,SAAS,CAAA,SAAU,KAAA,GAAQ,CAAA;AAAA,EAChD;AACA,EAAA,IAAI,EAAE,KAAA,EAAO;AACZ,IAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,CAAA,CAAE,KAAK,CAAA;AAC1B,IAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAA,CAAE,SAAS,CAAA,SAAU,KAAA,GAAQ,CAAA;AAAA,EAChD;AACA,EAAA,IAAI,EAAE,OAAA,EAAS;AACd,IAAA,MAAA,CAAO,OAAA,GAAU,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,IAAA,EAAM,CAAA;AAAA,EAC1D;AACA,EAAA,MAAM,YAAY,CAAA,CAAE,MAAA;AACpB,EAAA,IAAI,SAAA,KAAc,SAAA,IAAa,SAAA,KAAc,QAAA,IAAY,cAAc,cAAA,EAAgB;AACtF,IAAA,MAAA,CAAO,MAAA,GAAS,SAAA;AAAA,EACjB;AACA,EAAA,IAAI,EAAE,KAAA,EAAO;AACZ,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,QAAA,CAAS,CAAA,CAAE,OAAO,EAAE,CAAA;AACrC,IAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAC,KAAK,CAAA,GAAI,CAAA,SAAU,KAAA,GAAQ,CAAA;AAAA,EAC/C;AACA,EAAA,IAAI,EAAE,MAAA,EAAQ;AACb,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,QAAA,CAAS,CAAA,CAAE,QAAQ,EAAE,CAAA;AACtC,IAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAC,KAAK,CAAA,IAAK,CAAA,SAAU,MAAA,GAAS,CAAA;AAAA,EACjD;AAEA,EAAA,OAAO,MAAA;AACR;AA2CO,SAAS,aAAA,CAAc,QAAgB,OAAA,EAAgC;AAC7E,EAAA,MAAM,MAAM,OAAA,EAAS,GAAA;AAErB,EAAA,OAAO,eAAe,OAAO,OAAA,EAAyC;AAGrE,IAAA,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,CAAC,QAAA,EAAU,KAAA,KAAU;AAC9C,MAAA,OAAO,MAAM,MAAA,CAAO,GAAG,EAAE,OAAA,CAAQ,gBAAgB,EAAE,IAAA,EAAK;AAAA,IACzD,CAAC,CAAA;AAED,IAAA,OAAA,CAAQ,OAAA,CAAQ,gBAAA,EAAkB,CAAC,QAAA,EAAU,KAAA,KAAU;AACtD,MAAA,OAAO,MAAM,MAAA,CAAO,GAAG,EAAE,OAAA,CAAQ,gBAAgB,EAAE,IAAA,EAAK;AAAA,IACzD,CAAC,CAAA;AAKD,IAAA,OAAA,CAAQ,IAAA,CAAK,SAAA,EAAW,OAAO,OAAA,EAAS,KAAA,KAAU;AACjD,MAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA;AACvD,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS,OAAO,oBAAoB,KAAA,EAAO,MAAA,CAAO,MAAM,MAAM,CAAA;AAE1E,MAAA,IAAI;AACH,QAAA,MAAM,KAAA,GAA0B;AAAA,UAC/B,GAAG,MAAA,CAAO,IAAA;AAAA,UACV,WAAA,EAAa,OAAO,IAAA,CAAK;AAAA,SAC1B;AACA,QAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,KAAA,CAAM,OAAO,KAAK,CAAA;AAC7C,QAAA,OAAO,WAAA,CAAY,OAAO,KAAK,CAAA;AAAA,MAChC,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,wBAAA;AACrD,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,GAAA,CAAI,SAAA,EAAW,OAAO,OAAA,EAAS,KAAA,KAAU;AAChD,MAAA,MAAM,IAAI,OAAA,CAAQ,KAAA;AAClB,MAAA,MAAM,SAAsB,EAAC;AAE7B,MAAA,IAAI,CAAA,CAAE,MAAA,EAAQ,MAAA,CAAO,MAAA,GAAS,CAAA,CAAE,MAAA;AAChC,MAAA,MAAM,YAAY,CAAA,CAAE,MAAA;AACpB,MAAA,IAAI,SAAA,KAAc,QAAA,IAAY,SAAA,KAAc,SAAA,IAAa,cAAc,SAAA,EAAW;AACjF,QAAA,MAAA,CAAO,MAAA,GAAS,SAAA;AAAA,MACjB;AACA,MAAA,MAAM,UAAU,CAAA,CAAE,IAAA;AAClB,MAAA,IAAI,OAAA,KAAY,YAAA,IAAgB,OAAA,KAAY,WAAA,IAAe,YAAY,SAAA,EAAW;AACjF,QAAA,MAAA,CAAO,IAAA,GAAO,OAAA;AAAA,MACf;AAEA,MAAA,IAAI;AACH,QAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,KAAA,CAAM,KAAK,MAAM,CAAA;AAC7C,QAAA,OAAO,MAAA,CAAO,OAAO,MAAM,CAAA;AAAA,MAC5B,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,uBAAA;AACrD,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,GAAA,CAAgC,aAAA,EAAe,OAAO,OAAA,EAAS,KAAA,KAAU;AAChF,MAAA,MAAM,EAAE,EAAA,EAAG,GAAI,OAAA,CAAQ,MAAA;AACvB,MAAA,IAAI;AACH,QAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,KAAA,CAAM,IAAI,EAAE,CAAA;AACvC,QAAA,IAAI,CAAC,KAAA,EAAO,OAAO,aAAa,KAAA,EAAO,CAAA,OAAA,EAAU,EAAE,CAAA,WAAA,CAAa,CAAA;AAChE,QAAA,OAAO,MAAA,CAAO,OAAO,KAAK,CAAA;AAAA,MAC3B,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,qBAAA;AACrD,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,KAAA,CAAkC,aAAA,EAAe,OAAO,OAAA,EAAS,KAAA,KAAU;AAClF,MAAA,MAAM,EAAE,EAAA,EAAG,GAAI,OAAA,CAAQ,MAAA;AACvB,MAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA;AACvD,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS,OAAO,oBAAoB,KAAA,EAAO,MAAA,CAAO,MAAM,MAAM,CAAA;AAE1E,MAAA,IAAI;AACH,QAAA,MAAM,KAAA,GAA0B;AAAA,UAC/B,GAAG,MAAA,CAAO,IAAA;AAAA,UACV,WAAA,EAAa,OAAO,IAAA,CAAK;AAAA,SAC1B;AACA,QAAA,MAAM,QAAQ,MAAM,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,IAAI,KAAK,CAAA;AACjD,QAAA,OAAO,MAAA,CAAO,OAAO,KAAK,CAAA;AAAA,MAC3B,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,wBAAA;AACrD,QAAA,IAAI,QAAQ,QAAA,CAAS,WAAW,GAAG,OAAO,YAAA,CAAa,OAAO,OAAO,CAAA;AACrE,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,MAAA,CAAmC,aAAA,EAAe,OAAO,OAAA,EAAS,KAAA,KAAU;AACnF,MAAA,MAAM,EAAE,EAAA,EAAG,GAAI,OAAA,CAAQ,MAAA;AACvB,MAAA,IAAI;AACH,QAAA,MAAM,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,EAAE,CAAA;AAC5B,QAAA,OAAO,KAAA,CAAM,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,EAAK;AAAA,MAC/B,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,wBAAA;AACrD,QAAA,IAAI,QAAQ,QAAA,CAAS,WAAW,GAAG,OAAO,YAAA,CAAa,OAAO,OAAO,CAAA;AACrE,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,IAAA,CAAiC,oBAAA,EAAsB,OAAO,OAAA,EAAS,KAAA,KAAU;AACxF,MAAA,MAAM,EAAE,EAAA,EAAG,GAAI,OAAA,CAAQ,MAAA;AACvB,MAAA,IAAI;AACH,QAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,KAAA,CAAM,OAAO,EAAE,CAAA;AAC1C,QAAA,OAAO,MAAA,CAAO,OAAO,KAAK,CAAA;AAAA,MAC3B,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,8BAAA;AACrD,QAAA,IAAI,QAAQ,QAAA,CAAS,WAAW,GAAG,OAAO,YAAA,CAAa,OAAO,OAAO,CAAA;AACrE,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAKD,IAAA,OAAA,CAAQ,IAAA,CAAK,YAAA,EAAc,OAAO,OAAA,EAAS,KAAA,KAAU;AACpD,MAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA;AACrD,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS,OAAO,oBAAoB,KAAA,EAAO,MAAA,CAAO,MAAM,MAAM,CAAA;AAE1E,MAAA,IAAI;AACH,QAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,iBAAiB,CAAA;AACvD,QAAA,MAAM,MACJ,KAAA,CAAM,OAAA,CAAQ,aAAa,CAAA,GACzB,cAAc,CAAC,CAAA,GACf,aAAA,EAAe,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,GAAG,IAAA,EAAK,KACtC,QAAQ,EAAA,IACR,KAAA,CAAA;AACD,QAAA,MAAM,aACJ,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAC,CAAA,GACzC,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA,CAAE,CAAC,IAC/B,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA,KAAM,KAAA,CAAA;AACtC,QAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,SAAA;AAAA,UAC3B,OAAO,IAAA,CAAK,OAAA;AAAA,UACZ;AAAA,YACC,MAAA,EAAQ,OAAO,IAAA,CAAK,MAAA;AAAA,YACpB,QAAA,EAAU,OAAO,IAAA,CAAK,QAAA;AAAA,YACtB,SAAA,EAAW,OAAO,IAAA,CAAK;AAAA,WACxB;AAAA,UACA,EAAE,IAAI,SAAA;AAAU,SACjB;AACA,QAAA,MAAM,MAAA,GAAS,MAAA,CAAO,OAAA,GAAU,GAAA,GAAM,GAAA;AACtC,QAAA,OAAO,KAAA,CACL,MAAA,CAAO,MAAM,CAAA,CACb,MAAA,CAAO,cAAA,EAAgB,kBAAkB,CAAA,CACzC,IAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,CAAA;AAAA,MACxB,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,4BAAA;AACrD,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,IAAA,CAAK,kBAAA,EAAoB,OAAO,OAAA,EAAS,KAAA,KAAU;AAC1D,MAAA,MAAM,UAAA,GAAa,QAAQ,OAAA,CAAQ,aAAA;AACnC,MAAA,IAAI,CAAC,UAAA,EAAY,UAAA,CAAW,SAAS,CAAA,EAAG;AACvC,QAAA,OAAO,gBAAA,CAAiB,OAAO,yCAAyC,CAAA;AAAA,MACzE;AACA,MAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA;AAEhC,MAAA,MAAM,MAAA,GAAS,sBAAA,CAAuB,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA;AAC5D,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS,OAAO,oBAAoB,KAAA,EAAO,MAAA,CAAO,MAAM,MAAM,CAAA;AAE1E,MAAA,IAAI;AACH,QAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,iBAAiB,CAAA;AACvD,QAAA,MAAM,MACJ,KAAA,CAAM,OAAA,CAAQ,aAAa,CAAA,GACzB,cAAc,CAAC,CAAA,GACf,aAAA,EAAe,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,GAAG,IAAA,EAAK,KACtC,QAAQ,EAAA,IACR,KAAA,CAAA;AACD,QAAA,MAAM,aACJ,KAAA,CAAM,OAAA,CAAQ,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAC,CAAA,GACzC,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA,CAAE,CAAC,IAC/B,OAAA,CAAQ,OAAA,CAAQ,YAAY,CAAA,KAAM,KAAA,CAAA;AACtC,QAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,gBAAA;AAAA,UAC3B,KAAA;AAAA,UACA;AAAA,YACC,MAAA,EAAQ,OAAO,IAAA,CAAK,MAAA;AAAA,YACpB,QAAA,EAAU,OAAO,IAAA,CAAK,QAAA;AAAA,YACtB,SAAA,EAAW,OAAO,IAAA,CAAK;AAAA,WACxB;AAAA,UACA,EAAE,IAAI,SAAA;AAAU,SACjB;AACA,QAAA,MAAM,MAAA,GAAS,MAAA,CAAO,OAAA,GAAU,GAAA,GAAM,GAAA;AACtC,QAAA,OAAO,KAAA,CACL,MAAA,CAAO,MAAM,CAAA,CACb,MAAA,CAAO,cAAA,EAAgB,kBAAkB,CAAA,CACzC,IAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,CAAA;AAAA,MACxB,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,4BAAA;AACrD,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAKD,IAAA,OAAA,CAAQ,IAAA,CAAK,cAAA,EAAgB,OAAO,OAAA,EAAS,KAAA,KAAU;AACtD,MAAA,MAAM,MAAA,GAAS,cAAA,CAAe,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA;AACpD,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS,OAAO,oBAAoB,KAAA,EAAO,MAAA,CAAO,MAAM,MAAM,CAAA;AAE1E,MAAA,IAAI;AACH,QAAA,MAAM,KAAA,GAAuB;AAAA,UAC5B,GAAG,MAAA,CAAO,IAAA;AAAA,UACV,WAAA,EAAa,OAAO,IAAA,CAAK;AAAA,SAC1B;AACA,QAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA;AACzC,QAAA,OAAO,WAAA,CAAY,OAAO,KAAK,CAAA;AAAA,MAChC,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,6BAAA;AACrD,QAAA,IAAI,QAAQ,QAAA,CAAS,WAAW,GAAG,OAAO,YAAA,CAAa,OAAO,OAAO,CAAA;AACrE,QAAA,IAAI,QAAQ,QAAA,CAAS,SAAS,CAAA,IAAK,OAAA,CAAQ,SAAS,OAAO,CAAA;AAC1D,UAAA,OAAO,cAAA,CAAe,OAAO,OAAO,CAAA;AACrC,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,MAAA,CAAmC,kBAAA,EAAoB,OAAO,OAAA,EAAS,KAAA,KAAU;AACxF,MAAA,MAAM,EAAE,EAAA,EAAG,GAAI,OAAA,CAAQ,MAAA;AACvB,MAAA,IAAI;AACH,QAAA,MAAM,MAAA,CAAO,UAAA,CAAW,MAAA,CAAO,EAAE,CAAA;AACjC,QAAA,OAAO,KAAA,CAAM,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,EAAK;AAAA,MAC/B,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,6BAAA;AACrD,QAAA,IAAI,QAAQ,QAAA,CAAS,WAAW,GAAG,OAAO,YAAA,CAAa,OAAO,OAAO,CAAA;AACrE,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,GAAA;AAAA,MACP,uBAAA;AAAA,MACA,OAAO,SAAS,KAAA,KAAU;AACzB,QAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,OAAA,CAAQ,MAAA;AAC5B,QAAA,IAAI;AACH,UAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,UAAA,CAAW,WAAW,OAAO,CAAA;AACzD,UAAA,OAAO,MAAA,CAAO,OAAO,MAAM,CAAA;AAAA,QAC5B,SAAS,GAAA,EAAK;AACb,UAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,kCAAA;AACrD,UAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,QACxC;AAAA,MACD;AAAA,KACD;AAKA,IAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,OAAO,OAAA,EAAS,KAAA,KAAU;AACtD,MAAA,MAAM,IAAI,OAAA,CAAQ,KAAA;AAClB,MAAA,MAAM,MAAA,GAAS,EAAE,MAAA,IAAU,MAAA;AAC3B,MAAA,IAAI,MAAA,KAAW,MAAA,IAAU,MAAA,KAAW,KAAA,EAAO;AAC1C,QAAA,OAAO,cAAA,CAAe,OAAO,gCAAgC,CAAA;AAAA,MAC9D;AAEA,MAAA,MAAMA,QAAAA,GAAkE,EAAE,MAAA,EAAO;AACjF,MAAA,IAAI,EAAE,KAAA,EAAO;AACZ,QAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,CAAA,CAAE,KAAK,CAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAA,CAAE,SAAS,CAAA,EAAGA,QAAAA,CAAQ,KAAA,GAAQ,CAAA;AAAA,MACjD;AACA,MAAA,IAAI,EAAE,KAAA,EAAO;AACZ,QAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,CAAA,CAAE,KAAK,CAAA;AAC1B,QAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAA,CAAE,SAAS,CAAA,EAAGA,QAAAA,CAAQ,KAAA,GAAQ,CAAA;AAAA,MACjD;AAEA,MAAA,IAAI;AACH,QAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,KAAA,CAAM,OAAOA,QAAO,CAAA;AAClD,QAAA,MAAM,WAAA,GAAc,MAAA,KAAW,KAAA,GAAQ,UAAA,GAAa,kBAAA;AACpD,QAAA,OAAO,KAAA,CACL,MAAA,CAAO,GAAG,CAAA,CACV,OAAO,cAAA,EAAgB,WAAW,CAAA,CAClC,MAAA,CAAO,uBAAuB,CAAA,mCAAA,EAAsC,MAAM,CAAA,CAAA,CAAG,CAAA,CAC7E,KAAK,QAAQ,CAAA;AAAA,MAChB,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,6BAAA;AACrD,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,GAAA,CAAI,QAAA,EAAU,OAAO,OAAA,EAAS,KAAA,KAAU;AAC/C,MAAA,MAAM,MAAA,GAAS,gBAAA,CAAiB,OAAA,CAAQ,KAAK,CAAA;AAC7C,MAAA,IAAI;AACH,QAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,KAAA,CAAM,MAAM,MAAM,CAAA;AAC/C,QAAA,OAAO,MAAA,CAAO,OAAO,OAAO,CAAA;AAAA,MAC7B,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,4BAAA;AACrD,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAKD,IAAA,OAAA,CAAQ,GAAA,CAAI,kBAAA,EAAoB,OAAO,QAAA,EAAU,KAAA,KAAU;AAC1D,MAAA,IAAI;AACH,QAAA,MAAM,CAAC,MAAA,EAAQ,WAAW,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,UAC/C,MAAA,CAAO,MAAM,IAAA,EAAK;AAAA,UAClB,MAAA,CAAO,MAAM,KAAA,CAAM;AAAA,YAClB,KAAA,EAAO,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,YAChD,KAAA,EAAO;AAAA,WACP;AAAA,SACD,CAAA;AAED,QAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,MAAA,CAAO,IAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAC,CAAA;AACrD,QAAA,MAAM,eAAe,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,QAAQ,CAAA;AAC/D,QAAA,MAAM,gBAAgB,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,SAAS,CAAA;AACjE,QAAA,MAAM,gBAAgB,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,SAAS,CAAA;AAEjE,QAAA,MAAM,KAAA,GAAQ;AAAA,UACb,MAAA,EAAQ;AAAA,YACP,OAAO,MAAA,CAAO,MAAA;AAAA,YACd,QAAQ,YAAA,CAAa,MAAA;AAAA,YACrB,SAAS,aAAA,CAAc,MAAA;AAAA,YACvB,SAAS,aAAA,CAAc;AAAA,WACxB;AAAA,UACA,KAAA,EAAO;AAAA,YACN,OAAO,QAAA,CAAS;AAAA,WACjB;AAAA,UACA,KAAA,EAAO;AAAA,YACN,SAAS,WAAA,CAAY,MAAA;AAAA,YACrB,OAAA,EAAS,YAAY,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,MAAA,KAAW,SAAS,CAAA,CAAE,MAAA;AAAA,YAC3D,MAAA,EAAQ,YAAY,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,MAAA,KAAW,QAAQ,CAAA,CAAE,MAAA;AAAA,YACzD,WAAA,EAAa,YAAY,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,MAAA,KAAW,cAAc,CAAA,CAAE;AAAA;AACrE,SACD;AACA,QAAA,OAAO,MAAA,CAAO,OAAO,KAAK,CAAA;AAAA,MAC3B,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,iCAAA;AACrD,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,GAAA,CAAI,mBAAA,EAAqB,OAAO,OAAA,EAAS,KAAA,KAAU;AAC1D,MAAA,MAAM,IAAI,OAAA,CAAQ,KAAA;AAClB,MAAA,MAAM,SAAsB,EAAC;AAE7B,MAAA,IAAI,CAAA,CAAE,MAAA,EAAQ,MAAA,CAAO,MAAA,GAAS,CAAA,CAAE,MAAA;AAChC,MAAA,MAAM,YAAY,CAAA,CAAE,MAAA;AACpB,MAAA,IAAI,SAAA,KAAc,QAAA,IAAY,SAAA,KAAc,SAAA,IAAa,cAAc,SAAA,EAAW;AACjF,QAAA,MAAA,CAAO,MAAA,GAAS,SAAA;AAAA,MACjB;AACA,MAAA,MAAM,UAAU,CAAA,CAAE,IAAA;AAClB,MAAA,IAAI,OAAA,KAAY,YAAA,IAAgB,OAAA,KAAY,WAAA,IAAe,YAAY,SAAA,EAAW;AACjF,QAAA,MAAA,CAAO,IAAA,GAAO,OAAA;AAAA,MACf;AAEA,MAAA,IAAI;AACH,QAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,KAAA,CAAM,KAAK,MAAM,CAAA;AAC7C,QAAA,OAAO,MAAA,CAAO,OAAO,MAAM,CAAA;AAAA,MAC5B,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,uBAAA;AACrD,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,GAAA,CAAI,kBAAA,EAAoB,OAAO,OAAA,EAAS,KAAA,KAAU;AACzD,MAAA,MAAM,MAAA,GAAS,gBAAA,CAAiB,OAAA,CAAQ,KAAK,CAAA;AAC7C,MAAA,IAAI;AACH,QAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,KAAA,CAAM,MAAM,MAAM,CAAA;AAC/C,QAAA,OAAO,MAAA,CAAO,OAAO,OAAO,CAAA;AAAA,MAC7B,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,4BAAA;AACrD,QAAA,OAAO,iBAAA,CAAkB,OAAO,OAAO,CAAA;AAAA,MACxC;AAAA,IACD,CAAC,CAAA;AAKD,IAAA,OAAA,CAAQ,GAAA,CAAI,yCAAA,EAA2C,CAAC,QAAA,EAAU,KAAA,KAAU;AAC3E,MAAA,IAAI,CAAC,GAAA,EAAK,OAAO,YAAA,CAAa,OAAO,2BAA2B,CAAA;AAChE,MAAA,MAAM,QAAA,GAAW,IAAI,WAAA,EAAY;AACjC,MAAA,OAAO,SAAA,CAAU,OAAO,QAAQ,CAAA;AAAA,IACjC,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,GAAA,CAAI,uCAAA,EAAyC,CAAC,QAAA,EAAU,KAAA,KAAU;AACzE,MAAA,IAAI,CAAC,GAAA,EAAK,OAAO,YAAA,CAAa,OAAO,2BAA2B,CAAA;AAChE,MAAA,MAAM,QAAA,GAAW,IAAI,4BAAA,EAA6B;AAClD,MAAA,OAAO,SAAA,CAAU,OAAO,QAAQ,CAAA;AAAA,IACjC,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,IAAA,CAAK,eAAA,EAAiB,OAAO,OAAA,EAAS,KAAA,KAAU;AACvD,MAAA,IAAI,CAAC,GAAA,EAAK,OAAO,YAAA,CAAa,OAAO,2BAA2B,CAAA;AAChE,MAAA,IAAI;AACH,QAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,cAAA;AAAA,UACxB,OAAA,CAAQ;AAAA,SACT;AACA,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACpB,UAAA,OAAO,aAAa,KAAA,EAAO,yBAAA,EAA2B,MAAA,CAAO,KAAA,CAAM,SAAS,GAAG,CAAA;AAAA,QAChF;AACA,QAAA,OAAO,cAAA,CAAe,KAAA,EAAO,MAAA,CAAO,IAAA,EAAM,GAAG,CAAA;AAAA,MAC9C,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,qBAAA;AACrD,QAAA,OAAO,YAAA,CAAa,KAAA,EAAO,cAAA,EAAgB,OAAA,EAAS,GAAG,CAAA;AAAA,MACxD;AAAA,IACD,CAAC,CAAA;AAGD,IAAA,OAAA,CAAQ,GAAA,CAAI,gBAAA,EAAkB,OAAO,OAAA,EAAS,KAAA,KAAU;AACvD,MAAA,IAAI,CAAC,GAAA,EAAK,OAAO,YAAA,CAAa,OAAO,2BAA2B,CAAA;AAChE,MAAA,IAAI;AAEH,QAAA,MAAM,GAAA,GAAM,GAAG,OAAA,CAAQ,QAAQ,MAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG,OAAA,CAAQ,GAAG,CAAA,CAAA;AACnE,QAAA,MAAM,UAAA,GAAa,IAAI,OAAA,CAAQ,GAAA,EAAK;AAAA,UACnC,MAAA,EAAQ,KAAA;AAAA,UACR,SAAS,OAAA,CAAQ;AAAA,SACjB,CAAA;AACD,QAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,SAAA,CAAU,UAAU,CAAA;AAC7C,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACpB,UAAA,IAAI,MAAA,CAAO,KAAA,CAAM,IAAA,KAAS,gBAAA,EAAkB;AAC3C,YAAA,MAAM,OAAA,GAAU,OAAO,KAAA,CAAM,OAAA;AAG7B,YAAA,IAAI,SAAS,SAAA,EAAW;AACvB,cAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA;AAC1C,cAAA,IAAI,QAAQ,QAAA,EAAU;AACrB,gBAAA,QAAA,CAAS,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,OAAA,CAAQ,QAAQ,CAAA;AAAA,cACvD;AACA,cAAA,OAAO,KAAA,CAAM,QAAA,CAAS,QAAA,CAAS,QAAA,IAAY,GAAG,CAAA;AAAA,YAC/C;AAAA,UACD;AACA,UAAA,OAAO,YAAA,CAAa,KAAA,EAAO,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,aAAY,EAAG,MAAA,CAAO,KAAA,CAAM,OAAA,EAAS,GAAG,CAAA;AAAA,QACtF;AACA,QAAA,OAAO,KAAA,CAAM,QAAA,CAAS,MAAA,CAAO,IAAA,CAAK,aAAa,GAAG,CAAA;AAAA,MACnD,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,sBAAA;AACrD,QAAA,OAAO,YAAA,CAAa,KAAA,EAAO,cAAA,EAAgB,OAAA,EAAS,GAAG,CAAA;AAAA,MACxD;AAAA,IACD,CAAC,CAAA;AAID,IAAA,KAAA,MAAW,QAAA,IAAY,MAAA,CAAO,OAAA,CAAQ,YAAA,EAAa,EAAG;AACrD,MAAA,MAAM,MAAA,GAAS,QAAA,CAAS,MAAA,CAAO,WAAA,EAAY;AAC3C,MAAA,OAAA,CAAQ,MAAM,CAAA,CAAE,QAAA,CAAS,IAAA,EAAM,OAAO,SAAS,KAAA,KAAU;AACxD,QAAA,MAAM,GAAA,GAAM,GAAG,OAAA,CAAQ,QAAQ,MAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG,OAAA,CAAQ,GAAG,CAAA,CAAA;AACnE,QAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,OAAA,CAAQ,OAAiC,CAAA;AACrE,QAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,MAAA,KAAW,KAAA,IAAS,QAAQ,MAAA,KAAW,MAAA;AAC/D,QAAA,MAAM,IAAA,GACL,WAAW,OAAA,CAAQ,IAAA,KAAS,SAAY,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA,GAAI,MAAA;AACxE,QAAA,MAAM,MAAA,GAAS,IAAI,OAAA,CAAQ,GAAA,EAAK,EAAE,QAAQ,OAAA,CAAQ,MAAA,EAAQ,OAAA,EAAS,IAAA,EAAM,CAAA;AAEzE,QAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,OAAA,CAAQ,cAAc,MAAM,CAAA;AAC1D,QAAA,IAAI,CAAC,QAAA,EAAU;AACd,UAAA,OAAO,YAAA,CAAa,OAAO,2BAA2B,CAAA;AAAA,QACvD;AAEA,QAAA,KAAA,CAAM,MAAA,CAAO,SAAS,MAAM,CAAA;AAC5B,QAAA,QAAA,CAAS,OAAA,CAAQ,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AACxC,UAAA,KAAA,CAAM,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QACxB,CAAC,CAAA;AACD,QAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,QAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AAAA,MACvB,CAAC,CAAA;AAAA,IACF;AAGA,IAAA,OAAA,CAAQ,IAAA,CAAK,YAAA,EAAc,OAAO,OAAA,EAAS,KAAA,KAAU;AACpD,MAAA,IAAI,CAAC,GAAA,EAAK,OAAO,YAAA,CAAa,OAAO,2BAA2B,CAAA;AAChE,MAAA,IAAI;AAEH,QAAA,MAAM,GAAA,GAAM,GAAG,OAAA,CAAQ,QAAQ,MAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG,OAAA,CAAQ,GAAG,CAAA,CAAA;AACnE,QAAA,MAAM,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA;AACxC,QAAA,MAAM,UAAA,GAAa,IAAI,OAAA,CAAQ,GAAA,EAAK;AAAA,UACnC,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS;AAAA,YACR,GAAI,OAAA,CAAQ,OAAA;AAAA,YACZ,cAAA,EAAgB;AAAA,WACjB;AAAA,UACA;AAAA,SACA,CAAA;AACD,QAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,KAAA,CAAM,UAAU,CAAA;AACzC,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACpB,UAAA,MAAM,MAAA,GAAS,MAAA,CAAO,KAAA,CAAM,IAAA,KAAS,mBAAmB,GAAA,GAAM,GAAA;AAC9D,UAAA,OAAO,cAAA;AAAA,YACN,KAAA;AAAA,YACA;AAAA,cACC,KAAA,EAAO,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,WAAA,EAAY;AAAA,cACrC,iBAAA,EAAmB,OAAO,KAAA,CAAM;AAAA,aACjC;AAAA,YACA;AAAA,WACD;AAAA,QACD;AACA,QAAA,OAAO,cAAA,CAAe,KAAA,EAAO,MAAA,CAAO,IAAI,CAAA;AAAA,MACzC,SAAS,GAAA,EAAK;AACb,QAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,uBAAA;AACrD,QAAA,OAAO,cAAA,CAAe,OAAO,EAAE,KAAA,EAAO,gBAAgB,iBAAA,EAAmB,OAAA,IAAW,GAAG,CAAA;AAAA,MACxF;AAAA,IACD,CAAC,CAAA;AAAA,EACF,CAAA;AACD","file":"index.js","sourcesContent":["import type { FastifyInstance, FastifyReply, FastifyRequest } from \"fastify\";\nimport type {\n\tAgentFilter,\n\tAuditFilter,\n\tCreateAgentInput,\n\tDelegateInput,\n\tKavach,\n\tPermission,\n\tUpdateAgentInput,\n} from \"kavachos\";\nimport type { McpAuthModule } from \"kavachos/mcp\";\nimport { z } from \"zod\";\n\n// ─── Zod Validation Schemas ──────────────────────────────────────────────────\n\nconst PermissionConstraintsSchema = z.object({\n\tmaxCallsPerHour: z.number().int().positive().optional(),\n\tallowedArgPatterns: z.array(z.string()).optional(),\n\trequireApproval: z.boolean().optional(),\n\ttimeWindow: z\n\t\t.object({\n\t\t\tstart: z.string(),\n\t\t\tend: z.string(),\n\t\t})\n\t\t.optional(),\n\tipAllowlist: z.array(z.string()).optional(),\n});\n\nconst PermissionSchema = z.object({\n\tresource: z.string().min(1),\n\tactions: z.array(z.string().min(1)).min(1),\n\tconstraints: PermissionConstraintsSchema.optional(),\n});\n\nconst CreateAgentSchema = z.object({\n\townerId: z.string().min(1),\n\tname: z.string().min(1),\n\ttype: z.enum([\"autonomous\", \"delegated\", \"service\"]),\n\tpermissions: z.array(PermissionSchema).min(1),\n\texpiresAt: z.coerce.date().optional(),\n\tmetadata: z.record(z.unknown()).optional(),\n});\n\nconst UpdateAgentSchema = z.object({\n\tname: z.string().min(1).optional(),\n\tpermissions: z.array(PermissionSchema).optional(),\n\texpiresAt: z.coerce.date().optional(),\n\tmetadata: z.record(z.unknown()).optional(),\n});\n\nconst AuthorizeSchema = z.object({\n\tagentId: z.string().min(1),\n\taction: z.string().min(1),\n\tresource: z.string().min(1),\n\targuments: z.record(z.unknown()).optional(),\n});\n\nconst AuthorizeByTokenSchema = z.object({\n\taction: z.string().min(1),\n\tresource: z.string().min(1),\n\targuments: z.record(z.unknown()).optional(),\n});\n\nconst DelegateSchema = z.object({\n\tfromAgent: z.string().min(1),\n\ttoAgent: z.string().min(1),\n\tpermissions: z.array(PermissionSchema).min(1),\n\texpiresAt: z.coerce.date(),\n\tmaxDepth: z.number().int().positive().optional(),\n});\n\n// ─── Response Helpers ────────────────────────────────────────────────────────\n\nfunction sendOk<T>(reply: FastifyReply, data: T, status = 200): FastifyReply {\n\treturn reply.status(status).header(\"Content-Type\", \"application/json\").send({ data });\n}\n\nfunction sendCreated<T>(reply: FastifyReply, data: T): FastifyReply {\n\treturn sendOk(reply, data, 201);\n}\n\nfunction sendError(\n\treply: FastifyReply,\n\tcode: string,\n\tmessage: string,\n\tstatus: number,\n): FastifyReply {\n\treturn reply\n\t\t.status(status)\n\t\t.header(\"Content-Type\", \"application/json\")\n\t\t.send({ error: { code, message } });\n}\n\nfunction sendBadRequest(reply: FastifyReply, message: string): FastifyReply {\n\treturn sendError(reply, \"BAD_REQUEST\", message, 400);\n}\n\nfunction sendUnauthorized(reply: FastifyReply, message = \"Unauthorized\"): FastifyReply {\n\treturn sendError(reply, \"UNAUTHORIZED\", message, 401);\n}\n\nfunction sendNotFound(reply: FastifyReply, message = \"Not found\"): FastifyReply {\n\treturn sendError(reply, \"NOT_FOUND\", message, 404);\n}\n\nfunction sendInternalError(reply: FastifyReply, message = \"Internal server error\"): FastifyReply {\n\treturn sendError(reply, \"INTERNAL_ERROR\", message, 500);\n}\n\nfunction sendValidationError(reply: FastifyReply, issues: z.ZodIssue[]): FastifyReply {\n\tconst message = issues.map((i) => `${i.path.join(\".\")}: ${i.message}`).join(\", \");\n\treturn sendBadRequest(reply, `Validation failed: ${message}`);\n}\n\n// ─── MCP CORS Headers ────────────────────────────────────────────────────────\n\nconst MCP_CORS_HEADERS: Record<string, string> = {\n\t\"Access-Control-Allow-Origin\": \"*\",\n\t\"Access-Control-Allow-Methods\": \"GET, POST, OPTIONS\",\n\t\"Access-Control-Allow-Headers\": \"Content-Type, Authorization\",\n\t\"Access-Control-Max-Age\": \"86400\",\n};\n\nfunction applyMcpCors(reply: FastifyReply): FastifyReply {\n\tfor (const [key, value] of Object.entries(MCP_CORS_HEADERS)) {\n\t\treply.header(key, value);\n\t}\n\treturn reply;\n}\n\nfunction sendMcpOk<T>(reply: FastifyReply, data: T, status = 200): FastifyReply {\n\treturn applyMcpCors(reply).status(status).header(\"Content-Type\", \"application/json\").send(data);\n}\n\nfunction sendMcpError(\n\treply: FastifyReply,\n\tcode: string,\n\tmessage: string,\n\tstatus: number,\n): FastifyReply {\n\treturn applyMcpCors(reply)\n\t\t.status(status)\n\t\t.header(\"Content-Type\", \"application/json\")\n\t\t.send({ error: code, error_description: message });\n}\n\nfunction sendMcpNoStore<T>(reply: FastifyReply, data: T, status = 200): FastifyReply {\n\treturn applyMcpCors(reply)\n\t\t.status(status)\n\t\t.header(\"Content-Type\", \"application/json\")\n\t\t.header(\"Cache-Control\", \"no-store\")\n\t\t.header(\"Pragma\", \"no-cache\")\n\t\t.send(data);\n}\n\n// ─── Audit Filter Builder ────────────────────────────────────────────────────\n\nfunction buildAuditFilter(query: FastifyRequest[\"query\"]): AuditFilter {\n\tconst q = query as Record<string, string | undefined>;\n\tconst filter: AuditFilter = {};\n\n\tif (q.agentId) filter.agentId = q.agentId;\n\tif (q.userId) filter.userId = q.userId;\n\n\tif (q.since) {\n\t\tconst d = new Date(q.since);\n\t\tif (!Number.isNaN(d.getTime())) filter.since = d;\n\t}\n\tif (q.until) {\n\t\tconst d = new Date(q.until);\n\t\tif (!Number.isNaN(d.getTime())) filter.until = d;\n\t}\n\tif (q.actions) {\n\t\tfilter.actions = q.actions.split(\",\").map((a) => a.trim());\n\t}\n\tconst resultRaw = q.result;\n\tif (resultRaw === \"allowed\" || resultRaw === \"denied\" || resultRaw === \"rate_limited\") {\n\t\tfilter.result = resultRaw;\n\t}\n\tif (q.limit) {\n\t\tconst n = Number.parseInt(q.limit, 10);\n\t\tif (!Number.isNaN(n) && n > 0) filter.limit = n;\n\t}\n\tif (q.offset) {\n\t\tconst n = Number.parseInt(q.offset, 10);\n\t\tif (!Number.isNaN(n) && n >= 0) filter.offset = n;\n\t}\n\n\treturn filter;\n}\n\n// ─── Adapter Options ─────────────────────────────────────────────────────────\n\nexport interface KavachFastifyOptions {\n\t/**\n\t * The MCP OAuth 2.1 module. When provided, MCP endpoints are enabled.\n\t */\n\tmcp?: McpAuthModule;\n\t/**\n\t * URL prefix to mount all routes under. Defaults to no prefix (routes are\n\t * registered directly on the provided FastifyInstance).\n\t *\n\t * Use Fastify's built-in prefix option when calling `fastify.register` instead:\n\t * `fastify.register(plugin, { prefix: '/api/kavach' })`\n\t */\n}\n\n// ─── Adapter Factory ─────────────────────────────────────────────────────────\n\n/**\n * Create a Fastify plugin that registers all KavachOS REST API routes.\n *\n * @example\n * ```typescript\n * import Fastify from 'fastify';\n * import { createKavach } from 'kavachos';\n * import { kavachFastify } from '@kavachos/fastify';\n *\n * const app = Fastify();\n * const kavach = createKavach({ database: { provider: 'sqlite', url: 'kavach.db' } });\n *\n * await app.register(kavachFastify(kavach), { prefix: '/api/kavach' });\n * await app.listen({ port: 3000 });\n * ```\n *\n * With MCP OAuth 2.1:\n * ```typescript\n * import { createMcpModule } from 'kavachos/mcp';\n * const mcp = createMcpModule({ ... });\n * await app.register(kavachFastify(kavach, { mcp }), { prefix: '/api/kavach' });\n * ```\n */\nexport function kavachFastify(kavach: Kavach, options?: KavachFastifyOptions) {\n\tconst mcp = options?.mcp;\n\n\treturn async function plugin(fastify: FastifyInstance): Promise<void> {\n\t\t// ── MCP OPTIONS preflight ────────────────────────────────────\n\n\t\tfastify.options(\"/mcp/*\", (_request, reply) => {\n\t\t\treturn reply.status(204).headers(MCP_CORS_HEADERS).send();\n\t\t});\n\n\t\tfastify.options(\"/.well-known/*\", (_request, reply) => {\n\t\t\treturn reply.status(204).headers(MCP_CORS_HEADERS).send();\n\t\t});\n\n\t\t// ── Agent REST API ───────────────────────────────────────────\n\n\t\t// POST /agents\n\t\tfastify.post(\"/agents\", async (request, reply) => {\n\t\t\tconst parsed = CreateAgentSchema.safeParse(request.body);\n\t\t\tif (!parsed.success) return sendValidationError(reply, parsed.error.issues);\n\n\t\t\ttry {\n\t\t\t\tconst input: CreateAgentInput = {\n\t\t\t\t\t...parsed.data,\n\t\t\t\t\tpermissions: parsed.data.permissions as Permission[],\n\t\t\t\t};\n\t\t\t\tconst agent = await kavach.agent.create(input);\n\t\t\t\treturn sendCreated(reply, agent);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to create agent\";\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// GET /agents\n\t\tfastify.get(\"/agents\", async (request, reply) => {\n\t\t\tconst q = request.query as Record<string, string | undefined>;\n\t\t\tconst filter: AgentFilter = {};\n\n\t\t\tif (q.userId) filter.userId = q.userId;\n\t\t\tconst statusRaw = q.status;\n\t\t\tif (statusRaw === \"active\" || statusRaw === \"revoked\" || statusRaw === \"expired\") {\n\t\t\t\tfilter.status = statusRaw;\n\t\t\t}\n\t\t\tconst typeRaw = q.type;\n\t\t\tif (typeRaw === \"autonomous\" || typeRaw === \"delegated\" || typeRaw === \"service\") {\n\t\t\t\tfilter.type = typeRaw;\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst agents = await kavach.agent.list(filter);\n\t\t\t\treturn sendOk(reply, agents);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to list agents\";\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// GET /agents/:id\n\t\tfastify.get<{ Params: { id: string } }>(\"/agents/:id\", async (request, reply) => {\n\t\t\tconst { id } = request.params;\n\t\t\ttry {\n\t\t\t\tconst agent = await kavach.agent.get(id);\n\t\t\t\tif (!agent) return sendNotFound(reply, `Agent \"${id}\" not found`);\n\t\t\t\treturn sendOk(reply, agent);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to get agent\";\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// PATCH /agents/:id\n\t\tfastify.patch<{ Params: { id: string } }>(\"/agents/:id\", async (request, reply) => {\n\t\t\tconst { id } = request.params;\n\t\t\tconst parsed = UpdateAgentSchema.safeParse(request.body);\n\t\t\tif (!parsed.success) return sendValidationError(reply, parsed.error.issues);\n\n\t\t\ttry {\n\t\t\t\tconst input: UpdateAgentInput = {\n\t\t\t\t\t...parsed.data,\n\t\t\t\t\tpermissions: parsed.data.permissions as Permission[] | undefined,\n\t\t\t\t};\n\t\t\t\tconst agent = await kavach.agent.update(id, input);\n\t\t\t\treturn sendOk(reply, agent);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to update agent\";\n\t\t\t\tif (message.includes(\"not found\")) return sendNotFound(reply, message);\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// DELETE /agents/:id\n\t\tfastify.delete<{ Params: { id: string } }>(\"/agents/:id\", async (request, reply) => {\n\t\t\tconst { id } = request.params;\n\t\t\ttry {\n\t\t\t\tawait kavach.agent.revoke(id);\n\t\t\t\treturn reply.status(204).send();\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to revoke agent\";\n\t\t\t\tif (message.includes(\"not found\")) return sendNotFound(reply, message);\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// POST /agents/:id/rotate\n\t\tfastify.post<{ Params: { id: string } }>(\"/agents/:id/rotate\", async (request, reply) => {\n\t\t\tconst { id } = request.params;\n\t\t\ttry {\n\t\t\t\tconst agent = await kavach.agent.rotate(id);\n\t\t\t\treturn sendOk(reply, agent);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to rotate agent token\";\n\t\t\t\tif (message.includes(\"not found\")) return sendNotFound(reply, message);\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// ── Authorization ────────────────────────────────────────────\n\n\t\t// POST /authorize\n\t\tfastify.post(\"/authorize\", async (request, reply) => {\n\t\t\tconst parsed = AuthorizeSchema.safeParse(request.body);\n\t\t\tif (!parsed.success) return sendValidationError(reply, parsed.error.issues);\n\n\t\t\ttry {\n\t\t\t\tconst xForwardedFor = request.headers[\"x-forwarded-for\"];\n\t\t\t\tconst ip =\n\t\t\t\t\t(Array.isArray(xForwardedFor)\n\t\t\t\t\t\t? xForwardedFor[0]\n\t\t\t\t\t\t: xForwardedFor?.split(\",\")[0]?.trim()) ??\n\t\t\t\t\trequest.ip ??\n\t\t\t\t\tundefined;\n\t\t\t\tconst userAgent =\n\t\t\t\t\t(Array.isArray(request.headers[\"user-agent\"])\n\t\t\t\t\t\t? request.headers[\"user-agent\"][0]\n\t\t\t\t\t\t: request.headers[\"user-agent\"]) ?? undefined;\n\t\t\t\tconst result = await kavach.authorize(\n\t\t\t\t\tparsed.data.agentId,\n\t\t\t\t\t{\n\t\t\t\t\t\taction: parsed.data.action,\n\t\t\t\t\t\tresource: parsed.data.resource,\n\t\t\t\t\t\targuments: parsed.data.arguments,\n\t\t\t\t\t},\n\t\t\t\t\t{ ip, userAgent },\n\t\t\t\t);\n\t\t\t\tconst status = result.allowed ? 200 : 403;\n\t\t\t\treturn reply\n\t\t\t\t\t.status(status)\n\t\t\t\t\t.header(\"Content-Type\", \"application/json\")\n\t\t\t\t\t.send({ data: result });\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Authorization check failed\";\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// POST /authorize/token\n\t\tfastify.post(\"/authorize/token\", async (request, reply) => {\n\t\t\tconst authHeader = request.headers.authorization;\n\t\t\tif (!authHeader?.startsWith(\"Bearer \")) {\n\t\t\t\treturn sendUnauthorized(reply, \"Missing or invalid Authorization header\");\n\t\t\t}\n\t\t\tconst token = authHeader.slice(7);\n\n\t\t\tconst parsed = AuthorizeByTokenSchema.safeParse(request.body);\n\t\t\tif (!parsed.success) return sendValidationError(reply, parsed.error.issues);\n\n\t\t\ttry {\n\t\t\t\tconst xForwardedFor = request.headers[\"x-forwarded-for\"];\n\t\t\t\tconst ip =\n\t\t\t\t\t(Array.isArray(xForwardedFor)\n\t\t\t\t\t\t? xForwardedFor[0]\n\t\t\t\t\t\t: xForwardedFor?.split(\",\")[0]?.trim()) ??\n\t\t\t\t\trequest.ip ??\n\t\t\t\t\tundefined;\n\t\t\t\tconst userAgent =\n\t\t\t\t\t(Array.isArray(request.headers[\"user-agent\"])\n\t\t\t\t\t\t? request.headers[\"user-agent\"][0]\n\t\t\t\t\t\t: request.headers[\"user-agent\"]) ?? undefined;\n\t\t\t\tconst result = await kavach.authorizeByToken(\n\t\t\t\t\ttoken,\n\t\t\t\t\t{\n\t\t\t\t\t\taction: parsed.data.action,\n\t\t\t\t\t\tresource: parsed.data.resource,\n\t\t\t\t\t\targuments: parsed.data.arguments,\n\t\t\t\t\t},\n\t\t\t\t\t{ ip, userAgent },\n\t\t\t\t);\n\t\t\t\tconst status = result.allowed ? 200 : 403;\n\t\t\t\treturn reply\n\t\t\t\t\t.status(status)\n\t\t\t\t\t.header(\"Content-Type\", \"application/json\")\n\t\t\t\t\t.send({ data: result });\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Authorization check failed\";\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// ── Delegation ───────────────────────────────────────────────\n\n\t\t// POST /delegations\n\t\tfastify.post(\"/delegations\", async (request, reply) => {\n\t\t\tconst parsed = DelegateSchema.safeParse(request.body);\n\t\t\tif (!parsed.success) return sendValidationError(reply, parsed.error.issues);\n\n\t\t\ttry {\n\t\t\t\tconst input: DelegateInput = {\n\t\t\t\t\t...parsed.data,\n\t\t\t\t\tpermissions: parsed.data.permissions as Permission[],\n\t\t\t\t};\n\t\t\t\tconst chain = await kavach.delegate(input);\n\t\t\t\treturn sendCreated(reply, chain);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to create delegation\";\n\t\t\t\tif (message.includes(\"not found\")) return sendNotFound(reply, message);\n\t\t\t\tif (message.includes(\"exceeds\") || message.includes(\"depth\"))\n\t\t\t\t\treturn sendBadRequest(reply, message);\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// DELETE /delegations/:id\n\t\tfastify.delete<{ Params: { id: string } }>(\"/delegations/:id\", async (request, reply) => {\n\t\t\tconst { id } = request.params;\n\t\t\ttry {\n\t\t\t\tawait kavach.delegation.revoke(id);\n\t\t\t\treturn reply.status(204).send();\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to revoke delegation\";\n\t\t\t\tif (message.includes(\"not found\")) return sendNotFound(reply, message);\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// GET /delegations/:agentId\n\t\tfastify.get<{ Params: { agentId: string } }>(\n\t\t\t\"/delegations/:agentId\",\n\t\t\tasync (request, reply) => {\n\t\t\t\tconst { agentId } = request.params;\n\t\t\t\ttry {\n\t\t\t\t\tconst chains = await kavach.delegation.listChains(agentId);\n\t\t\t\t\treturn sendOk(reply, chains);\n\t\t\t\t} catch (err) {\n\t\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to list delegation chains\";\n\t\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\n\t\t// ── Audit ─────────────────────────────────────────────────────\n\n\t\t// GET /audit/export — must be registered before /audit to avoid route shadowing\n\t\tfastify.get(\"/audit/export\", async (request, reply) => {\n\t\t\tconst q = request.query as Record<string, string | undefined>;\n\t\t\tconst format = q.format ?? \"json\";\n\t\t\tif (format !== \"json\" && format !== \"csv\") {\n\t\t\t\treturn sendBadRequest(reply, 'format must be \"json\" or \"csv\"');\n\t\t\t}\n\n\t\t\tconst options: { format: \"json\" | \"csv\"; since?: Date; until?: Date } = { format };\n\t\t\tif (q.since) {\n\t\t\t\tconst d = new Date(q.since);\n\t\t\t\tif (!Number.isNaN(d.getTime())) options.since = d;\n\t\t\t}\n\t\t\tif (q.until) {\n\t\t\t\tconst d = new Date(q.until);\n\t\t\t\tif (!Number.isNaN(d.getTime())) options.until = d;\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst exported = await kavach.audit.export(options);\n\t\t\t\tconst contentType = format === \"csv\" ? \"text/csv\" : \"application/json\";\n\t\t\t\treturn reply\n\t\t\t\t\t.status(200)\n\t\t\t\t\t.header(\"Content-Type\", contentType)\n\t\t\t\t\t.header(\"Content-Disposition\", `attachment; filename=\"audit-export.${format}\"`)\n\t\t\t\t\t.send(exported);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to export audit logs\";\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// GET /audit\n\t\tfastify.get(\"/audit\", async (request, reply) => {\n\t\t\tconst filter = buildAuditFilter(request.query);\n\t\t\ttry {\n\t\t\t\tconst entries = await kavach.audit.query(filter);\n\t\t\t\treturn sendOk(reply, entries);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to query audit logs\";\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// ── Dashboard API ────────────────────────────────────────────\n\n\t\t// GET /dashboard/stats\n\t\tfastify.get(\"/dashboard/stats\", async (_request, reply) => {\n\t\t\ttry {\n\t\t\t\tconst [agents, recentAudit] = await Promise.all([\n\t\t\t\t\tkavach.agent.list(),\n\t\t\t\t\tkavach.audit.query({\n\t\t\t\t\t\tsince: new Date(Date.now() - 24 * 60 * 60 * 1000),\n\t\t\t\t\t\tlimit: 1000,\n\t\t\t\t\t}),\n\t\t\t\t]);\n\n\t\t\t\tconst ownerIds = new Set(agents.map((a) => a.ownerId));\n\t\t\t\tconst activeAgents = agents.filter((a) => a.status === \"active\");\n\t\t\t\tconst revokedAgents = agents.filter((a) => a.status === \"revoked\");\n\t\t\t\tconst expiredAgents = agents.filter((a) => a.status === \"expired\");\n\n\t\t\t\tconst stats = {\n\t\t\t\t\tagents: {\n\t\t\t\t\t\ttotal: agents.length,\n\t\t\t\t\t\tactive: activeAgents.length,\n\t\t\t\t\t\trevoked: revokedAgents.length,\n\t\t\t\t\t\texpired: expiredAgents.length,\n\t\t\t\t\t},\n\t\t\t\t\tusers: {\n\t\t\t\t\t\ttotal: ownerIds.size,\n\t\t\t\t\t},\n\t\t\t\t\taudit: {\n\t\t\t\t\t\tlast24h: recentAudit.length,\n\t\t\t\t\t\tallowed: recentAudit.filter((e) => e.result === \"allowed\").length,\n\t\t\t\t\t\tdenied: recentAudit.filter((e) => e.result === \"denied\").length,\n\t\t\t\t\t\trateLimited: recentAudit.filter((e) => e.result === \"rate_limited\").length,\n\t\t\t\t\t},\n\t\t\t\t};\n\t\t\t\treturn sendOk(reply, stats);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to fetch dashboard stats\";\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// GET /dashboard/agents\n\t\tfastify.get(\"/dashboard/agents\", async (request, reply) => {\n\t\t\tconst q = request.query as Record<string, string | undefined>;\n\t\t\tconst filter: AgentFilter = {};\n\n\t\t\tif (q.userId) filter.userId = q.userId;\n\t\t\tconst statusRaw = q.status;\n\t\t\tif (statusRaw === \"active\" || statusRaw === \"revoked\" || statusRaw === \"expired\") {\n\t\t\t\tfilter.status = statusRaw;\n\t\t\t}\n\t\t\tconst typeRaw = q.type;\n\t\t\tif (typeRaw === \"autonomous\" || typeRaw === \"delegated\" || typeRaw === \"service\") {\n\t\t\t\tfilter.type = typeRaw;\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst agents = await kavach.agent.list(filter);\n\t\t\t\treturn sendOk(reply, agents);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to list agents\";\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// GET /dashboard/audit\n\t\tfastify.get(\"/dashboard/audit\", async (request, reply) => {\n\t\t\tconst filter = buildAuditFilter(request.query);\n\t\t\ttry {\n\t\t\t\tconst entries = await kavach.audit.query(filter);\n\t\t\t\treturn sendOk(reply, entries);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Failed to query audit logs\";\n\t\t\t\treturn sendInternalError(reply, message);\n\t\t\t}\n\t\t});\n\n\t\t// ── MCP OAuth 2.1 Endpoints ──────────────────────────────────\n\n\t\t// GET /.well-known/oauth-authorization-server\n\t\tfastify.get(\"/.well-known/oauth-authorization-server\", (_request, reply) => {\n\t\t\tif (!mcp) return sendNotFound(reply, \"MCP module not configured\");\n\t\t\tconst metadata = mcp.getMetadata();\n\t\t\treturn sendMcpOk(reply, metadata);\n\t\t});\n\n\t\t// GET /.well-known/oauth-protected-resource\n\t\tfastify.get(\"/.well-known/oauth-protected-resource\", (_request, reply) => {\n\t\t\tif (!mcp) return sendNotFound(reply, \"MCP module not configured\");\n\t\t\tconst metadata = mcp.getProtectedResourceMetadata();\n\t\t\treturn sendMcpOk(reply, metadata);\n\t\t});\n\n\t\t// POST /mcp/register\n\t\tfastify.post(\"/mcp/register\", async (request, reply) => {\n\t\t\tif (!mcp) return sendNotFound(reply, \"MCP module not configured\");\n\t\t\ttry {\n\t\t\t\tconst result = await mcp.registerClient(\n\t\t\t\t\trequest.body as Parameters<typeof mcp.registerClient>[0],\n\t\t\t\t);\n\t\t\t\tif (!result.success) {\n\t\t\t\t\treturn sendMcpError(reply, \"invalid_client_metadata\", result.error.message, 400);\n\t\t\t\t}\n\t\t\t\treturn sendMcpNoStore(reply, result.data, 201);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Registration failed\";\n\t\t\t\treturn sendMcpError(reply, \"server_error\", message, 500);\n\t\t\t}\n\t\t});\n\n\t\t// GET /mcp/authorize\n\t\tfastify.get(\"/mcp/authorize\", async (request, reply) => {\n\t\t\tif (!mcp) return sendNotFound(reply, \"MCP module not configured\");\n\t\t\ttry {\n\t\t\t\t// Build a Web API Request from the Fastify request for MCP module compatibility\n\t\t\t\tconst url = `${request.protocol}://${request.hostname}${request.url}`;\n\t\t\t\tconst webRequest = new Request(url, {\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: request.headers as HeadersInit,\n\t\t\t\t});\n\t\t\t\tconst result = await mcp.authorize(webRequest);\n\t\t\t\tif (!result.success) {\n\t\t\t\t\tif (result.error.code === \"LOGIN_REQUIRED\") {\n\t\t\t\t\t\tconst details = result.error.details as\n\t\t\t\t\t\t\t| { loginPage?: string; returnTo?: string }\n\t\t\t\t\t\t\t| undefined;\n\t\t\t\t\t\tif (details?.loginPage) {\n\t\t\t\t\t\t\tconst loginUrl = new URL(details.loginPage);\n\t\t\t\t\t\t\tif (details.returnTo) {\n\t\t\t\t\t\t\t\tloginUrl.searchParams.set(\"returnTo\", details.returnTo);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\treturn reply.redirect(loginUrl.toString(), 302);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\treturn sendMcpError(reply, result.error.code.toLowerCase(), result.error.message, 400);\n\t\t\t\t}\n\t\t\t\treturn reply.redirect(result.data.redirectUri, 302);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Authorization failed\";\n\t\t\t\treturn sendMcpError(reply, \"server_error\", message, 500);\n\t\t\t}\n\t\t});\n\n\t\t// ── Plugin Endpoints ─────────────────────────────────────────\n\n\t\tfor (const endpoint of kavach.plugins.getEndpoints()) {\n\t\t\tconst method = endpoint.method.toLowerCase() as \"get\" | \"post\" | \"put\" | \"patch\" | \"delete\";\n\t\t\tfastify[method](endpoint.path, async (request, reply) => {\n\t\t\t\tconst url = `${request.protocol}://${request.hostname}${request.url}`;\n\t\t\t\tconst headers = new Headers(request.headers as Record<string, string>);\n\t\t\t\tconst hasBody = request.method !== \"GET\" && request.method !== \"HEAD\";\n\t\t\t\tconst body =\n\t\t\t\t\thasBody && request.body !== undefined ? JSON.stringify(request.body) : undefined;\n\t\t\t\tconst webReq = new Request(url, { method: request.method, headers, body });\n\n\t\t\t\tconst response = await kavach.plugins.handleRequest(webReq);\n\t\t\t\tif (!response) {\n\t\t\t\t\treturn sendNotFound(reply, \"Plugin endpoint not found\");\n\t\t\t\t}\n\n\t\t\t\treply.status(response.status);\n\t\t\t\tresponse.headers.forEach((value, key) => {\n\t\t\t\t\treply.header(key, value);\n\t\t\t\t});\n\t\t\t\tconst text = await response.text();\n\t\t\t\treturn reply.send(text);\n\t\t\t});\n\t\t}\n\n\t\t// POST /mcp/token\n\t\tfastify.post(\"/mcp/token\", async (request, reply) => {\n\t\t\tif (!mcp) return sendNotFound(reply, \"MCP module not configured\");\n\t\t\ttry {\n\t\t\t\t// Build a Web API Request from the Fastify request for MCP module compatibility\n\t\t\t\tconst url = `${request.protocol}://${request.hostname}${request.url}`;\n\t\t\t\tconst body = JSON.stringify(request.body);\n\t\t\t\tconst webRequest = new Request(url, {\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t...(request.headers as Record<string, string>),\n\t\t\t\t\t\t\"Content-Type\": \"application/json\",\n\t\t\t\t\t},\n\t\t\t\t\tbody,\n\t\t\t\t});\n\t\t\t\tconst result = await mcp.token(webRequest);\n\t\t\t\tif (!result.success) {\n\t\t\t\t\tconst status = result.error.code === \"INVALID_CLIENT\" ? 401 : 400;\n\t\t\t\t\treturn sendMcpNoStore(\n\t\t\t\t\t\treply,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\terror: result.error.code.toLowerCase(),\n\t\t\t\t\t\t\terror_description: result.error.message,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tstatus,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\treturn sendMcpNoStore(reply, result.data);\n\t\t\t} catch (err) {\n\t\t\t\tconst message = err instanceof Error ? err.message : \"Token exchange failed\";\n\t\t\t\treturn sendMcpNoStore(reply, { error: \"server_error\", error_description: message }, 500);\n\t\t\t}\n\t\t});\n\t};\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kavachos/fastify",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "description": "Fastify adapter for KavachOS - exposes agent auth as HTTP REST endpoints",
   "type": "module",
   "main": "dist/index.js",
@@ -31,7 +31,7 @@
   "peerDependencies": {
     "fastify": ">=4.0.0",
     "zod": ">=3.0.0",
-    "kavachos": "0.0.2"
+    "kavachos": "0.0.4"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",
@@ -39,7 +39,7 @@
     "tsup": "^8.4.0",
     "typescript": "^5.8.0",
     "zod": "^3.24.0",
-    "kavachos": "0.0.2"
+    "kavachos": "0.0.4"
   },
   "scripts": {
     "build": "tsup",