npm - @kavachos/nuxt - Versions diffs - 0.0.2 → 0.0.3 - Mend

@kavachos/nuxt 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import { EventHandler } from 'h3';
+import { Kavach } from 'kavachos';
+import { McpAuthModule } from 'kavachos/mcp';
+interface KavachNuxtOptions {
+    /**
+     * The MCP OAuth 2.1 module. When provided, MCP endpoints are enabled.
+     */
+    mcp?: McpAuthModule;
+    /**
+     * The URL path prefix before the catch-all segment.
+     * Defaults to `/api/kavach`.
+     *
+     * @example `/api/auth/kavach`
+     */
+    basePath?: string;
+}
+/**
+ * Create a Nuxt/H3 event handler for all KavachOS REST API routes.
+ *
+ * Mount in `server/api/kavach/[...].ts`:
+ *
+ * @example
+ * ```typescript
+ * import { createKavach } from 'kavachos';
+ * import { kavachNuxt } from '@kavachos/nuxt';
+ *
+ * const kavach = createKavach({ database: { provider: 'sqlite', url: 'kavach.db' } });
+ * export default kavachNuxt(kavach);
+ * ```
+ *
+ * With MCP OAuth 2.1:
+ * ```typescript
+ * import { createMcpModule } from 'kavachos/mcp';
+ * const mcp = createMcpModule({ ... });
+ * export default kavachNuxt(kavach, { mcp });
+ * ```
+ */
+declare function kavachNuxt(kavach: Kavach, options?: KavachNuxtOptions): EventHandler;
+export { type KavachNuxtOptions, kavachNuxt };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,593 @@
+import { defineEventHandler, getRequestURL, readBody, setResponseStatus, setHeader } from 'h3';
+import { z } from 'zod';
+// src/adapter.ts
+var PermissionConstraintsSchema = z.object({
+  maxCallsPerHour: z.number().int().positive().optional(),
+  allowedArgPatterns: z.array(z.string()).optional(),
+  requireApproval: z.boolean().optional(),
+  timeWindow: z.object({
+    start: z.string(),
+    end: z.string()
+  }).optional(),
+  ipAllowlist: z.array(z.string()).optional()
+});
+var PermissionSchema = z.object({
+  resource: z.string().min(1),
+  actions: z.array(z.string().min(1)).min(1),
+  constraints: PermissionConstraintsSchema.optional()
+});
+var CreateAgentSchema = z.object({
+  ownerId: z.string().min(1),
+  name: z.string().min(1),
+  type: z.enum(["autonomous", "delegated", "service"]),
+  permissions: z.array(PermissionSchema).min(1),
+  expiresAt: z.coerce.date().optional(),
+  metadata: z.record(z.unknown()).optional()
+});
+var UpdateAgentSchema = z.object({
+  name: z.string().min(1).optional(),
+  permissions: z.array(PermissionSchema).optional(),
+  expiresAt: z.coerce.date().optional(),
+  metadata: z.record(z.unknown()).optional()
+});
+var AuthorizeSchema = z.object({
+  agentId: z.string().min(1),
+  action: z.string().min(1),
+  resource: z.string().min(1),
+  arguments: z.record(z.unknown()).optional()
+});
+var AuthorizeByTokenSchema = z.object({
+  action: z.string().min(1),
+  resource: z.string().min(1),
+  arguments: z.record(z.unknown()).optional()
+});
+var DelegateSchema = z.object({
+  fromAgent: z.string().min(1),
+  toAgent: z.string().min(1),
+  permissions: z.array(PermissionSchema).min(1),
+  expiresAt: z.coerce.date(),
+  maxDepth: z.number().int().positive().optional()
+});
+function ok(data, status = 200) {
+  return new Response(JSON.stringify({ data }), {
+    status,
+    headers: { "Content-Type": "application/json" }
+  });
+}
+function created(data) {
+  return ok(data, 201);
+}
+function errorResponse(code, message, status) {
+  return new Response(JSON.stringify({ error: { code, message } }), {
+    status,
+    headers: { "Content-Type": "application/json" }
+  });
+}
+function badRequest(message) {
+  return errorResponse("BAD_REQUEST", message, 400);
+}
+function unauthorized(message = "Unauthorized") {
+  return errorResponse("UNAUTHORIZED", message, 401);
+}
+function notFound(message = "Not found") {
+  return errorResponse("NOT_FOUND", message, 404);
+}
+function methodNotAllowed() {
+  return errorResponse("METHOD_NOT_ALLOWED", "Method not allowed", 405);
+}
+function internalError(message = "Internal server error") {
+  return errorResponse("INTERNAL_ERROR", message, 500);
+}
+function validationError(issues) {
+  const message = issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ");
+  return badRequest(`Validation failed: ${message}`);
+}
+var MCP_CORS_HEADERS = {
+  "Access-Control-Allow-Origin": "*",
+  "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
+  "Access-Control-Allow-Headers": "Content-Type, Authorization",
+  "Access-Control-Max-Age": "86400"
+};
+function mcpOk(data, status = 200) {
+  return new Response(JSON.stringify(data), {
+    status,
+    headers: { "Content-Type": "application/json", ...MCP_CORS_HEADERS }
+  });
+}
+function mcpError(code, message, status) {
+  return new Response(JSON.stringify({ error: code, error_description: message }), {
+    status,
+    headers: { "Content-Type": "application/json", ...MCP_CORS_HEADERS }
+  });
+}
+function mcpNoStore(data, status = 200) {
+  return new Response(JSON.stringify(data), {
+    status,
+    headers: {
+      "Content-Type": "application/json",
+      "Cache-Control": "no-store",
+      Pragma: "no-cache",
+      ...MCP_CORS_HEADERS
+    }
+  });
+}
+function getSearchParam(url, key) {
+  return url.searchParams.get(key);
+}
+async function parseJsonBody(request) {
+  try {
+    const data = await request.json();
+    return { success: true, data };
+  } catch {
+    return { success: false, response: badRequest("Invalid JSON body") };
+  }
+}
+async function handleAgentList(request, kavach) {
+  const url = new URL(request.url);
+  const userId = getSearchParam(url, "userId");
+  const statusRaw = getSearchParam(url, "status");
+  const typeRaw = getSearchParam(url, "type");
+  const filter = {};
+  if (userId) filter.userId = userId;
+  if (statusRaw === "active" || statusRaw === "revoked" || statusRaw === "expired") {
+    filter.status = statusRaw;
+  }
+  if (typeRaw === "autonomous" || typeRaw === "delegated" || typeRaw === "service") {
+    filter.type = typeRaw;
+  }
+  try {
+    const agents = await kavach.agent.list(filter);
+    return ok(agents);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to list agents";
+    return internalError(message);
+  }
+}
+async function handleAgentCreate(request, kavach) {
+  const bodyResult = await parseJsonBody(request);
+  if (!bodyResult.success) return bodyResult.response;
+  const parsed = CreateAgentSchema.safeParse(bodyResult.data);
+  if (!parsed.success) return validationError(parsed.error.issues);
+  try {
+    const input = {
+      ...parsed.data,
+      permissions: parsed.data.permissions
+    };
+    const agent = await kavach.agent.create(input);
+    return created(agent);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to create agent";
+    return internalError(message);
+  }
+}
+async function handleAgentGet(id, kavach) {
+  try {
+    const agent = await kavach.agent.get(id);
+    if (!agent) return notFound(`Agent "${id}" not found`);
+    return ok(agent);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to get agent";
+    return internalError(message);
+  }
+}
+async function handleAgentUpdate(id, request, kavach) {
+  const bodyResult = await parseJsonBody(request);
+  if (!bodyResult.success) return bodyResult.response;
+  const parsed = UpdateAgentSchema.safeParse(bodyResult.data);
+  if (!parsed.success) return validationError(parsed.error.issues);
+  try {
+    const input = {
+      ...parsed.data,
+      permissions: parsed.data.permissions
+    };
+    const agent = await kavach.agent.update(id, input);
+    return ok(agent);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to update agent";
+    if (message.includes("not found")) return notFound(message);
+    return internalError(message);
+  }
+}
+async function handleAgentRevoke(id, kavach) {
+  try {
+    await kavach.agent.revoke(id);
+    return new Response(null, { status: 204 });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to revoke agent";
+    if (message.includes("not found")) return notFound(message);
+    return internalError(message);
+  }
+}
+async function handleAgentRotate(id, kavach) {
+  try {
+    const agent = await kavach.agent.rotate(id);
+    return ok(agent);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to rotate agent token";
+    if (message.includes("not found")) return notFound(message);
+    return internalError(message);
+  }
+}
+async function handleAuthorize(request, kavach) {
+  const bodyResult = await parseJsonBody(request);
+  if (!bodyResult.success) return bodyResult.response;
+  const parsed = AuthorizeSchema.safeParse(bodyResult.data);
+  if (!parsed.success) return validationError(parsed.error.issues);
+  try {
+    const result = await kavach.authorize(parsed.data.agentId, {
+      action: parsed.data.action,
+      resource: parsed.data.resource,
+      arguments: parsed.data.arguments
+    });
+    const status = result.allowed ? 200 : 403;
+    return new Response(JSON.stringify({ data: result }), {
+      status,
+      headers: { "Content-Type": "application/json" }
+    });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Authorization check failed";
+    return internalError(message);
+  }
+}
+async function handleAuthorizeByToken(request, kavach) {
+  const authHeader = request.headers.get("Authorization");
+  if (!authHeader?.startsWith("Bearer ")) {
+    return unauthorized("Missing or invalid Authorization header");
+  }
+  const token = authHeader.slice(7);
+  const bodyResult = await parseJsonBody(request);
+  if (!bodyResult.success) return bodyResult.response;
+  const parsed = AuthorizeByTokenSchema.safeParse(bodyResult.data);
+  if (!parsed.success) return validationError(parsed.error.issues);
+  try {
+    const result = await kavach.authorizeByToken(token, {
+      action: parsed.data.action,
+      resource: parsed.data.resource,
+      arguments: parsed.data.arguments
+    });
+    const status = result.allowed ? 200 : 403;
+    return new Response(JSON.stringify({ data: result }), {
+      status,
+      headers: { "Content-Type": "application/json" }
+    });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Authorization check failed";
+    return internalError(message);
+  }
+}
+async function handleDelegationCreate(request, kavach) {
+  const bodyResult = await parseJsonBody(request);
+  if (!bodyResult.success) return bodyResult.response;
+  const parsed = DelegateSchema.safeParse(bodyResult.data);
+  if (!parsed.success) return validationError(parsed.error.issues);
+  try {
+    const input = {
+      ...parsed.data,
+      permissions: parsed.data.permissions
+    };
+    const chain = await kavach.delegate(input);
+    return created(chain);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to create delegation";
+    if (message.includes("not found")) return notFound(message);
+    if (message.includes("exceeds") || message.includes("depth")) return badRequest(message);
+    return internalError(message);
+  }
+}
+async function handleDelegationRevoke(id, kavach) {
+  try {
+    await kavach.delegation.revoke(id);
+    return new Response(null, { status: 204 });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to revoke delegation";
+    if (message.includes("not found")) return notFound(message);
+    return internalError(message);
+  }
+}
+async function handleDelegationList(agentId, kavach) {
+  try {
+    const chains = await kavach.delegation.listChains(agentId);
+    return ok(chains);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to list delegation chains";
+    return internalError(message);
+  }
+}
+function buildAuditFilter(url) {
+  const filter = {};
+  const agentId = getSearchParam(url, "agentId");
+  const userId = getSearchParam(url, "userId");
+  const since = getSearchParam(url, "since");
+  const until = getSearchParam(url, "until");
+  const actions = getSearchParam(url, "actions");
+  const resultRaw = getSearchParam(url, "result");
+  const limit = getSearchParam(url, "limit");
+  const offset = getSearchParam(url, "offset");
+  if (agentId) filter.agentId = agentId;
+  if (userId) filter.userId = userId;
+  if (since) {
+    const d = new Date(since);
+    if (!Number.isNaN(d.getTime())) filter.since = d;
+  }
+  if (until) {
+    const d = new Date(until);
+    if (!Number.isNaN(d.getTime())) filter.until = d;
+  }
+  if (actions) filter.actions = actions.split(",").map((a) => a.trim());
+  if (resultRaw === "allowed" || resultRaw === "denied" || resultRaw === "rate_limited") {
+    filter.result = resultRaw;
+  }
+  if (limit) {
+    const n = Number.parseInt(limit, 10);
+    if (!Number.isNaN(n) && n > 0) filter.limit = n;
+  }
+  if (offset) {
+    const n = Number.parseInt(offset, 10);
+    if (!Number.isNaN(n) && n >= 0) filter.offset = n;
+  }
+  return filter;
+}
+async function handleAuditQuery(request, kavach) {
+  const url = new URL(request.url);
+  const filter = buildAuditFilter(url);
+  try {
+    const entries = await kavach.audit.query(filter);
+    return ok(entries);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to query audit logs";
+    return internalError(message);
+  }
+}
+async function handleAuditExport(request, kavach) {
+  const url = new URL(request.url);
+  const format = getSearchParam(url, "format") ?? "json";
+  if (format !== "json" && format !== "csv") {
+    return badRequest('format must be "json" or "csv"');
+  }
+  const since = getSearchParam(url, "since");
+  const until = getSearchParam(url, "until");
+  const options = { format };
+  if (since) {
+    const d = new Date(since);
+    if (!Number.isNaN(d.getTime())) options.since = d;
+  }
+  if (until) {
+    const d = new Date(until);
+    if (!Number.isNaN(d.getTime())) options.until = d;
+  }
+  try {
+    const exported = await kavach.audit.export(options);
+    const contentType = format === "csv" ? "text/csv" : "application/json";
+    return new Response(exported, {
+      status: 200,
+      headers: {
+        "Content-Type": contentType,
+        "Content-Disposition": `attachment; filename="audit-export.${format}"`
+      }
+    });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to export audit logs";
+    return internalError(message);
+  }
+}
+async function handleDashboardStats(kavach) {
+  try {
+    const [agents, recentAudit] = await Promise.all([
+      kavach.agent.list(),
+      kavach.audit.query({
+        since: new Date(Date.now() - 24 * 60 * 60 * 1e3),
+        limit: 1e3
+      })
+    ]);
+    const ownerIds = new Set(agents.map((a) => a.ownerId));
+    const activeAgents = agents.filter((a) => a.status === "active");
+    const revokedAgents = agents.filter((a) => a.status === "revoked");
+    const expiredAgents = agents.filter((a) => a.status === "expired");
+    const stats = {
+      agents: {
+        total: agents.length,
+        active: activeAgents.length,
+        revoked: revokedAgents.length,
+        expired: expiredAgents.length
+      },
+      users: {
+        total: ownerIds.size
+      },
+      audit: {
+        last24h: recentAudit.length,
+        allowed: recentAudit.filter((e) => e.result === "allowed").length,
+        denied: recentAudit.filter((e) => e.result === "denied").length,
+        rateLimited: recentAudit.filter((e) => e.result === "rate_limited").length
+      }
+    };
+    return ok(stats);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to fetch dashboard stats";
+    return internalError(message);
+  }
+}
+async function dispatch(request, kavach, mcp, basePath) {
+  const url = new URL(request.url);
+  const raw = url.pathname;
+  const relative = raw.startsWith(basePath) ? raw.slice(basePath.length) : raw;
+  const pathname = relative.startsWith("/") ? relative : `/${relative}`;
+  const method = request.method.toUpperCase();
+  if (method === "OPTIONS") {
+    if (pathname.startsWith("/mcp/") || pathname.startsWith("/.well-known/")) {
+      return new Response(null, { status: 204, headers: MCP_CORS_HEADERS });
+    }
+  }
+  if (pathname === "/.well-known/oauth-authorization-server" && method === "GET") {
+    if (!mcp) return notFound("MCP module not configured");
+    return mcpOk(mcp.getMetadata());
+  }
+  if (pathname === "/.well-known/oauth-protected-resource" && method === "GET") {
+    if (!mcp) return notFound("MCP module not configured");
+    return mcpOk(mcp.getProtectedResourceMetadata());
+  }
+  if (pathname === "/mcp/register" && method === "POST") {
+    if (!mcp) return notFound("MCP module not configured");
+    let body;
+    try {
+      body = await request.json();
+    } catch {
+      return mcpError("invalid_request", "Invalid JSON body", 400);
+    }
+    try {
+      const result = await mcp.registerClient(body);
+      if (!result.success) {
+        return mcpError("invalid_client_metadata", result.error.message, 400);
+      }
+      return mcpNoStore(result.data, 201);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Registration failed";
+      return mcpError("server_error", message, 500);
+    }
+  }
+  if (pathname === "/mcp/authorize" && method === "GET") {
+    if (!mcp) return notFound("MCP module not configured");
+    try {
+      const result = await mcp.authorize(request);
+      if (!result.success) {
+        if (result.error.code === "LOGIN_REQUIRED") {
+          const details = result.error.details;
+          if (details?.loginPage) {
+            const loginUrl = new URL(details.loginPage);
+            if (details.returnTo) {
+              loginUrl.searchParams.set("returnTo", details.returnTo);
+            }
+            return Response.redirect(loginUrl.toString(), 302);
+          }
+        }
+        return mcpError(result.error.code.toLowerCase(), result.error.message, 400);
+      }
+      return Response.redirect(result.data.redirectUri, 302);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Authorization failed";
+      return mcpError("server_error", message, 500);
+    }
+  }
+  if (pathname === "/mcp/token" && method === "POST") {
+    if (!mcp) return notFound("MCP module not configured");
+    try {
+      const result = await mcp.token(request);
+      if (!result.success) {
+        const status = result.error.code === "INVALID_CLIENT" ? 401 : 400;
+        return mcpNoStore(
+          {
+            error: result.error.code.toLowerCase(),
+            error_description: result.error.message
+          },
+          status
+        );
+      }
+      return mcpNoStore(result.data);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Token exchange failed";
+      return mcpNoStore({ error: "server_error", error_description: message }, 500);
+    }
+  }
+  if (pathname === "/agents") {
+    if (method === "GET") return handleAgentList(request, kavach);
+    if (method === "POST") return handleAgentCreate(request, kavach);
+    return methodNotAllowed();
+  }
+  const rotateMatch = /^\/agents\/([^/]+)\/rotate$/.exec(pathname);
+  if (rotateMatch) {
+    const id = rotateMatch[1];
+    if (!id) return badRequest("Missing agent id");
+    if (method === "POST") return handleAgentRotate(id, kavach);
+    return methodNotAllowed();
+  }
+  const agentMatch = /^\/agents\/([^/]+)$/.exec(pathname);
+  if (agentMatch) {
+    const id = agentMatch[1];
+    if (!id) return badRequest("Missing agent id");
+    if (method === "GET") return handleAgentGet(id, kavach);
+    if (method === "PATCH") return handleAgentUpdate(id, request, kavach);
+    if (method === "DELETE") return handleAgentRevoke(id, kavach);
+    return methodNotAllowed();
+  }
+  if (pathname === "/authorize") {
+    if (method === "POST") return handleAuthorize(request, kavach);
+    return methodNotAllowed();
+  }
+  if (pathname === "/authorize/token") {
+    if (method === "POST") return handleAuthorizeByToken(request, kavach);
+    return methodNotAllowed();
+  }
+  if (pathname === "/delegations") {
+    if (method === "POST") return handleDelegationCreate(request, kavach);
+    return methodNotAllowed();
+  }
+  const delegationMatch = /^\/delegations\/([^/]+)$/.exec(pathname);
+  if (delegationMatch) {
+    const id = delegationMatch[1];
+    if (!id) return badRequest("Missing delegation id");
+    if (method === "DELETE") return handleDelegationRevoke(id, kavach);
+    if (method === "GET") return handleDelegationList(id, kavach);
+    return methodNotAllowed();
+  }
+  if (pathname === "/audit/export") {
+    if (method === "GET") return handleAuditExport(request, kavach);
+    return methodNotAllowed();
+  }
+  if (pathname === "/audit") {
+    if (method === "GET") return handleAuditQuery(request, kavach);
+    return methodNotAllowed();
+  }
+  if (pathname === "/dashboard/stats") {
+    if (method === "GET") return handleDashboardStats(kavach);
+    return methodNotAllowed();
+  }
+  if (pathname === "/dashboard/agents") {
+    if (method === "GET") return handleAgentList(request, kavach);
+    return methodNotAllowed();
+  }
+  if (pathname === "/dashboard/audit") {
+    if (method === "GET") return handleAuditQuery(request, kavach);
+    return methodNotAllowed();
+  }
+  return notFound("Route not found");
+}
+// src/adapter.ts
+function kavachNuxt(kavach, options) {
+  const mcp = options?.mcp;
+  const basePath = options?.basePath ?? "/api/kavach";
+  return defineEventHandler(async (event) => {
+    const url = getRequestURL(event);
+    const method = event.method ?? "GET";
+    const headers = new Headers();
+    const rawHeaders = event.headers;
+    rawHeaders.forEach((value, key) => {
+      headers.set(key, value);
+    });
+    let body = null;
+    if (method !== "GET" && method !== "HEAD" && method !== "OPTIONS") {
+      try {
+        const raw = await readBody(event);
+        if (raw !== void 0 && raw !== null) {
+          body = JSON.stringify(raw);
+          headers.set("Content-Type", "application/json");
+        }
+      } catch {
+      }
+    }
+    const request = new Request(url.toString(), { method, headers, body });
+    const response = await dispatch(request, kavach, mcp, basePath);
+    setResponseStatus(event, response.status);
+    response.headers.forEach((value, key) => {
+      setHeader(event, key, value);
+    });
+    if (response.status === 204 || response.body === null) {
+      return null;
+    }
+    return response.text();
+  });
+}
+export { kavachNuxt };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/dispatch.ts","../src/adapter.ts"],"names":[],"mappings":";;;;AAcA,IAAM,2BAAA,GAA8B,EAAE,MAAA,CAAO;AAAA,EAC5C,eAAA,EAAiB,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACtD,oBAAoB,CAAA,CAAE,KAAA,CAAM,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EACjD,eAAA,EAAiB,CAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EACtC,UAAA,EAAY,EACV,MAAA,CAAO;AAAA,IACP,KAAA,EAAO,EAAE,MAAA,EAAO;AAAA,IAChB,GAAA,EAAK,EAAE,MAAA;AAAO,GACd,EACA,QAAA,EAAS;AAAA,EACX,aAAa,CAAA,CAAE,KAAA,CAAM,EAAE,MAAA,EAAQ,EAAE,QAAA;AAClC,CAAC,CAAA;AAED,IAAM,gBAAA,GAAmB,EAAE,MAAA,CAAO;AAAA,EACjC,QAAA,EAAU,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC1B,OAAA,EAAS,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA;AAAA,EACzC,WAAA,EAAa,4BAA4B,QAAA;AAC1C,CAAC,CAAA;AAED,IAAM,iBAAA,GAAoB,EAAE,MAAA,CAAO;AAAA,EAClC,OAAA,EAAS,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACzB,IAAA,EAAM,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,MAAM,CAAA,CAAE,IAAA,CAAK,CAAC,YAAA,EAAc,WAAA,EAAa,SAAS,CAAC,CAAA;AAAA,EACnD,aAAa,CAAA,CAAE,KAAA,CAAM,gBAAgB,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAC5C,SAAA,EAAW,CAAA,CAAE,MAAA,CAAO,IAAA,GAAO,QAAA,EAAS;AAAA,EACpC,UAAU,CAAA,CAAE,MAAA,CAAO,EAAE,OAAA,EAAS,EAAE,QAAA;AACjC,CAAC,CAAA;AAED,IAAM,iBAAA,GAAoB,EAAE,MAAA,CAAO;AAAA,EAClC,MAAM,CAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACjC,WAAA,EAAa,CAAA,CAAE,KAAA,CAAM,gBAAgB,EAAE,QAAA,EAAS;AAAA,EAChD,SAAA,EAAW,CAAA,CAAE,MAAA,CAAO,IAAA,GAAO,QAAA,EAAS;AAAA,EACpC,UAAU,CAAA,CAAE,MAAA,CAAO,EAAE,OAAA,EAAS,EAAE,QAAA;AACjC,CAAC,CAAA;AAED,IAAM,eAAA,GAAkB,EAAE,MAAA,CAAO;AAAA,EAChC,OAAA,EAAS,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACzB,MAAA,EAAQ,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACxB,QAAA,EAAU,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC1B,WAAW,CAAA,CAAE,MAAA,CAAO,EAAE,OAAA,EAAS,EAAE,QAAA;AAClC,CAAC,CAAA;AAED,IAAM,sBAAA,GAAyB,EAAE,MAAA,CAAO;AAAA,EACvC,MAAA,EAAQ,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACxB,QAAA,EAAU,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC1B,WAAW,CAAA,CAAE,MAAA,CAAO,EAAE,OAAA,EAAS,EAAE,QAAA;AAClC,CAAC,CAAA;AAED,IAAM,cAAA,GAAiB,EAAE,MAAA,CAAO;AAAA,EAC/B,SAAA,EAAW,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,OAAA,EAAS,CAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACzB,aAAa,CAAA,CAAE,KAAA,CAAM,gBAAgB,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EAC5C,SAAA,EAAW,CAAA,CAAE,MAAA,CAAO,IAAA,EAAK;AAAA,EACzB,QAAA,EAAU,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA;AACvC,CAAC,CAAA;AAID,SAAS,EAAA,CAAM,IAAA,EAAS,MAAA,GAAS,GAAA,EAAe;AAC/C,EAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,UAAU,EAAE,IAAA,EAAM,CAAA,EAAG;AAAA,IAC7C,MAAA;AAAA,IACA,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC9C,CAAA;AACF;AAEA,SAAS,QAAW,IAAA,EAAmB;AACtC,EAAA,OAAO,EAAA,CAAG,MAAM,GAAG,CAAA;AACpB;AAEA,SAAS,aAAA,CAAc,IAAA,EAAc,OAAA,EAAiB,MAAA,EAA0B;AAC/E,EAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,EAAE,IAAA,EAAM,OAAA,EAAQ,EAAG,CAAA,EAAG;AAAA,IACjE,MAAA;AAAA,IACA,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,GAC9C,CAAA;AACF;AAEA,SAAS,WAAW,OAAA,EAA2B;AAC9C,EAAA,OAAO,aAAA,CAAc,aAAA,EAAe,OAAA,EAAS,GAAG,CAAA;AACjD;AAEA,SAAS,YAAA,CAAa,UAAU,cAAA,EAA0B;AACzD,EAAA,OAAO,aAAA,CAAc,cAAA,EAAgB,OAAA,EAAS,GAAG,CAAA;AAClD;AAEA,SAAS,QAAA,CAAS,UAAU,WAAA,EAAuB;AAClD,EAAA,OAAO,aAAA,CAAc,WAAA,EAAa,OAAA,EAAS,GAAG,CAAA;AAC/C;AAEA,SAAS,gBAAA,GAA6B;AACrC,EAAA,OAAO,aAAA,CAAc,oBAAA,EAAsB,oBAAA,EAAsB,GAAG,CAAA;AACrE;AAEA,SAAS,aAAA,CAAc,UAAU,uBAAA,EAAmC;AACnE,EAAA,OAAO,aAAA,CAAc,gBAAA,EAAkB,OAAA,EAAS,GAAG,CAAA;AACpD;AAEA,SAAS,gBAAgB,MAAA,EAAgC;AACxD,EAAA,MAAM,UAAU,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,GAAG,CAAA,CAAE,IAAA,CAAK,IAAA,CAAK,GAAG,CAAC,CAAA,EAAA,EAAK,CAAA,CAAE,OAAO,CAAA,CAAE,CAAA,CAAE,KAAK,IAAI,CAAA;AAChF,EAAA,OAAO,UAAA,CAAW,CAAA,mBAAA,EAAsB,OAAO,CAAA,CAAE,CAAA;AAClD;AAIA,IAAM,gBAAA,GAAmB;AAAA,EACxB,6BAAA,EAA+B,GAAA;AAAA,EAC/B,8BAAA,EAAgC,oBAAA;AAAA,EAChC,8BAAA,EAAgC,6BAAA;AAAA,EAChC,wBAAA,EAA0B;AAC3B,CAAA;AAEA,SAAS,KAAA,CAAS,IAAA,EAAS,MAAA,GAAS,GAAA,EAAe;AAClD,EAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG;AAAA,IACzC,MAAA;AAAA,IACA,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAoB,GAAG,gBAAA;AAAiB,GACnE,CAAA;AACF;AAEA,SAAS,QAAA,CAAS,IAAA,EAAc,OAAA,EAAiB,MAAA,EAA0B;AAC1E,EAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAO,IAAA,EAAM,iBAAA,EAAmB,OAAA,EAAS,CAAA,EAAG;AAAA,IAChF,MAAA;AAAA,IACA,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAoB,GAAG,gBAAA;AAAiB,GACnE,CAAA;AACF;AAEA,SAAS,UAAA,CAAc,IAAA,EAAS,MAAA,GAAS,GAAA,EAAe;AACvD,EAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG;AAAA,IACzC,MAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACR,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB,UAAA;AAAA,MACjB,MAAA,EAAQ,UAAA;AAAA,MACR,GAAG;AAAA;AACJ,GACA,CAAA;AACF;AAIA,SAAS,cAAA,CAAe,KAAU,GAAA,EAA4B;AAC7D,EAAA,OAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,GAAG,CAAA;AAChC;AAEA,eAAe,cACd,OAAA,EACqF;AACrF,EAAA,IAAI;AACH,IAAA,MAAM,IAAA,GAAQ,MAAM,OAAA,CAAQ,IAAA,EAAK;AACjC,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,EAAK;AAAA,EAC9B,CAAA,CAAA,MAAQ;AACP,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,QAAA,EAAU,UAAA,CAAW,mBAAmB,CAAA,EAAE;AAAA,EACpE;AACD;AAIA,eAAe,eAAA,CAAgB,SAAkB,MAAA,EAAmC;AACnF,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,GAAA,EAAK,QAAQ,CAAA;AAC3C,EAAA,MAAM,SAAA,GAAY,cAAA,CAAe,GAAA,EAAK,QAAQ,CAAA;AAC9C,EAAA,MAAM,OAAA,GAAU,cAAA,CAAe,GAAA,EAAK,MAAM,CAAA;AAE1C,EAAA,MAAM,SAAsB,EAAC;AAC7B,EAAA,IAAI,MAAA,SAAe,MAAA,GAAS,MAAA;AAC5B,EAAA,IAAI,SAAA,KAAc,QAAA,IAAY,SAAA,KAAc,SAAA,IAAa,cAAc,SAAA,EAAW;AACjF,IAAA,MAAA,CAAO,MAAA,GAAS,SAAA;AAAA,EACjB;AACA,EAAA,IAAI,OAAA,KAAY,YAAA,IAAgB,OAAA,KAAY,WAAA,IAAe,YAAY,SAAA,EAAW;AACjF,IAAA,MAAA,CAAO,IAAA,GAAO,OAAA;AAAA,EACf;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,KAAA,CAAM,KAAK,MAAM,CAAA;AAC7C,IAAA,OAAO,GAAG,MAAM,CAAA;AAAA,EACjB,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,uBAAA;AACrD,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,iBAAA,CAAkB,SAAkB,MAAA,EAAmC;AACrF,EAAA,MAAM,UAAA,GAAa,MAAM,aAAA,CAAc,OAAO,CAAA;AAC9C,EAAA,IAAI,CAAC,UAAA,CAAW,OAAA,EAAS,OAAO,UAAA,CAAW,QAAA;AAE3C,EAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,SAAA,CAAU,UAAA,CAAW,IAAI,CAAA;AAC1D,EAAA,IAAI,CAAC,MAAA,CAAO,OAAA,SAAgB,eAAA,CAAgB,MAAA,CAAO,MAAM,MAAM,CAAA;AAE/D,EAAA,IAAI;AACH,IAAA,MAAM,KAAA,GAA0B;AAAA,MAC/B,GAAG,MAAA,CAAO,IAAA;AAAA,MACV,WAAA,EAAa,OAAO,IAAA,CAAK;AAAA,KAC1B;AACA,IAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,KAAA,CAAM,OAAO,KAAK,CAAA;AAC7C,IAAA,OAAO,QAAQ,KAAK,CAAA;AAAA,EACrB,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,wBAAA;AACrD,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,cAAA,CAAe,IAAY,MAAA,EAAmC;AAC5E,EAAA,IAAI;AACH,IAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,KAAA,CAAM,IAAI,EAAE,CAAA;AACvC,IAAA,IAAI,CAAC,KAAA,EAAO,OAAO,QAAA,CAAS,CAAA,OAAA,EAAU,EAAE,CAAA,WAAA,CAAa,CAAA;AACrD,IAAA,OAAO,GAAG,KAAK,CAAA;AAAA,EAChB,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,qBAAA;AACrD,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,iBAAA,CAAkB,EAAA,EAAY,OAAA,EAAkB,MAAA,EAAmC;AACjG,EAAA,MAAM,UAAA,GAAa,MAAM,aAAA,CAAc,OAAO,CAAA;AAC9C,EAAA,IAAI,CAAC,UAAA,CAAW,OAAA,EAAS,OAAO,UAAA,CAAW,QAAA;AAE3C,EAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,SAAA,CAAU,UAAA,CAAW,IAAI,CAAA;AAC1D,EAAA,IAAI,CAAC,MAAA,CAAO,OAAA,SAAgB,eAAA,CAAgB,MAAA,CAAO,MAAM,MAAM,CAAA;AAE/D,EAAA,IAAI;AACH,IAAA,MAAM,KAAA,GAA0B;AAAA,MAC/B,GAAG,MAAA,CAAO,IAAA;AAAA,MACV,WAAA,EAAa,OAAO,IAAA,CAAK;AAAA,KAC1B;AACA,IAAA,MAAM,QAAQ,MAAM,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,IAAI,KAAK,CAAA;AACjD,IAAA,OAAO,GAAG,KAAK,CAAA;AAAA,EAChB,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,wBAAA;AACrD,IAAA,IAAI,QAAQ,QAAA,CAAS,WAAW,CAAA,EAAG,OAAO,SAAS,OAAO,CAAA;AAC1D,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,iBAAA,CAAkB,IAAY,MAAA,EAAmC;AAC/E,EAAA,IAAI;AACH,IAAA,MAAM,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,EAAE,CAAA;AAC5B,IAAA,OAAO,IAAI,QAAA,CAAS,IAAA,EAAM,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,EAC1C,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,wBAAA;AACrD,IAAA,IAAI,QAAQ,QAAA,CAAS,WAAW,CAAA,EAAG,OAAO,SAAS,OAAO,CAAA;AAC1D,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,iBAAA,CAAkB,IAAY,MAAA,EAAmC;AAC/E,EAAA,IAAI;AACH,IAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,KAAA,CAAM,OAAO,EAAE,CAAA;AAC1C,IAAA,OAAO,GAAG,KAAK,CAAA;AAAA,EAChB,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,8BAAA;AACrD,IAAA,IAAI,QAAQ,QAAA,CAAS,WAAW,CAAA,EAAG,OAAO,SAAS,OAAO,CAAA;AAC1D,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,eAAA,CAAgB,SAAkB,MAAA,EAAmC;AACnF,EAAA,MAAM,UAAA,GAAa,MAAM,aAAA,CAAc,OAAO,CAAA;AAC9C,EAAA,IAAI,CAAC,UAAA,CAAW,OAAA,EAAS,OAAO,UAAA,CAAW,QAAA;AAE3C,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,SAAA,CAAU,UAAA,CAAW,IAAI,CAAA;AACxD,EAAA,IAAI,CAAC,MAAA,CAAO,OAAA,SAAgB,eAAA,CAAgB,MAAA,CAAO,MAAM,MAAM,CAAA;AAE/D,EAAA,IAAI;AACH,IAAA,MAAM,SAAS,MAAM,MAAA,CAAO,SAAA,CAAU,MAAA,CAAO,KAAK,OAAA,EAAS;AAAA,MAC1D,MAAA,EAAQ,OAAO,IAAA,CAAK,MAAA;AAAA,MACpB,QAAA,EAAU,OAAO,IAAA,CAAK,QAAA;AAAA,MACtB,SAAA,EAAW,OAAO,IAAA,CAAK;AAAA,KACvB,CAAA;AACD,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,OAAA,GAAU,GAAA,GAAM,GAAA;AACtC,IAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,IAAA,EAAM,MAAA,EAAQ,CAAA,EAAG;AAAA,MACrD,MAAA;AAAA,MACA,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAC9C,CAAA;AAAA,EACF,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,4BAAA;AACrD,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,sBAAA,CAAuB,SAAkB,MAAA,EAAmC;AAC1F,EAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,EAAA,IAAI,CAAC,UAAA,EAAY,UAAA,CAAW,SAAS,CAAA,EAAG;AACvC,IAAA,OAAO,aAAa,yCAAyC,CAAA;AAAA,EAC9D;AACA,EAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA;AAEhC,EAAA,MAAM,UAAA,GAAa,MAAM,aAAA,CAAc,OAAO,CAAA;AAC9C,EAAA,IAAI,CAAC,UAAA,CAAW,OAAA,EAAS,OAAO,UAAA,CAAW,QAAA;AAE3C,EAAA,MAAM,MAAA,GAAS,sBAAA,CAAuB,SAAA,CAAU,UAAA,CAAW,IAAI,CAAA;AAC/D,EAAA,IAAI,CAAC,MAAA,CAAO,OAAA,SAAgB,eAAA,CAAgB,MAAA,CAAO,MAAM,MAAM,CAAA;AAE/D,EAAA,IAAI;AACH,IAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,gBAAA,CAAiB,KAAA,EAAO;AAAA,MACnD,MAAA,EAAQ,OAAO,IAAA,CAAK,MAAA;AAAA,MACpB,QAAA,EAAU,OAAO,IAAA,CAAK,QAAA;AAAA,MACtB,SAAA,EAAW,OAAO,IAAA,CAAK;AAAA,KACvB,CAAA;AACD,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,OAAA,GAAU,GAAA,GAAM,GAAA;AACtC,IAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,IAAA,EAAM,MAAA,EAAQ,CAAA,EAAG;AAAA,MACrD,MAAA;AAAA,MACA,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAC9C,CAAA;AAAA,EACF,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,4BAAA;AACrD,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,sBAAA,CAAuB,SAAkB,MAAA,EAAmC;AAC1F,EAAA,MAAM,UAAA,GAAa,MAAM,aAAA,CAAc,OAAO,CAAA;AAC9C,EAAA,IAAI,CAAC,UAAA,CAAW,OAAA,EAAS,OAAO,UAAA,CAAW,QAAA;AAE3C,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,SAAA,CAAU,UAAA,CAAW,IAAI,CAAA;AACvD,EAAA,IAAI,CAAC,MAAA,CAAO,OAAA,SAAgB,eAAA,CAAgB,MAAA,CAAO,MAAM,MAAM,CAAA;AAE/D,EAAA,IAAI;AACH,IAAA,MAAM,KAAA,GAAuB;AAAA,MAC5B,GAAG,MAAA,CAAO,IAAA;AAAA,MACV,WAAA,EAAa,OAAO,IAAA,CAAK;AAAA,KAC1B;AACA,IAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA;AACzC,IAAA,OAAO,QAAQ,KAAK,CAAA;AAAA,EACrB,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,6BAAA;AACrD,IAAA,IAAI,QAAQ,QAAA,CAAS,WAAW,CAAA,EAAG,OAAO,SAAS,OAAO,CAAA;AAC1D,IAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,SAAS,CAAA,IAAK,OAAA,CAAQ,SAAS,OAAO,CAAA,EAAG,OAAO,UAAA,CAAW,OAAO,CAAA;AACvF,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,sBAAA,CAAuB,IAAY,MAAA,EAAmC;AACpF,EAAA,IAAI;AACH,IAAA,MAAM,MAAA,CAAO,UAAA,CAAW,MAAA,CAAO,EAAE,CAAA;AACjC,IAAA,OAAO,IAAI,QAAA,CAAS,IAAA,EAAM,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,EAC1C,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,6BAAA;AACrD,IAAA,IAAI,QAAQ,QAAA,CAAS,WAAW,CAAA,EAAG,OAAO,SAAS,OAAO,CAAA;AAC1D,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,oBAAA,CAAqB,SAAiB,MAAA,EAAmC;AACvF,EAAA,IAAI;AACH,IAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,UAAA,CAAW,WAAW,OAAO,CAAA;AACzD,IAAA,OAAO,GAAG,MAAM,CAAA;AAAA,EACjB,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,kCAAA;AACrD,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,SAAS,iBAAiB,GAAA,EAAuB;AAChD,EAAA,MAAM,SAAsB,EAAC;AAE7B,EAAA,MAAM,OAAA,GAAU,cAAA,CAAe,GAAA,EAAK,SAAS,CAAA;AAC7C,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,GAAA,EAAK,QAAQ,CAAA;AAC3C,EAAA,MAAM,KAAA,GAAQ,cAAA,CAAe,GAAA,EAAK,OAAO,CAAA;AACzC,EAAA,MAAM,KAAA,GAAQ,cAAA,CAAe,GAAA,EAAK,OAAO,CAAA;AACzC,EAAA,MAAM,OAAA,GAAU,cAAA,CAAe,GAAA,EAAK,SAAS,CAAA;AAC7C,EAAA,MAAM,SAAA,GAAY,cAAA,CAAe,GAAA,EAAK,QAAQ,CAAA;AAC9C,EAAA,MAAM,KAAA,GAAQ,cAAA,CAAe,GAAA,EAAK,OAAO,CAAA;AACzC,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,GAAA,EAAK,QAAQ,CAAA;AAE3C,EAAA,IAAI,OAAA,SAAgB,OAAA,GAAU,OAAA;AAC9B,EAAA,IAAI,MAAA,SAAe,MAAA,GAAS,MAAA;AAC5B,EAAA,IAAI,KAAA,EAAO;AACV,IAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,KAAK,CAAA;AACxB,IAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAA,CAAE,SAAS,CAAA,SAAU,KAAA,GAAQ,CAAA;AAAA,EAChD;AACA,EAAA,IAAI,KAAA,EAAO;AACV,IAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,KAAK,CAAA;AACxB,IAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAA,CAAE,SAAS,CAAA,SAAU,KAAA,GAAQ,CAAA;AAAA,EAChD;AACA,EAAA,IAAI,OAAA,EAAS,MAAA,CAAO,OAAA,GAAU,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,IAAA,EAAM,CAAA;AACpE,EAAA,IAAI,SAAA,KAAc,SAAA,IAAa,SAAA,KAAc,QAAA,IAAY,cAAc,cAAA,EAAgB;AACtF,IAAA,MAAA,CAAO,MAAA,GAAS,SAAA;AAAA,EACjB;AACA,EAAA,IAAI,KAAA,EAAO;AACV,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,QAAA,CAAS,KAAA,EAAO,EAAE,CAAA;AACnC,IAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAC,KAAK,CAAA,GAAI,CAAA,SAAU,KAAA,GAAQ,CAAA;AAAA,EAC/C;AACA,EAAA,IAAI,MAAA,EAAQ;AACX,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,QAAA,CAAS,MAAA,EAAQ,EAAE,CAAA;AACpC,IAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAC,KAAK,CAAA,IAAK,CAAA,SAAU,MAAA,GAAS,CAAA;AAAA,EACjD;AAEA,EAAA,OAAO,MAAA;AACR;AAEA,eAAe,gBAAA,CAAiB,SAAkB,MAAA,EAAmC;AACpF,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,EAAA,MAAM,MAAA,GAAS,iBAAiB,GAAG,CAAA;AAEnC,EAAA,IAAI;AACH,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,KAAA,CAAM,MAAM,MAAM,CAAA;AAC/C,IAAA,OAAO,GAAG,OAAO,CAAA;AAAA,EAClB,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,4BAAA;AACrD,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,iBAAA,CAAkB,SAAkB,MAAA,EAAmC;AACrF,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,GAAA,EAAK,QAAQ,CAAA,IAAK,MAAA;AAChD,EAAA,IAAI,MAAA,KAAW,MAAA,IAAU,MAAA,KAAW,KAAA,EAAO;AAC1C,IAAA,OAAO,WAAW,gCAAgC,CAAA;AAAA,EACnD;AAEA,EAAA,MAAM,KAAA,GAAQ,cAAA,CAAe,GAAA,EAAK,OAAO,CAAA;AACzC,EAAA,MAAM,KAAA,GAAQ,cAAA,CAAe,GAAA,EAAK,OAAO,CAAA;AAEzC,EAAA,MAAM,OAAA,GAAkE,EAAE,MAAA,EAAO;AACjF,EAAA,IAAI,KAAA,EAAO;AACV,IAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,KAAK,CAAA;AACxB,IAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAA,CAAE,SAAS,CAAA,UAAW,KAAA,GAAQ,CAAA;AAAA,EACjD;AACA,EAAA,IAAI,KAAA,EAAO;AACV,IAAA,MAAM,CAAA,GAAI,IAAI,IAAA,CAAK,KAAK,CAAA;AACxB,IAAA,IAAI,CAAC,OAAO,KAAA,CAAM,CAAA,CAAE,SAAS,CAAA,UAAW,KAAA,GAAQ,CAAA;AAAA,EACjD;AAEA,EAAA,IAAI;AACH,IAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,KAAA,CAAM,OAAO,OAAO,CAAA;AAClD,IAAA,MAAM,WAAA,GAAc,MAAA,KAAW,KAAA,GAAQ,UAAA,GAAa,kBAAA;AACpD,IAAA,OAAO,IAAI,SAAS,QAAA,EAAU;AAAA,MAC7B,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACR,cAAA,EAAgB,WAAA;AAAA,QAChB,qBAAA,EAAuB,sCAAsC,MAAM,CAAA,CAAA;AAAA;AACpE,KACA,CAAA;AAAA,EACF,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,6BAAA;AACrD,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAEA,eAAe,qBAAqB,MAAA,EAAmC;AACtE,EAAA,IAAI;AACH,IAAA,MAAM,CAAC,MAAA,EAAQ,WAAW,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MAC/C,MAAA,CAAO,MAAM,IAAA,EAAK;AAAA,MAClB,MAAA,CAAO,MAAM,KAAA,CAAM;AAAA,QAClB,KAAA,EAAO,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,GAAI,CAAA;AAAA,QAChD,KAAA,EAAO;AAAA,OACP;AAAA,KACD,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,MAAA,CAAO,IAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAC,CAAA;AACrD,IAAA,MAAM,eAAe,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,QAAQ,CAAA;AAC/D,IAAA,MAAM,gBAAgB,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,SAAS,CAAA;AACjE,IAAA,MAAM,gBAAgB,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,SAAS,CAAA;AAEjE,IAAA,MAAM,KAAA,GAAQ;AAAA,MACb,MAAA,EAAQ;AAAA,QACP,OAAO,MAAA,CAAO,MAAA;AAAA,QACd,QAAQ,YAAA,CAAa,MAAA;AAAA,QACrB,SAAS,aAAA,CAAc,MAAA;AAAA,QACvB,SAAS,aAAA,CAAc;AAAA,OACxB;AAAA,MACA,KAAA,EAAO;AAAA,QACN,OAAO,QAAA,CAAS;AAAA,OACjB;AAAA,MACA,KAAA,EAAO;AAAA,QACN,SAAS,WAAA,CAAY,MAAA;AAAA,QACrB,OAAA,EAAS,YAAY,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,MAAA,KAAW,SAAS,CAAA,CAAE,MAAA;AAAA,QAC3D,MAAA,EAAQ,YAAY,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,MAAA,KAAW,QAAQ,CAAA,CAAE,MAAA;AAAA,QACzD,WAAA,EAAa,YAAY,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,MAAA,KAAW,cAAc,CAAA,CAAE;AAAA;AACrE,KACD;AACA,IAAA,OAAO,GAAG,KAAK,CAAA;AAAA,EAChB,SAAS,GAAA,EAAK;AACb,IAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,iCAAA;AACrD,IAAA,OAAO,cAAc,OAAO,CAAA;AAAA,EAC7B;AACD;AAWA,eAAsB,QAAA,CACrB,OAAA,EACA,MAAA,EACA,GAAA,EACA,QAAA,EACoB;AACpB,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAC/B,EAAA,MAAM,MAAM,GAAA,CAAI,QAAA;AAChB,EAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,QAAQ,IAAI,GAAA,CAAI,KAAA,CAAM,QAAA,CAAS,MAAM,CAAA,GAAI,GAAA;AACzE,EAAA,MAAM,WAAW,QAAA,CAAS,UAAA,CAAW,GAAG,CAAA,GAAI,QAAA,GAAW,IAAI,QAAQ,CAAA,CAAA;AACnE,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,MAAA,CAAO,WAAA,EAAY;AAG1C,EAAA,IAAI,WAAW,SAAA,EAAW;AACzB,IAAA,IAAI,SAAS,UAAA,CAAW,OAAO,KAAK,QAAA,CAAS,UAAA,CAAW,eAAe,CAAA,EAAG;AACzE,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM,EAAE,QAAQ,GAAA,EAAK,OAAA,EAAS,kBAAkB,CAAA;AAAA,IACrE;AAAA,EACD;AAIA,EAAA,IAAI,QAAA,KAAa,yCAAA,IAA6C,MAAA,KAAW,KAAA,EAAO;AAC/E,IAAA,IAAI,CAAC,GAAA,EAAK,OAAO,QAAA,CAAS,2BAA2B,CAAA;AACrD,IAAA,OAAO,KAAA,CAAM,GAAA,CAAI,WAAA,EAAa,CAAA;AAAA,EAC/B;AAEA,EAAA,IAAI,QAAA,KAAa,uCAAA,IAA2C,MAAA,KAAW,KAAA,EAAO;AAC7E,IAAA,IAAI,CAAC,GAAA,EAAK,OAAO,QAAA,CAAS,2BAA2B,CAAA;AACrD,IAAA,OAAO,KAAA,CAAM,GAAA,CAAI,4BAAA,EAA8B,CAAA;AAAA,EAChD;AAEA,EAAA,IAAI,QAAA,KAAa,eAAA,IAAmB,MAAA,KAAW,MAAA,EAAQ;AACtD,IAAA,IAAI,CAAC,GAAA,EAAK,OAAO,QAAA,CAAS,2BAA2B,CAAA;AACrD,IAAA,IAAI,IAAA;AACJ,IAAA,IAAI;AACH,MAAA,IAAA,GAAQ,MAAM,QAAQ,IAAA,EAAK;AAAA,IAC5B,CAAA,CAAA,MAAQ;AACP,MAAA,OAAO,QAAA,CAAS,iBAAA,EAAmB,mBAAA,EAAqB,GAAG,CAAA;AAAA,IAC5D;AACA,IAAA,IAAI;AACH,MAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,cAAA,CAAe,IAAgD,CAAA;AACxF,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACpB,QAAA,OAAO,QAAA,CAAS,yBAAA,EAA2B,MAAA,CAAO,KAAA,CAAM,SAAS,GAAG,CAAA;AAAA,MACrE;AACA,MAAA,OAAO,UAAA,CAAW,MAAA,CAAO,IAAA,EAAM,GAAG,CAAA;AAAA,IACnC,SAAS,GAAA,EAAK;AACb,MAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,qBAAA;AACrD,MAAA,OAAO,QAAA,CAAS,cAAA,EAAgB,OAAA,EAAS,GAAG,CAAA;AAAA,IAC7C;AAAA,EACD;AAEA,EAAA,IAAI,QAAA,KAAa,gBAAA,IAAoB,MAAA,KAAW,KAAA,EAAO;AACtD,IAAA,IAAI,CAAC,GAAA,EAAK,OAAO,QAAA,CAAS,2BAA2B,CAAA;AACrD,IAAA,IAAI;AACH,MAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,SAAA,CAAU,OAAO,CAAA;AAC1C,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACpB,QAAA,IAAI,MAAA,CAAO,KAAA,CAAM,IAAA,KAAS,gBAAA,EAAkB;AAC3C,UAAA,MAAM,OAAA,GAAU,OAAO,KAAA,CAAM,OAAA;AAG7B,UAAA,IAAI,SAAS,SAAA,EAAW;AACvB,YAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA;AAC1C,YAAA,IAAI,QAAQ,QAAA,EAAU;AACrB,cAAA,QAAA,CAAS,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,OAAA,CAAQ,QAAQ,CAAA;AAAA,YACvD;AACA,YAAA,OAAO,QAAA,CAAS,QAAA,CAAS,QAAA,CAAS,QAAA,IAAY,GAAG,CAAA;AAAA,UAClD;AAAA,QACD;AACA,QAAA,OAAO,QAAA,CAAS,OAAO,KAAA,CAAM,IAAA,CAAK,aAAY,EAAG,MAAA,CAAO,KAAA,CAAM,OAAA,EAAS,GAAG,CAAA;AAAA,MAC3E;AACA,MAAA,OAAO,QAAA,CAAS,QAAA,CAAS,MAAA,CAAO,IAAA,CAAK,aAAa,GAAG,CAAA;AAAA,IACtD,SAAS,GAAA,EAAK;AACb,MAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,sBAAA;AACrD,MAAA,OAAO,QAAA,CAAS,cAAA,EAAgB,OAAA,EAAS,GAAG,CAAA;AAAA,IAC7C;AAAA,EACD;AAEA,EAAA,IAAI,QAAA,KAAa,YAAA,IAAgB,MAAA,KAAW,MAAA,EAAQ;AACnD,IAAA,IAAI,CAAC,GAAA,EAAK,OAAO,QAAA,CAAS,2BAA2B,CAAA;AACrD,IAAA,IAAI;AACH,MAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,KAAA,CAAM,OAAO,CAAA;AACtC,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACpB,QAAA,MAAM,MAAA,GAAS,MAAA,CAAO,KAAA,CAAM,IAAA,KAAS,mBAAmB,GAAA,GAAM,GAAA;AAC9D,QAAA,OAAO,UAAA;AAAA,UACN;AAAA,YACC,KAAA,EAAO,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,WAAA,EAAY;AAAA,YACrC,iBAAA,EAAmB,OAAO,KAAA,CAAM;AAAA,WACjC;AAAA,UACA;AAAA,SACD;AAAA,MACD;AACA,MAAA,OAAO,UAAA,CAAW,OAAO,IAAI,CAAA;AAAA,IAC9B,SAAS,GAAA,EAAK;AACb,MAAA,MAAM,OAAA,GAAU,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,uBAAA;AACrD,MAAA,OAAO,WAAW,EAAE,KAAA,EAAO,gBAAgB,iBAAA,EAAmB,OAAA,IAAW,GAAG,CAAA;AAAA,IAC7E;AAAA,EACD;AAIA,EAAA,IAAI,aAAa,SAAA,EAAW;AAC3B,IAAA,IAAI,MAAA,KAAW,KAAA,EAAO,OAAO,eAAA,CAAgB,SAAS,MAAM,CAAA;AAC5D,IAAA,IAAI,MAAA,KAAW,MAAA,EAAQ,OAAO,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC/D,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAGA,EAAA,MAAM,WAAA,GAAc,6BAAA,CAA8B,IAAA,CAAK,QAAQ,CAAA;AAC/D,EAAA,IAAI,WAAA,EAAa;AAChB,IAAA,MAAM,EAAA,GAAK,YAAY,CAAC,CAAA;AACxB,IAAA,IAAI,CAAC,EAAA,EAAI,OAAO,UAAA,CAAW,kBAAkB,CAAA;AAC7C,IAAA,IAAI,MAAA,KAAW,MAAA,EAAQ,OAAO,iBAAA,CAAkB,IAAI,MAAM,CAAA;AAC1D,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAGA,EAAA,MAAM,UAAA,GAAa,qBAAA,CAAsB,IAAA,CAAK,QAAQ,CAAA;AACtD,EAAA,IAAI,UAAA,EAAY;AACf,IAAA,MAAM,EAAA,GAAK,WAAW,CAAC,CAAA;AACvB,IAAA,IAAI,CAAC,EAAA,EAAI,OAAO,UAAA,CAAW,kBAAkB,CAAA;AAC7C,IAAA,IAAI,MAAA,KAAW,KAAA,EAAO,OAAO,cAAA,CAAe,IAAI,MAAM,CAAA;AACtD,IAAA,IAAI,WAAW,OAAA,EAAS,OAAO,iBAAA,CAAkB,EAAA,EAAI,SAAS,MAAM,CAAA;AACpE,IAAA,IAAI,MAAA,KAAW,QAAA,EAAU,OAAO,iBAAA,CAAkB,IAAI,MAAM,CAAA;AAC5D,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAIA,EAAA,IAAI,aAAa,YAAA,EAAc;AAC9B,IAAA,IAAI,MAAA,KAAW,MAAA,EAAQ,OAAO,eAAA,CAAgB,SAAS,MAAM,CAAA;AAC7D,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAEA,EAAA,IAAI,aAAa,kBAAA,EAAoB;AACpC,IAAA,IAAI,MAAA,KAAW,MAAA,EAAQ,OAAO,sBAAA,CAAuB,SAAS,MAAM,CAAA;AACpE,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAIA,EAAA,IAAI,aAAa,cAAA,EAAgB;AAChC,IAAA,IAAI,MAAA,KAAW,MAAA,EAAQ,OAAO,sBAAA,CAAuB,SAAS,MAAM,CAAA;AACpE,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAGA,EAAA,MAAM,eAAA,GAAkB,0BAAA,CAA2B,IAAA,CAAK,QAAQ,CAAA;AAChE,EAAA,IAAI,eAAA,EAAiB;AACpB,IAAA,MAAM,EAAA,GAAK,gBAAgB,CAAC,CAAA;AAC5B,IAAA,IAAI,CAAC,EAAA,EAAI,OAAO,UAAA,CAAW,uBAAuB,CAAA;AAClD,IAAA,IAAI,MAAA,KAAW,QAAA,EAAU,OAAO,sBAAA,CAAuB,IAAI,MAAM,CAAA;AACjE,IAAA,IAAI,MAAA,KAAW,KAAA,EAAO,OAAO,oBAAA,CAAqB,IAAI,MAAM,CAAA;AAC5D,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAIA,EAAA,IAAI,aAAa,eAAA,EAAiB;AACjC,IAAA,IAAI,MAAA,KAAW,KAAA,EAAO,OAAO,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAC9D,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAEA,EAAA,IAAI,aAAa,QAAA,EAAU;AAC1B,IAAA,IAAI,MAAA,KAAW,KAAA,EAAO,OAAO,gBAAA,CAAiB,SAAS,MAAM,CAAA;AAC7D,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAIA,EAAA,IAAI,aAAa,kBAAA,EAAoB;AACpC,IAAA,IAAI,MAAA,KAAW,KAAA,EAAO,OAAO,oBAAA,CAAqB,MAAM,CAAA;AACxD,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAEA,EAAA,IAAI,aAAa,mBAAA,EAAqB;AACrC,IAAA,IAAI,MAAA,KAAW,KAAA,EAAO,OAAO,eAAA,CAAgB,SAAS,MAAM,CAAA;AAC5D,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAEA,EAAA,IAAI,aAAa,kBAAA,EAAoB;AACpC,IAAA,IAAI,MAAA,KAAW,KAAA,EAAO,OAAO,gBAAA,CAAiB,SAAS,MAAM,CAAA;AAC7D,IAAA,OAAO,gBAAA,EAAiB;AAAA,EACzB;AAEA,EAAA,OAAO,SAAS,iBAAiB,CAAA;AAClC;;;ACnoBO,SAAS,UAAA,CAAW,QAAgB,OAAA,EAA2C;AACrF,EAAA,MAAM,MAAM,OAAA,EAAS,GAAA;AACrB,EAAA,MAAM,QAAA,GAAW,SAAS,QAAA,IAAY,aAAA;AAEtC,EAAA,OAAO,kBAAA,CAAmB,OAAO,KAAA,KAAmB;AAGnD,IAAA,MAAM,GAAA,GAAM,cAAc,KAAK,CAAA;AAC/B,IAAA,MAAM,MAAA,GAAS,MAAM,MAAA,IAAU,KAAA;AAG/B,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAC5B,IAAA,MAAM,aAAa,KAAA,CAAM,OAAA;AACzB,IAAA,UAAA,CAAW,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AAClC,MAAA,OAAA,CAAQ,GAAA,CAAI,KAAK,KAAK,CAAA;AAAA,IACvB,CAAC,CAAA;AAID,IAAA,IAAI,IAAA,GAAwB,IAAA;AAC5B,IAAA,IAAI,MAAA,KAAW,KAAA,IAAS,MAAA,KAAW,MAAA,IAAU,WAAW,SAAA,EAAW;AAClE,MAAA,IAAI;AACH,QAAA,MAAM,GAAA,GAAM,MAAM,QAAA,CAAS,KAAK,CAAA;AAChC,QAAA,IAAI,GAAA,KAAQ,KAAA,CAAA,IAAa,GAAA,KAAQ,IAAA,EAAM;AACtC,UAAA,IAAA,GAAO,IAAA,CAAK,UAAU,GAAG,CAAA;AACzB,UAAA,OAAA,CAAQ,GAAA,CAAI,gBAAgB,kBAAkB,CAAA;AAAA,QAC/C;AAAA,MACD,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACD;AAEA,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,IAAY,EAAE,MAAA,EAAQ,OAAA,EAAS,IAAA,EAAM,CAAA;AACrE,IAAA,MAAM,WAAW,MAAM,QAAA,CAAS,OAAA,EAAS,MAAA,EAAQ,KAAK,QAAQ,CAAA;AAG9D,IAAA,iBAAA,CAAkB,KAAA,EAAO,SAAS,MAAM,CAAA;AACxC,IAAA,QAAA,CAAS,OAAA,CAAQ,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AACxC,MAAA,SAAA,CAAU,KAAA,EAAO,KAAK,KAAK,CAAA;AAAA,IAC5B,CAAC,CAAA;AAID,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,GAAA,IAAO,QAAA,CAAS,SAAS,IAAA,EAAM;AACtD,MAAA,OAAO,IAAA;AAAA,IACR;AACA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACtB,CAAC,CAAA;AACF","file":"index.js","sourcesContent":["import type {\n\tAgentFilter,\n\tAuditFilter,\n\tCreateAgentInput,\n\tDelegateInput,\n\tKavach,\n\tPermission,\n\tUpdateAgentInput,\n} from \"kavachos\";\nimport type { McpAuthModule } from \"kavachos/mcp\";\nimport { z } from \"zod\";\n\n// ─── Zod Validation Schemas ──────────────────────────────────────────────────\n\nconst PermissionConstraintsSchema = z.object({\n\tmaxCallsPerHour: z.number().int().positive().optional(),\n\tallowedArgPatterns: z.array(z.string()).optional(),\n\trequireApproval: z.boolean().optional(),\n\ttimeWindow: z\n\t\t.object({\n\t\t\tstart: z.string(),\n\t\t\tend: z.string(),\n\t\t})\n\t\t.optional(),\n\tipAllowlist: z.array(z.string()).optional(),\n});\n\nconst PermissionSchema = z.object({\n\tresource: z.string().min(1),\n\tactions: z.array(z.string().min(1)).min(1),\n\tconstraints: PermissionConstraintsSchema.optional(),\n});\n\nconst CreateAgentSchema = z.object({\n\townerId: z.string().min(1),\n\tname: z.string().min(1),\n\ttype: z.enum([\"autonomous\", \"delegated\", \"service\"]),\n\tpermissions: z.array(PermissionSchema).min(1),\n\texpiresAt: z.coerce.date().optional(),\n\tmetadata: z.record(z.unknown()).optional(),\n});\n\nconst UpdateAgentSchema = z.object({\n\tname: z.string().min(1).optional(),\n\tpermissions: z.array(PermissionSchema).optional(),\n\texpiresAt: z.coerce.date().optional(),\n\tmetadata: z.record(z.unknown()).optional(),\n});\n\nconst AuthorizeSchema = z.object({\n\tagentId: z.string().min(1),\n\taction: z.string().min(1),\n\tresource: z.string().min(1),\n\targuments: z.record(z.unknown()).optional(),\n});\n\nconst AuthorizeByTokenSchema = z.object({\n\taction: z.string().min(1),\n\tresource: z.string().min(1),\n\targuments: z.record(z.unknown()).optional(),\n});\n\nconst DelegateSchema = z.object({\n\tfromAgent: z.string().min(1),\n\ttoAgent: z.string().min(1),\n\tpermissions: z.array(PermissionSchema).min(1),\n\texpiresAt: z.coerce.date(),\n\tmaxDepth: z.number().int().positive().optional(),\n});\n\n// ─── Response Helpers ────────────────────────────────────────────────────────\n\nfunction ok<T>(data: T, status = 200): Response {\n\treturn new Response(JSON.stringify({ data }), {\n\t\tstatus,\n\t\theaders: { \"Content-Type\": \"application/json\" },\n\t});\n}\n\nfunction created<T>(data: T): Response {\n\treturn ok(data, 201);\n}\n\nfunction errorResponse(code: string, message: string, status: number): Response {\n\treturn new Response(JSON.stringify({ error: { code, message } }), {\n\t\tstatus,\n\t\theaders: { \"Content-Type\": \"application/json\" },\n\t});\n}\n\nfunction badRequest(message: string): Response {\n\treturn errorResponse(\"BAD_REQUEST\", message, 400);\n}\n\nfunction unauthorized(message = \"Unauthorized\"): Response {\n\treturn errorResponse(\"UNAUTHORIZED\", message, 401);\n}\n\nfunction notFound(message = \"Not found\"): Response {\n\treturn errorResponse(\"NOT_FOUND\", message, 404);\n}\n\nfunction methodNotAllowed(): Response {\n\treturn errorResponse(\"METHOD_NOT_ALLOWED\", \"Method not allowed\", 405);\n}\n\nfunction internalError(message = \"Internal server error\"): Response {\n\treturn errorResponse(\"INTERNAL_ERROR\", message, 500);\n}\n\nfunction validationError(issues: z.ZodIssue[]): Response {\n\tconst message = issues.map((i) => `${i.path.join(\".\")}: ${i.message}`).join(\", \");\n\treturn badRequest(`Validation failed: ${message}`);\n}\n\n// ─── MCP CORS Headers ────────────────────────────────────────────────────────\n\nconst MCP_CORS_HEADERS = {\n\t\"Access-Control-Allow-Origin\": \"*\",\n\t\"Access-Control-Allow-Methods\": \"GET, POST, OPTIONS\",\n\t\"Access-Control-Allow-Headers\": \"Content-Type, Authorization\",\n\t\"Access-Control-Max-Age\": \"86400\",\n};\n\nfunction mcpOk<T>(data: T, status = 200): Response {\n\treturn new Response(JSON.stringify(data), {\n\t\tstatus,\n\t\theaders: { \"Content-Type\": \"application/json\", ...MCP_CORS_HEADERS },\n\t});\n}\n\nfunction mcpError(code: string, message: string, status: number): Response {\n\treturn new Response(JSON.stringify({ error: code, error_description: message }), {\n\t\tstatus,\n\t\theaders: { \"Content-Type\": \"application/json\", ...MCP_CORS_HEADERS },\n\t});\n}\n\nfunction mcpNoStore<T>(data: T, status = 200): Response {\n\treturn new Response(JSON.stringify(data), {\n\t\tstatus,\n\t\theaders: {\n\t\t\t\"Content-Type\": \"application/json\",\n\t\t\t\"Cache-Control\": \"no-store\",\n\t\t\tPragma: \"no-cache\",\n\t\t\t...MCP_CORS_HEADERS,\n\t\t},\n\t});\n}\n\n// ─── URL Parsing Helpers ─────────────────────────────────────────────────────\n\nfunction getSearchParam(url: URL, key: string): string | null {\n\treturn url.searchParams.get(key);\n}\n\nasync function parseJsonBody(\n\trequest: Request,\n): Promise<{ success: true; data: unknown } | { success: false; response: Response }> {\n\ttry {\n\t\tconst data = (await request.json()) as unknown;\n\t\treturn { success: true, data };\n\t} catch {\n\t\treturn { success: false, response: badRequest(\"Invalid JSON body\") };\n\t}\n}\n\n// ─── Route Handlers ──────────────────────────────────────────────────────────\n\nasync function handleAgentList(request: Request, kavach: Kavach): Promise<Response> {\n\tconst url = new URL(request.url);\n\tconst userId = getSearchParam(url, \"userId\");\n\tconst statusRaw = getSearchParam(url, \"status\");\n\tconst typeRaw = getSearchParam(url, \"type\");\n\n\tconst filter: AgentFilter = {};\n\tif (userId) filter.userId = userId;\n\tif (statusRaw === \"active\" || statusRaw === \"revoked\" || statusRaw === \"expired\") {\n\t\tfilter.status = statusRaw;\n\t}\n\tif (typeRaw === \"autonomous\" || typeRaw === \"delegated\" || typeRaw === \"service\") {\n\t\tfilter.type = typeRaw;\n\t}\n\n\ttry {\n\t\tconst agents = await kavach.agent.list(filter);\n\t\treturn ok(agents);\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to list agents\";\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleAgentCreate(request: Request, kavach: Kavach): Promise<Response> {\n\tconst bodyResult = await parseJsonBody(request);\n\tif (!bodyResult.success) return bodyResult.response;\n\n\tconst parsed = CreateAgentSchema.safeParse(bodyResult.data);\n\tif (!parsed.success) return validationError(parsed.error.issues);\n\n\ttry {\n\t\tconst input: CreateAgentInput = {\n\t\t\t...parsed.data,\n\t\t\tpermissions: parsed.data.permissions as Permission[],\n\t\t};\n\t\tconst agent = await kavach.agent.create(input);\n\t\treturn created(agent);\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to create agent\";\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleAgentGet(id: string, kavach: Kavach): Promise<Response> {\n\ttry {\n\t\tconst agent = await kavach.agent.get(id);\n\t\tif (!agent) return notFound(`Agent \"${id}\" not found`);\n\t\treturn ok(agent);\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to get agent\";\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleAgentUpdate(id: string, request: Request, kavach: Kavach): Promise<Response> {\n\tconst bodyResult = await parseJsonBody(request);\n\tif (!bodyResult.success) return bodyResult.response;\n\n\tconst parsed = UpdateAgentSchema.safeParse(bodyResult.data);\n\tif (!parsed.success) return validationError(parsed.error.issues);\n\n\ttry {\n\t\tconst input: UpdateAgentInput = {\n\t\t\t...parsed.data,\n\t\t\tpermissions: parsed.data.permissions as Permission[] | undefined,\n\t\t};\n\t\tconst agent = await kavach.agent.update(id, input);\n\t\treturn ok(agent);\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to update agent\";\n\t\tif (message.includes(\"not found\")) return notFound(message);\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleAgentRevoke(id: string, kavach: Kavach): Promise<Response> {\n\ttry {\n\t\tawait kavach.agent.revoke(id);\n\t\treturn new Response(null, { status: 204 });\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to revoke agent\";\n\t\tif (message.includes(\"not found\")) return notFound(message);\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleAgentRotate(id: string, kavach: Kavach): Promise<Response> {\n\ttry {\n\t\tconst agent = await kavach.agent.rotate(id);\n\t\treturn ok(agent);\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to rotate agent token\";\n\t\tif (message.includes(\"not found\")) return notFound(message);\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleAuthorize(request: Request, kavach: Kavach): Promise<Response> {\n\tconst bodyResult = await parseJsonBody(request);\n\tif (!bodyResult.success) return bodyResult.response;\n\n\tconst parsed = AuthorizeSchema.safeParse(bodyResult.data);\n\tif (!parsed.success) return validationError(parsed.error.issues);\n\n\ttry {\n\t\tconst result = await kavach.authorize(parsed.data.agentId, {\n\t\t\taction: parsed.data.action,\n\t\t\tresource: parsed.data.resource,\n\t\t\targuments: parsed.data.arguments,\n\t\t});\n\t\tconst status = result.allowed ? 200 : 403;\n\t\treturn new Response(JSON.stringify({ data: result }), {\n\t\t\tstatus,\n\t\t\theaders: { \"Content-Type\": \"application/json\" },\n\t\t});\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Authorization check failed\";\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleAuthorizeByToken(request: Request, kavach: Kavach): Promise<Response> {\n\tconst authHeader = request.headers.get(\"Authorization\");\n\tif (!authHeader?.startsWith(\"Bearer \")) {\n\t\treturn unauthorized(\"Missing or invalid Authorization header\");\n\t}\n\tconst token = authHeader.slice(7);\n\n\tconst bodyResult = await parseJsonBody(request);\n\tif (!bodyResult.success) return bodyResult.response;\n\n\tconst parsed = AuthorizeByTokenSchema.safeParse(bodyResult.data);\n\tif (!parsed.success) return validationError(parsed.error.issues);\n\n\ttry {\n\t\tconst result = await kavach.authorizeByToken(token, {\n\t\t\taction: parsed.data.action,\n\t\t\tresource: parsed.data.resource,\n\t\t\targuments: parsed.data.arguments,\n\t\t});\n\t\tconst status = result.allowed ? 200 : 403;\n\t\treturn new Response(JSON.stringify({ data: result }), {\n\t\t\tstatus,\n\t\t\theaders: { \"Content-Type\": \"application/json\" },\n\t\t});\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Authorization check failed\";\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleDelegationCreate(request: Request, kavach: Kavach): Promise<Response> {\n\tconst bodyResult = await parseJsonBody(request);\n\tif (!bodyResult.success) return bodyResult.response;\n\n\tconst parsed = DelegateSchema.safeParse(bodyResult.data);\n\tif (!parsed.success) return validationError(parsed.error.issues);\n\n\ttry {\n\t\tconst input: DelegateInput = {\n\t\t\t...parsed.data,\n\t\t\tpermissions: parsed.data.permissions as Permission[],\n\t\t};\n\t\tconst chain = await kavach.delegate(input);\n\t\treturn created(chain);\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to create delegation\";\n\t\tif (message.includes(\"not found\")) return notFound(message);\n\t\tif (message.includes(\"exceeds\") || message.includes(\"depth\")) return badRequest(message);\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleDelegationRevoke(id: string, kavach: Kavach): Promise<Response> {\n\ttry {\n\t\tawait kavach.delegation.revoke(id);\n\t\treturn new Response(null, { status: 204 });\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to revoke delegation\";\n\t\tif (message.includes(\"not found\")) return notFound(message);\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleDelegationList(agentId: string, kavach: Kavach): Promise<Response> {\n\ttry {\n\t\tconst chains = await kavach.delegation.listChains(agentId);\n\t\treturn ok(chains);\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to list delegation chains\";\n\t\treturn internalError(message);\n\t}\n}\n\nfunction buildAuditFilter(url: URL): AuditFilter {\n\tconst filter: AuditFilter = {};\n\n\tconst agentId = getSearchParam(url, \"agentId\");\n\tconst userId = getSearchParam(url, \"userId\");\n\tconst since = getSearchParam(url, \"since\");\n\tconst until = getSearchParam(url, \"until\");\n\tconst actions = getSearchParam(url, \"actions\");\n\tconst resultRaw = getSearchParam(url, \"result\");\n\tconst limit = getSearchParam(url, \"limit\");\n\tconst offset = getSearchParam(url, \"offset\");\n\n\tif (agentId) filter.agentId = agentId;\n\tif (userId) filter.userId = userId;\n\tif (since) {\n\t\tconst d = new Date(since);\n\t\tif (!Number.isNaN(d.getTime())) filter.since = d;\n\t}\n\tif (until) {\n\t\tconst d = new Date(until);\n\t\tif (!Number.isNaN(d.getTime())) filter.until = d;\n\t}\n\tif (actions) filter.actions = actions.split(\",\").map((a) => a.trim());\n\tif (resultRaw === \"allowed\" || resultRaw === \"denied\" || resultRaw === \"rate_limited\") {\n\t\tfilter.result = resultRaw;\n\t}\n\tif (limit) {\n\t\tconst n = Number.parseInt(limit, 10);\n\t\tif (!Number.isNaN(n) && n > 0) filter.limit = n;\n\t}\n\tif (offset) {\n\t\tconst n = Number.parseInt(offset, 10);\n\t\tif (!Number.isNaN(n) && n >= 0) filter.offset = n;\n\t}\n\n\treturn filter;\n}\n\nasync function handleAuditQuery(request: Request, kavach: Kavach): Promise<Response> {\n\tconst url = new URL(request.url);\n\tconst filter = buildAuditFilter(url);\n\n\ttry {\n\t\tconst entries = await kavach.audit.query(filter);\n\t\treturn ok(entries);\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to query audit logs\";\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleAuditExport(request: Request, kavach: Kavach): Promise<Response> {\n\tconst url = new URL(request.url);\n\tconst format = getSearchParam(url, \"format\") ?? \"json\";\n\tif (format !== \"json\" && format !== \"csv\") {\n\t\treturn badRequest('format must be \"json\" or \"csv\"');\n\t}\n\n\tconst since = getSearchParam(url, \"since\");\n\tconst until = getSearchParam(url, \"until\");\n\n\tconst options: { format: \"json\" | \"csv\"; since?: Date; until?: Date } = { format };\n\tif (since) {\n\t\tconst d = new Date(since);\n\t\tif (!Number.isNaN(d.getTime())) options.since = d;\n\t}\n\tif (until) {\n\t\tconst d = new Date(until);\n\t\tif (!Number.isNaN(d.getTime())) options.until = d;\n\t}\n\n\ttry {\n\t\tconst exported = await kavach.audit.export(options);\n\t\tconst contentType = format === \"csv\" ? \"text/csv\" : \"application/json\";\n\t\treturn new Response(exported, {\n\t\t\tstatus: 200,\n\t\t\theaders: {\n\t\t\t\t\"Content-Type\": contentType,\n\t\t\t\t\"Content-Disposition\": `attachment; filename=\"audit-export.${format}\"`,\n\t\t\t},\n\t\t});\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to export audit logs\";\n\t\treturn internalError(message);\n\t}\n}\n\nasync function handleDashboardStats(kavach: Kavach): Promise<Response> {\n\ttry {\n\t\tconst [agents, recentAudit] = await Promise.all([\n\t\t\tkavach.agent.list(),\n\t\t\tkavach.audit.query({\n\t\t\t\tsince: new Date(Date.now() - 24 * 60 * 60 * 1000),\n\t\t\t\tlimit: 1000,\n\t\t\t}),\n\t\t]);\n\n\t\tconst ownerIds = new Set(agents.map((a) => a.ownerId));\n\t\tconst activeAgents = agents.filter((a) => a.status === \"active\");\n\t\tconst revokedAgents = agents.filter((a) => a.status === \"revoked\");\n\t\tconst expiredAgents = agents.filter((a) => a.status === \"expired\");\n\n\t\tconst stats = {\n\t\t\tagents: {\n\t\t\t\ttotal: agents.length,\n\t\t\t\tactive: activeAgents.length,\n\t\t\t\trevoked: revokedAgents.length,\n\t\t\t\texpired: expiredAgents.length,\n\t\t\t},\n\t\t\tusers: {\n\t\t\t\ttotal: ownerIds.size,\n\t\t\t},\n\t\t\taudit: {\n\t\t\t\tlast24h: recentAudit.length,\n\t\t\t\tallowed: recentAudit.filter((e) => e.result === \"allowed\").length,\n\t\t\t\tdenied: recentAudit.filter((e) => e.result === \"denied\").length,\n\t\t\t\trateLimited: recentAudit.filter((e) => e.result === \"rate_limited\").length,\n\t\t\t},\n\t\t};\n\t\treturn ok(stats);\n\t} catch (err) {\n\t\tconst message = err instanceof Error ? err.message : \"Failed to fetch dashboard stats\";\n\t\treturn internalError(message);\n\t}\n}\n\n// ─── Route Dispatcher ────────────────────────────────────────────────────────\n\n/**\n * Dispatches an incoming Web API Request to the correct KavachOS handler based\n * on the request's pathname (relative to the catch-all segment base).\n *\n * The `basePath` is the URL prefix before the catch-all segment, e.g.\n * `/api/kavach`. Segments after that prefix are used to match routes.\n */\nexport async function dispatch(\n\trequest: Request,\n\tkavach: Kavach,\n\tmcp: McpAuthModule | undefined,\n\tbasePath: string,\n): Promise<Response> {\n\tconst url = new URL(request.url);\n\tconst raw = url.pathname;\n\tconst relative = raw.startsWith(basePath) ? raw.slice(basePath.length) : raw;\n\tconst pathname = relative.startsWith(\"/\") ? relative : `/${relative}`;\n\tconst method = request.method.toUpperCase();\n\n\t// MCP OPTIONS preflight\n\tif (method === \"OPTIONS\") {\n\t\tif (pathname.startsWith(\"/mcp/\") || pathname.startsWith(\"/.well-known/\")) {\n\t\t\treturn new Response(null, { status: 204, headers: MCP_CORS_HEADERS });\n\t\t}\n\t}\n\n\t// ── MCP / well-known ────────────────────────────────────────────\n\n\tif (pathname === \"/.well-known/oauth-authorization-server\" && method === \"GET\") {\n\t\tif (!mcp) return notFound(\"MCP module not configured\");\n\t\treturn mcpOk(mcp.getMetadata());\n\t}\n\n\tif (pathname === \"/.well-known/oauth-protected-resource\" && method === \"GET\") {\n\t\tif (!mcp) return notFound(\"MCP module not configured\");\n\t\treturn mcpOk(mcp.getProtectedResourceMetadata());\n\t}\n\n\tif (pathname === \"/mcp/register\" && method === \"POST\") {\n\t\tif (!mcp) return notFound(\"MCP module not configured\");\n\t\tlet body: unknown;\n\t\ttry {\n\t\t\tbody = (await request.json()) as unknown;\n\t\t} catch {\n\t\t\treturn mcpError(\"invalid_request\", \"Invalid JSON body\", 400);\n\t\t}\n\t\ttry {\n\t\t\tconst result = await mcp.registerClient(body as Parameters<typeof mcp.registerClient>[0]);\n\t\t\tif (!result.success) {\n\t\t\t\treturn mcpError(\"invalid_client_metadata\", result.error.message, 400);\n\t\t\t}\n\t\t\treturn mcpNoStore(result.data, 201);\n\t\t} catch (err) {\n\t\t\tconst message = err instanceof Error ? err.message : \"Registration failed\";\n\t\t\treturn mcpError(\"server_error\", message, 500);\n\t\t}\n\t}\n\n\tif (pathname === \"/mcp/authorize\" && method === \"GET\") {\n\t\tif (!mcp) return notFound(\"MCP module not configured\");\n\t\ttry {\n\t\t\tconst result = await mcp.authorize(request);\n\t\t\tif (!result.success) {\n\t\t\t\tif (result.error.code === \"LOGIN_REQUIRED\") {\n\t\t\t\t\tconst details = result.error.details as\n\t\t\t\t\t\t| { loginPage?: string; returnTo?: string }\n\t\t\t\t\t\t| undefined;\n\t\t\t\t\tif (details?.loginPage) {\n\t\t\t\t\t\tconst loginUrl = new URL(details.loginPage);\n\t\t\t\t\t\tif (details.returnTo) {\n\t\t\t\t\t\t\tloginUrl.searchParams.set(\"returnTo\", details.returnTo);\n\t\t\t\t\t\t}\n\t\t\t\t\t\treturn Response.redirect(loginUrl.toString(), 302);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\treturn mcpError(result.error.code.toLowerCase(), result.error.message, 400);\n\t\t\t}\n\t\t\treturn Response.redirect(result.data.redirectUri, 302);\n\t\t} catch (err) {\n\t\t\tconst message = err instanceof Error ? err.message : \"Authorization failed\";\n\t\t\treturn mcpError(\"server_error\", message, 500);\n\t\t}\n\t}\n\n\tif (pathname === \"/mcp/token\" && method === \"POST\") {\n\t\tif (!mcp) return notFound(\"MCP module not configured\");\n\t\ttry {\n\t\t\tconst result = await mcp.token(request);\n\t\t\tif (!result.success) {\n\t\t\t\tconst status = result.error.code === \"INVALID_CLIENT\" ? 401 : 400;\n\t\t\t\treturn mcpNoStore(\n\t\t\t\t\t{\n\t\t\t\t\t\terror: result.error.code.toLowerCase(),\n\t\t\t\t\t\terror_description: result.error.message,\n\t\t\t\t\t},\n\t\t\t\t\tstatus,\n\t\t\t\t);\n\t\t\t}\n\t\t\treturn mcpNoStore(result.data);\n\t\t} catch (err) {\n\t\t\tconst message = err instanceof Error ? err.message : \"Token exchange failed\";\n\t\t\treturn mcpNoStore({ error: \"server_error\", error_description: message }, 500);\n\t\t}\n\t}\n\n\t// ── Agents ──────────────────────────────────────────────────────\n\n\tif (pathname === \"/agents\") {\n\t\tif (method === \"GET\") return handleAgentList(request, kavach);\n\t\tif (method === \"POST\") return handleAgentCreate(request, kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\t// /agents/:id/rotate\n\tconst rotateMatch = /^\\/agents\\/([^/]+)\\/rotate$/.exec(pathname);\n\tif (rotateMatch) {\n\t\tconst id = rotateMatch[1];\n\t\tif (!id) return badRequest(\"Missing agent id\");\n\t\tif (method === \"POST\") return handleAgentRotate(id, kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\t// /agents/:id\n\tconst agentMatch = /^\\/agents\\/([^/]+)$/.exec(pathname);\n\tif (agentMatch) {\n\t\tconst id = agentMatch[1];\n\t\tif (!id) return badRequest(\"Missing agent id\");\n\t\tif (method === \"GET\") return handleAgentGet(id, kavach);\n\t\tif (method === \"PATCH\") return handleAgentUpdate(id, request, kavach);\n\t\tif (method === \"DELETE\") return handleAgentRevoke(id, kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\t// ── Authorization ───────────────────────────────────────────────\n\n\tif (pathname === \"/authorize\") {\n\t\tif (method === \"POST\") return handleAuthorize(request, kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\tif (pathname === \"/authorize/token\") {\n\t\tif (method === \"POST\") return handleAuthorizeByToken(request, kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\t// ── Delegations ─────────────────────────────────────────────────\n\n\tif (pathname === \"/delegations\") {\n\t\tif (method === \"POST\") return handleDelegationCreate(request, kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\t// /delegations/:id\n\tconst delegationMatch = /^\\/delegations\\/([^/]+)$/.exec(pathname);\n\tif (delegationMatch) {\n\t\tconst id = delegationMatch[1];\n\t\tif (!id) return badRequest(\"Missing delegation id\");\n\t\tif (method === \"DELETE\") return handleDelegationRevoke(id, kavach);\n\t\tif (method === \"GET\") return handleDelegationList(id, kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\t// ── Audit ───────────────────────────────────────────────────────\n\n\tif (pathname === \"/audit/export\") {\n\t\tif (method === \"GET\") return handleAuditExport(request, kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\tif (pathname === \"/audit\") {\n\t\tif (method === \"GET\") return handleAuditQuery(request, kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\t// ── Dashboard ───────────────────────────────────────────────────\n\n\tif (pathname === \"/dashboard/stats\") {\n\t\tif (method === \"GET\") return handleDashboardStats(kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\tif (pathname === \"/dashboard/agents\") {\n\t\tif (method === \"GET\") return handleAgentList(request, kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\tif (pathname === \"/dashboard/audit\") {\n\t\tif (method === \"GET\") return handleAuditQuery(request, kavach);\n\t\treturn methodNotAllowed();\n\t}\n\n\treturn notFound(\"Route not found\");\n}\n","import type { EventHandler, H3Event } from \"h3\";\nimport { defineEventHandler, getRequestURL, readBody, setHeader, setResponseStatus } from \"h3\";\nimport type { Kavach } from \"kavachos\";\nimport type { McpAuthModule } from \"kavachos/mcp\";\nimport { dispatch } from \"./dispatch.js\";\n\nexport interface KavachNuxtOptions {\n\t/**\n\t * The MCP OAuth 2.1 module. When provided, MCP endpoints are enabled.\n\t */\n\tmcp?: McpAuthModule;\n\t/**\n\t * The URL path prefix before the catch-all segment.\n\t * Defaults to `/api/kavach`.\n\t *\n\t * @example `/api/auth/kavach`\n\t */\n\tbasePath?: string;\n}\n\n/**\n * Create a Nuxt/H3 event handler for all KavachOS REST API routes.\n *\n * Mount in `server/api/kavach/[...].ts`:\n *\n * @example\n * ```typescript\n * import { createKavach } from 'kavachos';\n * import { kavachNuxt } from '@kavachos/nuxt';\n *\n * const kavach = createKavach({ database: { provider: 'sqlite', url: 'kavach.db' } });\n * export default kavachNuxt(kavach);\n * ```\n *\n * With MCP OAuth 2.1:\n * ```typescript\n * import { createMcpModule } from 'kavachos/mcp';\n * const mcp = createMcpModule({ ... });\n * export default kavachNuxt(kavach, { mcp });\n * ```\n */\nexport function kavachNuxt(kavach: Kavach, options?: KavachNuxtOptions): EventHandler {\n\tconst mcp = options?.mcp;\n\tconst basePath = options?.basePath ?? \"/api/kavach\";\n\n\treturn defineEventHandler(async (event: H3Event) => {\n\t\t// Build a standard Request from the H3 event so we can delegate to the\n\t\t// shared dispatcher without duplicating any routing logic.\n\t\tconst url = getRequestURL(event);\n\t\tconst method = event.method ?? \"GET\";\n\n\t\t// Collect headers from the H3 event\n\t\tconst headers = new Headers();\n\t\tconst rawHeaders = event.headers;\n\t\trawHeaders.forEach((value, key) => {\n\t\t\theaders.set(key, value);\n\t\t});\n\n\t\t// For methods that carry a body, read it from H3 and re-serialise as JSON\n\t\t// so the standard Request.json() call in dispatch works correctly.\n\t\tlet body: BodyInit | null = null;\n\t\tif (method !== \"GET\" && method !== \"HEAD\" && method !== \"OPTIONS\") {\n\t\t\ttry {\n\t\t\t\tconst raw = await readBody(event);\n\t\t\t\tif (raw !== undefined && raw !== null) {\n\t\t\t\t\tbody = JSON.stringify(raw);\n\t\t\t\t\theaders.set(\"Content-Type\", \"application/json\");\n\t\t\t\t}\n\t\t\t} catch {\n\t\t\t\t// body stays null — dispatch will handle the parse error\n\t\t\t}\n\t\t}\n\n\t\tconst request = new Request(url.toString(), { method, headers, body });\n\t\tconst response = await dispatch(request, kavach, mcp, basePath);\n\n\t\t// Write the Response back through H3\n\t\tsetResponseStatus(event, response.status);\n\t\tresponse.headers.forEach((value, key) => {\n\t\t\tsetHeader(event, key, value);\n\t\t});\n\n\t\t// H3 route handlers can return a string, Buffer, or null; return the\n\t\t// body text directly so H3 sends it as-is.\n\t\tif (response.status === 204 || response.body === null) {\n\t\t\treturn null;\n\t\t}\n\t\treturn response.text();\n\t});\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kavachos/nuxt",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "description": "Nuxt adapter for KavachOS - exposes agent auth as HTTP REST endpoints via H3",
   "type": "module",
   "main": "dist/index.js",
@@ -32,7 +32,7 @@
   "peerDependencies": {
     "nuxt": ">=3.0.0",
     "zod": ">=3.0.0",
-    "kavachos": "0.0.2"
+    "kavachos": "0.0.3"
   },
   "devDependencies": {
     "h3": "^1.13.0",
@@ -40,7 +40,7 @@
     "tsup": "^8.4.0",
     "typescript": "^5.8.0",
     "zod": "^3.24.0",
-    "kavachos": "0.0.2"
+    "kavachos": "0.0.3"
   },
   "scripts": {
     "build": "tsup",